last executing test programs:

28.216030831s ago: executing program 2 (id=553):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001040)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29428f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae11a973735b36d5b1b63e91c00305d9be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c580263093ca9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6fa94fc488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c766000a5e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1386abdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060fb30e900caab415db6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3c901cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ffffff7f000000007f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca405d8c5f64fdb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb40800000077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e5e2c664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53dc10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fa6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf475bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c02b5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadbb25c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d060000008926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @dstopts_2292={{0x50, 0x29, 0x4, {0x4, 0x7, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0x80, 0xe, "09e12e5f0b6bdcf72f2ec7008a15"}, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}]}}}, @hoplimit={{0x14}}, @hopopts={{0x40, 0x29, 0x36, {0x5e, 0x4, '\x00', [@generic={0xff, 0x10, "50d650847249ad288702ebd0d654b985"}, @pad1, @pad1, @calipso={0x7, 0x8, {0x3, 0x0, 0x0, 0xfff}}]}}}], 0xc0}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001740)=[{{&(0x7f0000000480)={0xa, 0x4e23, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000100)=[{0x0}], 0x1}}], 0x1, 0x24088804)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed88", 0x3a}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xce}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

27.264625706s ago: executing program 2 (id=557):
openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_clone(0xa0700000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_procfs(r2, &(0x7f0000000040)='fdinfo\x00')

27.084968247s ago: executing program 2 (id=558):
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000ec0)=[@dstopts_2292={{0x78, 0x29, 0x4, {0x4, 0xb, '\x00', [@calipso={0x7, 0x8, {0x1, 0x0, 0x9, 0x9f}}, @generic={0xfe, 0x25, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5"}, @generic={0x80, 0x11, "09e12e5f0b6bdcf72f2ec7008a15fa88b0"}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}]}}}, @hoplimit={{0x14}}, @hopopts={{0x30, 0x29, 0x36, {0x5e, 0x2, '\x00', [@generic={0xff}, @pad1, @pad1, @calipso={0x7, 0x8, {0x3, 0x0, 0x0, 0xfff}}]}}}], 0xc0}}], 0x1, 0x810)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000000)=[{0x6, 0x9, 0x8}]}, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000300)=[{{&(0x7f0000000280)={0xa, 0x4e20, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000600)="6a9ee35872dedd3fa3577ce3d64d437abb6e906ee0d0354bcc7edf38e105d37f635fbb3b9c00a3d3bc61866fb3389eff2a0443cf6c38450ce2732419a8329bbe26f4eb1c9edcbf53fb1b0df9c77d6864e90753e3800dff58b9950616473ea1e55b947db3de3ebb8f63edf11ebec9eef2da6b9f545e28273d239534a4682dc23c44a85f64d17bbf41e291f3e3092626f045d8b2b5df6e478729cc88a79aa5f7fe99e374f09c34fe5b63b6dffd256f4ab6ec553520f191b386b290ce1e7fe4c59288afbcafe11869395eaae3f5562347", 0xcf}, {&(0x7f0000002840)="33db2a1949865d5bb1c5bfb13ffb96a1cdad02489f447c9f6e61ae185cf1962c0bee82f04dfd646365d75c057a118bea734fb3f7e5bd047d4c32bf72ead3fa9aca6aeb1cc044533c24edc3e8ec198203ec244cb6b2b79bedc3a8a74e17e85b4c32c0819c4c77dcc823cb4fa659cffc6e8348b875e177f03f4378da4b36ac7df34de2f67398e62f3708bb83c1b0f505aaa85a3422cf0a710a03415896a50197b4a0624542e33fdad43547a88b0fc5d26804a2c8f54e65fbeaae715fbba862f15688e80655f3890ac49ca3ccb40cb2dd711b88d4480d20c760f12c23568c8b5fe181abc11d1f2ab914f875ba85f8355c9d248deef68e71555867160c0161a078f42d6778ee2bcc3015ccb433ff9022b312b620c18e4f4b3824d186e3051adf3a6e0332222108e63f6eda5a1517ee3765ae0677f165fde798d1917a2583aa4b52e67438cf61f0cadd336edf8b5f132d54f4ca42b3d8d39ccba6293913d4f233f29af17bcf049306e43f99ad7c321bacbfa17c2e8d8269e42c5390e279a1a1370c15bec875beb8542823f5ab28abb5d48fd5662bbf3516ef63120e56fffe7d1e86748b788f80ef4deaaaeb0815d8fa04bdd351a00618ff45c64a886de5a7b51408a1d53ce8d4d7c2891492e10d1de29d4e0ef564a859500f97048c1a0b319e1305c1f228882d02a227dea730ce09b1200813bfbf6750800d1bd8d2c264ac6063d4b0fb4cb42c1924a6fac095d848450a00dcc6a827b9d0bcc0131ff3da234568d469f1246848b71bd3dfbe767de19ffe542a0a37317d84bfc63c9449a4cc04446c859f972b77188eb5b7517540b70c5a0701c78ca108c09aadd28a91278cb6633d88cff45cfd5e30f87d6be9eb53cf89d5c047f3c36f490fa652a148c5d824b2d9cb8ffe1edb80cd48922aede8f3b22d21806572bf5b7bbcd27555b41e137eb06e5a3f514780796a2c8700d13eeb1800227298d82e42388a3aad5293562cc05650ef93d23d5290dc0de915d8143f76b2838cea8db2ca4cc802cd8d6d2c43c95f919bf0ebd7403f8047a0c010dcbc26a4bead1b274b573773ad2a2000c7730b49d5a97505024b905be151207a4d737233ccd853c4420391150e546b205181aa376088c5ccfe1b42da805cb6eca7e7d622daeff2c66d75697f7cc50ce2cc096cfedfd5d6cc5551a83dd3beb24ecf9c0160e190138e8eb9e86de71ccd5d76a258844e34683f7accd5f0b07a87be90b7ae6976f4a89183ab489754c9034eee063309f8d8f36914cc56887e80acb660b40f8960df4280641cc2199fd90d4f71923f041396b834d3af2558f04055e1133140d3a4399cf32a1a1d441056c114a5311f0a9a13ee68ddc1481ccad45bcec671d980f8cc1e2155a637bd2f9dcc8f7ab57683c841545f4c6a1e75ebf778b518e2185935f7c6b020ee30a29355f6bf0e5adaac184a25aba83aa5221d983235d8c277c81c26497c1d019056a56abf062203887bd4a1143b991ac51b2aa136793e331ef84556ec6d254e2adadf0d77c21d46fadbe3cd187bf36f18905e24f6dbeb7e2a75119f943d1cd55ec316a58116fb2f00d511ddddc7baa8dd8e67a7b2a6a5bcac586115dd8ff84a899503d06d62e1d51f82d2681811da3ac71c76133f81308e048734030f24e6988b1cc512c9518365f87c0f00776ef77cab78d0f04f4d077dec4705da22593d934ad32b7bd17c6dc9957d5b742ef8f0894b15c27c3fac6775bbf4cbe107b1d726d1ef6f6b1d20a7ea23b34b87cb3dfcd5747f4f598bb4832de298032db313bbc727f1ea41ac96c8979387b375490e3199585d2a932734ab265afc1fb12253ede0c5dfcf702c88619919c8b8aff987ceaddd9e40bb43d34599b50b07bf2fc605e5e2c8e8b70e63bc0893af943641c3ae65cf717aa01d537e44eab989fff563d22be3c6ba7e25bd4ef6c8001e87a59788ac3140143620cf8a6e62cdad64a11fca4bbdece3d3c8032850f40de027e2dbaa3b250af2babc1549b8f8fa72c52e868743ba43e183f50c8b9d8ce45d0acf64758fd65edb776199ee84c6da0d228e0627e0ea92949e4dc6ef5f023b7c6e1a9d261384fa4db33962341c330b710405b1a339209fdfc6cb2eb29a7fb3ccbe4a1c7e2daf4f6f1c227ed4b77384938d082f59bfee13585ca9fc46c232f62ebb6287c3e02018313f22c0c8096a37c1506873294ede68b3eba8cc66ca31f40f0d19ff1536fd8fb42b3ff2fa3b191194d6d04e2d056b0c3c0c4abd88bc1c7e4c5b1e7b31245acebf616d2746d461c8a75ae762b2df0862c7705f2cad59f00303afaa9d9e774d005eecb3fe80c5bee4266703c2981803d7aad43c42d312e9376fc2a03b3a9067e88e1a4c063646493a63cc95082ad51505176a7dda5b4493dbc78a4021f6a0d31868d75ee08bb6129e84f247eb3ad352ec045c8d5dc8ee5ad7b7eae948ae056f523a4745f3839cb763505afe12e8b0a988caba151b38549e06738a15dfec6a5597b31f47fbbcb622b4b6dce331b50a4a7561396da5e3cd3383840afc00ac0537bf03a8aab179330a38d15115a01b0db44c9302bc908a5d86c5acef4859fc7464a0e4f2970f4221bffdd617bff126e6256cfbd24be7dc1eee65996013cd23a184ba66c7c0cdeb6b551fab006fda43591645106cf836bed95c143df06918fc0a3c32f6eea50a5208550fb42503987e64571d718b751597998d76941feed27076b64492eea782db891df0f69e89a6211d584f9f9c7d090ec9f6dd70a590436dfa4790a534bdfc1f46fd1ddbbcee124cd9668d968d95add753b630262989cf986b146722242b17cb2bbb083b590ab4946cf25326024a6d4377a9988a3335a84e0eba9c4287cf5fd3304e11cba1119c22a6ae371aa82cd398499a80be864159c08b6925ecc3d25b2aa9a841a5131123e09697cc5e516e9a117b6e86a6ebee3bb39f0801ffcc65f1acbd69f8cab1a1ec921d144366af2049aac2d58cbc20333d1fd63695891d50209e50a281f3a1906d8d12b5dd1610c307901d6283db0e8833bb63714785332cc03f28111d64a6649267da73ef1d9ebb0bd584fd651cce2518ce7bf40c48b07d6f50b1aa224d656d1cd8db83f250ddac303ff8076a4c151abacb7ceb18b10cc3c3de6f929d3858074223765d0e0005606b550f4a00cc855a8d8a99dac57a4a8b15729638dd982aec22e79c42bf3b5f67fe2ab4632acadc954444fb54806d730880b48cb10d641f3b607e6413d106c0622ba4670c169c0bc3073cf6bf160e7989b78aaae81e7306727c2d13776d827a209a4a84805f2b8f5bbf2950e9d213a344f236c9dfbfe0a4fed7eb5d27d3bb15e89d454bc3dc83df918e57e8b4c763aeabdd00cd768b69a052e848694b97cef6c333eed2d3278cefa13c73c4d1b886c1c23c3a9a5533d4f0aea3416fb0054a42c3b61ec6eebd0cadff6106cc7b58e2b5aefd2d9482d37cdbc04cfff4e8efde9397598d3f164483613391be5d96eab911ab979c9418b26abcf05d14e1c1fc84a943829d3a84d08ea171034c60a953fca50fb373aa1ffe26cf1ed8f1e2b64b50f05f22af000ccdfc87fc5d999ee0d5ade3e1438747a55ac95482b6619c4bf41dea7d164aaa6922b2f563a95ac5f4b906c3bc8172a184e7d28a1e10e0a38455a4a326610b41da0e48fcd60be7417b9a92ad92ecc6068dbcb93543f02c1ca310d45d118869e06169f2164d4ce5a6f96a5b8b75bbcd945c8f7e947cb435051fcf6f8f8244269b4d3412aaf91374b18f385ba052eedd9613793a9d1382d30b912f0af55bd3b7a821fb1fc32c62434970afd2af33707487beb86fae9a927e1a10e2", 0xa96}], 0x2, &(0x7f0000000b40)}}], 0x1, 0x4000081)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

26.660164651s ago: executing program 2 (id=561):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='ns\x00')
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000040)={[0x9, 0x4, 0xf, 0x0, 0x0, 0x40, 0x6, 0x100000001, 0xfffffffffffffff7, 0x100000001, 0x3, 0x6, 0x3, 0x2, 0x4, 0xfffffffffffffff5], 0x41000})
syz_open_dev$sndmidi(&(0x7f0000000100), 0x1, 0x80500)
pipe(&(0x7f0000000080)={<r1=>0xffffffffffffffff})
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f0000000380)=[{&(0x7f0000000400)="0dd2e7", 0x3}], 0x1, 0x0)
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000300)='./file0\x00', 0x2000004, &(0x7f0000000900)=ANY=[@ANYBLOB="00e3078fbb81fca067351e718b1742354077ee6bdefb8addaf7c0c235850b66dac0ba564a370a77264f1a57d44c84efc49fa6c64b9351ea8fd59a458a7791fedcc466b0eab6ca6dd32fcc642517fa3219450b91e3118bf2b9d3cfa562ea44c058252d29181c81c637c6ba7d179122eee61e5c9f68165b6abd469da8d90c0632f7265bb040411d5748c475bb33a7ce77afb2ea533f1653d8cb67dad989bb0a1c16881f0d91d6cbd3751c289aecf4a00"/185, @ANYBLOB="b12398658f5ec6488081d04c33b5a507b1cac8c4376c1895046a1e6e068e53d002eb4279796b4c014f4febee026f87bd0eea7d27598f7ff2687552fdd651", @ANYRESOCT=0x0, @ANYRES64], 0x1, 0x497, &(0x7f0000002480)="$eJzs281vG8Ufx/HPbGJnk/b3w31yC6qEJSSKiiix05I+gRRa0iL1gbYJAqEWhcYJVhMnitOqraCtxKFHoEggJA7l0AtCVZHgAgcOcOM/4MKtBy6YEycQms2sd+26JK0fEjfvl5R4vPv17uzM7OysdywAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC9/MpQf9Ysdy4AAEA7HTt1sj/H9R8AgFVlhPt/AACA1cTI0ycy+uHTsjkavF/gHykUz18cPThc/2O9JvhkVxBv//xsbmDnrhcGd4ev//35Zntcx0+NDGUOzEzPzuVLpfx4ZrRYODsznl/yFhr9fK3tQQFkps+dH5+YKGVyOwaqVl9M3e1Zk07tG0zvfzqMHT04PHwqFtOdeOi93+N+I/ykPF2XUfnj2+aYJE+Nl8UibafVeoOD2B4cxOjB4eBApgpjxXm70oQF4VWXSTIsozbURUM2SjZfJtmce7aEPJVktCldNscldYXl8GzwxfDiG/Cako0HZvN5WlJGHVBnK1iPPO2S0Y09Kb1myyys/27p/eXOHFquW55uy2jbS2VzIugP7Plku80jr2deLU7MxGKNcWdUp18f2mmF902+PB0LzviyObncmUHb2cHSaRntHLkQjCsUjEsf2zd46PBIfISxeZHt2NgdLr2Ua3IiNnQwyzSGAAAAAAAAAB51vvGC7+I+/8YP3mfcMyCsEsbT8zL683A5eDQen5fQFZvfUdHpz35am/9e/8DM7KW5wuS783XX9/lD75Tm58bO1l+tXnvyVX0dvtg8hgYljKfdMrr6z51ovylj064biHZ0a3+UN9/UrA3azf8X5rOEzxD2Dm+Op+tm+QGej6XcfumfgOYwxtOQjCa+3+LmfvTpnj7IxX0roz9ubnVxXtIGhadpKvjvTxSm8v029icZffl3GBtMM9MaF7shis3aWE9GHx2tjl3rYjdGsTkbe0hGP5+pH7spih2wsR/IaPb3TBjbZ2OfdLHpKHbH2Zmp8ZYV8Apn+/8rMlr/YsaEdenKy3WzXZXYW+9F/f212g3dp89vtP9PxZZdc+3wrm2vZ7YEbS9or1799npdRl9/t9XFLbSVpFu/Lvgftdc3ZDT5S3Vsn4tdH8Vml1ywHcLW/9syyhXvVMrG1b+rgdj1P1b/T9S2jhbV/7rYspTbb09zDh2SSpcunxubmsrPkSBBYgmJHq2IbCySCPvlh9/OMndMaAt7/f9MRm+e+LUy3nHXfzesjsZ/f12Jrv97azfUouv/+tiyvW40kuiW/Pnp2URa8kuXLj9XmB6bzE/miwO57J7+PTsHs4lkOLaLUg0X1SMp4e7VLnz4VeX+rHr8V3/831e7oRbV/waXzXCfUSfVlMNf9Wz9/yajt368U7mPtvV/sxJRPf4P77OeeWrhtXJ+tqj+N8aWpdx+/9eE4wYAAAAAAAAAAAAAAACATpcwnm7IyD/dbcLfRi1l/t89P5hq0fyvdGzZeJt+r9BwoQJAB/Dk6QsZbVPZXLUL1kpH4694pP0bAAD//3VdHM0=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x80, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$INCFS_IOC_FILL_BLOCKS(r2, 0x80106720, &(0x7f0000000240)={0x3, &(0x7f0000000440)=[{0x4, 0xa1, &(0x7f0000000140)="3ce9be4834645d160df97f0d42acfbc6aab0ca68027c16b896eaf353b88469ed699ffa66eade50666c1ed10140da413f773803122f551b874878ab9e5acea18673443cdb9dd5ce954c6d2ec62350b026dc2a9886d7a474f1c4433d86c0d5273e2d06e0c3960eaa6d6032b3e7e802fd63bcf6429b3bec7d01247e7e8ed927652c0871a9a7631710b8b7034f07ca3532db4c53666eb4b5adf2e374fbfaf5a76847ed", 0x1}, {0xae0, 0x2f, &(0x7f0000000200)="8cd313810d77adb488b23353017e781ceca521da6d68de0e15c1fb85dc2cf948fbaa04b43f19069a6d7a09f80935dc"}, {0x7fff, 0xa0, &(0x7f00000002c0)="b7c88717358faed41a0540c545da6bfe1e2bd8cc73a1bfb51fc6cf97ef8aaaf7b3e67462619a955f32636812ea4d22d7f1a7219322160ee261e99d939ae6f6f3b0d933870cd3291651ef57cf3068c3adb9619fcccfafacdc0fc833a3a9fc6287d237f9e48abfb18b2accf4237cda76433b327d7944da682aabc926a11afe0c6359fc3eefda684f3ecb60403ef113ec23039e49573d1e9f45809c3ad2090aba6c", 0x0, 0x1}]})
tee(r1, r3, 0xfffffffffffffffd, 0x0)
r4 = syz_open_dev$radio(&(0x7f0000002100), 0x2, 0x2)
ioctl$int_in(r4, 0x5421, &(0x7f0000000100)=0x6)
ioctl$VIDIOC_S_FREQUENCY(r4, 0x402c5639, &(0x7f0000002280)={0x0, 0x1, 0x40})
readv(r4, &(0x7f0000000280)=[{&(0x7f0000000000)=""/183, 0xb7}], 0x1)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)

25.344108377s ago: executing program 2 (id=568):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x6, 0x0, 0xbdb], 0xffff1001, 0x120182})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x7, 0x1000000, 0x68ff, 0x5, 0x9, 0x3, 0x5], 0xeeef0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

24.577162272s ago: executing program 2 (id=574):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x2000, 0x0, 0xf008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd000, 0x200000, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x4, 0x0, 0x74, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x1}, {0x8080000, 0xf000, 0x0, 0x0, 0x3, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xa6}, {0x11000, 0x0, 0xa, 0x0, 0x73, 0x40, 0x0, 0x0, 0x0, 0x20, 0x58}, {0xffff1000, 0xeeee0000, 0xb, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {0x70000, 0x41000, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb}, {0xf000, 0x2}, {0x1, 0xfffe}, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x8000, 0x6000, [0x5, 0x0, 0x0, 0x3]})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x10, 0x8001], 0x1, 0x3c4210})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x400000b0, 0x0, 0xfffffffffffffffd}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

24.340141646s ago: executing program 32 (id=574):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x2000, 0x0, 0xf008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd000, 0x200000, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x4, 0x0, 0x74, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x1}, {0x8080000, 0xf000, 0x0, 0x0, 0x3, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xa6}, {0x11000, 0x0, 0xa, 0x0, 0x73, 0x40, 0x0, 0x0, 0x0, 0x20, 0x58}, {0xffff1000, 0xeeee0000, 0xb, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {0x70000, 0x41000, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb}, {0xf000, 0x2}, {0x1, 0xfffe}, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x8000, 0x6000, [0x5, 0x0, 0x0, 0x3]})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x10, 0x8001], 0x1, 0x3c4210})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x400000b0, 0x0, 0xfffffffffffffffd}]})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

2.806543746s ago: executing program 1 (id=673):
openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x42042, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)={0x9, 0x0, [{0x40000001, 0x0, 0x6}, {0x2cb, 0x0, 0x8}, {0xa2b, 0x0, 0x2}, {0x92f, 0x0, 0x1}, {0xd2dea46e3a93a6a3, 0x0, 0x5d}, {0x234}, {0x3a0, 0x0, 0x6}, {0x850, 0x0, 0x1}, {0x35f, 0x0, 0x9}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x8aba, 0x4, 0x4, 0x804, 0x7, 0x5, 0x120000, 0x5, 0x0, 0x8, 0x8000000000000001, 0x2, 0x0, 0x101, 0x3, 0x1], 0xeeee0000, 0x141200})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.759874429s ago: executing program 4 (id=675):
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000100)={0x2, 0x0, @ioapic={0x1000, 0x14d, 0x3, 0x8001, 0x0, [{0xee, 0x81, 0x8, '\x00', 0xc}, {0x5, 0x5, 0x3}, {0x10, 0xb, 0x3, '\x00', 0x8a}, {0x2, 0x5, 0x24, '\x00', 0x1}, {0x3, 0x9}, {0x5, 0x6, 0x4, '\x00', 0x7}, {0x7, 0x1, 0xff, '\x00', 0xd9}, {0x8, 0xf9, 0x36, '\x00', 0xc1}, {0xff, 0x1d, 0x2, '\x00', 0x1}, {0x3, 0x6, 0x4, '\x00', 0x98}, {0xc, 0x81, 0xf6, '\x00', 0x9}, {0x1, 0x0, 0x6b, '\x00', 0x2}, {0x7, 0x3, 0x6, '\x00', 0x8}, {0x1, 0x2, 0x35, '\x00', 0x8}, {0xa, 0xa4, 0xa0, '\x00', 0x4}, {0xed, 0x9, 0x4, '\x00', 0xe8}, {0x5, 0x5, 0xfa}, {0x3, 0x2, 0x5, '\x00', 0x3}, {0x6, 0x4, 0x1, '\x00', 0x4}, {0x80, 0x6, 0xc, '\x00', 0x3}, {0xe, 0x7d, 0x3, '\x00', 0x8}, {0x0, 0x0, 0x81, '\x00', 0x1}, {0xc0, 0x1, 0x6, '\x00', 0x9}, {0x8, 0x96, 0xb7, '\x00', 0x10}]}})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}], 0x30})
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000140)={0x1, 0x0, @ioapic={0x8080000, 0xffff, 0x20, 0x4, 0x0, [{0xf1, 0x8, 0xa, '\x00', 0x5}, {0x81, 0x7, 0x1c, '\x00', 0x2}, {0x5, 0x1, 0x9, '\x00', 0x75}, {0x3, 0x7, 0x48, '\x00', 0xd}, {0xc, 0x0, 0x89, '\x00', 0x2}, {0x9, 0x3, 0x1, '\x00', 0xc3}, {0xf, 0x13, 0xab, '\x00', 0x8}, {0xfa, 0x9a, 0x3, '\x00', 0x9}, {0x4, 0x9c, 0xbe, '\x00', 0x5}, {0x7, 0x7, 0x8a, '\x00', 0x3f}, {0xd, 0x24, 0x2, '\x00', 0x8}, {0x0, 0x3, 0x6, '\x00', 0xb}, {0x7, 0x3, 0x4, '\x00', 0x6}, {0x2e, 0x3, 0x2, '\x00', 0x10}, {0xc, 0x8, 0x40, '\x00', 0x2}, {0xc9, 0x8, 0x0, '\x00', 0x7f}, {0x8, 0x80, 0x6, '\x00', 0x4}, {0x7a, 0x7, 0x4, '\x00', 0x7}, {0xe, 0x5, 0xfc, '\x00', 0xfb}, {0x3, 0x2, 0x4, '\x00', 0x7f}, {0x2, 0x6, 0x1, '\x00', 0xc}, {0x9, 0x2, 0x7, '\x00', 0x91}, {0x80, 0x80, 0x8}, {0x2, 0xfa, 0x7, '\x00', 0xa}]}})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xff00})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xffffffffffffffed, 0x0, 0x1000000000001, 0x4000000000000, 0x4002004c8, 0x1007, 0x1, 0xc595, 0x5, 0x1, 0x3ff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x1, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x6, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x5, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x2, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x100000, 0x202, 0x100000002, 0x0, 0x2000, [0x5, 0x4, 0x4000000000000009, 0x3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x2001000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xffffffffffff7ffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.587205209s ago: executing program 5 (id=676):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x10000, 0x7000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x33, 0x6, 0x5, 0x3}, {0x2, 0x0, 0x1c, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x8092000, 0xf, 0xbe, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x18, 0x0, 0x4}, {0x5000, 0xe000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0x2, 0xffff, 0x10, 0x4, 0x8, 0x8, 0x0, 0xf9, 0x3, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0x40000, 0x17}, 0xc0010019, 0x0, 0x0, 0x202, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.386891171s ago: executing program 4 (id=679):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x4, 0x1, 0xe, 0x0, 0x6, 0x9, 0x6, 0x1, 0x0, 0x3, 0x9, 0xeb}, {0xffff1000, 0x80a0000, 0xa, 0xe, 0x5, 0x8, 0x4, 0x14, 0x4, 0x5, 0x8, 0x3}, {0xf000, 0xeeef0000, 0x10, 0x8, 0x6, 0x7, 0x81, 0x3, 0x7, 0x8, 0x81, 0x6e}, {0x5000, 0x6000, 0xd, 0xfe, 0x6, 0xaa, 0xc3, 0x0, 0x0, 0x4, 0x80, 0xe}, {0xdddd1000, 0x2000, 0xa, 0xff, 0x8, 0x9, 0x6, 0xa, 0x5, 0x6, 0x2, 0x9}, {0x5000, 0x0, 0x9, 0xb9, 0x5, 0x7, 0x42, 0x6, 0x90, 0x1, 0x0, 0xd}, {0xeeef0000, 0x4, 0x0, 0x9, 0xc, 0x7, 0x4, 0x63, 0xd3, 0x9, 0x14, 0xd}, {0xffff1000, 0xdddd0000, 0xa, 0x21, 0xc, 0x9, 0x9, 0x47, 0x7, 0x8, 0x43, 0x9}, {0x1000, 0x5}, {0xffff1000, 0x6}, 0x60000000, 0x0, 0x3000, 0x200, 0x0, 0x100, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x5]})
ioctl$KVM_GET_LAPIC(r3, 0x8400ae8e, &(0x7f0000000b40))

2.284477547s ago: executing program 5 (id=680):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x1, 0xe, 0x1, 0x8, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0x3000, 0x80a0000, 0xa, 0xe, 0x5, 0x5, 0x4, 0x14, 0x4, 0x5, 0x0, 0x3}, {0x6000, 0x102f8000, 0xb, 0x8, 0x6, 0x7, 0x81, 0x3, 0x80, 0x1, 0xe, 0x70}, {0xeeef0000, 0x6000, 0x0, 0xfe, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0xe}, {0x2, 0xeeee0000, 0xe, 0xff, 0x8, 0x9, 0x6, 0x7, 0x6, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x9, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x7, 0x1, 0x0, 0x1d}, {0xdddd1000, 0x0, 0x4, 0x1, 0xb, 0x8, 0x4, 0x63, 0x2, 0x1, 0x1, 0xd}, {0xffff1000, 0xdddd0000, 0xa, 0x21, 0xc, 0x8, 0x9, 0x4a, 0x81, 0x8, 0x43, 0x3}, {0xeeee0000, 0x5}, {0x4000, 0x2}, 0x0, 0x0, 0xeeef0000, 0x150690, 0x0, 0x8000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x5]})
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000580)={"bd4fcb7b504efdce224ca83427bd141ffebe6055c4a1c9281c6afa1ad43da22b56ee7561e34c756d4f3fe50234d4023fba981963858fa9387dda08a8c5c22ab38bdaaf104efc88aa5fbe4be8962013142f370eb466ebcbbf235c0b3b2f9bd8eb310735184bff037851ce194f6346df35a0f8bd0b9cb75eaaa8afeaa6a0ecc0ca6baa84e818c7beb937490fe106d55a09ba861ddfc2fae241d985c110087dcaaa6369e13d468e927d6e63399fe8f06d799890c1ce6ecd37a160e38dc41844c385e158eeb6d5ed17f84cf06490b63dcf2449d90db4fca3952eec0c8aa2edc4d3f5f82e153cbd1467cdfe71bb27dbca7112d720478663c11e43b5223e3cba3eca055decd7243f463b68997b7589160f1f4aeae9f2d74630f8e7619fff7423d92b492b3daf3e39e83374bd165d79185eac3cf972a04ca875c723b9954e363acad4d10d56d68fa79f322b5e691e18f6c04e0a1a43506cb0cf73b54c10a08736d8d95ef89150701b8e9232bcbb5897ce97c5b1f344ebb91cf0b8a523edfe49723ce37bd9ebad90695e728f25b2d808c90e46d73605420f1a85b6293f4cf35a2c87a9e70231c53e4b7b088207604c49bb1f6d75dd7110ed426321b7cf7ada271c93f2fff6921b1edf082c081660795ab50adbc0b49c9eb8867dd0a24584e12ef43be9c6f14651ea5a7303c86a5074d9d0b251648cca3f155e2ebaf269c691e452e104656388b6e0c14966fc38411ce04bd53374ee31027ab036268cc2c10d3d01c315669b077025e7c20bdf2b3421d1e7f203cfb94b1465ba5b23301b95b545fe79255ae6b6b3f69e94f3614a292426f7d3b25f95b2eb329d1b0695ffe86ded8b90c80b5ae5bfa1baae9e9602f544c8444bf8d81d58e71411e5b7ae9db7d62cd571c21c9f69a6cf06915d08e509f0321d757c9e13f34e331f1397f06a2e5b9ecaf4c1d1b2e515910ba33015e88a34897a3f9bd91e10e62b2a173b2bde139c7be5940b9f7c138a5ced45db7385e9ca3d6dfcc992f7b39db8d53eb3d5b70106194775d5476a3884b67f443608ec5566e8044e44a44c0e2614e53cb4dc4d2b617d579b5cb5cd6d0786a3f1ab2955a36579d5bf5b9cf6255625aef9ebc6e0c50635240e5a14ccdce8d868c72e727c2652c37bd0e75e40a9bc6cc97df1f7ecb6d70f96bae7fcfdcf87d179222821a1d7bd9110708cfc7b2e3c16b7bcd7a9848866df64c1d8104c6cd72b78d9839f11757184fcabdbb3f54dbd05d1b3960035016968a16f942315cd9720fd455a75c5fb30ee8a81adbc8e40b64e44cdb5169d333f2afdf2478af4ea83f5d3523ef5598846515f19ffdc150251c6607f587c2588126a62549e946a6e8102babc49f8e736ab6a12ab46fee468cda64ca5eaff6083323d7a5178a37da544071648cdd9878f09cf288d4d0b4cad479f3c366e7654dfaf9270ad3646"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x83e, 0x0, 0x3}]})

2.083942639s ago: executing program 4 (id=683):
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000380)={{0xd000, 0xeeeeb000, 0xc, 0x42, 0x24, 0x5, 0xff, 0xe, 0x0, 0x4, 0x5, 0x5}, {0x4, 0xe000, 0xe, 0xb1, 0x1, 0x7f, 0x42, 0x5, 0x40, 0xcd, 0x41, 0x9}, {0x200000, 0xddfd1004, 0xb, 0x2, 0x7, 0x82, 0x4, 0x40, 0x85, 0x8, 0x4, 0xf3}, {0xdddd1000, 0xdddd0000, 0x10, 0x6, 0xdc, 0x2, 0x10, 0xfd, 0x24, 0x6, 0x1, 0x6}, {0x0, 0xd000, 0x4, 0xff, 0x2, 0x3e, 0xff, 0x80, 0x3, 0x6, 0xca}, {0x6aa93fc5595d6dd7, 0x0, 0xc, 0x3, 0xff, 0x9, 0x0, 0x3, 0x69, 0x4, 0x60, 0xaf}, {0x2000, 0xfec00000, 0x10, 0x0, 0x35, 0x7, 0x2, 0x0, 0x9, 0x0, 0x1b, 0x6}, {0x1000, 0x1, 0x8, 0x8, 0x6e, 0x5, 0x6, 0x10, 0xc7, 0x5, 0x5, 0x40}, {0x4000, 0x2}, {0xfeef6800, 0x8000}, 0xc0040013, 0x0, 0x8080000, 0x10024, 0x1, 0x5800, 0xeeee1800, [0x6, 0x5, 0x2, 0x380]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000040)=0x4)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000080)={0x4, 0xbde, 0x0, &(0x7f0000000180)="a1984ec3aec3fc2e025f90eda6dbc903939aac644fd36f1e65174cae030c42cbacc392851a695f247112e91f059460a2c031929dc0515ac7cd20775ff9da9c2b6cb48968dcd6d8d982c492932c572f084d3af58650d207eec0794b3e47c5678c36b99eed61e1dbac68ce8a79aa21a51202018bdc4a51489844f785887083841d65c129992bbe5a51c71b95a9847d2bdede66c6e3184c386faf938fd6db888e73a5c0dcc69c3de7458e68ed33226a8d1c8e17", 0x0, 0xb2})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x7, 0x8, 0xc5, 0x0, 0x6, 0x9, 0x4, 0x6, 0x1, 0xf8, 0x0, 0x1, 0x0, 0x3, 0x6, 0x6, 0x9, 0x4, 0xfe, '\x00', 0x4, 0x4})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.992569044s ago: executing program 3 (id=684):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x28b}]})

1.928043088s ago: executing program 5 (id=685):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x2000, 0x0, 0xf008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd000, 0x200000, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x4, 0x0, 0x74, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x1}, {0x8080000, 0xf000, 0x0, 0x0, 0x3, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xa6}, {0x11000, 0x0, 0xa, 0x0, 0x73, 0x40, 0x0, 0x0, 0x0, 0x20, 0x58}, {0xffff1000, 0xeeee0000, 0xb, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {0x70000, 0x41000, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb}, {0xf000, 0x2}, {0x1, 0xfffe}, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x8000, 0x6000, [0x5, 0x0, 0x0, 0x3]})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x10, 0x8001], 0x1, 0x3c4210})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000001c0)={"568139cb5050a7a31ebfc4330c2bf68f86101d9a301cbe14b15f4f23031ceb319db01a783479d6b9a1201fb1cc7235f57f425131b1d59b14c7588e103ad23d61fc6b05b60536a1611da4d3a6a06d308650343e59d307e34d8c2ec3ef05629a47f994dd2e9f8b9ce05b338ae7db5267bc4082bd43ca93b78947a7c79e82df466d4fee2b222f1ebde976d2272a4f52329796330ee917cc4f5b3ec45ac1ecdaaf3dffe03c40b7c209e44cfeb08aad00e1b48da4289228d7d82d4f6a661942ace64f115d3cc6ac80f74420c390d89e7ab2133567aa41047d775e333184cc0b468ec5eb9bc3cb0fa00516e5452bf32a9e760f07efd5a5e5eb37eaff28ef92bb59498369808bdd310a4a95a5414a8ff450411ff67d3167eec8372455a19c0c5a608adfebded6974660fd85308a07860e16f62963da37448d6e1218f2092fb3d1662804623b63a07f3e5e881df9a5ac27ce3f1519003118aa6170ff423eb292dc70147bde37963f72d0642660e7107753167886fc10e108631a9ea4d6752145b8646187ba7e152b6bcbcedd6b83fb9435d5c8e8d5d25a3f173745eab94a4a296572d459a50d622c8769dc57a7cdf7efe9f259dc36f538d1836362f1bcb2c4ebceae7e3655d5e98ba481906f284bd03716c15894eca8cbf8302dc8e2c21736b697b5f868e8af96fa8bbb1ae56571616a70ce05970d1e4142f303f7586fd2fc6f0ee3dce1db6524dd6aa28faab046e074df38430a49e8a6dde71028f16539744b7867e19c856e670e8b799d52da435bb07beea6274bf512e7d6ebb8ff8f83a52e4d13602e7d4675a798a12c898ad5b00caa34313ff8fb6c3407cf815eca9795cffd9a24959653cc816851048ebf0772bebdd3ff9b8cfbd2c65c30e41586b00a14943e4815361789158139d440c4f627edb8ed59e1ca0bb0c60106e09635fa9335677337c554db885f75b899638e8df1ea9796f8258de36636346ab768856bbdfc51843a53701423d75c1f43be24469aa03d366bbfb81218b31e5c0ad716efea52175c2fa78317cafb16ee173eb5e9428509ca4c8f9bf798adc7da1758a9c0334e44200c0578495ff805fce84456205caa70f0976a8603f84cb542d0df1416602321c587556785af525ddf5548b4f51113c52a7a17042faf6c8c02d8d1835e0f67f60ab392c20fc12188db029e45bb77cfccc423671d52ec5a92d08c2bb27a676b66f3b89ac084d99e3f516426a015268a1f3fb91b13c8baba49a0765a305c13cd1f47b3ea7a6393182759b614a08d36192a8b68abef6e5c16849452c74af3a9f854e1f2bc1c2eac2f055f8ffd8fdaa6bb04a68850c585f433c0e6b8dba1401fce5aab11d75d2323d8079891175096e31013ca0a3763511c86f2fbc31a33458c52059ebe253dcd3e837fed39765a11842028df450479dd56e1325cd8d088ff12a8f7dd23f2"})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

1.804551405s ago: executing program 1 (id=687):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x10000, 0x7000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x33, 0x6, 0x5, 0x3}, {0x2, 0x0, 0x1c, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x8092000, 0xf, 0xbe, 0x6, 0x7, 0x10, 0x1, 0xbf, 0x18, 0x0, 0x4}, {0x5000, 0xe000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0x2, 0xffff, 0x10, 0x4, 0x8, 0x8, 0x0, 0xf9, 0x3, 0x8, 0x0, 0xfe}, {0x1, 0xedd8}, {0x40000, 0x17}, 0xc0010019, 0x0, 0x0, 0x202, 0x100000002, 0x0, 0xdddd1000, [0x5, 0x4, 0x4000000000000009, 0x7]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000000)={0x1, 0x0, [{0xc001011f, 0x0, 0x100000000}]})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x4060000000003, 0x1000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cc, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x200, 0x0, 0xfffffffffffffffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.728065149s ago: executing program 4 (id=688):
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x1, 0x2000000000069, 0x4000008, 0x2, 0x3, 0x2e3, 0x16, 0x8, 0x8f, 0x3, 0x3, 0x80000002, 0x10001, 0x5, 0x40000000002, 0x1000], 0x8001000, 0x2880})
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000000)={0x0, &(0x7f0000000100)=[@code={0xa, 0x63, {"400f01784f440f20c03501000000440f22c0420f01c9f3470f01bbf9000000f00fbb7d88672b3666baf80cb85c5a6c8eef66bafc0cb8412ee608ef460f07b9800000c00f3235001000000f3064450f005006"}}], 0x63})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x5000, 0xc, 0x6, 0x4, 0xa, 0x6, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x4, 0xffffffff, 0x8, 0x13, 0x5, 0x8, 0x3, 0xa, 0x5, 0x46, 0xfe}, {0x5000, 0x5001, 0xd, 0xf, 0x5, 0x2, 0xc3, 0x6, 0x4, 0x6, 0x5, 0x3}, {0x2222cfff, 0x41001, 0xf, 0x4, 0x7e, 0x6, 0xc, 0x7f, 0x9, 0x2, 0x1, 0x6}, {0x1, 0x40000, 0x0, 0xa, 0x59, 0x2d, 0x5, 0xc, 0xfb, 0x0, 0xf8, 0xe5}, {0x3000, 0x8091ffe, 0xb, 0xbd, 0x6, 0x11, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x8000000, 0x8000000, 0xc, 0x1, 0x0, 0xf, 0x10, 0x3, 0x8, 0x0, 0x2, 0x8}, {0xdddd0000, 0x54000, 0x10, 0x1, 0x47, 0x3, 0x4, 0xf9, 0x1, 0x8, 0x0, 0xfa}, {0x1, 0xedd8}, {0xf000, 0x17}, 0x40010023, 0x0, 0x30000, 0x4, 0x6, 0x1000, 0xdddd1000, [0x5, 0x8000004, 0xacb, 0x7]})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x200, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0x8, 0x0, 0x2, 0x70e, 0x4002004c8, 0x1004, 0xffffffffffffffff, 0xc595, 0x1, 0x1, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0xe, 0x1000000000, 0x2, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffff7, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.727846509s ago: executing program 3 (id=689):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0xa, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x7fffffffffffe, 0x5, 0x0, 0x9, 0x0, 0x9, 0x0, 0xbdb], 0xffff1001, 0x120182})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x43, 0x2000001, 0x0, 0x2004cb, 0x7, 0x1000000, 0x68ff, 0x5, 0x9, 0x3, 0x5], 0xeeef0000, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.55177556s ago: executing program 0 (id=690):
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000240)={0xfe, 0x0, [{0x7, 0xfffffffe, 0x0, 0x9, 0x2, 0x6}, {0x40000000, 0x8001, 0x1, 0x3, 0x1000, 0x0, 0xd}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})

1.503847263s ago: executing program 1 (id=691):
r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bff000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x60400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r4 = syz_kvm_add_vcpu$x86(r3, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000200)={{0x4, 0x1, 0xe, 0x0, 0x8, 0x9, 0x6, 0x6, 0x0, 0x3, 0x9, 0xeb}, {0xffff1000, 0x80a0000, 0xa, 0xe, 0x5, 0x7, 0x4, 0x14, 0x24, 0x5, 0x8, 0x3}, {0xf000, 0xeeef0000, 0xd, 0x8, 0x6, 0x9, 0x81, 0x3, 0x80, 0x8, 0x1, 0x6e}, {0x5000, 0x6000, 0x0, 0xfe, 0x6, 0xaa, 0xc3, 0x0, 0x0, 0x4, 0x80, 0xe}, {0xdddd1000, 0x2000, 0xa, 0xff, 0x8, 0x9, 0x6, 0xa, 0x5, 0x6, 0x8, 0xfc}, {0x6000, 0x0, 0x9, 0xb9, 0x5, 0xfd, 0x42, 0x6, 0x90, 0x3, 0x0, 0xd}, {0xeeef0000, 0x4, 0x0, 0x9, 0xc, 0x8, 0x4, 0x63, 0x2, 0x1, 0x14, 0xd}, {0xffff1000, 0xeeef0000, 0xa, 0x21, 0xc, 0x8, 0x9, 0x47, 0x7, 0x8, 0x43, 0x3}, {0x1000, 0x5}, {0xffff1000, 0x9}, 0x60000000, 0x0, 0x0, 0x200, 0x5, 0x8000, 0xeeee0c00, [0x1, 0x1004, 0x6, 0x5]})
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000740)={"d28cbffc70113aa16b365924c3128c89fe8764c41caa3ec7a095ce3692ae1fe3160c3dd483cc71d285c48c8fa445272281beb44357aa96da39f0ef45a90bfac537ba4c98038e0b871c2ba811d3d568ccdddd1e0e7edef9061d12bdd0fc1c83093613293d1779955c62df6a03c3a539051393b577bb6645c4ed2ddfd06df82c7359de2082e16a4c302d18db9ce698f22b519d55adbbe4881dda46ddbbab0a1ca428e404f0640e62eb7d76c8ca94cff34f26de20c2f44c22228eee44edcbec829ed8b5f24a8259fcc97d67b96441486cf9832274eff5271d3843178cd90827052ef8e6dee13ef4f8e23b8396f5bc4b03b8ee875350ac778233a13551f55cac915ce11f145063ef5b5111272d0859d6cdb62ab72a92f24d83ef5ff87aa8f6eae3986c403add562c0a17839921dea6186d3b71b3d466070a005541677a477392f9a499322ed2f09c6e1b401ad81bb6673274e7c344152c2617edc2f667329b51bcc9d235de56d8642823643e0107339044417e2708d10e7dafefb5b2e72f696e1dc37c48f3c9266c9c8d2e771aabd4b7e4e7c2bccde0345d5d43ad7a4d98e9e1e3e152784ca29d286fe783f3579055a428ab231b9e81d77bd8ca4007607cd2ff60953a2d68353c4cc677124b7431edca5f604841f3baa90d46235ddaa03f158dd78c219be7f0c53dddd4cea58ecac6cef53e7a5b347b0842bb163bd35e19d2ed1b67e63a7e82ac470619ae164c3949884286c101417e6deeff735b8b3b9109e47725bbd5c400b24489fec1afe6771d5c8871f7cd31e7390cef6dce398b8a1dd7213229d282cb581a71c04ca04e9eb516a197583ba8470b0df0b2158a076bf257520500a7bfb42766c883231c1a2a4527dabb5037f9fa00172bc8b9327494b553735a4ebbfb8c9e7f5034b442418c7490919f81308b4a73bd46d57e1ebcc3b6cf7d1ba20e55d06e40e5796e568c206d51adc1be7186cb80962e8dfa41c354acd9ad5fbf4c59b6fa6dd83aa9aa0a23210b057328efa4239b8211b3a5f21ce22a193eb93f69c4d525f53e733b397786d808b928297748a3d54e5bb71bab6139d5e2721d237f4c99896a2e398d049df2e9c63c424606fc73cece699407f3041826cc271a3cb44cc4d76ab77ddb15ef7dda76ddfa4830c5ba28cf7dcc154e88ef9f228a8158d6ae6fdc32ef2af1642e48d5218f10ba7c222e43da4e13f59e96ab4b467283b76d8b0c36665f02d943936041c00d7dbd2a3ab101aa56277b9ec5111428c047fb8b144f260b2fae62db101aad238ee50d222202969ed5929c2f8ab41e6e342ad1b0037be7e2d887f0563a722be94364dfe62482f7862da76fd58827712a1a80f69cc85f2fa9ba92cbfc48f7e4f11b2b87c71e6733a95d8ded91da74913fcf81bb1bb9cb8f380f402abf9df0990e0100750c49f9328238eced88d16068bce90b"})
r5 = syz_kvm_add_vcpu$x86(r0, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x1, 0xb, 0x1, 0x8, 0x9, 0x5, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0xffffffff, 0xb000, 0xa, 0xe, 0x5, 0x7, 0x1, 0x14, 0x4, 0x5, 0xf, 0x3}, {0xb000, 0x102f8000, 0x4, 0x8, 0x6, 0x7, 0x81, 0xb, 0x80, 0x1, 0xe, 0x70}, {0xeeef0000, 0x6000, 0x0, 0xfe, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0xe}, {0x2, 0x2000, 0xf, 0xff, 0x8, 0x9, 0x6, 0x7, 0x6, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x0, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x7, 0x1, 0xf, 0xd}, {0xdddd1000, 0x0, 0x0, 0x1, 0xa, 0x8, 0x4, 0x63, 0x2, 0x5, 0x1, 0xd}, {0xdddd1000, 0xdddd0000, 0xa, 0x21, 0xc, 0x8, 0x9, 0x4a, 0x7, 0x8, 0x43, 0x3}, {0xeeee0000, 0x5}, {0x10000}, 0x0, 0x0, 0x80a0000, 0x150690, 0x0, 0x8000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x805]})
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000740)={"d28cbffc70113aa16b365924c3128c89fe8764c41caa3ec7a095ce3692ae1fe3160c3dd483cc71d285c48c8fa445272281beb44357aa96da39f0ef45a90bfac537ba4c98038e0b871c2ba811d3d568ccdddd1e0e7edef9061d12bdd0fc1c83093613293d1779955c62df6a03c3a539051393b577bb6645c4ed2ddfd06df82c7359de2082e16a4c302d18db9ce698f22b519d55adbbe4881dda46ddbbab0a1ca428e404f0640e62eb7d76c8ca94cff34f26de20c2f44c22228eee44edcbec829ed8b5f24a8259fcc97d67b96441486cf9832274eff5271d3843178cd90827052ef8e6dee13ef4f8e23b8396f5bc4b03b8ee875350ac778233a13551f55cac915ce11f145063ef5b5111272d0859d6cdb62ab72a92f24d83ef5ff87aa8f6eae3986c403add562c0a17839921dea6186d3b71b3d466070a005541677a477392f9a499322ed2f09c6e1b401ad81bb6673274e7c344152c2617edc2f667329b51bcc9d235de56d8642823643e0107339044417e2708d10e7dafefb5b2e72f696e1dc37c48f3c9266c9c8d2e771aabd4b7e4e7c2bccde0345d5d43ad7a4d98e9e1e3e152784ca29d286fe783f3579055a428ab231b9e81d77bd8ca4007607cd2ff60953a2d68353c4cc677124b7431edca5f604841f3baa90d46235ddaa03f158dd78c219be7f0c53dddd4cea58ecac6cef53e7a5b347b0842bb163bd35e19d2ed1b67e63a7e82ac470619ae164c3949884286c101417e6deeff735b8b3b9109e47725bbd5c400b24489fec1afe6771d5c8871f7cd31e7390cef6dce398b8a1dd7213229d282cb581a71c04ca04e9eb516a197583ba8470b0df0b2158a076bf257520500a7bfb42766c883231c1a2a4527dabb5037f9fa00172bc8b9327494b553735a4ebbfb8c9e7f5034b442418c7490919f81308b4a73bd46d57e1ebcc3b6cf7d1ba20e55d06e40e5796e568c206d51adc1be7186cb80962e8dfa41c354acd9ad5fbf4c59b6fa6dd83aa9aa0a23210b057328efa4239b8211b3a5f21ce22a193eb93f69c4d525f53e733b397786d808b928297748a3d54e5bb71bab6139d5e2721d237f4c99896a2e398d049df2e9c63c424606fc73cece699407f3041826cc271a3cb44cc4d76ab77ddb15ef7dda76ddfa4830c5ba28cf7dcc154e88ef9f228a8158d6ae6fdc32ef2af1642e48d5218f10ba7c222e43da4e13f59e96ab4b467283b76d8b0c36665f02d943936041c00d7dbd2a3ab101aa56277b9ec5111428c047fb8b144f260b2fae62db101aad238ee50d222202969ed5929c2f8ab41e6e342ad1b0037be7e2d887f0563a722be94364dfe62482f7862da76fd58827712a1a80f69cc85f2fa9ba92cbfc48f7e4f11b2b87c71e6733a95d8ded91da74913fcf81bb1bb9cb8f380f402abf9df0990e0100750c49f9328238eced88d16068bce90b"})

1.316054613s ago: executing program 3 (id=692):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae49, 0x2)

1.315618134s ago: executing program 4 (id=693):
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000100)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}], 0x30})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x470f}]})
r3 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)={0xff00})
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0xc008aeba, &(0x7f00000000c0)={0x6, 0x8, 0x7, 0x3, 0xffffffffffffffff})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xffffffffffffffed, 0x0, 0x1000000000001, 0x4000000000000, 0x4002004c8, 0x1007, 0x1, 0xc595, 0x5, 0x1, 0x3ff, 0x2000000000000000, 0x80000004000000, 0x8d], 0xeeee8000, 0x2010d3})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xc, 0x6, 0x4, 0xa, 0x1, 0xe, 0x0, 0x1, 0xc, 0x3}, {0x1000, 0x3000, 0xe, 0x13, 0x1, 0x8, 0x7, 0x8, 0x0, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0x6, 0x3, 0x6, 0x5, 0xb}, {0x2, 0x0, 0x1a, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x5, 0x2, 0x1, 0x6}, {0x1, 0x8000000, 0xe, 0xd, 0x59, 0x2d, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xe5}, {0x2, 0x373ae001, 0x10, 0xbe, 0x6, 0x9, 0x10, 0x1, 0xbf, 0x18, 0x2, 0x4}, {0x5000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x10, 0x3, 0x8, 0x4, 0x80, 0xc}, {0xdddd0000, 0xeeee0000, 0x10, 0x4, 0x64, 0x8, 0x0, 0xf9, 0x1, 0x8, 0x0, 0xfe}, {0x2, 0xedd8}, {0xffff1000, 0x17}, 0x40010, 0x0, 0x100000, 0x202, 0x100000002, 0x0, 0x2000, [0x5, 0x4, 0x4000000000000009, 0x3]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000010c0)={[0x60000000003, 0x2001000000000, 0x0, 0x10, 0x2000001, 0x0, 0x2004cb, 0xa000000000000000, 0xffff, 0xfffffffffffffffb, 0x5, 0xffffffffffffffff, 0x7fffffffffffffff, 0x0, 0x0, 0xffffffffffff7ffc], 0x1, 0x202})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.260416476s ago: executing program 0 (id=694):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000080)={0x81, 0x0, 0x1})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x4, 0xb, 0xd, 0x8, 0x9, 0x6, 0x1, 0x0, 0x7, 0x5, 0xeb}, {0xdddd0000, 0x8000000, 0xa, 0xe, 0x5, 0x7, 0x4, 0x14, 0x3, 0x5, 0x0, 0x2}, {0xf000, 0x8000000, 0xb, 0x8, 0x4, 0x9, 0x81, 0x3, 0x10, 0xfe, 0x1, 0x70}, {0x5000, 0x10000, 0x0, 0xfe, 0x6, 0xaa, 0x1, 0x0, 0x0, 0x4, 0x84, 0xe}, {0xf000, 0x3000, 0xc, 0xff, 0x1, 0xb, 0x6, 0x7, 0x4, 0x6, 0x8, 0x7}, {0xd000, 0x3000, 0x9, 0xb9, 0x9, 0x5, 0x4, 0x4, 0x64, 0x1, 0x27, 0x1}, {0x8000000, 0x0, 0x0, 0x1, 0xc, 0x40, 0x4, 0x64, 0xe4, 0x1, 0x14, 0xe}, {0xffff1000, 0xdddcc004, 0xa, 0x21, 0x5, 0x8, 0x8, 0xc7, 0x7, 0x8, 0x43, 0x3}, {0xd000, 0x5}, {0x1, 0x7}, 0x40000000, 0x0, 0x6000, 0x40738, 0x8, 0xa801, 0xeeee0c00, [0x3, 0x5, 0x4, 0xc]})
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000740)={"d28cbffc70113aa16b365924c3128c89fe8764c41caa3ec7a095ce3692ae1fe3160c3dd483cc71d285c48c8fa445272281beb44357aa96da39f0ef45a90bfac537ba4c98038e0b871c2ba811d3d568ccdddd1e0e7edef9061d12bdd0fc1c83093613293d1779955c62df6a03c3a539051393b577bb6645c4ed2ddfd06df82c7359de2082e16a4c302d18db9ce698f22b519d55adbbe4881dda46ddbbab0a1ca428e404f0640e62eb7d76c8ca94cff34f26de20c2f44c22228eee44edcbec829ed8b5f24a8259fcc97d67b96441486cf9832274eff5271d383c178cd90827052ef8e6dee13ef4f8e23b8396f5bc4b03b8ee875350ac778233a13551f55cac915ce11f145063ef5b5111272d0859d6cdb62ab72a92f24d83ef5ff87aa8f6eae3986c403add562c0a17839921dea6186d3b71b3d466070a005541677a477392f9a499322ed2f09c6e1b401ad81bb6673274e7c344152c2617edc2f667329b51bcc9d235de56d8642823643e0107339044417e2708d10e7dafefb5b2e72f696e1dc37c48f3c9266c9c8d2e771aabd4b7e4e7c2bccde0345d5d43ad7a4d98e9e1e3e152784ca29d286fe783f3579055a428ab231b9e81d77bd8ca4007607cd2ff60953a2d68353c4cc677124b7431edca5f604841f3baa90d46235ddaa03f158dd78c219be7f0c53dddd4cea58ecac6cef53e7a5b347b0842bb163bd35e19d2ed1b67e63a7e04000000000000003949884286c101417e6deeff735b8b3b9109e47725bbd5c400b24489fec1afe6771d5c8871f7cd31e7390cef6dce398b8a1dd7213229d282cb581a71c04ca04e9eb516a197583ba8470b0df0b2158a076bf257520500a7bfb42766c883231c1a2a4527dabb5037f9fa00172bc8b9327494b553735a4ebbfb8c9e7f5034b442418c7490919f81308b4a73bd46d57e1ebcc3b6cf7d1ba20e55d06e40e5796e568c206d51adc1be7186cb80962e8dfa41c354acd9ad5fbf4c59b6fa6dd83aa9aa0a23210b057328efa4239b8211b3a5f21ce22a193eb93f69c4d525f53e733b397786d808b928297748a3d54e5bb71bab6139d5e2721d237f4c99896a2e398d049df2e9c63c424606fc73cece699407f3041826cc271a3cb44cc4d76ab77ddb15ef7dda76ddfa4830c5ba28cf7dcc154e88ef9f228a8158d6ae6fdc32ef2af1642e48d5218f10ba7c222e43da4e13f59e96ab4b467283b76d8b0c36665f02d943936041c00d7dbd2a3ab101aa56277b9ec5111428c047fb8b144f260b2fae62db101aad238ee50d222202969ed5929c2f8ab41e6e342ad1b0037be7e2d887f0563a722be94364dfe62482f7862da76fd58827712a1a80f69cc85f1fa9ba92cbfc48f7e4f11b2b87c71e6733a95d8ded91da74913fcf81bb1bb9cb8f380f402abf9df0990e0100750c49f9328238eced88d16068bce90b"})

1.186252221s ago: executing program 1 (id=695):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x33, 0x7, 0x4, 0x8, 0x800, 0x10, 0xf1, 0xfffffffffffffffe, 0x7fffffffffffe, 0x1, 0x3, 0x87, 0x4, 0x7fbe, 0xffff, 0xbdb], 0x8000000, 0x366291})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000280)={{0x1, 0x8080000, 0xa, 0x6, 0x4, 0x7, 0x3, 0xe, 0x0, 0x1, 0xc, 0x3}, {0xfec00000, 0x3000, 0x10, 0x13, 0x1, 0x8, 0x7, 0x8, 0x3, 0x42, 0x2}, {0x2, 0x5001, 0x4, 0xf, 0x5, 0x6, 0xc3, 0xe7, 0x3, 0x6, 0x7, 0x3}, {0x2, 0x0, 0xe, 0xc, 0x7f, 0x6, 0x8, 0x7f, 0x9, 0x2, 0x81, 0x6}, {0x40000, 0x8000000, 0xe, 0xd, 0x59, 0x5, 0x5, 0xc, 0xfc, 0x0, 0xf8, 0xfc}, {0x2, 0x8092000, 0x10, 0xbe, 0x6, 0x7, 0x10, 0x1, 0x0, 0x18, 0x2, 0x4}, {0x100000, 0x8000000, 0x4, 0x9, 0x0, 0xf, 0x0, 0x3, 0x8, 0x4, 0x80, 0xc}, {0x2, 0x4, 0x10, 0x4, 0x8, 0x1, 0x0, 0xf9, 0x3, 0x7, 0x0, 0xfe}, {0x1, 0xedd4}, {0xffff1000, 0x17}, 0x60050018, 0x0, 0x0, 0x222, 0x100000002, 0x0, 0x0, [0x6, 0x4, 0x4000000000000009, 0x5]})
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x4060000000002, 0xf6, 0x0, 0x3, 0x2000000, 0xfffffffffffffffd, 0x2004cc, 0xa000000000000002, 0xffff, 0x6, 0x1, 0xfffffffffffffffd, 0x7fffffffffffffff, 0x1, 0x3, 0xfffffffffffffffc], 0x1, 0x4202})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

976.135313ms ago: executing program 3 (id=696):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r1, 0xc008aeba, &(0x7f0000000180)={0x12, 0x8, 0x7, 0x20000000000000, 0xffffffffffffffff})

915.283787ms ago: executing program 0 (id=697):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r3 = eventfd2(0x0, 0x0)
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={0xffffffffffffffff, 0x0, 0x0, r3})
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000140)={0x4, <r6=>0xffffffffffffffff, 0x1})
write$eventfd(r6, &(0x7f00000001c0)=0x1f0ffffffffffff, 0xff3c)

877.850829ms ago: executing program 5 (id=698):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x1, 0xe, 0x0, 0x8, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0x3000, 0x80a0000, 0xa, 0xe, 0x5, 0x7, 0x4, 0x14, 0x4, 0x5}, {0x2000, 0xeeef0000, 0xb, 0x8, 0x6, 0x7, 0x81, 0x3, 0x80, 0x1, 0x1, 0x70}, {0xeeef0000, 0x6000, 0x0, 0xfe, 0x6, 0x9, 0xc3, 0x0, 0x0, 0x0, 0x80, 0xe}, {0x2, 0x2000, 0xa, 0xff, 0x8, 0x9, 0x6, 0x7, 0x6, 0x6, 0x4, 0xfc}, {0x10d000, 0x0, 0x9, 0xb9, 0x6, 0x5, 0x42, 0x6, 0x7, 0x1, 0x0, 0xd}, {0xdddd1000, 0x0, 0x0, 0x1, 0xa, 0x8, 0x4, 0x63, 0x2, 0x1, 0x1, 0xd}, {0xffff1000, 0xdddd0000, 0xa, 0x21, 0xc, 0x8, 0xc, 0x4a, 0x7, 0x8, 0x43, 0x3}, {0x1000, 0x5}, {0xffff1000}, 0x20008, 0x0, 0xeeef0000, 0x150690, 0x0, 0x8000, 0xeeee0c00, [0x1, 0x1004, 0x4, 0x5]})
ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000b40)={"47adf965bbdf3a5d02be72ede83cfb78bb45f232456ffa23ac73b3d8f0b20511f761fef805368a05a530310f7b770c8fe5a19c63385793c3889cca3953cbe13a365db23518cc5c0af433b993db1373510f683e2efa444cc014dd8777b29854f355b7d1964aecdf525af222276d589d229d13d5a86130e88117c0681d8c70e031c427a1fa06b9567a17b75fdd979fd55eb11d80345d8bdc442c463c94fbdeef517f85d590a6dc1694fafba57bddbdd76093133cb51e1a21e6fa8ac1891a203cb6402e3fc65411cc2d56573aa481d9a7af796c409a6db617718a4ddc566f3f9cd9f1300af05c8c3a1e3640ce8aaf46761930b8f4b807b7154ff5a978c7ec5a71d4c4ee9d4156961dc7b39255b82ccd9c88c846f715242b25f17a621e47a6cae0068222f55a814b4e3d9089190263800f770495ecc612839e60d7182b7f558c86c1d5d33450ec6236e2fcdec554958d6a4bd3d533c7554ecab5d187cbada2e3c24a9c9c6c01acf133decc97721dd9c5789d5d101557706dec95bf95dfa35dffcadeaad10626735675f71cbaf725e304bae1ccb02b373d6b8a5881ec7e42e9220d4988b2e42b702ecf1f356f61e93044e63db2684d3a9ad39aaa9d90fa9cf52b8cb13350a58b5967d456b4566ffe7dec1d3faec4089550d1d50749ea6f71c3d77194933276216e748132f1710b2211c77a304ea18fcb25cec57526c804bb29787e684003bd5ac565687007760e21e769170118794f3516f132f61a63a69160066abb70ffcbb88d912d479a8922edc247e87a490a8ba8b4d5d1c40bf97ce7b736a79943597de84086a30af822534e0d26faa3e8d6d969ec5a2091377b23633df644b2f8cd3aefa78faccd734475b3e99e5b7e8f8eceb271a715e051807062cfdfd770ff5c081b8efb7292c6f0a55a1b698fb07f46353f7d0719fe93e6f44af0c53ff13e7fe643049a767e8c3a8059555d731cb2c7e0df6fbdeee3fcbce7148284383cf483ff97277a26f59dbfb768f5934e2ac408f806bc41e8eb171d73fb6f5d1ee2674fbe0e4ea64bedbea8c70710993523b11466d4ac4bb9ad782e0506000019f9b5233236a83b63bf71cc43e27900d8117b7cb8dc74e64c63fbc9ff2842242057305740a447e31f894d5408286b08b5e327b099396ea403b79576df912c5e21d9ab54fae735eef40805d9842b2d2d50d852381184a055d598b471ea40a97ffabf9186172fff0a21d3248d335031d97e0df8f0e25f1acc812630918b1b7ecaa5dda185e94ffdc0e5a5696b82d3e3de56db05eb221b9e2c5b4aaaf270fae7a22a6484b49721a2b4e916dc593b8ad85b1012c671463b92cf4f480557e8223c17a710b91ec88dd1a39bbb7b6edac0d9fa22954c0adb6f041310e68b7c631568c071f8fbcb2e6b5d323905a60e425600293eea939287fc7ad9ffccd93ceab1291ee2be"})

760.005646ms ago: executing program 3 (id=699):
r0 = syz_kvm_setup_syzos_vm$x86(0xffffffffffffffff, &(0x7f0000bfe000/0x400000)=nil)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x40440, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[0xa, 0x2000000000069, 0xa, 0x2, 0x3, 0xa, 0x401, 0x6, 0x8f, 0x3, 0x3, 0x7fffffff, 0x10001, 0x5, 0x40000000002, 0x1000], 0x8000000, 0x2880})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfe000/0x400000)=nil)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
syz_kvm_setup_syzos_vm$x86(r5, &(0x7f0000bfe000/0x400000)=nil)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f0000000500)=0x3)
ioctl$KVM_NMI(r6, 0xae9a)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_kvm_add_vcpu$x86(r0, &(0x7f0000000280)={0x0, 0x0})
ioctl$KVM_SET_LAPIC(r7, 0x4400ae8f, &(0x7f0000000340)={"49e73628a34fe6148cd4ecf9f3ba656a9bc7dec1c0d58eac0fe466faf7f89a11dd83a10ca93272a367625c167aec42a7f687cfdf3f68056b6a5068de21cf414ea3938550c5ad798c4ba71797f53164f8b65d0754a4b10c2b06397a289066cd737d173788358587d223b82371a084f526d50c226bc4dde84b2dca956a64fb860e4815f97a344fbe518fdb88c5d76b8c7c255223e696800dd6337e9d0e0eb3bc7e64d6952cef24efd7266fe99562d510f6ae476c39f1ac3694ff65ec8eb7eac8ebbd70b4786704f99659d15146dc58a9c251adc15aba04396852aeff6776026a9717e94b653dbcf1401a52461fa7e345e79c406a8ef0e7940206b4194dd6ca3a7b8e320e04775dcfa2ce8b969c7e6f6e07fd138f0e7de54a3b9c3c1d933c77a46869ed10f8e8912fbf8139de74e74ecbe408c23626c330f559f11da81747e38c02e1407144b53a00ad90550e3dac61c25776d4a4dea5b7e66faaea38a359a429bb50700acfce0ba350a5a462f3e9c0b4bc1bbc46048f863bee8ebf07d469e452d84d5050612a142a96b695c4a9fd7f96b8b7b342fceb496b2de4892c35ef7098ee9740fce43f851fcf16aacad577de99eb7c60da5e0c4fc0cf42e3c46edae99e745a72488e2072a9625119a8b87bb975c87a8f9295975d54fa7e43dfa397d24c1d65e2d79c25e963d728b74d223a9d7daa9f10a6bd87352e87b931a12839d5a974d31b32d517e8dcabbbc268e0eb40e500ef7741d21ccdaebe0509f1986e2fb4c499e29b465760c6f22f49ded141f5cfd8868074422973969f25a33487b390d030a3c749b8610e0f57df28a56ad52369852e865a28208116b51506b2fb4c34960c3fadfd472e8ccb734496e32c5ebe0ec5832f32caa45cb8b2350b9f59ec84d29240bcc9ef37012aa350ebd581c1ac8c495f1d308fca2f8095e71f74e6783fcd3a4c3d0408a965d6b6d5fc20226654694e4b9e95a1954cb1260991d25a3c44521702b4e90fe39422e488655564f2cf1073817dde0c6c09bdd62de6840cb402c8bdde730ac6e456afe3d60709b60f244e717089c96d1c33c09755c6c55cd5f71ce181343c96e1770d55f7a2c603fd4acc57bb3f5524824e7ddb10a8511fcab32ca371a4efa9d6156308905650cdf017f206725a3c564a91c818a12eb054d4ac8de6c2d2e5b2fe1bb4b1f16cc2dc6bf8786c700d5639a0f610150cf8757c34109ef7b73c8ad286ef23e540aca3306bba3c941fcebc7b2d78c768b0622a1fa4032778b294271a5bd41b39ec148086a8b769da5477e28d202d5b1bc0f9031d654eae6e8ad161e5c9cbdc10eaf55c20483b97440ff01baac090d580a10e9f7ac69010b9bf556e63ad389d56cb6b84bb1bf1006dd449b879961f82b0a38f3abf4945a75ec4d1de082197a0746cf28f818b4bba7f71216ff5105084946d023cf927a712e6"})

759.780166ms ago: executing program 4 (id=700):
openat$kvm(0xffffffffffffff9c, 0x0, 0x40080, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(0xffffffffffffffff, 0x4068aea3, &(0x7f00000000c0))
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0x2000, 0x0, 0xf008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0xd000, 0x200000, 0x0, 0x0, 0x0, 0x6}, {0xffffffff, 0x4, 0x0, 0x74, 0x0, 0x0, 0x81, 0x0, 0x44, 0xe, 0x0, 0x1}, {0x8080000, 0xf000, 0x0, 0x0, 0x3, 0x4, 0x8, 0x0, 0x0, 0x0, 0x0, 0xa6}, {0x11000, 0x0, 0xa, 0x0, 0x73, 0x40, 0x0, 0x0, 0x0, 0x20, 0x58}, {0xffff1000, 0xeeee0000, 0xb, 0x0, 0x0, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x84}, {0xeeee8000, 0x80a0000, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, {0x70000, 0x41000, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb}, {0xf000, 0x2}, {0x1, 0xfffe}, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x8000, 0x6000, [0x5, 0x0, 0x0, 0x3]})
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x6, 0x0, 0x0, 0x0, 0x0, 0x6c, 0x3, 0x8000000000000, 0x80000000000000, 0x0, 0x9, 0x0, 0x0, 0x10, 0x8001], 0x1, 0x3c4210})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000100)={0x0, 0x0})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)

697.499389ms ago: executing program 1 (id=701):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04)
r4 = mmap$KVM_VCPU(&(0x7f0000004000/0x2000)=nil, r3, 0x1000002, 0x13, r2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r6, 0xc00caee0, &(0x7f0000000140)={0x4, <r7=>0xffffffffffffffff, 0x1})
close(r7)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r4, 0x20, &(0x7f00000001c0)="fb4149dd0386814d7bb14c94a6ab8031d1dfd92f00000000010000005a9610fbff67521ce16fb11f449a7a835673312b54ebb2aa7fc869d22627e700000000000000000000002000", 0x0, 0x48)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r2, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x430c81, 0x0)

527.603309ms ago: executing program 5 (id=702):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0xeeef0000, 0x1, 0xb, 0xd, 0x8, 0x9, 0x6, 0x1, 0x0, 0x3, 0x5, 0xeb}, {0xdddd0000, 0x8000000, 0xa, 0xe, 0x5, 0x7, 0x4, 0x14, 0xff, 0x5, 0x0, 0x43}, {0xf000, 0xeeef0000, 0xb, 0x8, 0x4, 0x9, 0x81, 0x3, 0x7c, 0xff, 0x1, 0x70}, {0x5000, 0x10000, 0x0, 0xfe, 0x6, 0xaa, 0x1, 0x0, 0xa, 0x4, 0x80, 0xe}, {0x0, 0x2000, 0xc, 0xff, 0x3, 0x9, 0x6, 0x7, 0x4, 0x6, 0x8, 0xfc}, {0x1000, 0x0, 0x9, 0xb9, 0x9, 0x5, 0x4, 0x3, 0x7, 0x1, 0xfd, 0x1}, {0x8000000, 0x0, 0xa, 0x1, 0xc, 0x8, 0x4, 0x1f, 0xa, 0x1, 0x14, 0xe}, {0xffff1000, 0xdddcc004, 0xb, 0x21, 0x5, 0x8, 0x8, 0xc7, 0x7, 0x8, 0x43, 0x3}, {0xd000, 0x5}, {0xffff1000, 0x7}, 0x40010020, 0x0, 0xeeeef000, 0x40738, 0x8, 0x8000, 0xeeee0c00, [0xfffffffffffffffe, 0x5, 0x4, 0x5]})
r4 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000180)={0x0, 0x0})
ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000a40)={"1b877db9549228ddcd399c221afff9c4f1b36c19c76e0880897fb197ff58d1f9c9eb9ccf3e933660d1e67757b3151fb5dd82ba0f02559eaba4592b61986a47708030078ec03cc2f5e697647ea5c8720a6bcb12441bd5ca7876e6a3f2003164f9711d15ed913071c36af0c6f05ddb76828d02c8c9ba2e67d8563d49e188b613677e7044fbcd202aec4b12dd245549dd975bd709d976cc87cc40beb888e5b75f56e56a41dae4aa4c3d8f6e4487c7a2883cb730e1cb462d0c90e46190f4e8ebb86eaad3eb3ff35cd041142f1b56eaeebf608914e37d79e657bbc46c9315aa69cbf839943e2661d6f6f5ea3a318362f560da9e6b869c55d5b34b694ec555bdaa2e80b0f1034b1b3a02bd6cab21025f10e5e6a31017343d9d76759aa38578a36915c892be1d67957a9adde9132990d8141449734bc4dca23516c75252c04491e8ed1e770d10d65d1d5291831c927661ac53756e6bc341fb624ea2c343bf2705719b8658661dbe82a89674deffe6631131ffd35f3f9ebab2e02fca7156062910f9c900f07b2f6c91968b0b1c10762db5ef282201091795078e3bbaac0a84c7e08aff393f89f579550a50328a658393245a51f5005f2c1197675343564764bb6de472192b19ffadffe41c2065da685089168008674010ce47396f0bf67af091c81dbbb036d5dd9d126d4751621123dcc45923a6a5eac51436cf6b31b42961ea61c950db19261deef42bb7cf81d30c4cae7c644ae06af067d3a8babda727629b39af22e40ce5000dad33b4e334434f9ed37481bc7eb7e4e8194dbe818fbec4dc1d5f9505579e8b4a7baedd6e48448f2d7613562651459873f90226108bcb1ca5a71bf96ffdec2517d4243f1cdc5f66d927ff358d39c57fe42c8a2920f49097e5bce22ac8befc0edc4ee94101b1e9aeba3f30aea683ab8b31c130412f6447710e97fd5fa9530997d7d2ca8321511089298f53946b0551cd114e2082c7192e5783c58953c213154cbe41082abd331d37c197e466ff1cf4e3b9dc67bc725dafbbf0069c7dfe79ac3bddee7125ba1ed39e45dba6b517873faf536a993a87101a9a089424af0811e7c5a9bf830dfb9ff8b0298de905080cfbf1641c00bb9c3112c7f53767eb0f1dcba9e3c4a3e9cfecc27d4c89f90fabf8ef637af304ef784fc759fa089e6dbb50bcde46be0f42a9bcc04227d17e393371dd3ae0202ef946bc0d9a4dd7a49307175490b4aefcc093bcadcd7bb68d029c80152162b54a99dabf61d709433cc7c74b572c145fc76812331e2070f9d12b9e1482d8b11164b09354722d3fa22c4e25b49382e84f14c1c54cf6bed3bbeb73cd15174b9339206c476410388e9b2bd9edd1230f4fb9e59560c7ff9268b5c45cb302b1d0fe9f71d39b143a4748ba60e4577b4b60754f6772d983d4dd71df2fbf7f079041436c292cd1c5a39a7fd0dbe0f4"})
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000500)={0x2, 0x0, @ioapic={0x100000, 0xfffffffe, 0xac, 0xfffefef8, 0x0, [{0x6, 0xa8, 0x1, '\x00', 0x9}, {0x8, 0xff, 0xad, '\x00', 0x8}, {0x3e, 0x3, 0xb, '\x00', 0xfe}, {0x3, 0x64, 0xff, '\x00', 0xf0}, {0x6, 0xfd, 0x27, '\x00', 0x7}, {0xfb, 0x8, 0x0, '\x00', 0x7}, {0x9, 0x3, 0xc1, '\x00', 0xe6}, {0x0, 0xcf, 0x3d, '\x00', 0xb}, {0x9, 0xf, 0x0, '\x00', 0x4}, {0xd, 0xd, 0x5, '\x00', 0x39}, {0x3, 0x8, 0x20, '\x00', 0x5}, {0x7, 0xa, 0x0, '\x00', 0x4}, {0x2, 0xc0, 0x5, '\x00', 0x4}, {0x6, 0x2, 0x8, '\x00', 0xb}, {0xc, 0x9, 0x40, '\x00', 0xa9}, {0x0, 0x12, 0x8, '\x00', 0x9}, {0x2, 0x5, 0x81, '\x00', 0xde}, {0xf9, 0x0, 0x1, '\x00', 0x8}, {0x1, 0x4, 0xff, '\x00', 0x6}, {0xd, 0x3a, 0x80, '\x00', 0x36}, {0xa, 0x40, 0x4, '\x00', 0x5}, {0x4, 0x8a, 0x8, '\x00', 0xff}, {0x1, 0x0, 0x6, '\x00', 0x26}, {0xf, 0x4, 0x9, '\x00', 0x2}]}})

456.160053ms ago: executing program 0 (id=703):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000000)={[{0x2000001, 0x4, 0xc2, 0x53, 0x3d, 0x2, 0x80, 0x41, 0x6b, 0x45, 0x8, 0x2, 0x1}, {0xb, 0xa7f3, 0x8, 0x8, 0x33, 0xff, 0x6, 0x3, 0xe, 0x7, 0x7, 0x6, 0x1}, {0x0, 0x7, 0xd, 0x10, 0x21, 0x9, 0x0, 0xbb, 0x4, 0x1d, 0x0, 0x2, 0xfffffffffffffb97}], 0x9})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x8a, 0x7fffffffffffe, 0x81, 0x105, 0xfffffffffbfffffd, 0x4002004c4, 0x1003, 0x3, 0x8, 0x10, 0x2, 0x4, 0x0, 0x3], 0x10000, 0x2100})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2d2800, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

327.849671ms ago: executing program 1 (id=704):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0xd53})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000800)={"49841ada71cfe011e10532489ef0a3127f9f67568978975321ebdb7108d333a8df648f920da594ae3a327a3f1292465c016dbc5261414bd85acd87473d61390f4bbded57a902b5deb9c23c641914f6b147db6146e946ce31b52ff43219cbc1574ebc8f47d0d2a02b89dc02c49f25471af4f2435dd40d0481fe6f0124e4aa9849c9b8358074976ba0dd502c77e65623e41c8ce041fe7058274e54be3d84f5aa382e9032df7a279d491a51e7480061ebb983305b23e584f6b47af6d615b2f0a1dc1f000000000000176472ebbd1021d2eb285ff99ea7601c4e25ecd4c055c59c3964e30b2f8567d69324b6828cc0e9c3528f1f4e27527d98bca370c165bfd88348ca0eb405029367247b738c6cce89e3efd4479d8f2fc7dbd015046860acb8a71106b920b09e661065bf765a03317feb4f54d4382ac41850982313319363b14557a5b8a18d60e425b3db6bcd35b03c810c9d398c9d91902878258419a4b02fc4bdc3b69da6c5c27f5a507005a24a3fef74f0b287c3a4cd1517537dc8cf5cf0efd75c11e803e972ecc24c500cc49001f231f74f7120f55004d5621655ba535c8c8a91d2fec5656526974aef9f08d835f6c3c7c570d047312da759708349121ee9f7078926baa412b4ae8076f6b7f2bf46ffe08878e0281bb42ace8eca796933daf7f65530e30eb6b0695a450e50aea20fcabb5fca187f8ee62b93dee581774cefb953b396e5b8a1e3cc1062b001082aa5a434d9f03407c4239d0fcb779eba5a32f473d142ac92042c12140f12a0181a4d98a0a5a1c80de2363a80dfc365d26e0332ee63e84500f086fffded2d72500cfb5b3b16aefef5d5808f29e1c572df8af9ca90b714fe6c71a1097e58ccb7945341445d2a0c271f5d15a1462be10d757de7cfd980459469387c5049cebcdb62a24cf04418634944354b4690d4974a26ca113eefe5a71b23aa2fbd989f7b6fcf490ed465f219e70b3397dbc63e21b9d3998c4580570c40a2e75cb6845b34236f5a38dde94ae6fac7a994b21e829bdb618b0910b71608ed7893bc927afa06b1d08d18f684d7972e5467ddfebe1982924658db3e5aee3e443f1cd7017d7a27e6e2620673e9afd67c69ae555ec3e67863f1a9ac7d653d38125f51db870ffa8887c08c455a536d70ea0cae525218e8d06865b553b17bacd52630e4765af1036c834e96c193523d8b3bc399ac296fbe53ed4bd454c669f01cb0915cf9fc03b54d93fbc37ace112d4643c64842b60ee6b979703b6448fe7ddaab8d2fc2d417a12f138d61cc3ca311aa09adbad1a0647a62208ca7f9f2a9e6a6c42e6ae926b15d094886a7d6ae787c8238ab4c235541b1432b9e9407d18a0399dfa98b8ee84ccbe16bf8c30e7cf7071ab10eb8ffb0334d2b91135e3294efd14dd06db46be1032a472cdd54bd015f2937fe3d7d691fa9d0b55a0d5d17a9"})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000300)={"25537ae1bc735ba5fc22a953f25ed9c7a8e034969f46ede37a8df037309fc1f901f0b656c10a7ae3c693f9013f70988dabe24b25951ec209a9663f3bfd140e1ca638b4cb6e1fa422031bfafb87a6cdb1df660b4072a7d7d07c779f418540254ed99098ca7a620ac9584e645b0b3125482490687ec35c2eb893fee98ed3ac74df3338bf23745a50688b35e4729802e5ee45ae609d90e28d5268d57d80b58bc30031aecaa6d49cc7f1a0cb954873c095b3564518fe75bcb413f0d29949ae5f5c10b2d94c77290d12c73d6d4b06606890c1c54ed4e7cc7d039dd5ba640fa34fffdefceae4e5d8f89bb8c383098e9049f92c7333f083b3cf595b7e5bac6ed572d1228774de5a2d61fb8e3e833ca025d230815e3b8d8bd7be924b838ced0fcb3565dfb3e2325db647b91dfb2dc830046df13e95f29b212b511a4b442bc41a3a74b2e4691baa83c264c6a416408ee26bdac7a4c05b8df1b5ee135a46355722651aeb7864f1d31f98e4cf56555d5da354bdeca22abaeb281d0738f0be581300f72e2e15894e516e9433cc27555d0e5bdb86c447ecea22b255cc9b42f19444946c3c1f7bccd7f4113c73339da67d16dced1285859e822edc6ba37a9d221f2bae043bfee2a45e1bfd32c200efcf7d4ee9664e2447c1c7ce4444a32f35f8122bf83fa0d791c512501cd4c9cad4f112eee599d1396a401eb510cb2c194c245410161ca2114acda547b379107e54386b6997defa138fd94a369e6d6019cfa82dd347494f8991e9a41e8308dc033382bfe386d3af717193e64a8e4e9e2731c3bb170a663075d2d5339e5ca6516d5521877509860e470032c52827a7f57c979aafd51fc0a267edf73a3c4a6411940f7df0894a813fe293589888736686c74ae445958d4315b6ee92e111ac3298ebfe83b85a527090bcdaf7d574e68c573d768d95990c70e9a36a7fa0b690d1faef9f5dec8fcb3b3aeefee1d81866b81444b01445be9c1d13605f15374da83e766cd3eb867b36df298422730ddcde5a617a94eeb80b2296db2d588080eb439f950bba6add84c4fb248e1d4026b0e0ff611b33a96f92a4715cd26b180ac58aac931db918ba9d83d6b255678fe6a4bc702e246f27d2b518f73b0bc56826c25fac7f28563df43333b0da114ee0be8cea010b79d9eee7cf86d6d38d6e5b77cb2287e957eab5cc4aa7545f5de906c6b7512bffacebb0cdf64b7b5730cf7410205588a283bb1ad74ffbf1f023c62885c61308f65d189c6aff547fe61e95758bf53fba1fa3c277ac7699fa34544ce12e023cfe4de32f2948d295c6237526f5a159364b52fb54b61c7805e6378e63c50d916c7fe45535d4b50ff5e626b352f0b5f7b14b876a9a0e71e912590ab68b1a015f6ab076662a2bff8772650e3f0e71c47b70122688d0f1fc14e6a95a221942a232410f3ad7fd4eae71f1001aa05a"})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000040)={0x0, &(0x7f0000000280)=[@uexit={0x0, 0x18, 0x1}, @in_dx={0x69, 0x20, {0x3cd5, 0x2}}, @code={0xa, 0x77, {"b9e70a00000f3243d9fbb9800000c00f3235001000000f30440f01df6767420f2082b9800000c00f3235001000000f30410f0090008000006666420f5c44370048b83d41cf903c893d240f23d80f21f835000000700f23f8b9800000c00f3235000100000f30"}}, @nested_load_code={0x12e, 0x8f, {0x0, "c800087ff30fc7b0636a0000b974080000b85b478f70ba000000000f3066b83d010f00d80f20d835200000000f22d8c7442400a6000000c744240224000000c7442406000000000f01142466b8b5008ec0640f070f008f1d140000c744240038f50000c744240205000000c7442406000000000f011c24"}}, @wrmsr={0x65, 0x20, {0x235, 0xfffffffffffffffc}}, @cpuid={0x64, 0x18, {0x900000}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x3, @control16=0x4, 0x8, 0x6, 0x9}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x2, @ro32=0x4408, 0x4, 0xfff}}, @rdmsr={0x66, 0x18, {0xa77}}, @uexit={0x0, 0x18, 0x51}, @out_dx={0x6a, 0x28, {0xd322, 0x4, 0x3}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x1, @guest16=0x812, 0x401, 0x7, 0x26}}, @set_irq_handler={0xc8, 0x20, {0x5f, 0x1}}, @out_dx={0x6a, 0xfffffffffffffe54, {0x75a1, 0x0, 0x9}}, @nested_intel_vmwrite_mask={0x154, 0x38, {0x2, @guest64=0x280a, 0x6f, 0x800, 0x6}}], 0x2f6})
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f00000000c0)={"49841ada71cfe011e10532489ef0a3127f9f67568978975321ebdb7108d333a8df648f920da594ae3a327a3f1292465c016dbc5261414bd85acd87473d61390f4bbded57a902b5deb9c23c641914f6b147db6146e946ce31b52ff43219cbc1574ebc8f47d0d2a02b89dc02c49f25471af4f2435dd40d0481fe6f0124e4aa9849c9b8358074976ba0dd502c77e65623e41c8ce041fe7058274e54be3d84f5aa382e9032df7a279d491a51e7480061ebb983305b23e584f6b47af6d615b2f0a182d7c0095f222a4a176472ebbd1021d2eb285ff99ea7601c4e25ecd4c055c59c3964e30b2f8567d69324b6828cc0e9c3528f1f4e27527d98bca370c165bfd88348ca0eb405029367247b738c6cce89e3efd4479d8f2fc7dbd015046860acb8a71106b920b09e661065bf765a03317feb4f54d4382ac41850982313319363b14557a5b8a18d60e425b3db6bcd35b03c810c9d398c9d91902878258419a4b02fc4bdc3b69da6c5c27f5a507005a24a3fef74f0b287c3a4cd1517537dc8cf5cf0efd75c11e803e972ecc24c500cc49001f231f74f7120f55004d5621655ba535c8c8a91d2fec5656526974aef9f08d835f6c3c7c570d047312da759708349121ee9f7078926baa412b4ae8076f6b7f2bf46ffe08878e0281bb42ace8eca796933daf7f65530e30eb6b0695a450e50aea20fcabb5fca187f8ee62b93dee581774cefb953b396e5b8a1e3cc1062b001082aa5a434d9f03407c4239d0fcb779eba5a32f473d142ac92042c2b140f12a0181a4d98a0a5a1c80de2363a80dfc365d26e0332ee63e84500f086fffded2d72500cfb5b3b16aefef5d5808f29e1c572df8af9ca90b714fe6c71a1097e58ccb7945341445d2a0c271f5d15a1462be10d757de7cfd980459469387c5049cebcdb62a24cf04418634944354b4690d4974a26ca113eefe5a71b23aa2fbd989f7b6fcf490ed465f219e70b3397dbc63e21b9d3998c4580570c40a2e75cb6845b34236f5a38dde94ae6fac7a994b21e829bdb618b0910b71608ed7893bc927afa06b1d08d18f684d7972e5467ddfebe1982924658db3e5aee3e443f1cd7017d7a27e6e2620673e9afd67c69ae555ec3e67863f1a9ac7d653d38125f51db870ffa8887c08c455a536d70ea0cae525218e8d06865b553b17bacd52630e4765af1036c834e96c193523d8b3bc399ac296fbe53ed4bd454c669f01cb0915cf9fc03b54d93fbc37ace112d4643c64842b60ee6b979703b6448fe7ddaab8d2fc2d417a12f138d61cc3ca311aa09adbad1a0647a62208ca7f9f2a9e6a6c42e6ae926b15d094886a7d6ae787c8238ab4c235541b1432b9e9407d18a0399dfa98b8ee84ccbe16bf8c30e7cf7071ab10eb8ffb0334d2b91135e3294efd14dd06db46be1032a472cdd54bd015f2937fe3d7d691fa9d0b55a0d5d17a9"})

227.064027ms ago: executing program 0 (id=705):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x42042, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000240)={0xfe, 0x0, [{0x7, 0xfffffffe, 0x0, 0x9, 0x2, 0x6}, {0x40000000, 0x8001, 0x1, 0x3, 0x1000, 0x0, 0xd}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})

52.110367ms ago: executing program 3 (id=706):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2c80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x100000, 0xeeee0000, 0xa, 0x9, 0x2, 0x9, 0x5, 0x1, 0x0, 0x3, 0x5, 0x5}, {0xeeef8000, 0x0, 0xa, 0xe, 0x5, 0x7, 0x4, 0x5, 0x4, 0x5, 0x0, 0x3}, {0x5000, 0xdddd0000, 0xb, 0x8, 0x4, 0x7, 0x81, 0x3, 0x3, 0xfd, 0x1, 0x70}, {0x5000, 0x2000, 0xe, 0xfe, 0xfd, 0xaa, 0xc3, 0x0, 0x0, 0x14, 0x80, 0xe}, {0x3000, 0xfec00000, 0x11, 0xff, 0x1, 0x1b, 0x6, 0x5, 0x5, 0x6, 0x0, 0xfc}, {0x100000, 0x0, 0xe, 0xb9, 0x7, 0xe, 0x4, 0x6, 0x8, 0x46, 0x4, 0xd}, {0x8000000, 0x0, 0x10, 0x6, 0x1, 0x8, 0x4, 0xa9, 0x5, 0x84, 0x5, 0xe}, {0xffff1000, 0xdddcc004, 0xa, 0x21, 0x5, 0x8, 0x9, 0x8, 0x7, 0x5, 0x43, 0x3}, {0x1000, 0x5}, {0x6000, 0xa}, 0x60040008, 0x0, 0x8000000, 0x40708, 0xfffffffffffffffe, 0x8000, 0xeeee0c00, [0xfffffffffffffffe, 0x1004, 0x3, 0x8000]})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000140)={0x1, 0x0, [{0x80e, 0x0, 0x9}]})

4.81778ms ago: executing program 5 (id=707):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bff000/0x400000)=nil)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000040)={0x0, 0x0})
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000200)={{0x2, 0x4, 0xb, 0xd, 0x8, 0x9, 0x6, 0x1, 0x0, 0x7, 0x5, 0xeb}, {0xdddd0000, 0x8000000, 0xa, 0xe, 0x5, 0x7, 0x4, 0x14, 0x3, 0x5, 0x0, 0x2}, {0xf000, 0x8000000, 0xb, 0x8, 0x4, 0x9, 0x81, 0x3, 0x10, 0xfe, 0x1, 0x70}, {0x5000, 0x10000, 0x0, 0xfe, 0x6, 0xaa, 0x1, 0x0, 0x0, 0x4, 0x84, 0xe}, {0xf000, 0x3000, 0xc, 0xff, 0x1, 0xb, 0x6, 0x7, 0x4, 0x6, 0x8, 0x7}, {0xd000, 0x3000, 0x9, 0xb9, 0x9, 0x5, 0x4, 0x4, 0x64, 0x1, 0x27, 0x1}, {0x8000000, 0x0, 0x0, 0x1, 0xc, 0x40, 0x4, 0x64, 0xe4, 0x1, 0x14, 0xe}, {0xffff1000, 0xdddcc004, 0xa, 0x21, 0x5, 0x8, 0x8, 0xc7, 0x7, 0x8, 0x43, 0x3}, {0xd000, 0x5}, {0x1, 0x7}, 0x40000000, 0x0, 0x6000, 0x40738, 0x8, 0xa801, 0xeeee0c00, [0x3, 0x5, 0x4, 0xc]})

0s ago: executing program 0 (id=708):
ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000140)={0xffffffffffffffff, 0xc8})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_CREATE_VM(r2, 0x400454d0, 0x100000000000107)

kernel console output (not intermixed with test programs):

plus: bad catalog entry type
[  111.648547][ T4934] BTRFS info (device loop4): has skinny extents
[  112.003954][  T144] hfsplus: b-tree write err: -5, ino 4
[  112.188414][ T4934] BTRFS info (device loop4): clearing free space tree
[  112.205492][ T4934] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  112.212508][ T4977] loop0: detected capacity change from 0 to 1024
[  112.248514][ T4934] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  112.293482][ T4977] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  112.463591][ T4984] loop2: detected capacity change from 0 to 256
[  112.490413][ T4984] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  112.607806][ T4977] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  113.500737][ T4992] netlink: 1688 bytes leftover after parsing attributes in process `syz.3.152'.
[  113.826493][ T5001] af_packet: tpacket_rcv: packet too big, clamped from 4922 to 3956. macoff=92
[  114.053892][ T5012] netlink: 9 bytes leftover after parsing attributes in process `syz.3.158'.
[  114.181392][ T5012] device 
30猉功D entered promiscuous mode
[  114.226255][ T5016] loop4: detected capacity change from 0 to 512
[  114.373765][ T5016] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,nojournal_checksum,,errors=continue. Quota mode: writeback.
[  114.394393][ T5016] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.425312][ T5016] fscrypt (loop4, inode 15): Error -61 getting encryption context
[  114.483311][ T4997] loop1: detected capacity change from 0 to 32768
[  114.557492][    T7] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  114.575489][ T4997] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  114.629785][ T4997] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  114.639074][ T4611] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  114.735946][ T4997] netlink: 'syz.1.155': attribute type 3 has an invalid length.
[  114.837526][    T7] usb 4-1: Using ep0 maxpacket: 8
[  114.861412][ T5029] loop4: detected capacity change from 0 to 256
[  114.877575][ T4611] usb 1-1: Using ep0 maxpacket: 16
[  116.197717][ T5029] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  116.347495][ T4611] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8
[  116.389434][    T7] usb 4-1: config 0 has an invalid interface number: 150 but max is 0
[  116.506304][    T7] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  116.689339][    T7] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  116.741611][    T7] usb 4-1: config 0 has no interface number 1
[  116.777362][    T7] usb 4-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  116.789101][ T5024] loop2: detected capacity change from 0 to 32768
[  116.808243][ T5024] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.162 (5024)
[  116.820846][ T4611] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  116.835585][ T4611] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.853970][ T4611] usb 1-1: Product: syz
[  116.863543][    T7] usb 4-1: config 0 interface 150 has no altsetting 0
[  116.874372][ T4611] usb 1-1: Manufacturer: syz
[  116.884481][ T4611] usb 1-1: SerialNumber: syz
[  116.902680][    T7] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  116.906478][ T4611] usb 1-1: config 0 descriptor??
[  116.941911][    T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  116.980859][ T4611] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  116.993983][ T5024] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  116.996062][    T7] usb 4-1: config 0 descriptor??
[  117.026710][ T5024] BTRFS info (device loop2): setting nodatacow, compression disabled
[  117.040327][ T4611] usb 1-1: Detected FT232RL
[  117.068688][ T5024] BTRFS info (device loop2): force clearing of disk cache
[  117.069610][ T4188] ocfs2: Unmounting device (7,1) on (node local)
[  117.083285][    T7] usb 4-1: can't set config #0, error -71
[  117.117320][ T5024] BTRFS info (device loop2): enabling ssd optimizations
[  117.124532][    T7] usb 4-1: USB disconnect, device number 3
[  117.147964][ T5024] BTRFS info (device loop2): using spread ssd allocation scheme
[  117.203604][ T5038] loop3: detected capacity change from 0 to 1024
[  117.216678][ T5024] BTRFS info (device loop2): turning off barriers
[  117.227729][ T5024] BTRFS info (device loop2): disabling free space tree
[  117.234624][ T5024] BTRFS info (device loop2): not using ssd optimizations
[  117.314161][ T5024] BTRFS info (device loop2): not using spread ssd allocation scheme
[  117.357047][ T5038] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  117.365571][ T5024] BTRFS info (device loop2): has skinny extents
[  117.423508][ T5021] raw_sendmsg: syz.0.161 forgot to set AF_INET. Fix it!
[  117.505121][ T5048] loop1: detected capacity change from 0 to 1024
[  117.527836][ T4611] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  117.540239][ T5038] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  117.566811][ T5024] BTRFS error (device loop2): open_ctree failed: -12
[  117.807486][ T4611] ftdi_sio 1-1:0.0: GPIO initialisation failed: -32
[  117.833578][ T4611] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  118.636625][ T5071] netlink: 1688 bytes leftover after parsing attributes in process `syz.2.167'.
[  118.667154][ T4361] hfsplus: b-tree write err: -5, ino 3
[  118.844893][ T4256] usb 1-1: USB disconnect, device number 4
[  118.884496][ T4256] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  118.988621][ T5084] usb usb9: usbfs: process 5084 (syz.3.172) did not claim interface 0 before use
[  119.000151][ T5084] sd 0:0:1:0: device reset
[  119.057473][ T5085] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  119.257924][ T4256] ftdi_sio 1-1:0.0: device disconnected
[  119.626209][ T5098] loop0: detected capacity change from 0 to 256
[  119.661921][ T5101] netlink: 9 bytes leftover after parsing attributes in process `syz.2.177'.
[  119.702941][ T5098] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  119.816126][ T5101] device 
30猉功D entered promiscuous mode
[  119.940955][ T5105] loop4: detected capacity change from 0 to 1024
[  120.020730][ T5105] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  120.065298][ T5105] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  120.097466][ T4611] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  120.357373][ T4611] usb 3-1: Using ep0 maxpacket: 8
[  120.452048][ T5111] netlink: 1688 bytes leftover after parsing attributes in process `syz.1.180'.
[  120.497879][ T4611] usb 3-1: config 0 has an invalid interface number: 150 but max is 0
[  120.508816][ T4611] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  120.523411][ T5096] loop3: detected capacity change from 0 to 32768
[  120.554553][ T4611] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  120.579326][ T5113] loop0: detected capacity change from 0 to 1024
[  120.599742][ T5096] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  120.614097][ T4611] usb 3-1: config 0 has no interface number 1
[  120.651059][ T4611] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  120.719017][ T5096] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  120.778648][ T4611] usb 3-1: config 0 interface 150 has no altsetting 0
[  120.845723][ T4611] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  120.855869][ T4611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.865740][ T5122] netlink: 'syz.3.174': attribute type 3 has an invalid length.
[  120.875149][ T4611] usb 3-1: config 0 descriptor??
[  120.951362][ T5123] hfsplus: bad catalog entry type
[  121.560181][  T154] hfsplus: b-tree write err: -5, ino 4
[  121.574337][ T4189] ocfs2: Unmounting device (7,3) on (node local)
[  121.822094][ T5131] FAULT_INJECTION: forcing a failure.
[  121.822094][ T5131] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  121.894691][ T5131] CPU: 0 PID: 5131 Comm: syz.4.186 Not tainted syzkaller #0
[  121.902058][ T5131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  121.912165][ T5131] Call Trace:
[  121.915492][ T5131]  <TASK>
[  121.918456][ T5131]  dump_stack_lvl+0x188/0x250
[  121.921181][ T5133] FAULT_INJECTION: forcing a failure.
[  121.921181][ T5133] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  121.923224][ T5131]  ? show_regs_print_info+0x20/0x20
[  121.941693][ T5131]  ? load_image+0x400/0x400
[  121.946263][ T5131]  ? __lock_acquire+0x7d10/0x7d10
[  121.951339][ T5131]  should_fail+0x38c/0x4c0
[  121.955810][ T5131]  _copy_to_user+0x2e/0x130
[  121.960357][ T5131]  simple_read_from_buffer+0xe3/0x150
[  121.965787][ T5131]  proc_fail_nth_read+0x1a6/0x220
[  121.970876][ T5131]  ? proc_fault_inject_write+0x310/0x310
[  121.976555][ T5131]  ? fsnotify_perm+0x254/0x560
[  121.981361][ T5131]  ? proc_fault_inject_write+0x310/0x310
[  121.987038][ T5131]  vfs_read+0x301/0xd60
[  121.991248][ T5131]  ? kernel_read+0x1e0/0x1e0
[  121.995892][ T5131]  ? __fget_files+0x40f/0x480
[  122.000612][ T5131]  ? mutex_lock_nested+0x17/0x20
[  122.005591][ T5131]  ? __fdget_pos+0x2bf/0x370
[  122.010219][ T5131]  ? ksys_read+0x71/0x260
[  122.014590][ T5131]  ksys_read+0x152/0x260
[  122.018876][ T5131]  ? vfs_write+0xd60/0xd60
[  122.023329][ T5131]  ? lockdep_hardirqs_on+0x94/0x140
[  122.028571][ T5131]  do_syscall_64+0x4c/0xa0
[  122.033032][ T5131]  ? clear_bhb_loop+0x30/0x80
[  122.037745][ T5131]  ? clear_bhb_loop+0x30/0x80
[  122.042453][ T5131]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  122.048397][ T5131] RIP: 0033:0x7fc93618178e
[  122.052848][ T5131] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  122.072491][ T5131] RSP: 002b:00007fc93441bfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  122.080966][ T5131] RAX: ffffffffffffffda RBX: 00007fc93441c6c0 RCX: 00007fc93618178e
[  122.088980][ T5131] RDX: 000000000000000f RSI: 00007fc93441c0a0 RDI: 0000000000000007
[  122.097007][ T5131] RBP: 00007fc93441c090 R08: 0000000000000000 R09: 0000000000000000
[  122.105023][ T5131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.113037][ T5131] R13: 00007fc93643c038 R14: 00007fc93643bfa0 R15: 00007ffceb36a998
[  122.121059][ T5131]  </TASK>
[  122.124114][ T5133] CPU: 1 PID: 5133 Comm: syz.1.187 Not tainted syzkaller #0
[  122.131452][ T5133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  122.141565][ T5133] Call Trace:
[  122.144883][ T5133]  <TASK>
[  122.147846][ T5133]  dump_stack_lvl+0x188/0x250
[  122.152567][ T5133]  ? show_regs_print_info+0x20/0x20
[  122.157808][ T5133]  ? load_image+0x400/0x400
[  122.162365][ T5133]  ? __lock_acquire+0x7d10/0x7d10
[  122.167437][ T5133]  should_fail+0x38c/0x4c0
[  122.171902][ T5133]  _copy_from_user+0x2e/0x170
[  122.176627][ T5133]  memdup_user+0x5b/0xb0
[  122.180906][ T5133]  nvram_misc_write+0x7f/0xd0
[  122.185624][ T5102] netlink: 5 bytes leftover after parsing attributes in process `syz.2.177'.
[  122.185631][ T5133]  ? nvram_misc_read+0x180/0x180
[  122.199378][ T5133]  vfs_write+0x30b/0xd60
[  122.203660][ T5133]  ? file_end_write+0x250/0x250
[  122.208548][ T5133]  ? __fget_files+0x40f/0x480
[  122.213273][ T5133]  ? __fdget_pos+0x1e2/0x370
[  122.217900][ T5133]  ? ksys_write+0x71/0x260
[  122.222355][ T5133]  ksys_write+0x152/0x260
[  122.226729][ T5133]  ? __ia32_sys_read+0x80/0x80
[  122.231535][ T5133]  ? lockdep_hardirqs_on+0x94/0x140
[  122.236790][ T5133]  do_syscall_64+0x4c/0xa0
[  122.241249][ T5133]  ? clear_bhb_loop+0x30/0x80
[  122.243682][ T5102] 1猉功D: renamed from 
30猉功D
[  122.245960][ T5133]  ? clear_bhb_loop+0x30/0x80
[  122.245987][ T5133]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  122.246011][ T5133] RIP: 0033:0x7f07ccf70eb9
[  122.265908][ T5133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  122.285553][ T5133] RSP: 002b:00007f07cb1cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  122.294012][ T5133] RAX: ffffffffffffffda RBX: 00007f07cd1ebfa0 RCX: 00007f07ccf70eb9
[  122.302027][ T5133] RDX: 0000000000000003 RSI: 0000200000000340 RDI: 0000000000000003
[  122.310039][ T5133] RBP: 00007f07cb1cc090 R08: 0000000000000000 R09: 0000000000000000
[  122.318050][ T5133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  122.326056][ T5133] R13: 00007f07cd1ec038 R14: 00007f07cd1ebfa0 R15: 00007ffcec335d38
[  122.334075][ T5133]  </TASK>
[  122.341330][ T5102] device 
31猉功D left promiscuous mode
[  122.351423][ T5102] A link change request failed with some changes committed already. Interface 
31猉功D may have been left with an inconsistent configuration, please check.
[  122.392884][ T5139] usb usb9: usbfs: process 5139 (syz.3.184) did not claim interface 0 before use
[  122.404682][ T5139] sd 0:0:1:0: device reset
[  122.790221][ T4256] usb 3-1: USB disconnect, device number 3
[  122.935368][ T5151] loop0: detected capacity change from 0 to 1024
[  122.996605][ T5152] netlink: 'syz.2.191': attribute type 72 has an invalid length.
[  123.072099][ T5151] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  123.138376][ T5151] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  123.529206][ T5161] usb usb9: usbfs: process 5161 (syz.3.189) did not claim interface 0 before use
[  123.541284][ T5161] sd 0:0:1:0: device reset
[  124.052625][ T5170] loop3: detected capacity change from 0 to 1024
[  124.127118][ T5175] usb usb9: usbfs: process 5175 (syz.4.199) did not claim interface 0 before use
[  124.139234][ T5175] sd 0:0:1:0: device reset
[  124.450287][ T5168] hfsplus: bad catalog entry type
[  124.594594][ T5159] loop1: detected capacity change from 0 to 32768
[  124.693103][ T5159] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  124.728631][ T5159] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  124.747028][ T4358] hfsplus: b-tree write err: -5, ino 4
[  124.825318][ T5185] fuse: Unknown parameter '0x00000000000000040x0000000000000006'
[  124.828299][ T5159] netlink: 'syz.1.194': attribute type 3 has an invalid length.
[  125.147838][ T4188] ocfs2: Unmounting device (7,1) on (node local)
[  125.195568][ T5201] loop0: detected capacity change from 0 to 1024
[  125.253016][ T5201] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  125.271901][ T5198] netlink: 'syz.3.203': attribute type 72 has an invalid length.
[  125.375014][ T5201] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  125.538648][ T5218] netlink: 9 bytes leftover after parsing attributes in process `syz.3.211'.
[  125.857401][ T4400] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  125.906950][ T5227] netlink: 12 bytes leftover after parsing attributes in process `syz.4.212'.
[  126.004071][ T5229] loop4: detected capacity change from 0 to 128
[  126.112193][ T4400] usb 4-1: Using ep0 maxpacket: 8
[  126.157216][ T5229] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  126.177983][ T5229] ext4 filesystem being mounted at /44/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  126.273115][ T5233] usb usb9: usbfs: process 5233 (syz.0.214) did not claim interface 0 before use
[  126.284984][ T5233] sd 0:0:1:0: device reset
[  126.317892][ T5229] FAULT_INJECTION: forcing a failure.
[  126.317892][ T5229] name failslab, interval 1, probability 0, space 0, times 1
[  126.343717][ T5229] CPU: 1 PID: 5229 Comm: syz.4.213 Not tainted syzkaller #0
[  126.351262][ T5229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  126.361357][ T5229] Call Trace:
[  126.364658][ T5229]  <TASK>
[  126.367604][ T5229]  dump_stack_lvl+0x188/0x250
[  126.372310][ T5229]  ? show_regs_print_info+0x20/0x20
[  126.377547][ T5229]  ? load_image+0x400/0x400
[  126.382090][ T5229]  ? __might_sleep+0xf0/0xf0
[  126.386707][ T5229]  ? __lock_acquire+0x7d10/0x7d10
[  126.391766][ T5229]  ? mark_lock+0x94/0x320
[  126.396127][ T5229]  should_fail+0x38c/0x4c0
[  126.400613][ T5229]  should_failslab+0x5/0x20
[  126.405141][ T5229]  slab_pre_alloc_hook+0x51/0xc0
[  126.410116][ T5229]  __kmalloc+0x6b/0x330
[  126.414298][ T5229]  ? ext4_find_extent+0x367/0xe00
[  126.419371][ T5229]  ext4_find_extent+0x367/0xe00
[  126.424272][ T5229]  ext4_ext_map_blocks+0x281/0x6580
[  126.429503][ T5229]  ? verify_lock_unused+0x140/0x140
[  126.434729][ T5229]  ? mark_lock+0x94/0x320
[  126.439128][ T5229]  ? ext4_ext_release+0x10/0x10
[  126.444019][ T5229]  ? __might_sleep+0xf0/0xf0
[  126.448637][ T5229]  ? __lock_acquire+0x12e8/0x7d10
[  126.453733][ T5229]  ? down_read+0x1aa/0x2e0
[  126.458199][ T5229]  ext4_map_blocks+0x3b7/0x1b30
[  126.463100][ T5229]  ? ext4_issue_zeroout+0x250/0x250
[  126.468349][ T5229]  ext4_getblk+0x176/0x670
[  126.472816][ T5229]  ? ext4_get_block_unwritten+0x30/0x30
[  126.478505][ T5229]  ? __lock_acquire+0x7d10/0x7d10
[  126.483573][ T5229]  ext4_bread+0x26/0x180
[  126.487850][ T5229]  __ext4_read_dirblock+0xcb/0x890
[  126.493001][ T5229]  htree_dirblock_to_tree+0x280/0xeb0
[  126.498419][ T5229]  ? lockdep_hardirqs_on+0x94/0x140
[  126.503667][ T5229]  ? _raw_spin_unlock+0x40/0x40
[  126.508551][ T5229]  ? stack_trace_save+0xa6/0xf0
[  126.513428][ T5229]  ? ext4_htree_fill_tree+0x1170/0x1170
[  126.519016][ T5229]  ext4_htree_fill_tree+0x625/0x1170
[  126.524449][ T5229]  ? ext4_handle_dirty_dirblock+0x650/0x650
[  126.530420][ T5229]  ext4_readdir+0x2cf4/0x3b40
[  126.535160][ T5229]  ? memset+0x1e/0x40
[  126.539196][ T5229]  ? ext4_dir_llseek+0x4b0/0x4b0
[  126.544167][ T5229]  ? __might_sleep+0xf0/0xf0
[  126.548788][ T5229]  ? read_lock_is_recursive+0x10/0x10
[  126.554193][ T5229]  ? mutex_lock_io_nested+0x60/0x60
[  126.559432][ T5229]  ? end_current_label_crit_section+0x14b/0x170
[  126.565709][ T5229]  ? iterate_dir+0x10d/0x560
[  126.570328][ T5229]  ? down_read_killable+0x1ce/0x340
[  126.575567][ T5229]  iterate_dir+0x218/0x560
[  126.580034][ T5229]  ? ext4_dir_llseek+0x4b0/0x4b0
[  126.585015][ T5229]  __se_sys_getdents+0xf2/0x260
[  126.589910][ T5229]  ? __x64_sys_getdents+0x80/0x80
[  126.594962][ T5229]  ? fillonedir+0x4e0/0x4e0
[  126.599492][ T5229]  ? vtime_user_exit+0x2c8/0x3e0
[  126.604483][ T5229]  ? lockdep_hardirqs_on+0x94/0x140
[  126.609718][ T5229]  do_syscall_64+0x4c/0xa0
[  126.614163][ T5229]  ? clear_bhb_loop+0x30/0x80
[  126.618900][ T5229]  ? clear_bhb_loop+0x30/0x80
[  126.623631][ T5229]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  126.629562][ T5229] RIP: 0033:0x7fc9361c0eb9
[  126.634038][ T5229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  126.653721][ T5229] RSP: 002b:00007fc93441c028 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  126.662168][ T5229] RAX: ffffffffffffffda RBX: 00007fc93643bfa0 RCX: 00007fc9361c0eb9
[  126.670175][ T5229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005
[  126.678170][ T5229] RBP: 00007fc93441c090 R08: 0000000000000000 R09: 0000000000000000
[  126.686165][ T5229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  126.694161][ T5229] R13: 00007fc93643c038 R14: 00007fc93643bfa0 R15: 00007ffceb36a998
[  126.702173][ T5229]  </TASK>
[  126.738032][ T5229] EXT4-fs warning (device loop4): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz.4.213: error -12 reading directory block
[  126.874081][ T4400] usb 4-1: config 0 has an invalid interface number: 150 but max is 0
[  126.883809][ T4400] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  126.893991][ T4400] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  126.903011][ T4400] usb 4-1: config 0 has no interface number 1
[  126.909199][ T4400] usb 4-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  126.922226][ T4400] usb 4-1: config 0 interface 150 has no altsetting 0
[  126.929221][ T4400] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  126.938835][ T4400] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.948936][ T4400] usb 4-1: config 0 descriptor??
[  127.028842][ T5238] loop2: detected capacity change from 0 to 128
[  127.049505][ T5240] loop4: detected capacity change from 0 to 128
[  127.388115][ T5240] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  127.438766][ T5236] loop1: detected capacity change from 0 to 32768
[  127.521673][ T5240] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  127.543347][ T5240] ext2 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.571280][ T5236] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  127.642012][ T5236] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  127.691362][ T5236] netlink: 'syz.1.215': attribute type 3 has an invalid length.
[  127.735738][ T5222] netlink: 5 bytes leftover after parsing attributes in process `syz.3.211'.
[  127.809061][ T5263] loop0: detected capacity change from 0 to 256
[  129.288627][ T5263] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  129.304947][ T5222] 1猉功D: renamed from 
30猉功D
[  129.588904][ T4188] ocfs2: Unmounting device (7,1) on (node local)
[  129.675272][ T5222] device 
31猉功D left promiscuous mode
[  129.837764][ T5222] A link change request failed with some changes committed already. Interface 
31猉功D may have been left with an inconsistent configuration, please check.
[  129.908115][ T5267] netlink: 12 bytes leftover after parsing attributes in process `syz.1.223'.
[  129.923887][ T4696] usb 4-1: USB disconnect, device number 4
[  130.065191][ T5271] loop3: detected capacity change from 0 to 2048
[  130.106135][ T5278] loop4: detected capacity change from 0 to 1024
[  130.160808][ T5271]  loop3: p1 < > p3
[  130.175286][ T5271] loop3: p3 size 134217728 extends beyond EOD, truncated
[  130.185205][ T5278] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  130.269951][ T5283] usb usb9: usbfs: process 5283 (syz.1.229) did not claim interface 0 before use
[  130.281552][ T5283] sd 0:0:1:0: device reset
[  130.525595][ T5278] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  130.653136][ T3560]  loop3: p1 < > p3
[  130.660693][ T3560] loop3: p3 size 134217728 extends beyond EOD, truncated
[  131.044989][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  131.079294][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  131.136779][ T5305] netlink: 12 bytes leftover after parsing attributes in process `syz.1.236'.
[  131.235284][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  131.245768][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  131.364638][ T5309] loop3: detected capacity change from 0 to 64
[  131.388272][ T5310] loop4: detected capacity change from 0 to 256
[  131.414391][ T5310] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  131.427358][ T4696] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  132.272125][ T5297] loop2: detected capacity change from 0 to 32768
[  132.369456][ T5297] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  132.387391][ T4696] usb 1-1: Using ep0 maxpacket: 8
[  132.433500][ T5297] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  132.444031][ T5323] loop1: detected capacity change from 0 to 128
[  132.464360][ T5297] netlink: 'syz.2.233': attribute type 3 has an invalid length.
[  132.493957][ T5323] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  132.507668][ T5323] ext4 filesystem being mounted at /43/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  132.544952][ T4696] usb 1-1: config 0 has an invalid interface number: 150 but max is 0
[  132.587166][ T5328] netlink: 'syz.3.240': attribute type 72 has an invalid length.
[  132.601833][ T4696] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  132.646729][ T4187] ocfs2: Unmounting device (7,2) on (node local)
[  132.652450][ T4696] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  132.696734][ T4696] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  132.729254][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  132.735570][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  132.744353][ T4696] usb 1-1: config 0 has no interface number 0
[  132.757935][ T4696] usb 1-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  132.785300][ T5333] loop3: detected capacity change from 0 to 1024
[  132.791892][ T4696] usb 1-1: config 0 interface 150 has no altsetting 0
[  132.805206][ T4696] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  132.807174][ T5335] loop4: detected capacity change from 0 to 16
[  132.823846][ T4696] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.857090][ T4696] usb 1-1: config 0 descriptor??
[  132.877422][ T5333] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  132.889654][ T5335] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  132.963539][ T5333] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  133.076875][ T4194] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201'
[  133.087743][ T4194] CPU: 0 PID: 4194 Comm: kworker/u5:4 Not tainted syzkaller #0
[  133.095322][ T4194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  133.105382][ T4194] Workqueue: hci3 hci_rx_work
[  133.110070][ T4194] Call Trace:
[  133.113347][ T4194]  <TASK>
[  133.116268][ T4194]  dump_stack_lvl+0x188/0x250
[  133.120959][ T4194]  ? show_regs_print_info+0x20/0x20
[  133.126170][ T4194]  ? load_image+0x400/0x400
[  133.130693][ T4194]  sysfs_create_dir_ns+0x26a/0x290
[  133.135851][ T4194]  ? sysfs_warn_dup+0xa0/0xa0
[  133.140538][ T4194]  ? process_one_work+0x85f/0x1010
[  133.145682][ T4194]  ? do_raw_spin_unlock+0x11d/0x230
[  133.150898][ T4194]  kobject_add_internal+0x6e0/0xd90
[  133.156102][ T4194]  kobject_add+0x160/0x230
[  133.160539][ T4194]  ? kobject_init+0x1d0/0x1d0
[  133.165222][ T4194]  ? klist_children_get+0x50/0x50
[  133.170257][ T4194]  ? get_device_parent+0x121/0x3f0
[  133.175365][ T4194]  device_add+0x483/0xfb0
[  133.179708][ T4194]  hci_conn_add_sysfs+0xd1/0x1e0
[  133.184658][ T4194]  le_conn_complete_evt+0xc48/0x15c0
[  133.189943][ T4194]  ? cs_le_create_conn+0x5e0/0x5e0
[  133.195058][ T4194]  ? __mutex_trylock_common+0x155/0x260
[  133.200658][ T4194]  hci_le_meta_evt+0x285/0x3c90
[  133.205503][ T4194]  ? hci_event_packet+0x37b/0x1370
[  133.210620][ T4194]  ? __lock_acquire+0x7d10/0x7d10
[  133.215653][ T4194]  ? hci_remote_host_features_evt+0x280/0x280
[  133.221711][ T4194]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  133.227346][ T4194]  ? mark_lock+0x94/0x320
[  133.231675][ T4194]  ? mutex_unlock+0x10/0x10
[  133.236200][ T4194]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  133.242212][ T4194]  ? lock_chain_count+0x20/0x20
[  133.247083][ T4194]  ? __rwlock_init+0x140/0x140
[  133.251872][ T4194]  hci_event_packet+0xe48/0x1370
[  133.256835][ T4194]  ? lockdep_hardirqs_on+0x94/0x140
[  133.262063][ T4194]  ? rcu_lock_release+0x20/0x20
[  133.266937][ T4194]  ? hci_send_to_monitor+0x9c/0x4a0
[  133.272146][ T4194]  hci_rx_work+0x255/0xa10
[  133.276576][ T4194]  process_one_work+0x85f/0x1010
[  133.281545][ T4194]  ? worker_detach_from_pool+0x240/0x240
[  133.287183][ T4194]  ? lockdep_hardirqs_off+0x70/0x100
[  133.292481][ T4194]  ? _raw_spin_lock_irq+0xb7/0xf0
[  133.297517][ T4194]  ? _raw_spin_lock_irqsave+0x100/0x100
[  133.303121][ T4194]  ? wq_worker_running+0x97/0x170
[  133.308170][ T4194]  worker_thread+0xaa6/0x1290
[  133.312905][ T4194]  ? lockdep_hardirqs_on+0x94/0x140
[  133.318141][ T4194]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  133.324069][ T4194]  kthread+0x436/0x520
[  133.328142][ T4194]  ? rcu_lock_release+0x20/0x20
[  133.333031][ T4194]  ? kthread_blkcg+0xd0/0xd0
[  133.337647][ T4194]  ret_from_fork+0x1f/0x30
[  133.342088][ T4194]  </TASK>
[  133.348122][ T4194] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  133.361697][ T4194] Bluetooth: hci3: failed to register connection device
[  133.444580][ T4696] usb 1-1: USB disconnect, device number 5
[  133.719057][ T5354] syz.1.251 uses obsolete (PF_INET,SOCK_PACKET)
[  133.741707][ T5350] netlink: 12 bytes leftover after parsing attributes in process `syz.2.249'.
[  133.918777][ T5354] loop1: detected capacity change from 0 to 1024
[  134.115419][ T5367] usb usb9: usbfs: process 5367 (syz.4.250) did not claim interface 0 before use
[  134.150111][ T5367] sd 0:0:1:0: device reset
[  134.169540][ T5369] FAULT_INJECTION: forcing a failure.
[  134.169540][ T5369] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.265380][ T5371] FAULT_INJECTION: forcing a failure.
[  134.265380][ T5371] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  134.278522][ T5371] CPU: 0 PID: 5371 Comm: syz.3.254 Not tainted syzkaller #0
[  134.285819][ T5371] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  134.295888][ T5371] Call Trace:
[  134.299200][ T5371]  <TASK>
[  134.302147][ T5371]  dump_stack_lvl+0x188/0x250
[  134.306841][ T5371]  ? show_regs_print_info+0x20/0x20
[  134.312069][ T5371]  ? load_image+0x400/0x400
[  134.316595][ T5371]  ? __lock_acquire+0x7d10/0x7d10
[  134.321644][ T5371]  ? finish_lock_switch+0x12f/0x280
[  134.326889][ T5371]  ? lockdep_hardirqs_on+0x94/0x140
[  134.332429][ T5371]  should_fail+0x38c/0x4c0
[  134.336881][ T5371]  strncpy_from_user+0x32/0x360
[  134.341768][ T5371]  bpf_prog_load+0x1f0/0x1510
[  134.346480][ T5371]  ? map_freeze+0x350/0x350
[  134.351012][ T5371]  ? __might_fault+0xb7/0x110
[  134.355737][ T5371]  ? __might_fault+0xb3/0x110
[  134.360555][ T5371]  ? bpf_lsm_bpf+0x5/0x10
[  134.364927][ T5371]  ? security_bpf+0x7a/0xa0
[  134.369453][ T5371]  __sys_bpf+0x532/0x6f0
[  134.373728][ T5371]  ? bpf_link_show_fdinfo+0x380/0x380
[  134.379161][ T5371]  __x64_sys_bpf+0x78/0x90
[  134.383619][ T5371]  do_syscall_64+0x4c/0xa0
[  134.388066][ T5371]  ? clear_bhb_loop+0x30/0x80
[  134.392762][ T5371]  ? clear_bhb_loop+0x30/0x80
[  134.397465][ T5371]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  134.403380][ T5371] RIP: 0033:0x7fde7089deb9
[  134.407812][ T5371] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  134.427435][ T5371] RSP: 002b:00007fde6eab7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  134.435954][ T5371] RAX: ffffffffffffffda RBX: 00007fde70b19180 RCX: 00007fde7089deb9
[  134.443947][ T5371] RDX: 0000000000000058 RSI: 0000200000000080 RDI: 0000000000000005
[  134.451930][ T5371] RBP: 00007fde6eab7090 R08: 0000000000000000 R09: 0000000000000000
[  134.459918][ T5371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  134.468059][ T5371] R13: 00007fde70b19218 R14: 00007fde70b19180 R15: 00007ffd3bd0ce28
[  134.476065][ T5371]  </TASK>
[  134.547196][ T5371] loop3: detected capacity change from 0 to 2048
[  134.558786][ T5369] CPU: 0 PID: 5369 Comm: syz.0.256 Not tainted syzkaller #0
[  134.566106][ T5369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  134.576169][ T5369] Call Trace:
[  134.579468][ T5369]  <TASK>
[  134.582417][ T5369]  dump_stack_lvl+0x188/0x250
[  134.587111][ T5369]  ? show_regs_print_info+0x20/0x20
[  134.592319][ T5369]  ? load_image+0x400/0x400
[  134.596840][ T5369]  ? __lock_acquire+0x7d10/0x7d10
[  134.601884][ T5369]  should_fail+0x38c/0x4c0
[  134.606328][ T5369]  _copy_from_user+0x2e/0x170
[  134.611067][ T5369]  __se_sys_memfd_create+0x189/0x450
[  134.616375][ T5369]  ? __x64_sys_memfd_create+0x60/0x60
[  134.621768][ T5369]  ? lockdep_hardirqs_on+0x94/0x140
[  134.626993][ T5369]  do_syscall_64+0x4c/0xa0
[  134.631438][ T5369]  ? clear_bhb_loop+0x30/0x80
[  134.636132][ T5369]  ? clear_bhb_loop+0x30/0x80
[  134.640838][ T5369]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  134.646742][ T5369] RIP: 0033:0x7f6d67808eb9
[  134.651167][ T5369] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  134.670779][ T5369] RSP: 002b:00007f6d65a63d58 EFLAGS: 00000206 ORIG_RAX: 000000000000013f
[  134.679211][ T5369] RAX: ffffffffffffffda RBX: 0000000000000635 RCX: 00007f6d67808eb9
[  134.687189][ T5369] RDX: 00007f6d65a63ddc RSI: 0000000000000000 RDI: 00007f6d67875333
[  134.695173][ T5369] RBP: 0000200000000000 R08: 00000000ffffffff R09: 0000000000000000
[  134.703169][ T5369] R10: 0000000000000001 R11: 0000000000000206 R12: 0000000000000001
[  134.711150][ T5369] R13: 00007f6d65a63ddc R14: 00007f6d65a63de0 R15: 00007ffeb6703c28
[  134.719145][ T5369]  </TASK>
[  134.910625][ T5371]  loop3: p1 < > p3 p4
[  134.910625][ T5371]  p4: <solaris: [s1] p5 [s2] p6 >
[  134.924063][ T5371] loop3: p3 start 458752 is beyond EOD, truncated
[  134.931308][ T5371] loop3: p4 size 722688 extends beyond EOD, truncated
[  134.938961][ T5371] loop3: p5 start 262464109 is beyond EOD, truncated
[  134.945663][ T5371] loop3: p6 size 2304 extends beyond EOD, truncated
[  135.106710][ T4989] hfsplus: b-tree write err: -5, ino 4
[  135.205123][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[  135.216988][ T4175] udevd[4175]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  135.306408][ T4173] udevd[4173]: inotify_add_watch(7, /dev/loop3p6, 10) failed: No such file or directory
[  135.556519][ T5384] loop0: detected capacity change from 0 to 1024
[  135.580523][ T5385] loop1: detected capacity change from 0 to 256
[  137.110030][ T5385] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  137.405568][ T5384] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  137.700349][ T5384] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  137.902488][ T5397] overlayfs: missing 'lowerdir'
[  137.952973][ T5399] netlink: 12 bytes leftover after parsing attributes in process `syz.1.263'.
[  138.142231][ T5403] netlink: 9 bytes leftover after parsing attributes in process `syz.1.265'.
[  138.178168][ T5403] device gretap0 entered promiscuous mode
[  138.297713][ T5412] loop0: detected capacity change from 0 to 1024
[  138.437403][ T4604] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  138.457558][ T4696] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  138.573482][ T5417] FAULT_INJECTION: forcing a failure.
[  138.573482][ T5417] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  138.586984][ T5417] CPU: 0 PID: 5417 Comm: syz.4.270 Not tainted syzkaller #0
[  138.594302][ T5417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  138.604389][ T5417] Call Trace:
[  138.607689][ T5417]  <TASK>
[  138.610632][ T5417]  dump_stack_lvl+0x188/0x250
[  138.615339][ T5417]  ? show_regs_print_info+0x20/0x20
[  138.620603][ T5417]  ? load_image+0x400/0x400
[  138.625172][ T5417]  ? __lock_acquire+0x7d10/0x7d10
[  138.630237][ T5417]  should_fail+0x38c/0x4c0
[  138.634691][ T5417]  _copy_from_user+0x2e/0x170
[  138.639398][ T5417]  iovec_from_user+0x142/0x370
[  138.644191][ T5417]  __import_iovec+0x70/0x490
[  138.648815][ T5417]  import_iovec+0x6f/0xa0
[  138.653181][ T5417]  ___sys_sendmsg+0x1fd/0x2e0
[  138.657887][ T5417]  ? __sys_sendmsg+0x2a0/0x2a0
[  138.662681][ T5417]  ? vfs_write+0x8b2/0xd60
[  138.667135][ T5417]  __se_sys_sendmsg+0x1af/0x290
[  138.672008][ T5417]  ? __x64_sys_sendmsg+0x80/0x80
[  138.676779][ T5418] hfsplus: bad catalog entry type
[  138.676963][ T5417]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  138.688000][ T5417]  ? lockdep_hardirqs_on+0x94/0x140
[  138.693238][ T5417]  do_syscall_64+0x4c/0xa0
[  138.697673][ T5417]  ? clear_bhb_loop+0x30/0x80
[  138.702373][ T5417]  ? clear_bhb_loop+0x30/0x80
[  138.707074][ T5417]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  138.713027][ T5417] RIP: 0033:0x7fc9361c0eb9
[  138.717491][ T5417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  138.718167][ T4696] usb 2-1: Using ep0 maxpacket: 8
[  138.737212][ T5417] RSP: 002b:00007fc93441c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  138.737236][ T5417] RAX: ffffffffffffffda RBX: 00007fc93643bfa0 RCX: 00007fc9361c0eb9
[  138.737250][ T5417] RDX: 0000000000000000 RSI: 0000200000000380 RDI: 0000000000000003
[  138.737262][ T5417] RBP: 00007fc93441c090 R08: 0000000000000000 R09: 0000000000000000
[  138.737274][ T5417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.737285][ T5417] R13: 00007fc93643c038 R14: 00007fc93643bfa0 R15: 00007ffceb36a998
[  138.737310][ T5417]  </TASK>
[  138.868907][ T4604] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  138.893876][ T4604] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  138.918206][ T4696] usb 2-1: config 0 has an invalid interface number: 150 but max is 0
[  138.931876][ T4696] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  138.941346][ T4696] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  138.955911][ T4696] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  138.982193][ T4696] usb 2-1: config 0 has no interface number 0
[  138.989674][ T4604] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  139.006294][ T4604] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  139.016571][ T4696] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  139.035494][ T4604] usb 4-1: SerialNumber: syz
[  139.056971][ T4696] usb 2-1: config 0 interface 150 has no altsetting 0
[  139.064113][ T4696] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  139.080921][ T4696] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.112464][ T4696] usb 2-1: config 0 descriptor??
[  139.213513][  T144] hfsplus: b-tree write err: -5, ino 4
[  139.473943][ T4604] usb 4-1: 0:2 : does not exist
[  139.537613][    T7] Bluetooth: hci3: command 0x0406 tx timeout
[  139.560490][ T4604] usb 4-1: USB disconnect, device number 5
[  139.656676][ T5431] netlink: 12 bytes leftover after parsing attributes in process `syz.4.275'.
[  139.676368][ T4696] usb 2-1: USB disconnect, device number 2
[  139.791997][ T5434] loop4: detected capacity change from 0 to 1024
[  139.799320][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory
[  139.837780][ T5434] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  139.933712][ T5427] loop0: detected capacity change from 0 to 32768
[  139.933884][ T5434] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  140.065038][ T5442] loop3: detected capacity change from 0 to 256
[  140.131174][ T5427] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  140.187773][ T5444] overlayfs: missing 'lowerdir'
[  140.260721][ T5427] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  141.413155][ T5442] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  141.677778][ T5427] netlink: 'syz.0.273': attribute type 3 has an invalid length.
[  141.981576][ T4183] ocfs2: Unmounting device (7,0) on (node local)
[  142.083897][ T5458] usb usb9: usbfs: process 5458 (syz.2.283) did not claim interface 0 before use
[  142.095577][ T5458] sd 0:0:1:0: device reset
[  142.152214][ T5459] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  142.600761][ T5466] loop4: detected capacity change from 0 to 256
[  142.682076][ T5466] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  143.702884][ T5476] netlink: 12 bytes leftover after parsing attributes in process `syz.3.286'.
[  143.800678][ T5480] loop4: detected capacity change from 0 to 16
[  143.928316][ T5478] loop0: detected capacity change from 0 to 32768
[  143.946846][ T5480] erofs: (device loop4): mounted with root inode @ nid 36.
[  144.037201][ T5478] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.284 (5478)
[  144.117800][ T5478] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  144.126576][ T5478] BTRFS info (device loop0): setting nodatacow, compression disabled
[  144.135748][ T5478] BTRFS info (device loop0): force clearing of disk cache
[  144.142934][ T5478] BTRFS info (device loop0): enabling ssd optimizations
[  144.149948][ T5478] BTRFS info (device loop0): using spread ssd allocation scheme
[  144.157691][ T5478] BTRFS info (device loop0): turning off barriers
[  144.164187][ T5478] BTRFS info (device loop0): disabling free space tree
[  144.171216][ T5478] BTRFS info (device loop0): not using ssd optimizations
[  144.178400][ T5478] BTRFS info (device loop0): not using spread ssd allocation scheme
[  144.186397][ T5478] BTRFS info (device loop0): has skinny extents
[  144.239691][ T5480] erofs: (device loop4): find_target_block_classic: corrupted dir block 0 @ nid 36
[  144.287004][ T5489] netlink: 9 bytes leftover after parsing attributes in process `syz.2.290'.
[  144.301812][ T5489] device 
31猉功D entered promiscuous mode
[  144.543868][ T5478] BTRFS info (device loop0): clearing free space tree
[  144.550924][ T5478] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  144.560752][ T5478] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  144.767440][ T4696] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  144.848523][ T5480] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  144.856409][ T5480] IPv6: NLM_F_CREATE should be set when creating new route
[  145.007947][ T4696] usb 3-1: Using ep0 maxpacket: 8
[  145.051499][ T5517] loop1: detected capacity change from 0 to 1024
[  145.137608][ T4696] usb 3-1: config 0 has an invalid interface number: 150 but max is 0
[  145.155733][ T5517] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  145.174194][ T4696] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  145.203684][ T4696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  145.234174][ T4696] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  145.254360][ T4696] usb 3-1: config 0 has no interface number 0
[  145.259531][ T5517] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  145.264225][ T4696] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  145.297678][ T4696] usb 3-1: config 0 interface 150 has no altsetting 0
[  145.304508][ T4696] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  145.313710][ T4696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.330999][ T4696] usb 3-1: config 0 descriptor??
[  145.436468][ T5523] overlayfs: missing 'lowerdir'
[  145.796091][ T4696] usb 3-1: USB disconnect, device number 4
[  145.857742][ T5480] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.866549][ T5480] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.237404][ T5525] loop0: detected capacity change from 0 to 32768
[  146.278628][ T5525] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  146.320655][ T5525] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  146.451199][ T5534] netlink: 'syz.0.294': attribute type 3 has an invalid length.
[  147.164566][ T4183] ocfs2: Unmounting device (7,0) on (node local)
[  147.238478][ T5480] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  147.347554][ T5480] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  147.807893][ T5554] usb usb9: usbfs: process 5554 (syz.0.301) did not claim interface 0 before use
[  147.820966][ T5554] sd 0:0:1:0: device reset
[  148.204182][ T5480] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.213394][ T5480] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.223440][ T5480] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.232709][ T5480] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  148.453855][ T5546] netlink: 12 bytes leftover after parsing attributes in process `syz.2.298'.
[  148.499212][ T5480] syz.4.287 (5480) used greatest stack depth: 20240 bytes left
[  148.562847][ T5570] netlink: 9 bytes leftover after parsing attributes in process `syz.1.307'.
[  148.612309][ T5573] loop2: detected capacity change from 0 to 1024
[  148.706025][ T5581] capability: warning: `syz.3.310' uses 32-bit capabilities (legacy support in use)
[  148.910357][ T5580] program syz.3.310 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  149.009693][ T5583] hfsplus: bad catalog entry type
[  149.577555][ T4696] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  149.621988][  T154] hfsplus: b-tree write err: -5, ino 4
[  149.907550][ T5593] usb usb9: usbfs: process 5593 (syz.2.312) did not claim interface 0 before use
[  149.918036][ T4696] usb 2-1: Using ep0 maxpacket: 8
[  149.925300][ T5593] sd 0:0:1:0: device reset
[  150.057604][ T4696] usb 2-1: config 0 has an invalid interface number: 150 but max is 0
[  150.080716][ T4696] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  150.151019][ T4696] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  150.172593][ T4696] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  150.187179][ T4696] usb 2-1: config 0 has no interface number 0
[  150.195251][ T4696] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  150.214442][ T4696] usb 2-1: config 0 interface 150 has no altsetting 0
[  150.221701][ T4696] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  150.222533][ T5576] loop0: detected capacity change from 0 to 32768
[  150.242359][ T4696] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  150.294905][ T4696] usb 2-1: config 0 descriptor??
[  150.334015][ T5576] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  150.371839][ T5576] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  150.589598][ T5605] loop2: detected capacity change from 0 to 32768
[  150.621531][ T5576] netlink: 'syz.0.309': attribute type 3 has an invalid length.
[  150.659000][ T5605] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.316 (5605)
[  150.674204][ T5605] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  150.683286][ T5605] BTRFS info (device loop2): setting nodatacow, compression disabled
[  150.691502][ T5605] BTRFS info (device loop2): force clearing of disk cache
[  150.698874][ T5605] BTRFS info (device loop2): enabling ssd optimizations
[  150.705837][ T5605] BTRFS info (device loop2): using spread ssd allocation scheme
[  150.713784][ T5605] BTRFS info (device loop2): turning off barriers
[  150.720302][ T5605] BTRFS info (device loop2): disabling free space tree
[  150.727173][ T5605] BTRFS info (device loop2): not using ssd optimizations
[  150.734261][ T5605] BTRFS info (device loop2): not using spread ssd allocation scheme
[  150.742719][ T5605] BTRFS info (device loop2): has skinny extents
[  150.802739][ T4696] usb 2-1: USB disconnect, device number 3
[  150.830461][ T5612] netlink: 12 bytes leftover after parsing attributes in process `syz.4.319'.
[  150.893233][ T4183] ocfs2: Unmounting device (7,0) on (node local)
[  151.068153][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.150/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  151.188916][ T5605] BTRFS info (device loop2): clearing free space tree
[  151.195803][ T5605] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  151.205549][ T5605] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  151.623664][ T5647] autofs4:pid:5647:autofs_fill_super: called with bogus options
[  152.661723][ T5657] loop4: detected capacity change from 0 to 256
[  152.747127][ T5657] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  153.061638][ T5659] usb usb9: usbfs: process 5659 (syz.0.327) did not claim interface 0 before use
[  153.073754][ T5659] sd 0:0:1:0: device reset
[  153.983378][ T5672] netlink: 12 bytes leftover after parsing attributes in process `syz.3.331'.
[  154.102922][ T5679] netlink: 9 bytes leftover after parsing attributes in process `syz.2.333'.
[  154.198233][ T5683] usb usb9: usbfs: process 5683 (syz.1.332) did not claim interface 0 before use
[  154.210019][ T5683] sd 0:0:1:0: device reset
[  154.215399][ T5683] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  154.489695][ T5681] FAULT_INJECTION: forcing a failure.
[  154.489695][ T5681] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  154.502855][ T5681] CPU: 0 PID: 5681 Comm: syz.3.334 Not tainted syzkaller #0
[  154.510162][ T5681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  154.520248][ T5681] Call Trace:
[  154.523558][ T5681]  <TASK>
[  154.526514][ T5681]  dump_stack_lvl+0x188/0x250
[  154.531229][ T5681]  ? show_regs_print_info+0x20/0x20
[  154.536459][ T5681]  ? load_image+0x400/0x400
[  154.541020][ T5681]  ? __might_sleep+0xf0/0xf0
[  154.545665][ T5681]  ? __lock_acquire+0x7d10/0x7d10
[  154.550736][ T5681]  should_fail+0x38c/0x4c0
[  154.555211][ T5681]  copy_page_from_iter+0x33c/0x760
[  154.560365][ T5681]  tun_get_user+0x1983/0x3a70
[  154.565104][ T5681]  ? tun_ring_recv+0xc40/0xc40
[  154.570020][ T5681]  ? rcu_lock_release+0x5/0x20
[  154.574915][ T5681]  ? __lock_acquire+0x7d10/0x7d10
[  154.579987][ T5681]  tun_chr_write_iter+0x112/0x1e0
[  154.585045][ T5681]  vfs_write+0x745/0xd60
[  154.589312][ T5681]  ? file_end_write+0x250/0x250
[  154.594196][ T5681]  ? __fget_files+0x40f/0x480
[  154.598925][ T5681]  ? __fdget_pos+0x1e2/0x370
[  154.603546][ T5681]  ? ksys_write+0x71/0x260
[  154.607993][ T5681]  ksys_write+0x152/0x260
[  154.612560][ T5681]  ? __ia32_sys_read+0x80/0x80
[  154.617363][ T5681]  ? lockdep_hardirqs_on+0x94/0x140
[  154.622596][ T5681]  do_syscall_64+0x4c/0xa0
[  154.627045][ T5681]  ? clear_bhb_loop+0x30/0x80
[  154.631943][ T5681]  ? clear_bhb_loop+0x30/0x80
[  154.636663][ T5681]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  154.642599][ T5681] RIP: 0033:0x7fde7085e78e
[  154.647044][ T5681] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  154.666698][ T5681] RSP: 002b:00007fde6eaf8fb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  154.675154][ T5681] RAX: ffffffffffffffda RBX: 00007fde6eaf96c0 RCX: 00007fde7085e78e
[  154.683157][ T5681] RDX: 0000000000000042 RSI: 0000200000000540 RDI: 00000000000000c8
[  154.691159][ T5681] RBP: 00007fde6eaf9090 R08: 0000000000000000 R09: 0000000000000000
[  154.699238][ T5681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.707236][ T5681] R13: 00007fde70b19038 R14: 00007fde70b18fa0 R15: 00007ffd3bd0ce28
[  154.715244][ T5681]  </TASK>
[  155.017528][ T5686] loop1: detected capacity change from 0 to 32768
[  155.026282][ T4696] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  155.059943][ T5686] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.335 (5686)
[  155.089569][ T5686] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  155.098512][ T5686] BTRFS info (device loop1): setting nodatacow, compression disabled
[  155.106733][ T5686] BTRFS info (device loop1): force clearing of disk cache
[  155.113953][ T5686] BTRFS info (device loop1): enabling ssd optimizations
[  155.121078][ T5686] BTRFS info (device loop1): using spread ssd allocation scheme
[  155.129165][ T5686] BTRFS info (device loop1): turning off barriers
[  155.135681][ T5686] BTRFS info (device loop1): disabling free space tree
[  155.142730][ T5686] BTRFS info (device loop1): not using ssd optimizations
[  155.150151][ T5686] BTRFS info (device loop1): not using spread ssd allocation scheme
[  155.158178][ T5686] BTRFS info (device loop1): has skinny extents
[  155.307461][ T4696] usb 3-1: Using ep0 maxpacket: 8
[  155.427793][ T4696] usb 3-1: config 0 has an invalid interface number: 150 but max is 0
[  155.462927][ T4696] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  155.576076][ T4696] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.735551][ T4696] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  155.782023][ T5686] BTRFS info (device loop1): clearing free space tree
[  155.788994][ T5686] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  155.798687][ T5686] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  155.883217][ T4696] usb 3-1: config 0 has no interface number 0
[  155.961813][ T4696] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  156.101793][ T4696] usb 3-1: config 0 interface 150 has no altsetting 0
[  156.180276][ T4696] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  156.281846][ T4696] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.451821][ T4696] usb 3-1: config 0 descriptor??
[  156.607906][ T5675] loop4: detected capacity change from 0 to 32768
[  156.681942][ T5718] BTRFS info (device loop1): space_info 5 has 73728 free, is not full
[  156.690553][ T5718] BTRFS info (device loop1): space_info total=11534336, used=49152, pinned=16384, reserved=1642496, may_use=9752576, readonly=0 zone_unusable=0
[  156.705282][ T5718] BTRFS info (device loop1): global_block_rsv: size 851968 reserved 847872
[  156.714033][ T5718] BTRFS info (device loop1): trans_block_rsv: size 0 reserved 0
[  156.721752][ T5718] BTRFS info (device loop1): chunk_block_rsv: size 0 reserved 0
[  156.729456][ T5718] BTRFS info (device loop1): delayed_block_rsv: size 0 reserved 0
[  156.737326][ T5718] BTRFS info (device loop1): delayed_refs_rsv: size 393216 reserved 393216
[  156.800751][ T5675] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  156.878971][ T5675] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  157.160816][ T5727] usb usb9: usbfs: process 5727 (syz.0.339) did not claim interface 0 before use
[  157.172858][ T5727] sd 0:0:1:0: device reset
[  157.436518][ T5722] loop3: detected capacity change from 0 to 256
[  157.486763][ T4190] ocfs2: Unmounting device (7,4) on (node local)
[  157.764050][ T5722] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  157.995857][ T4617] usb 3-1: USB disconnect, device number 5
[  158.527745][ T5734] loop0: detected capacity change from 0 to 164
[  158.667801][ T5734] ISOFS: Logical zone size(0) < hardware blocksize(1024)
[  158.913900][ T5747] loop2: detected capacity change from 0 to 32768
[  159.022167][ T5747] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.347 (5747)
[  159.114102][ T5747] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  159.123750][ T5747] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  159.133742][ T5747] BTRFS info (device loop2): use zstd compression, level 3
[  159.141422][ T5747] BTRFS info (device loop2): using free space tree
[  159.148069][ T5747] BTRFS info (device loop2): has skinny extents
[  159.302967][ T5758] netlink: 12 bytes leftover after parsing attributes in process `syz.1.344'.
[  159.518115][ T5747] BTRFS info (device loop2): enabling ssd optimizations
[  159.837411][ T4608] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  160.228245][ T4608] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  160.343213][ T4608] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.534375][ T4608] usb 3-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.00
[  160.689021][ T4608] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.914435][ T4608] usb 3-1: config 0 descriptor??
[  161.441179][ T5791] usb usb9: usbfs: process 5791 (syz.4.352) did not claim interface 0 before use
[  161.452680][ T5791] sd 0:0:1:0: device reset
[  161.540214][ T4608] elecom 0003:056E:011C.0001: item fetching failed at offset 1/5
[  161.598233][ T4608] elecom: probe of 0003:056E:011C.0001 failed with error -22
[  161.807216][ T4608] usb 3-1: USB disconnect, device number 6
[  162.124840][ T5797] loop4: detected capacity change from 0 to 32768
[  162.135596][ T5799] netlink: 9 bytes leftover after parsing attributes in process `syz.0.355'.
[  162.155560][ T5785] loop1: detected capacity change from 0 to 32768
[  162.163460][ T5799] device 
30猉功D entered promiscuous mode
[  162.188401][ T5797] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.354 (5797)
[  162.215505][ T5797] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  162.224413][ T5797] BTRFS info (device loop4): setting nodatacow, compression disabled
[  162.232649][ T5797] BTRFS info (device loop4): force clearing of disk cache
[  162.239896][ T5797] BTRFS info (device loop4): enabling ssd optimizations
[  162.246860][ T5797] BTRFS info (device loop4): using spread ssd allocation scheme
[  162.254549][ T5797] BTRFS info (device loop4): turning off barriers
[  162.261381][ T5797] BTRFS info (device loop4): disabling free space tree
[  162.268717][ T5797] BTRFS info (device loop4): not using ssd optimizations
[  162.275767][ T5797] BTRFS info (device loop4): not using spread ssd allocation scheme
[  162.283795][ T5797] BTRFS info (device loop4): has skinny extents
[  162.310071][ T5785] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  162.406630][ T5812] loop3: detected capacity change from 0 to 256
[  162.507092][ T5785] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  162.537142][ T5812] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  162.587466][ T4608] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  162.847479][ T4608] usb 1-1: Using ep0 maxpacket: 8
[  163.405034][ T5797] BTRFS info (device loop4): clearing free space tree
[  163.408456][ T4608] usb 1-1: config 0 has an invalid interface number: 150 but max is 0
[  163.412230][ T5797] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  163.429870][ T5797] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  163.459235][ T5785] netlink: 'syz.1.351': attribute type 3 has an invalid length.
[  163.519755][ T4608] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  163.602271][ T4608] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.651293][ T4188] ocfs2: Unmounting device (7,1) on (node local)
[  163.666213][ T4608] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  163.739863][ T4608] usb 1-1: config 0 has no interface number 0
[  163.746022][ T4608] usb 1-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  163.776695][ T4608] usb 1-1: config 0 interface 150 has no altsetting 0
[  163.789213][ T4608] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  163.801577][ T4608] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.832722][ T4608] usb 1-1: config 0 descriptor??
[  164.945140][ T4617] usb 1-1: USB disconnect, device number 6
[  165.112080][ T5854] loop0: detected capacity change from 0 to 1024
[  165.185268][ T5854] EXT4-fs (loop0): Ignoring removed orlov option
[  165.244911][ T5861] loop1: detected capacity change from 0 to 1024
[  165.263093][ T5854] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none.
[  165.334354][ T5854] FAULT_INJECTION: forcing a failure.
[  165.334354][ T5854] name failslab, interval 1, probability 0, space 0, times 0
[  165.453407][ T5854] CPU: 1 PID: 5854 Comm: syz.0.363 Not tainted syzkaller #0
[  165.460764][ T5854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  165.470830][ T5854] Call Trace:
[  165.474124][ T5854]  <TASK>
[  165.477066][ T5854]  dump_stack_lvl+0x188/0x250
[  165.481777][ T5854]  ? show_regs_print_info+0x20/0x20
[  165.487007][ T5854]  ? load_image+0x400/0x400
[  165.491551][ T5854]  ? __might_sleep+0xf0/0xf0
[  165.496186][ T5854]  ? __lock_acquire+0x7d10/0x7d10
[  165.501252][ T5854]  should_fail+0x38c/0x4c0
[  165.505717][ T5854]  should_failslab+0x5/0x20
[  165.510257][ T5854]  slab_pre_alloc_hook+0x51/0xc0
[  165.515217][ T5854]  kmem_cache_alloc_trace+0x47/0x2a0
[  165.520530][ T5854]  ? __iomap_dio_rw+0x26d/0x1b00
[  165.525499][ T5854]  __iomap_dio_rw+0x26d/0x1b00
[  165.530291][ T5854]  ? lock_chain_count+0x20/0x20
[  165.535184][ T5854]  ? seqcount_lockdep_reader_access+0x127/0x1d0
[  165.541451][ T5854]  ? lockdep_hardirqs_on+0x94/0x140
[  165.546678][ T5854]  ? ktime_get_coarse_real_ts64+0x36/0x120
[  165.548132][   T13] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  165.552511][ T5854]  ? seqcount_lockdep_reader_access+0x18d/0x1d0
[  165.566231][ T5854]  ? ktime_get_real_ts64+0x440/0x440
[  165.571544][ T5854]  ? iomap_dio_complete+0x6d0/0x6d0
[  165.576781][ T5854]  ? dentry_needs_remove_privs+0xf0/0xf0
[  165.582441][ T5854]  ? ext4_fc_replay_link_internal+0x290/0x290
[  165.588539][ T5854]  iomap_dio_rw+0x38/0x90
[  165.592899][ T5854]  ? ext4_file_write_iter+0xbd1/0x1700
[  165.598385][ T5854]  ext4_file_write_iter+0x12ad/0x1700
[  165.603780][ T5854]  ? ext4_file_write_iter+0xbd1/0x1700
[  165.609375][ T5854]  ? ext4_file_read_iter+0x700/0x700
[  165.614715][ T5854]  ? aa_file_perm+0x38b/0xe80
[  165.619456][ T5854]  do_iter_readv_writev+0x47e/0x5f0
[  165.624685][ T5854]  ? aa_path_link+0x880/0x880
[  165.629428][ T5854]  ? generic_file_rw_checks+0x280/0x280
[  165.635016][ T5854]  ? common_file_perm+0x171/0x1c0
[  165.640110][ T5854]  ? fsnotify_perm+0x5d/0x560
[  165.644828][ T5854]  ? security_file_permission+0x75/0xa0
[  165.650402][ T5854]  do_iter_write+0x205/0x7b0
[  165.655035][ T5854]  do_pwritev+0x240/0x3a0
[  165.659412][ T5854]  ? do_preadv+0x390/0x390
[  165.663900][ T5854]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  165.669927][ T5854]  ? lock_chain_count+0x20/0x20
[  165.674804][ T5854]  ? vtime_user_exit+0x2c8/0x3e0
[  165.679774][ T5854]  ? lockdep_hardirqs_on+0x94/0x140
[  165.685002][ T5854]  ? __x64_sys_pwritev2+0xba/0x100
[  165.690146][ T5854]  do_syscall_64+0x4c/0xa0
[  165.694588][ T5854]  ? clear_bhb_loop+0x30/0x80
[  165.699292][ T5854]  ? clear_bhb_loop+0x30/0x80
[  165.704037][ T5854]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  165.709945][ T5854] RIP: 0033:0x7f6d67808eb9
[  165.714390][ T5854] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  165.734010][ T5854] RSP: 002b:00007f6d65a64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
[  165.742452][ T5854] RAX: ffffffffffffffda RBX: 00007f6d67a83fa0 RCX: 00007f6d67808eb9
[  165.750448][ T5854] RDX: 0000000000000001 RSI: 0000200000000240 RDI: 0000000000000005
[  165.758463][ T5854] RBP: 00007f6d65a64090 R08: 0000000000000000 R09: 0000000000000003
[  165.766450][ T5854] R10: 0000000000009c00 R11: 0000000000000246 R12: 0000000000000001
[  165.774435][ T5854] R13: 00007f6d67a84038 R14: 00007f6d67a83fa0 R15: 00007ffeb6703c28
[  165.782439][ T5854]  </TASK>
[  165.898167][ T5872] hfsplus: bad catalog entry type
[  166.095424][ T5871] loop4: detected capacity change from 0 to 1024
[  166.491172][   T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.512525][   T13] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.532938][   T13] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  166.682997][ T5876] hfsplus: bad catalog entry type
[  167.047964][   T13] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.078182][   T13] usb 3-1: config 0 descriptor??
[  167.105612][  T144] hfsplus: b-tree write err: -5, ino 4
[  167.139174][  T144] hfsplus: b-tree write err: -5, ino 4
[  167.344596][ T5881] loop1: detected capacity change from 0 to 512
[  167.564706][ T5884] loop3: detected capacity change from 0 to 32768
[  167.616549][ T5881] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=continue,,errors=continue. Quota mode: none.
[  167.640879][   T13] wacom 0003:056A:0331.0002: unknown main item tag 0x0
[  167.697443][   T13] wacom 0003:056A:0331.0002: unknown main item tag 0x0
[  167.704706][   T13] wacom 0003:056A:0331.0002: unknown main item tag 0x0
[  167.712220][ T5884] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.370 (5884)
[  167.734100][   T13] wacom 0003:056A:0331.0002: unknown main item tag 0x0
[  167.741915][   T13] wacom 0003:056A:0331.0002: unknown main item tag 0x0
[  167.756350][   T13] wacom 0003:056A:0331.0002: hidraw0: USB HID v0.00 Device [HID 056a:0331] on usb-dummy_hcd.2-1/input0
[  167.787151][ T5884] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  167.796155][ T5884] BTRFS info (device loop3): setting nodatacow, compression disabled
[  167.805716][ T5884] BTRFS info (device loop3): force clearing of disk cache
[  167.813193][ T5884] BTRFS info (device loop3): enabling ssd optimizations
[  167.820352][ T5884] BTRFS info (device loop3): using spread ssd allocation scheme
[  167.828364][ T5884] BTRFS info (device loop3): turning off barriers
[  167.835082][ T5884] BTRFS info (device loop3): disabling free space tree
[  167.842535][ T5884] BTRFS info (device loop3): not using ssd optimizations
[  167.849988][ T5884] BTRFS info (device loop3): not using spread ssd allocation scheme
[  167.858201][ T5884] BTRFS info (device loop3): has skinny extents
[  167.864854][   T26] audit: type=1804 audit(1770259846.709:2): pid=5891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.368" name="/newroot/67/file0/file1" dev="loop1" ino=15 res=1 errno=0
[  168.086048][ T5895] loop0: detected capacity change from 0 to 256
[  168.135851][ T5895] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  168.518479][ T5884] BTRFS info (device loop3): clearing free space tree
[  168.525514][ T5884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  168.535303][ T5884] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  168.770328][ T5885] loop4: detected capacity change from 0 to 32768
[  168.890059][ T5885] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  168.928290][ T5885] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  169.027465][ T5662] usb 3-1: reset high-speed USB device number 7 using dummy_hcd
[  169.041089][ T5923] loop0: detected capacity change from 0 to 1024
[  169.066816][ T5885] netlink: 'syz.4.369': attribute type 3 has an invalid length.
[  169.179018][ T5923] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  169.293504][ T5923] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  169.402386][ T4190] ocfs2: Unmounting device (7,4) on (node local)
[  169.430371][ T5932] loop1: detected capacity change from 0 to 4096
[  169.724394][ T5941] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  169.733395][ T5941] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  170.336913][ T5942] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  170.383648][ T5944] FAULT_INJECTION: forcing a failure.
[  170.383648][ T5944] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  170.517588][ T5944] CPU: 1 PID: 5944 Comm: syz.3.379 Not tainted syzkaller #0
[  170.524933][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  170.535002][ T5944] Call Trace:
[  170.538300][ T5944]  <TASK>
[  170.541251][ T5944]  dump_stack_lvl+0x188/0x250
[  170.545959][ T5944]  ? show_regs_print_info+0x20/0x20
[  170.551190][ T5944]  ? load_image+0x400/0x400
[  170.555722][ T5944]  ? __lock_acquire+0x7d10/0x7d10
[  170.560772][ T5944]  ? _raw_spin_unlock_irq+0x2a/0x40
[  170.566009][ T5944]  ? get_signal+0x1200/0x12c0
[  170.570712][ T5944]  should_fail+0x38c/0x4c0
[  170.575156][ T5944]  _copy_to_user+0x2e/0x130
[  170.579684][ T5944]  copy_siginfo_to_user+0x20/0x80
[  170.584740][ T5944]  arch_do_signal_or_restart+0xd42/0x12c0
[  170.590513][ T5944]  ? get_sigframe_size+0x10/0x10
[  170.595501][ T5944]  ? __fget_files+0x40f/0x480
[  170.600218][ T5944]  ? ksys_read+0x1fd/0x260
[  170.604664][ T5944]  ? exit_to_user_mode_loop+0x3b/0x130
[  170.610148][ T5944]  exit_to_user_mode_loop+0x9e/0x130
[  170.615463][ T5944]  exit_to_user_mode_prepare+0xee/0x180
[  170.621035][ T5944]  syscall_exit_to_user_mode+0x16/0x40
[  170.626521][ T5944]  do_syscall_64+0x58/0xa0
[  170.630969][ T5944]  ? clear_bhb_loop+0x30/0x80
[  170.635666][ T5944]  ? clear_bhb_loop+0x30/0x80
[  170.640366][ T5944]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  170.646293][ T5944] RIP: 0033:0x7fde7089deb7
[  170.650754][ T5944] Code: 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89
[  170.670378][ T5944] RSP: 002b:00007fde6eaf9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  170.678822][ T5944] RAX: 0000000000000000 RBX: 00007fde70b18fa0 RCX: 00007fde7089deb9
[  170.686833][ T5944] RDX: 0000000000002020 RSI: 0000200000006a40 RDI: 0000000000000003
[  170.694935][ T5944] RBP: 00007fde6eaf9090 R08: 0000000000000000 R09: 0000000000000000
[  170.702927][ T5944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  170.710932][ T5944] R13: 00007fde70b19038 R14: 00007fde70b18fa0 R15: 00007ffd3bd0ce28
[  170.718941][ T5944]  </TASK>
[  170.911211][ T5952] usb usb9: usbfs: process 5952 (syz.4.377) did not claim interface 0 before use
[  171.562559][ T5958] loop3: detected capacity change from 0 to 256
[  171.614856][ T5958] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  171.778534][ T5962] loop4: detected capacity change from 0 to 1024
[  171.794858][ T5963] netlink: 9 bytes leftover after parsing attributes in process `syz.1.381'.
[  171.857557][ T5962] EXT4-fs (loop4): Ignoring removed orlov option
[  171.875717][ T5962] EXT4-fs (loop4): Unrecognized mount option "context=user_u" or missing value
[  172.035526][ T5947] loop0: detected capacity change from 0 to 32768
[  172.097389][ T4385] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  172.205725][ T5947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.378 (5947)
[  172.304179][ T5969] usb usb9: usbfs: process 5969 (syz.2.380) did not claim interface 0 before use
[  172.383728][ T5953] sd 0:0:1:0: device reset
[  172.435949][ T5972] loop4: detected capacity change from 0 to 32768
[  172.453334][ T5947] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  172.496365][ T5947] BTRFS info (device loop0): force clearing of disk cache
[  172.514185][ T5947] BTRFS info (device loop0): metadata ratio 0
[  172.517799][ T5972] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.385 (5972)
[  172.549206][ T5947] BTRFS info (device loop0): enabling ssd optimizations
[  172.558478][ T4385] usb 2-1: Using ep0 maxpacket: 8
[  172.586222][ T5947] BTRFS info (device loop0): using spread ssd allocation scheme
[  172.601127][ T5972] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  172.609548][ T5947] BTRFS info (device loop0): using free space tree
[  172.610888][ T5972] BTRFS info (device loop4): setting nodatacow, compression disabled
[  172.624526][ T5972] BTRFS info (device loop4): force clearing of disk cache
[  172.626148][ T5947] BTRFS info (device loop0): has skinny extents
[  172.631717][ T5972] BTRFS info (device loop4): enabling ssd optimizations
[  172.631736][ T5972] BTRFS info (device loop4): using spread ssd allocation scheme
[  172.631754][ T5972] BTRFS info (device loop4): turning off barriers
[  172.631808][ T5972] BTRFS info (device loop4): disabling free space tree
[  172.666672][ T5972] BTRFS info (device loop4): not using ssd optimizations
[  172.673822][ T5972] BTRFS info (device loop4): not using spread ssd allocation scheme
[  172.681881][ T5972] BTRFS info (device loop4): has skinny extents
[  172.777739][ T4385] usb 2-1: config 0 has an invalid interface number: 150 but max is 0
[  172.786512][ T4385] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  172.827868][ T4385] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.877288][ T4385] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  172.945897][ T4385] usb 2-1: config 0 has no interface number 0
[  172.967490][ T4385] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  172.988113][ T5947] BTRFS info (device loop0): clearing free space tree
[  172.998668][ T5947] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  173.027377][ T5947] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  173.066108][ T4385] usb 2-1: config 0 interface 150 has no altsetting 0
[  173.073273][ T4385] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  173.082719][ T4385] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.099152][ T4385] usb 2-1: config 0 descriptor??
[  173.130023][ T5947] BTRFS info (device loop0): creating free space tree
[  173.155924][ T5947] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  173.193511][ T5972] BTRFS info (device loop4): clearing free space tree
[  173.200932][ T5972] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  173.210856][ T5972] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  173.225920][ T5947] BTRFS info (device loop0): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  173.453805][ T6016] netlink: 12 bytes leftover after parsing attributes in process `syz.3.388'.
[  173.476401][ T4173] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 10 /dev/loop4 scanned by udevd (4173)
[  173.590141][ T4385] usb 2-1: USB disconnect, device number 4
[  174.247600][ T5662] usb 3-1: device descriptor read/64, error -110
[  174.527378][ T5662] usb 3-1: reset high-speed USB device number 7 using dummy_hcd
[  174.651486][ T6032] FAULT_INJECTION: forcing a failure.
[  174.651486][ T6032] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  174.717375][ T5662] usb 3-1: device descriptor read/64, error -32
[  174.717572][ T6032] CPU: 1 PID: 6032 Comm: syz.1.391 Not tainted syzkaller #0
[  174.730960][ T6032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  174.741043][ T6032] Call Trace:
[  174.744332][ T6032]  <TASK>
[  174.747274][ T6032]  dump_stack_lvl+0x188/0x250
[  174.751976][ T6032]  ? show_regs_print_info+0x20/0x20
[  174.757178][ T6032]  ? load_image+0x400/0x400
[  174.761699][ T6032]  ? __lock_acquire+0x7d10/0x7d10
[  174.766738][ T6032]  should_fail+0x38c/0x4c0
[  174.771166][ T6032]  _copy_from_iter+0x22e/0x1170
[  174.776034][ T6032]  ? copy_mc_pipe_to_iter+0x7d0/0x7d0
[  174.781424][ T6032]  tun_get_user+0x395/0x3a70
[  174.786050][ T6032]  ? tun_ring_recv+0xc40/0xc40
[  174.790942][ T6032]  ? rcu_lock_release+0x5/0x20
[  174.795721][ T6032]  ? __lock_acquire+0x7d10/0x7d10
[  174.800763][ T6032]  tun_chr_write_iter+0x112/0x1e0
[  174.805802][ T6032]  vfs_write+0x745/0xd60
[  174.810176][ T6032]  ? file_end_write+0x250/0x250
[  174.815276][ T6032]  ? __fget_files+0x40f/0x480
[  174.819971][ T6032]  ? __fdget_pos+0x1e2/0x370
[  174.824569][ T6032]  ? ksys_write+0x71/0x260
[  174.828991][ T6032]  ksys_write+0x152/0x260
[  174.833353][ T6032]  ? __ia32_sys_read+0x80/0x80
[  174.838146][ T6032]  ? lockdep_hardirqs_on+0x94/0x140
[  174.843363][ T6032]  do_syscall_64+0x4c/0xa0
[  174.847813][ T6032]  ? clear_bhb_loop+0x30/0x80
[  174.852638][ T6032]  ? clear_bhb_loop+0x30/0x80
[  174.857344][ T6032]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  174.863262][ T6032] RIP: 0033:0x7f07ccf70eb9
[  174.867695][ T6032] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  174.887340][ T6032] RSP: 002b:00007f07cb1cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  174.895813][ T6032] RAX: ffffffffffffffda RBX: 00007f07cd1ebfa0 RCX: 00007f07ccf70eb9
[  174.903812][ T6032] RDX: 0000000000000ffe RSI: 00002000000000c0 RDI: 0000000000000003
[  174.911796][ T6032] RBP: 00007f07cb1cc090 R08: 0000000000000000 R09: 0000000000000000
[  174.919911][ T6032] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  174.927896][ T6032] R13: 00007f07cd1ec038 R14: 00007f07cd1ebfa0 R15: 00007ffcec335d38
[  174.935895][ T6032]  </TASK>
[  174.952183][ T6035] overlayfs: missing 'lowerdir'
[  175.107341][ T5662] usb 3-1: reset high-speed USB device number 7 using dummy_hcd
[  175.273545][ T6041] loop3: detected capacity change from 0 to 256
[  175.327363][ T5662] usb 3-1: device descriptor read/8, error -32
[  175.393265][ T6041] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  175.581084][ T6048] loop0: detected capacity change from 0 to 1024
[  175.618013][ T5662] usb 3-1: reset high-speed USB device number 7 using dummy_hcd
[  175.707450][ T5662] usb 3-1: device descriptor read/8, error -32
[  175.842302][ T4387] usb 3-1: USB disconnect, device number 7
[  175.939944][ T6054] hfsplus: bad catalog entry type
[  176.537968][ T4260] hfsplus: b-tree write err: -5, ino 4
[  177.389163][ T6062] netlink: 9 bytes leftover after parsing attributes in process `syz.4.401'.
[  177.521215][ T6062] device gretap0 entered promiscuous mode
[  177.603428][ T6067] netlink: 12 bytes leftover after parsing attributes in process `syz.3.400'.
[  177.663083][ T6072] device syzkaller0 entered promiscuous mode
[  177.695309][ T6042] loop2: detected capacity change from 0 to 32768
[  177.750242][ T6072] FAULT_INJECTION: forcing a failure.
[  177.750242][ T6072] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.817281][ T6072] CPU: 0 PID: 6072 Comm: syz.1.404 Not tainted syzkaller #0
[  177.824727][ T6072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  177.834810][ T6072] Call Trace:
[  177.838106][ T6072]  <TASK>
[  177.841052][ T6072]  dump_stack_lvl+0x188/0x250
[  177.845772][ T6072]  ? show_regs_print_info+0x20/0x20
[  177.851006][ T6072]  ? load_image+0x400/0x400
[  177.855539][ T6072]  ? __lock_acquire+0x7d10/0x7d10
[  177.860611][ T6072]  should_fail+0x38c/0x4c0
[  177.865053][ T6072]  _copy_from_iter+0x22e/0x1170
[  177.869938][ T6072]  ? copy_mc_pipe_to_iter+0x7d0/0x7d0
[  177.875355][ T6072]  packet_sendmsg+0x322c/0x5060
[  177.880266][ T6072]  ? __might_sleep+0xf0/0xf0
[  177.884911][ T6072]  ? aa_sk_perm+0x7dc/0x910
[  177.889445][ T6072]  ? packet_getsockopt+0x9a0/0x9a0
[  177.894598][ T6072]  ? aa_sock_msg_perm+0x94/0x150
[  177.899564][ T6072]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  177.904883][ T6072]  ? security_socket_sendmsg+0x7c/0xa0
[  177.910368][ T6072]  __sys_sendto+0x46d/0x620
[  177.914904][ T6072]  ? __ia32_sys_getpeername+0x80/0x80
[  177.920313][ T6072]  ? __lock_acquire+0x7d10/0x7d10
[  177.925379][ T6072]  ? lock_chain_count+0x20/0x20
[  177.930262][ T6072]  ? vtime_user_exit+0x2c8/0x3e0
[  177.935235][ T6072]  __x64_sys_sendto+0xda/0xf0
[  177.939940][ T6072]  do_syscall_64+0x4c/0xa0
[  177.944378][ T6072]  ? clear_bhb_loop+0x30/0x80
[  177.949072][ T6072]  ? clear_bhb_loop+0x30/0x80
[  177.953772][ T6072]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  177.959689][ T6072] RIP: 0033:0x7f07ccf70eb9
[  177.964145][ T6072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  177.983771][ T6072] RSP: 002b:00007f07cb1cc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  177.992220][ T6072] RAX: ffffffffffffffda RBX: 00007f07cd1ebfa0 RCX: 00007f07ccf70eb9
[  178.000219][ T6072] RDX: 000000000000fce0 RSI: 00002000000002c0 RDI: 0000000000000003
[  178.008227][ T6072] RBP: 00007f07cb1cc090 R08: 0000200000000140 R09: 0000000000000014
[  178.016221][ T6072] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001
[  178.024301][ T6072] R13: 00007f07cd1ec038 R14: 00007f07cd1ebfa0 R15: 00007ffcec335d38
[  178.032323][ T6072]  </TASK>
[  178.133308][ T6076] usb usb9: usbfs: process 6076 (syz.3.405) did not claim interface 0 before use
[  178.138213][ T6042] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  178.143107][ T4616] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  178.160433][ T6076] sd 0:0:1:0: device reset
[  178.236394][ T6081] loop1: detected capacity change from 0 to 1024
[  178.343522][ T6081] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  178.359610][ T6042] JBD2: recovery failed
[  178.364044][ T6042] (syz.2.395,6042,0):ocfs2_journal_load:1105 ERROR: Failed to load journal!
[  178.391410][ T6042] (syz.2.395,6042,0):ocfs2_check_volume:2437 ERROR: ocfs2 journal load failed! -5
[  178.410464][ T6042] (syz.2.395,6042,0):ocfs2_check_volume:2493 ERROR: status = -5
[  178.423149][ T6042] (syz.2.395,6042,0):ocfs2_mount_volume:1824 ERROR: status = -5
[  178.453855][ T6042] (syz.2.395,6042,0):ocfs2_fill_super:1177 ERROR: status = -5
[  178.457596][ T6082] loop0: detected capacity change from 0 to 32768
[  178.474757][ T6081] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  178.557790][ T6087] overlayfs: missing 'lowerdir'
[  178.737441][ T4616] usb 5-1: Using ep0 maxpacket: 8
[  178.886454][ T4616] usb 5-1: config 0 has an invalid interface number: 150 but max is 0
[  178.976927][ T4616] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  178.985235][ T4616] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.995705][ T4616] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  179.005350][ T4616] usb 5-1: config 0 has no interface number 0
[  179.011641][ T4616] usb 5-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  179.025051][ T4616] usb 5-1: config 0 interface 150 has no altsetting 0
[  179.032248][ T4616] usb 5-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  179.041851][ T4616] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.043501][ T6094] loop3: detected capacity change from 0 to 256
[  179.057181][ T4616] usb 5-1: config 0 descriptor??
[  179.193680][ T6094] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  179.241968][ T6100] Illegal XDP return value 3111073872, expect packet loss!
[  179.503160][ T6109] FAULT_INJECTION: forcing a failure.
[  179.503160][ T6109] name failslab, interval 1, probability 0, space 0, times 0
[  179.516557][ T6109] CPU: 1 PID: 6109 Comm: syz.1.414 Not tainted syzkaller #0
[  179.523880][ T6109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  179.533956][ T6109] Call Trace:
[  179.537253][ T6109]  <TASK>
[  179.540198][ T6109]  dump_stack_lvl+0x188/0x250
[  179.544898][ T6109]  ? show_regs_print_info+0x20/0x20
[  179.550117][ T6109]  ? load_image+0x400/0x400
[  179.554633][ T6109]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  179.560638][ T6109]  ? lock_chain_count+0x20/0x20
[  179.565508][ T6109]  should_fail+0x38c/0x4c0
[  179.569962][ T6109]  should_failslab+0x5/0x20
[  179.574481][ T6109]  slab_pre_alloc_hook+0x51/0xc0
[  179.579454][ T6109]  ? dst_alloc+0x101/0x160
[  179.583880][ T6109]  kmem_cache_alloc+0x3d/0x290
[  179.588645][ T6109]  dst_alloc+0x101/0x160
[  179.592908][ T6109]  ip_route_output_key_hash_rcu+0x15ee/0x24d0
[  179.599008][ T6109]  ip_route_output_key_hash+0x1c6/0x300
[  179.604567][ T6109]  ? ip_route_input_rcu+0x31d0/0x31d0
[  179.609962][ T6109]  ? __lock_acquire+0x7d10/0x7d10
[  179.615016][ T6109]  ip_route_output_flow+0x26/0x150
[  179.620148][ T6109]  ? security_sk_classify_flow+0x77/0x90
[  179.625794][ T6109]  udp_sendmsg+0x15dd/0x2370
[  179.630421][ T6109]  ? ip_skb_dst_mtu+0x9b0/0x9b0
[  179.635314][ T6109]  ? udp_cmsg_send+0x350/0x350
[  179.640097][ T6109]  ? lockdep_hardirqs_off+0x70/0x100
[  179.645416][ T6109]  ? lockdep_hardirqs_on+0x94/0x140
[  179.650642][ T6109]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  179.656289][ T6109]  ? inet_send_prepare+0x260/0x260
[  179.661433][ T6109]  ? udp_cmsg_send+0x350/0x350
[  179.666239][ T6109]  ? inet_send_prepare+0x260/0x260
[  179.671363][ T6109]  ____sys_sendmsg+0x5b7/0x8f0
[  179.676153][ T6109]  ? __sys_sendmsg_sock+0x30/0x30
[  179.681220][ T6109]  ? import_iovec+0x6f/0xa0
[  179.685742][ T6109]  ___sys_sendmsg+0x236/0x2e0
[  179.690454][ T6109]  ? __sys_sendmsg+0x2a0/0x2a0
[  179.695282][ T6109]  __sys_sendmmsg+0x2ba/0x500
[  179.699979][ T6109]  ? __ia32_sys_sendmsg+0x80/0x80
[  179.705054][ T6109]  ? lockdep_hardirqs_on+0x94/0x140
[  179.710268][ T6109]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  179.715920][ T6109]  __x64_sys_sendmmsg+0x9c/0xb0
[  179.720784][ T6109]  do_syscall_64+0x4c/0xa0
[  179.725216][ T6109]  ? clear_bhb_loop+0x30/0x80
[  179.729914][ T6109]  ? clear_bhb_loop+0x30/0x80
[  179.734612][ T6109]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  179.740537][ T6109] RIP: 0033:0x7f07ccf70eb9
[  179.744971][ T6109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  179.764589][ T6109] RSP: 002b:00007f07cb18a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  179.773029][ T6109] RAX: ffffffffffffffda RBX: 00007f07cd1ec180 RCX: 00007f07ccf70eb9
[  179.781007][ T6109] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000005
[  179.789001][ T6109] RBP: 00007f07cb18a090 R08: 0000000000000000 R09: 0000000000000000
[  179.796982][ T6109] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001
[  179.804962][ T6109] R13: 00007f07cd1ec218 R14: 00007f07cd1ec180 R15: 00007ffcec335d38
[  179.812966][ T6109]  </TASK>
[  179.836405][ T5840] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  179.910250][ T4616] usb 5-1: USB disconnect, device number 3
[  180.127290][ T5840] usb 1-1: Using ep0 maxpacket: 32
[  180.397567][ T5840] usb 1-1: config 0 has an invalid interface number: 16 but max is 0
[  180.432794][ T5840] usb 1-1: config 0 has no interface number 0
[  180.473690][ T5840] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  180.523247][ T6116] netlink: 12 bytes leftover after parsing attributes in process `syz.3.415'.
[  180.529502][ T5840] usb 1-1: config 0 interface 16 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 48
[  180.740766][ T5840] usb 1-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  180.800502][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.820497][ T6120] loop3: detected capacity change from 0 to 32768
[  180.854884][ T5840] usb 1-1: Product: syz
[  180.872723][ T5840] usb 1-1: Manufacturer: syz
[  180.895409][ T5840] usb 1-1: SerialNumber: syz
[  180.902351][ T5840] usb 1-1: config 0 descriptor??
[  180.937669][ T6099] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  180.955557][ T6099] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  181.103292][ T6126] usb usb9: usbfs: process 6126 (syz.4.420) did not claim interface 0 before use
[  181.114885][ T6126] sd 0:0:1:0: device reset
[  181.194548][ T6127] loop1: detected capacity change from 0 to 1024
[  181.254155][ T6122] loop2: detected capacity change from 0 to 32768
[  181.265346][ T6127] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option
[  181.309409][ T6127] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  181.324650][   T13] usb 1-1: USB disconnect, device number 7
[  181.397969][ T6122] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  181.444162][ T6134] overlayfs: missing 'lowerdir'
[  181.463383][ T6122] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  181.549103][ T6122] netlink: 'syz.2.419': attribute type 3 has an invalid length.
[  181.648403][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  181.786000][ T4187] ocfs2: Unmounting device (7,2) on (node local)
[  182.032908][ T6150] ODEBUG: Out of memory. ODEBUG disabled
[  182.907261][    C1] sched: RT throttling activated
[  183.782005][ T6192] usb usb9: usbfs: process 6192 (syz.1.426) did not claim interface 0 before use
[  184.797032][ T6236] capability: warning: `syz.0.462' uses deprecated v2 capabilities in a way that may be insecure
[  186.007540][ T5841] Bluetooth: hci0: command 0x0406 tx timeout
[  186.017476][ T5841] Bluetooth: hci4: command 0x0406 tx timeout
[  186.044460][ T5841] Bluetooth: hci2: command 0x0406 tx timeout
[  186.061124][ T5841] Bluetooth: hci1: command 0x0406 tx timeout
[  186.091232][ T5841] Bluetooth: hci3: command 0x0406 tx timeout
[  186.565932][ T6343] process 'syz.2.515' launched './file0' with NULL argv: empty string added
[  187.038868][ T6375] loop2: detected capacity change from 0 to 1024
[  187.079584][ T6377] netlink: 9 bytes leftover after parsing attributes in process `syz.4.531'.
[  187.113949][ T6379] loop0: detected capacity change from 0 to 1024
[  187.414075][ T6386] hfsplus: bad catalog entry type
[  188.115109][   T13] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  189.069508][ T6390] loop1: detected capacity change from 0 to 256
[  189.118993][ T4989] hfsplus: b-tree write err: -5, ino 4
[  189.161352][ T6387] loop3: detected capacity change from 0 to 256
[  189.179371][ T4989] hfsplus: b-tree write err: -5, ino 4
[  189.257286][   T13] usb 5-1: Using ep0 maxpacket: 8
[  189.327472][ T6390] exFAT-fs (loop1): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  189.437427][   T13] usb 5-1: config 0 has an invalid interface number: 150 but max is 0
[  189.446605][   T13] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  190.346738][   T13] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.357450][   T13] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1
[  190.367074][   T13] usb 5-1: config 0 has no interface number 0
[  190.374060][   T13] usb 5-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  190.387431][   T13] usb 5-1: config 0 interface 150 has no altsetting 0
[  190.394324][   T13] usb 5-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  190.403831][   T13] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.438344][   T13] usb 5-1: config 0 descriptor??
[  190.467472][   T13] usb 5-1: can't set config #0, error -71
[  190.478604][   T13] usb 5-1: USB disconnect, device number 4
[  193.148066][ T6429] loop1: detected capacity change from 0 to 1024
[  193.486956][ T6439] usb usb9: usbfs: process 6439 (syz.4.547) did not claim interface 0 before use
[  193.507802][ T6439] sd 0:0:1:0: device reset
[  193.537727][ T6440] hfsplus: bad catalog entry type
[  194.191201][   T13] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  194.200744][ T1420] ieee802154 phy0 wpan0: encryption failed: -22
[  194.207056][ T1420] ieee802154 phy1 wpan1: encryption failed: -22
[  194.437592][ T4989] hfsplus: b-tree write err: -5, ino 4
[  194.507070][ T6428] loop2: detected capacity change from 0 to 32768
[  194.577531][ T6428] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  194.646895][ T6428] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  194.656146][   T13] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  194.678365][   T13] usb 1-1: config 0 has no interface number 0
[  194.714960][   T13] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  194.726213][ T6453] netlink: 'syz.2.543': attribute type 3 has an invalid length.
[  194.763980][ T6451] FAULT_INJECTION: forcing a failure.
[  194.763980][ T6451] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.787834][   T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.799195][ T6451] CPU: 1 PID: 6451 Comm: syz.3.550 Not tainted syzkaller #0
[  194.806533][ T6451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  194.816609][ T6451] Call Trace:
[  194.820054][ T6451]  <TASK>
[  194.823013][ T6451]  dump_stack_lvl+0x188/0x250
[  194.827722][ T6451]  ? show_regs_print_info+0x20/0x20
[  194.832928][ T6451]  ? load_image+0x400/0x400
[  194.837442][ T6451]  ? __lock_acquire+0x7d10/0x7d10
[  194.842485][ T6451]  should_fail+0x38c/0x4c0
[  194.846914][ T6451]  _copy_to_user+0x2e/0x130
[  194.851423][ T6451]  simple_read_from_buffer+0xe3/0x150
[  194.856801][ T6451]  proc_fail_nth_read+0x1a6/0x220
[  194.861844][ T6451]  ? proc_fault_inject_write+0x310/0x310
[  194.867484][ T6451]  ? fsnotify_perm+0x254/0x560
[  194.872247][ T6451]  ? proc_fault_inject_write+0x310/0x310
[  194.877879][ T6451]  vfs_read+0x301/0xd60
[  194.882055][ T6451]  ? kernel_read+0x1e0/0x1e0
[  194.886643][ T6451]  ? __fget_files+0x40f/0x480
[  194.891315][ T6451]  ? mutex_lock_nested+0x17/0x20
[  194.896251][ T6451]  ? __fdget_pos+0x2bf/0x370
[  194.900835][ T6451]  ? ksys_read+0x71/0x260
[  194.905159][ T6451]  ksys_read+0x152/0x260
[  194.909448][ T6451]  ? vfs_write+0xd60/0xd60
[  194.913864][ T6451]  ? lockdep_hardirqs_on+0x94/0x140
[  194.919059][ T6451]  do_syscall_64+0x4c/0xa0
[  194.923483][ T6451]  ? clear_bhb_loop+0x30/0x80
[  194.928156][ T6451]  ? clear_bhb_loop+0x30/0x80
[  194.932836][ T6451]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  194.938728][ T6451] RIP: 0033:0x7fde7085e78e
[  194.943135][ T6451] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  194.962781][ T6451] RSP: 002b:00007fde6ead7fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  194.971200][ T6451] RAX: ffffffffffffffda RBX: 00007fde6ead86c0 RCX: 00007fde7085e78e
[  194.979176][ T6451] RDX: 000000000000000f RSI: 00007fde6ead80a0 RDI: 0000000000000004
[  194.987163][ T6451] RBP: 00007fde6ead8090 R08: 0000000000000000 R09: 0000000000000000
[  194.995128][ T6451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  195.003133][ T6451] R13: 00007fde70b19128 R14: 00007fde70b19090 R15: 00007ffd3bd0ce28
[  195.011117][ T6451]  </TASK>
[  195.039445][ T4187] ocfs2: Unmounting device (7,2) on (node local)
[  195.046478][   T13] usb 1-1: config 0 descriptor??
[  195.111936][   T13] usb 1-1: selecting invalid altsetting 1
[  195.128226][   T13] dvb_ttusb_budget: ttusb_init_controller: error
[  195.134719][   T13] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  195.323149][   T13] DVB: Unable to find symbol cx22700_attach()
[  195.419439][   T13] DVB: Unable to find symbol tda10046_attach()
[  195.425671][   T13] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  195.459778][   T13] usb 1-1: USB disconnect, device number 8
[  195.548540][ T6458] loop1: detected capacity change from 0 to 4096
[  195.587941][ T6458] ntfs3: Unknown parameter 'windows_names'
[  195.648489][ T6443] loop4: detected capacity change from 0 to 32768
[  195.728059][ T6443] XFS: noattr2 mount option is deprecated.
[  195.822508][ T6443] XFS (loop4): Cannot mount a V5 filesystem as noattr2. attr2 is always enabled for V5 filesystems.
[  196.315359][ T6479] loop3: detected capacity change from 0 to 4096
[  196.655374][ T6479] ntfs3: loop3: ntfs_set_state r=3 failed, -22.
[  196.730210][ T6479] ntfs3: loop3: mft corrupted
[  196.825712][ T6479] ntfs3: loop3: Failed to load root.
[  196.851365][ T6479] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22.
[  196.875615][ T6489] loop4: detected capacity change from 0 to 1024
[  196.892848][ T6479] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22.
[  197.150361][ T6493] usb usb9: usbfs: process 6493 (syz.1.560) did not claim interface 0 before use
[  197.162052][ T6493] sd 0:0:1:0: device reset
[  197.277524][ T6496] loop2: detected capacity change from 0 to 128
[  197.366961][ T6499] hfsplus: bad catalog entry type
[  197.525056][ T6496] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  197.716659][ T6496] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  197.938008][ T4346] hfsplus: b-tree write err: -5, ino 4
[  197.980417][ T6503] usb usb9: usbfs: process 6503 (syz.1.563) did not claim interface 0 before use
[  198.023719][ T6496] UDF-fs: error (device loop2): udf_read_tagged: tag checksum failed, block 93: 0x5d != 0x05
[  198.083485][ T6496] UDF-fs: error (device loop2): udf_count_free_bitmap: udf_count_free failed
[  198.484318][ T4187] UDF-fs: error (device loop2): udf_read_inode: (ino 104) failed !bh
[  198.559105][ T4187] UDF-fs: error (device loop2): udf_read_inode: (ino 104) failed !bh
[  198.622027][ T6519] FAULT_INJECTION: forcing a failure.
[  198.622027][ T6519] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  198.671774][ T6519] CPU: 0 PID: 6519 Comm: syz.4.566 Not tainted syzkaller #0
[  198.679153][ T6519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  198.689238][ T6519] Call Trace:
[  198.692546][ T6519]  <TASK>
[  198.695504][ T6519]  dump_stack_lvl+0x188/0x250
[  198.700216][ T6519]  ? show_regs_print_info+0x20/0x20
[  198.705465][ T6519]  ? load_image+0x400/0x400
[  198.710010][ T6519]  ? __lock_acquire+0x7d10/0x7d10
[  198.715064][ T6519]  should_fail+0x38c/0x4c0
[  198.719508][ T6519]  strncpy_from_user+0x32/0x360
[  198.724390][ T6519]  getname_flags+0xef/0x500
[  198.728913][ T6519]  __x64_sys_mknodat+0x94/0xc0
[  198.733704][ T6519]  do_syscall_64+0x4c/0xa0
[  198.738141][ T6519]  ? clear_bhb_loop+0x30/0x80
[  198.742849][ T6519]  ? clear_bhb_loop+0x30/0x80
[  198.747547][ T6519]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  198.753478][ T6519] RIP: 0033:0x7fc9361c0eb9
[  198.758043][ T6519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  198.777864][ T6519] RSP: 002b:00007fc93441c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  198.786400][ T6519] RAX: ffffffffffffffda RBX: 00007fc93643bfa0 RCX: 00007fc9361c0eb9
[  198.794421][ T6519] RDX: 0000000000001004 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  198.802425][ T6519] RBP: 00007fc93441c090 R08: 0000000000000000 R09: 0000000000000000
[  198.810445][ T6519] R10: 0000000000000709 R11: 0000000000000246 R12: 0000000000000001
[  198.818472][ T6519] R13: 00007fc93643c038 R14: 00007fc93643bfa0 R15: 00007ffceb36a998
[  198.826522][ T6519]  </TASK>
[  198.894966][ T6500] loop0: detected capacity change from 0 to 32768
[  199.007901][ T6500] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  199.084809][ T6500] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  199.173913][ T6500] netlink: 'syz.0.562': attribute type 3 has an invalid length.
[  199.379959][ T4183] ocfs2: Unmounting device (7,0) on (node local)
[  199.413349][ T6532] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  199.670024][ T6532] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  199.703590][ T6543] APIC base relocation is unsupported by KVM
[  200.611512][ T6551] chnl_net:caif_netlink_parms(): no params data found
[  200.981946][ T6551] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.027941][ T6551] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.095722][ T6551] device bridge_slave_0 entered promiscuous mode
[  201.147898][ T6551] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.197564][ T6551] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.256677][ T6551] device bridge_slave_1 entered promiscuous mode
[  201.340547][ T6618] kvm [6615]: vcpu3, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010002 data 0x3
[  201.355998][ T6621] loop0: detected capacity change from 0 to 1024
[  201.364886][ T6551] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.587665][ T6624] loop4: detected capacity change from 0 to 32768
[  201.670776][ T6551] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  201.772675][ T6551] team0: Port device team_slave_0 added
[  201.781470][ T6551] team0: Port device team_slave_1 added
[  201.803470][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_0
[  201.818543][ T6624] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  201.827406][ T6624] BTRFS info (device loop4): setting nodatacow, compression disabled
[  201.835690][ T6624] BTRFS info (device loop4): force clearing of disk cache
[  201.843394][ T6624] BTRFS info (device loop4): enabling ssd optimizations
[  201.850525][ T6624] BTRFS info (device loop4): using spread ssd allocation scheme
[  201.858567][ T6624] BTRFS info (device loop4): turning off barriers
[  201.865072][ T6624] BTRFS info (device loop4): disabling free space tree
[  201.872014][ T6624] BTRFS info (device loop4): not using ssd optimizations
[  201.879136][ T6624] BTRFS info (device loop4): not using spread ssd allocation scheme
[  201.887158][ T6624] BTRFS info (device loop4): has skinny extents
[  201.898386][ T6626] hfsplus: bad catalog entry type
[  202.009823][ T5840] Bluetooth: hci1: command 0x0409 tx timeout
[  202.304194][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.455093][ T6551] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  202.489304][ T6630] SET target dimension over the limit!
[  202.499922][ T6551] batman_adv: batadv0: Adding interface: batadv_slave_1
[  202.510111][  T154] hfsplus: b-tree write err: -5, ino 4
[  202.547979][ T6551] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  202.647067][ T6551] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  202.732869][ T6649] loop0: detected capacity change from 0 to 1024
[  202.753452][ T6624] BTRFS info (device loop4): clearing free space tree
[  202.760893][ T6624] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  202.770861][ T6624] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  202.790724][ T6617] loop1: detected capacity change from 0 to 32768
[  202.930083][ T6617] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  202.957508][ T6649] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option
[  203.018275][ T6551] device hsr_slave_0 entered promiscuous mode
[  203.076951][ T6617] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  203.096826][ T6551] device hsr_slave_1 entered promiscuous mode
[  203.128834][ T6649] EXT4-fs (loop0): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000080,nodelalloc,grpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none.
[  203.187343][ T6551] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  203.247306][ T6551] Cannot create hsr debugfs directory
[  203.406894][ T4188] ocfs2: Unmounting device (7,1) on (node local)
[  203.513434][ T6647] loop3: detected capacity change from 0 to 32768
[  203.533677][ T6647] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.599 (6647)
[  204.103027][ T6647] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  204.202844][ T6647] BTRFS info (device loop3): using free space tree
[  204.244270][ T4604] Bluetooth: hci1: command 0x041b tx timeout
[  204.335365][ T6647] BTRFS info (device loop3): has skinny extents
[  204.817998][ T6551] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  204.859878][ T6551] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  204.880986][ T6551] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  204.929241][ T6551] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  204.975460][ T6682] loop0: detected capacity change from 0 to 1024
[  205.036544][ T6647] BTRFS info (device loop3): enabling ssd optimizations
[  205.568687][ T6697] hfsplus: bad catalog entry type
[  205.661893][ T6698] netlink: 220 bytes leftover after parsing attributes in process `syz.4.600'.
[  206.000497][ T6551] 8021q: adding VLAN 0 to HW filter on device bond0
[  206.027885][ T4348] hfsplus: b-tree write err: -5, ino 4
[  206.068551][ T6698] loop4: detected capacity change from 0 to 40427
[  206.124309][ T6698] F2FS-fs (loop4): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  206.134138][ T6698] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  206.152417][ T6551] 8021q: adding VLAN 0 to HW filter on device team0
[  206.159485][ T6698] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7
[  206.167870][ T6698] F2FS-fs (loop4): Unrecognized mount option "memory=low" or missing value
[  206.246117][ T4989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  206.269992][ T4989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  206.634361][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  206.675664][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  206.707839][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  206.715101][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  206.798189][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  206.812285][ T4608] Bluetooth: hci1: command 0x040f tx timeout
[  206.875694][ T6717] loop1: detected capacity change from 0 to 1024
[  206.926177][ T4346] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  206.933717][ T6719] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  207.107431][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  207.129947][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  207.181915][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.189095][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  207.286612][ T6726] hfsplus: bad catalog entry type
[  207.520853][ T6727] loop0: detected capacity change from 0 to 1024
[  207.853615][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  207.905052][ T4989] hfsplus: b-tree write err: -5, ino 4
[  207.913104][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  207.935654][ T6723] loop3: detected capacity change from 0 to 32768
[  208.052779][ T4346] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  208.134676][ T6723] ocfs2: Slot 0 on device (7,3) was already allocated to this node!
[  208.180795][ T6729] loop1: detected capacity change from 0 to 1024
[  208.201077][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  208.211135][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  208.220102][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  208.230080][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  208.332369][ T6733] hfsplus: bad catalog entry type
[  208.442427][ T6723] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  208.502076][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  208.740126][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  208.748881][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  208.760642][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  208.775190][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  208.805993][ T6551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  208.815603][ T4358] hfsplus: b-tree write err: -5, ino 4
[  208.824418][ T6723] netlink: 'syz.3.609': attribute type 3 has an invalid length.
[  208.908841][ T6739] hfsplus: bad catalog entry type
[  209.287463][ T5662] Bluetooth: hci1: command 0x0419 tx timeout
[  209.339985][ T4260] hfsplus: b-tree write err: -5, ino 4
[  209.345678][ T4346] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  209.378714][ T4189] ocfs2: Unmounting device (7,3) on (node local)
[  209.389395][ T6741] loop0: detected capacity change from 0 to 1024
[  209.648323][ T6747] netlink: 9 bytes leftover after parsing attributes in process `syz.3.616'.
[  209.750230][ T6755] hfsplus: bad catalog entry type
[  210.067534][ T5838] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  210.332408][ T5838] usb 4-1: Using ep0 maxpacket: 8
[  210.499111][ T5838] usb 4-1: config 0 has an invalid interface number: 150 but max is 0
[  210.619796][ T5838] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  210.673753][ T5838] usb 4-1: config 0 has no interface number 0
[  210.695764][ T5838] usb 4-1: config 0 interface 150 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  210.765099][ T5838] usb 4-1: config 0 interface 150 has no altsetting 0
[  210.783589][ T5838] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  210.799013][ T5838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  210.813081][ T5838] usb 4-1: config 0 descriptor??
[  210.837760][ T6747] device 
31猉功D entered promiscuous mode
[  210.845151][ T4260] hfsplus: b-tree write err: -5, ino 4
[  210.937204][ T4346] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  211.219430][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  211.226960][ T4358] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  211.268179][ T6551] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.527207][ T6754] netlink: 5 bytes leftover after parsing attributes in process `syz.3.616'.
[  211.556934][ T6754] 0猉功D: renamed from 
31猉功D
[  211.577825][ T6754] device 
30猉功D left promiscuous mode
[  211.601395][ T6754] A link change request failed with some changes committed already. Interface 
30猉功D may have been left with an inconsistent configuration, please check.
[  211.895173][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  211.925810][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  212.051591][ T6551] device veth0_vlan entered promiscuous mode
[  212.074924][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  212.090319][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  212.122058][ T6551] device veth1_vlan entered promiscuous mode
[  212.149413][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  212.162037][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  212.194951][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  212.226100][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  212.282887][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  212.328110][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  212.339079][ T6551] device veth0_macvtap entered promiscuous mode
[  212.379646][ T6551] device veth1_macvtap entered promiscuous mode
[  212.441101][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.479975][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.500049][ T6835] loop0: detected capacity change from 0 to 1024
[  212.527930][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.561512][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.580490][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.603518][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.636148][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  212.654380][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  212.682866][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_0
[  212.714665][ T4286] usb 4-1: USB disconnect, device number 6
[  212.741107][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  212.770935][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  212.826137][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  212.924639][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  212.999167][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.095667][ T6844] hfsplus: bad catalog entry type
[  213.741152][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.822293][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  213.873947][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.924744][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.006316][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.104231][ T6551] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.166615][ T6551] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.178079][ T6551] batman_adv: batadv0: Interface activated: batadv_slave_1
[  214.179558][ T4358] hfsplus: b-tree write err: -5, ino 4
[  214.246639][ T6847] loop1: detected capacity change from 0 to 1024
[  214.320181][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  214.378594][  T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  214.460353][ T6551] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  214.553903][ T6551] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  214.641758][ T6858] hfsplus: bad catalog entry type
[  214.661576][ T6551] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  214.670668][ T6551] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  215.231046][ T6857] loop3: detected capacity change from 0 to 256
[  215.247048][ T4989] hfsplus: b-tree write err: -5, ino 4
[  215.441403][ T6857] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  216.820863][ T6870] netlink: 9 bytes leftover after parsing attributes in process `syz.0.642'.
[  216.963117][ T4260] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  216.988519][ T4260] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.039737][ T4260] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  217.153588][ T4393] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  217.179032][ T4340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  217.188480][ T4346] device hsr_slave_0 left promiscuous mode
[  217.197178][ T4340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  217.232040][ T4346] device hsr_slave_1 left promiscuous mode
[  217.284383][ T4346] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  217.293791][ T6888] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  217.312830][ T4346] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.342816][ T4346] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  217.397305][ T4346] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.397385][ T4393] usb 1-1: Using ep0 maxpacket: 8
[  217.438185][ T4346] device bridge_slave_1 left promiscuous mode
[  217.446157][ T4346] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.505632][ T4346] device bridge_slave_0 left promiscuous mode
[  217.529067][ T4346] bridge0: port 1(bridge_slave_0) entered disabled state
[  217.553814][ T4393] usb 1-1: config 0 has an invalid interface number: 150 but max is 0
[  217.572389][ T4393] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  217.603195][ T4393] usb 1-1: config 0 has no interface number 0
[  217.624736][ T4393] usb 1-1: config 0 interface 150 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  217.664460][ T4393] usb 1-1: config 0 interface 150 has no altsetting 0
[  217.674423][ T4346] device veth1_macvtap left promiscuous mode
[  217.687775][ T4346] device veth0_macvtap left promiscuous mode
[  217.692199][ T4393] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75
[  217.714949][ T4346] device veth1_vlan left promiscuous mode
[  217.748278][ T4346] device veth0_vlan left promiscuous mode
[  217.757639][ T4393] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.780395][ T4393] usb 1-1: config 0 descriptor??
[  218.052569][ T6916] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  218.236631][ T6920] loop3: detected capacity change from 0 to 1024
[  218.435663][ T6915] loop4: detected capacity change from 0 to 32768
[  218.506534][ T4346] team0 (unregistering): Port device team_slave_1 removed
[  218.522757][ T4346] team0 (unregistering): Port device team_slave_0 removed
[  218.552132][ T4346] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  218.564480][ T6915] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  218.576533][ T4346] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  218.637308][ T6926] hfsplus: bad catalog entry type
[  219.157120][ T6915] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  219.240816][ T4358] hfsplus: b-tree write err: -5, ino 4
[  219.273983][ T6915] netlink: 'syz.4.651': attribute type 3 has an invalid length.
[  219.387621][ T4190] ocfs2: Unmounting device (7,4) on (node local)
[  219.437535][ T4346] bond0 (unregistering): Released all slaves
[  219.544942][ T4348] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  219.583034][ T6878] netlink: 5 bytes leftover after parsing attributes in process `syz.0.642'.
[  219.619136][ T6878] 1猉功D: renamed from 
30猉功D
[  219.638544][ T6878] device 
31猉功D left promiscuous mode
[  219.645941][ T6878] A link change request failed with some changes committed already. Interface 
31猉功D may have been left with an inconsistent configuration, please check.
[  219.668412][ T6934] netlink: 12 bytes leftover after parsing attributes in process `syz.3.656'.
[  219.713099][ T5840] usb 1-1: USB disconnect, device number 9
[  219.925861][ T6946] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  219.995187][ T6945] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3028955036 (387706244608 ns) > initial count (55975981312 ns). Using initial count to start timer.
[  220.133010][ T6959] pit: kvm: requested 838 ns i8254 timer period limited to 200000 ns
[  220.376952][ T6967] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  220.440952][ T6973] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  220.510650][ T6983] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  221.178218][ T7015] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  222.109406][ T7070] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  222.190897][ T7074] kvm: MWAIT instruction emulated as NOP!
[  222.260143][ T7074] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  222.745312][ T7097] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  222.753129][ T7107] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  222.853331][ T7107] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  223.370250][ T7127] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2380429140 (4760858280 ns) > initial count (877603172 ns). Using initial count to start timer.
[  223.493223][ T7140] kvm: vcpu 1: requested lapic timer restore with starting count register 0x390=2983756308 (2983756308 ns) > initial count (338450251 ns). Using initial count to start timer.
[  223.548533][ T7146] Disabled LAPIC found during irq injection
[  223.693371][ T7149] ------------[ cut here ]------------
[  223.747857][ T7149] WARNING: CPU: 0 PID: 7149 at arch/x86/kvm/x86.c:10372 kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  223.817671][ T7149] Modules linked in:
[  223.839653][ T7149] CPU: 0 PID: 7149 Comm: syz.1.704 Not tainted syzkaller #0
[  223.847019][ T7149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  223.981334][ T7149] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  224.047411][ T7149] Code: e8 f1 e9 ae 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 d6 e9 ae 00 e9 c8 ed ff ff e8 dc e5 69 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c
[  224.147391][ T7149] RSP: 0018:ffffc900060cfc30 EFLAGS: 00010287
[  224.153558][ T7149] RAX: ffffffff810f39c4 RBX: ffff888063b6c000 RCX: 0000000000080000
[  224.201998][ T7149] RDX: ffffc90004d49000 RSI: 0000000000000413 RDI: 0000000000000414
[  224.219486][ T7149] RBP: 0000000000000000 R08: ffffffff8d89d8af R09: 1ffffffff1b13b15
[  224.230689][ T7149] R10: dffffc0000000000 R11: fffffbfff1b13b16 R12: ffff888065924001
[  224.239194][ T7149] R13: 1ffff1100c76d81e R14: ffff888063b6c0f0 R15: ffff888065924000
[  224.255976][ T7149] FS:  00007f07cb1cc6c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000
[  224.267100][ T7149] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  224.280907][ T7149] CR2: 00007fc0baabc198 CR3: 0000000063402000 CR4: 00000000003526e0
[  224.293956][ T7149] Call Trace:
[  224.300968][ T7149]  <TASK>
[  224.304117][ T7149]  ? __lock_acquire+0x7d10/0x7d10
[  224.312337][ T7149]  kvm_vcpu_ioctl+0x8f7/0xc10
[  224.317582][ T7149]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  224.323396][ T7149]  ? bpf_lsm_file_ioctl+0x5/0x10
[  224.337598][ T7149]  ? security_file_ioctl+0x7c/0xa0
[  224.343970][ T7149]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  224.354621][ T7149]  __se_sys_ioctl+0xfa/0x170
[  224.362135][ T7149]  do_syscall_64+0x4c/0xa0
[  224.366749][ T7149]  ? clear_bhb_loop+0x30/0x80
[  224.381593][ T7149]  ? clear_bhb_loop+0x30/0x80
[  224.386424][ T7149]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  224.396142][ T7149] RIP: 0033:0x7f07ccf70eb9
[  224.404584][ T7149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.436413][ T7149] RSP: 002b:00007f07cb1cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.445354][ T7149] RAX: ffffffffffffffda RBX: 00007f07cd1ebfa0 RCX: 00007f07ccf70eb9
[  224.459659][ T7149] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  224.476245][ T7149] RBP: 00007f07ccfdec1f R08: 0000000000000000 R09: 0000000000000000
[  224.486967][ T7149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.499324][ T7149] R13: 00007f07cd1ec038 R14: 00007f07cd1ebfa0 R15: 00007ffcec335d38
[  224.513041][ T7149]  </TASK>
[  224.516281][ T7149] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  224.523583][ T7149] CPU: 1 PID: 7149 Comm: syz.1.704 Not tainted syzkaller #0
[  224.530895][ T7149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  224.540975][ T7149] Call Trace:
[  224.544300][ T7149]  <TASK>
[  224.547262][ T7149]  dump_stack_lvl+0x188/0x250
[  224.551981][ T7149]  ? show_regs_print_info+0x20/0x20
[  224.557220][ T7149]  ? load_image+0x400/0x400
[  224.561766][ T7149]  panic+0x2e5/0x810
[  224.565702][ T7149]  ? bpf_jit_dump+0xd0/0xd0
[  224.570390][ T7149]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  224.576254][ T7149]  __warn+0x248/0x2b0
[  224.580287][ T7149]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  224.586144][ T7149]  report_bug+0x1b7/0x2e0
[  224.590529][ T7149]  handle_bug+0x3a/0x70
[  224.594739][ T7149]  exc_invalid_op+0x16/0x40
[  224.599286][ T7149]  asm_exc_invalid_op+0x16/0x20
[  224.604191][ T7149] RIP: 0010:kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  224.610648][ T7149] Code: e8 f1 e9 ae 00 e9 03 e9 ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d5 ed ff ff 4c 89 ff e8 d6 e9 ae 00 e9 c8 ed ff ff e8 dc e5 69 00 <0f> 0b e9 31 fd ff ff 44 89 f9 80 e1 07 38 c1 0f 8c d2 ed ff ff 4c
[  224.630399][ T7149] RSP: 0018:ffffc900060cfc30 EFLAGS: 00010287
[  224.636510][ T7149] RAX: ffffffff810f39c4 RBX: ffff888063b6c000 RCX: 0000000000080000
[  224.644618][ T7149] RDX: ffffc90004d49000 RSI: 0000000000000413 RDI: 0000000000000414
[  224.652613][ T7149] RBP: 0000000000000000 R08: ffffffff8d89d8af R09: 1ffffffff1b13b15
[  224.660635][ T7149] R10: dffffc0000000000 R11: fffffbfff1b13b16 R12: ffff888065924001
[  224.668650][ T7149] R13: 1ffff1100c76d81e R14: ffff888063b6c0f0 R15: ffff888065924000
[  224.676656][ T7149]  ? kvm_arch_vcpu_ioctl_run+0x1bc4/0x1f40
[  224.682502][ T7149]  ? __lock_acquire+0x7d10/0x7d10
[  224.687580][ T7149]  kvm_vcpu_ioctl+0x8f7/0xc10
[  224.692302][ T7149]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  224.697997][ T7149]  ? bpf_lsm_file_ioctl+0x5/0x10
[  224.702975][ T7149]  ? security_file_ioctl+0x7c/0xa0
[  224.708111][ T7149]  ? kvm_clear_stat_per_vcpu+0x1f0/0x1f0
[  224.713894][ T7149]  __se_sys_ioctl+0xfa/0x170
[  224.718519][ T7149]  do_syscall_64+0x4c/0xa0
[  224.722972][ T7149]  ? clear_bhb_loop+0x30/0x80
[  224.727686][ T7149]  ? clear_bhb_loop+0x30/0x80
[  224.732400][ T7149]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  224.738326][ T7149] RIP: 0033:0x7f07ccf70eb9
[  224.742880][ T7149] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.762524][ T7149] RSP: 002b:00007f07cb1cc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  224.770965][ T7149] RAX: ffffffffffffffda RBX: 00007f07cd1ebfa0 RCX: 00007f07ccf70eb9
[  224.778975][ T7149] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  224.786970][ T7149] RBP: 00007f07ccfdec1f R08: 0000000000000000 R09: 0000000000000000
[  224.794979][ T7149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.802965][ T7149] R13: 00007f07cd1ec038 R14: 00007f07cd1ebfa0 R15: 00007ffcec335d38
[  224.811080][ T7149]  </TASK>
[  224.814359][ T7149] Kernel Offset: disabled
[  224.818945][ T7149] Rebooting in 86400 seconds..