last executing test programs:

18m30.819344752s ago: executing program 1 (id=28):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x1a7280, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x1a7280, 0x0)
r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0)
ioctl$SW_SYNC_IOC_INC(r3, 0xc0105702, 0x0)
close(0x4)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x1) (async)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae01, 0x1)
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r5, &(0x7f0000000400)={0x8, {"940de312c9be185c33394390ce360adcb8443d1ca2464ad29fe46c8717a823e29b12011e867516a9c1b63394e6b4922549ac2f98b0bafc013757371b5762e5b03b4c8cfcc5d34368b21917740955f80e80fa98a68cb052b102c03e72a4c6702778dfcc5bb74ce23d914f8b143bd94d7382a385be93f61eef509d6cbffa81afee0e3524b8b768a0ef0ae00ad2a23728722436d1c150b512b6c642cb2eeaecb085719014332015474a4ddf7098bb5ac398c0ce256e4dcfd4613dbe9a34b96439546a28db9ce97b344b6c97288b3854e127b4f533f56439a74fcffc41dfeffc5d7a99c01a0fedfd937af595c05a942216581f8efd1ffa1c23c6f08d6987be16bb52420c80bda5da46987fbf7209487defe0374226a526d3588660192d921bfe407f1d1833f390dd8b41b30c53b4deba5a086c516d9bc8ca572d8f0f875303c85bd16570e89f74d7c4ef547a07dd62f334fee76e2e0ca31cca1ad0528d7448ceecd4c9785c302a40bc114335dea8775958a3beff8eeb31afcb9a2c7561980f8554220769e5e90fdfb2f5a905518ef1667a91e2dd474383e4312ea219fe65d421006734fe04661f75e69ae825120b33fb74293e3b83e7f7f563b475cd6e08fd6878ee424fa141d3aee86d952c212c2e7730796510a463a8da486852b23a1d62b714a11301499029d9efb715a11b64f24cd2660c9a47573ce4dd042e333e433ee28b2bce545cf067040193057de290965c1d547fed137e5eb22f5c0a06ad4de6b78204bf053f37c5d96b8053ea445b640360da8fce3391514dc3d1f4e4b35047138cd8c2717bcba278a4f8c27bac01b469ee3fd04004f58287a18307b0ad4120f2c26b08c3267249bfbe1064a3f171e0cfe595f7ab146f3148c73228edf694dc0c400c36e3493b1aca5f85972dadb8d02bddb607b7a431750ca4863812b8020000000000000042db2971e280541cbfa446c6c6d85b77e3327a2d327c25b7619647374e76b1be266cb68959d2651d0c7438cb1b53982191858c66500d8536013701194a9f02dd77216f932e07a4c4b4558b2a38d7e5c39a453c8fb5fae0d00550a2d143f721cd676d842f2ae39ecbf99e027b4cf9f3c2a9bf3b663e51a0b29cf4cfb0877d5b89fdfa93fd9bf33392e6a2c8df36f9f2faa3716d293b7d94c93458c17df99aaadd218fe4c7b967b43f48725e6bac67bf9176e8c63f94862b036b1870bc314b51fea9d0c92020427abaf5be10d3faad2f684d46a2461f2a92350d6f204f03ad2a9fa54cbd8a7a3e7ba2d54f3615ac5ea47f120572f8ef941e81b0812bfc4227ef5719093afbf90040ef1a5eda64563eb7fd015ea54342340ec8648d911a8f3f358ca124ef8c70685bce2fbaeeebf54d059cefd53751b5cf33fe2d92c9df6a63821b6db5188210565e132768b192fb27e745605c529e3648060a98d656f35e36dc4be3102bd678db0ceb0301c5cb0f7f7a08c55cd038a5f751a7c96116f0bd9c9a349558a7a8fc6a73cce1132549169822bf32d742fc4f4e2e50f59eb669f2384282247c60253edc98f9bc802a288a94e1011a066ce9f6eca5f87d2afd893900c3aff87be959451269bc9ac735c43c1e5ecf5d5bff262a27f0c8a1ad401492ffec662e27b12399096fee9910d0fadfd1e1bcf1f20f8f7e5ff1cce9e8db0fd71dda6f228aa96bba6b4120361a6f6acc832be5daa1aabd03a9ae810f0d21466c1a652a47c11db6a8e52580a8347326113b54a4beeaeb21b45e5ef0aa3cfbfb22d99640b7b935bce8e37cebce586f7fe72208b491795a9fbb220ec9b98dd7811ced86292189ce351e8a64c6afde9c1dccbaaebf7e5e3d5e529e926e814b381342c13ea0757ce52a0b0a155d1c85c4108deffa719a22bef7b681a17504e22d6fe9197699e0a16a7104f412e3a681c8ee41d8fbddc8610c161f1fad9e4a5e526e20ac61496e9f3596cc94b79e9680a64a832dc26d6e33e127abe5c405b16978bc4297a85ccaf1599b195db9d66b698c770d84fa90d89b51eca02ed3a3465b8eca9589af034bd6b9c8f6329e393e4753887696ae5158e8ca3ef2e66fac38a6d6a1b61e81d5b6a3c1cb007d64a33f1fe01cf39b82b270e9083ce13b1a32f0c98376d43cdbf9f17b74655f3000343fe051a75ac658a84629b1245107652d6dfa54b1a7d77922becb74539ffb11292794f12ebfd3ea8888c7cd10692d52c85340f92c5d01464fe36deaaec6ad6cc22870372d61485e2d76accd9bf93e0842efe5652e73100a6727b3a4ce4d1594c8ddb5742897d05fd6f6333fa1b90afeaab9fc7426251d24deeef43784f12c0bb09f102962ee9ab427a53fd8da8e1e3c8000ac7164e61d6258c515dcdd911fb1a519d7b38e556457da330ceda8e948aeaf7421d37faf50071f0d38c08fc938278f247084195e778ac90ab7bfafb59c2a1c643cd18d883a46a6cc41410f505ba209746d6b12c015eddf31b6c9ebf2f04605518033721cdf02b1da210ca1465129b443c0c46247b5f8cceb000af2c551fcea1c1bef29c5859e95bcf0956b9092279b47dc652134d2bc54c3688978fd4d7c203749da5e4824fe314aa57e76f58fadfafcc7660b68b1a6043acf8f9f0c259d16fe236b5906f88816e7ab69b67f762ad79a5f654c507cc49be181525ff05cde4d56b53790151efa8060c4685e2b1dd0ad89551a41e0d3dda33c2b528922849a8dfcd7246c242c3b2aa38a69e3e5a37c5806c4bcff53e08ffc7a830d925e3394b688ffffffffcbfe387c9e7df19cfb2b54303c101557aa2ed080194fe0af76d672ed77dfa4c5c0c0f9693f4e8c446d3bc19c0a8654bb4ba8b4daae69edf414615473ec2aadaa6871b7d08a51e349acc7b16fddf741f71670da4c2b0eadcf19f46f0fd18b59ecf7b943a2a5c90125638a3b3270a366c074868e62fe2e8751ff3e60411d7e1b3fb6a873f7843489f661f1bc401765cdfacbd76e1b52e15fb10fc19dc4803d3a4743ab977fae35eed00d59ddf64fcbc61f5fa0cf4098d0babde4a397d2ef100c23ca9f836656d5f25b018606e148e3f66400a682472ed5d28b7de624ed838277432623c11027da18378e46c3fd340585b4835ab1d771266322eee56c3e6bf3300f5d48b6b01f515ba7f3fb726cfc6fdf6c07a2f46bbc3f36fc9ba6e551a46335337c881cc4b73e79e76638411adcaa81ee3b6d0e6e6c721da36dcab68bfb0ca6ba7b2c267b80120143a5c4be333b2cf85b3bd2425ca691ff367d130dbbd8e5f6a819e093eae9d176c1c3fb61557f9e5080ee7703fe2ca1061b52d0a40d7ee2f408b3ceac303e302d96d929c17026793c66423d748a81adfd7cb29027f327b0dac4055e88e385f0400f97988aa1fa40cdf776f9f07991fb55d9d4bf62ebefced240d821bd4fbba62c1b62320228c6a4ca613878e3eb538eea28e92b5d909fc7e63ed5a544e7698d0b7d3d99415d4028a5da4cc67fcba3b744acd4f92938027f42b785405228a38d85fd678703b9d41a6a54cd48303a6be64408101fc5471641c1c5a747244da684fef97aa48bf1a225007f26d9f4002a0dc14d01191ef1d749ea2ea05c42c173c3244c1039c04341b0cf37574d8b78e357b451bfcfb79762ed6a4fbc689690bf37afaa92702a0349ed9aecd9111df9fd57b97749bbf5003991029344497c9ff85adaa7a2e566647ba5bad341eed62034b581981dd7c9de9fd4c241a54ad4d6e9e1cf7ca984b13c628cc65eca0829e69d4d390581e43cd2ed5c56608b45c109f35350fb875316e71f79c433319462d4b589a1f7f2d14d43092655da23d63c63298ed62dd481ab0bc58e97f397b39c94b32fad6a1e0cd9da2dfbe6897ee4986fdbafdb0e4b575f800df5da43cf318ea7a5e83a0136b3bde3296b2bd230ed212f79500c6a4458522c3881532b7bfd170647ee65931760f35a1c1f95b8c93e4233f0de2a13c83f31522f2bee05a57c8378ac6bdd3c9e30dc188b30dadb936f35a3fa247732ebae6a8d762992f8a96c1d26981bda157f2b676ac9d61bb786ac8c349da94dbf75a21b786cdceb47a92597b6d2b22f7dc1187cdb4681ce9bebd69977bab9eabf2a68c1d3b3463d6c7f1392e12a17deb97f2ce5c9ef4021d3b4e0df6b3f4b693e136e3931837e91617cd85846f3019a74d2d65f36369e73a461753631d72f9e2834c446ae7e173d6b1935adc0ce65eb0eac830d442a0344f2cbaedf8d48cb0a6959d07f208fbb2dae434f4fdf35b265fbdbde4138b455b7941096d55808de601ddd8a41a70b12968862d0b4086d4ff55152aee65eaa761a9588bb25bce193b4e55ebb183807f118bff0ccbd85ea761e7c3b6cccb64f97b3f1bf7a96eecc7ab40e770a1620209b509f23aab0f769a16c9b8092326987f0cd1de94b911ea6bef5cf15a93829b7cbf03aa85ef577633e058f81e9653fc47d15ab8bead567ed2affbbf5a470302c065086324dc304c777228050ea9f717e45b6676fc9002ccd0428fcb27d839e4139fb17d4ee72e2fe8394e5de0cc814d92663f8c5f87e131a34ef7094078be0cf54763c82004af9727c7972ff1ea6162b279beea87bc2741e996d14f549d0474aabe780c5b80a35eed311cb734c23d01c160e439662c813126747c7d09068e32fa72605d71abc2a332cb59d81071818d5e0944194285f4cfc050392e505dd93c8c882f46fb6b70b4660784d543a6bf34653487840fdc298c8280241174805bf3cf38083224d213cd6076beac135ed3f8c4c6d808c45da2a47750cb0f4d2be6beada1c481a0152d80c0b520d2f090455494c83ba78eb91e6558d52ceceb23c956bb382bb280e6382d2cb679eecd2bcfb6107e2e4f568f1be293eaa0d2ebb77169b103d5fe74d745cf082c36022108b4c430a87fa8535f1c56d0c1d5dae50c549b1b08911e2d2619eef61131c7804b35c3ca4dac1f2595c68941b013b5ded8bfd52ed41da13c0886b7f9c61a5244a815711253aad7ea74eae788b1beea9bc15addb199d2fc79e81a34b887a0e4b935ad154e961c8b6972f124cae7742e82db1e714af15f34908960dbb4ea24e44ffd750c9d11dd45bfaae73028bc88fddf74b2d24de205980ba14f4889119f8a6291b3724497503ddf95222d5d050414e487a3dc65e5eda3169e10570a50440be346cc1f1b0c848410b46610c738636707c5d740a8e3a9b688c2c1ea54135bffd2ffd87d9dfa902f3dd97b2a6068fa65f5a5f95da2b9f6124fe07682e27ab65ab96573e762f5060439e18649798e0b9d7864f91dbc4f4ed3a4ab30671f8f7f3c49c7ac504a754f9420fd9b22421afd7203f7cd6dd8c8e7a33709e12d004e402672af2b3f9046bc57854f98482538ad48723cd153cf03103c157cdb1a63e839a02c3f0041d7020280f96f3f7e0ce89c408be10d344540808dee1bfcb01f5293ab606c71ffc09f9e63b93b37e8d8007ad8432d2e81c3d1d40a57711bdb798ee91a3f05f93f4f46f883db0613bf95fabd523d955d0d4a5518e1bb3dae7646af8af8d4a4d7dcfac633c6efa3164f9e05bbb4b05947ac0e6c4edd99a768eda4c7149cf38a460b522d6405aa47fada1c78f56fbd33669719b1496427f290532334b69d0a7cf6c46cefe5ecd0fd923b14929fd3db8a1a94ba63954b58ceb9b1e0f8471a02c13a160aa763083a5fd36c199075a769768e164f17911f5a416bb96198aa0954a7d27e30c480691ce80dc71a49100", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x0, 0x0, 0x0, 0xe, 0x1c, "fee8a2ab780e00001ea8ffffffff0000000000000004ddb49a000000000000000000f8ff000800000000000000000000000000001400", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffffffffff001700", "90be8bf4bd00000000000000000000000000001000", [0xff]}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x2000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x2000, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r1, 0x4020aed2, &(0x7f0000000040)={0x6000, 0x205000, 0x8})
r6 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180), 0xc00, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, &(0x7f0000000200)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000001c0)=0x2})
r7 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000a40), 0x2002)
write$qrtrtun(r7, 0x0, 0x0) (async)
write$qrtrtun(r7, 0x0, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x123400, 0x0) (async)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x123400, 0x0)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x3ff, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r9, 0x404c534a, &(0x7f0000000040))
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000280), 0x882)
write$sndseq(r10, &(0x7f0000000140)=[{0x1f, 0x0, 0x80, 0xfd, @tick=0xfd, {0x0, 0xfe}, {0x8}, @raw32={[0x0, 0x1, 0xd4]}}], 0x1c) (async)
write$sndseq(r10, &(0x7f0000000140)=[{0x1f, 0x0, 0x80, 0xfd, @tick=0xfd, {0x0, 0xfe}, {0x8}, @raw32={[0x0, 0x1, 0xd4]}}], 0x1c)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) (async)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f00000000c0)) (async)
ioctl$SNDCTL_DSP_SPEED(r8, 0xc0045002, &(0x7f00000000c0))
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000001440)={"2d7452a434a91c96d5ad84584f0c60b5a9fb9554ce83acb64e8f87528f3a93bb", r5}) (async)
ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000001440)={"2d7452a434a91c96d5ad84584f0c60b5a9fb9554ce83acb64e8f87528f3a93bb", r5})
ioctl$SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f0000000000)=0x27) (async)
ioctl$SNDCTL_DSP_CHANNELS(r8, 0xc0045006, &(0x7f0000000000)=0x27)
r11 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r11, &(0x7f0000000040)=ANY=[@ANYBLOB='lock i'], 0xc)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)

18m30.239619899s ago: executing program 1 (id=31):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
write$sndseq(r0, &(0x7f00000005c0)=[{0x6, 0x0, 0x0, 0x0, @tick, {0x4}, {}, @raw8={"3ad5e4aa05fd1f1646e53f27"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @queue}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {}], 0x70)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12)

18m30.018160058s ago: executing program 1 (id=32):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async, rerun: 64)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000880), 0x0, 0x0) (rerun: 64)
ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000000)={0x6, 0xfffffff8, 0x1da0, 0x0, 0x0, "42f46749a2ed195a14cc4951dc7e8e5aec7776", 0x100000, 0xfdfdffff}) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

18m29.569304733s ago: executing program 1 (id=35):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x3, 0x40280)
ioctl$SG_GET_SG_TABLESIZE(r0, 0x227f, &(0x7f0000000040)) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$FS_IOC_READ_VERITY_METADATA(r1, 0xc0286687, &(0x7f00000001c0)={0x1, 0x3, 0xdd, &(0x7f00000000c0)=""/221})
ioctl$I2C_RETRIES(0xffffffffffffffff, 0x701, 0x7)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000200)={{0x1, 0x1, 0x18, <r2=>r0, {0x9}}, './file0\x00'})
ioctl$KVM_KVMCLOCK_CTRL(r2, 0xaead) (async)
ioctl$int_in(r2, 0x5421, &(0x7f0000000240)=0x8000000000000001) (async)
ioctl$I2C_PEC(r2, 0x708, 0x2a) (async, rerun: 32)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r3=>r0, {0x101}}, './file0/file0\x00'}) (rerun: 32)
ioctl$BTRFS_IOC_LOGICAL_INO(r3, 0xc0389424, &(0x7f0000000300)={0x8, 0x10, '\x00', 0x0, &(0x7f00000002c0)=[0x0, 0x0]}) (async)
r4 = openat(r2, &(0x7f0000000340)='./file0/file0/file0\x00', 0x2, 0x40)
ioctl$GIO_UNIMAP(r4, 0x4b66, &(0x7f00000003c0)={0x2, &(0x7f0000000380)=[{}, {}]}) (async)
ioctl$KVM_RUN(r3, 0xae80, 0x0) (async)
ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000400)) (async, rerun: 64)
ioctl$EVIOCGREP(r2, 0x80084503, &(0x7f0000000440)=""/204) (async, rerun: 64)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f0000000540)={0x8f1, 0x2, 0x3}) (async)
write$binfmt_format(r2, &(0x7f0000000580)='1\x00', 0x2) (async, rerun: 32)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000a40)={0x114, 0x0, &(0x7f0000000840)=[@transaction_sg={0x40486311, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50, 0x18, &(0x7f00000005c0)={@flat=@weak_binder={0x77622a85, 0x100f}, @fd={0x66642a85, 0x0, r4}, @fda={0x66646185, 0x8, 0x0, 0x8}}, &(0x7f0000000640)={0x0, 0x18, 0x30}}, 0x1000}, @clear_death={0x400c630f, 0x3}, @increfs={0x40046304, 0x1}, @clear_death={0x400c630f, 0x3}, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f00000006c0)={@flat=@weak_binder={0x77622a85, 0x101}, @ptr={0x70742a85, 0x1, &(0x7f0000000680)=""/34, 0x22, 0x1, 0x11}, @flat=@handle={0x73682a85, 0x0, 0x3}}, &(0x7f0000000740)={0x0, 0x18, 0x40}}}, @reply_sg={0x40486312, {0x3, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x50, 0x18, &(0x7f0000000780)={@fd={0x66642a85, 0x0, r0}, @flat=@weak_binder={0x77622a85, 0x100b, 0x2}, @fda={0x66646185, 0x2, 0x2, 0x2e}}, &(0x7f0000000800)={0x0, 0x18, 0x30}}, 0x40}, @request_death], 0xc0, 0x0, &(0x7f0000000980)="eff8112ed60a749092e745d105b7a761eaf1f359be37f6530693c30eba3352cf99b1a2ac635d35a2e6caa3dacf6b998e3d56c8c5c417a18c5917b69736ebe87573dd30bcac9aa9c8c3a23824287b2bdb5c23c5943a62e93c3bb5e77a3ac0211ab96fd435b810c24b318e90ac1c4c84b9e411ce33e8f9bdadd1a7f9cb68fb33c4752d3b6bedc61b3766acfaf81940ec42b287403e1fe20a268928454afd0490706ee615d75c73283745e454c8ee4e8fbabdc9ec12f50231a990029304a3703e69"}) (async, rerun: 32)
ioctl$RTC_IRQP_READ(0xffffffffffffffff, 0x8008700b, &(0x7f0000000a80))
ioctl$KVM_KVMCLOCK_CTRL(r4, 0xaead) (async)
ioctl$VHOST_GET_VRING_ENDIAN(r2, 0x4008af14, &(0x7f0000000ac0)={0x0, 0x1000}) (async, rerun: 32)
ioctl$KVM_CAP_X86_NOTIFY_VMEXIT(r4, 0x4068aea3, &(0x7f0000000b00)={0xdb, 0x0, 0xff}) (async, rerun: 32)
ioctl$INCFS_IOC_PERMIT_FILL(r3, 0x40046721, &(0x7f0000000b80)={r2})
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000bc0)='./file0\x00', 0x0, 0x20)
openat$incfs(r5, &(0x7f0000000c00)='.pending_reads\x00', 0x50e80, 0x39) (async)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r2, 0x40605346, &(0x7f0000000c40)={0xfffffff4, 0x0, {0x2, 0x0, 0x5ed, 0x3}, 0xfffffffb}) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r2, 0x0, &(0x7f0000000cc0)) (async)
ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000d00)=[0x6, 0x7, 0x8, 0x3, 0x41, 0x5, 0x2, 0xa]) (async)
ioctl$SCSI_IOCTL_GET_PCI(r2, 0x5387, &(0x7f0000000d40))

18m29.295751488s ago: executing program 1 (id=37):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r1, 0x6f000)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

18m28.577401347s ago: executing program 1 (id=39):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x500)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f00000001c0)={{0x9, 0x1}, 'port1\x00', 0x4c, 0x1460, 0x2, 0x7, 0x10, 0x40, 0xfffffff8, 0x0, 0x7, 0x8}) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) (async)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) (async)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0884113, 0x0) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0) (async)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f0000000700)=[@increfs={0x40046305}, @decrefs], 0x0, 0x0, 0x0}) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (rerun: 32)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

18m13.279601839s ago: executing program 32 (id=39):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x500)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f00000001c0)={{0x9, 0x1}, 'port1\x00', 0x4c, 0x1460, 0x2, 0x7, 0x10, 0x40, 0xfffffff8, 0x0, 0x7, 0x8}) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000040)) (async)
openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) (async)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0884113, 0x0) (async)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x801, 0x0) (async)
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x110a, 0x1})
ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f00000003c0)={0x10, 0x0, &(0x7f0000000700)=[@increfs={0x40046305}, @decrefs], 0x0, 0x0, 0x0}) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (rerun: 32)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

16m25.568296503s ago: executing program 3 (id=833):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000000000)={0x2c75, 0x14})

16m24.805552043s ago: executing program 3 (id=836):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x882)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x3}, 0xc})
write$sndseq(r5, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick, {}, {}, @raw32}], 0x1c)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000)

16m24.64348212s ago: executing program 3 (id=838):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x205, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

16m24.283654915s ago: executing program 3 (id=842):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x198, 0x0, 0x4}]})
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000040)={&(0x7f0000000780)={{@host}, {@my=0x1}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c900"}, 0x418})
ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r0, 0x7a6, &(0x7f00000000c0)={0x3, 0x6, 0x7fff, 0x401})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000940)=ANY=[@ANYBLOB="010000000000000000000040"])
preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
r9 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r9, 0xc02c564a, &(0x7f0000000540)={0xff, 0x0, 0x0, @stepwise})
ioctl$vim2m_VIDIOC_CREATE_BUFS(r9, 0xc100565c, &(0x7f0000000100)={0x800, 0x1, 0x2, {0x0, @sdr={0x35315258, 0x400}}, 0x19})

16m23.854305396s ago: executing program 3 (id=846):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20) (async)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000) (async, rerun: 32)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32)
ioctl$FUSE_DEV_IOC_CLONE(r1, 0x8004e500, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x139e05, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r2, 0x7dfff000)

16m23.685720307s ago: executing program 3 (id=850):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0x8008ae9d, &(0x7f0000000040))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r2, 0x4161, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
r4 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r4, 0x80045017, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DELAY(r5, 0x80084121, &(0x7f0000000000))
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r6, &(0x7f0000000100)=""/159, 0xfffffe5a)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

16m8.588247238s ago: executing program 33 (id=850):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r1, 0x8008ae9d, &(0x7f0000000040))
r2 = syz_open_dev$sndpcmp(&(0x7f0000000080), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r2, 0x4161, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r3 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r3, 0xc0405602, &(0x7f00000001c0)={0x5c, 0xa, 0x0, "b75c89e7a20c8eac82ad0416bb1844038d2cd97c945462f31638b5394c00"})
r4 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r4, 0x80045017, 0x0)
r5 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_DELAY(r5, 0x80084121, &(0x7f0000000000))
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r6, &(0x7f0000000100)=""/159, 0xfffffe5a)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

10m34.351831613s ago: executing program 4 (id=3040):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_DIRENTPLUS(r1, &(0x7f0000001180)={0x10, 0xfffffff5, 0x3}, 0x10)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

10m34.215874163s ago: executing program 4 (id=3042):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f000046e000/0x400000)=nil, 0x400000, 0xb, 0x202812, r0, 0x7dfff000)

10m33.375860441s ago: executing program 4 (id=3052):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xc0701, 0x0)
syz_open_dev$midi(&(0x7f0000000000), 0xe8, 0x280080)
ioctl$SNDCTL_SEQ_NRSYNTHS(r1, 0x4004510d, &(0x7f0000001b80))
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x0, 0x1, 0x6bf, 0x8, 0x5, {0x5, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb003, 0x7, 0x0, 0x0, 0x1, 0x3}}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
write$rfkill(r2, &(0x7f00000001c0)={0xfffffffa, 0x5, 0x1, 0x1, 0x1}, 0x8)

10m32.91976456s ago: executing program 4 (id=3054):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
preadv2(r0, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0x100000}], 0xc4, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4020aeb2, &(0x7f0000000740)={0x2, 0x12c, @pic={0x0, 0x2, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf}})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='net_prio.prioidx\x00', 0x275a, 0x0)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x80000)
dup2(r5, r4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r4, 0x0)
r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x6000, 0x1000, 0x1})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
ioctl$BLKOPENZONE(r3, 0x40101286, 0x0)
r8 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000140)={0x8000000, 0x104000})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f00000000c0)={[0x8000000000000001, 0x7ffffffffffffffc, 0x10, 0x2, 0x1, 0x4, 0x3, 0x4, 0x401, 0x1000, 0x8, 0x3, 0x9, 0x8000, 0x400000003, 0xffff], 0x2000, 0x90085})
ioctl$KVM_RUN(r11, 0xae80, 0x0)
write$FUSE_CREATE_OPEN(r8, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r8, 0x0, 0x0)

10m31.799804243s ago: executing program 4 (id=3060):
syz_open_dev$loop(&(0x7f00000002c0), 0x1, 0xa0182)
syz_open_dev$video(&(0x7f0000000000), 0x7, 0x40)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r4, 0xc00caee0, &(0x7f0000000100)={0x4, <r5=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000400)={0x1, 0x0, [{0x20d}]})
r8 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x22002, 0x0)
ioctl$FBIOBLANK(r8, 0x4611, 0x2)
r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f00000006c0)=[<r10=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r9, 0xc02064b6, &(0x7f00000003c0)={r10, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r12 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_CTRL(r12, 0xc008561c, &(0x7f0000000080)={0xf0f008, 0x2400})
ioctl$DRM_IOCTL_MODE_SETCRTC(r9, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r11, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000, 0x1000000, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}})
ioctl$TCFLSH(r1, 0x400455c8, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000300)=0x2)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000200)=0xe)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x2)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000240))

10m29.450629293s ago: executing program 4 (id=3078):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
dup(0xffffffffffffffff) (async)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x3}}) (async)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) (async)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r3, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}, 0x45c) (async)
ioctl$UI_DEV_CREATE(r3, 0x5501) (async)
r4 = dup(r3)
write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x12, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0xd, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xa5f2b87a, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x83, 0xfffff765, 0x2, 0x3, 0x6, 0xa, 0x2, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x4c, 0xfffffffd, 0x80, 0x80000008, 0x8, 0x9, 0x7, 0x101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x1, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdab, 0x9, 0x2, 0x76c4, 0xfffffffd, 0x4, 0x401, 0x10000, 0xd, 0x2, 0x9, 0x20010, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x0, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0x3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x7, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x5d3a, 0x7, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x9, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x40000000, 0x5ef, 0x8000, 0xc, 0x41, 0x400, 0x1, 0x5, 0x0, 0x9a8, 0x0, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0xb, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c) (async)
read$FUSE(r4, &(0x7f0000002c40)={0x2020}, 0x2020) (async)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000540), 0x200)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x5423) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x10000}) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000000))
write$ppp(r8, 0x0, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r9=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x400001, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r10, 0x3ba0, &(0x7f0000000440)={0xfffffffffffffd1f, 0x1, r9, 0x0, 0xd, 0x8000080}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r9, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async)
r11 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r11, 0x4b72, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r9}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

10m14.397199681s ago: executing program 34 (id=3078):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
dup(0xffffffffffffffff) (async)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000040)={{0x3}}) (async)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) (async)
r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
write$uinput_user_dev(r3, &(0x7f00000005c0)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x2000000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47b07c7d, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd], [0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0xe04], [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x758, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000]}, 0x45c) (async)
ioctl$UI_DEV_CREATE(r3, 0x5501) (async)
r4 = dup(r3)
write$uinput_user_dev(r4, &(0x7f00000000c0)={'syz0\x00', {0xfff7, 0xc, 0x100, 0x81}, 0x12, [0x7b, 0xb7e2, 0x3, 0x9, 0x100, 0x3, 0x1, 0x7, 0xd, 0x2, 0x7, 0xa, 0x3, 0x0, 0x7f, 0xd, 0x7fff, 0x6, 0x6, 0x5, 0x6, 0x6, 0x7, 0x6, 0xff, 0x2, 0xa5f2b87a, 0x401, 0x0, 0xfc75, 0x8, 0x9, 0x4, 0x2, 0xffffffff, 0x83, 0xfffff765, 0x2, 0x3, 0x6, 0xa, 0x2, 0x5, 0x0, 0x3ff, 0x6, 0x7, 0x4c, 0xfffffffd, 0x80, 0x80000008, 0x8, 0x9, 0x7, 0x101, 0xc3c, 0x1733, 0x7fff, 0x7ffc, 0x1, 0x6, 0x5, 0x1, 0x4], [0x1, 0x3, 0x8, 0x8, 0x0, 0x8, 0x4, 0x0, 0x25, 0x10, 0x6, 0x7, 0x8, 0xe62, 0xffffff73, 0x1000, 0x6, 0x13e5, 0x3, 0x3, 0x1000, 0x7, 0x1, 0x3b40, 0x4, 0x1000, 0x5, 0x7fff, 0x8, 0x5a, 0xffff2503, 0x7fffffff, 0x6995, 0x1, 0x80000000, 0x8, 0xdab, 0x9, 0x2, 0x76c4, 0xfffffffd, 0x4, 0x401, 0x10000, 0xd, 0x2, 0x9, 0x20010, 0x4000e, 0x9, 0x7, 0xa, 0x9, 0x3, 0x8, 0x3, 0x2, 0x3a6, 0x0, 0xc0d, 0xfffffffd, 0x9, 0xc, 0xfffffffb], [0x3, 0x6, 0x6, 0x9, 0x1000, 0x0, 0x80000000, 0x5, 0x7f, 0xa, 0x100, 0x1000, 0xf1, 0x6, 0xc, 0x10000, 0x72, 0xc, 0x633, 0xd, 0x7, 0x6, 0x80000000, 0x6, 0x0, 0x7, 0x8, 0x2ef3adcb, 0x10, 0x2, 0x8, 0x8, 0x7, 0x4, 0x7, 0x7ff, 0xfffffff2, 0x63, 0x7, 0x2, 0x3, 0x3, 0x20a7fd9e, 0xfffffffd, 0x2, 0xa1, 0x0, 0x9d, 0x7, 0xa8a, 0x2, 0x6, 0x77, 0x8, 0x1ff, 0x7, 0x7, 0x2, 0x0, 0x2, 0x8, 0x2, 0x3, 0x5], [0x4, 0x4, 0x5, 0x8000, 0x493e, 0x3, 0x35ff4447, 0x7, 0x5, 0x4, 0x5d3a, 0x7, 0x5, 0x3ff, 0xb88f, 0xffff0000, 0x9, 0xf7df, 0x2, 0x10, 0x8, 0x2, 0xff, 0x9, 0x4, 0x4, 0x0, 0x0, 0x7, 0x4e6, 0x8, 0x40000000, 0x5ef, 0x8000, 0xc, 0x41, 0x400, 0x1, 0x5, 0x0, 0x9a8, 0x0, 0x231, 0x3ff, 0x8, 0x1, 0xffff0001, 0x1, 0x1, 0x10, 0x8, 0x5396, 0x6161, 0xb, 0x101, 0x1ff, 0x8, 0x431, 0x6, 0x5, 0x4, 0x7b, 0x7fc, 0x9]}, 0x45c) (async)
read$FUSE(r4, &(0x7f0000002c40)={0x2020}, 0x2020) (async)
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000540), 0x200)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r5, 0x5423) (async)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r7, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x10000}) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1) (async)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000000))
write$ppp(r8, 0x0, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r9=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x400001, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r10, 0x3ba0, &(0x7f0000000440)={0xfffffffffffffd1f, 0x1, r9, 0x0, 0xd, 0x8000080}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r9, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async)
r11 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r11, 0x4b72, &(0x7f0000000000)={0x5, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r9}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

5m25.363473461s ago: executing program 6 (id=5160):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000240)=""/152, 0x98)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r2, 0xaf01, 0x0)
ioctl$FIBMAP(r2, 0x4008af03, &(0x7f0000000200)=0x255)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r4, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000480)={0x48, 0x2, r4, 0x0, 0x0, 0x0, 0x0, 0x1})
ioctl$IOMMU_DESTROY$stdev(r3, 0x3b80, &(0x7f0000000400)={0x8, r5})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

5m25.199069876s ago: executing program 6 (id=5162):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x5, 0x2)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xb0000, 0x0)
read(r2, &(0x7f00000000c0)=""/127, 0x7f)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000b40)={0x1, @pix={0x0, 0x0, 0x47425247}})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

5m24.927828922s ago: executing program 6 (id=5167):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000002c0)={0x2, 0x2, 0x2}) (async)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x80000000}}, './file0\x00'})
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f0000000080))
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f00000002c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_LOCK(r3, 0x40405515, 0x0) (async)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

5m24.659653812s ago: executing program 6 (id=5169):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000000000)={0x12, {"a2e3ad21ed0d09f91b5b090987f70906d038e7ff7fc6e5539b0d3d0e8b089b323b6d07060890e0878f0e1ac6e7049b334a959b3e9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0931a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5bcd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39dd0000000039ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00b98e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d877a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r2 = openat$cgroup_procs(r1, &(0x7f0000001040)='tasks\x00', 0x2, 0x0)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f00000010c0), 0x80000, 0x0)
mmap(&(0x7f0000787000/0x3000)=nil, 0x3000, 0x2000008, 0x10, r3, 0x387db000)
ioctl$FS_IOC_SETFLAGS(r2, 0x40186f40, &(0x7f0000000440)=0x1f)
r4 = dup(r0)
r5 = syz_open_dev$vbi(&(0x7f0000001180), 0x2, 0x2)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000011c0)=ANY=[@ANYRES16=r3])
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r8, 0x3b88, &(0x7f0000000100)={0xc})
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4048aecb, &(0x7f0000001200))
ioctl$VIDIOC_S_STD(r4, 0x40085618, &(0x7f0000001240)=0x3fffff)
ioctl$BLKFINISHZONE(r0, 0x40101288, &(0x7f0000001080)={0x2841, 0x4})
ioctl$VIDIOC_S_STD(r5, 0x40085618, &(0x7f0000001140)=0x10000)
ioctl$BLKRASET(r1, 0x1262, &(0x7f0000001100)=0x1)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0)
preadv(r9, &(0x7f0000001500)=[{0x0}], 0x1, 0x202, 0x0)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x42302)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r10, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r10, &(0x7f0000000000)=[{0xd, 0x77, 0x0, 0xa, @tick, {0x0, 0x40}, {}, @note={0x8, 0x3, 0x7, 0x4, 0x6}}], 0x1c)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r10, 0x4040534e, &(0x7f0000000180)={0x92, @time={0xf665642f, 0x65757102}, 0x5, {0x1}, 0xfb})
ioctl$RTC_UIE_ON(r9, 0x7003)

5m24.159914236s ago: executing program 6 (id=5173):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
read$dsp(r1, &(0x7f0000000380)=""/197, 0xc5)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r3, 0x6f000)
ioctl$KDFONTOP_SET(r2, 0x4b72, &(0x7f0000000080)={0x4, 0x0, 0x28, 0x10, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88691b9ae21b3e3b4523ae25c1e27d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b2687a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348307774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d7788b8ebfdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec960400000085a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71829f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc4291507000000000000002195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15d34ca7a819c85e800555db64a717eb23a811356d00"})
ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000280)=0x6)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

5m23.307592197s ago: executing program 6 (id=5179):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async, rerun: 64)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000740)={0x2, 0x0, @ioapic={0x4000, 0x2, 0x800000, 0x100, 0x0, [{0x6, 0x3, 0x6, '\x00', 0x8}, {0x0, 0x3, 0x3}, {0x3, 0x4, 0xc}, {0x1a, 0x7, 0x7, '\x00', 0x5}, {0x4, 0x3f, 0x1, '\x00', 0x58}, {0x2, 0x1, 0x8, '\x00', 0x7}, {0x6, 0xb, 0x1, '\x00', 0x9d}, {0x2, 0xa0, 0x4, '\x00', 0x4}, {0xf7, 0x4, 0xd, '\x00', 0xec}, {0x2, 0x7, 0x1, '\x00', 0x5}, {0x6, 0xa, 0x0, '\x00', 0x9}, {0x2, 0x6, 0x8, '\x00', 0x3}, {0x26, 0x3, 0x6, '\x00', 0x9}, {0x2, 0x0, 0x7, '\x00', 0x3}, {0xc, 0x5, 0x37, '\x00', 0x4}, {0x6, 0x5, 0x5, '\x00', 0x10}, {0x5, 0x8, 0x0, '\x00', 0x5}, {0x7, 0x4, 0x3, '\x00', 0x3}, {0x8, 0x4, 0x0, '\x00', 0x81}, {0x5, 0x3, 0xfc, '\x00', 0xc6}, {0x7f, 0x9, 0x4, '\x00', 0x3}, {0x1, 0x3, 0x4, '\x00', 0xfa}, {0xbd, 0x7, 0x8, '\x00', 0x9}, {0x7d, 0xc, 0x5, '\x00', 0x7}]}}) (async, rerun: 64)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 64)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (rerun: 64)

5m8.273874821s ago: executing program 35 (id=5179):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async, rerun: 64)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (rerun: 64)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r2, 0x4048aec9, &(0x7f0000000740)={0x2, 0x0, @ioapic={0x4000, 0x2, 0x800000, 0x100, 0x0, [{0x6, 0x3, 0x6, '\x00', 0x8}, {0x0, 0x3, 0x3}, {0x3, 0x4, 0xc}, {0x1a, 0x7, 0x7, '\x00', 0x5}, {0x4, 0x3f, 0x1, '\x00', 0x58}, {0x2, 0x1, 0x8, '\x00', 0x7}, {0x6, 0xb, 0x1, '\x00', 0x9d}, {0x2, 0xa0, 0x4, '\x00', 0x4}, {0xf7, 0x4, 0xd, '\x00', 0xec}, {0x2, 0x7, 0x1, '\x00', 0x5}, {0x6, 0xa, 0x0, '\x00', 0x9}, {0x2, 0x6, 0x8, '\x00', 0x3}, {0x26, 0x3, 0x6, '\x00', 0x9}, {0x2, 0x0, 0x7, '\x00', 0x3}, {0xc, 0x5, 0x37, '\x00', 0x4}, {0x6, 0x5, 0x5, '\x00', 0x10}, {0x5, 0x8, 0x0, '\x00', 0x5}, {0x7, 0x4, 0x3, '\x00', 0x3}, {0x8, 0x4, 0x0, '\x00', 0x81}, {0x5, 0x3, 0xfc, '\x00', 0xc6}, {0x7f, 0x9, 0x4, '\x00', 0x3}, {0x1, 0x3, 0x4, '\x00', 0xfa}, {0xbd, 0x7, 0x8, '\x00', 0x9}, {0x7d, 0xc, 0x5, '\x00', 0x7}]}}) (async, rerun: 64)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 64)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async, rerun: 64)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (rerun: 64)

2m20.679783058s ago: executing program 2 (id=6448):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
r2 = dup(0xffffffffffffffff)
mmap(&(0x7f00004e1000/0x3000)=nil, 0x3000, 0x1000006, 0x4010, r2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000100)={0x18, r4, 0x1, 0x0, &(0x7f00000000c0)=[{0x80000001, 0xde5}]})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000380)={0x48, 0x2, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r5 = syz_open_dev$cec(&(0x7f00000003c0), 0x0, 0x0)
r6 = syz_open_dev$video4linux(&(0x7f0000002300), 0xffff, 0x0)
ioctl$VIDIOC_SUBDEV_G_CROP(r6, 0xc038563b, &(0x7f0000000000)={0x1})
ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000004180)={"0d92f63b", 0x3, 0x5, 0x2, 0xfffffffe, 0x8, "df930000000002000100", '\x00', '\x00', "f9102000", ['\x00', "3549ffffffffffffff010800", "0fc7794386a7a0636ad000", "016c5377ea6cabbd1d3661e0"]})
r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x301880, 0x0)
r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCGICOUNT(r8, 0x545d, 0xff4f370c567f0000)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000000)=0x15)
r9 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r9, 0x7a7, &(0x7f0000000040)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r9, 0x7a0, &(0x7f00000000c0)={@hyper})
r10 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2)
read(r10, &(0x7f0000000080)=""/116, 0xfffffeb2)
read(r10, &(0x7f0000000280)=""/96, 0x60)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r9, 0x7b2, &(0x7f00000010c0)={0x0, 0x2, 0x0, 0x3})
ioctl$TCSETS(r7, 0xc0384707, &(0x7f0000000040)={0xfffffffe, 0x0, 0x0, 0x5, 0x3, "3eccd8f9d20000000000001000000200000500"})
r11 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x200900, 0x0)
mmap(&(0x7f000043d000/0x3000)=nil, 0x3000, 0x5a051feb1f984a1d, 0x13, r11, 0x7dfff000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)

2m19.715739807s ago: executing program 2 (id=6457):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000340)={0x1, 0x0, [{0x288, 0x0, 0x6a53}]})
r6 = dup(r2)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r1, 0x0, 0x0) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000340)={0x1, 0x0, [{0x288, 0x0, 0x6a53}]}) (async)
dup(r2) (async)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async)

2m18.703934721s ago: executing program 2 (id=6463):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000), 0x3, 0x2)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000000c0)={0x0, 0x0, &(0x7f000000f000/0x2000)=nil})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x44802, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000040), 0x7fffffffffe00003, 0x0)
ioctl$VIDIOC_REQBUFS(r5, 0xc0585609, &(0x7f0000000240)={0xe, 0xa, 0x3})
r6 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000098}]})
ioctl$VIDIOC_S_FREQUENCY(r1, 0x402c5639, &(0x7f0000000b40)={0x0, 0x1})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x10010, r0, 0x7dfff000)

2m17.511110062s ago: executing program 2 (id=6468):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r0, 0xc0905664, &(0x7f0000000040)={0x0, 0x0, '\x00', @bt={0x7, 0x3, 0x5, 0x80, 0x8, 0x6}})
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
r1 = syz_open_dev$video(&(0x7f0000000100), 0x80000000, 0x329400)
ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000140))
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000200), 0x80, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(0xffffffffffffffff, 0xc05064a7, &(0x7f0000000540)={&(0x7f00000002c0)=[0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0], &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], &(0x7f00000004c0)=[<r4=>0x0, <r5=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0], 0x6, 0x6, 0x6})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r2, 0xc04064aa, &(0x7f00000005c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[{}], r4, 0x0, '\x00', 0x6, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r2, 0xc01064c2, &(0x7f0000000600)={<r6=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r2, 0xc01064c2, &(0x7f0000000640)={<r7=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TRANSFER(r2, 0xc02064cc, &(0x7f0000000680)={r6, r7, 0x40, 0x7, 0x4})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f00000006c0)={0xcb1, r5})
r8 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000700)='cgroup.threads\x00', 0x2, 0x0)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x1010, r8, 0x109c7000)
r9 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000740)={{0xdddd0000, 0x3000, 0xc, 0x26, 0xa, 0x6, 0xd, 0x9, 0x0, 0x2, 0x8, 0x4}, {0x3000, 0x0, 0xb, 0x6, 0xe7, 0x9, 0x5, 0x2, 0xc, 0x2, 0x3, 0x8}, {0x4000, 0x1000, 0xf, 0x3, 0xe, 0x5c, 0x46, 0x5, 0x2, 0x4, 0x7, 0x2}, {0x3000, 0x80a0000, 0x10, 0x0, 0x20, 0x6, 0xff, 0x81, 0xc, 0x12, 0x7, 0x1f}, {0xf000, 0xffff1000, 0x9, 0x91, 0x5, 0x9, 0x6, 0x1, 0x5, 0x4, 0x2, 0x4}, {0x1, 0x10000, 0xc, 0x7, 0x1, 0x23, 0x5, 0x80, 0x5, 0x3, 0x9, 0x4}, {0xdddd0000, 0x80a0000, 0x9, 0x6, 0x5, 0x3, 0x81, 0x9, 0x81, 0x7, 0x4c, 0x12}, {0x2, 0xd000, 0x8, 0x3, 0x1, 0x0, 0x7, 0x4, 0x0, 0x8, 0x4, 0xb}, {0x8080000, 0x5}, {0x2000, 0xd9a3}, 0x80000000, 0x0, 0x1000, 0x400444, 0x7, 0x100, 0x3000, [0x7fffffff, 0x7, 0x72, 0x35be]})
ioctl$FIOCLEX(r8, 0x5451)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000880)=0x1000)
ioctl$AUTOFS_IOC_EXPIRE(r9, 0x810c9365, &(0x7f00000008c0)={{0x6, 0xff}, 0x100, './file0\x00'})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000b00)={&(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, <r10=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000b80)={&(0x7f0000000a00)=[0x0], &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x1, r10, 0xbbbbbbbb})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000000e80)={&(0x7f0000000bc0)=[0x0, 0x0, 0x0], &(0x7f0000000c00)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000e00)=[0x0, 0x0, <r11=>0x0, 0x0, 0x0], &(0x7f0000000e40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x5, 0x3, 0x0, r10})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r2, 0xc01864ba, &(0x7f0000000f00)={0x5, r11, r3})
r12 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000f40), 0x10000, 0x0)
ioctl$SNDCTL_SEQ_PANIC(r12, 0x5111)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0)
r13 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000f80), 0x0, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10010, r13, 0x378b000)
write$cgroup_pressure(r13, &(0x7f0000000fc0)={'some', 0x20, 0x0, 0x20, 0x100}, 0x2f)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r13, 0xc04064a0, &(0x7f0000001100)={&(0x7f0000001000)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001040)=[0x0, 0x0], &(0x7f0000001080)=[0x0], &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x4, 0x2, 0x1, 0x6})

2m17.436016774s ago: executing program 2 (id=6470):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x0, 0x6}) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f0000000280)=0x10) (async)
ioctl$KVM_CAP_X86_GUEST_MODE(r2, 0x4068aea3, &(0x7f0000000080))
r3 = ioctl$TIOCGPTPEER(r2, 0x5441, 0xc5)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x0, r3, 0x4, 0x7ff, 0x2})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) (async)
read(r1, &(0x7f0000000100)=""/38, 0x26)

2m17.367127048s ago: executing program 2 (id=6471):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101801)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
read$fb(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x2000, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x8, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

2m2.147094143s ago: executing program 36 (id=6471):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101801)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
read$fb(r2, 0x0, 0x0) (async)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, &(0x7f0000000380)={0x2000, 0x0, "5a77bd038786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500031681905db88235f8a5447dd2a2fd6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd500800000000000000e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82577ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b394de70400d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca147df97db"}) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x8, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

24.950319044s ago: executing program 0 (id=7226):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0xfffffffffffffffe, 0x2, 0x2, 0x6bf, 0x5, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
r2 = syz_open_dev$video4linux(&(0x7f0000000080), 0x5, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r2, 0xc0e85667, &(0x7f0000000ac0)={0x0, 0x0, "760b3e7b874213829561795ea5d9eb7cfd3f5a0fa82b1f7ba6444ac9530f6f58"}) (async)
read$FUSE(r1, 0x0, 0x0) (async)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r5, 0x3ba0, &(0x7f00000001c0)={0x48, 0x8, r6, 0x0, 0x3, 0x276069, 0x0, 0x0, 0x10004})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x4900, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

24.663857715s ago: executing program 0 (id=7229):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x3}]})
close(0x5)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0xa00, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_FREE(r2, 0x4112, 0x0)

24.416838843s ago: executing program 0 (id=7234):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)
ioctl(r0, 0x1, &(0x7f0000001300))
r1 = openat$binfmt_register(0xffffff9c, &(0x7f0000000000), 0x1, 0x0)
pwritev2(r1, &(0x7f0000000380)=[{&(0x7f0000000600)="002e2e6be0d52f355b3adf", 0xb}], 0x1, 0x528, 0x5, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, 0x0)
ioctl$IOMMU_IOAS_MAP(r2, 0x3b85, &(0x7f0000000440)={0x28, 0x7, r3, 0x0, &(0x7f0000000480)='LLL', 0x3, 0x2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000740)={0x48, 0x2, r3})
r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_ENUMSTD(r4, 0xc0205648, &(0x7f00000009c0)={0x0, 0x0, "f4130bd29b273d141289d4f6531c9c5245efab6a34961d8d"})
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000180), 0x238c00, 0x0)
read(r5, &(0x7f00000001c0)=""/159, 0x9f)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0)
r7 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000480), 0x81, 0x0)
ioctl$PPPIOCNEWUNIT(r7, 0xc004743e, &(0x7f00000004c0)=0x2)
ioctl$PPPIOCSMAXCID(r7, 0x40047451, &(0x7f0000000900)=0x8000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x40010, r6, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
r11 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SOUND_PCM_READ_BITS(r11, 0x80045005, &(0x7f0000000040))
r12 = dup(r10)
ioctl$KVM_SET_MSRS(r12, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="82000000000000009e000040"])
ioctl$IOMMU_IOAS_ALLOC(r12, 0x3b81, &(0x7f0000000080)={0xc})

23.974250147s ago: executing program 0 (id=7239):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_PMU_CAPABILITY(r6, 0x4068aea3, &(0x7f0000000480)={0xc4, 0x0, 0x3})
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r7, &(0x7f0000000000), 0x12)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)
r9 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r9, 0x40345410, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x50, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

22.583267186s ago: executing program 0 (id=7249):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x0, 0x5c8c})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000001, 0x0, 0x6, 0x5, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000340)={0x18, r3})
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

22.102286159s ago: executing program 0 (id=7252):
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x43cb, 0xad5, &(0x7f00000002c0), &(0x7f0000000340)="b7eb6c", 0x0, 0x3})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000000)={0x43cb, 0xad5, &(0x7f00000002c0), &(0x7f0000000340)="b7eb6c", 0x0, 0x3}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_NMI(r2, 0xae9a) (async)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0xfffffffffffffffe]}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x400000000000002, 0x5, 0xfffffffffffffffe, 0x4, 0x2, 0x0, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901}) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async)

21.452929174s ago: executing program 5 (id=7257):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000001100)=""/174, 0xe) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0xfffffffd, 0x6b8a, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x4, 0x0, 0x0, 0x0, 0x4}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r1, 0x0, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = syz_open_dev$dri(&(0x7f0000000000), 0x9, 0x7c434d8ac366bd24)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000080)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000200)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r3, 0xc06864a2, &(0x7f00000000c0)={0x0, 0x0, r4, r5, 0x0, 0x0, 0x0, 0x5, {0x5, 0xfff7, 0x9, 0x8000, 0x2, 0x7f, 0x0, 0x872, 0x4, 0x0, 0x12, 0x0, 0x100001, 0x2010000, "0e19cd276f6c8c20761a58418bdffb38a310364ef87b48499c76277e0300"}}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000001200)={&(0x7f0000001040)=[0x0], &(0x7f0000001080)=[0x0, 0x0, 0x0], &(0x7f00000010c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000011c0)=[0x0], 0x1, 0x3, 0x4, 0x1}) (async)
r6 = dup(r2)
write$UHID_INPUT(r6, &(0x7f0000000000)={0xfc, {"a2e3ad21ed0d1bf91b29550987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f3b096c060890e0878f0e1ac6e7049b096e959b449a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b075d0d36cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130f91850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f4077fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a81aa1020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b21052010689af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153fae46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c343f7f140f319539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474b0679dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691951264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d984836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a70500be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x8f5}}, 0x1006) (async)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0) (async)
ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f00000000c0)={0x7, 0x8000000000000001})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xd)

20.955904031s ago: executing program 7 (id=7258):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r0, &(0x7f0000001600)=[{&(0x7f0000000080)=""/145, 0x91}, {&(0x7f0000000140)=""/136, 0x88}, {&(0x7f0000000200)=""/238, 0xee}, {&(0x7f0000000300)=""/121, 0x79}, {&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f0000000000)=""/59, 0x3b}, {&(0x7f0000001380)=""/86, 0x56}, {&(0x7f0000001400)=""/171, 0xab}, {&(0x7f00000014c0)=""/99, 0x63}, {&(0x7f0000001540)=""/188, 0xbc}], 0xa, 0x4, 0x7)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

20.651852505s ago: executing program 7 (id=7260):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 64)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async, rerun: 64)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000280), 0x480083)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) (async)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f00000083c0)={{0x3, 0x2}}) (async)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r3, 0x54a2)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x4, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0xfd, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r1, 0x0, 0x0)
r4 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r4, 0xc0405665, &(0x7f0000000040)={0x0, 0x5, 0x10000}) (async)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r5, &(0x7f0000000100)=""/140, 0x8c) (async, rerun: 32)
r6 = syz_open_dev$cec(&(0x7f00000002c0), 0x0, 0x181800) (rerun: 32)
ioctl$CEC_ADAP_S_LOG_ADDRS(r6, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0xffff, 0x5, 0x4a, 0xa, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", "7ca24a13", "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9040087", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "f63800006ae7e4cd0032a93c"]})
ioctl$CEC_TRANSMIT(r6, 0xc0386105, &(0x7f0000000d40)={0xffffffffffffd, 0x1, 0x6, 0xfffffffc, 0x0, 0x4063, "5dc126c069840000feffffff0500", 0x0, 0x7b, 0x0, 0x0, 0x25, 0x41}) (async)
close(0x3) (async, rerun: 32)
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async, rerun: 32)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async, rerun: 64)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0) (rerun: 64)
ioctl$SIOCSIFHWADDR(r9, 0x5460, &(0x7f0000000540)={'veth0_macvtap\x00', @link_local})
read$FUSE(r8, &(0x7f0000000d80)={0x2020, 0x0, <r10=>0x0, <r11=>0x0, <r12=>0x0}, 0x2020)
write$FUSE_ATTR(r8, &(0x7f0000005340)={0x78, 0x0, r10, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r11, r12, 0xb, 0x8, 0x1000000}}}, 0x78) (async, rerun: 32)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000440)={0xa0, 0xfffffffffffffffe, 0x0, {{0x4, 0x2, 0x62, 0x6c2, 0x8, 0x1, {0x0, 0x2000000000000002, 0x100000001, 0x4, 0x9, 0x1, 0x101, 0x8, 0xe, 0xb000, 0x7, 0x0, r12, 0x1, 0x3}}, {0x0, 0x18b6358d8c94ffb0}}}, 0xa0) (rerun: 32)
r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80421, 0x0)
ioctl$BLKPG(r13, 0x1269, &(0x7f0000000400)={0x1, 0x0, 0x98, &(0x7f0000000340)={0xfffffffffffffff8, 0x3}}) (async)
read$FUSE(r7, 0x0, 0x0)

20.168156442s ago: executing program 7 (id=7261):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x28200, 0x0)
read(r0, &(0x7f0000000200)=""/172, 0xac)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
mmap(&(0x7f0000870000/0x3000)=nil, 0x3000, 0x200000c, 0x12, r0, 0x7f32b000)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

19.591859127s ago: executing program 8 (id=7262):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x96, 0x8000000})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

19.530376649s ago: executing program 8 (id=7263):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f00000000c0))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000002280), 0x171600, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x103082)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f47"])
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff, {0x0, 0xee01}}, './file0\x00'})
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
syz_open_dev$video(&(0x7f0000000040), 0x7fffffffffe00003, 0x800)
syz_open_dev$dri(&(0x7f0000000180), 0xd21, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000002240)={0x0, &(0x7f0000002280), 0x0, 0x0, 0x0, 0x40000171, 0xfffffffffffffea6})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
mmap$KVM_VCPU(&(0x7f0000000000/0x2000)=nil, 0x0, 0x2000005, 0x50, 0xffffffffffffffff, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000002200)=ANY=[@ANYRESDEC, @ANYRES16, @ANYRES32])
r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0xb)
r9 = dup(r8)
write$6lowpan_enable(r9, &(0x7f00000022c0)='1', 0x1)
read$FUSE(r9, &(0x7f00000001c0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_RMFB(0xffffffffffffffff, 0xc00464af, &(0x7f0000000040))
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x22040, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000fbf20300"/24])
r13 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r13, 0xae41, 0x0)

19.291136295s ago: executing program 5 (id=7264):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x400000000000003, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f00000000c0)={0xf0f041})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12)

19.135952627s ago: executing program 5 (id=7265):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000040))
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r3, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

19.027172289s ago: executing program 7 (id=7266):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSTI(r0, 0x541b, &(0x7f0000000080))
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r1, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r2, 0xc0305616, &(0x7f00000001c0)={0x0, {0x1, 0x5}})
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x0, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x4, 0xe, 0x4000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r6, 0x4008ae8a, &(0x7f00000001c0)={0x1, 0x0, [{0x1, 0x2, 0x80, 0xfffffff9, 0xeaa}]})
ioctl$KVM_SET_LAPIC(r6, 0x4400ae8f, &(0x7f0000000700)={"ce85bf2fb3cd8f0e18f44494adfd754252f57b44e3463dfcb57b5aa2b43cd438723b695eec6b442606838fcc7114ee6e137328f81af34923eb4829d751fe67819c96419effe0f53ecc9abb1c638d0daf7409000000000000007e714351c2c78b293c2e33df72ca75c4f998b90a473868c98f53ed8f448286b859d15f97b4b6802e87f2170db785ac72fbc40e3ca4684e282864a612c553ebd1ca1948bfea0769e283fa6ed8e2215af04c32980b53ea45e5cf150d3442ba0e58aae0fdeb14d6a20bed8351e1f2b17abdb988f50fbf4074f815d68745a04f2e7ac4212ab17a2872ad028e133aa42778e459ab306a7b6b1cef1f7facf93ddfc3f93908f1b21a13217f02d020f45649159822d69c818682368f0e59316563717a71fcf3c65c496d766a7d7fa6840377e9e93d46f322c1d36fd5275d97da2d9f5eeaee4cdd98e9d0c911ba7b21e47766397360658f815eff477dd353f82cb463aa5e1b9fc305d21e07e657de987152fd9372f4225a5b1231c4b680c9b8918bc5b10786c1660eb829c5f1096f7c4270dcef52c9ad70a3dd9b80e32d0a2c45a6a469e28fa75a064cdaae3e59099df9c3e384e6927ebf0f84df459d179410ce200dc8d9452923b32c67a5165c78a0b382aa9c2755e83834be0b88fbdeffb4841192d5c9480dfd52aaad7c928f601ebf48523775c20399fbaa5b6d83e5add38fea61e13091496e164b09fbffeab88f9329bc4526a076377a4d0a47ea223e1660e9dcbf562e505914b6ca6d978d84162fa5895299eb8fb8eaec40808fe6eb449333f62ac02b8bece9c708971d1d1cb6dffe416c2c6fae7c906678dfe105ff10cfe1eda88c69dcaa73c89cfcfdf92ef6ad690200000084feb026fae4523f0e3d087978b127cc272033c9f3f1b0ac7e0ed4f3cfeb3e60b691478d9fb01b4158d22d1f64698d076aa830586aff206b3e65772b0d189e770ea239689638d0d96fad69b0fba98d6bcb17ad67a7e8fd5d658f4f929efa834be01e2644e36ab7c13930499a50ad46716274d62407635b97d6e6c19b1226451294b5e575135aaa972a739e89c92f698b043ed9b97d8b6d7e44522d462a54c10190eecb15f7edd14e3815eff39d614b50f015356e731f0812649979de235f19552bc2826e1533135fee0b67f925e9baabdb846b5bf66855e3f8b751ca16f3bec23aa634606196a388f8e1b126f36618f685cb62065d30f6fe2b0a562a94591ee3fa981160e1481ee781c371cc7ee8c928f77b4e6d9b73fa3bfc479060ce1f4f0b68fd21d068d50e29c84bc2af8328817bcc3293afe6c78d4ee87c835097b383169d8017ef12eabd7ff4f91701088ace6da88c1c05e729aade819777203973c20f6c1611f8adb2ac10d22795c125db94b18cf900"})
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x4, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r8, 0xc0a85320, &(0x7f0000000100))
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
r9 = syz_open_dev$tty1(0xc, 0x4, 0x3)
r10 = dup(r9)
write$UHID_INPUT(r10, &(0x7f0000001040)={0xfc, {"a2e3ad09ed1a09f91b5d090987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f38306d090890e0879b0a0ac6e70a9b3348959b509a240d5b0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d07640936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

18.662809896s ago: executing program 8 (id=7267):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000080), 0x129200, 0x0)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000180), 0x2)
read(r1, &(0x7f0000000240)=""/176, 0xfffffcb8)
ioctl$BLKOPENZONE(r0, 0x40101286, &(0x7f0000000000)={0x9, 0x1})
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x40082)
ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f00000000c0)=0x7fff)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CHECK_EXTENSION_VM(r5, 0xae03, 0xea)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

17.202682208s ago: executing program 8 (id=7268):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000788000/0x12000)=nil, 0x12000, 0xe, 0x1010, r0, 0x7dffd000)

17.160630305s ago: executing program 5 (id=7269):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f00000000c0)={0x28, 0x3, r2, 0x0, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x100000007ffffffe})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

16.991610388s ago: executing program 7 (id=7270):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
write$sndseq(r0, &(0x7f0000000040)=[{0x41, 0x0, 0x0, 0xfd, @tick, {}, {0xf}, @addr={0x0, 0xf}}], 0x1c)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
r3 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r3, 0xc1004110, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r2, 0xc010640c, &(0x7f0000000040)={0x15})
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r1, 0x40101286, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x8, 0x2, 0x100000001, 0x0, 0x6, 0x2, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r5, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
r8 = syz_open_dev$dri(&(0x7f00000001c0), 0x10000000, 0x400)
mmap(&(0x7f0000040000/0x4000)=nil, 0x4000, 0x0, 0x28011, r8, 0x1)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
ioctl$IOMMU_VFIO_SET_IOMMU(r7, 0x3b66, 0x3)
openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x320000, 0x0)

16.985935065s ago: executing program 8 (id=7271):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
read(r2, &(0x7f0000000040)=""/9, 0x9)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="1e0306003c5c9801288363"], 0xffdd)
read(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4008ae93, &(0x7f0000000040)=0x4)
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1, 0x11, r6, 0x0)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20040)
ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0)
ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r7, 0xc0105303, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x1ff, 0x0, 0xeeee8000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

16.52379501s ago: executing program 5 (id=7272):
r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
preadv(r0, &(0x7f0000000200)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f00000040c0)=""/177, 0xb1}], 0x2, 0x0, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x406c02, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000140)={0x1, 0x0, [{0xd90, 0x0, 0x5}]})
r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r5, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000040)={0x0, 0x20000006})
ioctl$SNDRV_TIMER_IOCTL_START(r5, 0x54a0)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r6, 0xc08c5332, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r6, &(0x7f0000000000)=[{0x1e, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1001a)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0xb69d7000)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000080)={0xc})

16.040537425s ago: executing program 7 (id=7273):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0)
write$vga_arbiter(r0, &(0x7f00000000c0)=@other={'lock', ' ', 'mem'}, 0x9)
write$vga_arbiter(r0, &(0x7f00000006c0)=@other={'unlock', ' ', 'none'}, 0xc)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000440)=0x4)
ioctl$FIONREAD(r1, 0x541b, &(0x7f0000003400))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x701, 0x0)
r5 = openat$cgroup_ro(r3, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
lseek(r6, 0x8, 0x4)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
r7 = openat$cgroup_int(r5, &(0x7f0000000000)='cpu.weight.nice\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x7, 0x12)

16.022483947s ago: executing program 5 (id=7274):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4140aecd, &(0x7f00000001c0))
r6 = dup(r2)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

15.191563918s ago: executing program 8 (id=7275):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x4, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x100000000000000, 0x6, 0x5, 0x101, 0x2000007, 0xe, 0xb000, 0x7, 0x0, 0x0, 0xffffffff, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r3, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000240)={0x0, 0x83}, 0x8f)
ioctl$SG_GET_NUM_WAITING(r3, 0x227d, &(0x7f0000000200))
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000007a80), 0x131000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000280)=ANY=[@ANYBLOB="00000063ffcd91f2fac7e0795dee83d9df6480318c0f63eb3d28ef667bd150851b50ba334a99a03c95ac8882af64a09036307894e3e5773c53ea360137b6a5a04e17ed39b400c4591cbbc2aab676fb055ea038f26b3a28c059791d4074bac3cd31bea34f"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8010, r7, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
r11 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
close(0xffffffffffffffff)
write$binfmt_format(r11, &(0x7f0000000100)='0\x00', 0xfffffed8)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
write$rfkill(r8, &(0x7f00000001c0)={0x5, 0x1, 0x0, 0x1, 0x1}, 0x8)

156.082299ms ago: executing program 37 (id=7273):
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0)
write$vga_arbiter(r0, &(0x7f00000000c0)=@other={'lock', ' ', 'mem'}, 0x9)
write$vga_arbiter(r0, &(0x7f00000006c0)=@other={'unlock', ' ', 'none'}, 0xc)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x7)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000440)=0x4)
ioctl$FIONREAD(r1, 0x541b, &(0x7f0000003400))
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r4 = syz_open_dev$I2C(&(0x7f0000000080), 0x0, 0x0)
ioctl$I2C_SMBUS(r4, 0x701, 0x0)
r5 = openat$cgroup_ro(r3, &(0x7f0000000100)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0)
r6 = openat$nci(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
lseek(r6, 0x8, 0x4)
write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r5, 0x0)
r7 = openat$cgroup_int(r5, &(0x7f0000000000)='cpu.weight.nice\x00', 0x2, 0x0)
write$cgroup_int(r7, &(0x7f0000000040)=0x7, 0x12)

70.312777ms ago: executing program 38 (id=7275):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x2, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x4, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x100000000000000, 0x6, 0x5, 0x101, 0x2000007, 0xe, 0xb000, 0x7, 0x0, 0x0, 0xffffffff, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r3, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000240)={0x0, 0x83}, 0x8f)
ioctl$SG_GET_NUM_WAITING(r3, 0x227d, &(0x7f0000000200))
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000007a80), 0x131000, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID(r7, 0x4008ae8a, &(0x7f0000000280)=ANY=[@ANYBLOB="00000063ffcd91f2fac7e0795dee83d9df6480318c0f63eb3d28ef667bd150851b50ba334a99a03c95ac8882af64a09036307894e3e5773c53ea360137b6a5a04e17ed39b400c4591cbbc2aab676fb055ea038f26b3a28c059791d4074bac3cd31bea34f"])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x4, 0x8010, r7, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
r11 = openat$binfmt_format(0xffffff9c, &(0x7f0000000040)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0)
close(0xffffffffffffffff)
write$binfmt_format(r11, &(0x7f0000000100)='0\x00', 0xfffffed8)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
write$rfkill(r8, &(0x7f00000001c0)={0x5, 0x1, 0x0, 0x1, 0x1}, 0x8)

0s ago: executing program 39 (id=7274):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x200, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4140aecd, &(0x7f00000001c0))
r6 = dup(r2)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

kernel console output (not intermixed with test programs):

08FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041
[  884.307174][ T5842] Bluetooth: hci4: command 0x1003 tx timeout
[  884.316742][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  884.563169][T30163] kernel profiling enabled (shift: 63)
[  884.572970][T30163] profiling shift: 63 too large
[  885.434787][T30214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  887.452042][T30307] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  888.233830][T30347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  888.733758][T30373] CUSE: info not properly terminated
[  890.872990][T30445] misc userio: Can't change port type on an already running userio instance
[  891.678459][T30474] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  893.621841][T30544] input: syz0 as /devices/virtual/input/input162
[  893.717798][T30544] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  894.191212][T30572] dlm: no locking on control device
[  894.553077][T30590] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  896.155838][T30754] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  896.570684][T30774] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  896.680412][T30781] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  897.327697][T30803] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  897.434385][T30808] kvm: user requested TSC rate below hardware speed
[  899.741061][   T30] audit: type=1800 audit(1750388234.922:29): pid=30881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5274" name="dmabuf" dev="dmabuf" ino=32 res=0 errno=0
[  899.760839][    C0] vkms_vblank_simulate: vblank timer overrun
[  899.996732][T30888] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  900.362860][T30900] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  902.671283][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  902.685412][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  902.695982][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  902.707584][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  902.725556][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  902.758562][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  902.766862][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  902.777528][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  902.787815][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  902.825435][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  902.890257][T30997] sg_write: data in/out 989/10 bytes for SCSI command 0x3a-- guessing data in;
[  902.890257][T30997]    program syz.2.5296 not setting count and/or reply_len properly
[  902.952476][T30997] input: syz1 as /devices/virtual/input/input164
[  903.078398][T30997] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  903.490243][   T49] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  903.861687][   T30] audit: type=1400 audit(1750388239.072:30): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=31033 comm="syz.5.5300"
[  903.925227][   T49] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.218827][   T49] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.429196][   T49] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  904.640973][T31037] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  904.641004][T31037] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  905.035962][ T3000] Bluetooth: hci4: Frame reassembly failed (-84)
[  905.240030][T30966] chnl_net:caif_netlink_parms(): no params data found
[  905.264262][   T49] bridge_slave_1: left allmulticast mode
[  905.271695][   T49] bridge_slave_1: left promiscuous mode
[  905.285125][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  905.357941][   T49] bridge_slave_0: left allmulticast mode
[  905.363700][   T49] bridge_slave_0: left promiscuous mode
[  905.369709][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  907.026754][ T5842] Bluetooth: hci4: command 0x1003 tx timeout
[  907.033577][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  907.300276][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  907.407032][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  907.449032][   T49] bond0 (unregistering): Released all slaves
[  907.550501][T31310] random: crng reseeded on system resumption
[  908.519396][T30966] bridge0: port 1(bridge_slave_0) entered blocking state
[  908.554570][T30966] bridge0: port 1(bridge_slave_0) entered disabled state
[  908.605397][T30966] bridge_slave_0: entered allmulticast mode
[  908.614619][T30966] bridge_slave_0: entered promiscuous mode
[  908.880046][T30966] bridge0: port 2(bridge_slave_1) entered blocking state
[  908.906070][T30966] bridge0: port 2(bridge_slave_1) entered disabled state
[  908.922455][T30966] bridge_slave_1: entered allmulticast mode
[  908.942556][T30966] bridge_slave_1: entered promiscuous mode
[  909.298104][   T49] hsr_slave_0: left promiscuous mode
[  909.337966][   T49] hsr_slave_1: left promiscuous mode
[  909.352231][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  909.366506][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  909.407445][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  909.422751][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  909.554963][   T49] veth1_macvtap: left promiscuous mode
[  909.562349][   T49] veth0_macvtap: left promiscuous mode
[  909.571763][   T49] veth1_vlan: left promiscuous mode
[  909.578299][   T49] veth0_vlan: left promiscuous mode
[  910.599609][T31488] PM: Enabling pm_trace changes system date and time during resume.
[  910.599609][T31488] PM: Correct system time has to be restored manually after resume.
[  910.686396][   T30] audit: type=1400 audit(1750388245.892:31): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2221D01A0B978D2F2F262D2A83D1 pid=31486 comm="syz.5.5344"
[  911.969413][   T49] team0 (unregistering): Port device team_slave_1 removed
[  912.238037][   T49] team0 (unregistering): Port device team_slave_0 removed
[  915.085831][T30966] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  915.119718][T30966] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  915.412308][T30966] team0: Port device team_slave_0 added
[  915.450419][T30966] team0: Port device team_slave_1 added
[  915.492440][T31544] input: syz1 as /devices/virtual/input/input165
[  915.732819][T30966] batman_adv: batadv0: Adding interface: batadv_slave_0
[  915.762159][T30966] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.822449][T30966] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  915.844320][T30966] batman_adv: batadv0: Adding interface: batadv_slave_1
[  915.862146][T30966] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  915.898155][T31587] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  915.945367][T30966] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  916.443664][T30966] hsr_slave_0: entered promiscuous mode
[  916.458292][T30966] hsr_slave_1: entered promiscuous mode
[  916.486815][T30966] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  916.495664][T30966] Cannot create hsr debugfs directory
[  917.096998][T31717] usb usb5: usbfs: process 31717 (syz.5.5363) did not claim interface 0 before use
[  917.214924][T31739] input: syz1 as /devices/virtual/input/input166
[  917.579404][T30966] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  917.661674][T30966] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  917.737296][T30966] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  917.794445][T30966] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  917.927635][T31803] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  918.162830][T30966] 8021q: adding VLAN 0 to HW filter on device bond0
[  918.234060][T30966] 8021q: adding VLAN 0 to HW filter on device team0
[  918.283579][ T1143] bridge0: port 1(bridge_slave_0) entered blocking state
[  918.290833][ T1143] bridge0: port 1(bridge_slave_0) entered forwarding state
[  918.352445][ T1143] bridge0: port 2(bridge_slave_1) entered blocking state
[  918.359659][ T1143] bridge0: port 2(bridge_slave_1) entered forwarding state
[  918.880261][T31855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  919.079881][T30966] 8021q: adding VLAN 0 to HW filter on device batadv0
[  919.227768][T31884] input: syz0 as /devices/virtual/input/input167
[  919.884005][T30966] veth0_vlan: entered promiscuous mode
[  919.931865][T30966] veth1_vlan: entered promiscuous mode
[  920.022597][T30966] veth0_macvtap: entered promiscuous mode
[  920.038770][T30966] veth1_macvtap: entered promiscuous mode
[  920.080039][T30966] batman_adv: batadv0: Interface activated: batadv_slave_0
[  920.103560][T30966] batman_adv: batadv0: Interface activated: batadv_slave_1
[  920.132054][T30966] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  920.143994][T30966] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  920.173370][T30966] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  920.189746][T30966] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  920.524229][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  920.546032][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  920.601994][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  920.616616][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  922.803452][T32082] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  923.363726][T32122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  923.630218][T32140] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  923.979235][T32149] mkiss: ax0: crc mode is auto.
[  927.207391][T32438] syz.7.5439: attempt to access beyond end of device
[  927.207391][T32438] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  927.698782][T32455] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  928.015905][T32481] binder: 32475:32481 ioctl c0306201 200000000540 returned -22
[  928.027836][T32479] binder: 32475:32479 unknown command 0
[  928.059271][T32478] mkiss: ax0: crc mode is auto.
[  928.059316][T32479] binder: 32475:32479 ioctl c0306201 200000000080 returned -22
[  928.161922][T32488] vivid-001: =================  START STATUS  =================
[  928.189268][T32488] vivid-001: Radio HW Seek Mode: Bounded
[  928.195003][T32488] vivid-001: Radio Programmable HW Seek: false
[  928.229508][T32488] vivid-001: RDS Rx I/O Mode: Block I/O
[  928.242404][T32488] vivid-001: Generate RBDS Instead of RDS: false
[  928.251583][T32488] vivid-001: RDS Reception: true
[  928.267792][T32488] vivid-001: RDS Program Type: 0 inactive
[  928.286553][T32488] vivid-001: RDS PS Name:  inactive
[  928.296164][T32488] vivid-001: RDS Radio Text:  inactive
[  928.325705][T32488] vivid-001: RDS Traffic Announcement: false inactive
[  928.348575][T32488] vivid-001: RDS Traffic Program: false inactive
[  928.417165][T32488] vivid-001: RDS Music: false inactive
[  928.422874][T32488] vivid-001: ==================  END STATUS  ==================
[  929.014932][T32538] binder: 32537:32538 unknown command 0
[  929.022277][T32538] binder: 32537:32538 ioctl c0306201 200000000480 returned -22
[  929.099458][T32543] sg_write: data in/out 26278/6 bytes for SCSI command 0x0-- guessing data in;
[  929.099458][T32543]    program syz.7.5460 not setting count and/or reply_len properly
[  929.345789][T32552] loop6: detected capacity change from 0 to 524287999
[  929.375578][T32562] tap0: tun_chr_ioctl cmd 1074812118
[  929.430628][T32552] loop6: detected capacity change from 524287999 to 524287952
[  929.435137][T32557] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  929.796724][T32582] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  930.483884][T32621] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  931.358137][T32657] input: syz1 as /devices/virtual/input/input170
[  931.674024][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  931.674127][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  932.680568][T32722] support for the xor transformation has been removed.
[  932.681162][T32723] syz.7.5494: attempt to access beyond end of device
[  932.681162][T32723] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  933.184309][   T30] audit: type=1804 audit(1750388268.392:32): pid=32759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5499" name="/newroot/126/cgroup.controllers" dev="tmpfs" ino=663 res=1 errno=0
[  933.225842][T32759] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  933.232332][T32761] input: syz1 as /devices/virtual/input/input172
[  933.249048][   T30] audit: type=1800 audit(1750388268.392:33): pid=32759 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5499" name="cgroup.controllers" dev="tmpfs" ino=663 res=0 errno=0
[  933.393426][  T306] CUSE: info not properly terminated
[  933.406520][   T30] audit: type=1804 audit(1750388268.612:34): pid=307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.5499" name="/newroot/126/cgroup.controllers" dev="tmpfs" ino=663 res=1 errno=0
[  934.092419][  T341] kvm: user requested TSC rate below hardware speed
[  934.828285][  T389] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  934.974496][  T403] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  935.333466][  T421] CUSE: info not properly terminated
[  935.376828][  T421] CUSE: DEVNAME unspecified
[  935.485375][T18864] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0
[  935.505366][  T433] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  935.526940][T18864] hid-generic 0000:0000:0000.0010: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  936.890965][  T487] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  937.790710][  T536] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  937.829572][  T541] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  938.124876][  T555] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  938.602245][  T572] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  939.309723][   T13] Bluetooth: hci4: Frame reassembly failed (-90)
[  939.330688][  T605] Bluetooth: hci4: Frame reassembly failed (-84)
[  939.537547][  T620] loop6: detected capacity change from 524287952 to 0
[  939.601083][  T628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  939.901610][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.910003][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.919618][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.928086][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.935520][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.943359][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.954516][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.964345][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.972183][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.979976][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.988573][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  939.996092][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.012009][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.029836][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.040292][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.049971][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.058178][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.065676][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.080253][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.088147][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.095665][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.103654][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.122493][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.136246][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.150618][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.158429][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.165943][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.174019][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.184336][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.193276][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.204297][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.226577][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.234055][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.243284][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.251368][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.260079][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.267767][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.275204][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.287389][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.294918][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.338756][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.363419][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.399507][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.421083][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.439795][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.452825][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.478186][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.506093][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.526571][   T10] hid-generic 000C:0009:0000.0011: unknown main item tag 0x0
[  940.537841][   T10] hid-generic 000C:0009:0000.0011: hidraw0: <UNKNOWN> HID v0.80 Device [syz0] on syz1
[  940.790057][  T683] fido_id[683]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  941.119876][  T711] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  941.152683][  T712] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[  941.200989][   T30] audit: type=1800 audit(1750388276.412:35): pid=711 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5560" name="memory.events" dev="tmpfs" ino=1328 res=0 errno=0
[  941.267426][   T30] audit: type=1800 audit(1750388276.412:36): pid=712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5560" name="memory.events" dev="tmpfs" ino=1328 res=0 errno=0
[  941.288591][    C1] vkms_vblank_simulate: vblank timer overrun
[  941.357127][ T5842] Bluetooth: hci4: command 0x1003 tx timeout
[  941.363894][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  942.168809][  T752] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  943.367820][  T815] binder: BC_ACQUIRE_RESULT not supported
[  943.431992][  T815] binder: 805:815 ioctl c0306201 200000000580 returned -22
[  944.217420][  T868] ptm ptm1: ldisc open failed (-12), clearing slot 1
[  945.483788][ T1071] loop6: detected capacity change from 0 to 4
[  945.506606][    C0] blk_print_req_error: 54 callbacks suppressed
[  945.506625][    C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  945.522466][    C0] buffer_io_error: 23 callbacks suppressed
[  945.522484][    C0] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  945.559727][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  945.569296][    C1] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  945.578081][ T1074] misc userio: Can't change port type on an already running userio instance
[  945.579606][    C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  945.596379][    C0] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  946.761478][ T1148] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  947.922507][ T1203] ptm ptm2: ldisc open failed (-12), clearing slot 2
[  949.004131][ T1258] QAT: failed to copy from user.
[  949.789059][ T1295] program syz.2.5636 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  950.525000][ T1334] input: syz0 as /devices/virtual/input/input177
[  951.250417][ T1370] vivid-000: disconnect
[  951.487742][ T1382] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.523374][ T1381] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.720865][T18864] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.745783][T18864] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.769849][T18864] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.802992][T18864] rtc_cmos 00:00: Alarms can be up to one day in the future
[  951.819423][T18864] rtc rtc0: __rtc_set_alarm: err=-22
[  951.850574][ T1403] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  952.247075][ T1362] vivid-000: reconnect
[  953.308827][ T1494] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  953.479971][ T1505] random: crng reseeded on system resumption
[  953.504153][ T1507] CUSE: zero length info key specified
[  954.296122][ T1535] syz.5.5680: attempt to access beyond end of device
[  954.296122][ T1535] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  954.473383][ T1544] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  954.789253][ T1563] input: syz0 as /devices/virtual/input/input180
[  954.840592][ T1566] kvm: kvm [1562]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4
[  955.074146][ T1582] usb usb6: usbfs: interface 0 claimed by hub while 'syz.7.5689' sets config #3
[  958.720769][ T1772] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  964.573277][ T1815] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  965.094366][ T1846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  966.493641][ T1937] cgroup: fork rejected by pids controller in /syz2
[  967.341343][ T1972] sysfs: cannot create duplicate filename '/devices/virtual/tty/gsmtty1'
[  967.392713][ T1972] CPU: 0 UID: 0 PID: 1972 Comm: syz.5.5766 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  967.392742][ T1972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  967.392755][ T1972] Call Trace:
[  967.392764][ T1972]  <TASK>
[  967.392773][ T1972]  dump_stack_lvl+0x189/0x250
[  967.392801][ T1972]  ? kernfs_path_from_node+0x2c/0x260
[  967.392822][ T1972]  ? __pfx_dump_stack_lvl+0x10/0x10
[  967.392844][ T1972]  ? __pfx__printk+0x10/0x10
[  967.392869][ T1972]  ? kernfs_path_from_node+0x2c/0x260
[  967.392885][ T1972]  ? kernfs_path_from_node+0x2c/0x260
[  967.392905][ T1972]  ? kernfs_path_from_node+0x22c/0x260
[  967.392922][ T1972]  ? kernfs_path_from_node+0x2c/0x260
[  967.392944][ T1972]  sysfs_create_dir_ns+0x259/0x280
[  967.392978][ T1972]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  967.393020][ T1972]  ? do_raw_spin_unlock+0x122/0x240
[  967.393053][ T1972]  kobject_add_internal+0x59f/0xb40
[  967.393086][ T1972]  kobject_add+0x155/0x220
[  967.393114][ T1972]  ? __pfx_kobject_add+0x10/0x10
[  967.393137][ T1972]  ? do_raw_spin_unlock+0x122/0x240
[  967.393169][ T1972]  ? get_device_parent+0x366/0x3a0
[  967.393197][ T1972]  device_add+0x408/0xb50
[  967.393224][ T1972]  tty_register_device_attr+0x3fe/0x8f0
[  967.393254][ T1972]  ? __pfx_tty_register_device_attr+0x10/0x10
[  967.393286][ T1972]  ? tty_port_init+0x136/0x1a0
[  967.393307][ T1972]  ? gsm_dlci_alloc+0x32a/0x640
[  967.393333][ T1972]  gsm_activate_mux+0x110/0x2a0
[  967.393359][ T1972]  gsmld_ioctl+0x1261/0x1870
[  967.393388][ T1972]  ? __pfx_gsmld_ioctl+0x10/0x10
[  967.393422][ T1972]  ? __pfx___ldsem_down_read_nested+0x10/0x10
[  967.393466][ T1972]  ? __pfx_gsmld_ioctl+0x10/0x10
[  967.393486][ T1972]  tty_ioctl+0x9c6/0xde0
[  967.393507][ T1972]  ? __pfx_tty_ioctl+0x10/0x10
[  967.393525][ T1972]  __se_sys_ioctl+0xfc/0x170
[  967.393551][ T1972]  do_syscall_64+0xfa/0x3b0
[  967.393569][ T1972]  ? lockdep_hardirqs_on+0x9c/0x150
[  967.393596][ T1972]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.393615][ T1972]  ? clear_bhb_loop+0x60/0xb0
[  967.393638][ T1972]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  967.393656][ T1972] RIP: 0033:0x7f0e77d8e929
[  967.393675][ T1972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  967.393690][ T1972] RSP: 002b:00007f0e75bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  967.393712][ T1972] RAX: ffffffffffffffda RBX: 00007f0e77fb6160 RCX: 00007f0e77d8e929
[  967.393726][ T1972] RDX: 0000200000000040 RSI: 00000000404c4701 RDI: 0000000000000010
[  967.393739][ T1972] RBP: 00007f0e77e10b39 R08: 0000000000000000 R09: 0000000000000000
[  967.393752][ T1972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  967.393763][ T1972] R13: 0000000000000000 R14: 00007f0e77fb6160 R15: 00007ffd1ed98698
[  967.393796][ T1972]  </TASK>
[  967.393829][ T1972] kobject: kobject_add_internal failed for gsmtty1 with -EEXIST, don't try to register things with the same name in the same directory.
[  968.062530][   T49] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  968.531791][   T49] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  968.614120][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  968.624335][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  968.635365][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  968.654472][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  968.663182][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  968.721747][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  968.729275][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  968.747838][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  968.767406][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  968.783210][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  968.825098][   T49] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  969.139187][   T49] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  969.657834][ T2119] chnl_net:caif_netlink_parms(): no params data found
[  969.873250][   T49] bridge_slave_1: left allmulticast mode
[  969.904061][   T49] bridge_slave_1: left promiscuous mode
[  969.919309][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  970.027888][   T49] bridge_slave_0: left allmulticast mode
[  970.039756][   T49] bridge_slave_0: left promiscuous mode
[  970.049086][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  970.877200][ T5842] Bluetooth: hci3: command tx timeout
[  972.087722][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  972.177371][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  972.220768][   T49] bond0 (unregistering): Released all slaves
[  972.333596][ T2364] Falling back ldisc for ttyS3.
[  972.412751][   T30] audit: type=1400 audit(1750388307.622:37): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=2369 comm="syz.7.5786"
[  972.823884][ T2398] loop4: detected capacity change from 0 to 7
[  972.840679][ T2018] Dev loop4: unable to read RDB block 7
[  972.852047][ T2018]  loop4: unable to read partition table
[  972.858121][ T2018] loop4: partition table beyond EOD, truncated
[  972.868828][ T2398] Dev loop4: unable to read RDB block 7
[  972.881566][ T2398]  loop4: unable to read partition table
[  972.892868][    C0] I/O error, dev loop4, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  972.902392][    C0] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  972.942224][ T2398] loop4: partition table beyond EOD, truncated
[  972.947113][ T5842] Bluetooth: hci3: command tx timeout
[  972.982738][ T2398] loop_reread_partitions: partition scan of loop4 (3�����) failed (rc=-5)
[  973.239511][ T2119] bridge0: port 1(bridge_slave_0) entered blocking state
[  973.251303][ T2119] bridge0: port 1(bridge_slave_0) entered disabled state
[  973.270815][ T2119] bridge_slave_0: entered allmulticast mode
[  973.279270][ T2119] bridge_slave_0: entered promiscuous mode
[  973.540881][ T2119] bridge0: port 2(bridge_slave_1) entered blocking state
[  973.558547][ T2119] bridge0: port 2(bridge_slave_1) entered disabled state
[  973.565837][ T2119] bridge_slave_1: entered allmulticast mode
[  973.610829][ T2119] bridge_slave_1: entered promiscuous mode
[  973.907544][   T49] hsr_slave_0: left promiscuous mode
[  973.956987][   T49] hsr_slave_1: left promiscuous mode
[  973.963253][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  973.981366][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  974.045130][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  974.066963][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  974.155730][   T49] veth1_macvtap: left promiscuous mode
[  974.175557][   T49] veth0_macvtap: left promiscuous mode
[  974.184910][   T49] veth1_vlan: left promiscuous mode
[  974.191905][   T49] veth0_vlan: left promiscuous mode
[  975.003252][ T2533] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  975.026597][ T5842] Bluetooth: hci3: command tx timeout
[  976.987736][   T49] team0 (unregistering): Port device team_slave_1 removed
[  977.107068][ T5842] Bluetooth: hci3: command tx timeout
[  977.218447][   T49] team0 (unregistering): Port device team_slave_0 removed
[  980.009121][ T2551] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  980.015106][ T2551] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  980.019233][ T2119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  980.080530][ T2119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  980.504856][ T2119] team0: Port device team_slave_0 added
[  980.521105][ T2692] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  980.585793][ T2119] team0: Port device team_slave_1 added
[  980.722285][ T2699] Invalid logical block size (5)
[  980.971549][ T2699] kernel profiling enabled (shift: 6)
[  981.087013][ T2119] batman_adv: batadv0: Adding interface: batadv_slave_0
[  981.094097][ T2119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  981.120289][    C0] vkms_vblank_simulate: vblank timer overrun
[  981.126928][ T2119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  981.168839][ T2119] batman_adv: batadv0: Adding interface: batadv_slave_1
[  981.175854][ T2119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  981.201963][    C0] vkms_vblank_simulate: vblank timer overrun
[  981.212418][ T2119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  981.686021][ T2119] hsr_slave_0: entered promiscuous mode
[  981.693326][ T2119] hsr_slave_1: entered promiscuous mode
[  981.973751][ T2848] syz.5.5823: attempt to access beyond end of device
[  981.973751][ T2848] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  984.200471][ T3056] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  984.356649][ T2119] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  984.436224][ T2119] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  984.520942][ T2119] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  984.595550][ T2119] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  984.601873][ T3077] can0: slcan on ttyS3.
[  984.876868][ T3076] can0 (unregistered): slcan off ttyS3.
[  985.105537][ T2119] 8021q: adding VLAN 0 to HW filter on device bond0
[  985.124314][ T3128] ALSA: mixer_oss: invalid index 100000
[  985.191589][ T2119] 8021q: adding VLAN 0 to HW filter on device team0
[  985.198894][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[  985.199013][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[  985.411815][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  985.411944][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  985.695784][   T70] Bluetooth: hci4: Frame reassembly failed (-84)
[  985.834256][ T3146] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  986.073156][ T2119] 8021q: adding VLAN 0 to HW filter on device batadv0
[  986.184725][ T2119] veth0_vlan: entered promiscuous mode
[  986.221156][ T2119] veth1_vlan: entered promiscuous mode
[  986.351146][ T2119] veth0_macvtap: entered promiscuous mode
[  986.383428][ T2119] veth1_macvtap: entered promiscuous mode
[  986.448213][ T2119] batman_adv: batadv0: Interface activated: batadv_slave_0
[  986.469920][ T3182] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  986.499947][ T2119] batman_adv: batadv0: Interface activated: batadv_slave_1
[  986.529251][ T2119] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  986.562036][ T2119] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  986.581054][ T2119] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  986.601249][ T2119] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  986.988340][T18988] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  987.019116][T18988] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  987.274551][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  987.304066][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  987.651247][ T3253] syz.7.5864: attempt to access beyond end of device
[  987.651247][ T3253] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  987.747067][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  987.750700][ T5842] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  987.862279][ T3265] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  989.156226][ T3329] binder: 3328:3329 ioctl 40046205 0 returned -22
[  989.423563][ T3333] syz.2.5878: vmalloc error: size 141557760, failed to allocated page array size 276480, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  989.462566][ T3333] CPU: 1 UID: 0 PID: 3333 Comm: syz.2.5878 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  989.462596][ T3333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  989.462608][ T3333] Call Trace:
[  989.462637][ T3333]  <TASK>
[  989.462646][ T3333]  dump_stack_lvl+0x189/0x250
[  989.462679][ T3333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  989.462701][ T3333]  ? __pfx__printk+0x10/0x10
[  989.462724][ T3333]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  989.462750][ T3333]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  989.462776][ T3333]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  989.462804][ T3333]  warn_alloc+0x214/0x310
[  989.462838][ T3333]  ? __pfx_warn_alloc+0x10/0x10
[  989.462871][ T3333]  ? __get_vm_area_node+0x28f/0x300
[  989.462895][ T3333]  ? vb2_vmalloc_alloc+0xef/0x340
[  989.462919][ T3333]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  989.462979][ T3333]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  989.463018][ T3333]  ? __kasan_kmalloc+0x93/0xb0
[  989.463044][ T3333]  vmalloc_user_noprof+0xad/0xf0
[  989.463070][ T3333]  ? vb2_vmalloc_alloc+0xef/0x340
[  989.463090][ T3333]  vb2_vmalloc_alloc+0xef/0x340
[  989.463111][ T3333]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  989.463133][ T3333]  __vb2_queue_alloc+0x9bf/0x15a0
[  989.463181][ T3333]  vb2_core_reqbufs+0xc31/0x1420
[  989.463223][ T3333]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  989.463240][ T3333]  ? __vb2_init_fileio+0x1e8/0xff0
[  989.463269][ T3333]  ? __vb2_init_fileio+0x1e8/0xff0
[  989.463293][ T3333]  __vb2_init_fileio+0x318/0xff0
[  989.463327][ T3333]  ? __pfx___mutex_lock+0x10/0x10
[  989.463351][ T3333]  __vb2_perform_fileio+0x284/0x1600
[  989.463385][ T3333]  ? __asan_memset+0x22/0x50
[  989.463409][ T3333]  vb2_fop_read+0x273/0x360
[  989.463438][ T3333]  v4l2_read+0x199/0x2c0
[  989.463465][ T3333]  vfs_readv+0x5a7/0x850
[  989.463486][ T3333]  ? __pfx_v4l2_read+0x10/0x10
[  989.463508][ T3333]  ? __pfx_vfs_readv+0x10/0x10
[  989.463545][ T3333]  ? __fget_files+0x2a/0x420
[  989.463578][ T3333]  ? __fget_files+0x3a0/0x420
[  989.463602][ T3333]  ? __fget_files+0x2a/0x420
[  989.463638][ T3333]  __x64_sys_preadv+0x197/0x2a0
[  989.463666][ T3333]  ? __pfx___se_sys_futex+0x10/0x10
[  989.463692][ T3333]  ? __pfx___x64_sys_preadv+0x10/0x10
[  989.463725][ T3333]  ? do_syscall_64+0xbe/0x3b0
[  989.463749][ T3333]  do_syscall_64+0xfa/0x3b0
[  989.463767][ T3333]  ? lockdep_hardirqs_on+0x9c/0x150
[  989.463795][ T3333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  989.463815][ T3333]  ? clear_bhb_loop+0x60/0xb0
[  989.463839][ T3333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  989.463857][ T3333] RIP: 0033:0x7f1d3e98e929
[  989.463876][ T3333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  989.463892][ T3333] RSP: 002b:00007f1d3f89e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  989.463914][ T3333] RAX: ffffffffffffffda RBX: 00007f1d3ebb5fa0 RCX: 00007f1d3e98e929
[  989.463928][ T3333] RDX: 0000000000000007 RSI: 0000200000002540 RDI: 0000000000000004
[  989.463941][ T3333] RBP: 00007f1d3ea10b39 R08: 0000000000000005 R09: 0000000000000000
[  989.463954][ T3333] R10: 0000000000000026 R11: 0000000000000246 R12: 0000000000000000
[  989.463966][ T3333] R13: 0000000000000000 R14: 00007f1d3ebb5fa0 R15: 00007fff5064fe48
[  989.464007][ T3333]  </TASK>
[  989.464440][ T3333] Mem-Info:
[  989.799955][ T3333] active_anon:7865 inactive_anon:0 isolated_anon:0
[  989.799955][ T3333]  active_file:8609 inactive_file:44388 isolated_file:0
[  989.799955][ T3333]  unevictable:768 dirty:34 writeback:0
[  989.799955][ T3333]  slab_reclaimable:11308 slab_unreclaimable:96643
[  989.799955][ T3333]  mapped:24377 shmem:1403 pagetables:1692
[  989.799955][ T3333]  sec_pagetables:0 bounce:0
[  989.799955][ T3333]  kernel_misc_reclaimable:0
[  989.799955][ T3333]  free:1310029 free_pcp:24567 free_cma:0
[  989.845093][    C0] vkms_vblank_simulate: vblank timer overrun
[  989.858225][ T3333] Node 0 active_anon:31460kB inactive_anon:0kB active_file:34436kB inactive_file:177348kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97508kB dirty:136kB writeback:0kB shmem:4076kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12224kB pagetables:6624kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  989.891575][    C0] vkms_vblank_simulate: vblank timer overrun
[  989.912839][ T3333] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  989.945018][ T3333] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  989.977722][ T3333] lowmem_reserve[]: 0 2497 2498 2498 2498
[  989.983557][ T3333] Node 0 DMA32 free:1314948kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31412kB inactive_anon:0kB active_file:34436kB inactive_file:176044kB unevictable:1536kB writepending:136kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:88600kB local_pcp:18968kB free_cma:0kB
[  990.019713][ T3333] lowmem_reserve[]: 0 0 1 1 1
[  990.024517][ T3333] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1304kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  990.055251][ T3333] lowmem_reserve[]: 0 0 0 0 0
[  990.057359][ T3347] program syz.5.5881 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  990.069327][ T3333] Node 1 Normal free:3909788kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:9216kB local_pcp:9216kB free_cma:0kB
[  990.069396][ T3333] lowmem_reserve[]: 0 0 0 0 0
[  990.069443][ T3333] Node 0 DMA: 0*4kB 
[  990.100452][    C0] vkms_vblank_simulate: vblank timer overrun
[  990.110505][ T3354] program syz.5.5881 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  990.115658][ T3333] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  990.136647][ T3333] Node 0 DMA32: 283*4kB (U) 68*8kB (UE) 153*16kB (UME) 328*32kB (UME) 125*64kB (UME) 36*128kB (UME) 21*256kB (UME) 19*512kB (UME) 18*1024kB (UM) 11*2048kB (UME) 302*4096kB (UM) = 1320284kB
[  990.140771][ T3354] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  990.155464][    C0] vkms_vblank_simulate: vblank timer overrun
[  990.156954][ T3333] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  990.184790][ T3333] Node 1 Normal: 225*4kB (UME) 55*8kB (UME) 48*16kB (UME) 255*32kB (UME) 92*64kB (UME) 21*128kB (UME) 7*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 3*2048kB (UE) 947*4096kB (M) = 3909788kB
[  990.203658][ T3333] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  990.226222][ T3333] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  990.239125][ T3333] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  990.254810][ T3333] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  990.266472][ T3333] 54396 total pagecache pages
[  990.270354][ T3357] PM: Enabling pm_trace changes system date and time during resume.
[  990.270354][ T3357] PM: Correct system time has to be restored manually after resume.
[  990.271340][ T3333] 0 pages in swap cache
[  990.292211][ T3333] Free swap  = 124996kB
[  990.299580][ T3333] Total swap = 124996kB
[  990.304459][ T3333] 2097051 pages RAM
[  990.308621][ T3333] 0 pages HighMem/MovableOnly
[  990.313510][ T3333] 425688 pages reserved
[  990.319868][ T3333] 0 pages cma reserved
[  990.417589][ T3358] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  990.563537][ T3370] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  991.675479][ T3437] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  991.958894][ T3439] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  992.127715][ T3463] rtc_cmos 00:00: Alarms can be up to one day in the future
[  992.515888][ T3477] can0: slcan on ptm0.
[  993.115651][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  993.127469][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  993.222679][ T3509] misc userio: Can't change port type on an already running userio instance
[  993.306404][ T3476] can0 (unregistered): slcan off ptm0.
[  995.512753][ T3632] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  996.173518][ T3678] binder: 3677:3678 ioctl c00c620f 200000000080 returned -22
[  996.214328][ T3678] binder: 3677:3678 ioctl c00c620f 200000000080 returned -22
[  998.454091][ T3792] binder: 3789:3792 ioctl c0306201 2000000003c0 returned -14
[  998.462692][ T3792] binder: 3789:3792 ioctl c00c620f 2000000001c0 returned -22
[  999.290625][ T3833] ALSA: mixer_oss: invalid index 100000
[ 1000.679129][ T3892] binder: 3879:3892 ioctl c00c620f 200000000180 returned -22
[ 1000.681519][ T3891] input: syz1 as /devices/virtual/input/input186
[ 1000.985958][ T3911] sg_write: data in/out 989/10 bytes for SCSI command 0x3a-- guessing data in;
[ 1000.985958][ T3911]    program syz.7.5980 not setting count and/or reply_len properly
[ 1000.990829][ T3908] program syz.0.5981 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1001.013541][ T3908] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1002.063053][ T3962] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38414261, 8, 0, 0, 0)
[ 1002.385647][ T3972] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1002.425195][ T3972] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1002.476223][ T3980] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1003.330462][ T4009] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1003.730119][ T4024] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1005.402619][ T4107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1005.901169][ T4137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1006.080502][ T4150] autofs4:pid:4150:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[ 1007.026831][ T5842] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[ 1007.035009][   T51] Bluetooth: hci4: command 0xfc11 tx timeout
[ 1007.405256][ T4199] nvme_fabrics: unknown parameter or missing value '���V'gwb�WXE�V���R���P�9\�񸮴����*�V�q��6:z�>$\rG
DE>a��΋v���Je�d�f��hސ�4�>����sКs�t��	�n�{`�����.SuS�\' in ctrl creation request
[ 1007.424797][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1007.436085][ T4199] nvme_fabrics: unknown parameter or missing value 'syz1' in ctrl creation request
[ 1008.235519][ T4240] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1009.045694][ T4272] kvm: kvm [4268]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x882
[ 1009.100335][ T4273] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1011.125743][ T4396] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1013.360520][ T4528] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1013.634181][ T4551] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1013.804809][ T4555] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1015.339500][ T4641] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1015.582046][ T4658] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1016.810614][ T4713] misc userio: No port type given on /dev/userio
[ 1017.041981][ T4722] [U] 
[ 1017.044826][ T4722] [U] K{�
[ 1017.047890][ T4722] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[ 1017.054880][ T4722] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[ 1017.070456][ T4722] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[ 1017.080934][ T4722] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[ 1017.116692][ T4722] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[ 1017.140271][ T4722] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[ 1017.151420][ T4722] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[ 1017.163015][ T4722] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[ 1017.186307][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1017.225073][ T4722] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`�
[ 1017.233419][ T4722] [U] 
[ 1017.236177][ T4722] [U] 
[ 1017.238983][ T4722] [U] 
[ 1017.274023][ T4721] [U] 
[ 1018.151534][ T4761] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1018.523407][ T4776] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1018.743702][ T4794] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1019.890237][ T4860] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1021.180619][ T4927] syz.0.6182: attempt to access beyond end of device
[ 1021.180619][ T4927] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1021.442595][ T4946] binder: 4945:4946 ioctl c018620c 200000000500 returned -1
[ 1021.660802][ T4954] tap0: tun_chr_ioctl cmd 1074025677
[ 1021.666779][ T4954] tap0: linktype set to 776
[ 1022.097230][ T4982] support for cryptoloop has been removed.  Use dm-crypt instead.
[ 1022.549280][ T5009] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1022.653212][ T5024] binder: BINDER_SET_CONTEXT_MGR already set
[ 1022.659653][ T5024] binder: 5020:5024 ioctl 40046207 0 returned -16
[ 1023.106991][ T5039] tun0: tun_chr_ioctl cmd 1074025676
[ 1023.119605][ T5039] tun0: owner set to 0
[ 1023.548732][ T5060] tap0: tun_chr_ioctl cmd 1074025673
[ 1023.554244][ T5061] tap0: tun_chr_ioctl cmd 1074812118
[ 1024.568191][ T5116] sp0: Synchronizing with TNC
[ 1025.013320][ T5145] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[ 1025.045480][ T5145] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1025.639385][ T5176] input: syz0 as /devices/virtual/input/input189
[ 1025.731711][ T5183] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1025.769691][ T5183] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1026.185990][ T5212] binder: BC_ATTEMPT_ACQUIRE not supported
[ 1026.186013][ T5212] binder: 5206:5212 ioctl c0306201 200000000100 returned -22
[ 1026.801917][ T5230] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1026.885381][ T5240] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1027.333301][ T5258] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1029.789806][ T5394] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1030.238298][ T5409] loop6: detected capacity change from 0 to 524287999
[ 1030.351205][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.623617][ T5415] input: syz0 as /devices/virtual/input/input190
[ 1030.678546][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1030.921098][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1030.939393][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1030.953053][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1030.962499][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1030.973631][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1031.074451][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1031.082022][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1031.083372][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1031.089686][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1031.119659][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1031.128650][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1031.561328][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1032.411737][   T12] bridge_slave_1: left allmulticast mode
[ 1032.436454][   T12] bridge_slave_1: left promiscuous mode
[ 1032.442323][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1032.528792][   T30] audit: type=1400 audit(1750388367.742:38): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041
[ 1032.557940][   T12] bridge_slave_0: left allmulticast mode
[ 1032.649330][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1032.697985][   T12] bridge_slave_0: left promiscuous mode
[ 1032.703882][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1033.266812][   T51] Bluetooth: hci1: command tx timeout
[ 1033.618667][ T5660] loop8: detected capacity change from 0 to 7
[ 1033.632282][ T2642] Dev loop8: unable to read RDB block 7
[ 1033.640005][ T2642]  loop8: unable to read partition table
[ 1033.645989][ T2642] loop8: partition table beyond EOD, truncated
[ 1033.678012][ T5660] Dev loop8: unable to read RDB block 7
[ 1033.687425][ T5660]  loop8: unable to read partition table
[ 1033.693378][ T5660] loop8: partition table beyond EOD, truncated
[ 1033.702418][ T5660] loop_reread_partitions: partition scan of loop8 (�被x) failed (rc=-5)
[ 1033.717485][ T5662] Dev loop8: unable to read RDB block 7
[ 1033.726597][ T5662]  loop8: unable to read partition table
[ 1033.732575][ T5662] loop8: partition table beyond EOD, truncated
[ 1034.542009][ T5681] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1035.154380][ T5696] cgroup: fork rejected by pids controller in /syz7
[ 1035.238205][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1035.346645][   T51] Bluetooth: hci1: command tx timeout
[ 1035.358375][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1035.418780][   T12] bond0 (unregistering): Released all slaves
[ 1035.547840][ T5423] chnl_net:caif_netlink_parms(): no params data found
[ 1035.989468][ T5654] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1035.995457][ T5654] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1036.286522][ T5423] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1036.293817][ T5423] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1036.320502][ T5423] bridge_slave_0: entered allmulticast mode
[ 1036.334180][ T5423] bridge_slave_0: entered promiscuous mode
[ 1036.653033][ T5423] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1036.663514][ T5423] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1036.672962][ T5423] bridge_slave_1: entered allmulticast mode
[ 1036.682020][ T5423] bridge_slave_1: entered promiscuous mode
[ 1037.281094][ T5842] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1037.295034][ T5842] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1037.303563][ T5842] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1037.313105][ T5842] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1037.322421][ T5842] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1037.341612][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1037.364483][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1037.372468][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1037.384681][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1037.395580][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1037.529086][   T12] hsr_slave_0: left promiscuous mode
[ 1037.578519][   T12] hsr_slave_1: left promiscuous mode
[ 1037.585328][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1037.592991][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1037.639961][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1037.649113][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1037.718696][ T5913] program syz.2.6304 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1037.765778][   T12] veth1_macvtap: left promiscuous mode
[ 1037.773747][   T12] veth0_macvtap: left promiscuous mode
[ 1037.781411][   T12] veth1_vlan: left promiscuous mode
[ 1037.791013][   T12] veth0_vlan: left promiscuous mode
[ 1038.677663][ T5946] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1039.426697][   T51] Bluetooth: hci2: command tx timeout
[ 1039.467767][ T5974] input: syz0 as /devices/virtual/input/input192
[ 1040.005098][ T5990] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1040.662238][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1040.997313][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1041.507734][   T51] Bluetooth: hci2: command tx timeout
[ 1041.694024][ T6026] input: syz1 as /devices/virtual/input/input193
[ 1041.863807][ T6032] syz.5.6333: attempt to access beyond end of device
[ 1041.863807][ T6032] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1043.351594][ T5423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1043.371469][ T5423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1043.586689][   T51] Bluetooth: hci2: command tx timeout
[ 1043.962963][ T6091] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1043.976037][ T5423] team0: Port device team_slave_0 added
[ 1044.002947][ T6091] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1044.045819][ T5423] team0: Port device team_slave_1 added
[ 1044.461272][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1044.472322][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1044.506422][ T6150] binder: 6148:6150 ioctl c018620c 200000000100 returned -22
[ 1044.514117][ T5423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1044.566224][ T6150] binder: 6148:6150 ioctl 40046205 0 returned -22
[ 1044.571687][ T5423] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1044.584343][ T5423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1044.621571][ T5423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1044.871149][ T6200] binder: 6148:6200 ioctl c0306201 0 returned -14
[ 1044.884918][ T6160] binder: 6148:6160 ioctl c0306201 0 returned -14
[ 1045.037256][ T5423] hsr_slave_0: entered promiscuous mode
[ 1045.050327][ T5423] hsr_slave_1: entered promiscuous mode
[ 1045.062135][ T5423] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1045.071893][ T5423] Cannot create hsr debugfs directory
[ 1045.098293][ T6146] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1045.104401][ T6146] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1046.567813][   T12] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1046.635067][ T5873] chnl_net:caif_netlink_parms(): no params data found
[ 1046.930953][   T12] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1047.200030][ T6452] ptm ptm15: ldisc open failed (-12), clearing slot 15
[ 1047.289001][   T12] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1047.532437][ T6485] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1047.581726][ T6492] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1047.823348][ T6522] [U] 
[ 1047.826244][ T6522] [U] K{�
[ 1047.829303][ T6522] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[ 1047.836302][ T6522] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[ 1047.852063][ T6522] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[ 1047.862644][ T6522] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[ 1047.898398][ T6522] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[ 1047.921978][ T6522] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[ 1047.933102][ T6522] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[ 1047.944769][ T6522] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[ 1047.977920][ T6522] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[ 1047.996670][ T6522] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[ 1048.044181][ T6522] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[ 1048.052779][ T6522] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[ 1048.066410][ T6522] [U] 22��Ʃ���x?0;3u�
[ 1048.070582][ T6522] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[ 1048.095498][ T6522] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[ 1048.104872][ T6522] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[ 1048.113463][ T6522] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[ 1048.119620][ T6522] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[ 1048.131942][ T6522] [U] �ec�
[ 1048.135059][ T6522] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[ 1048.152465][ T6520] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[ 1048.463669][ T6551] kvm: kvm [6549]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4
[ 1048.485697][   T12] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1048.641344][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1048.648882][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1048.656158][ T5873] bridge_slave_0: entered allmulticast mode
[ 1048.669834][ T5873] bridge_slave_0: entered promiscuous mode
[ 1049.050607][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1049.058122][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1049.065324][ T5873] bridge_slave_1: entered allmulticast mode
[ 1049.075407][ T5873] bridge_slave_1: entered promiscuous mode
[ 1049.611432][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1049.695441][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1049.971711][ T5873] team0: Port device team_slave_0 added
[ 1049.978126][ T6661] input: syz0 as /devices/virtual/input/input194
[ 1050.053205][ T5873] team0: Port device team_slave_1 added
[ 1050.223633][   T12] bridge_slave_1: left allmulticast mode
[ 1050.234521][   T12] bridge_slave_1: left promiscuous mode
[ 1050.245319][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1050.327981][   T12] bridge_slave_0: left allmulticast mode
[ 1050.333701][   T12] bridge_slave_0: left promiscuous mode
[ 1050.340069][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1052.268322][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1052.361440][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1052.410339][   T12] bond0 (unregistering): Released all slaves
[ 1052.432146][ T6722] binder: 6719:6722 ioctl c0306201 0 returned -14
[ 1052.440029][ T6722] binder: 6719:6722 ioctl c0306201 2000000000c0 returned -11
[ 1052.686600][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1052.693611][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1052.736514][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1052.762753][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1052.786664][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1052.817828][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1052.957521][ T5423] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1053.073880][ T5423] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1053.218135][ T6765] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1053.417512][ T5423] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1053.570137][ T5423] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1053.621513][ T6800] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1053.690420][ T5873] hsr_slave_0: entered promiscuous mode
[ 1053.718072][ T5873] hsr_slave_1: entered promiscuous mode
[ 1053.724670][ T5873] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1053.735522][ T5873] Cannot create hsr debugfs directory
[ 1054.114479][   T12] hsr_slave_0: left promiscuous mode
[ 1054.159495][   T12] hsr_slave_1: left promiscuous mode
[ 1054.165769][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1054.173756][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1054.201154][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1054.215768][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1054.322923][   T12] veth1_macvtap: left promiscuous mode
[ 1054.332105][   T12] veth0_macvtap: left promiscuous mode
[ 1054.340159][   T12] veth1_vlan: left promiscuous mode
[ 1054.345532][   T12] veth0_vlan: left promiscuous mode
[ 1054.524462][ T6850] binder: BINDER_SET_CONTEXT_MGR already set
[ 1054.528571][ T6851] binder: 6848:6851 ioctl c0306201 200000000480 returned -14
[ 1054.538204][ T6849] binder: 6848:6849 ioctl c0306201 2000000003c0 returned -14
[ 1054.549960][ T6850] binder: 6848:6850 ioctl 4018620d 200000000100 returned -16
[ 1054.558105][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.564517][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1056.887312][   T12] team0 (unregistering): Port device team_slave_1 removed
[ 1057.137716][   T12] team0 (unregistering): Port device team_slave_0 removed
[ 1060.996159][ T5423] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1061.170322][ T5423] 8021q: adding VLAN 0 to HW filter on device team0
[ 1061.202503][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1061.209803][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1061.369838][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1061.377119][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1061.779182][ T5873] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1061.845306][ T5873] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1061.989388][ T5873] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1062.192351][ T5873] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1062.278136][ T5423] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1062.434705][ T5423] veth0_vlan: entered promiscuous mode
[ 1062.470312][ T5423] veth1_vlan: entered promiscuous mode
[ 1062.573940][ T5423] veth0_macvtap: entered promiscuous mode
[ 1062.594888][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1062.614550][ T5423] veth1_macvtap: entered promiscuous mode
[ 1062.660706][ T5873] 8021q: adding VLAN 0 to HW filter on device team0
[ 1062.698727][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1062.705970][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1062.761874][   T70] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1062.769137][   T70] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1062.816019][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1062.874446][ T5423] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1062.961260][ T5423] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1062.987492][ T5423] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.006346][ T5423] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.024707][ T5423] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1063.069520][ T5873] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1063.102419][ T5873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1063.757488][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1063.765378][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1063.795630][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1063.855511][T18988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1063.865990][T18988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1064.265170][ T7139] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1064.284404][ T7141] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1064.701321][ T5873] veth0_vlan: entered promiscuous mode
[ 1064.762025][ T5873] veth1_vlan: entered promiscuous mode
[ 1064.924512][ T5873] veth0_macvtap: entered promiscuous mode
[ 1064.969405][ T5873] veth1_macvtap: entered promiscuous mode
[ 1065.025117][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1065.122883][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1065.165039][ T5873] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1065.187694][ T5873] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1065.206950][ T5873] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1065.215704][ T5873] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1065.559144][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1065.559170][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1065.674748][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1065.674774][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1066.635455][   T70] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1067.216197][ T7276] sp0: Synchronizing with TNC
[ 1067.672999][ T7310] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1068.235740][ T7339] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1068.326929][ T7339] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1068.710701][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1068.792125][ T7369] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1069.047494][   T24] hid-generic 0001:0009:0007.0012: unknown main item tag 0x4
[ 1069.054987][   T24] hid-generic 0001:0009:0007.0012: item fetching failed at offset 8/10
[ 1069.097222][   T24] hid-generic 0001:0009:0007.0012: probe with driver hid-generic failed with error -22
[ 1069.605304][ T7423] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1070.021614][ T7448] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1072.366174][ T7531] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1072.392800][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1072.403633][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1072.412285][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1072.438775][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1072.456548][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1072.503868][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1072.514010][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1072.523407][ T5842] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1072.533759][ T5842] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1072.558400][ T5842] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1073.232209][   T70] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.609662][   T70] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.861603][   T70] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1074.119881][   T70] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1074.169141][ T7593] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1074.192582][ T7593] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1074.412688][ T7534] chnl_net:caif_netlink_parms(): no params data found
[ 1074.720404][ T7754] loop6: detected capacity change from 0 to 524287999
[ 1074.788816][ T7754] loop6: detected capacity change from 524287999 to 524287952
[ 1074.983774][   T70] bridge_slave_1: left allmulticast mode
[ 1074.995429][   T70] bridge_slave_1: left promiscuous mode
[ 1075.016725][   T70] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1075.107687][   T70] bridge_slave_0: left allmulticast mode
[ 1075.110704][ T7782] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1075.113664][   T70] bridge_slave_0: left promiscuous mode
[ 1075.132202][   T70] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1076.863580][ T7829] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1077.447680][   T70] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1077.528442][   T70] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1077.569663][   T70] bond0 (unregistering): Released all slaves
[ 1077.758872][ T7534] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1077.773463][ T7534] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1077.781547][ T7534] bridge_slave_0: entered allmulticast mode
[ 1077.819014][ T7534] bridge_slave_0: entered promiscuous mode
[ 1078.119156][ T7534] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1078.129268][ T7534] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1078.146609][ T7534] bridge_slave_1: entered allmulticast mode
[ 1078.167186][ T7534] bridge_slave_1: entered promiscuous mode
[ 1078.504947][ T7888] dlm: no locking on control device
[ 1078.894381][ T7534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1078.953834][ T7534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1079.218162][   T70] hsr_slave_0: left promiscuous mode
[ 1079.278461][   T70] hsr_slave_1: left promiscuous mode
[ 1079.287807][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1079.308900][   T70] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1079.397530][   T70] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1079.405026][   T70] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1079.543162][   T70] veth1_macvtap: left promiscuous mode
[ 1079.571609][   T70] veth0_macvtap: left promiscuous mode
[ 1079.577477][   T70] veth1_vlan: left promiscuous mode
[ 1079.583439][   T70] veth0_vlan: left promiscuous mode
[ 1080.051664][ T7932] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1080.063262][ T7926] binder: 7922:7926 ioctl c018620c 0 returned -14
[ 1080.625601][ T7950] vivid-001: =================  START STATUS  =================
[ 1080.633570][ T7950] vivid-001: Radio HW Seek Mode: Bounded
[ 1080.642092][ T7950] vivid-001: Radio Programmable HW Seek: false
[ 1080.648700][ T7950] vivid-001: RDS Rx I/O Mode: Block I/O
[ 1080.654306][ T7950] vivid-001: Generate RBDS Instead of RDS: false
[ 1080.666369][ T7950] vivid-001: RDS Reception: true
[ 1080.671389][ T7950] vivid-001: RDS Program Type: 0 inactive
[ 1080.689295][ T7950] vivid-001: RDS PS Name:  inactive
[ 1080.708076][ T7950] vivid-001: RDS Radio Text:  inactive
[ 1080.713738][ T7950] vivid-001: RDS Traffic Announcement: false inactive
[ 1080.735004][ T7950] vivid-001: RDS Traffic Program: false inactive
[ 1080.750861][ T7950] vivid-001: RDS Music: false inactive
[ 1080.766648][ T7950] vivid-001: ==================  END STATUS  ==================
[ 1080.970968][ T7955] CUSE: info not properly terminated
[ 1081.064497][ T7956] CUSE: info not properly terminated
[ 1082.528702][   T70] team0 (unregistering): Port device team_slave_1 removed
[ 1082.743478][   T70] team0 (unregistering): Port device team_slave_0 removed
[ 1086.218334][ T7534] team0: Port device team_slave_0 added
[ 1086.249899][ T7534] team0: Port device team_slave_1 added
[ 1086.539991][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1086.555847][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1086.588438][ T7534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1086.623691][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1086.643655][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1086.713475][ T7534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1087.089372][ T7534] hsr_slave_0: entered promiscuous mode
[ 1087.108407][ T7534] hsr_slave_1: entered promiscuous mode
[ 1087.114889][ T7534] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1087.138553][ T7534] Cannot create hsr debugfs directory
[ 1087.271828][ T8081] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1088.943335][ T5842] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1088.953088][ T5842] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1088.962284][ T5842] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1088.983929][ T5842] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1088.996619][ T5842] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1089.021457][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1089.029032][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1089.037711][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1089.060507][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1089.081135][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1090.260586][   T36] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1090.585016][   T36] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1090.820381][   T36] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1091.108013][   T51] Bluetooth: hci3: command tx timeout
[ 1091.321011][   T36] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1091.443813][ T8349] syz.7.6532: attempt to access beyond end of device
[ 1091.443813][ T8349] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1091.493916][ T7534] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1091.553389][ T7534] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1091.605635][ T7534] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1091.707443][ T7534] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1092.049547][ T8201] chnl_net:caif_netlink_parms(): no params data found
[ 1092.223117][   T36] bridge_slave_1: left allmulticast mode
[ 1092.229018][   T36] bridge_slave_1: left promiscuous mode
[ 1092.234752][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1092.317474][ T8361] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1092.317974][   T36] bridge_slave_0: left allmulticast mode
[ 1092.323433][ T8361] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1092.329475][   T36] bridge_slave_0: left promiscuous mode
[ 1092.343007][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1094.349692][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1094.427294][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1094.468855][   T36] bond0 (unregistering): Released all slaves
[ 1095.192452][ T8201] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1095.200227][ T8201] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1095.210236][ T8201] bridge_slave_0: entered allmulticast mode
[ 1095.219206][ T8201] bridge_slave_0: entered promiscuous mode
[ 1095.282752][ T8201] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1095.294429][ T8201] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1095.314388][ T8201] bridge_slave_1: entered allmulticast mode
[ 1095.345067][ T8201] bridge_slave_1: entered promiscuous mode
[ 1095.893310][ T8201] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1096.196574][   T36] hsr_slave_0: left promiscuous mode
[ 1096.236437][   T36] hsr_slave_1: left promiscuous mode
[ 1096.237345][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1096.237396][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1096.277678][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1096.277712][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1096.353125][   T36] veth1_macvtap: left promiscuous mode
[ 1096.354549][   T36] veth0_macvtap: left promiscuous mode
[ 1096.354779][   T36] veth1_vlan: left promiscuous mode
[ 1096.354920][   T36] veth0_vlan: left promiscuous mode
[ 1099.108479][   T36] team0 (unregistering): Port device team_slave_1 removed
[ 1099.367311][   T36] team0 (unregistering): Port device team_slave_0 removed
[ 1101.873931][ T8201] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1102.244447][ T8201] team0: Port device team_slave_0 added
[ 1102.269151][ T8201] team0: Port device team_slave_1 added
[ 1102.492869][ T7534] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1102.529026][ T8201] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1102.539418][ T8793] autofs4:pid:8793:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[ 1102.546641][ T8201] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1102.594647][ T8797] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1102.626437][ T8201] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1102.670520][ T8201] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1102.704220][ T8201] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1102.752959][ T8201] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1102.835608][ T7534] 8021q: adding VLAN 0 to HW filter on device team0
[ 1103.062442][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1103.069709][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1103.119100][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1103.126390][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1103.332568][ T8201] hsr_slave_0: entered promiscuous mode
[ 1103.343901][ T8201] hsr_slave_1: entered promiscuous mode
[ 1104.337258][ T8201] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1104.403981][ T8201] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1104.469416][ T8201] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1104.556228][ T8201] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1104.703226][ T7534] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1104.933252][ T8201] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1104.990229][ T8201] 8021q: adding VLAN 0 to HW filter on device team0
[ 1105.015607][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1105.022848][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1105.077006][ T7698] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1105.084257][ T7698] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1105.655702][ T7534] veth0_vlan: entered promiscuous mode
[ 1105.704478][ T7534] veth1_vlan: entered promiscuous mode
[ 1105.811420][ T8201] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1105.852976][ T7534] veth0_macvtap: entered promiscuous mode
[ 1105.889563][ T7534] veth1_macvtap: entered promiscuous mode
[ 1105.938013][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1105.967095][ T9036] CUSE: info not properly terminated
[ 1105.970703][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1105.993121][ T9036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1106.058620][ T7534] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.098333][ T7534] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.120853][ T7534] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.136402][ T7534] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1106.609180][ T7698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.660404][ T7698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1106.736030][ T3000] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1106.804370][ T3000] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1106.903646][ T8201] veth0_vlan: entered promiscuous mode
[ 1106.942220][ T8201] veth1_vlan: entered promiscuous mode
[ 1107.156077][ T8201] veth0_macvtap: entered promiscuous mode
[ 1107.192228][ T8201] veth1_macvtap: entered promiscuous mode
[ 1107.698132][ T8201] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1107.732892][ T8201] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1107.763944][ T8201] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.777356][ T8201] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.787753][ T8201] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1107.796680][ T8201] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1108.150617][ T9157] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1108.245002][ T7698] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1108.276314][ T7698] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1108.364306][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1108.396527][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1109.877584][ T9251] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1110.277880][ T9267] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1111.315556][   T30] audit: type=1400 audit(1750388446.522:39): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=9311 comm="syz.8.6610"
[ 1113.341890][ T9524] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1114.954677][ T9650] input: syz1 as /devices/virtual/input/input203
[ 1115.995213][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.001877][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1119.073812][ T9846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1119.284685][ T9862] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1119.784475][   T30] audit: type=1400 audit(1750388454.992:40): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=9889 comm="syz.8.6660"
[ 1120.446172][ T9916] syz.5.6666: attempt to access beyond end of device
[ 1120.446172][ T9916] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1120.681965][T16554] hid-generic 0000:0000:0000.0013: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz1
[ 1120.693404][ T9912] nvme_fabrics: missing parameter 'transport=%s'
[ 1120.755375][ T9912] nvme_fabrics: missing parameter 'nqn=%s'
[ 1120.854769][ T9936] fido_id[9936]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1121.044276][ T5908] hid-generic C98F:0003:0000.0014: item fetching failed at offset 0/2
[ 1121.078125][ T5908] hid-generic C98F:0003:0000.0014: probe with driver hid-generic failed with error -22
[ 1121.462378][ T9965] autofs4:pid:9965:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[ 1121.779724][ T9980] input: syz1 as /devices/virtual/input/input204
[ 1121.815973][ T9980] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1121.924358][ T9992] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1121.965682][ T9997] syz.7.6681: attempt to access beyond end of device
[ 1121.965682][ T9997] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1122.512935][T10026] ALSA: seq fatal error: cannot create timer (-22)
[ 1122.535795][T10026] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1122.695976][T10035] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1126.460918][T10326] syz.7.6723: attempt to access beyond end of device
[ 1126.460918][T10326] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1128.235032][ T3017] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1129.283696][T10415] misc userio: Begin command sent, but we're already running
[ 1129.321314][T10418] misc userio: Begin command sent, but we're already running
[ 1129.347801][T10413] misc userio: Begin command sent, but we're already running
[ 1129.368280][T10415] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1130.226472][   T51] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[ 1131.382073][T10492] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1131.406548][T10492] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[ 1132.442759][T10537] tap0: tun_chr_ioctl cmd 1074025680
[ 1132.992725][T10560] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1133.229706][T10577] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1133.521607][T10594] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1134.006556][T10615] input: syz1 as /devices/virtual/input/input208
[ 1134.155411][T10626] blktrace: Concurrent blktraces are not allowed on sg0
[ 1135.102404][T10670] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1136.288464][T10751] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1137.414849][T10810] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1137.570461][T10821] block device autoloading is deprecated and will be removed.
[ 1137.578507][T10821] syz.5.6796: attempt to access beyond end of device
[ 1137.578507][T10821] md1: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1137.707817][T10837] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1137.749196][T10837] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1139.470475][T10945] binder: 10944:10945 ioctl c018620c 200000001180 returned -22
[ 1140.168068][T10976] can0: slcan on ptm0.
[ 1140.380171][T10972] can0 (unregistered): slcan off ptm0.
[ 1140.833439][T11012] random: crng reseeded on system resumption
[ 1140.986376][T11025] input: syz1 as /devices/virtual/input/input211
[ 1141.620083][T11073] qrtr: Invalid version 43
[ 1141.785377][ T1143] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1141.872346][T11090] dlm: Unknown command passed to DLM device : 0
[ 1141.872346][T11090] 
[ 1142.180700][T11100] program syz.7.6851 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1142.239302][T11102] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1142.461738][T11113] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1143.827144][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1143.827162][ T5842] Bluetooth: hci4: command 0x1003 tx timeout
[ 1143.853964][T11182] loop6: detected capacity change from 524287952 to 524288000
[ 1143.959458][T11190] input: syz1 as /devices/virtual/input/input215
[ 1144.505524][T11217] usb usb9: usbfs: process 11217 (syz.0.6874) did not claim interface 0 before use
[ 1144.517846][T11217] deleting an unspecified loop device is not supported.
[ 1145.569086][   T30] audit: type=1800 audit(1750388480.782:41): pid=11260 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.6886" name="dmabuf" dev="dmabuf" ino=41 res=0 errno=0
[ 1145.815409][T11269] input: syz1 as /devices/virtual/input/input216
[ 1146.503904][T11310] kvm_intel: kvm [11309]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff
[ 1147.107201][T11337] dlm: no locking on control device
[ 1147.158556][T11339] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1147.284703][T11346] sp0: Synchronizing with TNC
[ 1147.353746][T11346] [U] �
[ 1147.936445][T11379] syz.5.6916: attempt to access beyond end of device
[ 1147.936445][T11379] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1148.786731][T11406] input: syz1 as /devices/virtual/input/input217
[ 1149.364233][T11434] program syz.5.6927 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1149.437712][T11437] program syz.5.6927 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1149.457584][T11437] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1149.488667][T11434] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1149.496200][T11434] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1151.070126][T11504] syz.8.6942 (11504) used obsolete PPPIOCDETACH ioctl
[ 1152.643834][T11589] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1153.461075][T11625] usb usb8: usbfs: process 11625 (syz.7.6961) did not claim interface 0 before use
[ 1153.652247][T11631] can0: slcan on ttyS3.
[ 1153.956625][T11629] can0 (unregistered): slcan off ttyS3.
[ 1154.739751][T11666] tap0: tun_chr_ioctl cmd 1074812118
[ 1155.209752][T11685] syz.7.6969: attempt to access beyond end of device
[ 1155.209752][T11685] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1157.532190][T11805] binder: 11803:11805 ioctl c0306201 0 returned -14
[ 1157.539586][T11805] binder: 11803:11805 ioctl c0306201 2000000000c0 returned -11
[ 1158.516767][T11864] vivid-000: =================  START STATUS  =================
[ 1158.524611][T11864] vivid-000: Test Pattern: 100% Colorbar
[ 1158.533784][T11864] vivid-000: Fill Percentage of Frame: 100
[ 1158.554284][T11864] vivid-000: Horizontal Movement: Move Left Slow
[ 1158.590534][T11864] vivid-000: Vertical Movement: No Movement
[ 1158.606436][T11864] vivid-000: OSD Text Mode: Counters Only
[ 1158.612875][T11864] vivid-000: Show Border: true
[ 1158.650128][T11864] vivid-000: Show Square: true
[ 1158.668426][T11864] vivid-000: Sensor Flipped Horizontally: true
[ 1158.680232][T11864] vivid-000: Sensor Flipped Vertically: true
[ 1158.696635][T11864] vivid-000: Insert SAV Code in Image: false
[ 1158.709433][T11871] syz.0.7003: attempt to access beyond end of device
[ 1158.709433][T11871] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1158.722563][T11864] vivid-000: Insert EAV Code in Image: true
[ 1158.722604][T11864] vivid-000: Insert Video Guard Band: false
[ 1158.722630][T11864] vivid-000: Reduced Framerate: true
[ 1158.722654][T11864] vivid-000: HDMI 000-0 Is Connected To: Output HDMI 000-0
[ 1158.722682][T11864] vivid-000: S-Video 000-0 Is Connected To: Output S-Video 004-0
[ 1158.722708][T11864] vivid-000: Enable Capture Cropping: false
[ 1158.722733][T11864] vivid-000: Enable Capture Composing: true
[ 1158.722757][T11864] vivid-000: Enable Capture Scaler: false
[ 1158.722782][T11864] vivid-000: Timestamp Source: End of Frame
[ 1158.722815][T11864] vivid-000: Colorspace: Rec. 709
[ 1158.722840][T11864] vivid-000: Transfer Function: sRGB
[ 1158.722865][T11864] vivid-000: Y'CbCr Encoding: ITU-R 601
[ 1158.722889][T11864] vivid-000: HSV Encoding: Hue 0-179
[ 1158.722912][T11864] vivid-000: Quantization: Limited Range
[ 1158.722936][T11864] vivid-000: Apply Alpha To Red Only: false
[ 1158.722960][T11864] vivid-000: Standard Aspect Ratio: 14x9
[ 1158.722985][T11864] vivid-000: DV Timings Signal Mode: Current DV Timings
[ 1158.723010][T11864] vivid-000: DV Timings: 4096x2160p60 inactive
[ 1158.723041][T11864] vivid-000: DV Timings Aspect Ratio: 14x9
[ 1158.844011][T11864] vivid-000: Maximum EDID Blocks: 256
[ 1158.896309][T11864] vivid-000: Limited RGB Range (16-235): true
[ 1158.912663][T11864] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[ 1158.976322][T11864] vivid-000: Power Present: 0x00000001
[ 1158.981898][T11864] tpg source WxH: 1280x720 (R'G'B)
[ 1159.006192][T11864] tpg field: 1
[ 1159.012170][T11864] tpg crop: (0,0)/1280x720
[ 1159.036407][T11864] tpg compose: (0,0)/1280x720
[ 1159.041214][T11864] tpg colorspace: 8
[ 1159.055385][T11864] tpg transfer function: 0/1
[ 1159.070364][T11864] tpg quantization: 0/1
[ 1159.074624][T11864] tpg RGB range: 2/1
[ 1159.079505][T11864] vivid-000: ==================  END STATUS  ==================
[ 1159.673592][T11907] syz.7.7013: attempt to access beyond end of device
[ 1159.673592][T11907] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1160.096161][T11922] tty tty21: ldisc open failed (-12), clearing slot 20
[ 1160.984569][T11956] syz.8.7023: attempt to access beyond end of device
[ 1160.984569][T11956] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1160.985864][T11956] syz.8.7023: attempt to access beyond end of device
[ 1160.985864][T11956] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1161.114307][T11962] binder: 11957:11962 ioctl c0306201 2000000003c0 returned -14
[ 1163.620578][T12073] [U] 
[ 1163.623435][T12073] [U] K{�
[ 1163.648705][T12073] [U] �T �1��Š�F���Fˊ�`G�Jǘ�G���������O��/�MC�
[ 1163.669397][T12073] [U] T�ؖ/,�~�Ĝ��J���}8���'O1��"�7-΂JQ�K��W��Q�5C%"�H12��Y������X�`���ȼ`+��(�¿!(���Z'�TXLN�I�G�J����ݭ�P�~�7�!���"ب���(�5�OBܤ�̓J�
[ 1163.696156][T12073] [U] �K\&�}6�6�X�HX��Ե���.`�A�$�40|϶��9��ި����U��4��ĮVBZ��}�W�M�T���Q��ΦR�4��
[ 1163.718642][T12073] [U] ".H6��"�KÇ[����J�4��I�N��[Z(��C|T�]Z{��3�C=��X�Ԟ˅�4�W�)\T�XJ��SH{Q;̹���T��+���G��߮D�.˂�>Y����WUH�FN����HL]S�2���\G%�O�&Z)�К'�PUL�_<�	�ذ�Ү��`ұT��ޜ���;_�"(�U{7J��2X �/�'��C���I����H�C�ճ�V�=��AI�%W�ES� R��J�Μ���G��R��͡HI
���A��6-�D��V�� I"��Nƨ ��ASC~4���8C�*�OO5/ߜJ�~���W�VK+����3��Y)��M���V��YQƽ�DTR�
OTPEM%F��EJ�A5��T_-X~�^AAۂҘ�Q��
[ 1163.754388][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1163.850602][T12073] [U] 	+�W�G?]��'A:	��)�
����' B>T���F/��<'�U�'��H�I�.+]E�.�-ɿ߿�%��>2`�^U�8F.�6��3��+�A�«���G3�P��6:�^0��T��V�'E�T����YC�N��Rϩ�N�PJ�;�Z����ۑ8!��\م�A�ʖ2��$е�­WI.��#��/BAI���`��4J��D�Y@�Z��GW�5˿B��ٜ�N�Y"VI2��
[ 1163.927990][T12073] [U] �T�_K5�T�YJ���9��C�$BR�L�NUL��9W���|�G�"ʃ�%�ڶ�C�؝���Q��
 ��3��Q��N^HP*��$	�.�7Yӱ�2�
[ 1163.955785][T12073] [U] �?���H��*����3͝7�ɍ�^#Q�"0~���(�O�XL�B�,'V��=���C�S���G�S��0�ւ��`���ه��=1(�ξ��P#�2DO*Ƀ
[ 1163.985062][T12073] [U] �S��G������GU��D-{���|&�����ѐ2��L�C_��!`��OZ֥�B��%>�RѶ�WχݎSS�H"�YA4�O.�Y��ď�RTԶ�B�[+/<<R�B����|ФE���۠�V96#���ͤʦJ�U�%
S851���ҩS�P��\��?Q�|L��QX�0�K�1ORɴ2��|��D�F���ِ��2ޔ���0��H�}C[/����PX^��O
[ 1164.078261][T12073] [U] �؛���(J�Л��M��XZ�;�����؝_����*3�3��5�\�XM��U��AK!AQ`��;FЕ�I+��VUH���M�J��Ʒ��Z�C��Z���)_ǟ�	ԑ�&�֡��A�XTO���_� ڼ�:���%��P���Cֲ�Y�+_�ܛ��}U�M��ƫC�!KJ�7пG��=B�
[ 1164.097047][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1164.147420][T12073] [U] ٽ�F�%�XA��L�2R*G��VW��$��J	�A��F����+ؾ9̈́VI�֗�Kپ�1}_��
��%�R6��(]��/��ؐřYܺ��Hä���R G��RN/ܫ�#!�D����%���D��-{�$�VU��T���$:MTR�E�C1V�D~��];[�����SQ����(��E,X�8�"�
��G�D�ڵ2@T8���҃����T8.RC+�@�ʦ�P�U�
P����C���'ńYL�-SS1E?�7�O���^]����C�½H]�JKR]RKQ܆��ݣ޴OTC��X���4�N�	��&����ڋ��@�:M7�~�+�W*���XM��>>��{Q���
_�՝LX8�U����{�Z��ؐ)��7?�RR;�C�R�Hײڣ����1�>)�Mă‰�T���(��Aϝ�}9�ڥ�J*Mќ�ġ�'L��Q	�DW��ظ=��|Q�	�Æ�W;5��Ž�!�DB�X`ɧ�/��E�`ƦM��X��"�\
[ 1164.194523][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1164.209934][T12073] [U] {;�ե�٘_�O2��)�O��.2�W2ʲ��Y���X_  HPϱ�S�D����:]�{�����Ƚ
[ 1164.257400][T12073] [U] I,�>�Ӥ	��5�1��^1�N4�OǶ�'0�?֒I�9W.�_.�W�A���V��`)�Z���C6GIӹ�A��XL[����F�*��O�W)+��'\N�
[K@����2�Ǭ���P"^`���	ؿ
[ 1164.346680][T12073] [U] 22��Ʃ�۩X?0;3U�
[ 1164.370379][T12073] [U] ޜ�
ƍ�SOBX�8�W�4��(�~/���K�U��ԖOQ�E+�G�-Y�GY_
�>V�����3.H�ә]̈́�2��)�D�,	��	�D~�D���+�W;A\�F
P��Ș|$��)�
KؐI���ɿK�YT^R���Ǚ���A=�#�ܜ	�Ϳ�AE��T�1��ݯ4K�.E"R�S|П�S���:��>P��R�"Z�ڭ���#P!�KY"�}��F�N84ܳ��Hޱ�O��S��̫%DLW�MƲ�
[ 1164.471422][T12073] [U] [�['XN�'�����,MR��/����1D=!D�X91B�
WǻR�LF���K̤Z��#�`̑L؛�˜��B~�M���
[ 1164.498077][T12073] [U] �L�>�сD+�D�����"5�ʍ�H3<���IR=F^�F�N��������V���D�OIO�:U�>�Y�
[ 1164.586905][T12073] [U] 'B�6V�20�ķǞ��׌�"T8�{9�FW��]���̩�
[ 1164.593838][T12073] [U] �72މ���U�C6����τI]8C��TۨQSK�Y��I��¹ �|V'�TV/��G�$[� 9KH`�"ܑ��}��[^=��0�]��%�̂T�����F�_V�4C���
[ 1164.609795][T12073] [U] �EC�
[ 1164.613741][T12073] [U] ���|���<��:^�3$7NK~�-�@��?��/MTL��۾�I�WȬ@G~T�{��P�+�$�JP|���I�RIӍPM� ��Y� ڔ8�T���V�����,�L�,�
[ 1164.632328][T12073] [U] �K�����)0���~ܳʪ�IP'�F�ҜZ��R���@B�]�5��{��ʼ�'�8�ƥF��UTQUD
ǩ�K;7ͪ0C[��Y���YC���ذM��L�8�T�͚�5���RX����W� X���OQHVI'8����L�
[ 1164.783714][T12119] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1165.333841][T12131] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1165.725062][T12144] ALSA: seq fatal error: cannot create timer (-22)
[ 1167.658961][T12202] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1167.713912][T12202] input: syz0 as /devices/virtual/input/input221
[ 1167.726843][T12213] binder: 12211:12213 ioctl c018620c 200000000500 returned -1
[ 1168.167651][T12229] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1168.236394][T12231] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1168.562231][T12260] syz.0.7086: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1168.602613][T12260] CPU: 1 UID: 0 PID: 12260 Comm: syz.0.7086 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1168.602646][T12260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1168.602659][T12260] Call Trace:
[ 1168.602668][T12260]  <TASK>
[ 1168.602678][T12260]  dump_stack_lvl+0x189/0x250
[ 1168.602710][T12260]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1168.602734][T12260]  ? __pfx__printk+0x10/0x10
[ 1168.602757][T12260]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1168.602784][T12260]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1168.602812][T12260]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1168.602840][T12260]  warn_alloc+0x214/0x310
[ 1168.602874][T12260]  ? __pfx_warn_alloc+0x10/0x10
[ 1168.602911][T12260]  ? __get_vm_area_node+0x28f/0x300
[ 1168.602936][T12260]  ? kvm_set_memslot+0x4e2/0x1310
[ 1168.602961][T12260]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1168.603015][T12260]  ? kvm_set_memslot+0x3e/0x1310
[ 1168.603038][T12260]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1168.603087][T12260]  ? kvm_set_memslot+0x4e2/0x1310
[ 1168.603104][T12260]  __vmalloc_noprof+0xb1/0xf0
[ 1168.603129][T12260]  ? kvm_set_memslot+0x4e2/0x1310
[ 1168.603152][T12260]  kvm_set_memslot+0x4e2/0x1310
[ 1168.603177][T12260]  ? kvm_set_memory_region+0x775/0xc00
[ 1168.603204][T12260]  kvm_set_memory_region+0x9bb/0xc00
[ 1168.603239][T12260]  kvm_vm_ioctl_set_memory_region+0x6f/0xa0
[ 1168.603264][T12260]  kvm_vm_ioctl+0x957/0xc60
[ 1168.603288][T12260]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1168.603314][T12260]  ? do_vfs_ioctl+0x12ba/0x1990
[ 1168.603341][T12260]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1168.603387][T12260]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1168.603417][T12260]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1168.603446][T12260]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[ 1168.603474][T12260]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1168.603503][T12260]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1168.603552][T12260]  ? __lock_acquire+0xab9/0xd20
[ 1168.603596][T12260]  ? __fget_files+0x2a/0x420
[ 1168.603627][T12260]  ? __fget_files+0x2a/0x420
[ 1168.603652][T12260]  ? __fget_files+0x3a0/0x420
[ 1168.603679][T12260]  ? __fget_files+0x2a/0x420
[ 1168.603718][T12260]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1168.603739][T12260]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[ 1168.603760][T12260]  __se_sys_ioctl+0xfc/0x170
[ 1168.603787][T12260]  do_syscall_64+0xfa/0x3b0
[ 1168.603806][T12260]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1168.603833][T12260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1168.603852][T12260]  ? clear_bhb_loop+0x60/0xb0
[ 1168.603877][T12260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1168.603896][T12260] RIP: 0033:0x7f6c7938e929
[ 1168.603915][T12260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1168.603932][T12260] RSP: 002b:00007f6c7a15a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1168.603953][T12260] RAX: ffffffffffffffda RBX: 00007f6c795b6160 RCX: 00007f6c7938e929
[ 1168.603969][T12260] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 0000000000000009
[ 1168.603982][T12260] RBP: 00007f6c79410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1168.603994][T12260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1168.604006][T12260] R13: 0000000000000000 R14: 00007f6c795b6160 R15: 00007ffe76eec578
[ 1168.604039][T12260]  </TASK>
[ 1168.604047][T12260] Mem-Info:
[ 1168.936778][T12260] active_anon:11623 inactive_anon:0 isolated_anon:0
[ 1168.936778][T12260]  active_file:8545 inactive_file:43189 isolated_file:0
[ 1168.936778][T12260]  unevictable:768 dirty:22 writeback:0
[ 1168.936778][T12260]  slab_reclaimable:11554 slab_unreclaimable:99171
[ 1168.936778][T12260]  mapped:26436 shmem:1414 pagetables:1895
[ 1168.936778][T12260]  sec_pagetables:0 bounce:0
[ 1168.936778][T12260]  kernel_misc_reclaimable:0
[ 1168.936778][T12260]  free:1312254 free_pcp:17744 free_cma:0
[ 1168.954203][T12271] sp0: Synchronizing with TNC
[ 1168.982553][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1168.984363][T12260] Node 0 active_anon:46484kB inactive_anon:0kB active_file:34180kB inactive_file:172552kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:105732kB dirty:88kB writeback:0kB shmem:4120kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12916kB pagetables:7364kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1169.069484][T12260] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1169.100976][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.109349][T12283] sp0: Found TNC
[ 1169.114587][T12260] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1169.149691][T12260] lowmem_reserve[]: 0 2497 2498 2498 2498
[ 1169.159937][T12260] Node 0 DMA32 free:1318720kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:47048kB inactive_anon:0kB active_file:34180kB inactive_file:175600kB unevictable:1536kB writepending:88kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:61968kB local_pcp:42856kB free_cma:0kB
[ 1169.192592][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.202841][T12260] lowmem_reserve[]: 0 0 1 1 1
[ 1169.207976][T12260] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1304kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[ 1169.223433][T12266] [U] �`
[ 1169.237159][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.247218][T12260] lowmem_reserve[]: 0 0 0 0 0
[ 1169.252005][T12260] Node 1 Normal free:3910556kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:8452kB local_pcp:8452kB free_cma:0kB
[ 1169.283076][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.290473][T12260] lowmem_reserve[]: 0 0 0 0 0
[ 1169.295303][T12260] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1169.310070][T12260] Node 0 DMA32: 2566*4kB (UM) 2245*8kB (UME) 934*16kB (UME) 229*32kB (UME) 224*64kB (UME) 74*128kB (UME) 43*256kB (UME) 59*512kB (UME) 13*1024kB (U) 13*2048kB (UME) 284*4096kB (UM) = 1318720kB
[ 1169.329261][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1169.336555][T12260] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[ 1169.349400][T12260] Node 1 Normal: 225*4kB (UME) 55*8kB (UME) 48*16kB (UME) 257*32kB (UME) 99*64kB (UME) 23*128kB (UME) 7*256kB (UME) 4*512kB (UME) 2*1024kB (UM) 3*2048kB (UE) 947*4096kB (M) = 3910556kB
[ 1169.389707][T12260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1169.402738][T12260] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[ 1169.414611][T12260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1169.430351][T12260] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1169.443678][T12260] 54233 total pagecache pages
[ 1169.452219][T12260] 0 pages in swap cache
[ 1169.456774][T12260] Free swap  = 124996kB
[ 1169.460976][T12260] Total swap = 124996kB
[ 1169.466072][T12260] 2097051 pages RAM
[ 1169.474158][T12260] 0 pages HighMem/MovableOnly
[ 1169.479846][T12260] 425688 pages reserved
[ 1169.484191][T12260] 0 pages cma reserved
[ 1169.499745][T12298] syz.7.7092 (12298): drop_caches: 0
[ 1169.513487][T12298] QAT: Device 8 not found
[ 1169.787959][T12314] input: syz1 as /devices/virtual/input/input223
[ 1170.187131][T12335] CUSE: info not properly terminated
[ 1171.524120][T12398] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1171.938987][T12431] input: syz0 as /devices/virtual/input/input224
[ 1172.084797][T12436] input: syz0 as /devices/virtual/input/input225
[ 1172.421134][T12466] vim2m vim2m.0: Fourcc format (0x31384142) invalid.
[ 1172.766137][T12479] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1173.260669][T12507] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1173.266619][T12508] can0: slcan on ptm0.
[ 1173.448393][T12504] can0 (unregistered): slcan off ptm0.
[ 1173.626612][T12535] input: syz0 as /devices/virtual/input/input227
[ 1173.811779][T12543] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1175.150249][T12603] input: syz1 as /devices/virtual/input/input228
[ 1177.309049][T12683] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1177.441290][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.447873][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1177.717357][T12713] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1177.863227][T12722] mkiss: ax0: crc mode is auto.
[ 1178.085342][T12741] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1178.649516][T12829] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1179.255848][T12910] hub 1-0:1.0: USB hub found
[ 1179.257130][T12915] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1179.270060][T12919] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1179.288473][T12910] hub 1-0:1.0: 1 port detected
[ 1180.329443][   T30] audit: type=1400 audit(1750388515.542:42): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041
[ 1181.611291][T13009] random: crng reseeded on system resumption
[ 1181.637891][T13009] Restarting kernel threads ...
[ 1181.726146][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1181.760657][T13009] Done restarting kernel threads.
[ 1181.866200][ T5842] Bluetooth: hci4: Received unexpected HCI Event 0x00
[ 1181.889252][ T3000] Bluetooth: hci4: Frame reassembly failed (-84)
[ 1182.349482][T13029] usb usb9: usbfs: process 13029 (syz.7.7197) did not claim interface 0 before use
[ 1182.399636][T13030] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1182.735529][T13041] input input231: cannot allocate more than FF_MAX_EFFECTS effects
[ 1183.906618][ T5842] Bluetooth: hci4: command 0x1003 tx timeout
[ 1183.914227][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 1184.060519][T13100] [U] 
[ 1184.063350][T13100] [U] K{�
[ 1184.066385][T13100] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[ 1184.073327][T13100] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[ 1184.088884][T13100] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[ 1184.099312][T13100] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[ 1184.135017][T13100] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[ 1184.158571][T13100] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[ 1184.169700][T13100] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[ 1184.181259][T13100] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[ 1184.204518][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1184.243782][T13100] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`�
[ 1185.940621][T13210] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1186.148200][T13226] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1186.178187][T13225] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1186.224397][T13236] Failed to get privilege flags for destination (handle=0x2:0x10)
[ 1186.494621][T13255] input: syz1 as /devices/virtual/input/input232
[ 1187.222370][T13285] syz.5.7246: attempt to access beyond end of device
[ 1187.222370][T13285] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1188.674047][T13337] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1188.702308][T13338] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1188.714149][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1189.179567][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1189.333337][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1189.344025][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1189.352868][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1189.363730][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1189.369126][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1189.460890][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1189.466624][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1189.469140][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1189.502276][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1189.517676][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1189.528272][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1189.842295][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1190.270856][T13359] ALSA: mixer_oss: invalid OSS volume ''
[ 1190.515617][   T12] bridge_slave_1: left allmulticast mode
[ 1190.515643][   T12] bridge_slave_1: left promiscuous mode
[ 1190.517135][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1190.608597][   T12] bridge_slave_0: left allmulticast mode
[ 1190.608626][   T12] bridge_slave_0: left promiscuous mode
[ 1190.608884][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1190.624414][T13523] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1190.990470][T13538] vivid-000: disconnect
[ 1191.017057][T13420] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1191.023037][T13420] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1191.433150][T13529] vivid-000: reconnect
[ 1192.597849][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1192.687455][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1192.748628][   T12] bond0 (unregistering): Released all slaves
[ 1193.001207][T13361] chnl_net:caif_netlink_parms(): no params data found
[ 1193.201097][T13592] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1194.181026][T13361] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1194.201923][T13361] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1194.226656][T13361] bridge_slave_0: entered allmulticast mode
[ 1194.244947][T13361] bridge_slave_0: entered promiscuous mode
[ 1194.448139][T13361] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1194.456609][T13361] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1194.463993][T13361] bridge_slave_1: entered allmulticast mode
[ 1194.473039][T13361] bridge_slave_1: entered promiscuous mode
[ 1194.910139][T13361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1194.922966][T13361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1195.156024][T13361] team0: Port device team_slave_0 added
[ 1195.175254][T13361] team0: Port device team_slave_1 added
[ 1195.578708][T13361] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1195.585711][T13361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1195.611762][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.618493][T13361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1195.631513][T13361] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1195.638587][T13361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1195.664484][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1195.672828][T13361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1195.912930][T13361] hsr_slave_0: entered promiscuous mode
[ 1195.921732][T13361] hsr_slave_1: entered promiscuous mode
[ 1195.931985][T13361] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1195.941898][T13361] Cannot create hsr debugfs directory
[ 1197.799078][T13361] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1197.844074][T13361] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1197.894262][T13361] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1197.941491][T13361] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1198.125887][T13361] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1198.164838][T13361] 8021q: adding VLAN 0 to HW filter on device team0
[ 1198.187865][   T70] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1198.195079][   T70] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1198.222079][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1198.229335][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1198.580156][T13361] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1198.651915][T13361] veth0_vlan: entered promiscuous mode
[ 1198.677507][T13361] veth1_vlan: entered promiscuous mode
[ 1198.745920][T13361] veth0_macvtap: entered promiscuous mode
[ 1198.765545][T13361] veth1_macvtap: entered promiscuous mode
[ 1198.802040][T13361] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1198.833721][T13361] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1198.860327][T13361] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1198.881883][T13361] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1198.895050][T13361] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1198.908068][T13361] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1238.873247][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.879831][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1300.314831][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.321422][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1352.786377][   T31] INFO: task kworker/u8:0:12 blocked for more than 143 seconds.
[ 1352.794095][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1352.801929][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1352.810830][   T31] task:kworker/u8:0    state:D stack:22888 pid:12    tgid:12    ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1352.823034][   T31] Workqueue: netns cleanup_net
[ 1352.828001][   T31] Call Trace:
[ 1352.831334][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1352.834293][   T31]  __schedule+0x16f5/0x4d00
[ 1352.839145][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1352.844062][   T31]  ? schedule+0x165/0x360
[ 1352.848963][   T31]  ? __pfx___schedule+0x10/0x10
[ 1352.854006][   T31]  ? schedule+0x91/0x360
[ 1352.858632][   T31]  schedule+0x165/0x360
[ 1352.862845][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1352.871446][   T31]  __mutex_lock+0x724/0xe80
[ 1352.876023][   T31]  ? kobject_put+0x43f/0x480
[ 1352.881823][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1352.891201][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1352.916348][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1352.921458][   T31]  ? __pfx_device_del+0x10/0x10
[ 1352.959305][   T31]  rfkill_unregister+0xc8/0x220
[ 1352.964355][   T31]  wiphy_unregister+0x238/0xae0
[ 1352.969362][   T31]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[ 1352.975291][   T31]  ? __pfx_wiphy_unregister+0x10/0x10
[ 1352.981116][   T31]  ? kasan_quarantine_put+0xdd/0x220
[ 1352.987881][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1352.993125][   T31]  ? kfree+0x18e/0x440
[ 1352.997324][   T31]  ieee80211_unregister_hw+0x1e2/0x2c0
[ 1353.002821][   T31]  mac80211_hwsim_del_radio+0x275/0x460
[ 1353.008477][   T31]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1353.014594][   T31]  hwsim_exit_net+0x584/0x640
[ 1353.019388][   T31]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1353.024642][   T31]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[ 1353.030640][   T31]  ops_undo_list+0x49a/0x990
[ 1353.035306][   T31]  ? __pfx_ops_undo_list+0x10/0x10
[ 1353.040540][   T31]  cleanup_net+0x4c5/0x800
[ 1353.045000][   T31]  ? __pfx_cleanup_net+0x10/0x10
[ 1353.050101][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1353.055364][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1353.061174][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1353.067015][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1353.072610][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1353.078695][   T31]  worker_thread+0x8a0/0xda0
[ 1353.083325][   T31]  kthread+0x70e/0x8a0
[ 1353.087757][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1353.092875][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.097588][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1353.102823][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1353.108120][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.112749][   T31]  ret_from_fork+0x3f9/0x770
[ 1353.117444][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1353.122584][   T31]  ? __switch_to_asm+0x39/0x70
[ 1353.127604][   T31]  ? __switch_to_asm+0x33/0x70
[ 1353.132398][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.137109][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1353.141965][   T31]  </TASK>
[ 1353.145126][   T31] INFO: task kworker/0:6:5915 blocked for more than 143 seconds.
[ 1353.152986][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1353.160691][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1353.169453][   T31] task:kworker/0:6     state:D stack:23880 pid:5915  tgid:5915  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1353.181536][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1353.188566][   T31] Call Trace:
[ 1353.192009][   T31]  <TASK>
[ 1353.194968][   T31]  __schedule+0x16f5/0x4d00
[ 1353.199891][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1353.205295][   T31]  ? schedule+0x165/0x360
[ 1353.209769][   T31]  ? __pfx___schedule+0x10/0x10
[ 1353.214657][   T31]  ? schedule+0x91/0x360
[ 1353.219020][   T31]  schedule+0x165/0x360
[ 1353.223213][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1353.228772][   T31]  __mutex_lock+0x724/0xe80
[ 1353.233301][   T31]  ? look_up_lock_class+0x74/0x170
[ 1353.238654][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1353.243385][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1353.249837][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1353.254894][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1353.260736][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1353.266582][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1353.272678][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1353.278570][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1353.284216][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1353.290511][   T31]  worker_thread+0x8a0/0xda0
[ 1353.295151][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1353.301585][   T31]  ? __kthread_parkme+0x7b/0x200
[ 1353.306991][   T31]  kthread+0x70e/0x8a0
[ 1353.311098][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1353.316292][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.320926][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1353.326226][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1353.331461][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.336065][   T31]  ret_from_fork+0x3f9/0x770
[ 1353.340922][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1353.346075][   T31]  ? __switch_to_asm+0x39/0x70
[ 1353.350940][   T31]  ? __switch_to_asm+0x33/0x70
[ 1353.355736][   T31]  ? __pfx_kthread+0x10/0x10
[ 1353.360446][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1353.365255][   T31]  </TASK>
[ 1353.368522][   T31] INFO: task syz-executor:13361 blocked for more than 143 seconds.
[ 1353.376494][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1353.384158][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1353.393018][   T31] task:syz-executor    state:D stack:21960 pid:13361 tgid:13361 ppid:1      task_flags:0x400140 flags:0x00004004
[ 1353.405019][   T31] Call Trace:
[ 1353.408382][   T31]  <TASK>
[ 1353.411355][   T31]  __schedule+0x16f5/0x4d00
[ 1353.415911][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1353.421702][   T31]  ? security_file_open+0xb1/0x270
[ 1353.427142][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1353.432111][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1353.437460][   T31]  ? schedule+0x165/0x360
[ 1353.441834][   T31]  ? __pfx___schedule+0x10/0x10
[ 1353.447159][   T31]  ? schedule+0x91/0x360
[ 1353.451459][   T31]  schedule+0x165/0x360
[ 1353.455635][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1353.461180][   T31]  __mutex_lock+0x724/0xe80
[ 1353.465718][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1353.470482][   T31]  ? misc_open+0x51/0x330
[ 1353.474847][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1353.480004][   T31]  misc_open+0x51/0x330
[ 1353.484196][   T31]  chrdev_open+0x4cc/0x5e0
[ 1353.488710][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1353.493770][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1353.498816][   T31]  do_dentry_open+0xdf3/0x1970
[ 1353.503852][   T31]  vfs_open+0x3b/0x340
[ 1353.508116][   T31]  ? path_openat+0x2ecd/0x3830
[ 1353.512926][   T31]  path_openat+0x2ee5/0x3830
[ 1353.517618][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1353.522517][   T31]  ? do_syscall_64+0xfa/0x3b0
[ 1353.527665][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1353.532723][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.538935][   T31]  do_filp_open+0x1fa/0x410
[ 1353.543475][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1353.548589][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1353.553692][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1353.558703][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1353.563081][   T31]  do_sys_openat2+0x121/0x1c0
[ 1353.567843][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1353.573066][   T31]  ? fput_close_sync+0x119/0x200
[ 1353.578103][   T31]  ? __pfx_fput_close_sync+0x10/0x10
[ 1353.583515][   T31]  __x64_sys_openat+0x138/0x170
[ 1353.588808][   T31]  do_syscall_64+0xfa/0x3b0
[ 1353.593348][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1353.598673][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.604770][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1353.609535][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.615451][   T31] RIP: 0033:0x7f036df8d290
[ 1353.619931][   T31] RSP: 002b:00007ffdfbd96520 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1353.628459][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f036df8d290
[ 1353.636879][   T31] RDX: 0000000000000002 RSI: 00007f036e0115b1 RDI: 00000000ffffff9c
[ 1353.644878][   T31] RBP: 00007f036e0115b1 R08: 0000000000000000 R09: 0000000000000000
[ 1353.652936][   T31] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000008
[ 1353.660959][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1353.669156][   T31]  </TASK>
[ 1353.672238][   T31] INFO: task syz.7.7273:13666 blocked for more than 144 seconds.
[ 1353.680061][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1353.692049][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1353.700847][   T31] task:syz.7.7273      state:D stack:26952 pid:13666 tgid:13666 ppid:5873   task_flags:0x400040 flags:0x00004004
[ 1353.712874][   T31] Call Trace:
[ 1353.716240][   T31]  <TASK>
[ 1353.719211][   T31]  __schedule+0x16f5/0x4d00
[ 1353.723764][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1353.728716][   T31]  ? schedule+0x165/0x360
[ 1353.733078][   T31]  ? __pfx___schedule+0x10/0x10
[ 1353.738037][   T31]  ? schedule+0x91/0x360
[ 1353.742313][   T31]  schedule+0x165/0x360
[ 1353.746897][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1353.752398][   T31]  __mutex_lock+0x724/0xe80
[ 1353.757132][   T31]  ? kobject_put+0x43f/0x480
[ 1353.761754][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1353.766535][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1353.771582][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1353.776701][   T31]  ? __pfx_device_del+0x10/0x10
[ 1353.781587][   T31]  rfkill_unregister+0xc8/0x220
[ 1353.786528][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1353.791758][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1353.797587][   T31]  virtual_ncidev_close+0x56/0x90
[ 1353.802659][   T31]  __fput+0x44c/0xa70
[ 1353.806804][   T31]  task_work_run+0x1d1/0x260
[ 1353.811444][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1353.816653][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1353.822164][   T31]  exit_to_user_mode_loop+0xec/0x110
[ 1353.827657][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1353.832287][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1353.837836][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.843938][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1353.848668][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1353.854729][   T31] RIP: 0033:0x7f496138e929
[ 1353.859263][   T31] RSP: 002b:00007ffefcf0f6e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 1353.867726][   T31] RAX: 0000000000000000 RBX: 000000000012390e RCX: 00007f496138e929
[ 1353.875695][   T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[ 1353.883772][   T31] RBP: 00007f49615b7ba0 R08: 0000000000000001 R09: 00000014fcf0f9df
[ 1353.891855][   T31] R10: 00007f4961200000 R11: 0000000000000246 R12: 00007f49615b5fac
[ 1353.900009][   T31] R13: 00007f49615b5fa0 R14: ffffffffffffffff R15: 00007ffefcf0f800
[ 1353.909378][   T31]  </TASK>
[ 1353.912473][   T31] INFO: task syz.5.7274:13671 blocked for more than 144 seconds.
[ 1353.920789][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1353.928506][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1353.937477][   T31] task:syz.5.7274      state:D stack:26168 pid:13671 tgid:13667 ppid:7534   task_flags:0x400040 flags:0x00004006
[ 1353.951787][   T31] Call Trace:
[ 1353.955134][   T31]  <TASK>
[ 1353.958209][   T31]  __schedule+0x16f5/0x4d00
[ 1353.962775][   T31]  ? __pfx_preempt_schedule_notrace+0x10/0x10
[ 1353.969342][   T31]  ? schedule+0x165/0x360
[ 1353.973751][   T31]  ? __pfx___schedule+0x10/0x10
[ 1353.978805][   T31]  ? schedule+0x91/0x360
[ 1353.983103][   T31]  schedule+0x165/0x360
[ 1353.987740][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1353.993338][   T31]  __mutex_lock+0x724/0xe80
[ 1353.998547][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1354.003463][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1354.008238][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1354.013558][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1354.018726][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.023989][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1354.029998][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1354.036516][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1354.042274][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1354.047920][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1354.053756][   T31]  rfkill_set_block+0x1cf/0x440
[ 1354.058751][   T31]  rfkill_fop_write+0x44b/0x570
[ 1354.063629][   T31]  ? common_file_perm+0x199/0x200
[ 1354.068932][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[ 1354.074362][   T31]  ? security_kernfs_init_security+0x250/0x290
[ 1354.080973][   T31]  ? rw_verify_area+0x258/0x650
[ 1354.085878][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[ 1354.091412][   T31]  vfs_write+0x27b/0xa90
[ 1354.095689][   T31]  ? __pfx_vfs_write+0x10/0x10
[ 1354.100638][   T31]  ? __fget_files+0x2a/0x420
[ 1354.105265][   T31]  ? __fget_files+0x2a/0x420
[ 1354.109917][   T31]  ? __fget_files+0x3a0/0x420
[ 1354.114631][   T31]  ? __fget_files+0x2a/0x420
[ 1354.119349][   T31]  ksys_write+0x145/0x250
[ 1354.123745][   T31]  ? __pfx_ksys_write+0x10/0x10
[ 1354.128668][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1354.133898][   T31]  ? do_syscall_64+0xbe/0x3b0
[ 1354.138747][   T31]  do_syscall_64+0xfa/0x3b0
[ 1354.143277][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.148876][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.155020][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1354.159943][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.165872][   T31] RIP: 0033:0x7f272438e929
[ 1354.170347][   T31] RSP: 002b:00007f2725177038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1354.178885][   T31] RAX: ffffffffffffffda RBX: 00007f27245b6080 RCX: 00007f272438e929
[ 1354.186928][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 000000000000000b
[ 1354.194937][   T31] RBP: 00007f2724410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1354.203035][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1354.211176][   T31] R13: 0000000000000000 R14: 00007f27245b6080 R15: 00007ffe87048ad8
[ 1354.219287][   T31]  </TASK>
[ 1354.222417][   T31] INFO: task syz.8.7275:13742 blocked for more than 144 seconds.
[ 1354.230684][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[ 1354.238427][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1354.248011][   T31] task:syz.8.7275      state:D stack:26472 pid:13742 tgid:13730 ppid:8201   task_flags:0x400040 flags:0x00004004
[ 1354.260321][   T31] Call Trace:
[ 1354.263681][   T31]  <TASK>
[ 1354.266998][   T31]  __schedule+0x16f5/0x4d00
[ 1354.271567][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1354.276516][   T31]  ? schedule+0x165/0x360
[ 1354.280902][   T31]  ? __pfx___schedule+0x10/0x10
[ 1354.286060][   T31]  ? schedule+0x91/0x360
[ 1354.290377][   T31]  schedule+0x165/0x360
[ 1354.294574][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1354.300174][   T31]  __mutex_lock+0x724/0xe80
[ 1354.304705][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1354.309531][   T31]  ? rfkill_fop_open+0x12d/0x820
[ 1354.314499][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1354.319617][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1354.324938][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1354.330372][   T31]  rfkill_fop_open+0x12d/0x820
[ 1354.335179][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[ 1354.340552][   T31]  misc_open+0x2bc/0x330
[ 1354.344882][   T31]  chrdev_open+0x4cc/0x5e0
[ 1354.349480][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1354.354469][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1354.359478][   T31]  do_dentry_open+0xdf3/0x1970
[ 1354.364281][   T31]  vfs_open+0x3b/0x340
[ 1354.368416][   T31]  ? path_openat+0x2ecd/0x3830
[ 1354.373214][   T31]  path_openat+0x2ee5/0x3830
[ 1354.377887][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1354.382787][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1354.388244][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.394360][   T31]  do_filp_open+0x1fa/0x410
[ 1354.398940][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1354.403816][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1354.408916][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1354.413800][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1354.418208][   T31]  do_sys_openat2+0x121/0x1c0
[ 1354.422922][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1354.427828][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1354.433055][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[ 1354.438332][   T31]  __x64_sys_openat+0x138/0x170
[ 1354.443213][   T31]  do_syscall_64+0xfa/0x3b0
[ 1354.447786][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.453056][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.459252][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1354.463994][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1354.471223][   T31] RIP: 0033:0x7f148c98e929
[ 1354.475688][   T31] RSP: 002b:00007f148d7b1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1354.484174][   T31] RAX: ffffffffffffffda RBX: 00007f148cbb6080 RCX: 00007f148c98e929
[ 1354.492234][   T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1354.500265][   T31] RBP: 00007f148ca10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1354.508301][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1354.516347][   T31] R13: 0000000000000000 R14: 00007f148cbb6080 R15: 00007ffce7cd7768
[ 1354.524355][   T31]  </TASK>
[ 1354.527455][   T31] 
[ 1354.527455][   T31] Showing all locks held in the system:
[ 1354.535305][   T31] 4 locks held by kworker/u8:0/12:
[ 1354.540480][   T31]  #0: ffff88801b6fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1354.551469][   T31]  #1: ffffc90000117bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1354.562101][   T31]  #2: ffffffff8f7159d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800
[ 1354.571493][   T31]  #3: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1354.581642][   T31] 1 lock held by khungtaskd/31:
[ 1354.586630][   T31]  #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1354.596580][   T31] 2 locks held by kworker/u8:4/70:
[ 1354.601793][   T31] 2 locks held by getty/5602:
[ 1354.606722][   T31]  #0: ffff8880306bd0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1354.616597][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1354.626972][   T31] 3 locks held by kworker/0:6/5915:
[ 1354.632266][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1354.643452][   T31]  #1: ffffc90004edfbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1354.657232][   T31]  #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1354.668933][   T31] 1 lock held by syz-executor/13361:
[ 1354.674253][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.682935][   T31] 2 locks held by syz.7.7273/13666:
[ 1354.688291][   T31]  #0: ffff888030c05100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1354.698237][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1354.708772][   T31] 2 locks held by syz.5.7274/13671:
[ 1354.714077][   T31]  #0: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[ 1354.724358][   T31]  #1: ffff888030c05100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1354.734129][   T31] 2 locks held by syz.8.7275/13742:
[ 1354.739857][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.748409][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1354.758805][   T31] 1 lock held by syz-executor/13987:
[ 1354.764115][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.772681][   T31] 1 lock held by syz-executor/13988:
[ 1354.778846][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.787966][   T31] 1 lock held by syz-executor/13989:
[ 1354.793292][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.801927][   T31] 1 lock held by syz-executor/14003:
[ 1354.807327][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.815835][   T31] 1 lock held by syz-executor/14019:
[ 1354.821160][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.829807][   T31] 1 lock held by syz-executor/14020:
[ 1354.835108][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.843622][   T31] 1 lock held by syz-executor/14021:
[ 1354.848964][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.857613][   T31] 1 lock held by syz-executor/14035:
[ 1354.862909][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.871542][   T31] 1 lock held by syz-executor/14051:
[ 1354.876906][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.885427][   T31] 1 lock held by syz-executor/14052:
[ 1354.890787][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.899324][   T31] 1 lock held by syz-executor/14053:
[ 1354.904633][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1354.913189][   T31] 
[ 1354.915531][   T31] =============================================
[ 1354.915531][   T31] 
[ 1354.924014][   T31] NMI backtrace for cpu 0
[ 1354.924030][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1354.924050][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1354.924062][   T31] Call Trace:
[ 1354.924070][   T31]  <TASK>
[ 1354.924079][   T31]  dump_stack_lvl+0x189/0x250
[ 1354.924103][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1354.924130][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1354.924153][   T31]  ? __pfx__printk+0x10/0x10
[ 1354.924184][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1354.924214][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1354.924236][   T31]  ? _printk+0xcf/0x120
[ 1354.924261][   T31]  ? __pfx__printk+0x10/0x10
[ 1354.924286][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1354.924315][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1354.924343][   T31]  watchdog+0xfee/0x1030
[ 1354.924365][   T31]  ? watchdog+0x1de/0x1030
[ 1354.924393][   T31]  kthread+0x70e/0x8a0
[ 1354.924423][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1354.924441][   T31]  ? __pfx_kthread+0x10/0x10
[ 1354.924469][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1354.924496][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1354.924521][   T31]  ? __pfx_kthread+0x10/0x10
[ 1354.924548][   T31]  ret_from_fork+0x3f9/0x770
[ 1354.924571][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1354.924596][   T31]  ? __switch_to_asm+0x39/0x70
[ 1354.924618][   T31]  ? __switch_to_asm+0x33/0x70
[ 1354.924638][   T31]  ? __pfx_kthread+0x10/0x10
[ 1354.924665][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1354.924705][   T31]  </TASK>
[ 1354.924713][   T31] Sending NMI from CPU 0 to CPUs 1:
[ 1355.082035][    C1] NMI backtrace for cpu 1
[ 1355.082054][    C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1355.082074][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1355.082083][    C1] RIP: 0010:pv_native_safe_halt+0x13/0x20
[ 1355.082111][    C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 09 1b 00 f3 0f 1e fa fb f4 <c3> cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90
[ 1355.082125][    C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6
[ 1355.082140][    C1] RAX: 23e07b7ef3511500 RBX: ffffffff81979d58 RCX: 23e07b7ef3511500
[ 1355.082152][    C1] RDX: 0000000000000001 RSI: ffffffff8da4c121 RDI: ffffffff8be41880
[ 1355.082163][    C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb
[ 1355.082175][    C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fc232f0
[ 1355.082186][    C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003adeb40
[ 1355.082197][    C1] FS:  0000000000000000(0000) GS:ffff888125b1c000(0000) knlGS:0000000000000000
[ 1355.082209][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1355.082221][    C1] CR2: 000055fe84980000 CR3: 000000000e138000 CR4: 00000000003526f0
[ 1355.082237][    C1] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000
[ 1355.082248][    C1] DR3: 0000000000000005 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1355.082258][    C1] Call Trace:
[ 1355.082265][    C1]  <TASK>
[ 1355.082271][    C1]  default_idle+0x13/0x20
[ 1355.082288][    C1]  default_idle_call+0x74/0xb0
[ 1355.082305][    C1]  do_idle+0x1e8/0x510
[ 1355.082325][    C1]  ? __pfx_do_idle+0x10/0x10
[ 1355.082349][    C1]  cpu_startup_entry+0x44/0x60
[ 1355.082365][    C1]  start_secondary+0x101/0x110
[ 1355.082387][    C1]  common_startup_64+0x13e/0x147
[ 1355.082413][    C1]  </TASK>
[ 1355.083079][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1355.267760][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1355.279742][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1355.289883][   T31] Call Trace:
[ 1355.293157][   T31]  <TASK>
[ 1355.296085][   T31]  dump_stack_lvl+0x99/0x250
[ 1355.300673][   T31]  ? __asan_memcpy+0x40/0x70
[ 1355.305258][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1355.310453][   T31]  ? __pfx__printk+0x10/0x10
[ 1355.315044][   T31]  panic+0x2db/0x790
[ 1355.318938][   T31]  ? __pfx_panic+0x10/0x10
[ 1355.323349][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1355.329153][   T31]  ? preempt_schedule_thunk+0x16/0x30
[ 1355.334525][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[ 1355.340681][   T31]  watchdog+0x102d/0x1030
[ 1355.345032][   T31]  ? watchdog+0x1de/0x1030
[ 1355.349446][   T31]  kthread+0x70e/0x8a0
[ 1355.353514][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1355.358186][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.362776][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1355.367972][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1355.373166][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.377757][   T31]  ret_from_fork+0x3f9/0x770
[ 1355.382348][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1355.387479][   T31]  ? __switch_to_asm+0x39/0x70
[ 1355.392238][   T31]  ? __switch_to_asm+0x33/0x70
[ 1355.397015][   T31]  ? __pfx_kthread+0x10/0x10
[ 1355.401604][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1355.406371][   T31]  </TASK>
[ 1355.409706][   T31] Kernel Offset: disabled
[ 1355.414035][   T31] Rebooting in 86400 seconds..