', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae60, 0x0) 03:39:57 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:57 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:57 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x10000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:39:57 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xb010040) 03:39:58 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x400443c8, 0x0) 03:39:58 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0xf020040) 03:39:58 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:58 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x40045402, 0x0) 03:39:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x400000, 0x0) setsockopt$RXRPC_SECURITY_KEYRING(r1, 0x110, 0x2, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x1f) tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:39:59 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:59 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x10020040) 03:39:59 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:39:59 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x400454ca, 0x0) 03:39:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 813.172631][ T8387] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0 [ 813.190347][ T8387] CPU: 1 PID: 8387 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 813.199646][ T8387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 813.209703][ T8387] Call Trace: [ 813.213007][ T8387] dump_stack+0x172/0x1f0 [ 813.217352][ T8387] dump_header+0x10f/0xb6c [ 813.221782][ T8387] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 813.227598][ T8387] ? ___ratelimit+0x60/0x595 [ 813.232205][ T8387] ? do_raw_spin_unlock+0x57/0x270 [ 813.237325][ T8387] oom_kill_process.cold+0x10/0x15 [ 813.242438][ T8387] out_of_memory+0x79a/0x1280 [ 813.247131][ T8387] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 813.252944][ T8387] ? oom_killer_disable+0x280/0x280 [ 813.258138][ T8387] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 813.258162][ T8387] mem_cgroup_out_of_memory+0x1ca/0x230 [ 813.269507][ T8387] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 03:39:59 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 813.275150][ T8387] ? do_raw_spin_unlock+0x57/0x270 [ 813.280261][ T8387] ? _raw_spin_unlock+0x2d/0x50 [ 813.285112][ T8387] try_charge+0xfbe/0x1480 [ 813.289584][ T8387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 813.295133][ T8387] ? find_held_lock+0x35/0x130 [ 813.299903][ T8387] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 813.305455][ T8387] ? kasan_check_read+0x11/0x20 [ 813.310316][ T8387] ? lock_downgrade+0x920/0x920 [ 813.315170][ T8387] ? percpu_ref_tryget_live+0x111/0x290 [ 813.320727][ T8387] __memcg_kmem_charge_memcg+0x7c/0x130 [ 813.326276][ T8387] ? memcg_kmem_put_cache+0xb0/0xb0 [ 813.331481][ T8387] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 813.337034][ T8387] __memcg_kmem_charge+0x136/0x300 [ 813.342153][ T8387] __alloc_pages_nodemask+0x4bd/0x8d0 [ 813.347523][ T8387] ? stack_trace_consume_entry+0x190/0x190 [ 813.347545][ T8387] ? __alloc_pages_slowpath+0x2900/0x2900 [ 813.359052][ T8387] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 813.365298][ T8387] alloc_pages_current+0x107/0x210 [ 813.365314][ T8387] pte_alloc_one+0x1b/0x1a0 [ 813.365329][ T8387] __pte_alloc+0x20/0x310 [ 813.365348][ T8387] copy_page_range+0x1561/0x1fc0 [ 813.365360][ T8387] ? lockdep_hardirqs_on+0x418/0x5d0 [ 813.365374][ T8387] ? retint_kernel+0x2b/0x2b [ 813.365406][ T8387] ? pmd_alloc+0x180/0x180 [ 813.379284][ T8387] ? vma_gap_callbacks_rotate+0x62/0x80 [ 813.379304][ T8387] ? __rb_insert_augmented+0x22f/0xdf0 [ 813.379319][ T8387] ? validate_mm_rb+0xa3/0xc0 [ 813.389540][ T8387] ? __vma_link_rb+0x279/0x370 [ 813.389554][ T8387] ? kasan_check_write+0x14/0x20 [ 813.389574][ T8387] dup_mm+0x9c4/0x13b0 [ 813.427898][ T8387] ? vm_area_dup+0x170/0x170 [ 813.432499][ T8387] ? debug_mutex_init+0x2d/0x60 [ 813.437360][ T8387] copy_process.part.0+0x2baa/0x6720 [ 813.442665][ T8387] ? pidfd_create+0x80/0x80 [ 813.447181][ T8387] _do_fork+0x25d/0xfe0 [ 813.447204][ T8387] ? copy_init_mm+0x20/0x20 [ 813.455846][ T8387] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 813.461304][ T8387] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 813.466760][ T8387] ? do_syscall_64+0x26/0x680 [ 813.471466][ T8387] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.477532][ T8387] ? do_syscall_64+0x26/0x680 [ 813.482220][ T8387] __x64_sys_clone+0xbf/0x150 [ 813.486899][ T8387] do_syscall_64+0xfd/0x680 [ 813.491404][ T8387] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 813.497291][ T8387] RIP: 0033:0x45784a [ 813.501191][ T8387] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 813.520791][ T8387] RSP: 002b:00007fff7bc49920 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 813.520804][ T8387] RAX: ffffffffffffffda RBX: 00007fff7bc49920 RCX: 000000000045784a [ 813.520812][ T8387] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 813.520819][ T8387] RBP: 00007fff7bc49960 R08: 0000000000000001 R09: 00005555561f5940 [ 813.520826][ T8387] R10: 00005555561f5c10 R11: 0000000000000246 R12: 0000000000000001 [ 813.520833][ T8387] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 813.521416][ C1] net_ratelimit: 22 callbacks suppressed 03:39:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 813.521424][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 813.537396][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 813.623381][ T8387] memory: usage 307200kB, limit 307200kB, failcnt 56 [ 813.630133][ T8387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:40:00 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x40049409, 0x0) [ 813.717944][ T8387] Memory cgroup stats for /syz5: [ 813.718464][ T8387] anon 284028928 [ 813.718464][ T8387] file 73728 [ 813.718464][ T8387] kernel_stack 3407872 [ 813.718464][ T8387] slab 11083776 [ 813.718464][ T8387] sock 8192 [ 813.718464][ T8387] shmem 0 [ 813.718464][ T8387] file_mapped 0 [ 813.718464][ T8387] file_dirty 0 [ 813.718464][ T8387] file_writeback 0 [ 813.718464][ T8387] anon_thp 249561088 [ 813.718464][ T8387] inactive_anon 6250496 [ 813.718464][ T8387] active_anon 227602432 [ 813.718464][ T8387] inactive_file 114688 03:40:00 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:00 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x11000000) [ 813.718464][ T8387] active_file 24576 [ 813.718464][ T8387] unevictable 50331648 [ 813.718464][ T8387] slab_reclaimable 2973696 [ 813.718464][ T8387] slab_unreclaimable 8110080 [ 813.718464][ T8387] pgfault 119328 [ 813.718464][ T8387] pgmajfault 0 [ 813.718464][ T8387] workingset_refault 0 [ 813.718464][ T8387] workingset_activate 0 [ 813.718464][ T8387] workingset_nodereclaim 0 [ 813.718464][ T8387] pgrefill 145 [ 813.718464][ T8387] pgscan 127 [ 813.718464][ T8387] pgsteal 91 [ 813.910373][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 813.916237][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:00 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 814.020944][ T8387] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16149,uid=0 [ 814.044189][ T8387] Memory cgroup out of memory: Killed process 16149 (syz-executor.5) total-vm:72840kB, anon-rss:18488kB, file-rss:34816kB, shmem-rss:0kB [ 814.470365][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 814.471733][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 814.476174][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 814.482843][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:00 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r1 = io_uring_setup(0x8bd, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x2ef}) io_uring_register$IORING_REGISTER_FILES(r1, 0x2, &(0x7f0000000080)=[r0, r0, r0, r0, r0], 0x5) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x410800, 0x0) ioctl$ASHMEM_SET_SIZE(r2, 0x40087703, 0x1) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r3 = gettid() fcntl$notify(r0, 0x402, 0x80000000) tgkill(r3, r3, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) faccessat(r2, &(0x7f0000000100)='./file0\x00', 0x61, 0x1000) 03:40:00 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:00 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:00 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:00 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x11040040) 03:40:00 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4004ae8b, 0x0) 03:40:01 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:01 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x15010040) 03:40:01 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='gid_map\x00') r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x31, &(0x7f0000000180)=0x9, 0x4) getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000c86000), &(0x7f0000000080)=0xffffffee) bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha512-generic\x00'}, 0x58) accept4$alg(r0, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x47) 03:40:01 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:01 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:01 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4004ae99, 0x0) [ 815.112703][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 815.119645][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) inotify_init1(0x80000) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:02 executing program 2: r0 = syz_open_dev$dri(&(0x7f0000001080)='/dev/dri/card#\x00', 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000380)) syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') r1 = accept4$inet(0xffffffffffffff9c, &(0x7f0000000680)={0x2, 0x0, @loopback}, &(0x7f00000006c0)=0x10, 0x800) getsockopt$inet_mreqsrc(r1, 0x0, 0x2f, &(0x7f0000000700)={@loopback, @dev, @initdev}, &(0x7f0000000740)=0xc) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) pread64(r0, 0x0, 0x0, 0x0) r2 = gettid() r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000080)="c0dca5055e0bcfec7be070") r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/vcs\x00', 0x0, 0x0) dup2(r4, r0) tkill(r2, 0x15) 03:40:02 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x15030040) 03:40:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:02 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:02 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4008744b, 0x0) 03:40:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:02 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:02 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4008af10, 0x0) 03:40:02 executing program 5: r0 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x2, 0x0) ioctl(r0, 0xc0884113, &(0x7f0000000000)) 03:40:02 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x19030040) 03:40:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) clone(0x20058100, &(0x7f0000000000)="56cb0c591caf6ac0a4c4371caa4798f395e39630a0604832911f02753ae714aa3666ff788d01d2abf806108d17f33b26a96be0df7c72a13928631c579b1af7a479d28bfd3300f8cb9801598c96923b82ea91dc34bdf796da0051d01febeb120d68d02186899c68e393e0b6de20b960f663445315e8c093def0f4bd0f14e76487f1c79a5f760699c043c972e5607a72dcc701709fda704b153c3bef16c0ef458e9298525f25d3cb5aa74ce105039f12b22f4eb87aee38890790deff4b8de63fec80ab3a52b51dace37d635a51f09e087fdb850bbb6a5c5713949c3c3e95f758ff7cf0171eb0d51503537457067685050489380eb9", &(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000440)="f9036039f339c44e82de9fbf4202e9b4f987ff97a9453aa7a9a3aa57d626374bbeeb4ef9cb3ca308610fe8c77fde1ff4dfe5ddf6ed3052f41211921f51cace7ef6b69ba14f962fde99cbe807dd14d3e49ff722e93b4a3042c006fd37c987a3279cecef28942db65b21d7e11ce4d6b1e15e09d1a9cfe03c372c931d68a4e6132decdff4a97f8922fe25beae21117f1c035087260ec5e3c40499488cf6498fd1d789f3d153ae618fe8b3c63a9b9a0a0e839b887743f7db6244927d702c211c6ec65ddff6256bd21d6c04a187b0a975f2600a6265b239c67fd7c46d51cb11570d30443ba176069dcbd805bbce05d61645570d3bd933d5dc59397b70c42937bdd322572a42480ccfff9427eabcd3442942a86ecb285c97c73decabc3c7b96f6c0b9501dc2d7a047900c969dd46175695b90b72ae3332e0093ec9eb36944573fc075da4203a0f37718e6839d05d43b694930fedc6a80466bac148739e52881776f86aa65f5e60272fa1fb4f1a22aca28a2c675fb89637c187c399f1527842641667d1e4d343b9be7917a337a4211f3b4fdf193e79f6e8e4a5338ede043a20c34aa8801fa72240056a5c978f977b8cef1427d330168a648e304c21c5e8843132750a6054bb7462550444326618070d9504b04e7c3b00b086623661c0198947448765e61d19774d16c0b7477124e45865d29ad7a2299c1ce8e264cc48a5963e50ec53804623fbc978646ef18cdb9697f5916420035d2ee25bbefe4d4da1d8f55d4cb921a8b9580e9c8447e926fd79e56653ea6eef52cdcb83835586d42547a36f6a2a5647b0432a8be0852ee00ae66a5a764f7cb4aa97bf143bfbc677f3bf635785ce8d134eff9c3d2a094426125e958a002bf1f2a5f607a562d74a9ffa71f8d3d9d5ea53adb26273648f25a9da1af720840b46b6c1ca31e9116e29b5c9c472ea0aced6cfd91b467f1483cc59c70c1735972f477742915e8b35ad1d9d8ccf4413923cc3c0203f1f92448b6ef9a6046807e357696925654343923c70c58381abf4a8329c2d70e47f39a9615b1f6f3b9bc7608bb56e44283d30dbc4518ffd1a2de737a924cb747d4a7e78cb1793834031495f6fef09be67f2a4dba9006ffc08b7b46357c1fffa8399b4782b03efd452826a4facc4840d6c91d51b5b0c5778c98b3c73832faa91c9d3694e5c5a42a32a1db9b4c1379120e41907e419019fa5331d272e98a7a7f6f3a38e13d022b033c7038c9a2e3c583bab97637b16b408eecccd0295952dce1f1ffa81a62b4028e611c88e8de4489986e0926bb22d7b5b3d1f8df428e1b067f0d102a37779a7fa120c7a077e1abb9c78de8101405cf76aac4f238e2d01d5a6d5a2b88d2c31fc37c03971ce3ff99b7b565800a656de7dc171e8697f6fb43b3daddf23bd5a357315e7a3bdfad4c170162458c9256c373f605a8ffee66fe0aa5d91852ea78d7253e80a8a09420e0ada3b55d90b7aca9a900017b573a654bfc4aa7d20bcf7e90d0f19760a9dbb64b2d4fdffaa0afceadaeb1d781c9609cf36cadefb5a83528c62cc303bd02e5ed74a255847aeb2b6cd1ba500d9e27b090d35085a8dea5d7e75d6a6dd353d29af8b4e9c04d5d94f628d611ec38928245046bbd6f6b14a471bab653db281d33220ec0485809beba37ed62d00666f898132b8e32cf8ddb16c73f1e10e8541a77a0443a4955bfeb0e53e9e3ef19aba7664ffd50c2d0a9c141cab0a85830ac941d924b91ff47a9cdc481b6477d0f7a9b80d4ba42a4c492eb9cc64367b8757db6909ed8bb66bfd07dec8342b84ea3cd9598ec7c8aa914a316ad8dda83890076d71c59616b658edeeef106355ab0fe0b84f9e9c7ed1cbfa7a746b50063993370480bc57febd29ea0fc1644f3359d3939b22fe46ed01df44e27fe3b35d46fa5a5814e3f69485a40f07398b5e16def2ca4b69b76507fc159ad6912c2a82e5af28400a2bda79fc3fc6c2808e38277645a3e5edf18d064d4d96886f8dc78d9050f3160b9374fd0b40e463421f6276b7bcb57b0d0fa5a41baf17496f54f2da3170a4918d4336f3ef754dddf6b8518df381b3b95fcea89deb4c8c4ea23ff90ec1ee2562bd03ff2e126568b5347798c1bf8d72d697436fbae6ed139a975eef47a59fb60872479a30ecc3d32ac0257e92b2d6c577695d31ce3b1e5cce098240aed37ffd4954610ce184470929b26c183aa0a33d5690fff297eb5d2d90a77c3d9451e3cf1a291ede951a4d22537a1bc12f83fa04206d002c0c39fad6c9337ebf84a76eba37581cd2085d18039daba450ea9da754ea57fa53d63fe3359435e119d06ac7fd5555abc670e1376b73e20cf7c513e5c7ddb4b17f9a3da7bce77e7777463790bcad83a8563fda4a4d41926c78a278aec90fac1562aac7e93c3fe695acc543e7f885a96be7f0ca74f6c5fb25210d7f3149860d97506cfc4a03373a752e2733d0b6f0e20e5af639ef22659d04cc5a2d85784d860d49ba040816b3fc4f22fdff710e4508b830743f6788fe3e16341c470c0f3f8aa4ff7e5ce5a0859634165fa037186cf16da1d664971d0cb447207ea06e3974ad5436180e8ee31d455e779dbeaa6d7f30b5b9118b66fa0ad9c2e1b465498d882774c208e2637bdb1fdf523db6dbd66e295a8be3773702b59168a9446fe44814c520e47d99a84a6e75894d897ba414c6afed10092f2dd124a49836c5e04b7f4cf3f12a983bdcb1e0df331230584ae9479a0baf3dc327b77e4bceabd119cb2cdeacc996581f1f2ccc2545c9bf9cd307ddf3a2aae84fd6f075cb44ab8ab70e32613d0f72e306644a88f126a807bca87253b1e7104dabc20c83c6739da46cd6b6a4e27015a744d07891f365915daa219b83e0fa0b55fbe96b59d25fc6dab9b4ed1c55ae5c4c2456b0f85330f0668ceb9d9c82c098eef3aac3973ee7c10ae054f0783b990a8c22f1e5bf4bad56e26dc5d0f777ac82487e77431795dd20362b308105c3a06fa0ff9f019168c80987541b52ffcfc2a4afccb68d3c009e7104147c523fcb5b29c701d3050c37d2177cc36d2d9c75d10169c4a3d1fddb8ec4ed2db8fba5c5a285fc665cbe78a1e12d88a8b066a86ad18744e55d302cfca162962b5d6b5747c717e8389af1eafc0b535240d40284fb7fd1f47122bdd871752f6766f1be5ed84679e9cb856a2556e4151651b463870d047f541a72d82d94e8ebbbed8485260431824ef568a98bfa3eb9d4352984394c38aff0f292110afe6b070a0b7330479943a5d23f372952ee7e240ac1b13a97873c9f27c01a1cac1e753e7097d572aa33d32c9438f6e2fd0c6c0ef5db9745d3869690447c455683c318078367e5135605c1678651942a4067b8db1fa8397689bdf314af07879e3fa79de55193635adca3cf4001956d3b247017fe123c2de843ad6c328e5e1fe0b9535851b7ebfce1dbf0acea10f7a7c1165b522c83989b382b5a7fb311636067973b839692d135398d1c2dda69a76139500b4fde197101cb95b1d2aa8f203b508252a64fc23688e9c7a5e0fc6b9cbb913362beffab0b7ab76d4ce850a8179daa0fbe8daaf662d0015679389cbb31cc53b760a7194306d7cb2032b36e4676ace6f559a510d3a061083003e391ce101f5f374fc82aa4de125124ea432cf5a92facf4979a09dc19f41377a6fa1fa68c0ba20dd3c67cfb180a2923924421d856457aa871aa117bcb913b27439c3ed514f4d74ae95575b2a50369f35110166270bdedfd9f2e9295d39656cb381a3f3806b880f1709804713d3100dd9d3cbd34ab5805790b3221de662da524ddb7f9557f44de2b66aa3bbe7cbbf4598872f568883bbf57f47c8957b319a0fbcbca1fb2b165f2d05f450aeaae2335094fc1dda71f359e3aee7c54f295c34197f0db9aac63254788556a23123064255e99a649c00e6db96dc226ac2d64071f7d10d2e5b705d5164cf1ec1552a6c8796c28007c821962f84f59c23e44a1712e13e74a9ca7e06796e200acf850a7a2e603afd4d702f1cdf7d0ad7f2f91969c71296b642df87a145503d9acb15a917c7c207c254f3a18643837f6be82697f9e312d551593164000d074e72a7e46a54fcb8860f38c306726fed5b5f1608125d64b0337f7e3559a9910dc7bc43854470d2ddd07d741005322649e66ae099c47afdc33b1cad1f62b8d5612e61a27fc76ab002cbb6dfb759ad6c7a2446e2ea2a48f12f91beff946fdb27b260fcf9b329129a35eefe079263a4fa49a6e45979e4e0900d9d890c373145b590f51ec8e901f7e07ee042269f8cb43df9ae0a7210e0f113f150a84b74068d08415bfeea944c89c327afcc3e348186d6c51cf877fe688e056969a026924e352b2039f37dcaf466d06e0e692d9bce231eae9894f6f2fd8906a8be3ab4073bd8301598fac2b3b0b4d0abe11bb0d44952423149083a3132b93d3f55818e180066c1c99df0f0288414abe63e1c45b09c226f52a1af7fd1fa8ad80ce6bf1c19c50c65d4e9de0953e9476fa354663ec8c85478ea77685a051485a85d3d7267ece0bf62f3765e3a922a670d36f78d2a2283ba536c7bcf796f38db2d344c8f94210697120b0f8b920d3a60e83630a32526a04ebaf1a54a2656fc8e7f4dc782e197fdebb41153372b7d4d04ee69d1595c46ecb1ad4654172cbf5bdc5a3e4a6fd77e83caa6f46451b659ec9036bc78800ed3f7b2727799149465d5e6897fe441c7695ad0b3dcc96da722d0abde9a65778a9895a818ca080f32a71738804f7bb803e3de229b94053ac629f93fdef04322c6c4fe177f0c3803bd98f422bcb1a90f7731219ab701401a6d54adca4fffbf5d59afae3febc755b1d54a3fa6f5da5ae7d6b3c715909f6d61347a5c18eb12fa342f4b36a48970acecc712bdb05a06699735b66a1db4a675428df32cec57b01f926609632442d25f6e74d28c0d79e28840be8e2280c191df23b3e3b43593a3437552aaa366846d5a1583b46a9f111ba5bed87ed0314c72bdf8df6ac7df5c4fcb3ba2f6da14359a8c33d0efe84ad829768e68ceffc212cba80696f41a1bef15e52a27211be044cb3b473be0a2edbfd86b78247ebf2f74e37492d7bd78702c686debd42b1e552a5ab112e79c0360a96c1361aebbee4b390de8d0e8449f07b77091a24790a81c1c49ae775bb71b1d313fa89e96dd41f658cb0b2297fa22b75a5c8de743f8b7f86fd409c808d5e2a323a9afe5ffa7e4c95015bad37cd9b10004f4337883a4e6d5b439245454220352c1994dbe3b6b1366ca226b7f9087d79e5c3b122a7b8f18bc4f0dbeaf73b0bc5a2bad31adaa767034fdd0d35f86f8e737f3b7feddf14aa091e363414f05ae6e9c327a626f9f27a7194b7e3b63797cfbda327581e47790d3491bc3eb07fdf3f0603c99c2332883b63d17bbe8c6d5fb56f581dfa6a0a0fc89432e9e9b1165dfdf37402b95795b2dc83deb4456dd5466519b13f07b80aec4bd6a111a3d9ae9c44bf7cde3fb5f83d216c2667d91ec803490f1da7ac57fb89b7d8b819d2505804420f935f1d06910db5b5f10809b54d1384751c9a9bfa7629e9fc47de1df9f986de0ac373e9e45509ed96bd52931a0eae971b13d89212a8e85400d935824fd7a9412415f80bc476c51c77269b973fa7e5d61d25314bc148329728262f226290884ba845ff54a995b9d29cfcd9f182c04117afc49eb0a9b5d58a65bfc4392a8a9c69fdd125e9fd581c860312140c475c951c749af3cae81aac5cc2089e85b0276372d55d0ac1cb7aae1be97ff9106790b2ae048104c3c384c8bb7f91f771a5d996208d0e81a10652ed37d4ae") r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:02 executing program 5: r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) ioctl$DRM_IOCTL_GET_CAP(r0, 0xc010640c, &(0x7f0000000080)={0x4}) r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x8000) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x454}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x22c, 0x70bd27, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 03:40:02 executing program 2: sync() r0 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x4, 0x100) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000040)) 03:40:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:02 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4008af60, 0x0) 03:40:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x0) 03:40:02 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x1b010040) 03:40:03 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:03 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:03 executing program 2: r0 = socket$rxrpc(0x21, 0x2, 0x0) perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x1, 0x14603) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f0000000600)={0x0, @in={{0x2, 0x4e22, @multicast1}}, [0x0, 0x2, 0x0, 0x78c, 0x7fff, 0x0, 0x9, 0x8, 0x20, 0x1, 0x0, 0x7, 0x80, 0x2, 0x800]}, &(0x7f0000000340)=0x100) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000380)={r2, 0x5}, 0x8) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000700), 0x4) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$admmidi(&(0x7f0000000400)='/dev/admmidi#\x00', 0x5, 0x100) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000480)={0x0, 0x0, 0x7fff}, &(0x7f00000004c0)=0x8) syz_extract_tcp_res$synack(&(0x7f0000000080), 0x1, 0x0) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r3, 0x84, 0x10, &(0x7f00000005c0)=@sack_info={r4, 0x7}, &(0x7f0000000580)=0xffffffffffffff5f) socket(0x1e, 0x2, 0x0) r5 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f0000000440)=0xc) perf_event_open(&(0x7f0000000500)={0x1, 0x70, 0x1, 0x3f, 0x7, 0x5, 0x0, 0x4, 0x0, 0x4, 0x5, 0x3ff, 0x2, 0x1f, 0x7, 0x9, 0x9, 0x4, 0xeb63, 0x5, 0x6, 0x1, 0x0, 0x47, 0x5, 0x2, 0x7fffffff, 0xffffffffffff7af6, 0x3, 0xd2eb, 0x4, 0x6, 0x4, 0x8, 0x607, 0x1, 0x8001, 0x40, 0x0, 0x8, 0x4, @perf_config_ext={0x5, 0xffffffff}, 0x400, 0x7fff, 0x80, 0x6, 0x8, 0x1de, 0x9}, r6, 0xc, 0xffffffffffffff9c, 0x8) r7 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$search(0xa, r5, &(0x7f0000000140)='id_legacy\x00', &(0x7f0000000180)={'syz', 0x0}, r7) r8 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) bind$llc(r8, &(0x7f0000000040)={0x1a, 0x1, 0x1f}, 0x10) sendmsg$can_bcm(r8, &(0x7f0000000000)={&(0x7f0000000200), 0x10, &(0x7f00000002c0)={0x0}}, 0x0) r9 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0) tkill(r9, 0x16) 03:40:03 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x400c55cb, 0x0) 03:40:03 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:03 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:03 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x1f020040) 03:40:03 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:03 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0x108) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x1, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)=0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f00000002c0)={0x8, 0x3, 0x9, 'queue0\x00', 0x4}) r3 = fcntl$getown(r0, 0x9) kcmp(r2, r3, 0x4, r0, r0) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e22, 0x7f, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xfffffffffffff212}}}, &(0x7f0000000240)=0x84) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000280)={0xb5fa, 0xaedb69d, 0x8008, 0x2, 0x913, 0x9, 0x100000001, 0x6, r4}, 0x20) preadv(r1, &(0x7f0000000100), 0x2df, 0x80000000000) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x1fe) 03:40:03 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00009e3ff6)='/dev/ptmx\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00005befdc)) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x8400, 0x0) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x6) 03:40:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x0, 0x40000) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000040)={0x100, 0x3, 0xbc6b, 0x1, 0x6, 0x5, 0x0, 0x401, 0x7, 0x8}) tgkill(r0, r0, 0x3d) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:04 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4010ae42, 0x0) 03:40:04 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) write$P9_RUNLINKAT(r0, &(0x7f0000000040)={0xffffffffffffffca}, 0x7) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:04 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x25020040) 03:40:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x7a53}, {0x0, 0x8}, {0x4ba89f28, 0x3}, {0xec1, 0x8}]}) readv(0xffffffffffffffff, 0x0, 0x0) 03:40:04 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:04 executing program 2: socket$inet6(0xa, 0xf, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SG_GET_VERSION_NUM(0xffffffffffffffff, 0x2282, 0x0) listen(r0, 0x8) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_ENUMAUDIO(0xffffffffffffffff, 0xc0345641, &(0x7f0000000340)={0xfffffffffffffffa, "871b3c5972dd9a7de60c7481a06c1ce0c149df72ea56fadce8877328cd218ed3", 0x0, 0x1}) r2 = accept4(r0, 0x0, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x2) geteuid() setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) ioctl$VIDIOC_SUBDEV_S_CROP(0xffffffffffffffff, 0xc038563c, 0x0) ioctl$SIOCAX25GETINFOOLD(r2, 0x89e9, &(0x7f0000000000)) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0xf400fffe, 0x0, 0x1000000000054}, 0x98) 03:40:04 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x401845ef, 0x0) 03:40:04 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x25040040) 03:40:04 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x7a53}, {0x0, 0x8}, {0x4ba89f28, 0x3}, {0xec1, 0x8}]}) readv(0xffffffffffffffff, 0x0, 0x0) 03:40:04 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:04 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) sendmsg$inet6(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000040)="6a4d155c7137a689e146a55a528a7ccb498e2ecfad9fcce3c8642f557fb9a4dc57980f2c68836b3ae0da5ae408a29c7750bf551f9e6aebcb0a5d9e2c6a15680a9fc98e6e811bfcf6560ae365cc7fd63b647dd4cf3301fcb07efbad6b8d3578d8937d828be26e4e2b821cdc7d700f0e611c03209bc4821fc8afe0855b9975e237e0148d1f1aa2ac7fb8c2ee25af99bc8d1a04ba4947725527ab6e471291c3da71f3a07a5c5d098d38bdf2ed57d6", 0xad}, {&(0x7f0000000100)="8abe11ff4ae4487315a816872dc5ddde024a5e2c0a36b53f862163081b9516302c1bb825a33df33638e64576cf1f7f8eb344cd19315f171898dcd2d0dbd3c03e773437f233d2d6b8f6ab2d568420a73a7f237c7144f8f734fb55e969491a3949c36258dad337541eb07ddee40138609af07adaf017df36f50af88791e608044d2257edb8c122550736b9ccdca549ba4b", 0x90}, {&(0x7f00000001c0)="fed473f5518bcf96c8b6067f65dbc4b28bc79da100096a172bc1619b4bd65847bde9e05ebfb91d815e92f0a74d359d3f4e05918938aa7b2d430e22bd13e221c6e31f8d3e9f59a6512b352f966f4562b5937108d9802e099e1315023b13bcc33ec9cc865c99f05fc4e5bbadb3309c5f", 0x6f}], 0x3, &(0x7f0000000440)=[@dstopts_2292={{0x1048, 0x29, 0x4, {0x89, 0x205, [], [@hao={0xc9, 0x10, @local}, @generic={0xe637, 0x1000, "e4d32cb4f44dd471b85af110f5bc8e45f9baa0c8b53a17301ecd789e4709ad38dda3c2eb2761df015696ea5b937bf76316031d45ace1a00fc186de183ac016f45f10efea530649ed54322970abc500c5b3187a3d6ab3f5e4e1748817547e325a7100eadf1ace09cb1034101e333134aae0dbd37319bcc49a2f35b6a1e25baea1732f3eecc4b504369b8a7fa2089514b8a54107c1dcb4e9b3f12124c36d278347afc56ab53d2de5d90527f55cb5c42724e872001737cdffe645caa7d270cb6912055f35e6aa9a0ed23841644e0a5948fcf8d3bc409d393538d3d037ae6eff308b116e6a92ec3d9f90909372cac937da949eca521a338547ae1fea1edeeb807c0ab309542e35911df6359e158e0478728dbf406ca2962b2de8fed87493bc747550331f6a3a8543541bea6815eaf36eb41b7ff03485c59854807cb3f4f4e8cc39e9516ed904fe3c6b5f20c1d1c361aed6be0ae73db4c73209934b803c5f25ea4b2128bb340f539be0119d0718c60a8ab619a0e7d00a5ea9814e982a666f354cca107cb1b6a6335734f8d2216988779a5259cec9b45f93ff3428b20dcf77993c906aa20f8a22fa25774c0ccbf55c178cd7002594c6a215d71e5fb4f53ed493aace1fab7a59091b84ef56d3fd8bc928780223dee2047fa1f6d6fc423616d8435ce41893c189c3c00315faeb5f98d5506e099ba23c30cb2e3714f8d74e7c522988f0f716fc5d43c180bbe5ed6df0af68232bf738f71776ec49743fbc19bda2cca4d219deea769c380671909e914a7c6d3da27eee47346c7598ff1859b4349b478c5f14e064abe139f635b4bceb4f48eed6a2c4cd6f950a04f0516eb02ca681860de8bb92379b31029ba3c1ed3c91321bb32f45dcc984e94a6acbffdf15a560d0b7c394bc62d3f86c3eaad8e58385faeb2db0e11499f66387d467f67fb13aa3498e8fb269beb40765dcec885adc7d7a3c990244831d4cf5d6ef0a59c094e249da4ae648001073e1711fa32e94c4137206c755affb7eed73c5e01f1f8c899e6e25d61a75531ccec935a62c7287c1d91f6d581489599b826577a9b7061c102206fdd3b5b8600df26df91411191fcdab321750add96a16139511c06600af9540617bd23531576ddec211fa1bac802167c8fb15a1caec9b2b13d56d3f4561d540b87c9dc8b4ed58da21aa152890abcc7ffdd22121fddf327edf6780a5549fdac93bc96ae156cd219dcb9b22e6860cc5baabfaf99aa7fbffd9325d2f83a19a62d04ea6900363644603092d9e86b667f40098cf85d34284f1e89891c0be268bd9786ec62417014fee9df4a0f33388b750749b521f4d9a99a7737b3a6e703809973ba26588bb2b00b72da090b701a860d95bedd491638630d11ad18af36d3c58fb3349bfd1d8d160b22521cbf9d9f241f61116097730e93f077c62c86acedf7f5738735cfec3b799e4bd7c8beef6c3d2116c3a92d4d4db4c26b008451773c50f5ea13edde5705853c41f2f1a00173afe3a5f68da7df513135bed7fb8e7f65de396f9ab24df2d348b765eeb17eb682ba4f9ab912785386bf11d240959bf0d00df281ea886c31937f93d76405f236593c18f8a325ef462194de59889140f61a39fca67864fcd127992729b1138cfc02133e4df3d8b490ff2aa99b378a12db7e06b9c9047252e99b3a72fd2218fc6757b12db21674568e9e470e5f8a2e5f161e4b45ed2fba93adbdfd235d87516dd305d749ac9575694ce97f484a1770b5cb6e0bd05392ba598251fe903c9861035cb52bfdef51e776fb2ec6b5615acf633f058a37b9a5ba4982a9aa7f30fe23fb4f229bbfdd1750d5e4246d4e5da936c9648b757b55b4784781dd5ebbf082128e945088922d1a80632946bd74137e50f3a20a4c39ca8843ff4f34930e2242226e5597e1fbcb56703396987cf0edcd594cef2843bc7ffa864dd3d9879e38b1d1d6ad82dcd8a5a36f9339c834e0dd28701c623142802f106049425b9872ca8a98330bce1c50793639bf098fe14bd85717f781421f7749c5bda53fdfc4a85ba5e8dcabe62acea9a6369472c79e6260e3aa2341a1455dc16ebd126bfb7060eb094c4cc776da96f09ccf444e2d6deab6736a59a7fcabf45e870e759f833def78dcf1691131ed5be9e08b078daa910d19c5a47ce5c572c374dbb438e7102db094bb59f2abca8a91817ec7af133c3411a6e4951afecfcc0f7a037fec88942fe02866b4b6d3ea890b3a230d9e8ff4da60691931495259e03bd6c9079df04f41dfc6303dfe82c619ad5b2b2fc70dd3250ad44ed8cf4c5d9d5572f1165c6f1026c8d8a67c48b91c496a801917d38b88abf29ecd1349030e78b6fc9381b698cf0476e3cec881800224f876acb84faa7391574ac60917a8d9f78bfb2b743c925247472a89d5ce8a3b81aa305c4e013bfef1a6f8e131d9bca9d8acb932026827f26b65c666e5d07c7dba4e00e75df34400d9c9e97c4a4266f173711f5599a06be744879bda00565bcb2ae9e8274b9f74ca3cc926f2ffccd717ebb6506c3374a2c82d9e3f32c20bc4a6f334d9e92242c73e2e7d3ac30a6000e71067b14c12655d005f91a908526810c61978a4ef6cccc607dc7a07991c8014efcaecade48c8ff07e8516f8ca1c9e0e8e57df8dce3002ccb704b33a95937cf41d0dd3530564a260a85255f8f83a27f1e80d6a7cc3c70a80dc6e84621f7fe0c42e979f1f0860a9a0ea44ac84a14ba7a99ba0a5c18cf6aafd563317f544c26a8bdc4bef80caabf7743d81b3a97d246eaf9ac5b2e26b5f1ac50f43250483d6b4e6cde80194b6aa11eac38d2a58cab7ef6c89828e5018c53c306ce3388e46735811cf0de95e6120905eec73944471bf46008351eca75914a3205d331ceea3d181986b3274bf95dc8b7f3962887f0fdf9bb301d6955c86f0b63c313a8e81e95603ad09f4b4a3870b8e3e379f0976870fc1e6eb7e010480805082cafb06051351fa64ccca680fa3650c4ff3f74546f8f23dc2023bb4cd38fc1a3a818baeecad4702538141dcab41f72712ea67996e84883f377eae8f421ab487eea4c9f93a9e0338e7cde7877decb05f9eb0bc86fb26c653cb4d29c1c21c96e09e8b4aadb5b5faae0199c7777ed91af6fa4f35f948333355309589970aa081a9da99485602724c70bc4ce048b408b7ce3afbc82bdb80cc8fd12028781abc8a35aa86b61bf76c13cafdd5408f11d1cf5dfb34d3c70756c8036a36c7848606a0cb13f033ce5a5d895820080f4d082b85a6f567a46d96b4725bbd2a1562d10da7087a60d05b69b0e99c459bbe9fc75eff28a897a700e567c9d2816748059bf18a5f8f08017875c0c976c35a6c9d669e20fc37d75296e00569bdb59fb6b29f4b32d9c67ccd1e4836c5c955adb89c1100ad9ed2582fcad1aea90ba956b62bc5cd84be553167a25c68e4991647e65fdb548011983e3673018d06240f01369c66dab986576b2ab41017b6db439639c7b65e9c876f23a24367d243f93c59695545bedbe7bdfef2608edba037623e68dc9c7f52f2522cef315e4c9a4e58c9b76d1c7b0348aa99803a3b4b6190ae68cf47807b563b1fef233acd3303bd569e8b120c188cccb43e5cd91bd9c143dfa626484f320e14f895b3dd3b7ecc38e2f5cae1a867465ab6488cb8e16d795929a52baa297b1f81cbf79b392611a04615d81a0ea88c9b3f858bd0254758bfeba18f409676cc91e93c02ac45fa3506d9fa153703e67b4141497ae4414ab1970218f80466586bc6b20339054c2e27d278cb3c33052311b6e9d00cd6a1a437b25615ae0b69b2c15bc2e5f43aee296c3adb849448ead05bb512ec83444b8653876ae0c979363fcbe6f98a4eb061bd024578ed8f4af6f0a268c718ead28ee0aee4a77a8e2604973cd5eed2158860e5170ad7a610cdaae7510731a72c2629df6185820c40412559ccca91f957107b60f1af3cedd83a9154276bf4b65a8ce8f0b7d115571e15f9fb270f770bea27950c5f2ef1d9593d30f8d0dbd8be30fbb65f77ff7875d33e7efa602571568e645849bded4a89521d4656b3b0ba088213829549dc9e2b66572be067ea86645952e78c0f5c1a226913d6ad1797a5d96fc0f6a3839d26d209624f3f6c2236a8edd87b05bd0d443c3e5ad563ff743112e3946f0d07b4280479cc0a54223a5f81771dcc097e0a33bd5db3a76b4d20eacae76cb0aef2d2fe25e121af88f147fcea3f2a2450f0013cfa978c087172a5ad76476cf8a872db9b16961b5bf7ae314b1f38b5a42d89ba9dfe30a9ebd21beb2b1049c7e4d9d9b0211f9c60990f77629f6fed9f27b6d585848332dcb8000343220d141b308317dce2c3179fe0efe0aecb2858adf4bb44a11d6eb0735ba8c70ebd660e4ab670ac8691304225d9b05bd33df5ad724a02e9b648423d305af9fda8d01ad6b89fa3ab4e9bb35899adc1bceec0a93bccd0c5a8f7333ca68853446d249eb4c1326eb14d533bc048b16308ab3c904b8d4cfc756fbc802c9cfb0aa685c6e87f25a6b9e87f0636e967d8845083814038ae1cba80ad4dd9f01e886486ef51bfdb51ac5524c959bbc30df42a73fd265ced773d66e5b5ccdd136cf5182aca428167ce8064e5e8022a24ff0dd4744824a8e68b938b208aeba6c7599b4e6dae880157f5ea59ebdfefc03c099a6cbd2deed11f5b27f14104a534b5687740f4b48a4f22b429258b3e30765e0c791c83e70cdd60bd85c842d880ba620e0e908358b7c7b5fae78ea3affc2b9b94b50a988eb5e0d2fe7f3fdd8b843ca20dfd1d2ab78d7a5a1bc751bb887bc28893529a27c49f92273b52199142d82c63ede9edc52da1a52b2614cd8896be4e5142a0738a43e43088ec663ebde04f3c84fd79ba33e483fad147439c7464e832536b1be57adc071d66d38de077d5c98f8906be3f38014d89d25c20b2046d4b6930474a68cc6175c6193e39286480e37c14d6d4a1420ba30fccae6de0ea72dc9ed675bc34845d00eb7f30498611f33c4e588fd471d3f889479c7aea9082d4a2f0209353ff60a80e098865c1e3d7f6139d2defb0f5b9de18a9c88c0bc6e423f2db15e70800423cb1648e4ce88a159c6b2b1dda14fa9f29947314ddb62e3b2e73a7508d6a064ec493d7006baf05185e3dfa5c4580972683b9d62aaad349098dbc93c91296fc848d56fd67f9437e27310d0f05655b529d6ae69cb6426be5316e25ab4403ded9de73f8ca0dc91ad00239b42d0ec4ae594a88f14a3ed3a2d6eb44818f7ebad73a0617128998538146863abd3a6f93b605d313ac11f41f73219bb6617cd812a47ffc26d1e6c5af2cf65b0b90781fc8aa8ed5f1003a874b9cfa75b7bca3b4d639ed5c8e9bee9d09aae340a6f3093bc17062ba4b35701125fa2205182a15a6311435055548c1e5b9357b4dd0ae931eb8f7eaeeb257e96b24bae6bd21a1d6ab121a24f2e03af62105e2f17cb0f116480b0f32da84ce19330ea1ce6227b6902a2bae9932c3d27afeb858e6b926c54af0fbcbc7a4d6d5ebcceac58ae4f81e79f3f6b24db50554d921429c244dbeb271fc40638bb11edc79a1811ecebc57b76b0b7e71df499a38575a3c0aaebdb22897a942946222863baeb4e557be7ffe554fc1c3cf36d7f079d448ae0370626f71338d6bc7f1e183917c955fa54cdf01fd45ddc22dddca62b5d34d4639047473e2c56ac20069ad9ddc0d0cda6cb58d1959e1cab03c24d2ba219926ed8a5adac4e441a13e807dd1d0796d25d0a62f5838e9566447a6fb3eb1589c539f0661f7cea7a32c64704c4642ef2b1e166b39e88949eeea6911c45c64787117a45"}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x5}]}}}], 0x1048}, 0x4) 03:40:04 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4020940d, 0x0) 03:40:05 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x7a53}, {0x0, 0x8}, {0x4ba89f28, 0x3}, {0xec1, 0x8}]}) readv(0xffffffffffffffff, 0x0, 0x0) [ 818.630355][ C0] net_ratelimit: 17 callbacks suppressed [ 818.630363][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 818.630398][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 818.636115][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:05 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:05 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x29000000) 03:40:05 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x80000, 0x0) perf_event_open$cgroup(&(0x7f00000000c0)={0x5, 0x70, 0xed5f, 0x7ff, 0x5, 0xc85, 0x0, 0x1, 0x800, 0x8, 0x2, 0x100000000, 0x1, 0x10001, 0xd0, 0x0, 0x2, 0x0, 0xdc, 0x1, 0x404, 0x1, 0x9, 0x10001, 0x1, 0x2, 0x7, 0x1ff, 0x100, 0x9, 0x4, 0x80000001, 0x23, 0x7, 0x0, 0x1, 0x4005, 0xfffffffffffffbff, 0x0, 0x5, 0x1, @perf_config_ext={0xc03, 0x3}, 0x8000000940, 0x1, 0x81, 0x7, 0xba18, 0x3, 0x5}, r0, 0x0, 0xffffffffffffffff, 0xb) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000140), 0x0) 03:40:05 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4040534e, 0x0) 03:40:05 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:05 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x29030040) 03:40:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x7a53}, {0x0, 0x8}, {0x4ba89f28, 0x3}, {0xec1, 0x8}]}) readv(0xffffffffffffffff, 0x0, 0x0) 03:40:05 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 819.270401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 819.276238][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 819.282118][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 819.287897][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:05 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x40445637, 0x0) 03:40:05 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:05 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000080)={0x4, &(0x7f0000000040)=[{0x7a53}, {0x0, 0x8}, {0x4ba89f28, 0x3}, {0xec1, 0x8}]}) 03:40:06 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2b010040) 03:40:06 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:06 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4048ae9b, 0x0) [ 819.750364][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 819.756244][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:06 executing program 0: r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000640)={&(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000140)="e3d7a1276252a762456cbc250e284c2654f80b98de2e855e6064a677b5a733dbc2769058d5855e85ad5e63720f", 0x2d}, {&(0x7f0000000180)="fc6d83f2271d23f69f66a3fe320d8fc30d3b9ce6f5ddf1531f80fedb518287228fb6e2995dfdb05d81135235a679eb647529fb1cc9ec5ec2e726e0993da233a55ea6174d3e8dfe3b6b7d120ca06807e741d75f10bddffc40354b1553cf3a22f5bbfd71449aac6115ff05e86b84ff8dd6705588ec3032170af66543d31aab6e9b94fd7d151aa1a421cb9ef3d1cba9c323c2728c1a807e5efce80fbff313e15f5b1628a69e5261c6ed93700ff39ec224cd5f", 0xb1}, {&(0x7f0000000240)}, {&(0x7f0000000280)="72dc6056b73e012b19a70085386ccd1dc378c425ae689ff27a520011512f5145963db5fd6a5f2cca58ef3c", 0x2b}, {&(0x7f00000002c0)="2c796d09927a6b00aff26fc9c0f7fa8d61e00428e3dda877679de259322b93a6918e6f7d58f86508c5564cd9a4b7fc956a7194beb1352ae48b1e155e90411b78bf900ddab65bbbc2a315d9ee8293453f3045c0df486d504c18f36f355d2e9f", 0x5f}, {&(0x7f0000000440)="5bdfd46d863adf09439b740556b02403b24d1efc948c6cb4e8f0712512611e91e7a553afbd74732c765dad6c7be192a20dd69d408416a26eea3545c57e86ade97664073a97c11fed09406f756abc207d818eff9e6d2c7d1ede15c90ee68108b74c03f517c8926e50b81c8e5efb7052c653868079b8b78436ae0c5ee1c2bcd695c33ede7d565e92c6129f98a2e06765df2cf1dbf2e21dd24b30cd82e3d1f4ea735212f69c6122db306f484523513a5865fd18ff934f160956a0ab5916cdf80c385a1e412d1966520b69e5a83ce41bfceb1c10ba0eefeec7b0bed7a3fe4727b0d918578d53153eabb902ecffb8a36d2021d57a96db69", 0xf5}, {&(0x7f0000000540)="69d2fa1a7273c58fa62486c023f880f3b5e6c5b60324e8a0a3b942467c20639006b01f662d73d41aa218f11c2fa11b2fc2248d571bef5371b167a42f003ffb95bc2c4046c97892f0232128d3e6fd0106e41431618f6be46fd09c44a17839f5c44baf58bcb3f8bb5ce9fea10c3ed5346560b674daccc57d49ed971848e602b4640cb58ed3f8a7d167c5586febfdb8455ba703944a12f4d4e18c2981b29801cd2d5a101daebd810b86aacbe4adbd8be1f50ea35a9d635052e65c62d2e9af4381374697efe376b20046f86e", 0xca}], 0x7, &(0x7f00000003c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}], 0x18}, 0x20000001) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) socket$pppoe(0x18, 0x1, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000740)='/dev/autofs\x00', 0xa500, 0x0) ioctl$KVM_SET_PIT(r2, 0x8048ae66, &(0x7f0000000040)={[{0x200, 0x7, 0x6cb, 0x5039, 0x10001, 0x8000, 0x6, 0x6, 0x7, 0x10000000000, 0x9, 0x100, 0x81}, {0x80000000, 0xffff, 0x5, 0x9, 0x2, 0x2bbcb78f, 0x1000, 0xffffffffffff7fff, 0x78, 0x92c5, 0x1, 0x8, 0x6}, {0x2, 0xd6, 0x96, 0x400, 0x80000001, 0x6, 0x10000, 0x4, 0x6, 0x0, 0x2, 0x20, 0x4}], 0x80000000}) ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f00000000c0)={{0x3a54c2, 0x5, 0x3, 0x4, 0xfffffffffffffff7, 0x1bb}, 0x5}) tgkill(r1, r1, 0xe) recvfrom$rxrpc(r2, &(0x7f0000000680)=""/100, 0x64, 0x100, &(0x7f0000000240)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e24, 0x3, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xfffffffffffffff9}}, 0x24) 03:40:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)=0x0) io_getevents(r1, 0x0, 0x1, &(0x7f0000000240)=[{}], 0x0) 03:40:06 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x2f030040) 03:40:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 820.150374][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:40:06 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:06 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:06 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x40505330, 0x0) 03:40:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:06 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x31010040) 03:40:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:07 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = dup2(r0, r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x6, @local, 0x3}, @in={0x2, 0x4e20, @multicast1}, @in={0x2, 0x4e21, @local}, @in6={0xa, 0x4e20, 0x1f, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xa8e9}], 0x58) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:07 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x40505331, 0x0) 03:40:07 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x35020040) 03:40:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:07 executing program 5: io_setup(0x800, &(0x7f0000000100)) 03:40:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:07 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x36020040) 03:40:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:08 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4090ae82, 0x0) 03:40:08 executing program 0: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x200, 0x0) ioctl$PPPIOCSMRRU(r0, 0x4004743b, &(0x7f00000001c0)=0x5) keyctl$session_to_parent(0x12) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000000)=0x9) tgkill(r1, r1, 0x11) timer_create(0x0, &(0x7f0000000100)={0x0, 0x31, 0x6, @tid=r1}, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:08 executing program 5: io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 5: io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:08 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3b010040) 03:40:08 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x4138ae84, 0x0) 03:40:08 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_init_net_socket$netrom(0x6, 0x5, 0x0) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x7b8, 0x400000) r0 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x2, 0x8000) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000080)=0x0) setpriority(0x2, r1, 0x5) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x20000, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:08 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3b030040) 03:40:08 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:08 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x41a0ae8d, 0x0) 03:40:08 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 4: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 2: io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f000000) 03:40:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x408000, 0x0) ioctl$sock_rose_SIOCRSCLRRT(r0, 0x89e4) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 4: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:09 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x80044326, 0x0) 03:40:09 executing program 2: io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 4: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:09 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x3f030040) 03:40:09 executing program 2: io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x800454d2, 0x0) 03:40:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 0: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000012c0)='/proc/capi/capi20\x00', 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001540)={r0, &(0x7f0000001400)="8aadf6d18f965400e9d633ffa2ed7b77f9f5f954a456ab5fc19d1ce4bc7c638811846c716cde05040cbca0e6dca0a65a7eaaca26b221a5076d20bdc38a88cd2317fbb30905d7da10e85b4bda524e8cc46c805ad9e0fe0f4062643667d93e163e104bd120db61d8a82665f965749b02317160e24c9ad412beeea0b5b9d3c9ebf7752097dd631ad217872ee57effea0740c102087b7bb2fa6a315970fe0886663c9be6848605cb8af314b0597fe0d15e692daa30ebea34ab31d26594312d949422282a98eefec77b67928b64972d77157d59d8e1560445d6b65f274b9d70a8", &(0x7f0000001500)="5c59424e3ae127", 0x6}, 0x20) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0xf7ffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x400, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0x41) r3 = syz_genetlink_get_family_id$team(&(0x7f00000015c0)='team\x00') getsockname$packet(r0, &(0x7f0000001600)={0x11, 0x0, 0x0}, &(0x7f0000001640)=0x14) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000001680)={0x0, @local, @multicast1}, &(0x7f00000016c0)=0xc) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000017c0)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@dev}}, &(0x7f00000018c0)=0xe8) getpeername$packet(r0, &(0x7f0000001900)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001940)=0x14) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000001c00)={{{@in=@remote, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in6=@loopback}}, &(0x7f0000001d00)=0xe8) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001dc0)={{{@in=@dev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000001d40)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000001ec0)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000002540)={{{@in=@dev, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@initdev}}, &(0x7f0000002640)=0xe8) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000002680)={'veth0_to_bond\x00', 0x0}) getpeername$packet(r1, &(0x7f00000026c0)={0x11, 0x0, 0x0}, &(0x7f0000002700)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000002740)={'team0\x00', 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000002780)={{{@in6=@loopback, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@broadcast}}, &(0x7f0000002880)=0xe8) getpeername(r1, &(0x7f0000003cc0)=@hci={0x1f, 0x0}, &(0x7f0000003d40)=0x80) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000007180)={0x0, @dev, @empty}, &(0x7f00000071c0)=0xc) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f00000072c0)={@remote, 0x0}, &(0x7f0000007300)=0x14) accept4$packet(r1, &(0x7f0000007340)={0x11, 0x0, 0x0}, &(0x7f0000007380)=0x14, 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f00000073c0)={@empty, 0x0}, &(0x7f0000007400)=0x14) getsockopt$inet_mreqn(r1, 0x0, 0xcc3b00c01ade57b4, &(0x7f0000007440)={@loopback, @dev, 0x0}, &(0x7f0000007480)=0xc) getsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, &(0x7f00000074c0)={{{@in=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in=@loopback}}, &(0x7f00000075c0)=0xe8) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000007600)={'team0\x00', 0x0}) getsockname$packet(r0, &(0x7f00000098c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000009900)=0x14) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f000000a240)={&(0x7f0000001580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f000000a200)={&(0x7f0000009940)={0x890, r3, 0x20, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r4}, {0xb4, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x800}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x1bc, 0x2, [{0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x3f}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x4403}}, {0x8}}}, {0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r8}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r9}, {0x148, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xfffffffffffffff9}}}, {0x4c, 0x1, @bpf_hash_func={{0x24, 0x1, 'bpf_hash_func\x00'}, {0x8}, {0x1c, 0x4, [{0x40000000000000, 0x1, 0x4, 0xfffffffffffffeff}, {0x1, 0x80000000, 0x4, 0x61700000000000}, {0x8, 0x88c, 0x74e4, 0x71}]}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_port_stats={{{0x24, 0x1, 'lb_port_stats\x00'}, {0x8}, {0x8, 0x4, 0x8ea}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r12}}}]}}, {{0x8, 0x1, r13}, {0x1f0, 0x2, [{0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r15}}}, {0x40, 0x1, @queue_id={{{0x24, 0x1, 'queue_id\x00'}, {0x8}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r16}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r17}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}, {0x40, 0x1, @priority={{{0x24, 0x1, 'priority\x00'}, {0x8}, {0x8, 0x4, 0x10}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x74, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x1ff}}}, {0x38, 0x1, @notify_peers_interval={{0x24, 0x1, 'notify_peers_interval\x00'}, {0x8}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r20}, {0xb0, 0x2, [{0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24, 0x1, 'mcast_rejoin_interval\x00'}, {0x8}, {0x8, 0x4, 0x77d}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24, 0x1, 'user_linkup_enabled\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r21}}}]}}, {{0x8, 0x1, r22}, {0x74, 0x2, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x8}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24, 0x1, 'lb_stats_refresh_interval\x00'}, {0x8}, {0x8, 0x4, 0xf594}}}]}}, {{0x8, 0x1, r23}, {0xfc, 0x2, [{0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r24}}}, {0x3c, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0xc, 0x4, 'random\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24, 0x1, 'lb_tx_method\x00'}, {0x8}, {0x1c, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x100000000}}}]}}]}, 0x890}}, 0x8000) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) sendmmsg$sock(r1, &(0x7f0000001300)=[{{&(0x7f0000000080)=@in6={0xa, 0x4e23, 0xec8, @mcast2, 0x4}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000100)="b12bf6dc5207ee675c02a3367bd957bbcb5c435a12ec5d7adb046ea145306785c021a3dcb78b3033441e254a76571a87bbfb9a053ab064a8cbe0aae79ae8c6cd4e264ac066a9427113dae8ba9dc772388ed6", 0x52}, {&(0x7f0000000180)="2625a121a2", 0x5}, {&(0x7f00000001c0)="b0c8e49d3da03a564a2f6756f9f116a1294a2216cb029476001edb3c15ca2585b7c6ca0a88677b952bebf053704f9337cd7ae918dcfe0963b7ee92", 0x3b}, {&(0x7f0000000200)="51bb13fd03b48eabef2b065fb614fd013aa79519eed4074d35b462d0ad5e7795400c4fcf52", 0x25}, {&(0x7f0000000240)="5e9e00dfd0e9056b329a3812d2585a04f5abb1a3e9cd4dca89b2bc36635a2c33f2824a80d56ea610a2064251f7708acee445ce880e4fe5f00f407840501cdf8b5c211d9835021a197f14b2c3032dfe6dda05497e7cc364cf37a5c2f00fabb7b3455bfd6ea4f74903d4d8c5226b2ccb66662b110ae662f4", 0x77}, {&(0x7f00000002c0)="53aa8403f680618c72318ae2b46c609e420fd56e599cca73e3afdf27080feb54fe64a3ba2ec6fe38f4b84ad15f4fbf0b2149baf78d2b199ac9b103470c0b30bc71f66e4f527f2a8d41cd727079466112175b2d09f33dd09e9b3726eebb927c8952c816b0d2eb3ada3b5f3d493c37f46ee96951c0da83841f943170eb36665f", 0x7f}, {&(0x7f0000000440)="3fe51e71020c820c7fc6442834818e7f46abb08ae96076478fc670d28292f5de7583745bc696ce8ba268f40d9a6dd0024ee45c16a3648451cfecaf9689276b8059fcb01a393f99ab2f3bb8e69c487b41a2406ed4dcf845969fe0cd0dee363a975be9969e1567fe1a756b6bd3602a07ae5d9c1fe0cbcce3e3b03d432392b42f4205e00e18edf96515ebdce148f7058f873f26e0f1bcd78082ae1dc6a4f44dee95c1006535eed2614b0be2cb3e8bc4abb92ffffe89d8ea966e944e400195f072a709db9b69e2a5cafcf5216d", 0xcb}], 0x7, &(0x7f0000000540)=[@txtime={{0x18, 0x1, 0x3d, 0x9}}, @mark={{0x14}}, @mark={{0x14, 0x1, 0x24, 0xfffffffffffffff3}}, @txtime={{0x18, 0x1, 0x3d, 0x20}}], 0x60}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000005c0)="8a56edcc61f061ffdc80dfcce273a437ce068f6015dacf4efb876adc4d088977efe10ae7b2e8022b5e48959169aeeb47588acf132c20144b679a0015030a4f0cdff752817dbf7d846199868e45c8ae6ad4b6dd8f4b41a9c33b66ccedea3e1e405a556049e6cf9b104609a7d0f8f3ec17cdfc38b7cc72dcd71680a54cffa726480df0b6ee8b4ac70ae8e8c336f4861c606a0989cf1163154db852564de62ad40526b38faff35dbc817464d0ccf0887046dfa41fb23c13d96fb584c93746b9a611f2c3c06e403a3850dd0f70b202e44eb5bb65e7b343e5d6593a65de5215d95a12ddd3d4410195f3afb05fe9271dd6d5325bfda8ea4be32c0d7ccc4dc0", 0xfc}, {&(0x7f00000006c0)="59ae5402f01f278729c1345310c2ca2ea8a04585b3ca9ae51a4aaee02f8bed95edf1c5", 0x23}, {&(0x7f0000000700)="afa480524394760d0a7a7fe63e338a124029cf9ecec1dbf27cc54674627e0de4cabc4c72555693928d5c17238fc93dbc58fbdcc1aad6be82b4b117bc949161136ad6da34269d334d170aea7f3f73d24bf251a7900d4dd00479816b5e79acc3a02de92467dcf077ce919d05be906512b4221952ad51ddd0d061", 0x79}, {&(0x7f0000000780)="4f659f7376e8671ca502edd70d95555f2363aae833f767b1af1db7693904b1e81f12f38f34586f0f9652d6257cf33e6ddb595e83a73953c6497a44122cecfc125785c87e0fc9b90978a901e5c9089d17bee2ed2ffbfa099b8c40321f23665c7282dd9aa62364afbb9a93f1b4c8eeb81aafb938dff188d335a3ff929b8775e8d8a0430e8cb53054ae98efe1c57b603cf7cd60fd9d1e79a17673b0ebf896e174314f288b44ee321368f1e822bc3c56ab", 0xaf}, {&(0x7f0000000840)="32b15eacc996732dccc2d789e66e105b2a2e1d58d85da176b83127ec7f1e4cf5a63be2b9d2629f03ea3bd68ff9cb8a2725bb4d1eafef259eb77eefc1daf62e8cd8e3b57950be67f2f3811e9e7cfc1012e3d131a77aec33df22997ecc2bd58cdeb1e11d3a23cee893ec2bf64df0aabf6c497983433e70597f15aa5551d2ae21d7df666c0c6ff0b5e3517e4cc5002e23c9e5a94bb2213b8a7f6fca2f8d57059c27972b945c820c60c68f2cbacf2f50a66ed54aec7d6e6e6b", 0xb7}], 0x5, &(0x7f0000000980)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0xdc4}}, @mark={{0x14, 0x1, 0x24, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0xffffffff}}], 0x78}}, {{&(0x7f0000000a00)=@pppol2tpin6={0x18, 0x1, {0x0, r1, 0x1, 0x1, 0x3, 0x1, {0xa, 0x4e24, 0x7, @mcast2, 0x100000000}}}, 0x80, &(0x7f0000000fc0)=[{&(0x7f0000000a80)="feea83ef96f17f292cf3c426c41337a2873dd102a6c714de45b2076f55df630c15f61611f5b5557538ff143a66e51dbc7eb10191334436353c743b71a3a002eba615fa8481de35c10bc54dce3bcd0e6825c2f161d64a9689c067eef21cb7f86e4a6b1be10436e0cd301e92b83c", 0x6d}, {&(0x7f0000000b00)="4bbe29848f2bc1af4b5be4780c4f90734be02db1e31b51839194357e07c29d5f72185b50d0214d3ca66b3c9a0d14fb79270e4d9d9dc20f2e52b450560841532e1e8b22c26ac04152651384c44e06efa2b0865bf7569e9947bbd53aa1a1ac6a08b05ee9682e63e64f88d387d296bd1c19e3638fd0cec4bda5fdf2b93e5d8d9b69b64092baf1282b3bbf4f73e197d320b74973a6672c1099b0b4b92b98c7e20cbd11fe7c1f760cd958c96f0250dcf567e63b761e967e07040caba5b0a58ecf80d97fc6e20ea7d72986c4608a592898f885ad66d4be", 0xd4}, {&(0x7f0000000c00)="26fdf4a7eccf5069995fd3e2bd5c0bc4a3d267f07ceb93a56b0a9c7b2388c3c9b4d5b60d29d5d6895a0e4d5657b7932fac5757444d065a7b1af9ea75a7745006b7ddd834c82e859f4fdb3dd4afcf82984e93a47707b0ae3d8a93513bf4cf9d4d23c9841d1db74738c961bbfa7994ebb2baeebffdcad94c7fc4879ea1cd18bc92ef743df2ea315a75df5793d8da431b9fc86a85bae3ec53cea69330cdb397bbbaececaf6ab366f33f297aa9f3bb8a9df30e4c6bc8032adafc09d510724e4a5b6e2cccf46921612aed543c1b4d51c206f0148bd1b39faf0948f0626700f309b33d27181df6f6b4eb602173267adab60c45", 0xf0}, {&(0x7f0000000d00)="0843365df981391a94a5dd70149b60ffd4f9ca2447d93a60caf69e638eef1ab6ca012558bd6883e2c278afdb35f097968db58f23362ca8dc9f22eb9da10e67dc25630938e29f51245e4b0d0d0867ab6c91aa322316f9ccfb7ca9ecaa86432c1849d76830704564d6c2558d0543a314e172b3d4be17634d85b3123e65270e8ab77639d5afb682357d9cfeaf74b8e2d880773a950420cb83b12230f9d96bde4a59b6fe3ac2cec1c08545bcf6959e315ca003c1a68ab340bfee809e", 0xba}, {&(0x7f0000000dc0)="6058284a78c8626c6637c747907d9acb46c29dc1d0457e091a94f8d2dd0e8baed43f51b9b82851cd9dda9813a3f05b4eace9c673554b1a12f94e4ccf2f56f003c5faa0ef8db3d105448502f6489e74b2430691f966d0d1c6b0c2ccd585cd08abd4ebd4e06ccceadc914ce1c7f707371443a9464e91e33215ce66ff0239858834ff6099e76aaaf70971a2c7731d29efa94cb41781b4328a116265343305223794cdc835c5ba422ba8c45fa0ba4a33dcd18437d4051927d2cacf1946941e6151a9160b045e5e477a2a22ffc8a83cd50819fdc498e04b0f5f0ac4cf8bd55492de20103a1cce7e94101f1ab6f8599681ff9149b67e21e584da11", 0xf8}, {&(0x7f0000000ec0)="34143e8ee432d5d3a7b370e3144692fae34f3b2308c1e5754602bf002cce223241db7b3055ba06c0679b1dc54391b836c5eb99a17b2211313ceb139e312531b37257be9023b832a4a95fa81ac1a5291bff66ea10ddef7565535680f2fa7fee78be81e69182feaece952441cddb9cc0341a1fe13b3478c954f64197b93e18ad9a3389fef84ca0155de5fe9b2c22783666f30cedc3", 0x94}, {&(0x7f0000000f80)="56909b550b197d971da1292a6f038107bd5ab8112b0b4a7df9d91076", 0x1c}], 0x7, &(0x7f0000001040)=[@txtime={{0x18, 0x1, 0x3d, 0x6}}], 0x18}}, {{&(0x7f0000001080)=@nfc={0x27, 0x1, 0x0, 0x7}, 0x80, &(0x7f0000001280)=[{&(0x7f0000001100)="ee817da6d3fe9eeb93da761780d9eafbea84f2fe5ce92dd6e2619a46cc7cccc601a1ab09eb1532a245400842be6200568a16f5207681c0eac11a8232f81347877c72874662cb460d22b4633193785baf1cb17682614cbf30f05034132d3b7efafda03d91c642db67bec4057fc67cc83077ade25ff1aa766f68ed5cc18059356550ea5b5a8093a9b9d54be3713518bfdd1cb8ed59314735093c1cb2d8459c709fdba34ae77094931129aa8f0f73ca820d1f92645719b0c03d23", 0xb9}, {&(0x7f00000011c0)="366688b23118ad2570c4059549fcf089aaec0ce4436d5a509e808e653f9edcb20a1301232b8ad8dbcd17527fa618210bbdc8ad09fc7abb1c51c4ec219e90c20575328993b85c86b4a04db51545cc2e95a3da950364e58bee499b71bc148283c3cc985b9e2e74955464901d33f919f6670e014286092c4a70698bcf7cd622128c799267197e5ce0c539bd15de4b13c3983dfd71a6cef69daa462b7482e22ace60f62b59a7be", 0xa5}], 0x2, &(0x7f00000012c0)}}], 0x4, 0x0) 03:40:10 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 4: futex(0x0, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:10 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000000) [ 823.910394][ C1] net_ratelimit: 21 callbacks suppressed [ 823.910402][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 823.916128][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:10 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 4: futex(0x0, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:10 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) [ 824.310367][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 824.316220][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:10 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x8004ae98, 0x0) 03:40:10 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000010b) 03:40:10 executing program 4: futex(0x0, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:11 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff7, 0x2, 0x1000000000000000, 0x0, 0xfffffffffffffd95, 0x10000, 0x10001, 0x800000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80004, @perf_bp={0x0}, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$BLKDISCARD(r1, 0x1277, &(0x7f0000000040)=0xfff) fcntl$getownex(r0, 0x10, &(0x7f0000000080)) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0x0, r1, 0x0, 0xf, &(0x7f00000000c0)='mime_typenodev\x00'}, 0x30) r2 = getpgrp(0x0) io_uring_enter(r1, 0x7ff, 0x7, 0x1, &(0x7f0000000140)={0x800}, 0x8) wait4(r2, 0x0, 0x0, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r3 = gettid() tgkill(r3, r3, 0x12) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:11 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000115) 03:40:11 executing program 4: futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:11 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x80086301, 0x0) [ 824.870379][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 824.876242][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 824.881709][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 824.888509][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sequencer2\x00', 0x40800, 0x0) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r0, 0xc0385720, &(0x7f0000000200)={0x0, {r1, r2+10000000}, 0x2, 0xfffffffffffffff7}) r3 = socket$inet_sctp(0x2, 0x5, 0x84) getsockname$inet(r3, &(0x7f0000000100)={0x2, 0x0, @multicast1}, &(0x7f0000000140)=0x10) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r4 = gettid() r5 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x6, 0x1) symlinkat(&(0x7f0000000040)='./file0\x00', r5, &(0x7f00000000c0)='./file0\x00') tgkill(r4, r4, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x20480, 0x0) 03:40:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:11 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000011b) 03:40:11 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x80404507, 0x0) 03:40:11 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:11 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000180)={0x0, 0x3}, &(0x7f00000001c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, &(0x7f0000000200)={r2, 0xa7, "68e9e0243460a98b99044e9d1a6d6bbdb4aa684adf77d6df5450dd0b4f2f60e9c9655f1aafb8ce83b5d490a2aca30c820368e88d9df8bf49c7ddd7dac68440de2ca29cbb57bfe0c81db30a09a416f39bb406695bf6cba3064b2a9b67fa620903ea075ef6ec4ab3deca5d22cc10d509d7e4e0671f7bbfa2b01851a60666d8ad44ed55dee9822a7e7888c1a0ca7ddcbb0edda6c305ce1e9e8e6d9df7dd8f408b778936be99a8c3d6"}, &(0x7f00000002c0)=0xaf) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x101000, 0x0) ioctl$KDGKBENT(r3, 0x4b46, &(0x7f0000000380)={0x5d4, 0x9, 0x8dc}) r4 = gettid() tgkill(r4, r4, 0xe) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x6) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x20c000, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000080)=@assoc_value={0x0, 0x4}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r5, 0x84, 0x72, &(0x7f0000000100)={r6, 0xfe2a, 0x30}, &(0x7f0000000140)=0xc) [ 825.510447][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 825.516356][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:12 executing program 4: futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:12 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000012b) 03:40:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040), &(0x7f0000000080)=0x4) tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) write$UHID_CREATE2(r1, &(0x7f0000000440)={0xb, 'syz0\x00', 'syz1\x00', 'syz0\x00', 0xe5, 0x1, 0x3, 0x34, 0xfffffffffffffffc, 0x1ff, "eaff5fd1d97751b95ad215e8fa64cadb6d1d44e11bffff8cfa39db5c67da0ef3ba0b2d62a6ab59530804062cd538e5c9bdb19e5d3fd213b731c65bc3432ce70fe6337b058ea6fd39e65048f511a28246dad35acca2253c811edb6371ddcaf70429d08afa9afed79a8a4437bb324aa635f89901230b5fda207801f49a7ab1df2a132b792d8e8909456a216f40adf6b3f993685e9f0f7093b0b6d80b61f1420a453cdfa90cddc58cd6206400990ba4a9f8e3d6e8cd364ca90ab6ad46cdc0380b948ea7d72b141cc32ec1f38ade13664731867d63a63e7b3c1f0d1162ce8375d5af331468dc8e"}, 0x1fd) 03:40:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:12 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x8080aea1, 0x0) 03:40:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:12 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:12 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000131) 03:40:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r1) tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000), 0x0) 03:40:12 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, &(0x7f0000000100)) 03:40:12 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x8090ae81, 0x0) 03:40:13 executing program 4: futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:13 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x8000, 0x0) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000040)={0x13, 0x4, 0x2}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:13 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000013b) 03:40:13 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x8138ae83, 0x0) 03:40:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:13 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000141) 03:40:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$IMGETVERSION(r0, 0x80044942, &(0x7f0000000040)) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:13 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:13 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0x81a0ae8c, 0x0) 03:40:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000000100)) 03:40:13 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:13 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:13 executing program 0: clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x8a3, 0x400000) setsockopt$netrom_NETROM_T1(r0, 0x103, 0x1, &(0x7f0000000040)=0x833d, 0x4) fcntl$getownex(r0, 0x10, &(0x7f0000001680)={0x0, 0x0}) wait4(r1, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) process_vm_writev(r2, &(0x7f0000000100)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000000080)=""/116, 0x74}], 0x2, &(0x7f00000015c0)=[{&(0x7f0000000140)=""/96, 0x60}, {&(0x7f00000001c0)=""/22, 0x16}, {&(0x7f0000000200)=""/79, 0x4f}, {&(0x7f0000001dc0)=""/4096, 0x1000}, {&(0x7f0000000280)=""/103, 0x67}, {&(0x7f0000001440)=""/148, 0x94}, {&(0x7f0000000380)=""/86, 0x56}, {&(0x7f0000000300)=""/31, 0x1f}, {&(0x7f0000001500)=""/178, 0xb2}], 0x9, 0x0) 03:40:13 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000147) 03:40:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:13 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0045520, 0x0) 03:40:13 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:14 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000151) 03:40:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:14 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:14 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 03:40:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_setup(0x800, 0x0) 03:40:14 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:14 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:14 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000157) 03:40:14 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:14 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0045878, 0x0) 03:40:15 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000380)='/dev/vbi#\x00', 0x3, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000500)={0x80000000, 0x6, "ae9d005acb64090782f6e798f372b60e3c5caf7d53022f3c4e5912c456b68363", 0x81, 0x6bb7, 0x5, 0x0, 0x5e, 0x100000001, 0x1ff, 0x1, [0x401, 0x80000000, 0x362, 0x6]}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x361800, 0x0) ioctl$NBD_CLEAR_SOCK(r1, 0xab04) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e21, @remote}}, [0xa026, 0x7, 0x3, 0x0, 0x3f, 0x4, 0x193ae93, 0x8000, 0xff, 0x4, 0x8000, 0x8000, 0x0, 0x7fff, 0xf0]}, &(0x7f00000001c0)=0x100) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e20, 0x380d, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x8}}, 0x800000000, 0x0, 0x0, 0xde}, &(0x7f00000002c0)=0x98) getsockopt$inet_sctp_SCTP_STATUS(r1, 0x84, 0xe, &(0x7f0000000440)={r3, 0x7, 0xa1, 0x0, 0x4, 0x4, 0x56, 0xfffffffffffffff7, {r4, @in={{0x2, 0x4e24, @broadcast}}, 0x40, 0x2, 0x80000000, 0x2, 0xb4b}}, &(0x7f0000000300)=0xb0) move_mount(r1, &(0x7f0000000040)='./file0\x00', r1, &(0x7f0000000080)='./file0\x00', 0x40) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:15 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000167) 03:40:15 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 829.030363][ C0] net_ratelimit: 17 callbacks suppressed [ 829.030372][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 829.030398][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 829.036164][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:15 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc004743e, 0x0) 03:40:15 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:15 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000016d) [ 829.673111][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 829.682888][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 829.700315][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 829.707059][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:16 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc004ae02, 0x0) 03:40:16 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x217fffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) write$input_event(r0, &(0x7f0000000040)={{0x77359400}, 0x14, 0x1000, 0xfb86}, 0x18) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:16 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:16 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000177) 03:40:16 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:16 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 830.150383][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 830.156254][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:16 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:16 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc008240a, 0x0) 03:40:16 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 830.550383][ C0] protocol 88fb is buggy, dev hsr_slave_0 03:40:17 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000017d) 03:40:17 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000280)='/dev/radio#\x00', 0x1, 0x2) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000002c0)) r1 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) r3 = dup(r1) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r3, 0xc0605345, &(0x7f0000000000)={0x58, 0x71aef6d2e0b32d56, {0x1, 0x3, 0x7ff, 0x2, 0x1}}) 03:40:17 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0186419, 0x0) 03:40:17 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000183) 03:40:17 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x217fffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x100) write$input_event(r0, &(0x7f0000000040)={{0x77359400}, 0x14, 0x1000, 0xfb86}, 0x18) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:17 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:17 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) socketpair(0x2, 0x5, 0x5, &(0x7f0000000040)) syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x400, 0x880c0) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x381200, 0x0) pipe2(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000000), 0x0) 03:40:18 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0189436, 0x0) 03:40:18 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000018d) 03:40:18 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:18 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc018ae85, 0x0) 03:40:18 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$PPPIOCGMRU(r0, 0x80047453, &(0x7f0000000080)) r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x26cac060, 0xc000) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x7, 0x4, 0x458, 0x0, 0x0, 0x118, 0x370, 0x370, 0x370, 0x4, &(0x7f0000000040), {[{{@arp={@multicast2, @empty, 0xff, 0xffffffff, @mac=@link_local, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, @empty, {[0x0, 0xff, 0xff, 0xff, 0x0, 0xff]}, 0x7ff, 0x1, 0x1ff, 0x3f, 0x2b, 0xfffffffffffffffe, 'tunl0\x00', 'sit0\x00', {0xff}, {}, 0x0, 0x399}, 0xf0, 0x118}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x1ff, 0x2}}}, {{@arp={@rand_addr=0xd5, @empty, 0x0, 0x0, @empty, {[0xff, 0x0, 0xff, 0xff]}, @mac=@random="15d615c035d2", {[0xff, 0xff, 0x0, 0xff, 0xff]}, 0x585b81de00, 0xfffffffffffffff8, 0x225e5d46, 0x6, 0x7, 0x200000, 'bpq0\x00', 'vcan0\x00', {}, {0xff}, 0x0, 0x1}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @rand_addr=0x8, @remote, 0xf, 0x1}}}, {{@uncond, 0xf0, 0x118}, @unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x1}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4a8) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:18 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000193) 03:40:18 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:18 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:18 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000019d) 03:40:18 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0206434, 0x0) 03:40:19 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:19 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:19 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:19 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) ioctl$SNDRV_CTL_IOCTL_PVERSION(r0, 0x80045500, &(0x7f0000000040)) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:19 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001a3) 03:40:19 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:19 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:19 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:19 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc020660b, 0x0) 03:40:19 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001a9) 03:40:20 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x1000000000000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r1, 0x118, 0x1, &(0x7f0000001600)=0x7, 0x4) tgkill(r0, r0, 0x29) r2 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x1, 0x0, 0x6, 0x40, 0x0, "b4c7b88d813b9baffb95a23aefa295dfcfe7c4395b9c60e503033e4f3974403b57d5dac93863fd831d7f487096e62a0a9c9b0f51a3c291d756bf6dff18e89d", 0x32}, 0x60) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8916, &(0x7f00000000c0)={'tunl0\x00', {0x2, 0x4e21, @empty}}) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2400, 0x0) write$P9_RLINK(r3, &(0x7f0000000080)={0x7, 0x47, 0x2}, 0x7) connect$llc(r3, &(0x7f0000000040)={0x1a, 0x307, 0x80000000, 0x3, 0x4, 0x5, @dev={[], 0x10}}, 0x10) 03:40:20 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) 03:40:20 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0845658, 0x0) 03:40:20 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001b3) 03:40:20 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/null\x00', 0x400, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r1, 0x0, 0x82, &(0x7f0000000200)={'nat\x00'}, &(0x7f0000000280)=0x78) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffff9c, 0x84, 0x1b, &(0x7f0000000440)=ANY=[@ANYRES32=0x0, @ANYBLOB="c1000000877f7817ae86fd4422e05d8e91a2de270f7d41267e8b2e3d4c8819623f2959d37a3ab6d2d32311f5bb6a2a2f8989f32c24f6af407ccfce8cb1b44e47c1c1c35603c6c44cd3c5d156d683c866293e7433f4613b71f091f5b7b6b8d3bcdf682413ea4b326d8b561ec95de1cf8f647f16581e8f4825e994f953ca4638a3e64fe79d22ac410cbd45af40b6ce78576083a75d271899a69125219809a77b992d57906a48e14927db00ab58eb579d5b373ce7b719fcd3a1b707ddc0e95a53f6d261b3b9055dc29a57b080cf97916b23422f788c6c10b6d9867b57dbcbe61160d122540820e5ecaa81df6e45dcb2940eeb20fb126f3f68f82e7c96a553206e57b84b9f810cfe50c7e09de70d090243dec42a4886bc0cc75db0d8369dc00909a48c46060c2e9f07ca887c102e9c4e4096"], &(0x7f0000000140)=0xc9) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r2, 0x84, 0x79, &(0x7f0000000180)={r3, 0xa63, 0x9}, 0x8) 03:40:20 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) [ 834.310380][ C1] net_ratelimit: 21 callbacks suppressed [ 834.310388][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 834.321972][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:20 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:20 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc08c5332, 0x0) 03:40:20 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001b9) 03:40:21 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:21 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:21 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) r2 = openat$cgroup_ro(r0, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) getrandom(&(0x7f0000000080)=""/179, 0xb3, 0x3) getsockopt$inet_sctp_SCTP_EVENTS(r2, 0x84, 0xb, &(0x7f0000000000), 0x0) [ 834.721372][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 834.727912][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:21 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:21 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001c9) 03:40:21 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0a85320, 0x0) 03:40:21 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 834.910257][T23527] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 834.971586][T23527] CPU: 0 PID: 23527 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 834.981137][T23527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 834.981143][T23527] Call Trace: [ 834.981161][T23527] dump_stack+0x172/0x1f0 [ 834.981183][T23527] dump_header+0x10f/0xb6c [ 834.981201][T23527] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 834.981216][T23527] ? ___ratelimit+0x60/0x595 [ 834.981229][T23527] ? do_raw_spin_unlock+0x57/0x270 [ 834.981246][T23527] oom_kill_process.cold+0x10/0x15 [ 834.981263][T23527] out_of_memory+0x79a/0x1280 [ 834.981283][T23527] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 834.981300][T23527] ? oom_killer_disable+0x280/0x280 [ 834.981314][T23527] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 834.981339][T23527] mem_cgroup_out_of_memory+0x1ca/0x230 [ 834.981358][T23527] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 835.056776][T23527] ? do_raw_spin_unlock+0x57/0x270 [ 835.056794][T23527] ? _raw_spin_unlock+0x2d/0x50 [ 835.056813][T23527] try_charge+0xfbe/0x1480 [ 835.071155][T23527] ? __check_heap_object+0x50/0xb3 [ 835.076279][T23527] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 835.081836][T23527] ? percpu_ref_tryget_live+0x111/0x290 [ 835.087396][T23527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.093659][T23527] ? kasan_check_read+0x11/0x20 [ 835.098522][T23527] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 835.104071][T23527] mem_cgroup_try_charge+0x24d/0x5e0 [ 835.109874][T23527] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 835.115512][T23527] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 835.121498][T23527] ? rcu_read_lock_sched_held+0x110/0x130 [ 835.127218][T23527] ? remap_page+0x160/0x160 [ 835.127239][T23527] ? lock_downgrade+0x920/0x920 [ 835.127257][T23527] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.127273][T23527] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 835.149060][T23527] ? alloc_pages_vma+0x142/0x540 [ 835.154009][T23527] do_huge_pmd_wp_page+0x7fc/0x2160 [ 835.159207][T23527] ? ___perf_sw_event+0x393/0x570 [ 835.164239][T23527] ? __split_huge_pmd+0x2c10/0x2c10 [ 835.169468][T23527] ? pmd_val+0x85/0x100 [ 835.173631][T23527] ? add_mm_counter_fast.part.0+0x40/0x40 [ 835.179372][T23527] __handle_mm_fault+0x164c/0x3eb0 [ 835.184490][T23527] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 835.190035][T23527] ? handle_mm_fault+0x292/0xa90 [ 835.194986][T23527] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 835.201226][T23527] ? kasan_check_read+0x11/0x20 [ 835.206086][T23527] handle_mm_fault+0x3b7/0xa90 [ 835.210853][T23527] __do_page_fault+0x5ef/0xda0 [ 835.215621][T23527] do_page_fault+0x71/0x57d [ 835.215638][T23527] ? page_fault+0x8/0x30 [ 835.215654][T23527] page_fault+0x1e/0x30 [ 835.215664][T23527] RIP: 0033:0x400590 [ 835.215680][T23527] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 835.251986][T23527] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 835.251999][T23527] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 835.252007][T23527] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 835.252016][T23527] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 835.252024][T23527] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 835.252031][T23527] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 835.273842][T23527] memory: usage 307200kB, limit 307200kB, failcnt 95 [ 835.275797][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 835.282468][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 835.290411][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 835.298373][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 835.337701][T23527] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 835.345499][T23527] Memory cgroup stats for /syz5: [ 835.346093][T23527] anon 282824704 [ 835.346093][T23527] file 208896 [ 835.346093][T23527] kernel_stack 3538944 [ 835.346093][T23527] slab 11083776 [ 835.346093][T23527] sock 8192 [ 835.346093][T23527] shmem 0 [ 835.346093][T23527] file_mapped 0 [ 835.346093][T23527] file_dirty 0 [ 835.346093][T23527] file_writeback 0 [ 835.346093][T23527] anon_thp 236978176 [ 835.346093][T23527] inactive_anon 4247552 [ 835.346093][T23527] active_anon 245198848 [ 835.346093][T23527] inactive_file 114688 [ 835.346093][T23527] active_file 24576 [ 835.346093][T23527] unevictable 33476608 [ 835.346093][T23527] slab_reclaimable 2973696 [ 835.346093][T23527] slab_unreclaimable 8110080 [ 835.346093][T23527] pgfault 122727 [ 835.346093][T23527] pgmajfault 0 [ 835.346093][T23527] workingset_refault 0 [ 835.346093][T23527] workingset_activate 0 [ 835.346093][T23527] workingset_nodereclaim 0 [ 835.346093][T23527] pgrefill 211 [ 835.346093][T23527] pgscan 194 03:40:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0xfd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r0, &(0x7f0000000000)={0x2008}) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) r2 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x40000, 0x0) ioctl$EVIOCSABS0(r2, 0x401845c0, &(0x7f0000000080)={0x10001, 0x3ff, 0x4, 0x7, 0x3, 0x9b}) 03:40:21 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 835.346093][T23527] pgsteal 124 03:40:22 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:22 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001cf) 03:40:22 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xc0d05605, 0x0) 03:40:22 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 835.890890][T23527] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16124,uid=0 [ 835.910357][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 835.916163][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 836.003969][T23527] Memory cgroup out of memory: Killed process 16124 (syz-executor.5) total-vm:72708kB, anon-rss:18360kB, file-rss:34816kB, shmem-rss:0kB 03:40:22 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:22 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:22 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001d9) 03:40:22 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:22 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2) 03:40:22 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x4000, 0x0) 03:40:23 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3) 03:40:23 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001df) 03:40:23 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:23 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4) 03:40:23 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001e5) 03:40:23 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:24 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001ef) 03:40:24 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x5) 03:40:24 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001f5) 03:40:24 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:24 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6) 03:40:24 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:25 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$video(&(0x7f0000000040)='/dev/video#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r1, 0xc040564b, &(0x7f0000000080)={0xfffffffffffeffff, 0x0, 0x3012, 0xb07e, 0x0, {0x61f83449, 0xe22}}) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80100, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r2) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r3 = gettid() tgkill(r3, r3, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:25 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:25 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400001ff) 03:40:25 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:25 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7) 03:40:25 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:25 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:25 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 839.430389][ C0] net_ratelimit: 17 callbacks suppressed [ 839.430397][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 839.430426][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 839.436134][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:25 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000020f) 03:40:25 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8) 03:40:25 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pwrite64(r0, &(0x7f0000000440)="6a334c5c0ad51d38aad868d488413d8e21c6d1aaf727436a562fe2d15bb02b8fa76787abf1f35ff3c717d01b57a2b98a79925fec84f72ce6342f2a30b9015ffbbe04c1a881d879add18b1cc05410cb4b7433ddeb4411d180b308f8ebeae16395224a30a2375176f3008339de7fa8d40bed4fe038682ca4d9dc2c8cbf07913bb8b85b62235a022d16b688f37fc7d5a4acf83f01a8687e946e2850b56044c073ec0dc2959e44512a8452a5dd6e7ce9bcc091b2d51311b5b492321762b7661965abde577484e58d0c59e00e56ba45764414f85c9399d89df2cbb0474ba52be25c014e72996acee9b0b0ea7e0c830b5997f22a5b15523f0628d2c25d2a9176c47b8a7bff0d123a96fc4135699edf9e55f63b0798b0e3025df68b906224085595408e560263b8b7012a86481a592b5817bdf2ed573fbe49b1fc6997545ed6288641c120f109831a21466d7d38fd80c49f12bfcde058c4f196725c5b3be92e74593e65f82701f5526a41413b8ca18aaa78d98aa1fe6d975175ca47025a188594435c1a981402818ecb986ddace715a29a114ce88c7e883e6b91b1cad0eb8f060c7176afe8d65491c07620d0294243ea44b9998341b00924bf1190ad8e13de821db96ffe3836bc1011d1a89bd6e7695cc06381a7cdc91dea854c8fb200746c11711245b3ba118b942ef29e748d4a454ff1b1c7dde4cc163c1ce6edcdef1be491ab4ad5793dde3a2cd55f975a4a014c8d72f74805a14d0fc90b352d66be31dda4cc8fd6c83c19325ded30760164c33b36e8381ff6eba7289ce103b27c33594489f08119f7bd286900d95f803b85ec1026bc556c0efc5e7c3cdc748c3eb61c4e33798af7df3193d62990fce1c35c410726fb1e8602bcad1f91d96d498711e5efc3bd50780f228aa5f8bb068915ed2766f274eced6acf8018778bab2cc9d05ff2a5b889dd2d24a6f695c5f67eda7c9ce0c002c138c9ddc78a95aee881516fa800e1f07e1bce365bd37e4c2e5198e11bfbc90f5e6834ec3bcd4eda5f6f6b5492d7d2607bff076df00ebe0d66b7e8413870e96bbbe1d9b3c498037d75d5237fd35e8147208294073eb05b4ec53c081bc603a33d6753e0a68f0f45881e72b8c07587be13ddb53d7ce98b58a9d0c32e5c29e635090ddf5c8165a6bc3d09eb7a762f15e95cb84cf71072541727ec026a5d0b99fa136fb3cfb9125c5973568bb61e2f037c6e650d1bffdd72259c9097d2c8a4163392ed3b716a4fc40c08f9a5f7f59cd6507af3f3e628e8289fb471c1db2cb49b614f9c8f4d732e7f410881affe5bca99ef6690feec8b67b1ca8be2730049a85c3ca6e486bb32a0e61ffcebcc32991f742663e920cb49fd2ca149c2fc3a2b8852a87f99282ba51fd0eacae09e774a6975400ed107f9850444aa08513d1c527a4571f3bd648b75e63e6a5fcf3188c3c04e8d6ae26bcaa0185668899e45fe65b3cda34ae0a3d44410636f7cef72ba2bea48116c9d559c2762af212720aa59a039d24811a57582f68ad410a52992c3a2b83b57475ec1896e0cf9d5becb7e78b4bb6f17ab149631c326ae60fe15a9f176419d3544e8e8e19de34f21b90ab0d5c75aac7673b67aae58ffa68d5aba075614a648e2b369a5679a9c9db13c7efb1abb30d3be988aeadf9d5185099366fe0524713e8be269844c75ec2f489098bd25da7bf15644c29ffb3af7949e3f0811392c97ebd5b7aec3c84f18da770ceebf188390367f44f9ebdd68699ef61e934a0e100b4c0008e7984aa65b088bf144067baea16bea3cec3bc7799d8bc055252b0d7c452ffe0bc0da99227c7bf450de99be25b490415e93ac39922aae05510affb5a666a5ce2156aeda20178eaf8dce7853d617b3476fd4d241c7e4a17970869c0efc880c42c400ace3730548d1875d11d40c1391a7132928855e0610775b83eeee5c134ca6383da89d607381fd263a2dc5b779e4daaca8d98f70ad38c7303bc3815b4f08c05428e3e797e458406e2dd853700adb51f092c636cd4158cabb27e96139d11a2076e5720b51e168acf5a5d15b00ce7b41fba6294d5ec245a2af2c4ecb54edf86fcb41ee8fc8bd1d213ed6eae9dd32cb8eb2f3202e081314e360b2e6b4b559f0a16338e014b590f94377d06e76b2bb7c9b9c88351b69259c010da14262464890c27b3bd8b72f2b5807b2d83564b5c881c6e2927c1d3a088c78d01d1122cda9daf43a7f6ee636cedbf7c84d452b3df91f1557497253e9f10259902c45b2cd4b67b21877ce57561c9ea9daada2ee7931fa0ff0388c22c9a16fa8a0b8e5d5a44a90fc897ef3c89db47e9a15a18254a219b69786ec01fcadc3e2fedc98f449bfff8b51680244f0e21fce5ff7ea8563bb2d972a75d9bbea726bf4fd79f0e17b1bbb5212a0c22c3443c717079639a0ae2c98e8c5450d174522005266b2af97579cadf3c03ad497c7209de3fead5002162601647c1635f0478f6f4a67eb362cff9026158ee8686ababaa5c451526bcd91e58918993c5e188d663aaa9cba65e592e7f1476ef520d4aaf7986e3ca9cac72cde379ed5950b2713bec3c9971fd401520ca1ae4975a66acb36147f99679f3594c304191ffe264cd74fc5b4ea8b125b652689f917fcef9428aef28cf3ad9697e4643935a4ae543f37e4d1ecf3def5bb2f33a93005c0dac1ae9f45a5c0874a770b9a349bff9035b885e34bc9cf95055728cb47e7e7ee35c632143c7370bd54fcda616346fb264a440ce593994ee683e981ebc7605b2b12bd2eefcb4d7c5a8bd4fd9ebd52754bd9477a4a543e729b7527fcc1794f20f2fd9a87b8b40d8890d0755ed181789069046408645965142a60d15d552ed1b8950a1d982bd7bfb885b399ad0a6b780611be9f37fc03708f894bdcf7730fb98f7eae597a6ecee7a0328bb0e651533333052e6e236d4d3b0d68f8962c0ad6975a17838aefd0cbf4f86dfabdee94c820514c95c472ee5af7e04c4e43eafeb3a58c58de3b026849092ccae9891e10a31595a0220afd4e4b039a94eff8ee3cf50ba0d0771b6e634ce99fcc046a70f7b57012984ce80bb71bce85dd986d34a56538d66eff2bef54cf33821cda308521da5d3f216089b0331686039d0317ca25c9155f72e4919a29843d63ec997262c3e5c75093b74586d04f63ee35306179483fb9ebf43fa1e53eb8ee54142dd9ca168800d60d04ea485baba2ea21952a255e6cd2e092ae05562832b96cfebfd48c7aec49478240e4900410d529a9773ea5586c8e28c84de2d2ff031b16c929fa09906bc4fe8c95f38b8ac135aa4fd9d34d9455137e179ce59ec1413be86d6b0ebc2d6f42bd8017cb1a5f1b33d03e9afa5e14aa5718b9a7408f28b2ac5a5c09e02974174ce1da715b914d02d5b392a08c610f58020ac674dd0295ac77ad656c1cd725cbda90bbf78aca322cd40973dd666712960ee5c903182e1026b53615133d3048be8526fcbbd67ba519a9be94783f570f2af25a1eb58928a2b00a23aa24e78bf35b6db3a3b21c867c16780c69a7b8a60bf3fb883b5565d4cc760ffb28ac3bfbade42f4a11acc59530f88883696b569511fe6fff0bc346fe74cf1c604f2e6f8b889557f92ae6bafae9c1719fe0e831b043eb47746a3f7fd45b419d3fa58e74dd62aad1da021fb82d373d85a68be126cb72df8cc7fc272dac3f8849d68ab528a4cf0ce58c728ba559f8366566493eb853eaff17d7b7adaff6e20ec3c993c837f4b98cb068c758df3c92993235a6290163292da6cb8023fbca6034a3084f4396edc4429b072934a83a4fc0b9d095fb8817adbd25e22436e75b96272531f431cbfb3f42e74b7b9d75f6791816f184590e3bf3fe3aedf527be3eb4be3664a82d865ffa24b0928c29b2d773a65aaf13931324710f0c4e3acf108fc365a64410c418a06b7c1683d523511cf09b0bed8395e0d160e6ba9e494d9c1a54648a955d99f0787f6f2d915f85737a150ad2a96356e89544ade4daddbc80e48f27256e39635af5a60b4bdb3bafb65013cf3fc26016f7bd0d1c86d609a404f6e6159199c465bb4d4383b589dcd67f7957e2727b6ba4da7701a1ed883a87d1dd8ca19364161dcb334024369a28ac4da417c7287d40d27d805147b588a6ba3bde4fada00b5fa02291cefe1c336183af768b95def2d222812b32e7b0b2a41ed3798b7ba9173b94a7a576e07aa609ef513676ca0753dcfe8fd0a5865b90e2cc1c9ea9156262fb7472724330d0056f40c90b418a71c915349e95b80c2f8717592c5883eb43b01b207a38e04bafb835c58952ac976f1a21773b3b366a61df96ed417143a5d11100c0d6299ff60db74a1fb94123fe232f1d9cf10f9361c94c46e8be263a1f2e8cde5ae2ebe0b261988cfa330cfb07339f05e20956f991937730a18482d623ca686eac02a5a13c56a882df3935ef6e98fb051afacd4bb372b15d13d4e4486442b199db20630c699b087ef572cb9f0e41844c57de1f1e97a890d9a870a8f5a4f6de0bb5afe03b3311c7a86ee7631bc5543bec866ba5714bc6085a8f2fdf0ed56c59b80ad750282874333e4968cbbff0e1f255f3f882a49ec83253a9d643354a83ab2c04e3396d65ff22f9c1f8bf37eb5b089c0cd7ab9fea0c60395b1b393fe492b11cac1252e8430358cbcf936c193dcbe9ab933817f6063dc3ff2d211f89d1d9634bed726a7e1da5ed7d0ce3ba895aa7556a0efcca17dad3f2ef084e6dff6a62cb4ca3fceb245404457609b021cc84ce422fe17f53eaed009c579d7a0662a14b54532e8274d30025789a81be752dd2114e0e4f8d738c5bcaafe61ef98d9a6a03f68505936a3c7944d246d08de9ef2b0db61872607500f14478c50fe9f1f2c46c7ae7a75d842a5a62e4309ff89478257766e50372bcfcc2092b7bad55dd88ad6f289197d3bf3926c5a2eec9f877c18140d80e8281e8f215b0bebb1026f57d4364f810112738b6db38f0dea15dfe0a6db7c47da985448122eea5ed25a0486ce7f6baa8be9e96a9bc1d7de3d8d196df0ee764e39dc7454a98f5b7679f392ee7c254f77e5348bef860bc47a3405397e99135a651dbce17e0d9be98a999ab9cdffbcd92c9ec71300af7e04343a8039fe87133780fdb39a4f743db1bae9252341d1044d9629a1a6faf8aa54651e0f026add1cb7cdb8e69c8df44efbc55dc03022afee3121ed4791d699a0304bf9f502d8bcd892193760526dbf5c59bbb04f6c8091da7dc00fb6e51376299c173080cd4f93653726cf0fe4715bdd1a385c512cec8329dd602f7a913e9536a8c0aa4d3453c219874439c651f62abe822b6c3be40ec0432dab32ef58e429d1e2fa43debb5f3bec7b15ffe2035d06f7c02995f4a4393013bb38a2d89c077a2ea8704c488bc1dc113d33114641fd26fc477fd13b7d07c4b689f7fbafdff6dbedc33f0d05ae92fc9c4aafb76e5ed5db0931fe1898398e26d3c61bb45152b7deffca85aa248d3882b0459af9188112a1758199e6ee133748b325014123e21f7faac96db420e7b61d8f9f07caaa20065ed5e946382f079f88745176a4de8e7d685226cc949969c6cc2545d210b9e80f83d9cf21d0e0d5f97ee98c5c59061297ad04b3b956b26b34cd75fc7cd805f494e37fef16efd0e7f86448aa6a0ff65d1573b266c35443a4090e9809c25806b357fb3f3509af4327daf40282d79d7069188a77e2ef344adad6be9ca4b5d13a3f68f8705d32f9e3fde8a6039bf58ad725a904343bc9291e3b2790a6820b6fcea868280ce56346a9211697ce9b57b04c39d36a802b341f59b7951bd136721f193e0051e6d974427d5d", 0x1000, 0x0) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:26 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000210) 03:40:26 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x11) 03:40:26 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 840.070370][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 840.076255][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 840.082159][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 840.087940][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:26 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) rt_tgsigqueueinfo(0x0, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:26 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000021f) 03:40:26 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 840.550357][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 840.556183][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:27 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) r1 = socket$l2tp(0x18, 0x1, 0x1) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x40, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x3) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:27 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1a0) 03:40:27 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 840.784928][T24418] syz-executor.5 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=0 03:40:27 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 840.870527][T24418] CPU: 1 PID: 24418 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 840.879688][T24418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 840.889750][T24418] Call Trace: [ 840.893057][T24418] dump_stack+0x172/0x1f0 [ 840.897405][T24418] dump_header+0x10f/0xb6c [ 840.901835][T24418] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 840.907663][T24418] ? ___ratelimit+0x60/0x595 [ 840.912265][T24418] ? do_raw_spin_unlock+0x57/0x270 [ 840.917397][T24418] oom_kill_process.cold+0x10/0x15 [ 840.922525][T24418] out_of_memory+0x79a/0x1280 [ 840.927217][T24418] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 840.933045][T24418] ? oom_killer_disable+0x280/0x280 [ 840.938231][T24418] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 840.944036][T24418] mem_cgroup_out_of_memory+0x1ca/0x230 [ 840.949565][T24418] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 840.955188][T24418] ? do_raw_spin_unlock+0x57/0x270 [ 840.960309][T24418] ? _raw_spin_unlock+0x2d/0x50 [ 840.965144][T24418] try_charge+0xfbe/0x1480 [ 840.969564][T24418] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 840.975089][T24418] ? find_held_lock+0x35/0x130 [ 840.979836][T24418] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 840.985369][T24418] ? kasan_check_read+0x11/0x20 [ 840.990203][T24418] ? lock_downgrade+0x920/0x920 [ 840.995036][T24418] ? percpu_ref_tryget_live+0x111/0x290 [ 841.000568][T24418] __memcg_kmem_charge_memcg+0x7c/0x130 [ 841.006092][T24418] ? memcg_kmem_put_cache+0xb0/0xb0 [ 841.011276][T24418] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 841.016805][T24418] __memcg_kmem_charge+0x136/0x300 [ 841.021900][T24418] __alloc_pages_nodemask+0x4bd/0x8d0 [ 841.027257][T24418] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 841.033566][T24418] ? __alloc_pages_slowpath+0x2900/0x2900 [ 841.039269][T24418] ? copy_process.part.0+0x42d2/0x6720 [ 841.044710][T24418] ? lockdep_hardirqs_on+0x418/0x5d0 [ 841.049975][T24418] ? trace_hardirqs_on+0x67/0x220 [ 841.054978][T24418] ? kasan_check_read+0x11/0x20 [ 841.059815][T24418] copy_process.part.0+0x483/0x6720 [ 841.064993][T24418] ? __might_fault+0x12b/0x1e0 [ 841.069737][T24418] ? find_held_lock+0x35/0x130 [ 841.074507][T24418] ? pidfd_create+0x80/0x80 [ 841.079002][T24418] _do_fork+0x25d/0xfe0 [ 841.083157][T24418] ? copy_init_mm+0x20/0x20 [ 841.087649][T24418] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 841.093087][T24418] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 841.098530][T24418] ? do_syscall_64+0x26/0x680 [ 841.103190][T24418] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.109236][T24418] ? do_syscall_64+0x26/0x680 [ 841.113899][T24418] __x64_sys_clone+0xbf/0x150 [ 841.118558][T24418] do_syscall_64+0xfd/0x680 [ 841.123046][T24418] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 841.128917][T24418] RIP: 0033:0x459279 [ 841.132809][T24418] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 841.154380][T24418] RSP: 002b:00007f13478b3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 841.162772][T24418] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459279 03:40:27 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000225) [ 841.170723][T24418] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000100 [ 841.178676][T24418] RBP: 000000000075bfc0 R08: ffffffffffffffff R09: 0000000000000000 [ 841.186639][T24418] R10: 0000000020000000 R11: 0000000000000246 R12: 00007f13478b46d4 [ 841.194592][T24418] R13: 00000000004bf6c2 R14: 00000000004d0d98 R15: 00000000ffffffff [ 841.204929][T24418] memory: usage 307176kB, limit 307200kB, failcnt 127 [ 841.211982][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 841.266113][T24418] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 841.332963][T24418] Memory cgroup stats for /syz5: [ 841.337829][T24418] anon 281489408 [ 841.337829][T24418] file 208896 [ 841.337829][T24418] kernel_stack 3801088 [ 841.337829][T24418] slab 11083776 [ 841.337829][T24418] sock 8192 [ 841.337829][T24418] shmem 0 [ 841.337829][T24418] file_mapped 0 [ 841.337829][T24418] file_dirty 0 [ 841.337829][T24418] file_writeback 0 [ 841.337829][T24418] anon_thp 226492416 [ 841.337829][T24418] inactive_anon 2236416 [ 841.337829][T24418] active_anon 262787072 [ 841.337829][T24418] inactive_file 114688 [ 841.337829][T24418] active_file 24576 [ 841.337829][T24418] unevictable 16699392 [ 841.337829][T24418] slab_reclaimable 2973696 [ 841.337829][T24418] slab_unreclaimable 8110080 [ 841.337829][T24418] pgfault 123420 [ 841.337829][T24418] pgmajfault 0 [ 841.337829][T24418] workingset_refault 0 [ 841.337829][T24418] workingset_activate 0 [ 841.337829][T24418] workingset_nodereclaim 0 [ 841.337829][T24418] pgrefill 446 [ 841.337829][T24418] pgscan 467 [ 841.337829][T24418] pgsteal 124 [ 841.469630][T24418] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16206,uid=0 03:40:27 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 841.532723][T24418] Memory cgroup out of memory: Killed process 16206 (syz-executor.5) total-vm:72708kB, anon-rss:18360kB, file-rss:34816kB, shmem-rss:0kB 03:40:28 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x800000000000000) r0 = gettid() tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:28 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000235) 03:40:28 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x300) 03:40:28 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000236) 03:40:28 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:28 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3e8) 03:40:28 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x800004ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r0 = syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x200, 0x0) openat(r1, &(0x7f0000000040)='./file0\x00', 0x204000, 0x2) r2 = gettid() tgkill(r2, r2, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) ioctl$VIDIOC_DBG_G_REGISTER(r0, 0xc0385650, &(0x7f0000000080)={{0x4, @addr=0x8f}, 0x8, 0x4, 0x255}) 03:40:29 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000024b) 03:40:29 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x500) 03:40:29 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:29 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000024c) 03:40:29 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x600) 03:40:29 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() socket$alg(0x26, 0x5, 0x0) tgkill(r0, r0, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:30 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000025b) 03:40:30 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x700) 03:40:30 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB]) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:30 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000261) 03:40:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x2, 0x1ff}) ioctl$DRM_IOCTL_AGP_UNBIND(r1, 0x40106437, &(0x7f0000000080)={r2, 0x3f}) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x80, 0x420000) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:31 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1100) 03:40:31 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noext']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 844.710364][ C1] net_ratelimit: 20 callbacks suppressed [ 844.710372][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 844.721961][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:31 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r0 = gettid() tgkill(r0, r0, 0xe) r1 = socket(0xb, 0x800, 0x0) r2 = accept4$inet(r1, &(0x7f0000000000)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x10, 0x0) getsockopt$sock_buf(r2, 0x1, 0x1f, &(0x7f0000000080)=""/17, &(0x7f00000000c0)=0x11) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:31 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000) 03:40:31 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noext']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000271) 03:40:31 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000272) 03:40:31 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noext']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 845.351996][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 845.359114][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:31 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000040)={0x0, @in6={{0xa, 0x4e23, 0x3, @remote, 0x4}}, 0xffffffffffffffff, 0x8001, 0x7, 0x9}, &(0x7f0000000100)=0x98) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000000140)={0x1, 0x8000, 0x4, 0x4, r2}, 0x10) r3 = gettid() tgkill(r3, r3, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:31 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:31 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80ae) [ 845.670353][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 845.670387][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 845.676161][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:32 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000281) 03:40:32 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000008, 0x0) fadvise64(r0, 0x0, 0x3, 0x7) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000001d80)='/proc/thread-self/attr/current\x00', 0x2, 0x0) syz_open_dev$video4linux(&(0x7f0000000400)='/dev/v4l-subdev#\x00', 0x0, 0x0) r1 = gettid() tgkill(r1, r1, 0xe) getsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000340), 0x0) 03:40:32 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xae80) 03:40:32 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 2: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="08e1b4055e0bcfe87b0071") r1 = openat$md(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/md0\x00', 0x403f, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) ioctl$LOOP_CHANGE_FD(r2, 0x4c00, r1) 03:40:32 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000287) [ 846.310402][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 846.316233][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 846.322123][ C1] protocol 88fb is buggy, dev hsr_slave_0 03:40:32 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:32 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xe803) 03:40:32 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000297) 03:40:33 executing program 0: 03:40:33 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xff00) 03:40:33 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 0: 03:40:33 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 847.161702][T25650] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 847.207226][T25650] CPU: 0 PID: 25650 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 847.216383][T25650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 847.226442][T25650] Call Trace: [ 847.229748][T25650] dump_stack+0x172/0x1f0 [ 847.234098][T25650] dump_header+0x10f/0xb6c [ 847.238532][T25650] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 847.244351][T25650] ? ___ratelimit+0x60/0x595 [ 847.249329][T25650] ? do_raw_spin_unlock+0x57/0x270 [ 847.254458][T25650] oom_kill_process.cold+0x10/0x15 [ 847.259579][T25650] out_of_memory+0x79a/0x1280 [ 847.264277][T25650] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 847.270101][T25650] ? oom_killer_disable+0x280/0x280 [ 847.275315][T25650] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 847.281148][T25650] mem_cgroup_out_of_memory+0x1ca/0x230 [ 847.286706][T25650] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 847.292332][T25650] ? do_raw_spin_unlock+0x57/0x270 [ 847.297429][T25650] ? _raw_spin_unlock+0x2d/0x50 [ 847.302270][T25650] try_charge+0xfbe/0x1480 [ 847.306692][T25650] ? __check_heap_object+0x50/0xb3 [ 847.311805][T25650] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 847.317330][T25650] ? percpu_ref_tryget_live+0x111/0x290 [ 847.322859][T25650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.329344][T25650] ? kasan_check_read+0x11/0x20 [ 847.334181][T25650] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 847.339708][T25650] mem_cgroup_try_charge+0x24d/0x5e0 [ 847.344979][T25650] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 847.350941][T25650] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 847.356904][T25650] ? rcu_read_lock_sched_held+0x110/0x130 [ 847.362609][T25650] ? remap_page+0x160/0x160 [ 847.367095][T25650] ? lock_downgrade+0x920/0x920 [ 847.371928][T25650] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 847.378150][T25650] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 847.384391][T25650] ? alloc_pages_vma+0x142/0x540 [ 847.389329][T25650] do_huge_pmd_wp_page+0x7fc/0x2160 [ 847.394509][T25650] ? ___perf_sw_event+0x393/0x570 [ 847.399518][T25650] ? __split_huge_pmd+0x2c10/0x2c10 [ 847.404703][T25650] ? pmd_val+0x85/0x100 [ 847.408842][T25650] ? add_mm_counter_fast.part.0+0x40/0x40 [ 847.414562][T25650] __handle_mm_fault+0x164c/0x3eb0 [ 847.419659][T25650] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 847.425185][T25650] ? handle_mm_fault+0x292/0xa90 [ 847.430110][T25650] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 847.436331][T25650] ? kasan_check_read+0x11/0x20 [ 847.441166][T25650] handle_mm_fault+0x3b7/0xa90 [ 847.445927][T25650] __do_page_fault+0x5ef/0xda0 [ 847.450691][T25650] do_page_fault+0x71/0x57d [ 847.455176][T25650] ? page_fault+0x8/0x30 [ 847.459402][T25650] page_fault+0x1e/0x30 [ 847.463542][T25650] RIP: 0033:0x400590 [ 847.467418][T25650] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 847.487185][T25650] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 847.493230][T25650] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 03:40:33 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000298) [ 847.501186][T25650] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 847.509136][T25650] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 847.517091][T25650] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 847.525042][T25650] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:33 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:33 executing program 0: 03:40:34 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 847.614112][T25650] memory: usage 307200kB, limit 307200kB, failcnt 143 [ 847.698508][T25650] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 847.740423][T25650] Memory cgroup stats for /syz5: [ 847.740528][T25650] anon 278188032 [ 847.740528][T25650] file 208896 [ 847.740528][T25650] kernel_stack 3997696 [ 847.740528][T25650] slab 11083776 [ 847.740528][T25650] sock 8192 [ 847.740528][T25650] shmem 0 [ 847.740528][T25650] file_mapped 0 [ 847.740528][T25650] file_dirty 0 [ 847.740528][T25650] file_writeback 0 [ 847.740528][T25650] anon_thp 213909504 [ 847.740528][T25650] inactive_anon 262144 [ 847.740528][T25650] active_anon 278208512 [ 847.740528][T25650] inactive_file 114688 [ 847.740528][T25650] active_file 24576 [ 847.740528][T25650] unevictable 0 [ 847.740528][T25650] slab_reclaimable 2973696 [ 847.740528][T25650] slab_unreclaimable 8110080 [ 847.740528][T25650] pgfault 124212 [ 847.740528][T25650] pgmajfault 0 [ 847.740528][T25650] workingset_refault 0 [ 847.740528][T25650] workingset_activate 0 [ 847.740528][T25650] workingset_nodereclaim 0 [ 847.740528][T25650] pgrefill 553 [ 847.740528][T25650] pgscan 536 [ 847.740528][T25650] pgsteal 124 03:40:34 executing program 2: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 0: 03:40:34 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x20040) [ 847.990158][T25650] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16089,uid=0 [ 848.008501][T25650] Memory cgroup out of memory: Killed process 16089 (syz-executor.5) total-vm:73104kB, anon-rss:6348kB, file-rss:34816kB, shmem-rss:0kB 03:40:34 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 0: 03:40:34 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002ad) 03:40:34 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xfee00) 03:40:34 executing program 0: 03:40:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noexten']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:34 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002ae) 03:40:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:35 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noexten']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x70e158) 03:40:35 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002bd) 03:40:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:35 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noexten']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:35 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x738008) [ 849.236226][T25859] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 849.313964][T25859] CPU: 0 PID: 25859 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 849.323123][T25859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 849.333188][T25859] Call Trace: [ 849.336495][T25859] dump_stack+0x172/0x1f0 [ 849.340846][T25859] dump_header+0x10f/0xb6c [ 849.345277][T25859] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 849.351104][T25859] ? ___ratelimit+0x60/0x595 [ 849.355706][T25859] ? do_raw_spin_unlock+0x57/0x270 [ 849.360842][T25859] oom_kill_process.cold+0x10/0x15 [ 849.365971][T25859] out_of_memory+0x79a/0x1280 [ 849.370673][T25859] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 849.376492][T25859] ? oom_killer_disable+0x280/0x280 [ 849.376510][T25859] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 849.376532][T25859] mem_cgroup_out_of_memory+0x1ca/0x230 [ 849.393048][T25859] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 849.393072][T25859] ? do_raw_spin_unlock+0x57/0x270 [ 849.393093][T25859] ? _raw_spin_unlock+0x2d/0x50 [ 849.393110][T25859] try_charge+0xfbe/0x1480 03:40:35 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 849.393127][T25859] ? __check_heap_object+0x50/0xb3 [ 849.393148][T25859] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 849.423855][T25859] ? percpu_ref_tryget_live+0x111/0x290 [ 849.429418][T25859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.435669][T25859] ? kasan_check_read+0x11/0x20 [ 849.440527][T25859] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 849.446094][T25859] mem_cgroup_try_charge+0x24d/0x5e0 [ 849.451398][T25859] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 849.457032][T25859] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 849.463015][T25859] ? rcu_read_lock_sched_held+0x110/0x130 [ 849.468747][T25859] ? remap_page+0x160/0x160 [ 849.473265][T25859] ? lock_downgrade+0x920/0x920 [ 849.478125][T25859] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 849.478139][T25859] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 849.478161][T25859] ? alloc_pages_vma+0x142/0x540 [ 849.490607][T25859] do_huge_pmd_wp_page+0x7fc/0x2160 [ 849.490623][T25859] ? ___perf_sw_event+0x393/0x570 [ 849.490641][T25859] ? __split_huge_pmd+0x2c10/0x2c10 [ 849.490663][T25859] ? pmd_val+0x85/0x100 [ 849.490675][T25859] ? add_mm_counter_fast.part.0+0x40/0x40 [ 849.490697][T25859] __handle_mm_fault+0x164c/0x3eb0 [ 849.490717][T25859] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 849.490730][T25859] ? handle_mm_fault+0x292/0xa90 [ 849.490755][T25859] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 849.526050][T25859] ? kasan_check_read+0x11/0x20 [ 849.547735][T25859] handle_mm_fault+0x3b7/0xa90 [ 849.547758][T25859] __do_page_fault+0x5ef/0xda0 [ 849.547780][T25859] do_page_fault+0x71/0x57d 03:40:35 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 849.547794][T25859] ? page_fault+0x8/0x30 [ 849.547807][T25859] page_fault+0x1e/0x30 [ 849.547817][T25859] RIP: 0033:0x400590 [ 849.547831][T25859] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 849.547839][T25859] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 849.547849][T25859] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 849.547856][T25859] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 849.547863][T25859] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 849.547869][T25859] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 849.547881][T25859] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:36 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 849.690432][T25859] memory: usage 307200kB, limit 307200kB, failcnt 158 [ 849.708490][T25859] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 849.756812][T25859] Memory cgroup stats for /syz5: [ 849.756926][T25859] anon 278327296 [ 849.756926][T25859] file 208896 [ 849.756926][T25859] kernel_stack 4063232 [ 849.756926][T25859] slab 11218944 [ 849.756926][T25859] sock 8192 [ 849.756926][T25859] shmem 0 [ 849.756926][T25859] file_mapped 0 [ 849.756926][T25859] file_dirty 0 [ 849.756926][T25859] file_writeback 0 [ 849.756926][T25859] anon_thp 207618048 [ 849.756926][T25859] inactive_anon 262144 [ 849.756926][T25859] active_anon 278302720 [ 849.756926][T25859] inactive_file 114688 [ 849.756926][T25859] active_file 24576 [ 849.756926][T25859] unevictable 0 [ 849.756926][T25859] slab_reclaimable 2973696 [ 849.756926][T25859] slab_unreclaimable 8245248 [ 849.756926][T25859] pgfault 124410 [ 849.756926][T25859] pgmajfault 0 [ 849.756926][T25859] workingset_refault 0 [ 849.756926][T25859] workingset_activate 0 [ 849.756926][T25859] workingset_nodereclaim 0 [ 849.756926][T25859] pgrefill 696 [ 849.756926][T25859] pgscan 691 [ 849.756926][T25859] pgsteal 124 [ 849.851229][ C0] net_ratelimit: 17 callbacks suppressed 03:40:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:36 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002c3) [ 849.851235][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 849.851291][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 849.857572][T25859] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=16063,uid=0 [ 849.910390][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 849.916239][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 850.130187][T25859] Memory cgroup out of memory: Killed process 16063 (syz-executor.5) total-vm:72840kB, anon-rss:6332kB, file-rss:34816kB, shmem-rss:0kB 03:40:36 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:36 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8000a0) 03:40:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:36 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000600)=ANY=[@ANYBLOB="2a0000002901000000000000000000000000000000000000007e25cc90d78a27fe07002e6f66696c6530ac4f4ca927347482f0ace44e9ad67be1d466fce37f8bc603353610afce743204a957f9cac53b0a2ed60e57ecf7d1a3f287f1bbe56efe37046c882918c2f3857c98e383b7dd853f714b7b7ae6e5e29222e10f296c9beedf74e5ee0cdcd20600e314205c61a40dfa646510d072feb37b3c304d85a2fc84c69295f3c6669f71e0a558a3146da922616932fb0d00ac5707af5f2b4fd46d8c3904d146586216fa0374ecbbdf103fa7cb7195ec3be622d0"], 0xd8) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:36 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002d3) 03:40:36 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:36 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 850.470375][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 850.476265][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 850.482176][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 850.487965][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:36 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x80ffff) 03:40:37 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002d4) 03:40:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 850.960393][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 850.966233][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:37 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:37 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002e8) 03:40:37 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0xee0f00) 03:40:37 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:37 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002e9) 03:40:37 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:37 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:37 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x1000000) 03:40:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:38 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:38 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:38 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002f9) 03:40:38 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:38 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2000000) [ 851.967668][T26019] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 851.990887][T26019] CPU: 0 PID: 26019 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 852.000033][T26019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 852.010094][T26019] Call Trace: [ 852.013402][T26019] dump_stack+0x172/0x1f0 [ 852.017741][T26019] dump_header+0x10f/0xb6c [ 852.022157][T26019] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 852.022173][T26019] ? ___ratelimit+0x60/0x595 [ 852.022188][T26019] ? do_raw_spin_unlock+0x57/0x270 [ 852.022206][T26019] oom_kill_process.cold+0x10/0x15 [ 852.042789][T26019] out_of_memory+0x79a/0x1280 [ 852.047491][T26019] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 852.053318][T26019] ? oom_killer_disable+0x280/0x280 [ 852.058526][T26019] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 852.064353][T26019] mem_cgroup_out_of_memory+0x1ca/0x230 [ 852.069915][T26019] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 852.075641][T26019] ? do_raw_spin_unlock+0x57/0x270 [ 852.075660][T26019] ? _raw_spin_unlock+0x2d/0x50 [ 852.075682][T26019] try_charge+0xfbe/0x1480 [ 852.090068][T26019] ? __check_heap_object+0x50/0xb3 [ 852.095365][T26019] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 852.100913][T26019] ? percpu_ref_tryget_live+0x111/0x290 [ 852.100932][T26019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.100949][T26019] ? kasan_check_read+0x11/0x20 [ 852.100967][T26019] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 852.100983][T26019] mem_cgroup_try_charge+0x24d/0x5e0 [ 852.101001][T26019] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 852.135235][T26019] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 852.135254][T26019] ? rcu_read_lock_sched_held+0x110/0x130 [ 852.135273][T26019] ? remap_page+0x160/0x160 [ 852.151448][T26019] ? lock_downgrade+0x920/0x920 [ 852.156312][T26019] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:40:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 852.162560][T26019] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 852.168811][T26019] ? alloc_pages_vma+0x142/0x540 [ 852.173773][T26019] do_huge_pmd_wp_page+0x7fc/0x2160 [ 852.178976][T26019] ? ___perf_sw_event+0x393/0x570 [ 852.184016][T26019] ? __split_huge_pmd+0x2c10/0x2c10 [ 852.189227][T26019] ? pmd_val+0x85/0x100 [ 852.193394][T26019] ? add_mm_counter_fast.part.0+0x40/0x40 [ 852.199128][T26019] __handle_mm_fault+0x164c/0x3eb0 [ 852.204255][T26019] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 852.209806][T26019] ? handle_mm_fault+0x292/0xa90 [ 852.214773][T26019] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 852.221025][T26019] ? kasan_check_read+0x11/0x20 [ 852.225889][T26019] handle_mm_fault+0x3b7/0xa90 [ 852.230660][T26019] __do_page_fault+0x5ef/0xda0 [ 852.235426][T26019] do_page_fault+0x71/0x57d [ 852.239918][T26019] ? page_fault+0x8/0x30 [ 852.244148][T26019] page_fault+0x1e/0x30 [ 852.248285][T26019] RIP: 0033:0x400590 03:40:38 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 852.252163][T26019] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 852.273249][T26019] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 852.279313][T26019] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 852.287267][T26019] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 852.295221][T26019] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 852.303173][T26019] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 852.311136][T26019] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:38 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:38 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3000000) [ 852.526954][T26019] memory: usage 307200kB, limit 307200kB, failcnt 167 [ 852.535617][T26019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 852.548851][T26019] Memory cgroup stats for /syz5: [ 852.548970][T26019] anon 278425600 [ 852.548970][T26019] file 208896 [ 852.548970][T26019] kernel_stack 4128768 [ 852.548970][T26019] slab 11218944 [ 852.548970][T26019] sock 8192 [ 852.548970][T26019] shmem 0 [ 852.548970][T26019] file_mapped 0 [ 852.548970][T26019] file_dirty 0 [ 852.548970][T26019] file_writeback 0 [ 852.548970][T26019] anon_thp 201326592 [ 852.548970][T26019] inactive_anon 262144 [ 852.548970][T26019] active_anon 278507520 [ 852.548970][T26019] inactive_file 114688 [ 852.548970][T26019] active_file 24576 [ 852.548970][T26019] unevictable 0 [ 852.548970][T26019] slab_reclaimable 2973696 [ 852.548970][T26019] slab_unreclaimable 8245248 [ 852.548970][T26019] pgfault 124674 [ 852.548970][T26019] pgmajfault 0 [ 852.548970][T26019] workingset_refault 0 03:40:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 852.548970][T26019] workingset_activate 0 [ 852.548970][T26019] workingset_nodereclaim 0 [ 852.548970][T26019] pgrefill 862 [ 852.548970][T26019] pgscan 845 [ 852.548970][T26019] pgsteal 124 [ 852.651967][T26019] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=23608,uid=0 03:40:39 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 852.776934][T26019] Memory cgroup out of memory: Killed process 23608 (syz-executor.5) total-vm:72708kB, anon-rss:2212kB, file-rss:35816kB, shmem-rss:0kB 03:40:39 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400002fc) [ 852.986040][ T1046] oom_reaper: reaped process 23608 (syz-executor.5), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB 03:40:39 executing program 5: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:39 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3030040) 03:40:39 executing program 0: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:39 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000303) [ 853.319281][T26084] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 853.340526][T26084] CPU: 0 PID: 26084 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 853.349680][T26084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 853.359756][T26084] Call Trace: [ 853.363060][T26084] dump_stack+0x172/0x1f0 [ 853.367414][T26084] dump_header+0x10f/0xb6c [ 853.371837][T26084] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 853.377656][T26084] ? ___ratelimit+0x60/0x595 [ 853.382257][T26084] ? do_raw_spin_unlock+0x57/0x270 [ 853.387395][T26084] oom_kill_process.cold+0x10/0x15 [ 853.392517][T26084] out_of_memory+0x79a/0x1280 [ 853.397200][T26084] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 853.403017][T26084] ? oom_killer_disable+0x280/0x280 [ 853.408231][T26084] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 853.414063][T26084] mem_cgroup_out_of_memory+0x1ca/0x230 03:40:39 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 853.419646][T26084] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 853.425296][T26084] ? do_raw_spin_unlock+0x57/0x270 [ 853.430424][T26084] ? _raw_spin_unlock+0x2d/0x50 [ 853.435313][T26084] try_charge+0xfbe/0x1480 [ 853.439743][T26084] ? __check_heap_object+0x50/0xb3 [ 853.444951][T26084] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 853.450508][T26084] ? percpu_ref_tryget_live+0x111/0x290 [ 853.456070][T26084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.462327][T26084] ? kasan_check_read+0x11/0x20 [ 853.467196][T26084] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 853.472760][T26084] mem_cgroup_try_charge+0x24d/0x5e0 [ 853.478064][T26084] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 853.483717][T26084] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 853.489716][T26084] ? rcu_read_lock_sched_held+0x110/0x130 [ 853.495453][T26084] ? remap_page+0x160/0x160 [ 853.499965][T26084] ? preempt_schedule+0x4b/0x60 [ 853.504824][T26084] ? preempt_schedule_common+0x4f/0xe0 [ 853.510292][T26084] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 03:40:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 853.516539][T26084] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 853.522802][T26084] ? alloc_pages_vma+0x142/0x540 [ 853.527758][T26084] do_huge_pmd_wp_page+0x7fc/0x2160 [ 853.532975][T26084] ? __split_huge_pmd+0x2c10/0x2c10 [ 853.538185][T26084] ? tomoyo_file_ioctl+0x23/0x30 [ 853.543131][T26084] ? security_file_ioctl+0x77/0xc0 [ 853.548246][T26084] ? ksys_ioctl+0x57/0xd0 [ 853.552587][T26084] ? __x64_sys_ioctl+0x73/0xb0 [ 853.557379][T26084] ? do_syscall_64+0xfd/0x680 [ 853.562066][T26084] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.568151][T26084] ? pmd_val+0x85/0x100 [ 853.572315][T26084] ? add_mm_counter_fast.part.0+0x40/0x40 [ 853.578053][T26084] __handle_mm_fault+0x164c/0x3eb0 [ 853.583183][T26084] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 853.588742][T26084] ? handle_mm_fault+0x292/0xa90 [ 853.593735][T26084] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 853.599987][T26084] ? kasan_check_read+0x11/0x20 [ 853.604950][T26084] handle_mm_fault+0x3b7/0xa90 [ 853.609738][T26084] __do_page_fault+0x5ef/0xda0 [ 853.614515][T26084] do_page_fault+0x71/0x57d [ 853.619033][T26084] page_fault+0x1e/0x30 [ 853.623461][T26084] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 853.629797][T26084] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 853.649496][T26084] RSP: 0018:ffff88821b3e7da8 EFLAGS: 00010202 [ 853.655572][T26084] RAX: ffffed104367cfc4 RBX: 0000000000000010 RCX: 0000000000000002 [ 853.663555][T26084] RDX: 0000000000000000 RSI: ffff88821b3e7e10 RDI: 0000000020000180 [ 853.671535][T26084] RBP: ffff88821b3e7de0 R08: 00000000773595b7 R09: ffffed104367cfc4 [ 853.679515][T26084] R10: ffffed104367cfc3 R11: ffff88821b3e7e1f R12: 0000000020000180 [ 853.687499][T26084] R13: ffff88821b3e7e10 R14: 0000000020000190 R15: 00007ffffffff000 [ 853.695540][T26084] ? _copy_to_user+0x146/0x160 [ 853.700314][T26084] put_timespec64+0xc1/0x140 [ 853.704905][T26084] ? nsecs_to_jiffies+0x30/0x30 [ 853.709770][T26084] __x64_sys_clock_gettime+0x1b5/0x240 [ 853.715236][T26084] ? __ia32_sys_clock_settime+0x280/0x280 03:40:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 853.720958][T26084] ? do_syscall_64+0x26/0x680 [ 853.725652][T26084] ? lockdep_hardirqs_on+0x418/0x5d0 [ 853.730961][T26084] ? trace_hardirqs_on+0x67/0x220 [ 853.736005][T26084] do_syscall_64+0xfd/0x680 [ 853.740526][T26084] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 853.746426][T26084] RIP: 0033:0x459279 [ 853.750329][T26084] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 853.769943][T26084] RSP: 002b:00007f13478d4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 853.778366][T26084] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000459279 [ 853.786363][T26084] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000000 [ 853.794345][T26084] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 853.802320][T26084] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f13478d56d4 [ 853.810292][T26084] R13: 00000000004bf696 R14: 00000000004d0d50 R15: 00000000ffffffff 03:40:40 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:40 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 854.082133][T26084] memory: usage 307180kB, limit 307200kB, failcnt 208 [ 854.089091][T26084] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 854.138452][T26084] Memory cgroup stats for /syz5: [ 854.138573][T26084] anon 278523904 [ 854.138573][T26084] file 208896 [ 854.138573][T26084] kernel_stack 4128768 [ 854.138573][T26084] slab 11218944 [ 854.138573][T26084] sock 8192 [ 854.138573][T26084] shmem 0 [ 854.138573][T26084] file_mapped 0 [ 854.138573][T26084] file_dirty 0 [ 854.138573][T26084] file_writeback 0 [ 854.138573][T26084] anon_thp 199229440 [ 854.138573][T26084] inactive_anon 262144 [ 854.138573][T26084] active_anon 278499328 [ 854.138573][T26084] inactive_file 114688 [ 854.138573][T26084] active_file 24576 [ 854.138573][T26084] unevictable 0 [ 854.138573][T26084] slab_reclaimable 2973696 [ 854.138573][T26084] slab_unreclaimable 8245248 [ 854.138573][T26084] pgfault 124740 [ 854.138573][T26084] pgmajfault 0 [ 854.138573][T26084] workingset_refault 0 [ 854.138573][T26084] workingset_activate 0 [ 854.138573][T26084] workingset_nodereclaim 0 [ 854.138573][T26084] pgrefill 1163 [ 854.138573][T26084] pgscan 1146 [ 854.138573][T26084] pgsteal 124 03:40:40 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000309) 03:40:40 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000000) [ 854.288388][T26084] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11839,uid=0 [ 854.308347][T26084] Memory cgroup out of memory: Killed process 11839 (syz-executor.5) total-vm:72972kB, anon-rss:2228kB, file-rss:35792kB, shmem-rss:0kB [ 854.444804][T26083] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 854.503588][T26083] CPU: 0 PID: 26083 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 854.512827][T26083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 854.523052][T26083] Call Trace: [ 854.526334][T26083] dump_stack+0x172/0x1f0 [ 854.530649][T26083] dump_header+0x10f/0xb6c [ 854.535052][T26083] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 854.540840][T26083] ? ___ratelimit+0x60/0x595 [ 854.545760][T26083] ? do_raw_spin_unlock+0x57/0x270 [ 854.550854][T26083] oom_kill_process.cold+0x10/0x15 [ 854.555950][T26083] out_of_memory+0x79a/0x1280 [ 854.560624][T26083] ? oom_killer_disable+0x280/0x280 [ 854.565821][T26083] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 854.571634][T26083] mem_cgroup_out_of_memory+0x1ca/0x230 [ 854.577160][T26083] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 854.582778][T26083] ? do_raw_spin_unlock+0x57/0x270 [ 854.587886][T26083] ? _raw_spin_unlock+0x2d/0x50 [ 854.592721][T26083] try_charge+0xa34/0x1480 [ 854.597121][T26083] ? __check_heap_object+0x50/0xb3 [ 854.602218][T26083] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 854.607741][T26083] ? percpu_ref_tryget_live+0x111/0x290 [ 854.613272][T26083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 854.619493][T26083] ? kasan_check_read+0x11/0x20 [ 854.624342][T26083] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 854.629872][T26083] mem_cgroup_try_charge+0x24d/0x5e0 [ 854.635159][T26083] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 854.640774][T26083] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 854.646735][T26083] ? rcu_read_lock_sched_held+0x110/0x130 [ 854.652441][T26083] ? remap_page+0x160/0x160 [ 854.656932][T26083] ? lock_downgrade+0x920/0x920 [ 854.661768][T26083] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 854.668111][T26083] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 854.674605][T26083] ? alloc_pages_vma+0x142/0x540 [ 854.679538][T26083] do_huge_pmd_wp_page+0x7fc/0x2160 [ 854.684739][T26083] ? ___perf_sw_event+0x393/0x570 [ 854.689751][T26083] ? __split_huge_pmd+0x2c10/0x2c10 [ 854.694940][T26083] ? pmd_val+0x85/0x100 [ 854.699076][T26083] ? add_mm_counter_fast.part.0+0x40/0x40 [ 854.704786][T26083] __handle_mm_fault+0x164c/0x3eb0 [ 854.709886][T26083] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 854.715413][T26083] ? handle_mm_fault+0x292/0xa90 [ 854.720360][T26083] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 854.726584][T26083] ? kasan_check_read+0x11/0x20 [ 854.731424][T26083] handle_mm_fault+0x3b7/0xa90 [ 854.736190][T26083] __do_page_fault+0x5ef/0xda0 [ 854.740955][T26083] do_page_fault+0x71/0x57d [ 854.745448][T26083] ? page_fault+0x8/0x30 [ 854.749671][T26083] page_fault+0x1e/0x30 [ 854.753806][T26083] RIP: 0033:0x400590 [ 854.757685][T26083] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 854.777270][T26083] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 854.783318][T26083] RAX: 0000000000000001 RBX: 0000000000760048 RCX: 0000000000000000 [ 854.791272][T26083] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 854.799222][T26083] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 854.807187][T26083] R10: 00007fff7bc49890 R11: 0000000000000246 R12: 0000000000760050 [ 854.815154][T26083] R13: 00000000004c55f2 R14: 0000000000000000 R15: 000000000075bf2c [ 854.963262][T26083] memory: usage 305616kB, limit 307200kB, failcnt 208 [ 854.970414][T26083] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 854.996423][T26083] Memory cgroup stats for /syz5: [ 854.996831][T26083] anon 278458368 [ 854.996831][T26083] file 208896 [ 854.996831][T26083] kernel_stack 4128768 [ 854.996831][T26083] slab 11218944 [ 854.996831][T26083] sock 8192 [ 854.996831][T26083] shmem 0 [ 854.996831][T26083] file_mapped 0 [ 854.996831][T26083] file_dirty 0 [ 854.996831][T26083] file_writeback 0 [ 854.996831][T26083] anon_thp 197132288 [ 854.996831][T26083] inactive_anon 262144 [ 854.996831][T26083] active_anon 278462464 [ 854.996831][T26083] inactive_file 114688 [ 854.996831][T26083] active_file 24576 [ 854.996831][T26083] unevictable 0 [ 854.996831][T26083] slab_reclaimable 2973696 [ 854.996831][T26083] slab_unreclaimable 8245248 [ 854.996831][T26083] pgfault 124740 [ 854.996831][T26083] pgmajfault 0 [ 854.996831][T26083] workingset_refault 0 [ 854.996831][T26083] workingset_activate 0 [ 854.996831][T26083] workingset_nodereclaim 0 [ 854.996831][T26083] pgrefill 1163 [ 854.996831][T26083] pgscan 1146 [ 854.996831][T26083] pgsteal 124 [ 855.093228][T26083] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13759,uid=0 [ 855.110434][ C1] net_ratelimit: 22 callbacks suppressed [ 855.110442][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 855.121914][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 855.128958][T26083] Memory cgroup out of memory: Killed process 13759 (syz-executor.5) total-vm:72708kB, anon-rss:2208kB, file-rss:35812kB, shmem-rss:0kB [ 855.146710][ T1046] oom_reaper: reaped process 13759 (syz-executor.5), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB 03:40:41 executing program 5: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:41 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:41 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:41 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000315) 03:40:41 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x5000000) 03:40:41 executing program 0: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r0, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:41 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000319) 03:40:41 executing program 5: clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:41 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x6000000) 03:40:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 855.834086][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 855.839915][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:40:42 executing program 5: futex(0x0, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:42 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000329) [ 856.071426][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 856.078676][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 856.150369][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 856.156239][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:42 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:42 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7000000) 03:40:42 executing program 5: futex(0x0, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:42 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000032f) 03:40:42 executing program 5: futex(0x0, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:42 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:43 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:43 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x7040040) [ 856.781565][T26216] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 856.863389][T26216] CPU: 1 PID: 26216 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 856.872544][T26216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 856.882603][T26216] Call Trace: [ 856.885908][T26216] dump_stack+0x172/0x1f0 [ 856.890253][T26216] dump_header+0x10f/0xb6c [ 856.894677][T26216] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 856.900497][T26216] ? ___ratelimit+0x60/0x595 [ 856.905098][T26216] ? do_raw_spin_unlock+0x57/0x270 [ 856.910259][T26216] oom_kill_process.cold+0x10/0x15 [ 856.915383][T26216] out_of_memory+0x79a/0x1280 [ 856.920072][T26216] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 856.925895][T26216] ? oom_killer_disable+0x280/0x280 [ 856.931101][T26216] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 856.936932][T26216] mem_cgroup_out_of_memory+0x1ca/0x230 [ 856.942494][T26216] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 856.948141][T26216] ? do_raw_spin_unlock+0x57/0x270 [ 856.953263][T26216] ? _raw_spin_unlock+0x2d/0x50 [ 856.958122][T26216] try_charge+0xfbe/0x1480 03:40:43 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:43 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000033b) [ 856.962569][T26216] ? __check_heap_object+0x50/0xb3 [ 856.967691][T26216] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 856.973237][T26216] ? percpu_ref_tryget_live+0x111/0x290 [ 856.978788][T26216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 856.985106][T26216] ? kasan_check_read+0x11/0x20 [ 856.990004][T26216] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 856.995553][T26216] mem_cgroup_try_charge+0x24d/0x5e0 [ 857.000849][T26216] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 857.006490][T26216] do_huge_pmd_wp_page_fallback+0x24f/0x1680 03:40:43 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 857.012497][T26216] ? rcu_read_lock_sched_held+0x110/0x130 [ 857.018230][T26216] ? remap_page+0x160/0x160 [ 857.022755][T26216] ? lock_downgrade+0x920/0x920 [ 857.027604][T26216] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 857.033830][T26216] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 857.040055][T26216] ? alloc_pages_vma+0x142/0x540 [ 857.045041][T26216] do_huge_pmd_wp_page+0x7fc/0x2160 [ 857.050222][T26216] ? ___perf_sw_event+0x393/0x570 [ 857.055231][T26216] ? __split_huge_pmd+0x2c10/0x2c10 [ 857.060449][T26216] ? pmd_val+0x85/0x100 [ 857.064603][T26216] ? add_mm_counter_fast.part.0+0x40/0x40 [ 857.070332][T26216] __handle_mm_fault+0x164c/0x3eb0 [ 857.075440][T26216] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 857.080980][T26216] ? handle_mm_fault+0x292/0xa90 [ 857.085917][T26216] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 857.092147][T26216] ? kasan_check_read+0x11/0x20 [ 857.096986][T26216] handle_mm_fault+0x3b7/0xa90 [ 857.101747][T26216] __do_page_fault+0x5ef/0xda0 [ 857.106506][T26216] do_page_fault+0x71/0x57d [ 857.111028][T26216] ? page_fault+0x8/0x30 [ 857.115350][T26216] page_fault+0x1e/0x30 [ 857.119485][T26216] RIP: 0033:0x400590 [ 857.123376][T26216] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 857.142977][T26216] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 857.149032][T26216] RAX: 0000000000000000 RBX: 0000000000760000 RCX: 0000000000000000 03:40:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 857.156991][T26216] RDX: 0000000000000000 RSI: 0000000020048000 RDI: 0000000000000000 [ 857.164970][T26216] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 857.172942][T26216] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 857.180909][T26216] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 857.189135][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 857.194979][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 857.202836][T26216] memory: usage 307200kB, limit 307200kB, failcnt 224 [ 857.209921][T26216] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 857.227716][T26216] Memory cgroup stats for /syz5: [ 857.227831][T26216] anon 278659072 [ 857.227831][T26216] file 208896 [ 857.227831][T26216] kernel_stack 4194304 [ 857.227831][T26216] slab 11218944 [ 857.227831][T26216] sock 8192 [ 857.227831][T26216] shmem 0 [ 857.227831][T26216] file_mapped 0 [ 857.227831][T26216] file_dirty 0 [ 857.227831][T26216] file_writeback 0 [ 857.227831][T26216] anon_thp 195035136 [ 857.227831][T26216] inactive_anon 262144 [ 857.227831][T26216] active_anon 278589440 [ 857.227831][T26216] inactive_file 114688 [ 857.227831][T26216] active_file 24576 [ 857.227831][T26216] unevictable 0 [ 857.227831][T26216] slab_reclaimable 2973696 [ 857.227831][T26216] slab_unreclaimable 8245248 [ 857.227831][T26216] pgfault 125070 [ 857.227831][T26216] pgmajfault 0 [ 857.227831][T26216] workingset_refault 0 [ 857.227831][T26216] workingset_activate 0 [ 857.227831][T26216] workingset_nodereclaim 0 [ 857.227831][T26216] pgrefill 1463 [ 857.227831][T26216] pgscan 1476 [ 857.227831][T26216] pgsteal 124 03:40:43 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:43 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:44 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000033f) [ 857.790444][T26216] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=9410,uid=0 [ 857.872875][T26216] Memory cgroup out of memory: Killed process 9410 (syz-executor.5) total-vm:72576kB, anon-rss:2196kB, file-rss:35792kB, shmem-rss:0kB 03:40:44 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:44 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:44 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8000000) 03:40:44 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000345) 03:40:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:44 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 858.459676][T26278] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 858.496394][T26278] CPU: 1 PID: 26278 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 858.505548][T26278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 858.515611][T26278] Call Trace: [ 858.518905][T26278] dump_stack+0x172/0x1f0 [ 858.523343][T26278] dump_header+0x10f/0xb6c [ 858.527781][T26278] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 858.533779][T26278] ? ___ratelimit+0x60/0x595 [ 858.538376][T26278] ? do_raw_spin_unlock+0x57/0x270 [ 858.543500][T26278] oom_kill_process.cold+0x10/0x15 [ 858.548607][T26278] out_of_memory+0x79a/0x1280 [ 858.553294][T26278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 858.559197][T26278] ? oom_killer_disable+0x280/0x280 [ 858.564407][T26278] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 858.570232][T26278] mem_cgroup_out_of_memory+0x1ca/0x230 [ 858.575784][T26278] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 858.581432][T26278] ? do_raw_spin_unlock+0x57/0x270 [ 858.586553][T26278] ? _raw_spin_unlock+0x2d/0x50 [ 858.591419][T26278] try_charge+0xfbe/0x1480 [ 858.595843][T26278] ? __check_heap_object+0x50/0xb3 [ 858.600970][T26278] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 858.606521][T26278] ? percpu_ref_tryget_live+0x111/0x290 [ 858.612078][T26278] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 858.618355][T26278] ? kasan_check_read+0x11/0x20 [ 858.623216][T26278] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 858.628772][T26278] mem_cgroup_try_charge+0x24d/0x5e0 [ 858.634155][T26278] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 858.639828][T26278] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 858.645811][T26278] ? rcu_read_lock_sched_held+0x110/0x130 [ 858.651551][T26278] ? remap_page+0x160/0x160 [ 858.656069][T26278] ? lock_downgrade+0x920/0x920 [ 858.660921][T26278] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 858.667158][T26278] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 858.673403][T26278] ? alloc_pages_vma+0x142/0x540 [ 858.678521][T26278] do_huge_pmd_wp_page+0x7fc/0x2160 [ 858.683719][T26278] ? ___perf_sw_event+0x393/0x570 [ 858.688935][T26278] ? __split_huge_pmd+0x2c10/0x2c10 [ 858.694163][T26278] ? pmd_val+0x85/0x100 [ 858.698319][T26278] ? add_mm_counter_fast.part.0+0x40/0x40 [ 858.704047][T26278] __handle_mm_fault+0x164c/0x3eb0 03:40:45 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000351) [ 858.709167][T26278] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 858.714721][T26278] ? handle_mm_fault+0x292/0xa90 [ 858.719687][T26278] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 858.725938][T26278] ? kasan_check_read+0x11/0x20 [ 858.730805][T26278] handle_mm_fault+0x3b7/0xa90 [ 858.735583][T26278] __do_page_fault+0x5ef/0xda0 [ 858.740452][T26278] do_page_fault+0x71/0x57d [ 858.744968][T26278] ? page_fault+0x8/0x30 [ 858.749309][T26278] page_fault+0x1e/0x30 [ 858.753470][T26278] RIP: 0033:0x400590 [ 858.757372][T26278] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 858.776979][T26278] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 858.783046][T26278] RAX: 0000000000000000 RBX: 0000000000760000 RCX: 0000000000000000 [ 858.791023][T26278] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000000 [ 858.799003][T26278] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 03:40:45 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x8807300) [ 858.807272][T26278] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 858.815247][T26278] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 858.836727][T26278] memory: usage 307200kB, limit 307200kB, failcnt 248 [ 858.847870][T26278] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 858.884834][T26278] Memory cgroup stats for /syz5: [ 858.884943][T26278] anon 278511616 [ 858.884943][T26278] file 208896 [ 858.884943][T26278] kernel_stack 4128768 [ 858.884943][T26278] slab 11218944 [ 858.884943][T26278] sock 8192 [ 858.884943][T26278] shmem 0 [ 858.884943][T26278] file_mapped 0 [ 858.884943][T26278] file_dirty 0 [ 858.884943][T26278] file_writeback 0 [ 858.884943][T26278] anon_thp 192937984 [ 858.884943][T26278] inactive_anon 262144 [ 858.884943][T26278] active_anon 278441984 [ 858.884943][T26278] inactive_file 114688 [ 858.884943][T26278] active_file 24576 [ 858.884943][T26278] unevictable 0 [ 858.884943][T26278] slab_reclaimable 2973696 [ 858.884943][T26278] slab_unreclaimable 8245248 [ 858.884943][T26278] pgfault 125103 [ 858.884943][T26278] pgmajfault 0 [ 858.884943][T26278] workingset_refault 0 [ 858.884943][T26278] workingset_activate 0 [ 858.884943][T26278] workingset_nodereclaim 0 [ 858.884943][T26278] pgrefill 1692 [ 858.884943][T26278] pgscan 1668 [ 858.884943][T26278] pgsteal 124 [ 859.010528][T26278] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13854,uid=0 03:40:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)) r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 859.410761][T26278] Memory cgroup out of memory: Killed process 13854 (syz-executor.5) total-vm:72840kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB 03:40:46 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:46 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340), 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:46 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000355) 03:40:46 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x9030040) 03:40:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:46 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:46 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000365) 03:40:46 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x10020040) 03:40:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:46 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 860.230388][ C0] net_ratelimit: 18 callbacks suppressed [ 860.230396][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 860.241971][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 860.310396][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 860.316297][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:47 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:47 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000036b) 03:40:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x11000000) 03:40:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:47 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x11040040) 03:40:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000371) 03:40:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7b") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 861.360390][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 861.366288][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 861.372189][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 861.377975][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 861.383851][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 861.389627][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:40:47 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x15030040) 03:40:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:47 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000377) 03:40:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be0") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:48 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, 0x0, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:48 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x19030040) [ 861.739925][T26529] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 861.792516][T26529] CPU: 0 PID: 26529 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 861.801669][T26529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 861.811731][T26529] Call Trace: [ 861.815034][T26529] dump_stack+0x172/0x1f0 [ 861.819380][T26529] dump_header+0x10f/0xb6c [ 861.823810][T26529] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 861.829712][T26529] ? ___ratelimit+0x60/0x595 [ 861.834306][T26529] ? do_raw_spin_unlock+0x57/0x270 [ 861.839434][T26529] oom_kill_process.cold+0x10/0x15 [ 861.844556][T26529] out_of_memory+0x79a/0x1280 [ 861.849247][T26529] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 861.855079][T26529] ? oom_killer_disable+0x280/0x280 [ 861.860288][T26529] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 861.866120][T26529] mem_cgroup_out_of_memory+0x1ca/0x230 [ 861.871676][T26529] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 861.877326][T26529] ? do_raw_spin_unlock+0x57/0x270 [ 861.882439][T26529] ? _raw_spin_unlock+0x2d/0x50 [ 861.887289][T26529] try_charge+0xfbe/0x1480 [ 861.887307][T26529] ? __check_heap_object+0x50/0xb3 [ 861.887327][T26529] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 861.902354][T26529] ? percpu_ref_tryget_live+0x111/0x290 [ 861.907905][T26529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 861.914150][T26529] ? kasan_check_read+0x11/0x20 [ 861.919010][T26529] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 861.924560][T26529] mem_cgroup_try_charge+0x24d/0x5e0 [ 861.929840][T26529] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 861.935476][T26529] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 861.941471][T26529] ? rcu_read_lock_sched_held+0x110/0x130 [ 861.941492][T26529] ? remap_page+0x160/0x160 [ 861.941511][T26529] ? lock_downgrade+0x920/0x920 [ 861.951697][T26529] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 861.951710][T26529] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 861.951729][T26529] ? alloc_pages_vma+0x142/0x540 [ 861.951745][T26529] do_huge_pmd_wp_page+0x7fc/0x2160 [ 861.951758][T26529] ? ___perf_sw_event+0x393/0x570 [ 861.951778][T26529] ? __split_huge_pmd+0x2c10/0x2c10 [ 861.951799][T26529] ? pmd_val+0x85/0x100 [ 861.951818][T26529] ? add_mm_counter_fast.part.0+0x40/0x40 [ 861.989401][T26529] __handle_mm_fault+0x164c/0x3eb0 [ 861.989422][T26529] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 862.009904][T26529] ? handle_mm_fault+0x292/0xa90 [ 862.014859][T26529] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 862.014879][T26529] ? kasan_check_read+0x11/0x20 [ 862.025954][T26529] handle_mm_fault+0x3b7/0xa90 [ 862.030748][T26529] __do_page_fault+0x5ef/0xda0 03:40:48 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000037b) 03:40:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(0x0, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 862.038146][T26529] do_page_fault+0x71/0x57d [ 862.046481][T26529] ? page_fault+0x8/0x30 [ 862.046497][T26529] page_fault+0x1e/0x30 [ 862.046507][T26529] RIP: 0033:0x400590 [ 862.046522][T26529] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 862.046529][T26529] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 862.046539][T26529] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 862.046547][T26529] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 862.046554][T26529] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 862.046566][T26529] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 862.078507][T26529] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 862.280359][T26529] memory: usage 307200kB, limit 307200kB, failcnt 280 [ 862.287370][T26529] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 862.345133][T26529] Memory cgroup stats for /syz5: [ 862.345250][T26529] anon 278646784 [ 862.345250][T26529] file 208896 [ 862.345250][T26529] kernel_stack 4194304 [ 862.345250][T26529] slab 11218944 [ 862.345250][T26529] sock 8192 [ 862.345250][T26529] shmem 0 [ 862.345250][T26529] file_mapped 0 [ 862.345250][T26529] file_dirty 0 [ 862.345250][T26529] file_writeback 0 [ 862.345250][T26529] anon_thp 190840832 [ 862.345250][T26529] inactive_anon 262144 [ 862.345250][T26529] active_anon 278560768 [ 862.345250][T26529] inactive_file 114688 [ 862.345250][T26529] active_file 24576 [ 862.345250][T26529] unevictable 0 [ 862.345250][T26529] slab_reclaimable 2973696 [ 862.345250][T26529] slab_unreclaimable 8245248 [ 862.345250][T26529] pgfault 125301 [ 862.345250][T26529] pgmajfault 0 [ 862.345250][T26529] workingset_refault 0 [ 862.345250][T26529] workingset_activate 0 [ 862.345250][T26529] workingset_nodereclaim 0 [ 862.345250][T26529] pgrefill 1950 [ 862.345250][T26529] pgscan 1977 [ 862.345250][T26529] pgsteal 124 [ 862.467607][T26529] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19251,uid=0 [ 862.483818][T26529] Memory cgroup out of memory: Killed process 19251 (syz-executor.5) total-vm:72708kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB 03:40:48 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:48 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:48 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:48 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000038b) 03:40:48 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x25040040) 03:40:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) [ 862.812969][T26579] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 862.831552][T26579] CPU: 1 PID: 26579 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 862.840709][T26579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 862.850776][T26579] Call Trace: [ 862.850799][T26579] dump_stack+0x172/0x1f0 [ 862.850818][T26579] dump_header+0x10f/0xb6c 03:40:49 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 862.850834][T26579] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 862.850848][T26579] ? ___ratelimit+0x60/0x595 [ 862.850861][T26579] ? do_raw_spin_unlock+0x57/0x270 [ 862.850880][T26579] oom_kill_process.cold+0x10/0x15 [ 862.858504][T26579] out_of_memory+0x79a/0x1280 [ 862.858523][T26579] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 862.858542][T26579] ? oom_killer_disable+0x280/0x280 [ 862.878395][T26579] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 862.878420][T26579] mem_cgroup_out_of_memory+0x1ca/0x230 [ 862.888184][T26579] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 862.888207][T26579] ? do_raw_spin_unlock+0x57/0x270 [ 862.921203][T26579] ? _raw_spin_unlock+0x2d/0x50 [ 862.926583][T26579] try_charge+0xfbe/0x1480 [ 862.926601][T26579] ? __check_heap_object+0x50/0xb3 [ 862.936108][T26579] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 862.941640][T26579] ? percpu_ref_tryget_live+0x111/0x290 [ 862.947517][T26579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 862.953761][T26579] ? kasan_check_read+0x11/0x20 [ 862.958699][T26579] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 862.964226][T26579] mem_cgroup_try_charge+0x24d/0x5e0 [ 862.969508][T26579] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 862.975124][T26579] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 862.981087][T26579] ? rcu_read_lock_sched_held+0x110/0x130 [ 862.986790][T26579] ? remap_page+0x160/0x160 [ 862.991279][T26579] ? lock_downgrade+0x920/0x920 [ 862.996112][T26579] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 863.002332][T26579] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 863.008564][T26579] ? alloc_pages_vma+0x142/0x540 [ 863.013484][T26579] do_huge_pmd_wp_page+0x7fc/0x2160 [ 863.018677][T26579] ? ___perf_sw_event+0x393/0x570 [ 863.023686][T26579] ? __split_huge_pmd+0x2c10/0x2c10 [ 863.029227][T26579] ? pmd_val+0x85/0x100 [ 863.033736][T26579] ? add_mm_counter_fast.part.0+0x40/0x40 [ 863.044576][T26579] __handle_mm_fault+0x164c/0x3eb0 [ 863.049677][T26579] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 863.055289][T26579] ? handle_mm_fault+0x292/0xa90 [ 863.060215][T26579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 863.066441][T26579] ? kasan_check_read+0x11/0x20 [ 863.071293][T26579] handle_mm_fault+0x3b7/0xa90 [ 863.076042][T26579] __do_page_fault+0x5ef/0xda0 [ 863.080807][T26579] do_page_fault+0x71/0x57d [ 863.085294][T26579] ? page_fault+0x8/0x30 [ 863.089518][T26579] page_fault+0x1e/0x30 [ 863.093654][T26579] RIP: 0033:0x400590 03:40:49 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(0x0, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 863.097532][T26579] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 863.117117][T26579] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 863.123171][T26579] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 863.131133][T26579] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 863.139129][T26579] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 863.147080][T26579] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 863.155033][T26579] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:49 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(0xffffffffffffffff, 0x106, 0x1, 0x0, &(0x7f00000000c0)=0x291) 03:40:49 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x26020040) 03:40:49 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000391) 03:40:49 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(0x0, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 863.296991][T26579] memory: usage 307200kB, limit 307200kB, failcnt 313 [ 863.305937][T26579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 863.396847][T26579] Memory cgroup stats for /syz5: [ 863.398576][T26579] anon 278630400 [ 863.398576][T26579] file 49152 [ 863.398576][T26579] kernel_stack 4128768 [ 863.398576][T26579] slab 11218944 [ 863.398576][T26579] sock 8192 [ 863.398576][T26579] shmem 0 [ 863.398576][T26579] file_mapped 0 [ 863.398576][T26579] file_dirty 0 [ 863.398576][T26579] file_writeback 0 [ 863.398576][T26579] anon_thp 188743680 [ 863.398576][T26579] inactive_anon 262144 [ 863.398576][T26579] active_anon 278663168 [ 863.398576][T26579] inactive_file 0 [ 863.398576][T26579] active_file 24576 [ 863.398576][T26579] unevictable 0 [ 863.398576][T26579] slab_reclaimable 2973696 [ 863.398576][T26579] slab_unreclaimable 8245248 [ 863.398576][T26579] pgfault 125367 [ 863.398576][T26579] pgmajfault 0 [ 863.398576][T26579] workingset_refault 0 [ 863.398576][T26579] workingset_activate 0 [ 863.398576][T26579] workingset_nodereclaim 0 [ 863.398576][T26579] pgrefill 1983 [ 863.398576][T26579] pgscan 2013 [ 863.398576][T26579] pgsteal 163 [ 863.520475][T26579] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11940,uid=0 [ 863.590674][T26579] Memory cgroup out of memory: Killed process 11940 (syz-executor.5) total-vm:72708kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 03:40:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, 0x0) 03:40:50 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(0x0, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:50 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:50 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x29030040) 03:40:50 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000039d) 03:40:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, 0x0) 03:40:50 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 864.136163][T26631] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 864.245270][T26631] CPU: 1 PID: 26631 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 864.254691][T26631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 864.264753][T26631] Call Trace: [ 864.264774][T26631] dump_stack+0x172/0x1f0 [ 864.264793][T26631] dump_header+0x10f/0xb6c [ 864.264810][T26631] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 864.264825][T26631] ? ___ratelimit+0x60/0x595 [ 864.264838][T26631] ? do_raw_spin_unlock+0x57/0x270 [ 864.264854][T26631] oom_kill_process.cold+0x10/0x15 [ 864.264872][T26631] out_of_memory+0x79a/0x1280 [ 864.294994][T26631] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 864.310632][T26631] ? oom_killer_disable+0x280/0x280 [ 864.315837][T26631] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 864.321651][T26631] mem_cgroup_out_of_memory+0x1ca/0x230 [ 864.327373][T26631] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 864.333015][T26631] ? do_raw_spin_unlock+0x57/0x270 [ 864.338134][T26631] ? _raw_spin_unlock+0x2d/0x50 [ 864.343100][T26631] try_charge+0xfbe/0x1480 [ 864.347524][T26631] ? __check_heap_object+0x50/0xb3 [ 864.352636][T26631] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 864.358196][T26631] ? percpu_ref_tryget_live+0x111/0x290 [ 864.363763][T26631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 864.370004][T26631] ? kasan_check_read+0x11/0x20 [ 864.374858][T26631] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 864.380399][T26631] mem_cgroup_try_charge+0x24d/0x5e0 [ 864.380418][T26631] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 864.380434][T26631] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 864.380450][T26631] ? rcu_read_lock_sched_held+0x110/0x130 [ 864.380468][T26631] ? remap_page+0x160/0x160 [ 864.380485][T26631] ? lock_downgrade+0x920/0x920 [ 864.380505][T26631] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 864.418629][T26631] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 864.424910][T26631] ? alloc_pages_vma+0x142/0x540 [ 864.429846][T26631] do_huge_pmd_wp_page+0x7fc/0x2160 [ 864.435061][T26631] ? ___perf_sw_event+0x393/0x570 [ 864.440097][T26631] ? __split_huge_pmd+0x2c10/0x2c10 [ 864.445301][T26631] ? pmd_val+0x85/0x100 [ 864.449451][T26631] ? add_mm_counter_fast.part.0+0x40/0x40 [ 864.455176][T26631] __handle_mm_fault+0x164c/0x3eb0 [ 864.460296][T26631] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 864.465841][T26631] ? handle_mm_fault+0x292/0xa90 [ 864.470795][T26631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 864.477080][T26631] ? kasan_check_read+0x11/0x20 [ 864.481938][T26631] handle_mm_fault+0x3b7/0xa90 [ 864.486707][T26631] __do_page_fault+0x5ef/0xda0 [ 864.491495][T26631] do_page_fault+0x71/0x57d 03:40:50 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003a1) [ 864.496006][T26631] ? page_fault+0x8/0x30 [ 864.500272][T26631] page_fault+0x1e/0x30 [ 864.504418][T26631] RIP: 0033:0x400590 [ 864.508317][T26631] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 864.527929][T26631] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 864.533991][T26631] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 864.541958][T26631] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 864.549920][T26631] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 864.557896][T26631] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 864.565868][T26631] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:50 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$X25_QBITINCL(r1, 0x106, 0x1, 0x0, 0x0) 03:40:50 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x2f030040) 03:40:50 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 864.596107][T26631] memory: usage 307192kB, limit 307200kB, failcnt 337 [ 864.635976][T26631] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 864.673235][T26631] Memory cgroup stats for /syz5: [ 864.673343][T26631] anon 278523904 [ 864.673343][T26631] file 49152 [ 864.673343][T26631] kernel_stack 4128768 [ 864.673343][T26631] slab 11218944 [ 864.673343][T26631] sock 8192 [ 864.673343][T26631] shmem 0 [ 864.673343][T26631] file_mapped 0 [ 864.673343][T26631] file_dirty 0 [ 864.673343][T26631] file_writeback 0 [ 864.673343][T26631] anon_thp 186646528 [ 864.673343][T26631] inactive_anon 262144 [ 864.673343][T26631] active_anon 278528000 [ 864.673343][T26631] inactive_file 0 [ 864.673343][T26631] active_file 24576 [ 864.673343][T26631] unevictable 0 [ 864.673343][T26631] slab_reclaimable 2973696 [ 864.673343][T26631] slab_unreclaimable 8245248 [ 864.673343][T26631] pgfault 125400 [ 864.673343][T26631] pgmajfault 0 [ 864.673343][T26631] workingset_refault 0 [ 864.673343][T26631] workingset_activate 0 [ 864.673343][T26631] workingset_nodereclaim 0 [ 864.673343][T26631] pgrefill 2016 [ 864.673343][T26631] pgscan 2013 [ 864.673343][T26631] pgsteal 163 03:40:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x0, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:51 executing program 0: syz_mount_image$iso9660(&(0x7f00000003c0)='iso9660\x00', &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 865.176549][T26631] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=18670,uid=0 [ 865.202075][T26631] Memory cgroup out of memory: Killed process 18670 (syz-executor.5) total-vm:72576kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB 03:40:51 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:51 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:51 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003a7) 03:40:51 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x36020040) 03:40:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070") r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f00000000c0)='\'c{%*{,\x00', 0x4) ioctl$TCSETA(r2, 0x4030582a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000d8}) dup2(r1, r2) 03:40:51 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:51 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x0, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 865.510348][ C1] net_ratelimit: 18 callbacks suppressed [ 865.510356][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 865.521943][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 865.527942][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 865.533764][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 865.539593][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 865.545407][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 865.614493][T26696] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 865.671369][T26696] CPU: 1 PID: 26696 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 865.680521][T26696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 865.690574][T26696] Call Trace: [ 865.693873][T26696] dump_stack+0x172/0x1f0 [ 865.698219][T26696] dump_header+0x10f/0xb6c [ 865.702644][T26696] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 865.708495][T26696] ? ___ratelimit+0x60/0x595 [ 865.713087][T26696] ? do_raw_spin_unlock+0x57/0x270 [ 865.718218][T26696] oom_kill_process.cold+0x10/0x15 [ 865.723343][T26696] out_of_memory+0x79a/0x1280 [ 865.728033][T26696] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 865.733851][T26696] ? oom_killer_disable+0x280/0x280 [ 865.739058][T26696] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 865.744887][T26696] mem_cgroup_out_of_memory+0x1ca/0x230 [ 865.750438][T26696] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 865.756083][T26696] ? do_raw_spin_unlock+0x57/0x270 [ 865.761213][T26696] ? _raw_spin_unlock+0x2d/0x50 [ 865.766077][T26696] try_charge+0xfbe/0x1480 [ 865.770507][T26696] ? __check_heap_object+0x50/0xb3 [ 865.775631][T26696] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 865.781183][T26696] ? percpu_ref_tryget_live+0x111/0x290 [ 865.786911][T26696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 865.793162][T26696] ? kasan_check_read+0x11/0x20 [ 865.798030][T26696] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 865.803585][T26696] mem_cgroup_try_charge+0x24d/0x5e0 [ 865.808878][T26696] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 865.814527][T26696] do_huge_pmd_wp_page_fallback+0x24f/0x1680 03:40:52 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003b3) [ 865.820513][T26696] ? rcu_read_lock_sched_held+0x110/0x130 [ 865.826249][T26696] ? remap_page+0x160/0x160 [ 865.830762][T26696] ? lock_downgrade+0x920/0x920 [ 865.835620][T26696] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 865.841861][T26696] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 865.848108][T26696] ? alloc_pages_vma+0x142/0x540 [ 865.848126][T26696] do_huge_pmd_wp_page+0x7fc/0x2160 [ 865.858236][T26696] ? __handle_mm_fault+0x32d4/0x3eb0 [ 865.863529][T26696] ? __split_huge_pmd+0x2c10/0x2c10 [ 865.868728][T26696] ? lock_downgrade+0x920/0x920 [ 865.873579][T26696] ? pmd_val+0x85/0x100 [ 865.877730][T26696] ? add_mm_counter_fast.part.0+0x40/0x40 [ 865.883456][T26696] __handle_mm_fault+0x164c/0x3eb0 [ 865.888567][T26696] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 865.888617][T26696] ? handle_mm_fault+0x292/0xa90 [ 865.899108][T26696] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 865.905352][T26696] ? kasan_check_read+0x11/0x20 [ 865.910206][T26696] handle_mm_fault+0x3b7/0xa90 [ 865.915058][T26696] __do_page_fault+0x5ef/0xda0 [ 865.919836][T26696] do_page_fault+0x71/0x57d [ 865.924341][T26696] ? page_fault+0x8/0x30 [ 865.928586][T26696] page_fault+0x1e/0x30 [ 865.932738][T26696] RIP: 0033:0x400590 [ 865.936630][T26696] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 865.956237][T26696] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 865.962396][T26696] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 03:40:52 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, 0x0) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:52 executing program 0: r0 = memfd_create(&(0x7f0000000140)='\x00\x01\x06\x04\x00\x00\x00\x82\x12EB\x00\x00#\x00\xa0\xdc1VZ\xc9\xa9\x03{\xccH\x98/', 0x0) write$binfmt_script(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='e'], 0x1) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 03:40:52 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3b030040) [ 865.970366][T26696] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 865.978335][T26696] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 865.986307][T26696] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 865.994282][T26696] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 866.039338][T26696] memory: usage 307200kB, limit 307200kB, failcnt 372 [ 866.100635][T26696] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 866.206492][T26696] Memory cgroup stats for /syz5: [ 866.206607][T26696] anon 278564864 [ 866.206607][T26696] file 49152 [ 866.206607][T26696] kernel_stack 4194304 [ 866.206607][T26696] slab 11218944 [ 866.206607][T26696] sock 8192 [ 866.206607][T26696] shmem 0 [ 866.206607][T26696] file_mapped 0 [ 866.206607][T26696] file_dirty 0 [ 866.206607][T26696] file_writeback 0 [ 866.206607][T26696] anon_thp 184549376 [ 866.206607][T26696] inactive_anon 262144 [ 866.206607][T26696] active_anon 278568960 [ 866.206607][T26696] inactive_file 0 [ 866.206607][T26696] active_file 24576 [ 866.206607][T26696] unevictable 0 [ 866.206607][T26696] slab_reclaimable 2973696 [ 866.206607][T26696] slab_unreclaimable 8245248 [ 866.206607][T26696] pgfault 125499 [ 866.206607][T26696] pgmajfault 0 [ 866.206607][T26696] workingset_refault 0 [ 866.206607][T26696] workingset_activate 0 [ 866.206607][T26696] workingset_nodereclaim 0 [ 866.206607][T26696] pgrefill 2016 [ 866.206607][T26696] pgscan 2013 [ 866.206607][T26696] pgsteal 163 [ 866.232609][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 866.309206][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 866.453783][T26696] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=11936,uid=0 [ 866.470366][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 866.476167][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 866.510525][T26696] Memory cgroup out of memory: Killed process 11936 (syz-executor.5) total-vm:72576kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB [ 866.539875][ T1046] oom_reaper: reaped process 11936 (syz-executor.5), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:40:53 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x0, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003b7) 03:40:53 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070") write$sndseq(r1, 0x0, 0x0) 03:40:53 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x3f030040) 03:40:53 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x0, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000000) 03:40:53 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003c7) 03:40:53 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:53 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 867.611406][T27106] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 867.683067][T27106] CPU: 1 PID: 27106 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 867.692216][T27106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 867.702273][T27106] Call Trace: [ 867.705573][T27106] dump_stack+0x172/0x1f0 [ 867.709919][T27106] dump_header+0x10f/0xb6c [ 867.714341][T27106] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 867.720156][T27106] ? ___ratelimit+0x60/0x595 [ 867.724741][T27106] ? do_raw_spin_unlock+0x57/0x270 [ 867.724762][T27106] oom_kill_process.cold+0x10/0x15 [ 867.734949][T27106] out_of_memory+0x79a/0x1280 [ 867.734967][T27106] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 867.734982][T27106] ? oom_killer_disable+0x280/0x280 [ 867.734995][T27106] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 867.735019][T27106] mem_cgroup_out_of_memory+0x1ca/0x230 [ 867.735032][T27106] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 867.735049][T27106] ? do_raw_spin_unlock+0x57/0x270 [ 867.735067][T27106] ? _raw_spin_unlock+0x2d/0x50 [ 867.777579][T27106] try_charge+0xfbe/0x1480 03:40:54 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000200) [ 867.781998][T27106] ? __check_heap_object+0x50/0xb3 [ 867.787118][T27106] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 867.792672][T27106] ? percpu_ref_tryget_live+0x111/0x290 [ 867.798225][T27106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 867.804476][T27106] ? kasan_check_read+0x11/0x20 [ 867.809334][T27106] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 867.814881][T27106] mem_cgroup_try_charge+0x24d/0x5e0 [ 867.820175][T27106] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 867.825838][T27106] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 867.831820][T27106] ? rcu_read_lock_sched_held+0x110/0x130 [ 867.837546][T27106] ? remap_page+0x160/0x160 [ 867.842063][T27106] ? lock_downgrade+0x920/0x920 [ 867.846925][T27106] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 867.853163][T27106] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 867.859420][T27106] ? alloc_pages_vma+0x142/0x540 [ 867.864393][T27106] do_huge_pmd_wp_page+0x7fc/0x2160 [ 867.869595][T27106] ? do_raw_spin_unlock+0x57/0x270 [ 867.874712][T27106] ? __split_huge_pmd+0x2c10/0x2c10 [ 867.879928][T27106] ? pmd_val+0x85/0x100 [ 867.884091][T27106] ? add_mm_counter_fast.part.0+0x40/0x40 [ 867.889815][T27106] __handle_mm_fault+0x164c/0x3eb0 [ 867.894939][T27106] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 867.900492][T27106] ? handle_mm_fault+0x292/0xa90 [ 867.905446][T27106] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 867.911693][T27106] ? kasan_check_read+0x11/0x20 [ 867.916638][T27106] handle_mm_fault+0x3b7/0xa90 [ 867.921410][T27106] __do_page_fault+0x5ef/0xda0 [ 867.926170][T27106] do_page_fault+0x71/0x57d [ 867.930776][T27106] ? page_fault+0x8/0x30 [ 867.935283][T27106] page_fault+0x1e/0x30 [ 867.939419][T27106] RIP: 0033:0x400590 [ 867.943306][T27106] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 867.962914][T27106] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 867.968995][T27106] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 03:40:54 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003cd) 03:40:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, 0x0, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 867.976961][T27106] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 867.984921][T27106] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 867.992891][T27106] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 868.000861][T27106] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 868.023740][T27106] memory: usage 307200kB, limit 307200kB, failcnt 392 [ 868.037921][T27106] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:40:54 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, 0x0) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 868.117393][T27106] Memory cgroup stats for /syz5: [ 868.126700][T27106] anon 278757376 [ 868.126700][T27106] file 49152 [ 868.126700][T27106] kernel_stack 4194304 [ 868.126700][T27106] slab 10731520 [ 868.126700][T27106] sock 8192 [ 868.126700][T27106] shmem 0 [ 868.126700][T27106] file_mapped 0 [ 868.126700][T27106] file_dirty 135168 [ 868.126700][T27106] file_writeback 0 [ 868.126700][T27106] anon_thp 182452224 [ 868.126700][T27106] inactive_anon 262144 [ 868.126700][T27106] active_anon 278798336 [ 868.126700][T27106] inactive_file 0 [ 868.126700][T27106] active_file 24576 [ 868.126700][T27106] unevictable 0 [ 868.126700][T27106] slab_reclaimable 2973696 [ 868.126700][T27106] slab_unreclaimable 7757824 [ 868.126700][T27106] pgfault 125730 [ 868.126700][T27106] pgmajfault 0 [ 868.126700][T27106] workingset_refault 0 [ 868.126700][T27106] workingset_activate 0 [ 868.126700][T27106] workingset_nodereclaim 0 [ 868.126700][T27106] pgrefill 2049 [ 868.126700][T27106] pgscan 2046 [ 868.126700][T27106] pgsteal 163 03:40:54 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:54 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:54 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000210) [ 868.648274][T27106] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=13848,uid=0 [ 868.731978][T27106] Memory cgroup out of memory: Killed process 13848 (syz-executor.5) total-vm:72576kB, anon-rss:2200kB, file-rss:34816kB, shmem-rss:0kB 03:40:55 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003d9) 03:40:55 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000226) [ 869.074769][T27279] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 869.085798][T27279] CPU: 0 PID: 27279 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 869.094924][T27279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 869.094931][T27279] Call Trace: [ 869.094952][T27279] dump_stack+0x172/0x1f0 [ 869.094974][T27279] dump_header+0x10f/0xb6c [ 869.117029][T27279] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 869.117050][T27279] ? ___ratelimit+0x60/0x595 [ 869.127432][T27279] ? do_raw_spin_unlock+0x57/0x270 [ 869.132560][T27279] oom_kill_process.cold+0x10/0x15 [ 869.137680][T27279] out_of_memory+0x79a/0x1280 [ 869.142371][T27279] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 869.148188][T27279] ? oom_killer_disable+0x280/0x280 [ 869.153392][T27279] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 869.159205][T27279] mem_cgroup_out_of_memory+0x1ca/0x230 [ 869.164788][T27279] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 869.170432][T27279] ? do_raw_spin_unlock+0x57/0x270 [ 869.175548][T27279] ? _raw_spin_unlock+0x2d/0x50 [ 869.180578][T27279] try_charge+0xfbe/0x1480 [ 869.180594][T27279] ? __check_heap_object+0x50/0xb3 [ 869.180612][T27279] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 869.190200][T27279] ? percpu_ref_tryget_live+0x111/0x290 [ 869.190222][T27279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 869.207612][T27279] ? kasan_check_read+0x11/0x20 [ 869.212484][T27279] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 869.218047][T27279] mem_cgroup_try_charge+0x24d/0x5e0 [ 869.223346][T27279] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 869.223363][T27279] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 869.223378][T27279] ? rcu_read_lock_sched_held+0x110/0x130 [ 869.223396][T27279] ? remap_page+0x160/0x160 [ 869.240687][T27279] ? lock_downgrade+0x920/0x920 [ 869.240705][T27279] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 869.240717][T27279] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 869.240737][T27279] ? alloc_pages_vma+0x142/0x540 [ 869.267484][T27279] do_huge_pmd_wp_page+0x7fc/0x2160 [ 869.272703][T27279] ? do_raw_spin_unlock+0x57/0x270 [ 869.277828][T27279] ? __split_huge_pmd+0x2c10/0x2c10 [ 869.277855][T27279] ? pmd_val+0x85/0x100 [ 869.287209][T27279] ? add_mm_counter_fast.part.0+0x40/0x40 [ 869.287236][T27279] __handle_mm_fault+0x164c/0x3eb0 [ 869.298064][T27279] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 869.303643][T27279] ? handle_mm_fault+0x292/0xa90 [ 869.308586][T27279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 869.315003][T27279] ? kasan_check_read+0x11/0x20 [ 869.319860][T27279] handle_mm_fault+0x3b7/0xa90 [ 869.324631][T27279] __do_page_fault+0x5ef/0xda0 [ 869.329399][T27279] do_page_fault+0x71/0x57d [ 869.329419][T27279] ? page_fault+0x8/0x30 [ 869.338154][T27279] page_fault+0x1e/0x30 [ 869.338165][T27279] RIP: 0033:0x400590 [ 869.338182][T27279] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 869.365813][T27279] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 03:40:55 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000236) 03:40:55 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:55 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0xffffffffffffffff, r2) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 869.371895][T27279] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 869.371902][T27279] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 869.371910][T27279] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 869.371917][T27279] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 869.371924][T27279] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 869.385867][T27279] memory: usage 307200kB, limit 307200kB, failcnt 412 [ 869.438865][T27279] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 869.540661][T27279] Memory cgroup stats for /syz5: [ 869.540771][T27279] anon 278757376 [ 869.540771][T27279] file 49152 [ 869.540771][T27279] kernel_stack 4259840 [ 869.540771][T27279] slab 10731520 [ 869.540771][T27279] sock 8192 [ 869.540771][T27279] shmem 0 [ 869.540771][T27279] file_mapped 0 [ 869.540771][T27279] file_dirty 135168 [ 869.540771][T27279] file_writeback 0 [ 869.540771][T27279] anon_thp 180355072 [ 869.540771][T27279] inactive_anon 262144 [ 869.540771][T27279] active_anon 278798336 [ 869.540771][T27279] inactive_file 0 [ 869.540771][T27279] active_file 24576 [ 869.540771][T27279] unevictable 0 [ 869.540771][T27279] slab_reclaimable 2973696 [ 869.540771][T27279] slab_unreclaimable 7757824 [ 869.540771][T27279] pgfault 125796 [ 869.540771][T27279] pgmajfault 0 [ 869.540771][T27279] workingset_refault 0 [ 869.540771][T27279] workingset_activate 0 [ 869.540771][T27279] workingset_nodereclaim 0 [ 869.540771][T27279] pgrefill 2082 [ 869.540771][T27279] pgscan 2079 [ 869.540771][T27279] pgsteal 163 [ 869.648660][T27279] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19376,uid=0 [ 869.684216][T27279] Memory cgroup out of memory: Killed process 19376 (syz-executor.5) total-vm:72576kB, anon-rss:4252kB, file-rss:35816kB, shmem-rss:0kB 03:40:56 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003dd) 03:40:56 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x4000024c) 03:40:56 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 0: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:56 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003e3) [ 870.310616][T27535] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 870.335958][T27535] CPU: 1 PID: 27535 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 870.345109][T27535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 870.355170][T27535] Call Trace: 03:40:56 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$pokeuser(0x6, r2, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 870.358480][T27535] dump_stack+0x172/0x1f0 [ 870.362825][T27535] dump_header+0x10f/0xb6c [ 870.367243][T27535] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 870.373044][T27535] ? ___ratelimit+0x60/0x595 [ 870.377649][T27535] ? do_raw_spin_unlock+0x57/0x270 [ 870.382867][T27535] oom_kill_process.cold+0x10/0x15 [ 870.387979][T27535] out_of_memory+0x79a/0x1280 [ 870.392660][T27535] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 870.398481][T27535] ? oom_killer_disable+0x280/0x280 [ 870.403677][T27535] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 03:40:56 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 870.403700][T27535] mem_cgroup_out_of_memory+0x1ca/0x230 [ 870.403714][T27535] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 870.403734][T27535] ? do_raw_spin_unlock+0x57/0x270 [ 870.403751][T27535] ? _raw_spin_unlock+0x2d/0x50 [ 870.403768][T27535] try_charge+0xfbe/0x1480 [ 870.403783][T27535] ? __check_heap_object+0x50/0xb3 [ 870.403799][T27535] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 870.403817][T27535] ? percpu_ref_tryget_live+0x111/0x290 [ 870.451250][T27535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 870.457501][T27535] ? kasan_check_read+0x11/0x20 [ 870.462364][T27535] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 870.467914][T27535] mem_cgroup_try_charge+0x24d/0x5e0 [ 870.467935][T27535] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 870.478847][T27535] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 870.484834][T27535] ? rcu_read_lock_sched_held+0x110/0x130 [ 870.484854][T27535] ? remap_page+0x160/0x160 [ 870.484875][T27535] ? alloc_pages_vma+0x37a/0x540 [ 870.484893][T27535] ? alloc_pages_vma+0x142/0x540 [ 870.484911][T27535] do_huge_pmd_wp_page+0x7fc/0x2160 [ 870.484924][T27535] ? do_raw_spin_unlock+0x57/0x270 [ 870.484945][T27535] ? __split_huge_pmd+0x2c10/0x2c10 [ 870.484968][T27535] ? pmd_val+0x85/0x100 [ 870.524942][T27535] ? add_mm_counter_fast.part.0+0x40/0x40 [ 870.530683][T27535] __handle_mm_fault+0x164c/0x3eb0 [ 870.535802][T27535] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 870.541354][T27535] ? handle_mm_fault+0x292/0xa90 [ 870.546302][T27535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 870.552546][T27535] ? kasan_check_read+0x11/0x20 [ 870.557416][T27535] handle_mm_fault+0x3b7/0xa90 [ 870.562165][T27535] __do_page_fault+0x5ef/0xda0 [ 870.567024][T27535] do_page_fault+0x71/0x57d [ 870.571516][T27535] ? page_fault+0x8/0x30 [ 870.575759][T27535] page_fault+0x1e/0x30 [ 870.579889][T27535] RIP: 0033:0x400590 [ 870.583769][T27535] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 870.603382][T27535] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 870.609428][T27535] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 870.617399][T27535] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 870.625365][T27535] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 870.630376][ C0] net_ratelimit: 22 callbacks suppressed [ 870.630383][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 870.633319][T27535] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 870.633328][T27535] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 03:40:57 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000262) [ 870.639856][T27535] memory: usage 307020kB, limit 307200kB, failcnt 444 [ 870.644794][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 870.654091][T27535] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 870.680407][T27535] Memory cgroup stats for /syz5: [ 870.680517][T27535] anon 278773760 [ 870.680517][T27535] file 49152 [ 870.680517][T27535] kernel_stack 4259840 [ 870.680517][T27535] slab 10719232 [ 870.680517][T27535] sock 8192 [ 870.680517][T27535] shmem 0 [ 870.680517][T27535] file_mapped 0 [ 870.680517][T27535] file_dirty 135168 [ 870.680517][T27535] file_writeback 0 [ 870.680517][T27535] anon_thp 176160768 [ 870.680517][T27535] inactive_anon 262144 [ 870.680517][T27535] active_anon 278777856 [ 870.680517][T27535] inactive_file 0 [ 870.680517][T27535] active_file 24576 [ 870.680517][T27535] unevictable 0 [ 870.680517][T27535] slab_reclaimable 2973696 [ 870.680517][T27535] slab_unreclaimable 7745536 [ 870.680517][T27535] pgfault 125928 [ 870.680517][T27535] pgmajfault 0 [ 870.680517][T27535] workingset_refault 0 [ 870.680517][T27535] workingset_activate 0 [ 870.680517][T27535] workingset_nodereclaim 0 [ 870.680517][T27535] pgrefill 2116 [ 870.680517][T27535] pgscan 2146 [ 870.680517][T27535] pgsteal 163 [ 870.790390][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 870.796218][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 870.900721][T27535] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26894,uid=0 03:40:57 executing program 0: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003ef) 03:40:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 870.978523][T27535] Memory cgroup out of memory: Killed process 26894 (syz-executor.5) total-vm:72576kB, anon-rss:2204kB, file-rss:35872kB, shmem-rss:0kB [ 871.008518][ T1046] oom_reaper: reaped process 26894 (syz-executor.5), now anon-rss:0kB, file-rss:34912kB, shmem-rss:0kB 03:40:57 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000272) 03:40:57 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 0: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:57 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000288) 03:40:57 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003f3) [ 871.579153][T27796] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 871.687625][T27796] CPU: 1 PID: 27796 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 871.696794][T27796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 871.696799][T27796] Call Trace: [ 871.696819][T27796] dump_stack+0x172/0x1f0 [ 871.696841][T27796] dump_header+0x10f/0xb6c [ 871.714487][T27796] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 871.714506][T27796] ? ___ratelimit+0x60/0x595 [ 871.729275][T27796] ? do_raw_spin_unlock+0x57/0x270 [ 871.734394][T27796] oom_kill_process.cold+0x10/0x15 [ 871.739503][T27796] out_of_memory+0x79a/0x1280 [ 871.744188][T27796] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 871.749998][T27796] ? oom_killer_disable+0x280/0x280 [ 871.750019][T27796] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 871.761040][T27796] mem_cgroup_out_of_memory+0x1ca/0x230 [ 871.761054][T27796] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 871.761076][T27796] ? do_raw_spin_unlock+0x57/0x270 [ 871.761092][T27796] ? _raw_spin_unlock+0x2d/0x50 [ 871.761114][T27796] try_charge+0xfbe/0x1480 [ 871.786598][T27796] ? __check_heap_object+0x50/0xb3 [ 871.791711][T27796] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 871.797262][T27796] ? percpu_ref_tryget_live+0x111/0x290 [ 871.802813][T27796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 871.809059][T27796] ? kasan_check_read+0x11/0x20 [ 871.813977][T27796] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 871.819589][T27796] mem_cgroup_try_charge+0x24d/0x5e0 [ 871.824868][T27796] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 871.830494][T27796] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 871.836466][T27796] ? rcu_read_lock_sched_held+0x110/0x130 [ 871.842181][T27796] ? remap_page+0x160/0x160 [ 871.846677][T27796] ? lock_downgrade+0x920/0x920 [ 871.851552][T27796] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 871.857784][T27796] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 871.864109][T27796] ? alloc_pages_vma+0x142/0x540 [ 871.869031][T27796] do_huge_pmd_wp_page+0x7fc/0x2160 [ 871.874212][T27796] ? do_raw_spin_unlock+0x57/0x270 [ 871.879329][T27796] ? __split_huge_pmd+0x2c10/0x2c10 [ 871.884526][T27796] ? pmd_val+0x85/0x100 [ 871.888662][T27796] ? add_mm_counter_fast.part.0+0x40/0x40 [ 871.894381][T27796] __handle_mm_fault+0x164c/0x3eb0 [ 871.899569][T27796] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 871.905094][T27796] ? handle_mm_fault+0x292/0xa90 [ 871.910035][T27796] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 871.916259][T27796] ? kasan_check_read+0x11/0x20 [ 871.921243][T27796] handle_mm_fault+0x3b7/0xa90 [ 871.925990][T27796] __do_page_fault+0x5ef/0xda0 [ 871.930770][T27796] do_page_fault+0x71/0x57d [ 871.935283][T27796] ? page_fault+0x8/0x30 [ 871.939515][T27796] page_fault+0x1e/0x30 [ 871.943655][T27796] RIP: 0033:0x400590 [ 871.947534][T27796] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 871.967129][T27796] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 871.973185][T27796] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 871.981147][T27796] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 03:40:58 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400003ff) 03:40:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:58 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, 0x0, 0x388, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 871.989106][T27796] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 871.997058][T27796] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 872.005008][T27796] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 872.013322][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 872.019126][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 872.025032][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 872.030861][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 872.036712][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 872.042563][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 872.050452][T27796] memory: usage 307200kB, limit 307200kB, failcnt 468 [ 872.062076][T27796] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 872.083081][T27796] Memory cgroup stats for /syz5: 03:40:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 872.083191][T27796] anon 278937600 [ 872.083191][T27796] file 49152 [ 872.083191][T27796] kernel_stack 4259840 [ 872.083191][T27796] slab 10719232 [ 872.083191][T27796] sock 8192 [ 872.083191][T27796] shmem 0 [ 872.083191][T27796] file_mapped 0 [ 872.083191][T27796] file_dirty 135168 [ 872.083191][T27796] file_writeback 0 [ 872.083191][T27796] anon_thp 174063616 [ 872.083191][T27796] inactive_anon 262144 [ 872.083191][T27796] active_anon 278941696 [ 872.083191][T27796] inactive_file 0 [ 872.083191][T27796] active_file 24576 [ 872.083191][T27796] unevictable 0 [ 872.083191][T27796] slab_reclaimable 2973696 [ 872.083191][T27796] slab_unreclaimable 7745536 [ 872.083191][T27796] pgfault 126060 [ 872.083191][T27796] pgmajfault 0 [ 872.083191][T27796] workingset_refault 0 [ 872.083191][T27796] workingset_activate 0 [ 872.083191][T27796] workingset_nodereclaim 0 [ 872.083191][T27796] pgrefill 2289 [ 872.083191][T27796] pgscan 2284 [ 872.083191][T27796] pgsteal 163 [ 872.187096][T27796] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19153,uid=0 03:40:58 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000298) [ 872.300675][T27796] Memory cgroup out of memory: Killed process 19153 (syz-executor.5) total-vm:72840kB, anon-rss:2224kB, file-rss:35840kB, shmem-rss:0kB 03:40:58 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:58 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x0, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:58 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000407) 03:40:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x0, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0x0) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400002ae) 03:40:59 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000411) 03:40:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x0, 0xffffffffffffffff) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:40:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 873.231504][T27979] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 873.250511][T27979] CPU: 1 PID: 27979 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 873.259672][T27979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 873.270224][T27979] Call Trace: [ 873.273517][T27979] dump_stack+0x172/0x1f0 03:40:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 873.277851][T27979] dump_header+0x10f/0xb6c [ 873.282281][T27979] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 873.288100][T27979] ? ___ratelimit+0x60/0x595 [ 873.292689][T27979] ? do_raw_spin_unlock+0x57/0x270 [ 873.297795][T27979] oom_kill_process.cold+0x10/0x15 [ 873.302913][T27979] out_of_memory+0x79a/0x1280 [ 873.307600][T27979] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 873.313418][T27979] ? oom_killer_disable+0x280/0x280 [ 873.318616][T27979] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 873.318642][T27979] mem_cgroup_out_of_memory+0x1ca/0x230 [ 873.318659][T27979] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 873.335592][T27979] ? do_raw_spin_unlock+0x57/0x270 [ 873.335609][T27979] ? _raw_spin_unlock+0x2d/0x50 [ 873.335628][T27979] try_charge+0xfbe/0x1480 [ 873.345554][T27979] ? __check_heap_object+0x50/0xb3 [ 873.345574][T27979] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 873.345590][T27979] ? percpu_ref_tryget_live+0x111/0x290 [ 873.355071][T27979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 873.355086][T27979] ? kasan_check_read+0x11/0x20 03:40:59 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400002c4) [ 873.355106][T27979] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 873.355123][T27979] mem_cgroup_try_charge+0x24d/0x5e0 [ 873.355140][T27979] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 873.355156][T27979] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 873.382792][T27979] ? rcu_read_lock_sched_held+0x110/0x130 [ 873.382814][T27979] ? remap_page+0x160/0x160 [ 873.382833][T27979] ? lock_downgrade+0x920/0x920 [ 873.393717][T27979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 873.393731][T27979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 873.393751][T27979] ? alloc_pages_vma+0x142/0x540 [ 873.393769][T27979] do_huge_pmd_wp_page+0x7fc/0x2160 [ 873.393783][T27979] ? do_raw_spin_unlock+0x57/0x270 [ 873.393802][T27979] ? __split_huge_pmd+0x2c10/0x2c10 [ 873.393827][T27979] ? pmd_val+0x85/0x100 [ 873.393840][T27979] ? add_mm_counter_fast.part.0+0x40/0x40 [ 873.393867][T27979] __handle_mm_fault+0x164c/0x3eb0 [ 873.462595][T27979] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 873.468143][T27979] ? handle_mm_fault+0x292/0xa90 [ 873.468172][T27979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 03:40:59 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0x0) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 873.468190][T27979] ? kasan_check_read+0x11/0x20 [ 873.484174][T27979] handle_mm_fault+0x3b7/0xa90 [ 873.488953][T27979] __do_page_fault+0x5ef/0xda0 [ 873.493728][T27979] do_page_fault+0x71/0x57d [ 873.498232][T27979] ? page_fault+0x8/0x30 [ 873.502481][T27979] page_fault+0x1e/0x30 [ 873.506644][T27979] RIP: 0033:0x400590 [ 873.510538][T27979] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 873.530167][T27979] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 873.530178][T27979] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 873.530184][T27979] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 873.530191][T27979] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 873.530198][T27979] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 873.530205][T27979] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 873.573621][T27979] memory: usage 307196kB, limit 307200kB, failcnt 480 [ 873.585408][T27979] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 873.634091][T27979] Memory cgroup stats for /syz5: [ 873.634200][T27979] anon 278970368 [ 873.634200][T27979] file 49152 [ 873.634200][T27979] kernel_stack 4259840 [ 873.634200][T27979] slab 10719232 [ 873.634200][T27979] sock 8192 [ 873.634200][T27979] shmem 0 [ 873.634200][T27979] file_mapped 0 [ 873.634200][T27979] file_dirty 135168 [ 873.634200][T27979] file_writeback 0 [ 873.634200][T27979] anon_thp 174063616 [ 873.634200][T27979] inactive_anon 262144 [ 873.634200][T27979] active_anon 278941696 [ 873.634200][T27979] inactive_file 0 [ 873.634200][T27979] active_file 24576 [ 873.634200][T27979] unevictable 0 [ 873.634200][T27979] slab_reclaimable 2973696 [ 873.634200][T27979] slab_unreclaimable 7745536 [ 873.634200][T27979] pgfault 126192 [ 873.634200][T27979] pgmajfault 0 [ 873.634200][T27979] workingset_refault 0 [ 873.634200][T27979] workingset_activate 0 [ 873.634200][T27979] workingset_nodereclaim 0 [ 873.634200][T27979] pgrefill 2525 [ 873.634200][T27979] pgscan 2520 [ 873.634200][T27979] pgsteal 163 [ 873.790414][T27979] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25444,uid=0 03:41:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:00 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000425) 03:41:00 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0x0) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x0, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:00 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x4000044b) 03:41:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 874.474052][T27979] Memory cgroup out of memory: Killed process 25444 (syz-executor.5) total-vm:72576kB, anon-rss:2204kB, file-rss:35852kB, shmem-rss:0kB 03:41:01 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x16, &(0x7f0000000100)) ptrace(0x10, r2) ptrace$pokeuser(0x6, r2, 0x388, 0x0) r3 = accept4(r1, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r3, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400002d4) 03:41:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000461) 03:41:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 874.848528][T28064] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 03:41:01 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400002ea) [ 875.050365][T28064] CPU: 0 PID: 28064 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 875.059519][T28064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.069576][T28064] Call Trace: [ 875.072881][T28064] dump_stack+0x172/0x1f0 [ 875.077224][T28064] dump_header+0x10f/0xb6c [ 875.081654][T28064] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 875.087467][T28064] ? ___ratelimit+0x60/0x595 [ 875.092062][T28064] ? do_raw_spin_unlock+0x57/0x270 [ 875.097184][T28064] oom_kill_process.cold+0x10/0x15 [ 875.102305][T28064] out_of_memory+0x79a/0x1280 [ 875.106989][T28064] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 875.112801][T28064] ? oom_killer_disable+0x280/0x280 [ 875.118002][T28064] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 875.123824][T28064] mem_cgroup_out_of_memory+0x1ca/0x230 [ 875.129381][T28064] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 875.135022][T28064] ? do_raw_spin_unlock+0x57/0x270 [ 875.140135][T28064] ? _raw_spin_unlock+0x2d/0x50 [ 875.144995][T28064] try_charge+0xfbe/0x1480 [ 875.149419][T28064] ? __check_heap_object+0x50/0xb3 [ 875.154549][T28064] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 875.160106][T28064] ? percpu_ref_tryget_live+0x111/0x290 [ 875.160125][T28064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 875.171889][T28064] ? kasan_check_read+0x11/0x20 [ 875.176758][T28064] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 875.182313][T28064] mem_cgroup_try_charge+0x24d/0x5e0 [ 875.187607][T28064] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 875.193270][T28064] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 875.193288][T28064] ? rcu_read_lock_sched_held+0x110/0x130 [ 875.193311][T28064] ? remap_page+0x160/0x160 [ 875.209470][T28064] ? lock_downgrade+0x920/0x920 [ 875.214337][T28064] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 875.220582][T28064] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 875.226831][T28064] ? alloc_pages_vma+0x142/0x540 [ 875.231764][T28064] do_huge_pmd_wp_page+0x7fc/0x2160 [ 875.231781][T28064] ? do_raw_spin_unlock+0x57/0x270 [ 875.231800][T28064] ? __split_huge_pmd+0x2c10/0x2c10 [ 875.231824][T28064] ? pmd_val+0x85/0x100 [ 875.231840][T28064] ? add_mm_counter_fast.part.0+0x40/0x40 [ 875.231864][T28064] __handle_mm_fault+0x164c/0x3eb0 [ 875.231887][T28064] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 875.268843][T28064] ? handle_mm_fault+0x292/0xa90 [ 875.273795][T28064] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 875.273814][T28064] ? kasan_check_read+0x11/0x20 [ 875.273833][T28064] handle_mm_fault+0x3b7/0xa90 [ 875.273850][T28064] __do_page_fault+0x5ef/0xda0 [ 875.273870][T28064] do_page_fault+0x71/0x57d [ 875.299085][T28064] ? page_fault+0x8/0x30 [ 875.299102][T28064] page_fault+0x1e/0x30 [ 875.307474][T28064] RIP: 0033:0x400590 [ 875.311373][T28064] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 875.330980][T28064] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 875.337054][T28064] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 03:41:01 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:01 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 875.345032][T28064] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 875.353021][T28064] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 875.361000][T28064] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 875.368979][T28064] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 875.547523][T28064] memory: usage 306904kB, limit 307200kB, failcnt 500 [ 875.554674][T28064] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 875.568843][T28064] Memory cgroup stats for /syz5: [ 875.568949][T28064] anon 278917120 [ 875.568949][T28064] file 49152 [ 875.568949][T28064] kernel_stack 4259840 [ 875.568949][T28064] slab 10493952 [ 875.568949][T28064] sock 8192 [ 875.568949][T28064] shmem 0 [ 875.568949][T28064] file_mapped 0 [ 875.568949][T28064] file_dirty 135168 [ 875.568949][T28064] file_writeback 0 [ 875.568949][T28064] anon_thp 171966464 [ 875.568949][T28064] inactive_anon 262144 [ 875.568949][T28064] active_anon 278888448 [ 875.568949][T28064] inactive_file 0 [ 875.568949][T28064] active_file 24576 [ 875.568949][T28064] unevictable 0 [ 875.568949][T28064] slab_reclaimable 2973696 [ 875.568949][T28064] slab_unreclaimable 7520256 [ 875.568949][T28064] pgfault 126258 [ 875.568949][T28064] pgmajfault 0 [ 875.568949][T28064] workingset_refault 0 [ 875.568949][T28064] workingset_activate 0 [ 875.568949][T28064] workingset_nodereclaim 0 [ 875.568949][T28064] pgrefill 2665 [ 875.568949][T28064] pgscan 2657 [ 875.568949][T28064] pgsteal 163 [ 875.663778][T28064] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=26869,uid=0 [ 875.679882][T28064] Memory cgroup out of memory: Killed process 26869 (syz-executor.5) total-vm:72708kB, anon-rss:2212kB, file-rss:35828kB, shmem-rss:0kB 03:41:02 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000473) 03:41:02 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x400002fc) 03:41:02 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 875.940134][T28113] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 875.980963][T28113] CPU: 0 PID: 28113 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 875.990202][T28113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 875.990208][T28113] Call Trace: [ 875.990229][T28113] dump_stack+0x172/0x1f0 [ 875.990249][T28113] dump_header+0x10f/0xb6c [ 875.990273][T28113] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 876.012308][T28113] ? ___ratelimit+0x60/0x595 [ 876.022664][T28113] ? do_raw_spin_unlock+0x57/0x270 [ 876.022685][T28113] oom_kill_process.cold+0x10/0x15 [ 876.022701][T28113] out_of_memory+0x79a/0x1280 [ 876.022721][T28113] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 876.043425][T28113] ? oom_killer_disable+0x280/0x280 [ 876.048637][T28113] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 876.054554][T28113] mem_cgroup_out_of_memory+0x1ca/0x230 [ 876.060109][T28113] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 876.060133][T28113] ? do_raw_spin_unlock+0x57/0x270 [ 876.070857][T28113] ? _raw_spin_unlock+0x2d/0x50 [ 876.075723][T28113] try_charge+0xfbe/0x1480 [ 876.080146][T28113] ? __check_heap_object+0x50/0xb3 [ 876.085266][T28113] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 876.090809][T28113] ? percpu_ref_tryget_live+0x111/0x290 [ 876.090829][T28113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.090845][T28113] ? kasan_check_read+0x11/0x20 [ 876.090863][T28113] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 876.090884][T28113] mem_cgroup_try_charge+0x24d/0x5e0 [ 876.104126][T28113] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 876.104144][T28113] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 876.104159][T28113] ? rcu_read_lock_sched_held+0x110/0x130 [ 876.104178][T28113] ? remap_page+0x160/0x160 [ 876.104195][T28113] ? lock_downgrade+0x920/0x920 [ 876.104209][T28113] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 876.104220][T28113] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 876.104239][T28113] ? alloc_pages_vma+0x142/0x540 [ 876.104255][T28113] do_huge_pmd_wp_page+0x7fc/0x2160 [ 876.104274][T28113] ? __split_huge_pmd+0x2c10/0x2c10 [ 876.104296][T28113] ? pmd_val+0x85/0x100 [ 876.164113][T28113] ? add_mm_counter_fast.part.0+0x40/0x40 [ 876.164138][T28113] __handle_mm_fault+0x164c/0x3eb0 [ 876.164157][T28113] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 876.164170][T28113] ? handle_mm_fault+0x292/0xa90 [ 876.164194][T28113] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 876.195018][T28113] ? kasan_check_read+0x11/0x20 [ 876.195040][T28113] handle_mm_fault+0x3b7/0xa90 [ 876.195060][T28113] __do_page_fault+0x5ef/0xda0 [ 876.195082][T28113] do_page_fault+0x71/0x57d [ 876.225245][T28113] ? page_fault+0x8/0x30 [ 876.229499][T28113] page_fault+0x1e/0x30 [ 876.233662][T28113] RIP: 0033:0x400590 [ 876.237560][T28113] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 876.257171][T28113] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 876.263233][T28113] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 876.272572][T28113] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 03:41:02 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:02 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 876.280547][T28113] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 876.288520][T28113] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 876.296498][T28113] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 876.310435][ C1] net_ratelimit: 18 callbacks suppressed [ 876.310444][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 876.321903][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:41:02 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x40000487) [ 876.327706][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 876.333488][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 876.339286][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 876.345076][ C1] protocol 88fb is buggy, dev hsr_slave_1 03:41:02 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000303) [ 876.480496][T28113] memory: usage 307200kB, limit 307200kB, failcnt 523 [ 876.490999][T28113] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 876.523521][T28113] Memory cgroup stats for /syz5: [ 876.523650][T28113] anon 278863872 [ 876.523650][T28113] file 49152 [ 876.523650][T28113] kernel_stack 4259840 [ 876.523650][T28113] slab 10493952 [ 876.523650][T28113] sock 8192 [ 876.523650][T28113] shmem 0 [ 876.523650][T28113] file_mapped 0 [ 876.523650][T28113] file_dirty 135168 [ 876.523650][T28113] file_writeback 0 [ 876.523650][T28113] anon_thp 169869312 [ 876.523650][T28113] inactive_anon 262144 [ 876.523650][T28113] active_anon 278835200 [ 876.523650][T28113] inactive_file 0 [ 876.523650][T28113] active_file 24576 [ 876.523650][T28113] unevictable 0 [ 876.523650][T28113] slab_reclaimable 2973696 [ 876.523650][T28113] slab_unreclaimable 7520256 [ 876.523650][T28113] pgfault 126324 [ 876.523650][T28113] pgmajfault 0 [ 876.523650][T28113] workingset_refault 0 [ 876.523650][T28113] workingset_activate 0 [ 876.523650][T28113] workingset_nodereclaim 0 [ 876.523650][T28113] pgrefill 2734 [ 876.523650][T28113] pgscan 2725 [ 876.523650][T28113] pgsteal 163 [ 876.710448][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 876.716280][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 876.732807][T28113] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=22223,uid=0 [ 876.783516][T28113] Memory cgroup out of memory: Killed process 22223 (syz-executor.5) total-vm:72708kB, anon-rss:2216kB, file-rss:35820kB, shmem-rss:0kB [ 876.834724][ T1046] oom_reaper: reaped process 22223 (syz-executor.5), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 876.870404][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 876.876235][ C0] protocol 88fb is buggy, dev hsr_slave_1 03:41:03 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400004af) 03:41:03 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000309) [ 877.098670][T28261] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 877.147855][T28261] CPU: 1 PID: 28261 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 877.156996][T28261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.168180][T28261] Call Trace: [ 877.171478][T28261] dump_stack+0x172/0x1f0 [ 877.175824][T28261] dump_header+0x10f/0xb6c [ 877.180244][T28261] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 877.180261][T28261] ? ___ratelimit+0x60/0x595 [ 877.180277][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.180295][T28261] oom_kill_process.cold+0x10/0x15 [ 877.180312][T28261] out_of_memory+0x79a/0x1280 [ 877.180330][T28261] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 877.180345][T28261] ? oom_killer_disable+0x280/0x280 [ 877.180356][T28261] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 877.180378][T28261] mem_cgroup_out_of_memory+0x1ca/0x230 [ 877.195843][T28261] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 877.195867][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.195885][T28261] ? _raw_spin_unlock+0x2d/0x50 [ 877.243768][T28261] try_charge+0xfbe/0x1480 03:41:03 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400004c3) 03:41:03 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:03 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000315) [ 877.248194][T28261] ? __check_heap_object+0x50/0xb3 [ 877.253317][T28261] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 877.258872][T28261] ? percpu_ref_tryget_live+0x111/0x290 [ 877.264422][T28261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 877.271686][T28261] ? kasan_check_read+0x11/0x20 [ 877.276638][T28261] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 877.282188][T28261] mem_cgroup_try_charge+0x24d/0x5e0 [ 877.287479][T28261] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 877.293112][T28261] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 877.299094][T28261] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.304821][T28261] ? remap_page+0x160/0x160 [ 877.309332][T28261] ? lock_downgrade+0x920/0x920 [ 877.314186][T28261] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 877.320427][T28261] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 877.326663][T28261] ? alloc_pages_vma+0x142/0x540 [ 877.331582][T28261] do_huge_pmd_wp_page+0x7fc/0x2160 [ 877.336776][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.341896][T28261] ? __split_huge_pmd+0x2c10/0x2c10 [ 877.347111][T28261] ? pmd_val+0x85/0x100 [ 877.351274][T28261] ? add_mm_counter_fast.part.0+0x40/0x40 [ 877.357165][T28261] __handle_mm_fault+0x164c/0x3eb0 [ 877.362276][T28261] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 877.367818][T28261] ? handle_mm_fault+0x292/0xa90 [ 877.372742][T28261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 877.378968][T28261] ? kasan_check_read+0x11/0x20 [ 877.383814][T28261] handle_mm_fault+0x3b7/0xa90 [ 877.388573][T28261] __do_page_fault+0x5ef/0xda0 [ 877.393337][T28261] do_page_fault+0x71/0x57d [ 877.397822][T28261] ? page_fault+0x8/0x30 [ 877.402064][T28261] page_fault+0x1e/0x30 [ 877.406207][T28261] RIP: 0033:0x400590 [ 877.410104][T28261] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 877.429699][T28261] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 877.435758][T28261] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 877.443721][T28261] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 877.451686][T28261] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 877.459637][T28261] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 877.467592][T28261] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 877.477667][T28261] memory: usage 307200kB, limit 307200kB, failcnt 581 [ 877.485249][T28261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 877.492638][T28261] Memory cgroup stats for /syz5: [ 877.492740][T28261] anon 278974464 [ 877.492740][T28261] file 49152 [ 877.492740][T28261] kernel_stack 4259840 [ 877.492740][T28261] slab 10493952 [ 877.492740][T28261] sock 8192 [ 877.492740][T28261] shmem 0 [ 877.492740][T28261] file_mapped 0 [ 877.492740][T28261] file_dirty 135168 [ 877.492740][T28261] file_writeback 0 [ 877.492740][T28261] anon_thp 169869312 [ 877.492740][T28261] inactive_anon 262144 [ 877.492740][T28261] active_anon 278970368 [ 877.492740][T28261] inactive_file 0 [ 877.492740][T28261] active_file 24576 [ 877.492740][T28261] unevictable 0 [ 877.492740][T28261] slab_reclaimable 2973696 [ 877.492740][T28261] slab_unreclaimable 7520256 [ 877.492740][T28261] pgfault 126390 [ 877.492740][T28261] pgmajfault 0 [ 877.492740][T28261] workingset_refault 0 [ 877.492740][T28261] workingset_activate 0 [ 877.492740][T28261] workingset_nodereclaim 0 [ 877.492740][T28261] pgrefill 2836 [ 877.492740][T28261] pgscan 2836 [ 877.492740][T28261] pgsteal 163 [ 877.587936][T28261] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=25413,uid=0 [ 877.604404][T28261] Memory cgroup out of memory: Killed process 25413 (syz-executor.5) total-vm:72840kB, anon-rss:2220kB, file-rss:35812kB, shmem-rss:0kB [ 877.622490][T28261] syz-executor.5 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 877.623199][ T1046] oom_reaper: reaped process 25413 (syz-executor.5), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 877.632444][T28261] CPU: 1 PID: 28261 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 877.652508][T28261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 877.662566][T28261] Call Trace: [ 877.665854][T28261] dump_stack+0x172/0x1f0 [ 877.665876][T28261] dump_header+0x10f/0xb6c [ 877.674602][T28261] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 877.680414][T28261] ? ___ratelimit+0x60/0x595 [ 877.685000][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.685025][T28261] oom_kill_process.cold+0x10/0x15 [ 877.695220][T28261] out_of_memory+0x79a/0x1280 [ 877.699899][T28261] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 877.699919][T28261] ? oom_killer_disable+0x280/0x280 [ 877.699933][T28261] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 877.699956][T28261] mem_cgroup_out_of_memory+0x1ca/0x230 [ 877.699973][T28261] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 877.710938][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.710957][T28261] ? _raw_spin_unlock+0x2d/0x50 [ 877.710976][T28261] try_charge+0xfbe/0x1480 [ 877.710993][T28261] ? __check_heap_object+0x50/0xb3 [ 877.711016][T28261] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 877.711028][T28261] ? percpu_ref_tryget_live+0x111/0x290 [ 877.711043][T28261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 877.711059][T28261] ? kasan_check_read+0x11/0x20 [ 877.711078][T28261] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 877.711094][T28261] mem_cgroup_try_charge+0x24d/0x5e0 [ 877.711114][T28261] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 877.733131][T28261] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 877.733149][T28261] ? rcu_read_lock_sched_held+0x110/0x130 [ 877.733170][T28261] ? remap_page+0x160/0x160 [ 877.733188][T28261] ? lock_downgrade+0x920/0x920 [ 877.733204][T28261] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 877.733216][T28261] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 877.733234][T28261] ? alloc_pages_vma+0x142/0x540 [ 877.733253][T28261] do_huge_pmd_wp_page+0x7fc/0x2160 [ 877.733266][T28261] ? do_raw_spin_unlock+0x57/0x270 [ 877.733285][T28261] ? __split_huge_pmd+0x2c10/0x2c10 [ 877.747615][T28261] ? pmd_val+0x85/0x100 [ 877.844124][T28261] ? add_mm_counter_fast.part.0+0x40/0x40 [ 877.849859][T28261] __handle_mm_fault+0x164c/0x3eb0 [ 877.854979][T28261] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 877.860540][T28261] ? handle_mm_fault+0x292/0xa90 [ 877.865504][T28261] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 877.872182][T28261] ? kasan_check_read+0x11/0x20 [ 877.877041][T28261] handle_mm_fault+0x3b7/0xa90 [ 877.881814][T28261] __do_page_fault+0x5ef/0xda0 [ 877.886589][T28261] do_page_fault+0x71/0x57d [ 877.891101][T28261] ? page_fault+0x8/0x30 [ 877.895348][T28261] page_fault+0x1e/0x30 [ 877.899498][T28261] RIP: 0033:0x400590 [ 877.903392][T28261] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 877.922999][T28261] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 877.929071][T28261] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 877.937045][T28261] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 877.945019][T28261] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 877.952991][T28261] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 877.960980][T28261] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 877.970351][T28261] memory: usage 304828kB, limit 307200kB, failcnt 587 [ 877.991401][T28261] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 03:41:04 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 878.046345][T28261] Memory cgroup stats for /syz5: [ 878.046454][T28261] anon 276746240 [ 878.046454][T28261] file 49152 [ 878.046454][T28261] kernel_stack 4259840 [ 878.046454][T28261] slab 10493952 [ 878.046454][T28261] sock 8192 [ 878.046454][T28261] shmem 0 [ 878.046454][T28261] file_mapped 0 [ 878.046454][T28261] file_dirty 135168 [ 878.046454][T28261] file_writeback 0 [ 878.046454][T28261] anon_thp 167772160 [ 878.046454][T28261] inactive_anon 262144 [ 878.046454][T28261] active_anon 276717568 [ 878.046454][T28261] inactive_file 0 [ 878.046454][T28261] active_file 24576 [ 878.046454][T28261] unevictable 0 [ 878.046454][T28261] slab_reclaimable 2973696 [ 878.046454][T28261] slab_unreclaimable 7520256 [ 878.046454][T28261] pgfault 126390 [ 878.046454][T28261] pgmajfault 0 [ 878.046454][T28261] workingset_refault 0 [ 878.046454][T28261] workingset_activate 0 [ 878.046454][T28261] workingset_nodereclaim 0 [ 878.046454][T28261] pgrefill 2902 [ 878.046454][T28261] pgscan 2874 [ 878.046454][T28261] pgsteal 163 03:41:04 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, &(0x7f00000001c0), 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 878.145397][T28261] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor.5,pid=19931,uid=0 [ 878.275027][T28261] Memory cgroup out of memory: Killed process 19931 (syz-executor.5) total-vm:72576kB, anon-rss:2208kB, file-rss:35820kB, shmem-rss:0kB [ 878.347184][ T1046] oom_reaper: reaped process 19931 (syz-executor.5), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB 03:41:06 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400004d5) 03:41:06 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000319) 03:41:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 5: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) clock_gettime(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend,\x00']) clone(0x100, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$pokeuser(0x6, r0, 0x388, 0xffffffffffffffff) r1 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@ethernet={0x0, @local}, &(0x7f00000001c0)=0x80, 0x800) getpeername$inet(r1, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:06 executing program 3: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="c0dca5055e0bcfec7be070") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x400004e9) 03:41:06 executing program 1: write$P9_RLINK(0xffffffffffffffff, &(0x7f0000000000)={0x7}, 0x7) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x17f) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x8000040000408, 0x0, 0x0, 0x1, 0x4c9]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x40000329) [ 880.275305][T28426] kasan: CONFIG_KASAN_INLINE enabled [ 880.314741][T28426] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 880.375062][T28426] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 880.382043][T28426] CPU: 0 PID: 28426 Comm: syz-executor.5 Not tainted 5.2.0-rc3-next-20190607 #11 [ 880.391141][T28426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 880.394053][ T3882] kobject: 'loop1' (00000000b4be6996): kobject_uevent_env [ 880.401293][T28426] RIP: 0010:oom_unkillable_task+0x180/0x400 [ 880.401306][T28426] Code: c1 ea 03 80 3c 02 00 0f 85 80 02 00 00 4c 8b a3 10 07 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8d 74 24 10 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 67 02 00 00 49 8b 44 24 10 4c 8d a0 68 fa ff ff [ 880.401318][T28426] RSP: 0018:ffff888000127490 EFLAGS: 00010a03 [ 880.430498][ T3882] kobject: 'loop1' (00000000b4be6996): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 880.433917][T28426] RAX: dffffc0000000000 RBX: ffff8880a4cd5438 RCX: ffffffff818dae9c [ 880.433925][T28426] RDX: 100000000c3cc602 RSI: ffffffff818dac8d RDI: 0000000000000001 [ 880.433933][T28426] RBP: ffff8880001274d0 R08: ffff888000086180 R09: ffffed1015d26be0 [ 880.433939][T28426] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: 8000000061e63007 [ 880.433952][T28426] R13: 0000000000000000 R14: 8000000061e63017 R15: 1ffff11000024ea6 [ 880.454926][ T3882] kobject: 'loop3' (00000000c9716237): kobject_uevent_env [ 880.458146][T28426] FS: 00005555561f5940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 880.458154][T28426] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 880.458162][T28426] CR2: 0000000000607304 CR3: 000000009237e000 CR4: 00000000001426f0 [ 880.458173][T28426] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 880.458180][T28426] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 880.458184][T28426] Call Trace: [ 880.458203][T28426] ? kasan_check_read+0x11/0x20 [ 880.458222][T28426] oom_evaluate_task+0x49/0x520 [ 880.491705][ T3882] kobject: 'loop3' (00000000c9716237): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 880.497185][T28426] ? oom_badness+0x6c0/0x6c0 [ 880.497199][T28426] mem_cgroup_scan_tasks+0xcc/0x180 [ 880.497218][T28426] ? mem_cgroup_iter_break+0x30/0x30 [ 880.574782][T28426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 880.581032][T28426] ? task_will_free_mem+0x139/0x6e0 [ 880.586232][T28426] ? rcu_read_unlock+0x16/0x60 [ 880.591010][T28426] out_of_memory+0x6b2/0x1280 [ 880.595697][T28426] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 880.601506][T28426] ? oom_killer_disable+0x280/0x280 [ 880.606703][T28426] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 880.612521][T28426] mem_cgroup_out_of_memory+0x1ca/0x230 [ 880.618070][T28426] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 880.623713][T28426] ? do_raw_spin_unlock+0x57/0x270 [ 880.626004][ T3882] kobject: 'loop4' (000000009086556d): kobject_uevent_env [ 880.628849][T28426] ? _raw_spin_unlock+0x2d/0x50 [ 880.640770][T28426] try_charge+0xfbe/0x1480 [ 880.645193][T28426] ? __check_heap_object+0x50/0xb3 [ 880.647113][ T3882] kobject: 'loop4' (000000009086556d): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 880.650304][T28426] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 880.650317][T28426] ? percpu_ref_tryget_live+0x111/0x290 [ 880.650331][T28426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 880.650344][T28426] ? kasan_check_read+0x11/0x20 [ 880.650358][T28426] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 880.650372][T28426] mem_cgroup_try_charge+0x24d/0x5e0 [ 880.650386][T28426] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 880.650401][T28426] do_huge_pmd_wp_page_fallback+0x24f/0x1680 [ 880.650415][T28426] ? rcu_read_lock_sched_held+0x110/0x130 [ 880.650430][T28426] ? remap_page+0x160/0x160 [ 880.671724][T28446] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 880.671973][T28426] ? lock_downgrade+0x920/0x920 [ 880.671990][T28426] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 880.672008][T28426] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 880.709705][T28448] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 880.711279][T28426] ? alloc_pages_vma+0x142/0x540 [ 880.711302][T28426] do_huge_pmd_wp_page+0x7fc/0x2160 [ 880.730368][T28448] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 880.733774][T28426] ? do_raw_spin_unlock+0x57/0x270 [ 880.733793][T28426] ? __split_huge_pmd+0x2c10/0x2c10 [ 880.741003][T28446] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 880.746943][T28426] ? pmd_val+0x85/0x100 [ 880.746956][T28426] ? add_mm_counter_fast.part.0+0x40/0x40 [ 880.746972][T28426] __handle_mm_fault+0x164c/0x3eb0 [ 880.746986][T28426] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 880.746998][T28426] ? handle_mm_fault+0x292/0xa90 [ 880.747017][T28426] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 880.747031][T28426] ? kasan_check_read+0x11/0x20 [ 880.747044][T28426] handle_mm_fault+0x3b7/0xa90 [ 880.747065][T28426] __do_page_fault+0x5ef/0xda0 [ 880.762378][ T3882] kobject: 'loop0' (00000000b18be96a): kobject_uevent_env [ 880.766868][T28426] do_page_fault+0x71/0x57d [ 880.766884][T28426] ? page_fault+0x8/0x30 [ 880.766898][T28426] page_fault+0x1e/0x30 [ 880.766913][T28426] RIP: 0033:0x400590 [ 880.797820][ T3882] kobject: 'loop0' (00000000b18be96a): fill_kobj_path: path = '/devices/virtual/block/loop0' 03:41:06 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 880.801804][T28426] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 f5 56 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 880.801810][T28426] RSP: 002b:00007fff7bc49780 EFLAGS: 00010206 [ 880.801820][T28426] RAX: 0000000000000001 RBX: 0000000000760000 RCX: 0000000000000000 [ 880.801827][T28426] RDX: 0000000000000000 RSI: 000000002000cffc RDI: 0000000000000001 [ 880.801839][T28426] RBP: fffffffffffffffe R08: 0000000000000000 R09: 0000000000000000 [ 880.879638][T28435] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env 03:41:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:07 executing program 0: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(r2, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) [ 880.886531][T28426] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000760008 [ 880.886538][T28426] R13: 00000000004c55f2 R14: 0000000000000000 R15: 00007fff7bc499b0 [ 880.886552][T28426] Modules linked in: [ 880.910232][T28426] ---[ end trace a65689219582ffff ]--- [ 880.926021][T28436] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 880.943225][T28426] RIP: 0010:oom_unkillable_task+0x180/0x400 [ 880.944999][T28436] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 880.953793][T28426] Code: c1 ea 03 80 3c 02 00 0f 85 80 02 00 00 4c 8b a3 10 07 00 00 48 b8 00 00 00 00 00 fc ff df 4d 8d 74 24 10 4c 89 f2 48 c1 ea 03 <80> 3c 02 00 0f 85 67 02 00 00 49 8b 44 24 10 4c 8d a0 68 fa ff ff [ 880.971572][T28435] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 880.984941][T28426] RSP: 0018:ffff888000127490 EFLAGS: 00010a03 [ 881.000309][T28442] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 881.018414][T28442] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 881.032825][ T3882] kobject: 'loop2' (00000000b8b2b160): kobject_uevent_env [ 881.040091][ T3882] kobject: 'loop2' (00000000b8b2b160): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 881.043636][T28443] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 881.089295][T28443] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 881.105919][T28442] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 881.114505][T28442] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' 03:41:07 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:07 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) accept4(r0, &(0x7f0000000080)=@ethernet={0x0, @local}, 0x0, 0x0) getpeername$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, @multicast2}, &(0x7f0000000240)=0x10) 03:41:07 executing program 4: futex(&(0x7f000000cffc)=0x1, 0x0, 0x0, &(0x7f00003b6ff0)={0x77359400}, &(0x7f0000048000), 0x0) clock_gettime(0x0, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2$9p(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mount$9p_fd(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB=',noextend']) write$P9_RREADDIR(r0, &(0x7f0000000600)=ANY=[], 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000340)={0x3}, 0x0, &(0x7f00000003c0)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) ptrace(0x10, r1) ptrace$pokeuser(0x6, r1, 0x388, 0xffffffffffffffff) accept4(0xffffffffffffffff, 0x0, 0x0, 0x800) getpeername$inet(0xffffffffffffffff, 0x0, &(0x7f0000000240)) [ 881.144654][T28426] RAX: dffffc0000000000 RBX: ffff8880a4cd5438 RCX: ffffffff818dae9c [ 881.160366][T28446] kobject: 'kvm' (00000000f4e61130): kobject_uevent_env [ 881.175570][T28446] kobject: 'kvm' (00000000f4e61130): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 881.189233][T28426] RDX: 100000000c3cc602 RSI: ffffffff818dac8d RDI: 0000000000000001 [ 881.210364][ T3882] kobject: 'loop1' (00000000b4be6996): kobject_uevent_env [ 881.219128][ T3882] kobject: 'loop1' (00000000b4be6996): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 881.248102][ T3882] kobject: 'loop0' (00000000b18be96a): kobject_uevent_env [ 881.262909][T28426] RBP: ffff8880001274d0 R08: ffff888000086180 R09: ffffed1015d26be0 [ 881.274078][ T3882] kobject: 'loop0' (00000000b18be96a): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 881.285754][T28426] R10: ffffed1015d26bdf R11: ffff8880ae935efb R12: 8000000061e63007 [ 881.319511][ T3882] kobject: 'loop4' (000000009086556d): kobject_uevent_env [ 881.322489][T28426] R13: 0000000000000000 R14: 8000000061e63017 R15: 1ffff11000024ea6 [ 881.334683][T28426] FS: 00005555561f5940(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000 [ 881.343664][T28426] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 881.350300][T28426] CR2: 0000001b2f823000 CR3: 000000009237e000 CR4: 00000000001426f0 [ 881.369466][ T3882] kobject: 'loop4' (000000009086556d): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 881.376239][T28426] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 881.388423][T28426] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600 [ 881.396492][T28426] Kernel panic - not syncing: Fatal exception [ 881.403918][T28426] Kernel Offset: disabled [ 881.408252][T28426] Rebooting in 86400 seconds..