last executing test programs:

2m12.967831145s ago: executing program 1 (id=301):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000030900010073797a300000000060000000030a010400000000000000000100ffff0900030073797a310000001434000480140003006272696467655f736c6176655f30000008000140000000051400030076657468315f6d6173767461700000000900010073797a31"], 0xa8}}, 0x0)

2m12.89769298s ago: executing program 1 (id=302):
setresuid(0xee00, 0xee00, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_ifreq(r0, 0x8905, &(0x7f0000000100)={'bond0\x00', @ifru_names='rose0\x00'})
open(&(0x7f0000000000)='./file0\x00', 0x280000, 0x90)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xf}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x0, 0x0, 0x7ff, 0x8000}}]}}}]}, 0x78}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="184f"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r3, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m12.885291145s ago: executing program 1 (id=303):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000540)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@nfs_export_on}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = creat(&(0x7f0000000440)='./file1\x00', 0x0)
open_by_handle_at(r0, &(0x7f0000000200)=@xfs_parent={0x1c, 0x82, {0x2, 0x0, 0x5, 0x8}}, 0xd31600)

2m12.807368891s ago: executing program 1 (id=306):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000340)=ANY=[@ANYRES32, @ANYRES8, @ANYRES8=r1, @ANYRES64=r0], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x11, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x526d630517582f25, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4)
r2 = socket(0x10, 0x3, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
sendmsg$inet(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000180)="1c00000021006bcd210002006e04000081000010000000017aa60864", 0x1c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@textreal={0x8, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000300)={"0d14a02f7f545d524d7b29ff03d004b8a25f96172b0caf2ac49f5e4b906943c43f85d8f8c5f48e11782404387ab2991ce7cf68e40c450f9ba092d50a02e69efc44996c78385afb4561ebe1f16249f5f2ab2b625eb1d10509fb4b16537c2e443d95380a28c9a22c7446a1640393ae61057e305630dc49a390380a2a6f748f8654117d8b7b728026c0e4b64be3942163805dfe3b41ebfd8694772c8283e538376c9689decc55415abbc4ba260cfe4a6494816223bd9fa1b84a3c1698fe0e68a70fda332b1b48a76370aacb9040623baa72dfe9ac6caf5f728a0e278c83cb5f19535a4a4eef0ad85f67d796b13c5e7d79343c9dc3766cf6dee46b77381177925f551d8857466deda3ebd975ca045462a2fc26fc24a5afa7f0737ede97b029fd95d72f5ba9214771e32ed2427691584a5bca2578e1011efc61d17fc887180c392ef40749983e8349e1c43e22cd8f61d0d94f7b0e156c756d7c2128c3ca707a7ae720ad7222ba52fa79e48f0bcb4faef2e14584a961c1f15fb8fcfec58ecdee16e127f05081d36736068a315eb26428be7d1434fa0a79130b114266a15a23363aab9da829e2b6bab0ee01bb6a30a96132ffd583051ba70d4e8064efb221ea237a239d4322fa369ce8fa6ce545de9704ac5081cff69d3bd4024271dfd85980bc703fd3df2dd295438afb628267a259bcc55e6a498352c8c4bd20696470b066cfe2c0ce8d86fbac94eb1fd09d1727d1fe48221ea9fdc9ca7bfe2bac856284f092e181eedc55a4c681c3457dd1d9a738d71dc5d0434e56b9a26ed1caba787403a69d0d89f994bbf933a968a9de0679a3e4cc9daef8a4647ae40798973512259c4c1944e7631b3e95c0d3c0c99c51c2cd417f338a7f43894dc701253d84ed565cb8f1b621cb5ca226b58071312103fe097f8833c8f759358e1977d2a61c0668b44ac6bac1aea07342d30f50732d4793bd6c2b2d57c80b889488bfb9e94dd1beacd7a56f950d8d2de44939c2c70653b6b5998580a1cd9a52d77f407833760fb453278b0061ff5a710fbcfbc326282abbeea120f19cd21b6ebd93c91f728f04ea8891f331f4f42850a70a1e78e4248b7caeb033774131b0439a4d4c365be735163539a658fc52d4181272de6ed57715a2e72c3c5360d889c15326f34d54a55e5d7398f1701f1b913e619101d6a9606bb5d2811fd24a27bd0b28ef128ed4201618f0354322bb374febd26887f2720cff1679ffee156ae488c1ee3cb1473ea73302eccbd75663e62964d1beaa30f780fb7fafa613bcdb99ac5dc0231751f0f9a91c0b42ae7c3b128f97b8d7fa3b11c9ea96ca85241535d0c30ce8b04f307836f8b80e37544bdac9eac6da8e02a449f519216c9fb8ebf33f6e4f1f440236c18c9421a4cb7aad70f24f6db90e86cbaa912973dd11a4a0355c09d4851acd3d29c8824ef1294dbd9a"})
ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f00000001c0)={{0x0, 0xdddd0000, 0xd, 0xf1, 0x4a, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x6}, {0x5000, 0x2, 0xd, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0x2}, {0xeeee0000, 0xe6e50002, 0xb, 0x0, 0x2, 0x7, 0x4, 0x1, 0xc, 0x0, 0x6, 0x5}, {0x8000000, 0x2000, 0x8, 0x5b, 0x3, 0x46, 0x2, 0xd, 0x6, 0x3, 0x0, 0x1}, {0x100000, 0x10000, 0x8, 0x1, 0x3, 0x9, 0x9, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x2, 0xd000, 0x0, 0x6, 0x3, 0x6e, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x6000, 0x6000, 0x10, 0x9d, 0x3, 0x0, 0x0, 0x4b, 0x5, 0x7, 0x0, 0xf8}, {0xffff1000, 0x8000000, 0xd, 0x5, 0x3, 0x3, 0xa, 0x9, 0x54, 0x6, 0x2, 0x7}, {0xeeef0000, 0x5}, {0x2, 0x4009}, 0x40010000, 0x0, 0xf000, 0x340, 0x5, 0x2000, 0xe6e70c00, [0xffffffffffffff47, 0x6, 0x7, 0xc5]})
ioctl$F2FS_IOC_GET_PIN_FILE(r0, 0x8004f50e, &(0x7f0000000140))
r7 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_opts(r7, 0x29, 0x37, &(0x7f0000000080)=ANY=[], 0x18)
getsockopt$inet6_opts(r7, 0x29, 0x39, 0x0, &(0x7f0000000000))
ioctl$KVM_GET_MSRS_cpu(r6, 0xc008ae88, &(0x7f00000000c0)={0x1, 0x0, [{0x839, 0x0, 0x19d}]})
setsockopt$inet6_udp_int(r3, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000002c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
write$tun(r8, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

2m12.527542455s ago: executing program 1 (id=312):
r0 = socket$netlink(0x10, 0x3, 0x12)
write(r0, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000000)=0x7, 0x4)
socket$netlink(0x10, 0x3, 0x12) (async)
write(r0, &(0x7f00000002c0)="29000000140005b7ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29) (async)
setsockopt$netlink_NETLINK_CAP_ACK(r0, 0x10e, 0xa, &(0x7f0000000000)=0x7, 0x4) (async)

2m12.458636113s ago: executing program 1 (id=313):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x230003, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000180)={0xc, <r1=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f00000001c0)={0x18, r1})
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x40)
syz_usb_disconnect(r6)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000100)={0xf0f01e, 0x3})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_usb_connect(0x2, 0x543, &(0x7f0000000580)=ANY=[], 0x0)
splice(r4, 0x0, r3, 0x0, 0xffffffffffff8000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\b\x00\x00\x00B\x00\x00\x00@'], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000500)={&(0x7f0000000240), 0x0, 0x0, 0x0, 0x1, r8}, 0x38)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x2, 0x3, 0x3, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x6}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x9, 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x80)
close(r7)

1m57.457039337s ago: executing program 0 (id=495):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) (async)
r2 = syz_open_dev$sndpcmc(&(0x7f0000000d00), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_RESUME(r2, 0x4147, 0x0) (async)
writev(r1, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) (async)
r3 = dup(r0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, r3, 0x46c1c000)
r4 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000000)={0x1, 0x5}, 0x2) (async)
write$USERIO_CMD_REGISTER(r4, &(0x7f0000000440)={0x0, 0x1}, 0x2) (async)
write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000100)={0x1, 0xed}, 0x2) (async)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_ro(r5, &(0x7f0000000040)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x0, 0x0)
read$FUSE(r6, &(0x7f0000002100)={0x2020}, 0x1b03)
write$bt_hci(r6, &(0x7f0000000040)=ANY=[@ANYBLOB="f20a2007fe0000020001ee"], 0xb) (async)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000300ffde0000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r7, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20) (async)
write$P9_RLCREATE(r6, &(0x7f0000000180)={0x18, 0xf, 0x2, {{0x12, 0x1, 0x1}, 0x2}}, 0x18) (async)
r8 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r8, 0x29, 0x24, &(0x7f0000000080), 0x4) (async)
sendmsg$kcm(r8, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000600)="f4000900032b2c25fe80000000000000dc8b850f238466cc00007a000000ad6f911b51430437121d3ca7af", 0x5c4}], 0x1}, 0x0) (async)
r9 = socket$netlink(0x10, 0x3, 0x0)
fgetxattr(r9, &(0x7f00000000c0)=@known='system.sockprotoname\x00', &(0x7f00000001c0)=""/28, 0x1c)
r10 = syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r10, 0xc0305720, 0x0)

1m57.438539571s ago: executing program 32 (id=313):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x230003, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000180)={0xc, <r1=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f00000001c0)={0x18, r1})
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
pipe(&(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000040), 0x0, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r5}})
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000009b768405e0483020b9901e40201090227000100000000090400fb015cc7aa00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000000), 0x3, 0x40)
syz_usb_disconnect(r6)
r7 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000100)={0xf0f01e, 0x3})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
syz_usb_connect(0x2, 0x543, &(0x7f0000000580)=ANY=[], 0x0)
splice(r4, 0x0, r3, 0x0, 0xffffffffffff8000, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='\n\x00\x00\x00\b\x00\x00\x00B\x00\x00\x00@'], 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000500)={&(0x7f0000000240), 0x0, 0x0, 0x0, 0x1, r8}, 0x38)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x28, 0x2, 0x3, 0x3, 0x0, 0x0, {0x1, 0x0, 0x8}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x6}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x9, 0x1}}]}, 0x28}, 0x1, 0x0, 0x0, 0x804}, 0x80)
close(r7)

1m57.331228223s ago: executing program 0 (id=498):
r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f00000001c0), &(0x7f0000000240)=0x60)
fcntl$getown(r0, 0x9)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={0x0}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x21, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="140001000040000000000000000000000000000014000200fe8000000000000000000000000000aa140006"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_VENDOR(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f00000000c0)={0x1c, r3, 0x62c21a4ade68aba1, 0x70bd28, 0x0, {{0x32}, {@void, @val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000080)
r6 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$UHID_INPUT(r6, &(0x7f00000005c0)={0x8, {"6c421cab697bd82fe4d5c9603bbdc4fffc658f33e3b32d55eb71ab031650ca932e5edecfe3d1b85436152ab052817264bb551bc6356c2354acd4b4fd69ca9056d0dc9bf554d3d5164dc8270932029ac9c7285e65ebbe5c1c46eed9c77eee68fd2034c3ba58fe13dea341633916d75d59442b16bb48155f224ad8536c9de1c320d90e980f4f3b81cb8282fe50e13f7a92d87891fdd7ffaa6fab50903cbbb05fe020c870aa0a62b8b8537059ca860d12a62f1ccb5aac13d73b8fc73667f3303f7e07ae5720b2d1ffc74b6f9198b6053c3dc64df576ae975d7fba12f625aa3eb3b0f99324f3dc555ebbcf53d27c7a67aa184fbf8e228845dca9e176e92845bf91d40c379bc4370c6f186827046e4ab54ecf2e67f4c2f0eeb604e02126466cdcef54eb851c3b347cbf4c40e2c2f968d13e15fed942da1f149d971691fb1069be5e745cfd6c9e834fd2b3e61e7dbbe58594f417b21dcc9230af0d72105c8ad6f1f7b657a360cce658ef56a546c7e274a3256de829b9504a764d537a2423673edccf3e46e6b168d1b1c7f9a4cabd69e48d09d4404d38795e5d9ee33aa90716d20256c82f38c81f91293679493e3b56bf8ece5aa49dc9a0125b913275ae77833697f0d879cec14d263e7e5c9356c870153164369d90978886cc6de0459f508023f257d7dfd8a19689d5af0ac62deca23710d6a4148a3cf9be2fe050217573b94110b20a6d7dc364bf638068795742349386a31dc667c816d4dd32d5a444a8a85fd2519db562d90864d4fdc98a7f05c310b6de2b824751ca8e502ee3d09132d8a4db3f5edabf22e26da7f0f731938a486843c082ad89cd531df2aad44bcd9126023e910037335e86476a6093e23b7198479af1f41ce7d7447f13aedbc7504ade323e3753ccc7f89c2203cb8468a5d575e8b0418b9462ade7d5f40674cd59c7263374e3dab0db428c4c3474ebac61b339196ccb1df18e9eb3ddee457d672305ba45278cef8f6758219e253a3474d8e88d5a93f034048f8a0a638560c835e6c36552d8513d4435a0e7c40797f06344ef31bf9d84304f70d5799534455b5b576aa85396f1f66c8535475b76e834c07b40fac754b6e12738d77077979e1030b0bf3665d205abcb1e877ae7d3a57d4536dd5ead9b0f18eaaad888a0c253b8db81a4b002c466d7bfa73b2e20ec0bfd36a30ead3f4ef38e1d69e2aa284950d26d1bbccf08fa18cdba494e045f8c0b13fc503cdbdc500dc0672cf64e74fd6f41b50982dd7537efdc7938230bc13e60eebd8a4ab2af7054352d0ea117b0c09ae11563b53e3447249e8801013137a7a8ed924a14acabc769fa8ccda7d5bdfb41e6fc08ec892b102323c1515b840ccc44ebc42f05795d6a95741848b8a398ec78b4599740266a2ad2361bb6f85bbc2b7e0593f24fa7f25bac918a7daefe4462ebd29a6a5bc1331666b468179067a2cbad8e9996ad293621f19594352547a3eda95de238ff7691b82d30afe986feaef5f43167f921d467c908a23b62a60d4754b4ea1d95b600510573eff18b40615e50cd19e5c824dcc0d8687b62fca0f95d003c2d73a95c4fbdf259600ce0cda20ea9b2ca2ab04f4f56ab17de34825f22e29162b057a4f89bae2eeec22241345a2272c7fac0bacd929354637224cb03b15bef213080f062ee8eeece2ef54ff10ebfa0b7cb75a0ac1e82f4cad22755541e24e17cf3ba237017ea3dc7a02eea54ee401e8f23216da134241c043f0a9895da98baa70c3b0e0d37b895be613b10e4daa66370e1592e0c29d7abb56699c99ece4fc29f4b5f5a19831bd6355d6ccd0afb32b84e97334da4742eff34574307ca6d55e84915b29e50f250c21080fdec57c46cdd211d36cac5590981ec31c039f3ea830fbe29182a5e74acb8074dd7db496a15df45172e0cc6769ed535c260c705d696a3ab287050707772b1cfd4019743fc704634fda8b3a323a374d38099e4504539acb9e37be9e6b5215b57e2fcbbfd46f6870fa7e63503a637bd47d86dfacad51d752aa27b656acf56fa2b221a60f9239e66ed58d38e9da23c817ceb98d8f919580f7324e6316fb4189bc2841b755ab3ab2ff47843f6ff4d68f8fd2fcc2439c9ecaf5f452ca44a166b14f97e782ea45719f8a9659685c1bda80ccbec70dd28949b414486440f6d4170fb493d689afbd575f8af32967407c44a84d1c22a14a2c7f6739e4aa020d7cf855122f5a99e8bd73a99d30d45b717ae5de53729c8b590efb1e5927bb476f12f84dbb808e8b894af150214511c68d151cf594a91ca86da8ecd01b1df8289cefa8c04899ed9f02ea7a2443244bf1e79a7986347630a27dee6e91aa31735a72a34dcd0a4836920e2fe3a2dde21dc9cbd4d7f2afd9345a3c9449baa722c3c9d3554acabad3864ae5c2825ea8f106ba0412ba7bf768e1eba5a5723db93600230dd5a9595e289cc667a07c30ad99dd53680c6602f79f6067b983d450ddf4c1d3c92ad7b56ba1f71017f5b3bb3aa1ffff936de6ace861e497bdfff463a292955f9734fab773bc13b61ebe735520cb927f12def353ace7193bcb81fb7f1eb6a55068bf202122400ad7f03e2e68696c0b74154fceb89902d8e3e782391e1a50f1c52eecf431c477339ac90365222c6ecaac19fc8db394251d28686e472b54d74ab36ebec2805b6b75ed5810c461b99e52c26fdfdfac05ccca5a45e8490eb5ae4e20f11ca6aa9e4445062ec4bc40b37dae2fb0133b6c80264bc5d0a660ef957f64b3b1169068677d56e8e0edf23e0c2a1390314d32ae16d0eff6984f2cbd1120060db17b4dc7694772562b7ca9e58d93c14a65481cf68167b6d1cabb4b47ded5587bbeca221b71276b203c18ec554b4c68121e3ca6ac22e271a3bd69cd1665625856ac98dd996f1a07e439e7e663393fdb7f29cb0d12863d399357a43f7a977f3eb96a5458af8bfeae6ed70644eab6a2f615454f3eaff41f125e648ef9145cbc3640258bf10e508085b3295911c3b463c94de1097dc0e08b75062412b7796a90bfb170210c42477aaebcd5cfcdc22e7e3e8b3fb3571fac7e1cb019d787fe565390504f5824e1db6056a307b981e63f89f9bfabe6fb0a1d2acf9e0519d315686ec50d32b850f6ed1eb1c510d2068234a745f1d8de0c35018425c491cdbe0d5bf452a08fea1d8b38047fe2e112637fe15d11ed983b01824da9e9e0448a0e4416f0fe43edb305273ec809b501be6e1929ecaf244096bcc1f4a571a7c485c393780f163b7758f7518fa93d57663fc866176c2c5c796714c4f24105bd89ac25afa94952e954d3146b3b12f39133d3d4ed1464c2a6b5c067504eec5657e2ab5712ef8876cf401cf49a41fb3f2a44284a33b65cbbd9be0c28e970351843b32dccc46649c35082dbb0e17d044183c4a767e8450d0fd2807384a93960a67a3ed13eec88c3dea73a5fd4896fa7460cee383ff16a61d7b5900e10cdf4a4443e3540d7ac47315f28aca018cf7150c598a17a3c0f84330adf09c06bf52bfa472a3357fd5b697f6aa4a0ab5e679077617de5563f67abaec6b2805f861348025ec5db2a11191e3f8e12fa3ed59fc682a008a500dab1c1c510be67291f955d7a8dda5b629df3989ea0503ae10f144f5b9e6285b6b3dfcd8baf5788ba071e326fafd5a692fcd9861d79ddd7b73e7e1c74a7212a2381b3337a83b82171c9a5c2e1f4be5c7f2ba3c26ce08160e7ebe887ba1c9270def0926f47aa84fbe6c9178cc3aeec94013eafa61ea368629b9587f38819522ba990f60431c8ed2b9fee471ea69799380411ff5783b67a36e92300a7d7cf7d7073cbf58f8ed923e678ffd8a871f5aa9be75c8cada0b1fd31911c715e8a677d9757148c00007f30221a61094af656e9ab58f3a69043f47b000602b37fcaa72ce9f12a1bd9a7fa9a5807bb0ad5bd377b457d5495cb4bff061ab54151839eb5667f5d1050a307ef39f9f538f2ca9620a5228826431086d25366c81ffcb40f4f9eac61e4c2aaee80792e471600986520202043c40fc4103c2f3196353f12b25280e80a02de36a7fb1218d9397c27f654ebbb2877a8a431ce716b36a9086dcca6f67cca984590618121181db9e08e0951d118346278a1757321ede34858c0ca2b052c6c77461bc27b1ccf776097d8f935930e51494a4f671b2dc03ffb296a0247db6d1ce126642a3a7c3a9e4961fcfe3fb228c796ab8e064e2940eb0341d3d7ac49c2d62b12d9598a70096a8a8ca666ce2a9b542b7ad5c361021be30bee0d9c7a2b81033138a3901684ee94bf4c141644e5fe28eda2efb84f34fa3c811ab21bca15b3756ecf0792f19f143b833605d7dcfab756f95781f2209bda12b4ba43802ec22f5e87aa762b65dc13d2cd4bf6fb2982f6a9cd4e32158331148caeb68809d305866fab6fbe9ac2bc7eb7b98d4171782dbb0923111dc4baf540ee790ffec80f09fc85ea497dc4e0359a8acbf672eba702591ace30e430c1bc021731f93c2c6bd797cc142ff440cd0bdbe5018ab8609fc1a829460d6385a042d3fdf57d0c702a6fc680048cb4d31f4c9f89d5ce1b5ec0a44a98c0b38344ab9b542676d12c0980a0912969f5e3288b3a101a02900572c4405b0185c1318cc1ed1baef28e04cfb8f9c43c5a2facaeb08ca20a2a1a84a525b22f930298cc5a0a5d6e11955713e393b569ba1e6d31c8ec35adea05399cb7c6560d0ff20c7fc990333020acd1c06d456441cbe30968013252b64b2c0fa0aa79ca1b130527fe6aa675d226963d169e18138410b5a6e63cbfeb48df877463bf851872daf566bbada0ed61c0093d1bf6e7f78acb59d628fcfeb4ea89d133961f7d319212c8fad0402856fdba778005c28a43643ded691f74a9eff31827ca6e5c5c9c1b5bdbd840206ffe921124243d1af187dbab077ca55e97b92c1d7a1d73616bd5984e38b8be83448a734882438ab2454d6ee2de51151465c3b91e0704da7dda98e4f3920b7b664a792d5862c36a3077f0acc2579193ac9981647c46cb774a62b75b1d769986c7cc70ccad23842cdc7092cf00c966b2f6c644ebb773825553a5bc7d00559c637fe22d20b13be90138f1993c3812db65fa39a99dbabd53389e97e0c87d36c8dcc9134e35c229399c2ac60add5c5ba8b804ef850a9162ba435b84163c61c3a55f3561aa27d9fa39902dd5388dd1aa0d09ad4cb518f5060f04e8e19f5e7412ebd85998c8c79f4414c3b4e19c9029cd4f26461c3c29baf67e8b3f4580fd218c2f8ea2b5ce6c91deafd43161d2fbc6cb8a7312eceeb64b9e7595b538ac90fecc15316053e8a7951d78e5827b585b7287a67d9eb8ef054f3f053f31c49e582d13c281d6d077eafb07433136557264f923865c4862266e2ee32b33f9f22019f2cfbb2733ff7d8f69e9433ba1aa39475f9a3b6ca6046c0aa26b3ed2ed80bb2b8fb45cbb5e922a6b62889f9bd5f436e5d6f648c4fea9f2472341315bd5894c9ab1f9445827d745588038b212f1985c1d229ce3678d55b5485fdcbddeb1dce59ddfe51802c2525d96afe886ade700fdc04adef56e4b7b0f942d0386f15683e2388fee19c699e07ce5c5c6c67c5a5d336b318d7aed0aac5f13e39ee4bf3d8f0caf9541bbb9ccbbfe62bfe81d0c9342c9a1a2d8725c3e9e0eadf416326f5949e4adf13d873813f05eaecf78aa6c8dacb367eac4f51230153e7278d8b38852b40d7b247d67f695f5b6a98cdf44c7c98528dc359633473bc6c39002b565af8dc270de40d173b6bc46f437924320362581cddb116f7519cefd1b8b09876cb497773277801848beb13087a49ce5f5f1282", 0x1000}}, 0x1006)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0x0)

1m57.324929344s ago: executing program 0 (id=500):
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000040)={0x6, 'ip6gre0\x00', {0x3}})
r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000100)=0x80, 0x800)
accept4$x25(r0, &(0x7f0000000240)={0x9, @remote}, &(0x7f0000000280)=0x12, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}]}, &(0x7f0000000180)=0x10)
r2 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000200)=0x8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000080)={@link_local, @random="86082b9827c1", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb3e02", 0x40, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "974367", 0x0, 0x11, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, [@dstopts={0x0, 0x1, '\x00', [@padn={0x1, 0x33, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}]}}}}}}}, 0x0)
bind$inet6(r4, &(0x7f0000d84000)={0xa, 0x0, 0x1, @loopback, 0x9}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000000c0)={r3, @in6={{0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}}}, &(0x7f00000001c0)=0x9c)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000140)=r3, 0x4)

1m56.428229265s ago: executing program 0 (id=512):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, &(0x7f0000000000)=0xa0, 0x4)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40086602, &(0x7f0000000000))
symlinkat(&(0x7f0000000200)='./file0/file0\x00', r0, &(0x7f0000000040)='./file0\x00')

1m56.427324575s ago: executing program 0 (id=513):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f00000002c0)={0x1, 0x0, [{0x10a, 0x0, 0xa}]})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x81}]}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) (async)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_SET_DESC={0xc, 0x9, 0x0, 0x1, [@NFTA_SET_DESC_SIZE={0x8, 0x1, 0x1, 0x0, 0x81}]}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}, @NFT_MSG_NEWTABLE={0x14, 0x0, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x4}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xcc}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

1m53.408453448s ago: executing program 0 (id=551):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)={0x38, r1, 0x1, 0x4070bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xb}, @ETHTOOL_A_BITSET_VALUE={0x8, 0x4, "d8dfd91b"}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4807}, 0x8080) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 64)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0), 0xc00, &(0x7f00000000c0)={[{@quota}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'cpuacct.usage_percpu\x00'}}]}) (rerun: 64)
chdir(&(0x7f0000000240)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, 0x0, 0x118)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)

1m53.341905579s ago: executing program 33 (id=551):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), r0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'ipvlan1\x00', <r3=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)={0x38, r1, 0x1, 0x4070bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_DEBUG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_DEBUG_MSGMASK={0x18, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_MASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0xb}, @ETHTOOL_A_BITSET_VALUE={0x8, 0x4, "d8dfd91b"}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x4807}, 0x8080) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) (async, rerun: 64)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000003c0), 0xc00, &(0x7f00000000c0)={[{@quota}], [{@appraise_type}, {@fsname={'fsname', 0x3d, 'cpuacct.usage_percpu\x00'}}]}) (rerun: 64)
chdir(&(0x7f0000000240)='./file0\x00')
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, 0x0, 0x118)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)

59.474775952s ago: executing program 5 (id=1591):
r0 = syz_io_uring_setup(0x326c, &(0x7f0000000000)={0x0, 0xd240, 0x1000, 0x3, 0x18c}, &(0x7f0000000100), &(0x7f00000000c0))
r1 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0xa, 0x0, r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
io_uring_register$IORING_REGISTER_CLOCK(r0, 0x1d, &(0x7f0000000080), 0x0)
r4 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_linger(r4, 0x1, 0x3c, &(0x7f0000000040)={0x200000000000001}, 0x8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @dev, 0x5}, 0xf)
setsockopt$inet6_IPV6_HOPOPTS(r4, 0x29, 0x36, &(0x7f0000001440)=ANY=[@ANYBLOB="0017"], 0xc0)
sendmmsg$inet6(r4, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4000000)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x4)

59.29775985s ago: executing program 5 (id=1594):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r1, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000040)={0x28, 0x4, r1, 0x0, &(0x7f0000ff8000/0x1000)=nil, 0x1000, 0x3})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r1})

59.237186683s ago: executing program 5 (id=1597):
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000300)={"0d14a02f7f545d524d7b29ff03d004b8a25f96172b0caf2ac49f5e4b906943c43f85d8f8c5f48e11782404387ab2991ce7cf68e40c450f9ba092d50a02e69efc44996c78385afb4561ebe1f16249f5f2ab2b625eb1d10509fb4b16537c2e443d95380a28c9a22c7446a1640393ae61057e305630dc49a390380a2a6f748f8654117d8b7b728026c0e4b64be3942163805dfe3b41ebfd8694772c8283e538376c9689decc55415abbc4ba260cfe4a6494816223bd9fa1b84a3c1698fe0e68a70fda332b1b48a76370aacb9040623baa72dfe9ac6caf5f728a0e278c83cb5f19535a4a4eef0ad85f67d796b13c5e7d79343c9dc3766cf6dee46b77381177925f551d8857466deda3ebd975ca045462a2fc26fc24a5afa7f0737ede97b029fd95d72f5ba9214771e32ed2427691584a5bca2578e1011efc61d17fc887180c392ef40749983e8349e1c43e22cd8f61d0d94f7b0e156c756d7c2128c3ca707a7ae720ad7222ba52fa79e48f0bcb4faef2e14584a961c1f15fb8fcfec58ecdee16e127f05081d36736068a315eb26428be7d1434fa0a79130b114266a15a23363aab9da829e2b6bab0ee01bb6a30a96132ffd583051ba70d4e8064efb221ea237a239d4322fa369ce8fa6ce545de9704ac5081cff69d3bd4024271dfd85980bc703fd3df2dd295438afb628267a259bcc55e6a498352c8c4bd20696470b066cfe2c0ce8d86fbac94eb1fd09d1727d1fe48221ea9fdc9ca7bfe2bac856284f092e181eedc55a4c681c3457dd1d9a738d71dc5d0434e56b9a26ed1caba787403a69d0d89f994bbf933a968a9de0679a3e4cc9daef8a4647ae40798973512259c4c1944e7631b3e95c0d3c0c99c51c2cd417f338a7f43894dc701253d84ed565cb8f1b621cb5ca226b58071312103fe097f8833c8f759358e1977d2a61c0668b44ac6bac1aea07342d30f50732d4793bd6c2b2d57c80b889488bfb9e94dd1beacd7a56f950d8d2de44939c2c70653b6b5998580a1cd9a52d77f407833760fb453278b0061ff5a710fbcfbc326282abbeea120f19cd21b6ebd93c91f728f04ea8891f331f4f42850a70a1e78e4248b7caeb033774131b0439a4d4c365be735163539a658fc52d4181272de6ed57715a2e72c3c5360d889c15326f34d54a55e5d7398f1701f1b913e619101d6a9606bb5d2811fd24a27bd0b28ef128ed4201618f0354322bb374febd26887f2720cff1679ffee156ae488c1ee3cb1473ea73302eccbd75663e62964d1beaa30f780fb7fafa613bcdb99ac5dc0231751f0f9a91c0b42ae7c3b128f97b8d7fa3b11c9ea96ca85241535d0c30ce8b04f307836f8b80e37544bdac9eac6da8e02a449f519216c9fb8ebf33f6e4f1f440236c18c9421a4cb7aad70f24f6db90e86cbaa912973dd11a4a0355c09d4851acd3d29c8824ef1294dbd9a"})
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='timerslack_ns\x00')
writev(r0, &(0x7f0000002500)=[{&(0x7f00000023c0)='2', 0x1}], 0x1)
ioctl$KVM_SET_SREGS(r0, 0x4138ae84, &(0x7f0000000700)={{0x1000, 0x8000000, 0x9, 0xc1, 0xab, 0x0, 0xff, 0x0, 0x4, 0x9, 0x2}, {0x1, 0x60000, 0x10, 0x40, 0x3, 0x9, 0xc5, 0xff, 0x6, 0x1, 0x2, 0x6}, {0x4000, 0x4, 0xc, 0x10, 0x6, 0x8, 0xe, 0xfe, 0xfb, 0x3, 0x0, 0xf}, {0x8080000, 0x7000, 0xe, 0x5, 0x7, 0x1, 0x5, 0xb1, 0x24, 0x2, 0x8, 0x1}, {0x100000, 0x1, 0xd, 0x3c, 0x5, 0x6, 0x4, 0x80, 0x8, 0x6, 0x9, 0x7}, {0x2000, 0x0, 0x9, 0x2, 0x5, 0x2, 0x3, 0x80, 0x6, 0x1, 0x5, 0x6}, {0xf000, 0x6000, 0x0, 0x2, 0x99, 0xd, 0x2, 0xf, 0x1, 0x6, 0xc, 0xb}, {0x1, 0x5000, 0xa, 0xc, 0x8, 0x3, 0xd, 0x9, 0xff, 0xfc, 0x9, 0x10}, {0x200000}, {0xffff1000, 0x12}, 0x40000, 0x0, 0x50000, 0x0, 0xc, 0xc000, 0xfec00000, [0x29a0, 0x7fffffff, 0xe]})
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
r2 = syz_open_dev$loop(&(0x7f0000000300), 0x80, 0x1c1881)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x5)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', &(0x7f0000000080), 0x42, &(0x7f0000000000)={'trans=virtio,', {[{@access_any}]}})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000200)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001311ff00000000000000000000000000000000ff0200000003000000000000e9ffff004f194e20"], 0x4b)

59.146135502s ago: executing program 5 (id=1599):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
writev(r0, &(0x7f0000000080)=[{&(0x7f00000000c0)="5bffd08307d80c79b1cb7b5f0c5b4d719c69c8513f748fbe425a7bc388c9019bef114779f7a10dc03a883d6e16a0a704f74297f381ff1db75098a9b38bb67206a7ff22e6ca46dc760bdad8a79d5951988c55a368dd1132ba7f129c2e65441eaa27492c069488df0881f123ca01ae873f5b36eb0fddb8f07420f5484d81cabde167c87ffbab6a94b24b5537bb1a08d56469f516fd4b7c66e2ac50d5ff4e52c628d0a89e53d0e78582a5ab2a2c714f66", 0xfe7c}], 0x1) (async, rerun: 64)
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80000) (rerun: 64)
write$P9_RFLUSH(r1, &(0x7f0000000180)={0x7, 0x6d, 0x2}, 0x7) (async, rerun: 32)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000240)={0x2000, 0x1000000}) (rerun: 32)

58.463520065s ago: executing program 5 (id=1609):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYBLOB="ef00000000000000140012"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0xc000) (async)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYBLOB="ef00000000000000140012"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0xc000)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="340000001900150000000000000000000a"], 0x34}], 0x1, 0x0, 0x0, 0x4010}, 0x50)

58.397787396s ago: executing program 5 (id=1611):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0) (async)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040ed5000410"], 0x11) (async)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040ed5000410"], 0x11)
r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2)
ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000140)={0x5, 0xfffffffffffffff8, 0x4, 0x4, 0x7, 0x8}) (async)
ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000140)={0x5, 0xfffffffffffffff8, 0x4, 0x4, 0x7, 0x8})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x800, 0x0) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x800, 0x0)
setrlimit(0x9, &(0x7f0000000200)={0x88, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0xfffffffc, 0x0, 0x1, 0x0, &(0x7f0000000580)="b3"})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x115)
pipe2$9p(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4800)
write$P9_RVERSION(r5, 0x0, 0x15)
dup(r5) (async)
r6 = dup(r5)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}})
write$P9_RLERRORu(r5, &(0x7f00000001c0)={0x23, 0x7, 0x1, {{0x16, 'trusted.overlay.upper\x00'}}}, 0x23)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0xb, 0x70bd26, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x1, 0x0, 0xc, 0x1}}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x68}}, 0x40000)

43.362756056s ago: executing program 34 (id=1611):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x1d, 0x2, 0x6)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0) (async)
lgetxattr(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x50}, 0x0)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040ed5000410"], 0x11) (async)
syz_emit_vhci(&(0x7f0000000400)=ANY=[@ANYBLOB="040ed5000410"], 0x11)
r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x2)
ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000140)={0x5, 0xfffffffffffffff8, 0x4, 0x4, 0x7, 0x8}) (async)
ioctl$PIO_CMAP(r2, 0x4b71, &(0x7f0000000140)={0x5, 0xfffffffffffffff8, 0x4, 0x4, 0x7, 0x8})
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x800, 0x0) (async)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x800, 0x0)
setrlimit(0x9, &(0x7f0000000200)={0x88, 0x1})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0xfffffffc, 0x0, 0x1, 0x0, &(0x7f0000000580)="b3"})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
mkdir(&(0x7f0000000080)='./file0\x00', 0x115)
pipe2$9p(&(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x4800)
write$P9_RVERSION(r5, 0x0, 0x15)
dup(r5) (async)
r6 = dup(r5)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}}) (async)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000780)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r6}})
write$P9_RLERRORu(r5, &(0x7f00000001c0)={0x23, 0x7, 0x1, {{0x16, 'trusted.overlay.upper\x00'}}}, 0x23)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0xb, 0x70bd26, 0x0, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x3}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x1, 0x0, 0xc, 0x1}}]}, {0x4}, {0xc, 0xa}, {0xc, 0x9, {0xf5}}}}]}]}, 0x68}}, 0x40000)

914.866542ms ago: executing program 6 (id=2379):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

745.02509ms ago: executing program 6 (id=2383):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f0000000000)={0xfee00000, 0x10000})

744.301924ms ago: executing program 4 (id=2384):
r0 = openat$kvm(0x0, &(0x7f0000000180), 0x103880, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000000)=[@code={0xa, 0x51, {"4cd17f0202baf80cb8b8271e8bef66bafc0c4e0fc7ae08000000664d0faef7660f63ff66470f38812e26440f78c226480fc7980500000066b83c008ec00f01cb"}}], 0x51})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

677.098124ms ago: executing program 2 (id=2385):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0x1, 0x60, {"3ef30fc735fc9a00003e0f01c8c4417df1a9b398000066b824008ec8460f79f2c4e1717db49c26000000b9800000c00f3235000400000f307b9666baa00066b8000066ef66bad1040f01c2260f78da"}}], 0x60})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, 0x0})
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000240)=[@enable_nested={0x12c, 0x18}, @nested_amd_vmcb_write_mask={0x17c, 0x38, {0x1, @save_area=0x595, 0x1, 0x7ff, 0x4}}], 0x50})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000200)={"7b9e8ce9753466595913302e4ce6eb58730aedff6ac6d17f03a1d53d703132fb0a7b6d0ab2bd23feea7288caf231a7561d47b331bf700400000000000000bc31746d9eafa027de532f485c1cdbaeb99727791edf03ba806be6aa217e5d249d8b9ec6abd4c72881bdeb313fad1d407c98c79cdb1daacc013e7820432cce92b29dcc17a7244d2dc921a7df68067fbeea5f9a5ae567cd126bc616672a7115bc3c6dbb4e85549bd64df01ecfb43493d5c96792e324f08bb2539a60a7329cae4518960335e726a0a228f58e2ff76586f9a2e52183cc34d01d3a968315ec378314e6ea560901d7fce4d92c7c220dfdccfbab3b5987d63222a39d6430d43c6bcb85599fd930bf63b948e6dc2ae410629a6eb404ab1dd13c30aaf22c1c02418b6da3ff24b0198da9b7559fc77a0ef62c1abc0387abeb0f0e4b21f326d166a97d1086a3f943a5f76d5de5f524534b6a79e4ce378662747ae6b4ec4af5727461770920837b8c015413568534389b66d5ceceedccfacc1b1b5d52bb85ba0974cd7fe56a5ffd39d7f0e8bc088cd7d0b062572cf4a29190cb24499f31a04d83296e86e6dee77df8f47b3e35bd4a7debb8b3fe0fc841e6c2411143bd5e0a2d3224155d30db232333c4acf167f70c90ac28e97893423c7102f1a64c5961647ad530a4124589cb060143370227779ddeca0a9dcf64ed7d0bcfc0576b40ecb2f16ba5d30798a886d7b8e91e91156eef8eb4832ce89ed9e8588a3744e044ec226a4bb2a7b9f6aa77ad9b0e9d45b53d8133dc20694dcb594b9cf88bf091b896dfc54fcc5be2575f664904f2555317f2a47119663b706bf5c89c93d221b324ee5df01a1a45a308a2a3ad5df579f7857900beda270538da70a346ff01e9d7753926cd1a76ba6f2d923fbfb08cc07c45ec08afad453602e49f6df51ce82617fe2e7ac5707d84cf953564a2894180f2b7375a859e04945431085d45a2957f1a05e09112a56c769e304f765e263fd9d8e0987bb4f933638d7d7407f1b6e56278080e1b5abe764a9058fb48bb30ed5040a73fc8318c41f7ba7a6ffbe1c33eb1f250adcb38b517fabb9f182211e19827ea4f64dd3da4bf3f34afcb44351dd07f22c7fd959031dd78bb18953f6e522c1d65631021f38786482bcfe3e2fbc181f8f44fb7157d18b64de570d8561897a3c64a198ec90268ec318bb794cb31ce5d912f84d6555ebaff4266157b58620b47d7ccd1f52b8e9a0c4762a64a2e11515d1a29101323b81479ef8046d19dbe02038894c2854871ef0e9c8bd6d70f4f46548604223c596695a26a8a4d4e1951c4546e888b78152fb1ba72f744f7ac6dc20dbc0cf40b4bb00ad33c30bb07d62b336f904b35203ee4cd2b277f12fdce5bc9853c13b0d0d48b031e1121e52bcc33e55876f2442c57bb8b5fc423d81fd6d0a4fb2b6a00"})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f0000000140)=@x86={0xff, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd8})

676.535842ms ago: executing program 3 (id=2386):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe7", 0x0, 0x18})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

614.788122ms ago: executing program 6 (id=2387):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[@nested_load_code={0x12e, 0x27, {0x0, "66b830010f00d866b820018ec83f08"}}], 0x27})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000000000)={0x3, "775118"})

588.085894ms ago: executing program 4 (id=2388):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f00000002c0)=[@code={0xa, 0x74, {"b9800000c00f3235000800000f3066baf80c470f01c8ef66bafc0cb8fac90000ef672e0f1f00360f7821c7442400a9f80b95c7442402a400c0fec7442406000000000f0114240f07460f09b9e30200000f32b9780300000f32c4a1a25d921e6b5458"}}], 0xbb})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

587.191223ms ago: executing program 3 (id=2389):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfd000/0x400000)=nil)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

497.554583ms ago: executing program 2 (id=2390):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f00000004c0)={0xbc, 0x0, 0x7})
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@wrmsr={0x65, 0x20, {0x830, 0x5}}], 0x20})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

497.382675ms ago: executing program 6 (id=2391):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x40000104, 0x7}}], 0x20})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

418.921696ms ago: executing program 3 (id=2392):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r2, &(0x7f0000000100)={{0x3, @default, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'})
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x10)
ioctl$sock_netdev_private(r3, 0x8914, &(0x7f0000000000))
setsockopt$ax25_SO_BINDTODEVICE(r2, 0x101, 0x19, &(0x7f0000000240)=@bpq0, 0x10)
ioctl$sock_netrom_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bpq0, 0x1, 'syz1\x00', @default, 0x1, 0x0, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @bcast]})
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d)
ioctl$sock_netdev_private(r0, 0x8914, &(0x7f0000000000))

416.274724ms ago: executing program 4 (id=2400):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, &(0x7f0000000040)=[@nested_load_code={0x12e, 0x27, {0x0, "66b830010f00d866b820018ec83f08"}}], 0x27})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000000)={0x3, "775118"})

365.221892ms ago: executing program 2 (id=2393):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
munmap(&(0x7f0000470000/0x400000)=nil, 0xe06500)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000100)={"b46474f815e8d5535f0887c44335cc824dc6121bc72a77f532ff5dad4d643a9cab29d2310e04be14eb26c0af4985fe45e3b3b0680b3ec92725d74b9716e0f7c3119a2c9a0ae65ff4772e2e12733cb013c4308fe40863480747c0a7ddb9361b1578015ca1bb2c1677ebae096f08345476f567443842946ed946434c75916d1db83fe305920de65bfaf9bd940672216846cb16b8ae67cd3affc61375381f91b3b9f1cc5e38cafe5239aee71dcd481fbe1ecd2547ffbaad4469a74697c28fb9beefa6a5d736712a55eb9110c2cf7964062ba8cbc1c038e84f0f5db7fc7053118bf5221e3efa6fc3edb5d0ca3cde7054dd0751a332520aa8478b1775d552c5cc24d3c2df9eb333e5ca3aa06c1c2cf8526714f5caff2f55b41976fc20b64f1fc61d5b44f50953582a1825d32130a31abfeafd1987317879e29ac51b93c9659e023fff3ddb5e39dd19cc3ef1d883c78b9e073d08a9197fb3717df238b9831831214b186693be9dd2568bb77272e80df5dfed03e8c467627bedfbd93359a9f79a3aa37e873dc1357b37b43d813ea85267b0dc8b1c4cc51bd985328833beb2679b7fb762555bbea2da936b36f8f1673fd5f606b2b6eb23b72bf947206e8dbfeb40ca6f265a3485c8446e0f0da652860b88328073d2282c14b48a7774e62754a968b60e92205e8fafcdd70a55c3c4d1a4821ff44e6e3681f15ae091262e3a3290a24d8ceae30ebbf9d24287bb8a5d73c608d47d287f9e716cf02b4796a83fb0c05e45b89de9ef8bce834e6d7a0be6e30d2c66cb6e640cb01898454ad361bc0701d8fe56113335ae6adec59300db04691cc4a689034272a8e086a32ce7061b4f79fa8afbb48a6ce4b62bdc44af013d78980457e1fa61eb9204818606f4c3b03c0f33cd2a841ac9bc2b73151a96e31ab99e6ec969b5f2c3edd5f9abc69845e487af992758ba445368da93dae1d44360d52a534a88276b8aaf349841d8a4788c60408618437c442308dbf70efeda2e54e9b9e4fe5f76997c9dcb945a26bd75748c85d19ca8b99264dce50580e8d4dbda401dad7df31e9a7a6a3a83bfbdfb5394abd581ac0824fbcd75d2f5205c0b7c9188e6f26bfd97734d9a20433f6cdba9d14a5f32a4d97a57f4603b21146fd1aebf082e863d463c224ad623c17d8043d3bf083f0322408dd6ead6915ac6a4222ab51480eb6e11a8913348219515170d9df90d72d7363bbda3e327d19f98c0a856f98076380e788e602e8a2ae0a1930786874dc21a2e99abda15f35457cf1dcb440c4b41350d0eda352aad7f57a0adc8a6914da06460635ed21c4c11cd1a8ec778064c9f62efba2927828b23f94b16619a5520731c2c40ab8583c9f2e73233d74b84f4877ce6b35bb1180300"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

365.011831ms ago: executing program 4 (id=2394):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x2, 0x801)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x1, 0xeeef0000, 0x1, r2, 0x9})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x0, 0x1, 0x8, r2, 0xb})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x3, 0xfffffffffffffffd, 0x2, 0x2, 0xe, 0x4002004c4, 0x7, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x2], 0x8080000, 0x1144})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

364.320291ms ago: executing program 6 (id=2395):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x40000083, 0x7}}], 0x20})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
r4 = openat$kvm(0x0, &(0x7f00000000c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

360.828744ms ago: executing program 3 (id=2396):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_PRE_FAULT_MEMORY(0xffffffffffffffff, 0xc040aed5, &(0x7f0000000000)={0xfee00000, 0x10000})

217.342217ms ago: executing program 3 (id=2397):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x10000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6, 0x40}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x1000, 0xc, 0x0, 0x7, 0xc4, 0x0, 0x0, 0x48, 0x3, 0x0, 0xfc}, {0xeeef0000, 0x33331000, 0xa, 0x0, 0xd, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x6000, 0xeeee8000, 0xe, 0x0, 0x0, 0x4, 0x0, 0xfd, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x1, 0x7, 0x8, 0x40, 0x26, 0x0, 0x0, 0x2}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0x5df9ffdb, 0x0, 0x0, 0x110, 0x0, 0xf801, 0x0, [0x80000001, 0x0, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

157.359441ms ago: executing program 4 (id=2398):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000200)={"7b9e8ce9753466595913302e4ce6eb58730aedff6ac6d17f03a1d53d703132fb0a7b6d0ab2bd23feea7288caf231a7561d47b331bf700400000000000000bc31746d9eafa027de532f485c1cdbaeb99727791edf03ba806be6aa217e5d249d8b9ec6abd4c72881bdeb313fad1d407c98c79cdb1daacc013e7820432cce92b29dcc17a7244d2dc921a7df68067fbeea5f9a5ae567cd126bc616672a7115bc3c6dbb4e85549bd64df01ecfb43493d5c96792e324f08bb2539a60a7329cae4518960335e726a0a228f58e2ff76586f9a2e52183cc34d01d3a968315ec378314e6ea560901d7fce4d92c7c220dfdccfbab3b5987d63222a39d6430d43c6bcb85599fd930bf63b948e6dc2ae410629a6eb404ab1dd13c30aaf22c1c02418b6da3ff24b0198da9b7559fc77a0ef62c1abc0387abeb0f0e4b21f326d166a97d1086a3f943a5f76d5de5f524534b6a79e4ce378662747ae6b4ec4af5727461770920837b8c015413568534389b66d5ceceedccfacc1b1b5d52bb85ba0974cd7fe56a5ffd39d7f0e8bc088cd7d0b062572cf4a29190cb24499f31a04d83296e86e6dee77df8f47b3e35bd4a7debb8b3fe0fc841e6c2411143bd5e0a2d3224155d30db232333c4acf167f70c90ac28e97893423c7102f1a64c5961647ad530a4124589cb060143370227779ddeca0a9dcf64ed7d0bcfc0576b40ecb2f16ba5d30798a886d7b8e91e91156eef8eb4832ce89ed9e8588a3744e044ec226a4bb2a7b9f6aa77ad9b0e9d45b53d8133dc20694dcb594b9cf88bf091b896dfc54fcc5be2575f664904f2555317f2a47119663b706bf5c89c93d221b324ee5df01a1a45a308a2a3ad5df579f7857900beda270538da70a346ff01e9d7753926cd1a76ba6f2d923fbfb08cc07c45ec08afad453602e49f6df51ce82617fe2e7ac5707d84cf953564a2894180f2b7375a859e04945431085d45a2957f1a05e09112a56c769e304f765e263fd9d8e0987bb4f933638d7d7407f1b6e56278080e1b5abe764a9058fb48bb30ed5040a73fc8318c41f7ba7a6ffbe1c33eb1f250adcb38b517fabb9f182211e19827ea4f64dd3da4bf3f34afcb44351dd07f22c7fd959031dd78bb18953f6e522c1d65631021f38786482bcfe3e2fbc181f8f44fb7157d18b64de570d8561897a3c64a198ec90268ec318bb794cb31ce5d912f84d6555ebaff4266157b58620b47d7ccd1f52b8e9a0c4762a64a2e11515d1a29101323b81479ef8046d19dbe02038894c2854871ef0e9c8bd6d70f4f46548604223c596695a26a8a4d4e1951c4546e888b78152fb1ba72f744f7ac6dc20dbc0cf40b4bb00ad33c30bb07d62b336f904b35203ee4cd2b277f12fdce5bc9853c13b0d0d48b031e1121e52bcc33e55876f2442c57bb8b5fc423d81fd6d0a4fb2b6a00"})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x8400ae8e, &(0x7f0000000140)=@x86={0xff, 0x0, 0x0, 0x0, 0xfffffff7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd8})

156.647878ms ago: executing program 2 (id=2399):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000100)={0x0, 0xaaa, &(0x7f0000000240)="23591363adf94c4a3525c373b8be3e8d2672540e4fff5fe7", 0x0, 0x18})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000004, 0x1000000000, 0x5, 0x41, 0x2000000, 0x0, 0x2004cb, 0x0, 0xa1d, 0x68ff, 0x5, 0x0, 0x3, 0x2], 0x10000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xd000, 0x0, 0x0, 0x7, 0x8, 0x0, 0x0, 0x3, 0x0, 0x8, 0x6, 0x10}, {0xffff1000, 0x10000, 0xc, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7, 0xff}, {0x2000, 0x8080000, 0xc, 0x0, 0xf, 0xc4, 0x0, 0x0, 0x8, 0x3, 0x0, 0xfc}, {0x30000, 0x33331000, 0x18592cbc7c573fc6, 0x9, 0x1, 0x0, 0x9, 0x0, 0x8, 0x0, 0x4}, {0x80a0000, 0xeeee8000, 0xe, 0x20, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x100000, 0x0, 0x0, 0x78, 0x5, 0x1, 0x2, 0x0, 0x0, 0xff, 0x1}, {0x0, 0xeeee0000, 0xa, 0x4, 0x0, 0x0, 0xa1, 0x20, 0x0, 0x0, 0x8}, {0x2, 0x6000, 0xc, 0x0, 0x0, 0x7, 0x8, 0x40, 0x26}, {0x80a0000, 0x8cc}, {0xdddd1000}, 0xddf8ffdb, 0x0, 0x0, 0x110, 0x0, 0x7800, 0x0, [0x80080001, 0x0, 0x80001, 0x1]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

36.426088ms ago: executing program 3 (id=2401):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x40000104, 0x7}}], 0x20})
syz_kvm_add_vcpu$x86(r2, &(0x7f0000000380)={0x0, &(0x7f0000000100)=[@rdmsr={0x66, 0x18, {0x914}}], 0xe})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

36.01977ms ago: executing program 2 (id=2402):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@userxattr}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000580)=""/174, 0xae)

35.882012ms ago: executing program 4 (id=2403):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000002c0)={0x79, 0x0, 0x756})
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}, @nested_load_code={0x12e, 0x4d, {0x0, "48b800800000000000000f23c80f21f8350c0020000f23f86d3266b864000f00d03500010000b8050002000f006080000f01b00f30"}}, @nested_vmlaunch={0x12f, 0x18}], 0x95})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f0000000000)=0x4)
ioctl$KVM_GET_MP_STATE(r3, 0x8004ae98, &(0x7f0000000040))

35.447018ms ago: executing program 6 (id=2404):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000400))
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x94)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x169000, 0x0)
ioctl$EVIOCGPROP(r2, 0x40047438, &(0x7f0000000180)=""/246)
ioctl$PPPIOCSFLAGS1(r2, 0x4004743a, &(0x7f0000000300))
ioctl$PPPIOCDISCONN(r2, 0x7439)

0s ago: executing program 2 (id=2405):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000f40)=[@wrmsr={0x65, 0x20, {0x40000104, 0x7}}], 0x20})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

[T10068]  loop6: unable to read partition table
[  133.762664][T10068] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  133.800515][T10077] fuse: Unknown parameter 'use00000000000000000000'
[  133.826422][T10060] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  133.842787][T10081] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10081 comm=syz.5.1391
[  133.848076][T10081] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1391'.
[  133.926916][ T6168] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.937519][ T6168] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.953014][ T6170] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.962079][T10090] xt_hashlimit: size too large, truncated to 1048576
[  133.965331][ T6170] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  134.126375][T10101] loop6: detected capacity change from 0 to 2640
[  134.130689][T10101] ldm_validate_partition_table(): Disk read failed.
[  134.133897][T10101] Dev loop6: unable to read RDB block 0
[  134.136553][T10101]  loop6: unable to read partition table
[  134.150370][T10101] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  134.271631][T10093] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  134.274759][T10093] IPv6: NLM_F_CREATE should be set when creating new route
[  134.535263][T10119] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.609121][T10119] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.667331][T10119] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  134.755987][T10119] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.060281][ T1025] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  135.413623][T10134] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  135.417317][T10134] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.422631][ T1025] usb 8-1: unable to get BOS descriptor or descriptor too short
[  135.425629][ T1025] usb 8-1: unable to read config index 0 descriptor/start: -71
[  135.428050][ T1025] usb 8-1: can't read configurations, error -71
[  136.443047][   T40] audit: type=1400 audit(1764576696.519:5057): avc:  denied  { execute } for  pid=10167 comm="syz.5.1420" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[  136.589380][T10179] fuse: Unknown parameter 'user_id00000000000000000000'
[  136.619179][T10180] tmpfs: Bad value for 'mpol'
[  136.866473][T10188] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  137.094085][T10193] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1429'.
[  137.320787][T10170] ceph: No mds server is up or the cluster is laggy
[  137.322265][T10173] ceph: No mds server is up or the cluster is laggy
[  137.387603][T10205] bond4: Removing last arp target with arp_interval on
[  137.606612][T10213] overlayfs: missing 'workdir'
[  137.640255][ T7553] usb 8-1: new low-speed USB device number 16 using dummy_hcd
[  137.697272][T10217] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1437'.
[  137.740400][T10219] fuse: Unknown parameter 'user_id00000000000000000000'
[  137.800328][ T7553] usb 8-1: Invalid ep0 maxpacket: 16
[  137.940391][ T7553] usb 8-1: new low-speed USB device number 17 using dummy_hcd
[  137.958809][   T40] audit: type=1400 audit(1764576698.029:5058): avc:  denied  { getopt } for  pid=10228 comm="syz.2.1442" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  137.962917][T10229] xt_l2tp: missing protocol rule (udp|l2tpip)
[  138.015235][T10231] hpfs: Bad magic ... probably not HPFS
[  138.053581][ T6170] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.056069][T10233] netlink: 284 bytes leftover after parsing attributes in process `syz.2.1444'.
[  138.066414][ T6170] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.076385][ T6170] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.086641][ T6170] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.108008][T10236] netlink: 'syz.2.1445': attribute type 10 has an invalid length.
[  138.120394][ T7553] usb 8-1: Invalid ep0 maxpacket: 16
[  138.123060][ T7553] usb usb8-port1: attempt power cycle
[  138.145203][T10240] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1447'.
[  138.175953][T10242] xt_hashlimit: size too large, truncated to 1048576
[  138.343468][   T40] audit: type=1400 audit(1764576698.419:5059): avc:  denied  { read } for  pid=10247 comm="syz.4.1450" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  138.350545][   T40] audit: type=1400 audit(1764576698.419:5060): avc:  denied  { open } for  pid=10247 comm="syz.4.1450" path="/215/file0/file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  138.357714][   T40] audit: type=1400 audit(1764576698.419:5061): avc:  denied  { ioctl } for  pid=10247 comm="syz.4.1450" path="/215/file0/file0" dev="fuse" ino=64 ioctlcmd=0x4d0b scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  138.409638][T10252] bond3: Removing last arp target with arp_interval on
[  138.460315][ T7553] usb 8-1: new low-speed USB device number 18 using dummy_hcd
[  138.482415][ T7553] usb 8-1: Invalid ep0 maxpacket: 16
[  138.610110][ T7553] usb 8-1: new low-speed USB device number 19 using dummy_hcd
[  138.631040][ T7553] usb 8-1: Invalid ep0 maxpacket: 16
[  138.632907][ T7553] usb usb8-port1: unable to enumerate USB device
[  138.789132][T10261] netlink: 'syz.5.1455': attribute type 16 has an invalid length.
[  138.796360][T10261] netlink: 'syz.5.1455': attribute type 2 has an invalid length.
[  138.799527][T10261] netlink: 64086 bytes leftover after parsing attributes in process `syz.5.1455'.
[  138.811478][T10259] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  138.814121][T10259] IPv6: NLM_F_CREATE should be set when creating new route
[  138.935035][T10266] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10266 comm=syz.4.1456
[  138.940523][T10266] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1456'.
[  139.005354][T10271] xt_hashlimit: size too large, truncated to 1048576
[  139.039328][T10274] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1457'.
[  139.146382][T10281] openvswitch: netlink: Invalid MD length 60718 for MD type 0
[  139.149519][T10281] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  139.169610][T10281] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  139.217580][T10286] fuse: Unknown parameter '0x0000000000000003'
[  139.370124][ T6007] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  139.523269][ T6007] usb 9-1: config 0 has no interfaces?
[  139.525856][ T6007] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  139.530124][ T6007] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.535509][ T6007] usb 9-1: config 0 descriptor??
[  139.700574][   T61] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  139.742536][ T7011] usb 9-1: USB disconnect, device number 15
[  139.812647][T10305] xt_hashlimit: size too large, truncated to 1048576
[  139.862748][   T61] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  139.867175][   T61] usb 10-1: New USB device found, idVendor=046d, idProduct=c090, bcdDevice= 0.00
[  139.870402][   T61] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.874289][   T61] usb 10-1: config 0 descriptor??
[  139.924836][T10309] loop6: detected capacity change from 0 to 2640
[  139.928033][T10309] buffer_io_error: 32 callbacks suppressed
[  139.928045][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.934125][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.937447][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.940961][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.944351][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.948928][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.952521][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.955881][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.959224][T10309] ldm_validate_partition_table(): Disk read failed.
[  139.962159][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.965462][T10309] Buffer I/O error on dev loop6, logical block 0, async page read
[  139.968461][T10309] Dev loop6: unable to read RDB block 0
[  139.970969][T10309]  loop6: unable to read partition table
[  139.973269][T10309] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  140.051938][T10311] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1467'.
[  140.081564][   T61] usbhid 10-1:0.0: can't add hid device: -71
[  140.083590][   T61] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  140.096573][   T61] usb 10-1: USB disconnect, device number 14
[  140.121835][T10320] xt_hashlimit: size too large, truncated to 1048576
[  140.181045][ T7011] usb 9-1: new full-speed USB device number 16 using dummy_hcd
[  140.268281][T10328] program syz.2.1471 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  140.301336][T10334] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1472'.
[  140.304475][T10334] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1472'.
[  140.331998][ T7011] usb 9-1: config 0 has no interfaces?
[  140.333812][T10334] loop6: detected capacity change from 0 to 2640
[  140.334046][ T7011] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  140.336564][T10334] ldm_validate_partition_table(): Disk read failed.
[  140.338827][ T7011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.342305][T10334] Dev loop6: unable to read RDB block 0
[  140.344753][ T7011] usb 9-1: config 0 descriptor??
[  140.345605][T10334]  loop6: unable to read partition table
[  140.350719][T10334] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  140.397056][T10337] ieee802154 phy0 wpan0: encryption failed: -22
[  140.425752][T10339] netlink: 'syz.3.1474': attribute type 1 has an invalid length.
[  140.439052][T10339] bond5: entered promiscuous mode
[  140.441189][T10339] 8021q: adding VLAN 0 to HW filter on device bond5
[  140.446995][   T40] audit: type=1400 audit(1764576700.519:5062): avc:  denied  { create } for  pid=10338 comm="syz.3.1474" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1
[  140.466620][T10339] bond5: entered allmulticast mode
[  140.474731][T10343] loop6: detected capacity change from 0 to 2640
[  140.477701][T10343] ldm_validate_partition_table(): Disk read failed.
[  140.480445][T10343] Dev loop6: unable to read RDB block 0
[  140.482553][T10343]  loop6: unable to read partition table
[  140.484707][T10343] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  140.555953][ T7011] usb 9-1: USB disconnect, device number 16
[  140.557653][T10353] xt_hashlimit: size too large, truncated to 1048576
[  140.617061][T10357] netlink: 'syz.5.1480': attribute type 4 has an invalid length.
[  140.619605][T10357] netlink: 'syz.5.1480': attribute type 1 has an invalid length.
[  140.629435][   T40] audit: type=1400 audit(1764576700.699:5063): avc:  denied  { connect } for  pid=10355 comm="syz.5.1480" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  140.715252][T10368] netlink: 'syz.3.1484': attribute type 5 has an invalid length.
[  140.729623][ T6170] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  140.733299][ T6170] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  140.737248][ T6170] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  140.740880][ T6170] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  140.756597][T10375] loop6: detected capacity change from 0 to 2640
[  140.763795][ T6829] ldm_validate_partition_table(): Disk read failed.
[  140.766869][ T6829] Dev loop6: unable to read RDB block 0
[  140.769539][ T6829]  loop6: unable to read partition table
[  140.775372][T10375] ldm_validate_partition_table(): Disk read failed.
[  140.778476][T10375] Dev loop6: unable to read RDB block 0
[  140.781815][T10375]  loop6: unable to read partition table
[  140.784332][T10375] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  140.858229][   T40] audit: type=1400 audit(1764576700.929:5064): avc:  denied  { setattr } for  pid=10383 comm="syz.2.1489" name="PNPIPE" dev="sockfs" ino=34683 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  140.862389][T10387] xt_hashlimit: size too large, truncated to 1048576
[  141.100261][   T40] audit: type=1400 audit(1764576701.179:5065): avc:  denied  { ioctl } for  pid=10399 comm="syz.3.1495" path="socket:[36488]" dev="sockfs" ino=36488 ioctlcmd=0x8990 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  141.111235][T10400] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.117082][T10400] bond0: (slave rose0): Enslaving as an active interface with an up link
[  141.119848][T10401] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  141.192061][ T7011] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  141.230384][T10409] loop6: detected capacity change from 0 to 2640
[  141.234503][ T6829] ldm_validate_partition_table(): Disk read failed.
[  141.237286][ T6829] Dev loop6: unable to read RDB block 0
[  141.239922][ T6829]  loop6: unable to read partition table
[  141.243669][T10409] ldm_validate_partition_table(): Disk read failed.
[  141.246559][T10409] Dev loop6: unable to read RDB block 0
[  141.249259][T10409]  loop6: unable to read partition table
[  141.250126][   T34] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  141.251998][T10409] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  141.255343][T10411] binder: binder_mmap: 10410 200000000000-200000003000 bad vm_flags failed -1
[  141.264403][T10411] binder: 10410:10411 ioctl c018620c 0 returned -14
[  141.268274][T10412] binder: binder_mmap: 10410 200000000000-200000003000 bad vm_flags failed -1
[  141.312020][T10418] xt_hashlimit: size too large, truncated to 1048576
[  141.361491][ T7011] usb 9-1: config 0 has no interfaces?
[  141.363313][ T7011] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  141.366259][ T7011] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.370636][ T7011] usb 9-1: config 0 descriptor??
[  141.402246][   T34] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  141.406726][   T34] usb 10-1: New USB device found, idVendor=046d, idProduct=c090, bcdDevice= 0.00
[  141.411460][   T34] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.415737][   T34] usb 10-1: config 0 descriptor??
[  141.621549][   T34] usbhid 10-1:0.0: can't add hid device: -71
[  141.623530][   T34] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  141.624063][T10427] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  141.627366][   T34] usb 10-1: USB disconnect, device number 15
[  141.871322][T10436] fuse: Bad value for 'group_id'
[  141.873621][T10436] fuse: Bad value for 'group_id'
[  141.979341][T10441] loop6: detected capacity change from 0 to 2640
[  141.983017][T10441] ldm_validate_partition_table(): Disk read failed.
[  141.985739][T10441] Dev loop6: unable to read RDB block 0
[  141.988073][T10441]  loop6: unable to read partition table
[  141.991446][T10441] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  142.051797][T10448] xt_hashlimit: size too large, truncated to 1048576
[  142.129140][T10439] __nla_validate_parse: 12 callbacks suppressed
[  142.129152][T10439] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1460'.
[  142.138919][T10452] netlink: 'syz.3.1511': attribute type 1 has an invalid length.
[  142.156376][T10452] 8021q: adding VLAN 0 to HW filter on device bond6
[  142.176816][T10456] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1512'.
[  142.314498][T10465] trusted_key: encrypted_key: insufficient parameters specified
[  142.319424][T10466] trusted_key: encrypted_key: insufficient parameters specified
[  142.328531][T10465] geneve2: entered promiscuous mode
[  142.332168][T10465] geneve2: entered allmulticast mode
[  142.411290][T10460] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  143.110128][   T10] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  143.154839][   T61] usb 9-1: USB disconnect, device number 17
[  143.178689][T10486] FAULT_INJECTION: forcing a failure.
[  143.178689][T10486] name failslab, interval 1, probability 0, space 0, times 0
[  143.183025][T10486] CPU: 1 UID: 0 PID: 10486 Comm: syz.2.1522 Not tainted syzkaller #0 PREEMPT(full) 
[  143.183040][T10486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.183046][T10486] Call Trace:
[  143.183057][T10486]  <TASK>
[  143.183061][T10486]  dump_stack_lvl+0x16c/0x1f0
[  143.183086][T10486]  should_fail_ex+0x512/0x640
[  143.183106][T10486]  ? fs_reclaim_acquire+0xae/0x150
[  143.183120][T10486]  should_failslab+0xc2/0x120
[  143.183133][T10486]  __kmalloc_noprof+0xdd/0x880
[  143.183148][T10486]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  143.183163][T10486]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  143.183175][T10486]  tomoyo_realpath_from_path+0xc2/0x6e0
[  143.183189][T10486]  ? tomoyo_profile+0x47/0x60
[  143.183204][T10486]  tomoyo_path_number_perm+0x245/0x580
[  143.183213][T10486]  ? tomoyo_path_number_perm+0x237/0x580
[  143.183225][T10486]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  143.183236][T10486]  ? find_held_lock+0x2b/0x80
[  143.183284][T10486]  ? find_held_lock+0x2b/0x80
[  143.183297][T10486]  ? hook_file_ioctl_common+0x145/0x410
[  143.183314][T10486]  ? __fget_files+0x20e/0x3c0
[  143.183327][T10486]  security_file_ioctl+0x9b/0x240
[  143.183340][T10486]  __x64_sys_ioctl+0xb7/0x210
[  143.183357][T10486]  do_syscall_64+0xcd/0xfa0
[  143.183368][T10486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.183378][T10486] RIP: 0033:0x7fae4c38f7c9
[  143.183387][T10486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.183397][T10486] RSP: 002b:00007fae4d300038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  143.183407][T10486] RAX: ffffffffffffffda RBX: 00007fae4c5e5fa0 RCX: 00007fae4c38f7c9
[  143.183414][T10486] RDX: 0000200000000005 RSI: 0000000000000932 RDI: 0000000000000004
[  143.183420][T10486] RBP: 00007fae4d300090 R08: 0000000000000000 R09: 0000000000000000
[  143.183426][T10486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.183432][T10486] R13: 00007fae4c5e6038 R14: 00007fae4c5e5fa0 R15: 00007fff284e1598
[  143.183445][T10486]  </TASK>
[  143.183449][T10486] ERROR: Out of memory at tomoyo_realpath_from_path.
[  143.185133][T10489] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1523'.
[  143.186350][T10486] md: md2 stopped.
[  143.189827][T10489] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1523'.
[  143.262054][   T10] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  143.266206][   T10] usb 8-1: New USB device found, idVendor=046d, idProduct=c090, bcdDevice= 0.00
[  143.269082][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.273678][   T10] usb 8-1: config 0 descriptor??
[  143.317620][T10496] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  143.321047][T10496] block device autoloading is deprecated and will be removed.
[  143.325221][T10493] md: md2 stopped.
[  143.414358][T10507] IPVS: sync thread started: state = BACKUP, mcast_ifn = bridge_slave_0, syncid = 0, id = 0
[  143.483466][   T10] usbhid 8-1:0.0: can't add hid device: -71
[  143.485409][   T10] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  143.491888][   T10] usb 8-1: USB disconnect, device number 20
[  143.519124][T10516] lo: entered promiscuous mode
[  143.557468][T10517] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  143.560685][T10517] block device autoloading is deprecated and will be removed.
[  143.563891][T10513] md: md2 stopped.
[  143.687871][T10527] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  143.693142][T10527] block device autoloading is deprecated and will be removed.
[  143.696989][T10524] FAULT_INJECTION: forcing a failure.
[  143.696989][T10524] name failslab, interval 1, probability 0, space 0, times 0
[  143.703248][T10524] CPU: 3 UID: 0 PID: 10524 Comm: syz.4.1537 Not tainted syzkaller #0 PREEMPT(full) 
[  143.703269][T10524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  143.703278][T10524] Call Trace:
[  143.703285][T10524]  <TASK>
[  143.703291][T10524]  dump_stack_lvl+0x16c/0x1f0
[  143.703312][T10524]  should_fail_ex+0x512/0x640
[  143.703328][T10524]  ? fs_reclaim_acquire+0xae/0x150
[  143.703342][T10524]  should_failslab+0xc2/0x120
[  143.703359][T10524]  __kmalloc_noprof+0xdd/0x880
[  143.703381][T10524]  ? tomoyo_encode2+0x100/0x3e0
[  143.703403][T10524]  ? tomoyo_encode2+0x100/0x3e0
[  143.703422][T10524]  tomoyo_encode2+0x100/0x3e0
[  143.703443][T10524]  tomoyo_encode+0x29/0x50
[  143.703460][T10524]  tomoyo_realpath_from_path+0x18f/0x6e0
[  143.703486][T10524]  tomoyo_path_number_perm+0x245/0x580
[  143.703501][T10524]  ? tomoyo_path_number_perm+0x237/0x580
[  143.703518][T10524]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  143.703534][T10524]  ? find_held_lock+0x2b/0x80
[  143.703570][T10524]  ? find_held_lock+0x2b/0x80
[  143.703586][T10524]  ? hook_file_ioctl_common+0x145/0x410
[  143.703610][T10524]  ? __fget_files+0x20e/0x3c0
[  143.703628][T10524]  security_file_ioctl+0x9b/0x240
[  143.703648][T10524]  __x64_sys_ioctl+0xb7/0x210
[  143.703672][T10524]  do_syscall_64+0xcd/0xfa0
[  143.703689][T10524]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.703706][T10524] RIP: 0033:0x7f460678f7c9
[  143.703720][T10524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.703734][T10524] RSP: 002b:00007f460766e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  143.703751][T10524] RAX: ffffffffffffffda RBX: 00007f46069e5fa0 RCX: 00007f460678f7c9
[  143.703761][T10524] RDX: 0000200000000005 RSI: 0000000000000932 RDI: 0000000000000004
[  143.703771][T10524] RBP: 00007f460766e090 R08: 0000000000000000 R09: 0000000000000000
[  143.703780][T10524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  143.703790][T10524] R13: 00007f46069e6038 R14: 00007f46069e5fa0 R15: 00007ffcaaec7fe8
[  143.703814][T10524]  </TASK>
[  143.703832][T10524] ERROR: Out of memory at tomoyo_realpath_from_path.
[  143.744221][   T40] audit: type=1400 audit(1764576703.819:5066): avc:  denied  { read } for  pid=10532 comm="syz.2.1541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  143.746312][T10524] md: md2 stopped.
[  143.747517][   T40] audit: type=1400 audit(1764576703.819:5067): avc:  denied  { bind } for  pid=10532 comm="syz.2.1541" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  143.797155][T10534] fuse: Bad value for 'fd'
[  143.799613][T10535] fuse: Bad value for 'fd'
[  143.858425][   T40] audit: type=1400 audit(1764576703.929:5068): avc:  denied  { setopt } for  pid=10539 comm="syz.2.1543" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  143.960353][ T6007] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  144.103285][T10542] fuse: Unknown parameter '•„�íF`À0ÎŽ~™4UJ3ÿÿÿÿ00000000000000000000003ÚèVŤVYW´ç�ïô¬üõèmû@Þ1¢8y*Ry„¤Ì¸™Gðr&dÁ'
[  144.107624][T10542] netlink: 'syz.2.1544': attribute type 10 has an invalid length.
[  144.110395][T10542] netlink: 55 bytes leftover after parsing attributes in process `syz.2.1544'.
[  144.317882][T10531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.320934][T10531] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.326768][T10531] random: crng reseeded on system resumption
[  144.392066][ T6007] usb 10-1: unable to get BOS descriptor or descriptor too short
[  144.395967][ T6007] usb 10-1: unable to read config index 0 descriptor/start: -71
[  144.398341][ T6007] usb 10-1: can't read configurations, error -71
[  144.778314][   T40] audit: type=1400 audit(1764576704.849:5069): avc:  denied  { unmount } for  pid=5938 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  144.891549][T10551] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  144.994884][T10558] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1550'.
[  145.130917][T10579] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  145.134634][T10579] block device autoloading is deprecated and will be removed.
[  145.138424][T10571] md: md2 stopped.
[  145.291123][T10593] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1561'.
[  145.294779][T10593] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1561'.
[  145.316911][T10593] loop6: detected capacity change from 0 to 2640
[  145.319875][T10593] buffer_io_error: 148 callbacks suppressed
[  145.319890][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.325904][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.328720][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.333416][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.336936][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.341452][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.344915][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.348386][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.352170][T10593] ldm_validate_partition_table(): Disk read failed.
[  145.354810][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.358026][T10593] Buffer I/O error on dev loop6, logical block 0, async page read
[  145.361114][T10593] Dev loop6: unable to read RDB block 0
[  145.363478][T10593]  loop6: unable to read partition table
[  145.366373][T10593] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  145.411755][T10587] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  145.414752][T10587] IPv6: NLM_F_CREATE should be set when creating new route
[  145.446031][T10603] loop6: detected capacity change from 0 to 2640
[  145.449388][T10603] ldm_validate_partition_table(): Disk read failed.
[  145.451918][T10603] Dev loop6: unable to read RDB block 0
[  145.454356][T10603]  loop6: unable to read partition table
[  145.456290][T10603] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  145.537142][T10612] netlink: 'syz.3.1567': attribute type 12 has an invalid length.
[  145.540679][T10612] netlink: 'syz.3.1567': attribute type 29 has an invalid length.
[  145.543949][T10612] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1567'.
[  145.547715][T10612] netlink: 'syz.3.1567': attribute type 2 has an invalid length.
[  145.552441][T10612] netlink: 'syz.3.1567': attribute type 3 has an invalid length.
[  145.555893][T10612] netlink: 15 bytes leftover after parsing attributes in process `syz.3.1567'.
[  145.561057][   T40] audit: type=1400 audit(1764576705.639:5070): avc:  denied  { bind } for  pid=10611 comm="syz.3.1567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  145.568489][   T40] audit: type=1400 audit(1764576705.639:5071): avc:  denied  { name_bind } for  pid=10611 comm="syz.3.1567" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  145.576269][   T40] audit: type=1400 audit(1764576705.639:5072): avc:  denied  { node_bind } for  pid=10611 comm="syz.3.1567" saddr=fc01::1 src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  145.605720][   T40] audit: type=1400 audit(1764576705.679:5073): avc:  denied  { ioctl } for  pid=10622 comm="syz.3.1570" path="socket:[36735]" dev="sockfs" ino=36735 ioctlcmd=0x6628 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  145.695327][   T40] audit: type=1400 audit(1764576705.769:5074): avc:  denied  { bind } for  pid=10624 comm="syz.4.1571" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  145.725318][T10629] fuse: Bad value for 'fd'
[  145.732350][T10631] loop6: detected capacity change from 0 to 2640
[  145.734966][T10631] ldm_validate_partition_table(): Disk read failed.
[  145.737337][T10631] Dev loop6: unable to read RDB block 0
[  145.739276][T10631]  loop6: unable to read partition table
[  145.741505][T10631] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  145.768879][   T40] audit: type=1400 audit(1764576705.839:5075): avc:  denied  { bind } for  pid=10635 comm="syz.3.1577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  145.812248][T10639] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  145.866882][T10641] openvswitch: netlink: nsh attribute has 65532 unknown bytes.
[  145.869355][T10641] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  145.930227][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  145.985448][T10658] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  146.001076][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  146.071244][T10665] bond3: Unable to set up delay as MII monitoring is disabled
[  146.075129][   T10] usb 6-1: new full-speed USB device number 25 using dummy_hcd
[  146.077695][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  146.079989][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  146.082153][T10665] bond3 (unregistering): Released all slaves
[  146.172691][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  146.194729][T10674] openvswitch: netlink: IP tunnel dst address not specified
[  146.230207][   T10] usb 6-1: device descriptor read/64, error -32
[  146.310719][ T7011] usb 9-1: new full-speed USB device number 18 using dummy_hcd
[  146.340704][   T10] raw-gadget.0 gadget.1: failed to queue suspend event
[  146.343793][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  146.357177][T10683] loop6: detected capacity change from 0 to 2640
[  146.361664][ T6829] ldm_validate_partition_table(): Disk read failed.
[  146.364679][ T6829] Dev loop6: unable to read RDB block 0
[  146.367303][ T6829]  loop6: unable to read partition table
[  146.371864][T10683] ldm_validate_partition_table(): Disk read failed.
[  146.374861][T10683] Dev loop6: unable to read RDB block 0
[  146.377406][T10683]  loop6: unable to read partition table
[  146.379815][T10683] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  146.422085][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  146.427423][T10686] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  146.490122][   T10] usb 6-1: new full-speed USB device number 26 using dummy_hcd
[  146.494086][ T7011] usb 9-1: not running at top speed; connect to a high speed hub
[  146.497697][ T7011] usb 9-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  146.500451][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  146.500941][ T7011] usb 9-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  146.503970][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  146.507013][ T7011] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  146.517068][ T7011] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  146.521656][ T7011] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.524318][ T7011] usb 9-1: Product: à “
[  146.525708][ T7011] usb 9-1: Manufacturer: Щ
[  146.527546][ T7011] usb 9-1: SerialNumber: ꬴ��兖⒕㭣┾蛮ᎀ昩ഄꯚᯱ괵鷡埕ओ漌溕楸뤪塡鞆��뙚녤ᢳ�啯㉬ߴ춥唑ጺ騎��⾷鄔幓膥햒Ɤ⪾嚽݋�癹傊೒ꢈͷ=⇷ⵦ磟ᗜ�䚨�嚤�㇌껀阞澀뤫䱊鴥瞬펷륄
[  146.563908][T10696] nfs: Unknown parameter 'ÿÿÿÿ'
[  146.570189][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  146.630582][   T10] usb 6-1: device descriptor read/64, error -32
[  146.739507][T10669] block nbd2: Unsupported socket: should be TCP or UNIX.
[  146.742800][   T10] raw-gadget.0 gadget.1: failed to queue suspend event
[  146.745030][   T10] usb usb6-port1: attempt power cycle
[  146.746827][   T10] raw-gadget.0 gadget.1: failed to queue disconnect event
[  146.750385][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  146.798012][ T7011] usb 9-1: 0:2 : does not exist
[  146.800834][T10712] loop6: detected capacity change from 0 to 2640
[  146.803559][T10712] ldm_validate_partition_table(): Disk read failed.
[  146.805884][T10712] Dev loop6: unable to read RDB block 0
[  146.807636][ T7011] usb 9-1: USB disconnect, device number 18
[  146.816095][T10712]  loop6: unable to read partition table
[  146.818726][T10712] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  146.830187][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  146.833395][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  146.848047][ T6829] udevd[6829]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  147.050193][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  147.110386][   T10] usb 6-1: new full-speed USB device number 27 using dummy_hcd
[  147.142232][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  147.146479][   T10] usb 6-1: device descriptor read/8, error -32
[  147.265159][   T10] raw-gadget.0 gadget.1: failed to queue suspend event
[  147.269006][   T10] raw-gadget.0 gadget.1: failed to queue reset event
[  147.271999][T10723] /dev/sg0: Can't lookup blockdev
[  147.336210][T10736] loop6: detected capacity change from 0 to 2640
[  147.341587][T10736] ldm_validate_partition_table(): Disk read failed.
[  147.344749][T10736] Dev loop6: unable to read RDB block 0
[  147.347507][T10736]  loop6: unable to read partition table
[  147.350293][   T10] raw-gadget.0 gadget.1: failed to queue resume event
[  147.350332][T10736] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  147.367948][T10737] __nla_validate_parse: 9 callbacks suppressed
[  147.367960][T10737] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1610'.
[  147.410140][   T10] usb 6-1: new full-speed USB device number 28 using dummy_hcd
[  147.430406][    C0] raw-gadget.0 gadget.1: ignoring, device is not running
[  147.433597][   T10] usb 6-1: device descriptor read/8, error -32
[  147.540274][   T10] raw-gadget.0 gadget.1: failed to queue suspend event
[  147.542522][   T10] usb usb6-port1: unable to enumerate USB device
[  147.592161][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  147.612452][T10749] mmap: syz.3.1616 (10749) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  147.831575][T10757] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  148.193187][T10785] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1626'.
[  148.195992][T10785] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1626'.
[  148.226177][T10785] loop6: detected capacity change from 0 to 2640
[  148.230939][ T6829] ldm_validate_partition_table(): Disk read failed.
[  148.233501][ T6829] Dev loop6: unable to read RDB block 0
[  148.235510][ T6829]  loop6: unable to read partition table
[  148.239547][T10785] ldm_validate_partition_table(): Disk read failed.
[  148.242375][T10785] Dev loop6: unable to read RDB block 0
[  148.245102][T10785]  loop6: unable to read partition table
[  148.247664][T10785] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  148.260885][T10790] xt_hashlimit: size too large, truncated to 1048576
[  148.373066][T10797] batadv_slave_1: entered promiscuous mode
[  148.377365][T10797] netlink: 'syz.2.1629': attribute type 2 has an invalid length.
[  148.382348][T10797] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1629'.
[  148.385632][T10795] batadv_slave_1: left promiscuous mode
[  148.607518][T10815] binder: 10810:10815 ioctl c018620c 200000000200 returned -1
[  148.648120][T10817] loop6: detected capacity change from 0 to 2640
[  148.651813][T10817] ldm_validate_partition_table(): Disk read failed.
[  148.655005][T10817] Dev loop6: unable to read RDB block 0
[  148.657876][T10817]  loop6: unable to read partition table
[  148.660662][T10817] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  148.835643][T10837] tmpfs: Unknown parameter 'u–rquota'
[  148.863379][T10841] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1643'.
[  148.866401][T10841] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1643'.
[  148.885186][T10841] loop6: detected capacity change from 0 to 2640
[  148.888348][ T6829] ldm_validate_partition_table(): Disk read failed.
[  148.893039][ T6829] Dev loop6: unable to read RDB block 0
[  148.895753][ T6829]  loop6: unable to read partition table
[  148.899737][T10841] ldm_validate_partition_table(): Disk read failed.
[  148.903522][T10841] Dev loop6: unable to read RDB block 0
[  148.906255][T10841]  loop6: unable to read partition table
[  148.908843][T10841] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  148.965836][T10848] loop6: detected capacity change from 0 to 2640
[  148.968767][T10848] ldm_validate_partition_table(): Disk read failed.
[  148.971363][T10848] Dev loop6: unable to read RDB block 0
[  148.973365][T10848]  loop6: unable to read partition table
[  148.975274][T10848] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  149.160132][ T7553] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  149.302052][T10874] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  149.409617][T10879] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1656'.
[  149.413832][T10879] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1656'.
[  149.534755][T10846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  149.538837][T10846] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  149.543248][ T7553] usb 7-1: unable to get BOS descriptor or descriptor too short
[  149.546899][ T7553] usb 7-1: unable to read config index 0 descriptor/start: -71
[  149.549741][ T7553] usb 7-1: can't read configurations, error -71
[  149.654154][T10904] netlink: 52 bytes leftover after parsing attributes in process `syz.4.1665'.
[  149.862947][T10906] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1664'.
[  149.959469][T10906] infiniband syz0: set down
[  149.961202][T10906] infiniband syz0: added bond0
[  149.981345][T10906] RDS/IB: syz0: added
[  149.983041][T10906] smc: adding ib device syz0 with port count 1
[  149.985064][T10906] smc:    ib device syz0 port 1 has no pnetid
[  150.090568][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  150.090583][   T40] audit: type=1400 audit(1764576710.169:5086): avc:  denied  { relabelfrom } for  pid=10910 comm="syz.2.1666" name="" dev="pipefs" ino=40308 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  150.123603][T10915] sch_fq: defrate 4294967295 ignored.
[  150.259305][T10921] 9pnet_virtio: no channels available for device syz
[  150.260898][   T40] audit: type=1400 audit(1764576710.329:5087): avc:  denied  { mounton } for  pid=10920 comm="syz.2.1669" path="/431/file0" dev="9p" ino=71827841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  150.277135][   T40] audit: type=1400 audit(1764576710.349:5088): avc:  denied  { getattr } for  pid=10920 comm="syz.2.1669" name="/" dev="9p" ino=71827841 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  150.278809][T10923] sp0: Synchronizing with TNC
[  150.293561][T10922] [U] è
[  150.628711][T10940] syzkaller0: entered promiscuous mode
[  150.631096][T10940] syzkaller0: entered allmulticast mode
[  150.637885][   T40] audit: type=1800 audit(1764576710.709:5089): pid=10940 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed comm="syz.3.1677" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  151.460134][ T7553] usb 7-1: new full-speed USB device number 17 using dummy_hcd
[  151.757887][ T7553] usb 7-1: unable to read config index 0 descriptor/start: -71
[  151.760558][ T7553] usb 7-1: can't read configurations, error -71
[  152.170068][T10974] loop6: detected capacity change from 0 to 2640
[  152.173720][ T6829] buffer_io_error: 248 callbacks suppressed
[  152.173730][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.178231][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.181971][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.184898][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.187533][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.190194][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.192708][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.195221][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.197721][ T6829] ldm_validate_partition_table(): Disk read failed.
[  152.199834][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.204417][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  152.207069][ T6829] Dev loop6: unable to read RDB block 0
[  152.209039][ T6829]  loop6: unable to read partition table
[  152.211702][T10974] ldm_validate_partition_table(): Disk read failed.
[  152.213944][T10974] Dev loop6: unable to read RDB block 0
[  152.215835][T10974]  loop6: unable to read partition table
[  152.218874][T10974] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  152.374587][   T40] audit: type=1326 audit(1764576712.449:5090): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10989 comm="syz.2.1695" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fae4c38f7c9 code=0x0
[  152.567561][T11001] loop6: detected capacity change from 0 to 2640
[  152.571658][ T6829] ldm_validate_partition_table(): Disk read failed.
[  152.574014][ T6829] Dev loop6: unable to read RDB block 0
[  152.575884][ T6829]  loop6: unable to read partition table
[  152.579146][T11001] ldm_validate_partition_table(): Disk read failed.
[  152.582677][T11001] Dev loop6: unable to read RDB block 0
[  152.585401][T11001]  loop6: unable to read partition table
[  152.587864][T11001] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  152.651143][   T40] audit: type=1400 audit(1764576712.729:5091): avc:  denied  { unmount } for  pid=5944 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  152.790134][ T1457] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  152.930187][ T1457] usb 9-1: device descriptor read/64, error -71
[  153.136770][T11008] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  153.190147][ T1457] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  153.320149][ T1457] usb 9-1: device descriptor read/64, error -71
[  153.430562][ T1457] usb usb9-port1: attempt power cycle
[  153.520439][   T10] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  153.670225][   T10] usb 7-1: Using ep0 maxpacket: 32
[  153.675346][   T10] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[  153.679671][   T10] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[  153.684968][   T10] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  153.689382][   T10] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[  153.696958][   T10] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[  153.700931][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.704396][   T10] usb 7-1: Product: syz
[  153.706240][   T10] usb 7-1: Manufacturer: syz
[  153.708094][   T10] usb 7-1: SerialNumber: syz
[  153.715055][    C0] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[  153.736716][   T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input22
[  153.770267][ T1457] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  153.810928][ T1457] usb 9-1: device descriptor read/8, error -71
[  153.883155][   T40] audit: type=1400 audit(1764576713.959:5092): avc:  denied  { ioctl } for  pid=11018 comm="syz.3.1703" path="socket:[41286]" dev="sockfs" ino=41286 ioctlcmd=0x89ea scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  153.883748][T11019] __nla_validate_parse: 6 callbacks suppressed
[  153.883757][T11019] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1703'.
[  153.941564][   T10] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[  153.945527][   T10]  (id 0x00)
[  154.000224][   T10] rc_core: IR keymap rc-imon-pad not found
[  154.002802][   T10] Registered IR keymap rc-empty
[  154.004991][   T10] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[  154.008645][   T10] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  154.070111][ T1457] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  154.100972][ T1457] usb 9-1: device descriptor read/8, error -71
[  154.124023][   T40] audit: type=1400 audit(1764576714.199:5093): avc:  denied  { mounton } for  pid=11022 comm="syz.3.1704" path="/405/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  154.131145][   T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[  154.133664][   T40] audit: type=1400 audit(1764576714.209:5094): avc:  denied  { remount } for  pid=11022 comm="syz.3.1704" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  154.133894][T11023] devtmpfs: Cannot change global quota limit on remount
[  154.141646][   T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input23
[  154.165758][   T40] audit: type=1400 audit(1764576714.239:5095): avc:  denied  { unmount } for  pid=5944 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  154.170457][   T10] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:19> initialized
[  154.210406][ T1457] usb usb9-port1: unable to enumerate USB device
[  154.320921][   T10] usb 7-1: USB disconnect, device number 19
[  154.442235][T11031] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  154.639249][T11038] FAULT_INJECTION: forcing a failure.
[  154.639249][T11038] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.643602][T11038] CPU: 3 UID: 0 PID: 11038 Comm: syz.3.1709 Not tainted syzkaller #0 PREEMPT(full) 
[  154.643616][T11038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  154.643622][T11038] Call Trace:
[  154.643626][T11038]  <TASK>
[  154.643630][T11038]  dump_stack_lvl+0x16c/0x1f0
[  154.643645][T11038]  should_fail_ex+0x512/0x640
[  154.643660][T11038]  _copy_from_iter+0x29f/0x1720
[  154.643675][T11038]  ? __alloc_skb+0x200/0x380
[  154.643689][T11038]  ? __pfx__copy_from_iter+0x10/0x10
[  154.643702][T11038]  ? netlink_autobind.isra.0+0x158/0x370
[  154.643727][T11038]  netlink_sendmsg+0x820/0xdd0
[  154.643744][T11038]  ? __pfx_netlink_sendmsg+0x10/0x10
[  154.643764][T11038]  ____sys_sendmsg+0xa98/0xc70
[  154.643775][T11038]  ? copy_msghdr_from_user+0x10a/0x160
[  154.643789][T11038]  ? __pfx_____sys_sendmsg+0x10/0x10
[  154.643804][T11038]  ___sys_sendmsg+0x134/0x1d0
[  154.643819][T11038]  ? __pfx____sys_sendmsg+0x10/0x10
[  154.643831][T11038]  ? __lock_acquire+0x622/0x1c90
[  154.643857][T11038]  __sys_sendmsg+0x16d/0x220
[  154.643871][T11038]  ? __pfx___sys_sendmsg+0x10/0x10
[  154.643893][T11038]  do_syscall_64+0xcd/0xfa0
[  154.643903][T11038]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.643914][T11038] RIP: 0033:0x7f956c58f7c9
[  154.643922][T11038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.643933][T11038] RSP: 002b:00007f956d4af038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.643944][T11038] RAX: ffffffffffffffda RBX: 00007f956c7e5fa0 RCX: 00007f956c58f7c9
[  154.643950][T11038] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[  154.643956][T11038] RBP: 00007f956d4af090 R08: 0000000000000000 R09: 0000000000000000
[  154.643962][T11038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.643969][T11038] R13: 00007f956c7e6038 R14: 00007f956c7e5fa0 R15: 00007ffd402df8d8
[  154.643984][T11038]  </TASK>
[  154.836349][T11044] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1711'.
[  154.958048][T11049] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1712'.
[  154.962002][T11049] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1712'.
[  154.981489][T11049] loop6: detected capacity change from 0 to 2640
[  154.984987][ T6829] ldm_validate_partition_table(): Disk read failed.
[  154.987286][ T6829] Dev loop6: unable to read RDB block 0
[  154.989372][ T6829]  loop6: unable to read partition table
[  154.993306][T11049] ldm_validate_partition_table(): Disk read failed.
[  154.995625][T11049] Dev loop6: unable to read RDB block 0
[  154.997652][T11049]  loop6: unable to read partition table
[  154.999685][T11049] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  155.157692][   T40] audit: type=1400 audit(1764576715.229:5096): avc:  denied  { create } for  pid=11053 comm="syz.3.1714" name="#5d" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  155.164555][   T40] audit: type=1400 audit(1764576715.229:5097): avc:  denied  { link } for  pid=11053 comm="syz.3.1714" name="#5d" dev="tmpfs" ino=2303 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  155.167677][T11054] netlink: 'syz.3.1714': attribute type 1 has an invalid length.
[  155.171016][   T40] audit: type=1400 audit(1764576715.229:5098): avc:  denied  { rename } for  pid=11053 comm="syz.3.1714" name="#5e" dev="tmpfs" ino=2303 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  155.184985][T11054] bond9: entered promiscuous mode
[  155.186987][T11054] bond9: entered allmulticast mode
[  155.189310][T11054] 8021q: adding VLAN 0 to HW filter on device bond9
[  155.470548][ T6007] usb 8-1: new high-speed USB device number 21 using dummy_hcd
[  155.585325][   T40] audit: type=1400 audit(1764576715.659:5099): avc:  denied  { bind } for  pid=11059 comm="syz.4.1716" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  155.586031][T11060] cgroup2: Unknown parameter 'memrrven¿‚'
[  155.856919][ T6007] usb 8-1: unable to get BOS descriptor or descriptor too short
[  155.861549][ T6007] usb 8-1: unable to read config index 0 descriptor/start: -71
[  155.864165][ T6007] usb 8-1: can't read configurations, error -71
[  155.942753][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1720'.
[  156.415174][T11088] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  156.419273][T11090] loop6: detected capacity change from 0 to 2640
[  156.427846][T11090] ldm_validate_partition_table(): Disk read failed.
[  156.431907][T11090] Dev loop6: unable to read RDB block 0
[  156.434718][T11090]  loop6: unable to read partition table
[  156.437881][T11090] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  156.587418][   T40] audit: type=1400 audit(1764576716.659:5100): avc:  denied  { connect } for  pid=11095 comm="syz.2.1727" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  156.641086][   T40] audit: type=1400 audit(1764576716.719:5101): avc:  denied  { write } for  pid=11095 comm="syz.2.1727" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  156.649910][   T40] audit: type=1400 audit(1764576716.719:5102): avc:  denied  { read } for  pid=11095 comm="syz.2.1727" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=socket permissive=1
[  156.940186][ T1025] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  156.951297][   T40] audit: type=1804 audit(1764576717.029:5103): pid=11100 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.1728" name="/newroot/295/file0" dev="tmpfs" ino=1639 res=1 errno=0
[  157.110163][ T1025] usb 7-1: Using ep0 maxpacket: 16
[  157.114095][ T1025] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  157.119783][ T1025] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  157.124123][ T1025] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.127303][ T1025] usb 7-1: Product: syz
[  157.129081][ T1025] usb 7-1: Manufacturer: syz
[  157.131293][ T1025] usb 7-1: SerialNumber: syz
[  157.136761][ T1025] usb 7-1: config 0 descriptor??
[  157.143838][ T1025] em28xx 7-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  157.147220][ T1025] em28xx 7-1:0.0: DVB interface 0 found: bulk
[  157.400265][   T59] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  157.528804][T11115] xt_hashlimit: size too large, truncated to 1048576
[  157.531924][   T59] usb 9-1: device descriptor read/64, error -71
[  157.620294][T11120] tty tty1: ldisc open failed (-12), clearing slot 0
[  157.747110][ T1025] em28xx 7-1:0.0: unknown em28xx chip ID (0)
[  157.771704][   T59] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  157.900261][   T59] usb 9-1: device descriptor read/64, error -71
[  158.010341][   T59] usb usb9-port1: attempt power cycle
[  158.051808][T11132] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  158.350118][   T59] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  158.371557][   T59] usb 9-1: device descriptor read/8, error -71
[  158.405637][T11140] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  158.610205][   T59] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  158.630641][   T59] usb 9-1: device descriptor read/8, error -71
[  158.740429][   T59] usb usb9-port1: unable to enumerate USB device
[  159.029246][T11150] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  159.050439][T11150] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  159.180329][ T1025] em28xx 7-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  159.182776][ T1025] em28xx 7-1:0.0: board has no eeprom
[  159.245305][ T1025] em28xx 7-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  159.248379][ T1025] em28xx 7-1:0.0: dvb set to bulk mode.
[  159.251542][   T59] em28xx 7-1:0.0: Binding DVB extension
[  159.294953][   T59] em28xx 7-1:0.0: Registering input extension
[  159.536368][T11159] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  159.594648][ T1457] usb 7-1: USB disconnect, device number 20
[  159.600220][ T1457] em28xx 7-1:0.0: Disconnecting em28xx
[  159.602598][ T1457] em28xx 7-1:0.0: Closing input extension
[  159.627135][ T1457] em28xx 7-1:0.0: Freeing device
[  160.476234][T11184] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  160.634141][T11192] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  160.646669][T11192] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  161.532570][T11217] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  161.539931][T11217] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  162.192899][T11249] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  162.436136][T11255] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  162.557953][ T5948] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  162.562590][ T5948] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  162.565680][ T5948] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  162.568839][ T5948] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  162.575325][ T5948] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  162.594275][ T5942] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  162.598802][ T5942] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  162.602552][ T5942] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  162.605851][ T5942] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  162.608359][ T5942] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  162.632505][T11267] kvm: MWAIT instruction emulated as NOP!
[  162.840705][T11263] chnl_net:caif_netlink_parms(): no params data found
[  162.903577][T11263] bridge0: port 1(bridge_slave_0) entered blocking state
[  162.906544][T11263] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.909436][T11263] bridge_slave_0: entered allmulticast mode
[  162.913608][T11263] bridge_slave_0: entered promiscuous mode
[  162.917985][T11263] bridge0: port 2(bridge_slave_1) entered blocking state
[  162.921150][T11263] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.923592][T11263] bridge_slave_1: entered allmulticast mode
[  162.927339][T11263] bridge_slave_1: entered promiscuous mode
[  162.959215][T11263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  162.967496][T11263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.991624][T11263] team0: Port device team_slave_0 added
[  162.996256][T11263] team0: Port device team_slave_1 added
[  163.017849][T11263] batman_adv: batadv0: Adding interface: batadv_slave_0
[  163.020984][T11263] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  163.029014][T11263] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  163.033644][T11263] batman_adv: batadv0: Adding interface: batadv_slave_1
[  163.035759][T11263] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  163.043908][T11263] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  163.067486][T11263] hsr_slave_0: entered promiscuous mode
[  163.069999][T11263] hsr_slave_1: entered promiscuous mode
[  163.072287][T11263] debugfs: 'hsr0' already exists in 'hsr'
[  163.074136][T11263] Cannot create hsr debugfs directory
[  163.176707][T11263] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  163.185351][T11263] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  163.189758][T11263] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  163.196390][T11263] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  163.212492][T11263] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.215005][T11263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.217253][T11263] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.219524][T11263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.253396][T11263] 8021q: adding VLAN 0 to HW filter on device bond0
[  163.266224][ T6170] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.269519][ T6170] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.293774][T11263] 8021q: adding VLAN 0 to HW filter on device team0
[  163.308518][ T6170] bridge0: port 1(bridge_slave_0) entered blocking state
[  163.311781][ T6170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  163.319249][ T6170] bridge0: port 2(bridge_slave_1) entered blocking state
[  163.322303][ T6170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  163.487240][T11263] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.645401][T11263] veth0_vlan: entered promiscuous mode
[  163.650945][T11263] veth1_vlan: entered promiscuous mode
[  163.679836][T11263] veth0_macvtap: entered promiscuous mode
[  163.690454][T11263] veth1_macvtap: entered promiscuous mode
[  163.701363][T11263] batman_adv: batadv0: Interface activated: batadv_slave_0
[  163.709301][T11263] batman_adv: batadv0: Interface activated: batadv_slave_1
[  163.714930][ T6168] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  163.717708][ T6168] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  163.723028][ T6168] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  163.725842][ T6168] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  163.772222][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.775492][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  163.796431][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  163.799001][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  164.338243][T11354] dump_vmcs: 3 callbacks suppressed
[  164.338255][T11354] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  164.553317][T11365] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  164.620258][ T5942] Bluetooth: hci5: command tx timeout
[  164.948554][   T40] audit: type=1400 audit(1764576725.019:5104): avc:  denied  { execute } for  pid=11387 comm="syz.6.1816" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  164.980513][T11396] KVM: debugfs: duplicate directory 11396-10
[  165.083249][T11401] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  165.229656][T11411] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  166.635454][T11495] syzkaller0: entered promiscuous mode
[  166.637216][T11495] syzkaller0: entered allmulticast mode
[  166.700652][ T5942] Bluetooth: hci5: command tx timeout
[  166.710558][T11504] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1857'.
[  166.904986][   T34] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[  166.908113][   T34] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[  166.912102][   T34] hid-generic 0000:0004:0000.0004: unknown main item tag 0x0
[  166.919024][   T34] hid-generic 0000:0004:0000.0004: hidraw1: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  166.973860][T11514] fido_id[11514]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  167.579754][T11535] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1870'.
[  167.585750][T11535] netlink: 72 bytes leftover after parsing attributes in process `syz.6.1870'.
[  167.969094][T11542] Cannot find del_set index 4 as target
[  168.067789][   T40] audit: type=1400 audit(1764576728.139:5105): avc:  denied  { setopt } for  pid=11549 comm="syz.2.1877" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  168.207584][   T40] audit: type=1400 audit(1764576728.279:5106): avc:  denied  { mounton } for  pid=11560 comm="syz.6.1883" path="/25/file0" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1
[  168.209624][T11563] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  168.360198][ T9971] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  168.385258][T11570] input: syz0 as /devices/virtual/input/input25
[  168.530148][ T9971] usb 7-1: Using ep0 maxpacket: 16
[  168.537629][ T9971] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  168.553363][ T9971] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  168.561419][ T9971] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  168.576357][ T9971] usb 7-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  168.582179][ T9971] usb 7-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  168.589755][ T9971] usb 7-1: Manufacturer: syz
[  168.600453][ T9971] usb 7-1: config 0 descriptor??
[  168.780447][ T5942] Bluetooth: hci5: command tx timeout
[  169.181413][T11596] loop8: detected capacity change from 0 to 7
[  169.194165][ T6829] Dev loop8: unable to read RDB block 7
[  169.196604][ T6829]  loop8: unable to read partition table
[  169.200661][ T6829] loop8: partition table beyond EOD, truncated
[  169.489215][T11596] Dev loop8: unable to read RDB block 7
[  169.495642][T11596]  loop8: unable to read partition table
[  169.500636][T11596] loop8: partition table beyond EOD, truncated
[  169.504238][T11596] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  169.553307][ T6829] Dev loop8: unable to read RDB block 7
[  169.555845][ T6829]  loop8: unable to read partition table
[  169.559028][ T6829] loop8: partition table beyond EOD, truncated
[  169.565908][T11597] Dev loop8: unable to read RDB block 7
[  169.568317][T11597]  loop8: unable to read partition table
[  169.571334][T11597] loop8: partition table beyond EOD, truncated
[  169.574047][T11597] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  169.617825][   T40] audit: type=1400 audit(1764576729.689:5107): avc:  denied  { call } for  pid=11605 comm="syz.4.1899" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  169.618180][T11606] binder_alloc: 11605: binder_alloc_buf size 8 failed, no address space
[  169.629614][T11606] binder_alloc: allocated: 4096 (num: 1 largest: 4096), free: 0 (num: 0 largest: 0)
[  169.818774][   T40] audit: type=1400 audit(1764576729.889:5108): avc:  denied  { setopt } for  pid=11602 comm="syz.6.1898" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  170.519372][   T40] audit: type=1400 audit(1764576730.589:5109): avc:  denied  { setopt } for  pid=11632 comm="syz.6.1908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  170.589852][T11637] netlink: 540 bytes leftover after parsing attributes in process `syz.6.1910'.
[  170.862733][   T40] audit: type=1400 audit(1764576730.929:5110): avc:  denied  { getopt } for  pid=11645 comm="syz.4.1914" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  170.871146][ T5942] Bluetooth: hci5: command tx timeout
[  170.892679][   T40] audit: type=1400 audit(1764576730.969:5111): avc:  denied  { ioctl } for  pid=11648 comm="syz.4.1915" path="socket:[52486]" dev="sockfs" ino=52486 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  171.062231][T11661] syzkaller0: entered promiscuous mode
[  171.064288][T11661] syzkaller0: entered allmulticast mode
[  171.132165][ T6007] usb 7-1: USB disconnect, device number 21
[  171.219805][T11669] tipc: Started in network mode
[  171.221725][T11669] tipc: Node identity 8695b74bc37a, cluster identity 4711
[  171.224568][T11669] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  171.227762][T11669] syzkaller0: entered promiscuous mode
[  171.229794][T11669] syzkaller0: entered allmulticast mode
[  171.241650][T11669] sch_tbf: burst 6 is lower than device syzkaller0 mtu (1514) !
[  171.247242][T11669] tipc: Resetting bearer <eth:syzkaller0>
[  171.254768][T11667] tipc: Resetting bearer <eth:syzkaller0>
[  171.270385][T11667] tipc: Disabling bearer <eth:syzkaller0>
[  171.311233][   T40] audit: type=1400 audit(1764576731.389:5112): avc:  denied  { connect } for  pid=11670 comm="syz.2.1925" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  172.960288][   T40] audit: type=1400 audit(1764576732.969:5113): avc:  denied  { execute } for  pid=11719 comm="syz.4.1945" path="/dev/audio1" dev="devtmpfs" ino=1323 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sound_device_t tclass=chr_file permissive=1
[  173.078385][T11735] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  173.466174][   T40] audit: type=1326 audit(1764576733.539:5114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11741 comm="syz.4.1953" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f460678f7c9 code=0x0
[  173.526939][ T5942] Bluetooth: latency 26624 > 499
[  173.619826][T11757] netlink: 'syz.2.1958': attribute type 2 has an invalid length.
[  174.176085][T11765] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1961'.
[  174.410456][   T40] audit: type=1400 audit(1764576734.489:5115): avc:  denied  { write } for  pid=11779 comm="syz.2.1968" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  174.722805][T11795] netlink: 'syz.2.1969': attribute type 3 has an invalid length.
[  174.726132][T11795] netlink: 'syz.2.1969': attribute type 1 has an invalid length.
[  174.729544][T11795] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1969'.
[  174.734865][T11795] NCSI netlink: No device for ifindex 0
[  175.018952][T11804] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1975'.
[  175.023319][T11804] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1975'.
[  175.590190][ T5942] Bluetooth: hci5: command tx timeout
[  176.092176][   T40] audit: type=1400 audit(1764576736.169:5116): avc:  denied  { append } for  pid=11846 comm="syz.2.1992" name="video8" dev="devtmpfs" ino=976 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  176.209510][T11855] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  177.099346][T11874] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2003'.
[  177.290542][T11887] binder: 11886:11887 ioctl c0145608 0 returned -22
[  177.991313][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  178.070523][ T5942] Bluetooth: hci5: command tx timeout
[  178.116298][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  178.130183][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  178.133683][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  178.137513][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  178.264788][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  178.268217][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  179.077650][T11968] netlink: 'syz.2.2035': attribute type 10 has an invalid length.
[  180.130337][ T1025] usb 8-1: new high-speed USB device number 23 using dummy_hcd
[  180.256627][   T40] audit: type=1400 audit(1764576740.329:5117): avc:  denied  { connect } for  pid=11994 comm="syz.4.2048" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  180.290717][T11997] lo: entered allmulticast mode
[  180.295731][T11996] lo: left allmulticast mode
[  180.311935][ T1025] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.317080][ T1025] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.321036][ T1025] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  180.324971][ T1025] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.329788][ T1025] usb 8-1: config 0 descriptor??
[  180.509148][ T6169] Bluetooth: hci6: Frame reassembly failed (-90)
[  180.513881][T12011] Bluetooth: hci6: Frame reassembly failed (-84)
[  180.517878][T12011] Bluetooth: hci6: Frame reassembly failed (-84)
[  180.745234][T12015] lo: entered allmulticast mode
[  180.745563][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.746048][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  180.748873][T12014] lo: left allmulticast mode
[  180.749908][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.757415][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.760302][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.762758][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.765430][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.767836][ T1025] cp2112 0003:10C4:EA90.0005: unknown main item tag 0x0
[  180.776870][ T1025] cp2112 0003:10C4:EA90.0005: hidraw1: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  180.810290][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  180.880230][ T1457] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  180.884117][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  180.887348][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  180.941341][ T1025] cp2112 0003:10C4:EA90.0005: Part Number: 0x00 Device Version: 0x00
[  180.970334][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  181.143083][ T1025] cp2112 0003:10C4:EA90.0005: error requesting SMBus config
[  181.163041][ T1025] cp2112 0003:10C4:EA90.0005: probe with driver cp2112 failed with error -32
[  181.177276][ T1025] usb 8-1: USB disconnect, device number 23
[  181.553823][ T1457] usb 6-1: device descriptor read/64, error -32
[  181.660172][ T1457] raw-gadget.0 gadget.1: failed to queue suspend event
[  181.662809][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  181.730890][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  181.800124][ T1457] usb 6-1: new full-speed USB device number 30 using dummy_hcd
[  181.803035][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  181.805424][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  182.052494][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  182.110285][ T1457] usb 6-1: device descriptor read/64, error -32
[  182.220484][ T1457] raw-gadget.0 gadget.1: failed to queue suspend event
[  182.222822][ T1457] usb usb6-port1: attempt power cycle
[  182.224567][ T1457] raw-gadget.0 gadget.1: failed to queue disconnect event
[  182.226953][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  182.290245][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  182.293700][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  182.501037][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  182.540191][ T5942] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  182.540493][ T5948] Bluetooth: hci6: command 0x1003 tx timeout
[  182.560158][ T1457] usb 6-1: new full-speed USB device number 31 using dummy_hcd
[  182.590418][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  182.600648][ T1457] usb 6-1: device descriptor read/8, error -32
[  182.710251][ T1457] raw-gadget.0 gadget.1: failed to queue suspend event
[  182.713542][ T1457] raw-gadget.0 gadget.1: failed to queue reset event
[  182.780223][ T1457] raw-gadget.0 gadget.1: failed to queue resume event
[  182.840687][ T1457] usb 6-1: new full-speed USB device number 32 using dummy_hcd
[  182.865861][    C1] raw-gadget.0 gadget.1: ignoring, device is not running
[  182.868286][ T1457] usb 6-1: device descriptor read/8, error -32
[  182.892338][T12055] tap0: tun_chr_ioctl cmd 2147767506
[  182.987831][ T1457] raw-gadget.0 gadget.1: failed to queue suspend event
[  182.990339][ T1457] usb usb6-port1: unable to enumerate USB device
[  183.067248][   T40] audit: type=1400 audit(1764576743.139:5118): avc:  denied  { setcurrent } for  pid=12061 comm="syz.4.2076" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  183.128721][T12064] syzkaller0: entered promiscuous mode
[  183.130553][T12064] syzkaller0: entered allmulticast mode
[  184.064694][T12094] netlink: 27 bytes leftover after parsing attributes in process `syz.6.2090'.
[  185.514720][T12152] use of bytesused == 0 is deprecated and will be removed in the future,
[  185.517510][T12152] use the actual size instead.
[  185.862069][T12166] virtiofs: Unknown parameter 'ÖC—à'
[  185.984912][T12174] netlink: 256 bytes leftover after parsing attributes in process `syz.6.2118'.
[  186.123502][   T40] audit: type=1400 audit(1764576746.199:5119): avc:  denied  { watch watch_reads } for  pid=12186 comm="syz.3.2127" path="/proc/1369/net/netfilter" dev="proc" ino=4026533307 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=dir permissive=1
[  186.673743][T12207] syzkaller0: entered promiscuous mode
[  186.676043][T12207] syzkaller0: entered allmulticast mode
[  187.115166][T12219] netlink: 'syz.3.2139': attribute type 3 has an invalid length.
[  187.118564][T12219] netlink: 666 bytes leftover after parsing attributes in process `syz.3.2139'.
[  187.353137][   T40] audit: type=1400 audit(1764576747.429:5120): avc:  denied  { map } for  pid=12228 comm="syz.3.2145" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  187.362200][   T40] audit: type=1400 audit(1764576747.429:5121): avc:  denied  { execute } for  pid=12228 comm="syz.3.2145" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  187.377076][T12231] syzkaller0: entered promiscuous mode
[  187.379151][T12231] syzkaller0: entered allmulticast mode
[  191.471501][T12311] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  191.613719][T12318] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2176'.
[  191.617568][T12318] FAULT_INJECTION: forcing a failure.
[  191.617568][T12318] name failslab, interval 1, probability 0, space 0, times 0
[  191.624043][T12318] CPU: 3 UID: 0 PID: 12318 Comm: syz.2.2176 Not tainted syzkaller #0 PREEMPT(full) 
[  191.624064][T12318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  191.624074][T12318] Call Trace:
[  191.624091][T12318]  <TASK>
[  191.624097][T12318]  dump_stack_lvl+0x16c/0x1f0
[  191.624131][T12318]  should_fail_ex+0x512/0x640
[  191.624159][T12318]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  191.624186][T12318]  should_failslab+0xc2/0x120
[  191.624206][T12318]  kmem_cache_alloc_node_noprof+0x78/0x770
[  191.624230][T12318]  ? __alloc_skb+0x2b2/0x380
[  191.624255][T12318]  ? __alloc_skb+0x2b2/0x380
[  191.624272][T12318]  __alloc_skb+0x2b2/0x380
[  191.624292][T12318]  ? __pfx___alloc_skb+0x10/0x10
[  191.624309][T12318]  ? __pfx_rtnl_dellink+0x10/0x10
[  191.624368][T12318]  netlink_ack+0x15d/0xb80
[  191.624390][T12318]  ? __lock_acquire+0x622/0x1c90
[  191.624408][T12318]  netlink_rcv_skb+0x332/0x420
[  191.624427][T12318]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  191.624448][T12318]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  191.624474][T12318]  ? netlink_deliver_tap+0x1ae/0xd30
[  191.624497][T12318]  netlink_unicast+0x5aa/0x870
[  191.624520][T12318]  ? __pfx_netlink_unicast+0x10/0x10
[  191.624547][T12318]  netlink_sendmsg+0x8c8/0xdd0
[  191.624569][T12318]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.624597][T12318]  ____sys_sendmsg+0xa98/0xc70
[  191.624611][T12318]  ? copy_msghdr_from_user+0x10a/0x160
[  191.624645][T12318]  ? __pfx_____sys_sendmsg+0x10/0x10
[  191.624667][T12318]  ___sys_sendmsg+0x134/0x1d0
[  191.624686][T12318]  ? __pfx____sys_sendmsg+0x10/0x10
[  191.624703][T12318]  ? __lock_acquire+0x622/0x1c90
[  191.624738][T12318]  __sys_sendmsg+0x16d/0x220
[  191.624756][T12318]  ? __pfx___sys_sendmsg+0x10/0x10
[  191.624787][T12318]  do_syscall_64+0xcd/0xfa0
[  191.624802][T12318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  191.624816][T12318] RIP: 0033:0x7fae4c38f7c9
[  191.624828][T12318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  191.624841][T12318] RSP: 002b:00007fae4d300038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  191.624855][T12318] RAX: ffffffffffffffda RBX: 00007fae4c5e5fa0 RCX: 00007fae4c38f7c9
[  191.624864][T12318] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000006
[  191.624872][T12318] RBP: 00007fae4d300090 R08: 0000000000000000 R09: 0000000000000000
[  191.624880][T12318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  191.624888][T12318] R13: 00007fae4c5e6038 R14: 00007fae4c5e5fa0 R15: 00007fff284e1598
[  191.624907][T12318]  </TASK>
[  191.748595][T12335] xt_hashlimit: size too large, truncated to 1048576
[  191.797097][ T7553] usb 8-1: new high-speed USB device number 24 using dummy_hcd
[  191.837673][T12343] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2182'.
[  191.841103][T12343] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2182'.
[  191.861592][T12343] loop6: detected capacity change from 0 to 2640
[  191.865932][T12343] buffer_io_error: 122 callbacks suppressed
[  191.865941][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.871187][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.873706][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.876246][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.878738][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.882063][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.884646][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.887200][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.889714][T12343] ldm_validate_partition_table(): Disk read failed.
[  191.891939][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.894507][T12343] Buffer I/O error on dev loop6, logical block 0, async page read
[  191.897131][T12343] Dev loop6: unable to read RDB block 0
[  191.899056][T12343]  loop6: unable to read partition table
[  191.902337][T12343] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  191.960702][T12351] bond1 (unregistering): Released all slaves
[  192.072289][T12354] 8021q: adding VLAN 0 to HW filter on device bond4
[  192.081323][T12349] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  192.083796][T12349] IPv6: NLM_F_CREATE should be set when creating new route
[  192.084909][T12354] bond4: (slave ip6gretap2): making interface the new active one
[  192.089620][T12354] bond4: (slave ip6gretap2): Enslaving as an active interface with an up link
[  192.105962][T12362] loop6: detected capacity change from 0 to 2640
[  192.109196][ T6829] ldm_validate_partition_table(): Disk read failed.
[  192.112576][ T6829] Dev loop6: unable to read RDB block 0
[  192.114598][ T6829]  loop6: unable to read partition table
[  192.119605][T12362] ldm_validate_partition_table(): Disk read failed.
[  192.122401][T12362] Dev loop6: unable to read RDB block 0
[  192.124424][T12362]  loop6: unable to read partition table
[  192.127780][T12362] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  192.172440][ T7553] usb 8-1: unable to get BOS descriptor or descriptor too short
[  192.178478][ T7553] usb 8-1: unable to read config index 0 descriptor/start: -71
[  192.181168][ T7553] usb 8-1: can't read configurations, error -71
[  192.296246][T12377] i2c i2c-1: Invalid block write size 34
[  192.299982][T12380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  192.310252][T12379] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  192.328401][ T6162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  192.332456][ T6162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.339858][T12378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  192.350121][T12385] loop6: detected capacity change from 0 to 2640
[  192.353153][ T6829] ldm_validate_partition_table(): Disk read failed.
[  192.355813][ T6829] Dev loop6: unable to read RDB block 0
[  192.357839][ T6829]  loop6: unable to read partition table
[  192.363598][T12385] ldm_validate_partition_table(): Disk read failed.
[  192.366711][T12385] Dev loop6: unable to read RDB block 0
[  192.369363][T12385]  loop6: unable to read partition table
[  192.372994][T12385] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  192.428153][T12393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2199'.
[  192.432384][T12393] FAULT_INJECTION: forcing a failure.
[  192.432384][T12393] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  192.436465][T12393] CPU: 2 UID: 0 PID: 12393 Comm: syz.2.2199 Not tainted syzkaller #0 PREEMPT(full) 
[  192.436478][T12393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  192.436485][T12393] Call Trace:
[  192.436489][T12393]  <TASK>
[  192.436493][T12393]  dump_stack_lvl+0x16c/0x1f0
[  192.436506][T12393]  should_fail_ex+0x512/0x640
[  192.436522][T12393]  _copy_to_user+0x32/0xd0
[  192.436536][T12393]  simple_read_from_buffer+0xcb/0x170
[  192.436563][T12393]  proc_fail_nth_read+0x197/0x240
[  192.436584][T12393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  192.436609][T12393]  ? rw_verify_area+0xcf/0x6c0
[  192.436631][T12393]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  192.436643][T12393]  vfs_read+0x1e4/0xcf0
[  192.436655][T12393]  ? __pfx___mutex_lock+0x10/0x10
[  192.436666][T12393]  ? __pfx_vfs_read+0x10/0x10
[  192.436679][T12393]  ? __fget_files+0x20e/0x3c0
[  192.436694][T12393]  ksys_read+0x12a/0x250
[  192.436703][T12393]  ? __pfx_ksys_read+0x10/0x10
[  192.436717][T12393]  do_syscall_64+0xcd/0xfa0
[  192.436728][T12393]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.436739][T12393] RIP: 0033:0x7fae4c38e1dc
[  192.436748][T12393] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  192.436758][T12393] RSP: 002b:00007fae4d2df030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  192.436768][T12393] RAX: ffffffffffffffda RBX: 00007fae4c5e6090 RCX: 00007fae4c38e1dc
[  192.436774][T12393] RDX: 000000000000000f RSI: 00007fae4d2df0a0 RDI: 0000000000000007
[  192.436780][T12393] RBP: 00007fae4d2df090 R08: 0000000000000000 R09: 0000000000000000
[  192.436786][T12393] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.436792][T12393] R13: 00007fae4c5e6128 R14: 00007fae4c5e6090 R15: 00007fff284e1598
[  192.436806][T12393]  </TASK>
[  192.440125][   T40] audit: type=1400 audit(1764576752.509:5122): avc:  denied  { rename } for  pid=12390 comm="syz.6.2200" name="file0" dev="tmpfs" ino=545 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  192.606752][   T40] audit: type=1400 audit(1764576752.679:5123): avc:  denied  { execute_no_trans } for  pid=12398 comm="syz.6.2202" path=2F6D656D66643AA39F6EB4645204693502ACCEE1889D5B4038D7CE1F2039497F151D933DB5E75C274CE6D28EBC294A7454447181CF81BAE531F522C8103EC95C85174CBFCF91DF4DF3025E542A202864656C6574656429 dev="hugetlbfs" ino=53204 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[  192.630865][T12399] program syz.6.2202 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  192.692543][T12401] xt_l2tp: v2 tid > 0xffff: 16462212
[  192.724286][T12405] xt_hashlimit: size too large, truncated to 1048576
[  192.836703][T12416] loop6: detected capacity change from 0 to 2640
[  192.841442][T12416] ldm_validate_partition_table(): Disk read failed.
[  192.844516][T12416] Dev loop6: unable to read RDB block 0
[  192.847342][T12416]  loop6: unable to read partition table
[  192.850795][T12416] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  192.907076][T12422] sit0: entered promiscuous mode
[  192.915891][T12422] netlink: 'syz.4.2210': attribute type 1 has an invalid length.
[  192.918985][T12422] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2210'.
[  193.054288][T12422] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  193.060657][T12423] IPVS: dh: FWM 3 0x00000003 - no destination available
[  193.060877][T12422] IPVS: dh: FWM 3 0x00000003 - no destination available
[  193.066789][ T1025] IPVS: starting estimator thread 0...
[  193.081052][T12422] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=12422 comm=syz.4.2210
[  193.124200][T12434] netlink: 'syz.6.2213': attribute type 1 has an invalid length.
[  193.145315][T12434] bond1: entered promiscuous mode
[  193.147767][T12434] 8021q: adding VLAN 0 to HW filter on device bond1
[  193.150816][T12430] IPVS: using max 29 ests per chain, 69600 per kthread
[  193.173886][T12434] 8021q: adding VLAN 0 to HW filter on device bond2
[  193.178761][T12434] bond1: (slave bond2): making interface the new active one
[  193.182740][T12434] bond2: entered promiscuous mode
[  193.186285][T12434] bond1: (slave bond2): Enslaving as an active interface with an up link
[  193.236263][T12438] netlink: 32 bytes leftover after parsing attributes in process `syz.6.2215'.
[  193.263450][T12438] 8021q: adding VLAN 0 to HW filter on device bond3
[  193.280772][T12438] bond3: (slave ip6gretap1): making interface the new active one
[  193.287026][T12438] bond3: (slave ip6gretap1): Enslaving as an active interface with an up link
[  193.330267][ T1457] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  193.455118][T12451] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2221'.
[  193.557551][    C2] ata1: illegal qc_active transition (00000000->00004000)
[  193.693145][   T40] audit: type=1804 audit(1764576753.769:5124): pid=12468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=open_writers comm="syz.4.2228" name="bus" dev="ramfs" ino=56424 res=1 errno=0
[  193.711606][   T40] audit: type=1400 audit(1764576753.769:5125): avc:  denied  { name_connect } for  pid=12467 comm="syz.3.2229" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[  193.719666][   T40] audit: type=1804 audit(1764576753.769:5126): pid=12468 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=invalid_pcr cause=ToMToU comm="syz.4.2228" name="bus" dev="ramfs" ino=56424 res=1 errno=0
[  193.730496][ T1457] usb 7-1: unable to get BOS descriptor or descriptor too short
[  193.740139][ T1457] usb 7-1: unable to read config index 0 descriptor/start: -71
[  193.743078][ T1457] usb 7-1: can't read configurations, error -71
[  193.794027][T12472] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2231'.
[  193.882699][ T1114] ata1: SATA link up 1.5 Gbps (SStatus 113 SControl 300)
[  193.888856][ T1114] ata1.00: configured for UDMA/100
[  193.986480][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  194.148845][T12480] netlink: 40 bytes leftover after parsing attributes in process `syz.6.2232'.
[  194.249569][T12492] netlink: 360 bytes leftover after parsing attributes in process `syz.4.2237'.
[  194.462069][   T40] audit: type=1400 audit(1764576754.539:5127): avc:  denied  { shutdown } for  pid=12505 comm="syz.6.2242" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  194.794486][   T40] audit: type=1400 audit(1764576754.869:5128): avc:  denied  { getopt } for  pid=12523 comm="syz.4.2250" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  194.980196][ T9971] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  195.060159][   T10] usb 11-1: new high-speed USB device number 2 using dummy_hcd
[  195.062974][ T6963] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[  195.202877][T12532] fuse: Bad value for 'rootmode'
[  195.216439][T12530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.219652][T12530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.279746][   T40] audit: type=1400 audit(1764576755.349:5129): avc:  denied  { execmod } for  pid=12538 comm="syz.2.2255" path="/574/memory.events" dev="tmpfs" ino=3167 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  195.335508][T12520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.338981][T12520] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.345783][ T9971] usb 8-1: unable to get BOS descriptor or descriptor too short
[  195.349843][ T9971] usb 8-1: unable to read config index 0 descriptor/start: -71
[  195.353144][ T9971] usb 8-1: can't read configurations, error -71
[  195.416680][T12528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.419648][T12528] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.423258][T12528] FAULT_INJECTION: forcing a failure.
[  195.423258][T12528] name failslab, interval 1, probability 0, space 0, times 0
[  195.427365][T12528] CPU: 3 UID: 0 PID: 12528 Comm: syz.6.2251 Not tainted syzkaller #0 PREEMPT(full) 
[  195.427380][T12528] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  195.427386][T12528] Call Trace:
[  195.427390][T12528]  <TASK>
[  195.427395][T12528]  dump_stack_lvl+0x16c/0x1f0
[  195.427408][T12528]  should_fail_ex+0x512/0x640
[  195.427421][T12528]  ? fs_reclaim_acquire+0xae/0x150
[  195.427435][T12528]  should_failslab+0xc2/0x120
[  195.427448][T12528]  __kmalloc_noprof+0xdd/0x880
[  195.427463][T12528]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  195.427479][T12528]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  195.427491][T12528]  tomoyo_realpath_from_path+0xc2/0x6e0
[  195.427506][T12528]  ? tomoyo_profile+0x47/0x60
[  195.427521][T12528]  tomoyo_path_number_perm+0x245/0x580
[  195.427531][T12528]  ? tomoyo_path_number_perm+0x237/0x580
[  195.427542][T12528]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  195.427554][T12528]  ? find_held_lock+0x2b/0x80
[  195.427579][T12528]  ? find_held_lock+0x2b/0x80
[  195.427591][T12528]  ? hook_file_ioctl_common+0x145/0x410
[  195.427609][T12528]  ? __fget_files+0x20e/0x3c0
[  195.427622][T12528]  security_file_ioctl+0x9b/0x240
[  195.427635][T12528]  __x64_sys_ioctl+0xb7/0x210
[  195.427651][T12528]  do_syscall_64+0xcd/0xfa0
[  195.427663][T12528]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  195.427673][T12528] RIP: 0033:0x7f86cc78f7c9
[  195.427683][T12528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  195.427693][T12528] RSP: 002b:00007f86cd65b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  195.427703][T12528] RAX: ffffffffffffffda RBX: 00007f86cc9e5fa0 RCX: 00007f86cc78f7c9
[  195.427710][T12528] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000004
[  195.427716][T12528] RBP: 00007f86cd65b090 R08: 0000000000000000 R09: 0000000000000000
[  195.427721][T12528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.427727][T12528] R13: 00007f86cc9e6038 R14: 00007f86cc9e5fa0 R15: 00007ffed9bbfa78
[  195.427741][T12528]  </TASK>
[  195.427745][T12528] ERROR: Out of memory at tomoyo_realpath_from_path.
[  195.430806][T12530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  195.435540][   T10] usb 11-1: unable to get BOS descriptor or descriptor too short
[  195.437154][T12530] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  195.441466][   T10] usb 11-1: unable to read config index 0 descriptor/start: -71
[  195.515977][   T10] usb 11-1: can't read configurations, error -71
[  195.518105][ T6963] usb 9-1: unable to get BOS descriptor or descriptor too short
[  195.522887][ T6963] usb 9-1: unable to read config index 0 descriptor/start: -71
[  195.525449][ T6963] usb 9-1: can't read configurations, error -71
[  195.745140][T12558] hfs: can't find a HFS filesystem on dev sr0
[  195.875976][T12560] loop6: detected capacity change from 0 to 2640
[  195.878972][ T6829] ldm_validate_partition_table(): Disk read failed.
[  195.881295][ T6829] Dev loop6: unable to read RDB block 0
[  195.883199][ T6829]  loop6: unable to read partition table
[  195.887535][T12560] ldm_validate_partition_table(): Disk read failed.
[  195.889852][T12560] Dev loop6: unable to read RDB block 0
[  195.891898][T12560]  loop6: unable to read partition table
[  195.893793][T12560] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  195.990399][T12565] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  195.990982][T12567] xt_hashlimit: size too large, truncated to 1048576
[  195.993408][T12565] block device autoloading is deprecated and will be removed.
[  195.994668][T12562] md: md2 stopped.
[  196.049703][T12573] loop6: detected capacity change from 0 to 2640
[  196.053013][T12573] ldm_validate_partition_table(): Disk read failed.
[  196.055307][T12573] Dev loop6: unable to read RDB block 0
[  196.057259][T12573]  loop6: unable to read partition table
[  196.059256][T12573] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  196.185094][T12589] loop6: detected capacity change from 0 to 2640
[  196.188218][ T6829] ldm_validate_partition_table(): Disk read failed.
[  196.191313][ T6829] Dev loop6: unable to read RDB block 0
[  196.193315][ T6829]  loop6: unable to read partition table
[  196.196562][T12589] ldm_validate_partition_table(): Disk read failed.
[  196.198715][T12589] Dev loop6: unable to read RDB block 0
[  196.200871][T12589]  loop6: unable to read partition table
[  196.202745][T12589] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  196.580367][ T6963] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  196.583847][ T9971] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  196.587373][   T10] usb 11-1: new high-speed USB device number 3 using dummy_hcd
[  196.723696][T12601] overlayfs: failed to get inode (-116)
[  196.726092][T12601] overlayfs: failed to get inode (-116)
[  196.728243][T12601] overlayfs: failed to get inode (-116)
[  196.731209][T12601] overlayfs: failed to get inode (-116)
[  196.733873][T12601] overlayfs: failed to get inode (-116)
[  196.735860][T12601] overlayfs: failed to get inode (-116)
[  196.738158][T12601] overlayfs: failed to get inode (-116)
[  196.740145][T12601] overlayfs: failed to get inode (-116)
[  196.742666][T12601] overlayfs: failed to get inode (-116)
[  196.745003][T12601] overlayfs: failed to get inode (-116)
[  196.785358][T12603] xt_hashlimit: size too large, truncated to 1048576
[  196.931845][   T40] audit: type=1400 audit(1764576757.009:5130): avc:  denied  { bind } for  pid=12609 comm="syz.2.2279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  196.932809][T12610] qnx4: no qnx4 filesystem (no root dir).
[  196.976393][T12595] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.981353][T12591] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.981643][T12595] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.984211][T12591] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.986854][T12585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  196.990952][T12591] FAULT_INJECTION: forcing a failure.
[  196.990952][T12591] name failslab, interval 1, probability 0, space 0, times 0
[  196.993625][T12585] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  196.996823][T12591] CPU: 2 UID: 0 PID: 12591 Comm: syz.6.2273 Not tainted syzkaller #0 PREEMPT(full) 
[  196.996837][T12591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  196.996844][T12591] Call Trace:
[  196.996855][T12591]  <TASK>
[  196.996860][T12591]  dump_stack_lvl+0x16c/0x1f0
[  196.996884][T12591]  should_fail_ex+0x512/0x640
[  196.996903][T12591]  ? fs_reclaim_acquire+0xae/0x150
[  196.996918][T12591]  should_failslab+0xc2/0x120
[  196.996931][T12591]  __kmalloc_noprof+0xdd/0x880
[  196.996946][T12591]  ? tomoyo_encode2+0x100/0x3e0
[  196.996960][T12591]  ? tomoyo_encode2+0x100/0x3e0
[  196.996971][T12591]  tomoyo_encode2+0x100/0x3e0
[  196.996985][T12591]  tomoyo_encode+0x29/0x50
[  196.996996][T12591]  tomoyo_realpath_from_path+0x18f/0x6e0
[  196.997012][T12591]  tomoyo_path_number_perm+0x245/0x580
[  196.997022][T12591]  ? tomoyo_path_number_perm+0x237/0x580
[  196.997033][T12591]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  196.997044][T12591]  ? find_held_lock+0x2b/0x80
[  196.997071][T12591]  ? find_held_lock+0x2b/0x80
[  196.997083][T12591]  ? hook_file_ioctl_common+0x145/0x410
[  196.997100][T12591]  ? __fget_files+0x20e/0x3c0
[  196.997114][T12591]  security_file_ioctl+0x9b/0x240
[  196.997127][T12591]  __x64_sys_ioctl+0xb7/0x210
[  196.997143][T12591]  do_syscall_64+0xcd/0xfa0
[  196.997154][T12591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.997165][T12591] RIP: 0033:0x7f86cc78f7c9
[  196.997173][T12591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  196.997183][T12591] RSP: 002b:00007f86cd65b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  196.997193][T12591] RAX: ffffffffffffffda RBX: 00007f86cc9e5fa0 RCX: 00007f86cc78f7c9
[  196.997200][T12591] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000004
[  196.997206][T12591] RBP: 00007f86cd65b090 R08: 0000000000000000 R09: 0000000000000000
[  196.997212][T12591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  196.997218][T12591] R13: 00007f86cc9e6038 R14: 00007f86cc9e5fa0 R15: 00007ffed9bbfa78
[  196.997232][T12591]  </TASK>
[  196.997242][T12591] ERROR: Out of memory at tomoyo_realpath_from_path.
[  197.002315][ T6963] usb 9-1: unable to get BOS descriptor or descriptor too short
[  197.007057][T12617] __nla_validate_parse: 5 callbacks suppressed
[  197.007066][T12617] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2281'.
[  197.008468][   T10] usb 11-1: unable to get BOS descriptor or descriptor too short
[  197.009515][T12617] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2281'.
[  197.061134][T12618] loop6: detected capacity change from 0 to 2640
[  197.062466][ T6963] usb 9-1: unable to read config index 0 descriptor/start: -71
[  197.066897][ T6829] buffer_io_error: 201 callbacks suppressed
[  197.066909][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.068192][ T6963] usb 9-1: can't read configurations, error -71
[  197.072487][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.075389][ T6963] usb usb9-port1: attempt power cycle
[  197.078236][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.084023][   T10] usb 11-1: unable to read config index 0 descriptor/start: -71
[  197.085944][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.089131][   T10] usb 11-1: can't read configurations, error -71
[  197.092038][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.096139][   T10] usb usb11-port1: attempt power cycle
[  197.098883][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.144642][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.147638][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.151056][ T6829] ldm_validate_partition_table(): Disk read failed.
[  197.153290][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.155764][ T6829] Buffer I/O error on dev loop6, logical block 0, async page read
[  197.158571][ T6829] Dev loop6: unable to read RDB block 0
[  197.160679][ T6829]  loop6: unable to read partition table
[  197.163995][T12618] ldm_validate_partition_table(): Disk read failed.
[  197.166298][T12618] Dev loop6: unable to read RDB block 0
[  197.168223][T12618]  loop6: unable to read partition table
[  197.170220][T12618] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  197.279953][T12622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2283'.
[  197.597006][T12634] xt_hashlimit: size too large, truncated to 1048576
[  197.608300][T12637] loop6: detected capacity change from 0 to 2640
[  197.612862][T12637] ldm_validate_partition_table(): Disk read failed.
[  197.615982][T12637] Dev loop6: unable to read RDB block 0
[  197.618475][T12637]  loop6: unable to read partition table
[  197.620904][T12637] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  197.651886][   T40] audit: type=1400 audit(1764576757.719:5131): avc:  denied  { mounton } for  pid=12629 comm="syz.6.2285" path="/128/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=file permissive=1
[  197.674470][   T40] audit: type=1400 audit(1764576757.749:5132): avc:  denied  { setattr } for  pid=12640 comm="syz.4.2289" name="file0" dev="9p" ino=71827843 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  197.757194][T12644] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2291'.
[  197.872642][T12650] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2290'.
[  197.875627][T12650] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2290'.
[  197.880384][T12650] loop6: detected capacity change from 0 to 2640
[  197.883263][T12650] ldm_validate_partition_table(): Disk read failed.
[  197.885631][T12650] Dev loop6: unable to read RDB block 0
[  197.887874][T12650]  loop6: unable to read partition table
[  197.889968][T12650] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  198.280179][ T1457] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  198.632571][T12656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  198.635443][T12656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  198.638591][T12656] FAULT_INJECTION: forcing a failure.
[  198.638591][T12656] name failslab, interval 1, probability 0, space 0, times 0
[  198.643203][T12656] CPU: 2 UID: 0 PID: 12656 Comm: syz.4.2294 Not tainted syzkaller #0 PREEMPT(full) 
[  198.643227][T12656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  198.643237][T12656] Call Trace:
[  198.643243][T12656]  <TASK>
[  198.643250][T12656]  dump_stack_lvl+0x16c/0x1f0
[  198.643271][T12656]  should_fail_ex+0x512/0x640
[  198.643292][T12656]  ? __kmalloc_cache_noprof+0x5f/0x780
[  198.643320][T12656]  should_failslab+0xc2/0x120
[  198.643340][T12656]  __kmalloc_cache_noprof+0x72/0x780
[  198.643364][T12656]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  198.643385][T12656]  ? raw_ioctl+0x819/0x2c30
[  198.643407][T12656]  ? raw_ioctl+0x819/0x2c30
[  198.643424][T12656]  raw_ioctl+0x819/0x2c30
[  198.643447][T12656]  ? __pfx_raw_ioctl+0x10/0x10
[  198.643463][T12656]  ? selinux_file_ioctl+0x180/0x270
[  198.643480][T12656]  ? selinux_file_ioctl+0xb4/0x270
[  198.643501][T12656]  ? __pfx_raw_ioctl+0x10/0x10
[  198.643521][T12656]  __x64_sys_ioctl+0x18e/0x210
[  198.643549][T12656]  do_syscall_64+0xcd/0xfa0
[  198.643568][T12656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.643592][T12656] RIP: 0033:0x7f460678f7c9
[  198.643607][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  198.643624][T12656] RSP: 002b:00007f460766e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.643641][T12656] RAX: ffffffffffffffda RBX: 00007f46069e5fa0 RCX: 00007f460678f7c9
[  198.643652][T12656] RDX: 0000000000000000 RSI: 0000000083c0550b RDI: 0000000000000004
[  198.643662][T12656] RBP: 00007f460766e090 R08: 0000000000000000 R09: 0000000000000000
[  198.643672][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  198.643682][T12656] R13: 00007f46069e6038 R14: 00007f46069e5fa0 R15: 00007ffcaaec7fe8
[  198.643707][T12656]  </TASK>
[  198.645182][ T1457] usb 9-1: unable to get BOS descriptor or descriptor too short
[  198.727107][ T1457] usb 9-1: unable to read config index 0 descriptor/start: -71
[  198.730418][ T1457] usb 9-1: can't read configurations, error -71
[  198.970190][ T7011] usb 7-1: new high-speed USB device number 24 using dummy_hcd
[  199.244325][ T9971] usb 8-1: unable to get BOS descriptor or descriptor too short
[  199.250357][ T9971] usb 8-1: unable to read config index 0 descriptor/start: -71
[  199.252835][ T9971] usb 8-1: can't read configurations, error -71
[  199.270989][T12670] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2299'.
[  199.277582][T12670] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2299'.
[  199.326876][T12664] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.331334][T12664] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  199.337715][ T7011] usb 7-1: unable to get BOS descriptor or descriptor too short
[  199.343706][ T7011] usb 7-1: unable to read config index 0 descriptor/start: -71
[  199.347888][ T7011] usb 7-1: can't read configurations, error -71
[  199.438845][T12676] xt_hashlimit: size too large, truncated to 1048576
[  199.536667][T12680] bridge2: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  199.546799][T12682] bridge3: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms)
[  199.614637][T12686] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  199.616859][T12686] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  199.619516][T12686] vhci_hcd vhci_hcd.0: Device attached
[  199.868409][T12690] netlink: zone id is out of range
[  199.900264][ T6963] usb 44-1: SetAddress Request (2) to port 0
[  199.903135][ T6963] usb 44-1: new SuperSpeed USB device number 2 using vhci_hcd
[  200.110132][ T9971] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  200.260116][ T9971] usb 8-1: Using ep0 maxpacket: 16
[  200.265173][ T9971] usb 8-1: config 1 has an invalid interface number: 240 but max is 0
[  200.268577][ T9971] usb 8-1: config 1 has no interface number 0
[  200.271377][ T9971] usb 8-1: config 1 interface 240 has no altsetting 0
[  200.276423][ T9971] usb 8-1: New USB device found, idVendor=13d3, idProduct=3226, bcdDevice=7c.80
[  200.280236][ T9971] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  200.283654][ T9971] usb 8-1: Product: �
[  200.285547][ T9971] usb 8-1: Manufacturer: à°š
[  200.287633][ T9971] usb 8-1: SerialNumber: Ѓ
[  200.430492][ T7011] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  200.496131][T12687] vhci_hcd: connection reset by peer
[  200.499220][ T6183] vhci_hcd: stop threads
[  200.501162][ T6183] vhci_hcd: release socket
[  200.502430][ T9971] usb 8-1: USB disconnect, device number 29
[  200.503679][ T6183] vhci_hcd: disconnect device
[  200.682384][T12694] netlink: 44 bytes leftover after parsing attributes in process `syz.6.2307'.
[  200.686132][T12694] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2307'.
[  200.690702][T12694] loop6: detected capacity change from 0 to 2640
[  200.693358][T12694] ldm_validate_partition_table(): Disk read failed.
[  200.695620][T12694] Dev loop6: unable to read RDB block 0
[  200.697583][T12694]  loop6: unable to read partition table
[  200.699518][T12694] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  200.803712][T12692] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  200.806674][T12692] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  200.809994][T12692] FAULT_INJECTION: forcing a failure.
[  200.809994][T12692] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  200.814464][T12692] CPU: 0 UID: 0 PID: 12692 Comm: syz.2.2306 Not tainted syzkaller #0 PREEMPT(full) 
[  200.814483][T12692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  200.814490][T12692] Call Trace:
[  200.814494][T12692]  <TASK>
[  200.814498][T12692]  dump_stack_lvl+0x16c/0x1f0
[  200.814512][T12692]  should_fail_ex+0x512/0x640
[  200.814527][T12692]  _copy_to_user+0x32/0xd0
[  200.814542][T12692]  simple_read_from_buffer+0xcb/0x170
[  200.814561][T12692]  proc_fail_nth_read+0x197/0x240
[  200.814575][T12692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  200.814588][T12692]  ? rw_verify_area+0xcf/0x6c0
[  200.814603][T12692]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  200.814615][T12692]  vfs_read+0x1e4/0xcf0
[  200.814627][T12692]  ? __pfx___mutex_lock+0x10/0x10
[  200.814638][T12692]  ? __pfx_vfs_read+0x10/0x10
[  200.814652][T12692]  ? __fget_files+0x20e/0x3c0
[  200.814666][T12692]  ksys_read+0x12a/0x250
[  200.814676][T12692]  ? __pfx_ksys_read+0x10/0x10
[  200.814685][T12692]  ? fput+0x9b/0xd0
[  200.814700][T12692]  do_syscall_64+0xcd/0xfa0
[  200.814711][T12692]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.814722][T12692] RIP: 0033:0x7fae4c38e1dc
[  200.814732][T12692] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  200.814742][T12692] RSP: 002b:00007fae4d300030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  200.814752][T12692] RAX: ffffffffffffffda RBX: 00007fae4c5e5fa0 RCX: 00007fae4c38e1dc
[  200.814758][T12692] RDX: 000000000000000f RSI: 00007fae4d3000a0 RDI: 0000000000000005
[  200.814764][T12692] RBP: 00007fae4d300090 R08: 0000000000000000 R09: 0000000000000000
[  200.814770][T12692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  200.814776][T12692] R13: 00007fae4c5e6038 R14: 00007fae4c5e5fa0 R15: 00007fff284e1598
[  200.814790][T12692]  </TASK>
[  200.884091][ T7011] usb 7-1: unable to get BOS descriptor or descriptor too short
[  200.889369][ T7011] usb 7-1: unable to read config index 0 descriptor/start: -71
[  200.892888][ T7011] usb 7-1: can't read configurations, error -71
[  200.895433][ T7011] usb usb7-port1: attempt power cycle
[  200.902859][T12701] xt_hashlimit: size too large, truncated to 1048576
[  200.934018][T12696] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  201.010160][   T61] usb 11-1: new full-speed USB device number 5 using dummy_hcd
[  201.029395][T12706] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[  201.062495][   T40] audit: type=1400 audit(1764576761.139:5133): avc:  denied  { ioctl } for  pid=12710 comm="syz.4.2314" path="/dev/input/mouse0" dev="devtmpfs" ino=946 ioctlcmd=0x4b48 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  201.091766][T12712] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  201.094998][T12712] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  201.098805][T12712] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  201.103102][T12712] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  201.139506][   T40] audit: type=1400 audit(1764576761.209:5134): avc:  denied  { transfer } for  pid=12715 comm="syz.3.2316" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  201.177301][   T61] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  201.182350][   T61] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  201.186826][   T61] usb 11-1: New USB device found, idVendor=046d, idProduct=c513, bcdDevice= 0.00
[  201.191635][   T61] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.197479][   T61] usb 11-1: config 0 descriptor??
[  201.205294][T12698] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  201.225933][T12720] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  201.230683][T12720] block device autoloading is deprecated and will be removed.
[  201.235002][T12718] md: md2 stopped.
[  201.363335][T12726] xt_hashlimit: size too large, truncated to 1048576
[  201.421963][   T61] usbhid 11-1:0.0: can't add hid device: -71
[  201.424415][   T61] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  201.430019][   T61] usb 11-1: USB disconnect, device number 5
[  201.446006][ T5948] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  201.452425][ T5948] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  201.458469][ T5948] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  201.471615][ T5948] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  201.475154][ T5948] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  201.631872][T12730] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  201.682633][T12731] chnl_net:caif_netlink_parms(): no params data found
[  201.725263][T12731] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.727541][T12731] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.729931][T12731] bridge_slave_0: entered allmulticast mode
[  201.732640][T12731] bridge_slave_0: entered promiscuous mode
[  201.735732][T12731] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.737989][T12731] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.740479][T12731] bridge_slave_1: entered allmulticast mode
[  201.743326][T12731] bridge_slave_1: entered promiscuous mode
[  201.758127][T12731] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.762861][T12731] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.782063][T12731] team0: Port device team_slave_0 added
[  201.785178][T12731] team0: Port device team_slave_1 added
[  201.798317][T12731] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.800723][T12731] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.808130][T12731] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  201.812842][T12731] batman_adv: batadv0: Adding interface: batadv_slave_1
[  201.815026][T12731] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  201.823075][T12731] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.845494][T12731] hsr_slave_0: entered promiscuous mode
[  201.847733][T12731] hsr_slave_1: entered promiscuous mode
[  201.849862][T12731] debugfs: 'hsr0' already exists in 'hsr'
[  201.851958][T12731] Cannot create hsr debugfs directory
[  201.903034][T12749] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  201.922951][T12731] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  202.047219][T12731] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  202.144800][T12731] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  202.197651][T12731] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  202.367141][T12763] netlink: 'syz.3.2330': attribute type 10 has an invalid length.
[  202.372387][T12763] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2330'.
[  202.387749][T12763] net veth1_virt_wifi virt_wifi0: entered promiscuous mode
[  202.391666][T12763] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[  202.396531][T12763] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check.
[  202.455149][T12731] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  202.460683][T12731] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  202.466671][T12731] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  202.468076][T12767] loop6: detected capacity change from 0 to 2640
[  202.474864][T12767] buffer_io_error: 90 callbacks suppressed
[  202.474878][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.475615][T12731] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  202.477605][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.486415][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.491223][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.493981][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.496993][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.499662][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.502737][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.505241][T12767] ldm_validate_partition_table(): Disk read failed.
[  202.507339][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.509900][T12767] Buffer I/O error on dev loop6, logical block 0, async page read
[  202.514071][T12767] Dev loop6: unable to read RDB block 0
[  202.516510][T12767]  loop6: unable to read partition table
[  202.525857][T12767] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜€) failed (rc=-5)
[  202.555873][T12731] 8021q: adding VLAN 0 to HW filter on device bond0
[  202.572126][T12731] 8021q: adding VLAN 0 to HW filter on device team0
[  202.577466][ T6162] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.580635][ T6162] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.596039][ T6168] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.599114][ T6168] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.604523][T12765] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  202.746754][T12731] 8021q: adding VLAN 0 to HW filter on device batadv0
[  202.783741][T12731] veth0_vlan: entered promiscuous mode
[  202.789313][T12731] veth1_vlan: entered promiscuous mode
[  202.804944][T12731] veth0_macvtap: entered promiscuous mode
[  202.811767][T12731] veth1_macvtap: entered promiscuous mode
[  202.821029][T12731] batman_adv: batadv0: Interface activated: batadv_slave_0
[  202.827321][T12731] batman_adv: batadv0: Interface activated: batadv_slave_1
[  202.833468][ T6183] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  202.836412][ T6183] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  202.839199][ T6183] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  202.842796][ T6183] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  202.889284][ T6162] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.893378][ T6162] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  202.916690][ T6183] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  202.919259][ T6183] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  203.253493][T12816] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  203.500326][ T5948] Bluetooth: hci6: command tx timeout
[  203.645984][T12840] KVM: debugfs: duplicate directory 12840-10
[  204.173502][T12870] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  204.732683][T12907] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  204.806429][T12913] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  204.940855][ T6963] usb 44-1: device descriptor read/8, error -110
[  205.331070][ T6963] usb usb44-port1: attempt power cycle
[  205.422242][T12954] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  205.509769][T12959] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  205.564233][T12964] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  205.580367][ T5948] Bluetooth: hci6: command tx timeout
[  205.693335][T12970] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  205.756439][T12972] ------------[ cut here ]------------
[  205.758306][T12972] WARNING: CPU: 3 PID: 12972 at arch/x86/kvm/lapic.c:3483 kvm_apic_accept_events+0x444/0x4c0
[  205.762230][T12972] Modules linked in:
[  205.763948][T12972] CPU: 3 UID: 0 PID: 12972 Comm: syz.4.2403 Not tainted syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  205.767518][T12972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  205.771479][T12972] RIP: 0010:kvm_apic_accept_events+0x444/0x4c0
[  205.773579][T12972] Code: 34 03 00 00 02 00 00 00 e9 ae fd ff ff 4c 89 ef e8 b1 af de 00 e9 33 fc ff ff e8 77 af de 00 e9 17 fd ff ff e8 ed 0b 76 00 90 <0f> 0b 90 e9 24 fd ff ff e8 8f af de 00 e9 de fb ff ff e8 55 af de
[  205.779883][T12972] RSP: 0018:ffffc900048dfc38 EFLAGS: 00010283
[  205.782152][T12972] RAX: 0000000000000708 RBX: 0000000000000002 RCX: ffffc900066a9000
[  205.784752][T12972] RDX: 0000000000080000 RSI: ffffffff8146dbf3 RDI: 0000000000000005
[  205.787395][T12972] RBP: ffff888029689c00 R08: 0000000000000005 R09: 0000000000000002
[  205.791294][T12972] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000001
[  205.794701][T12972] R13: ffff888029689ce0 R14: ffff88804a3e8030 R15: 0000000000000001
[  205.798016][T12972] FS:  00007f460766e6c0(0000) GS:ffff8880d6d05000(0000) knlGS:0000000000000000
[  205.801962][T12972] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  205.804801][T12972] CR2: 000000000005fff8 CR3: 0000000031cb8000 CR4: 0000000000352ef0
[  205.808465][T12972] Call Trace:
[  205.809931][T12972]  <TASK>
[  205.811617][T12972]  kvm_arch_vcpu_ioctl_get_mpstate+0x103/0x450
[  205.814385][T12972]  kvm_vcpu_ioctl+0x7b8/0x1690
[  205.816489][T12972]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  205.818739][T12972]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  205.821513][T12972]  ? do_vfs_ioctl+0x128/0x14f0
[  205.823426][T12972]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  205.825579][T12972]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  205.828052][T12972]  ? hook_file_ioctl_common+0x145/0x410
[  205.829894][T12972]  ? selinux_file_ioctl+0x180/0x270
[  205.832253][T12972]  ? selinux_file_ioctl+0xb4/0x270
[  205.834446][T12972]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  205.836179][T12972]  __x64_sys_ioctl+0x18e/0x210
[  205.837760][T12972]  do_syscall_64+0xcd/0xfa0
[  205.839527][T12972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.842437][T12972] RIP: 0033:0x7f460678f7c9
[  205.844382][T12972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.853444][T12972] RSP: 002b:00007f460766e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  205.857048][T12972] RAX: ffffffffffffffda RBX: 00007f46069e5fa0 RCX: 00007f460678f7c9
[  205.860714][T12972] RDX: 0000200000000040 RSI: 000000008004ae98 RDI: 0000000000000005
[  205.864214][T12972] RBP: 00007f4606813f91 R08: 0000000000000000 R09: 0000000000000000
[  205.868004][T12972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  205.871623][T12972] R13: 00007f46069e6038 R14: 00007f46069e5fa0 R15: 00007ffcaaec7fe8
[  205.875129][T12972]  </TASK>
[  205.876574][T12972] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  205.879636][T12972] CPU: 3 UID: 0 PID: 12972 Comm: syz.4.2403 Not tainted syzkaller #0 PREEMPT(full) 
[  205.883594][T12972] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  205.888122][T12972] Call Trace:
[  205.889649][T12972]  <TASK>
[  205.890918][T12972]  dump_stack_lvl+0x3d/0x1f0
[  205.892908][T12972]  vpanic+0x640/0x6f0
[  205.894634][T12972]  ? kvm_apic_accept_events+0x444/0x4c0
[  205.897138][T12972]  panic+0xca/0xd0
[  205.898859][T12972]  ? __pfx_panic+0x10/0x10
[  205.900887][T12972]  check_panic_on_warn+0xab/0xb0
[  205.903116][T12972]  __warn+0xf6/0x3c0
[  205.904876][T12972]  ? kvm_apic_accept_events+0x444/0x4c0
[  205.907332][T12972]  report_bug+0x3c3/0x580
[  205.909215][T12972]  ? kvm_apic_accept_events+0x444/0x4c0
[  205.911805][T12972]  handle_bug+0x184/0x210
[  205.913773][T12972]  exc_invalid_op+0x17/0x50
[  205.915811][T12972]  asm_exc_invalid_op+0x1a/0x20
[  205.918011][T12972] RIP: 0010:kvm_apic_accept_events+0x444/0x4c0
[  205.920808][T12972] Code: 34 03 00 00 02 00 00 00 e9 ae fd ff ff 4c 89 ef e8 b1 af de 00 e9 33 fc ff ff e8 77 af de 00 e9 17 fd ff ff e8 ed 0b 76 00 90 <0f> 0b 90 e9 24 fd ff ff e8 8f af de 00 e9 de fb ff ff e8 55 af de
[  205.929375][T12972] RSP: 0018:ffffc900048dfc38 EFLAGS: 00010283
[  205.932224][T12972] RAX: 0000000000000708 RBX: 0000000000000002 RCX: ffffc900066a9000
[  205.935751][T12972] RDX: 0000000000080000 RSI: ffffffff8146dbf3 RDI: 0000000000000005
[  205.939276][T12972] RBP: ffff888029689c00 R08: 0000000000000005 R09: 0000000000000002
[  205.942862][T12972] R10: 0000000000000002 R11: 0000000000000001 R12: 0000000000000001
[  205.946428][T12972] R13: ffff888029689ce0 R14: ffff88804a3e8030 R15: 0000000000000001
[  205.950020][T12972]  ? kvm_apic_accept_events+0x443/0x4c0
[  205.952528][T12972]  ? kvm_apic_accept_events+0x443/0x4c0
[  205.955040][T12972]  kvm_arch_vcpu_ioctl_get_mpstate+0x103/0x450
[  205.957905][T12972]  kvm_vcpu_ioctl+0x7b8/0x1690
[  205.960159][T12972]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  205.962511][T12972]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  205.965205][T12972]  ? do_vfs_ioctl+0x128/0x14f0
[  205.967382][T12972]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  205.969680][T12972]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  205.972776][T12972]  ? hook_file_ioctl_common+0x145/0x410
[  205.975274][T12972]  ? selinux_file_ioctl+0x180/0x270
[  205.977616][T12972]  ? selinux_file_ioctl+0xb4/0x270
[  205.979949][T12972]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  205.982284][T12972]  __x64_sys_ioctl+0x18e/0x210
[  205.984487][T12972]  do_syscall_64+0xcd/0xfa0
[  205.986541][T12972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  205.989225][T12972] RIP: 0033:0x7f460678f7c9
[  205.991254][T12972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  205.999798][T12972] RSP: 002b:00007f460766e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  206.003445][T12972] RAX: ffffffffffffffda RBX: 00007f46069e5fa0 RCX: 00007f460678f7c9
[  206.006934][T12972] RDX: 0000200000000040 RSI: 000000008004ae98 RDI: 0000000000000005
[  206.010591][T12972] RBP: 00007f4606813f91 R08: 0000000000000000 R09: 0000000000000000
[  206.014099][T12972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  206.017294][T12972] R13: 00007f46069e6038 R14: 00007f46069e5fa0 R15: 00007ffcaaec7fe8
[  206.020704][T12972]  </TASK>
[  206.022686][T12972] Kernel Offset: disabled
[  206.024081][T12972] Rebooting in 86400 seconds..