last executing test programs:

11m51.815381967s ago: executing program 0 (id=200):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vcsu(&(0x7f0000000000), 0x46f, 0x9e000)
ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000080))
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x810, r0, 0x7dfff000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
syz_open_dev$vcsu(&(0x7f0000000000), 0x46f, 0x9e000) (async)
ioctl$EXT4_IOC_CHECKPOINT(r1, 0x4004662b, &(0x7f0000000080)) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x810, r0, 0x7dfff000) (async)

11m51.680123532s ago: executing program 0 (id=201):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28201, 0x0)
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0xa002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180))
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r2, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(r2, 0x5008, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000500)={0x0, @raw_data="e70cf90b1b57ebca334f70c6889f9de212e62abc92b6b9bcdc59e8b9139bacabe42b782068d23f127e013fed675af09904c20861c83f5a2d0892832cea94ad52fdfa0739a10074c8adbd498bfaab4db07dfe97a1274913f4e481a4a67fafd861e882f11275e7a5e079831015799deb7cd47fac05360f66e4ce535496d74c8312ba7e4ceb440b6ca5eb5bf2a29aa09bbd019fcf92b117b672d278986c46a782653e74046e0ceaf70330bac24e099a515fc18cec2508b41194acacf88817ec3c4d20c8b26361140d3b"})
ioctl$SNDCTL_DSP_GETOSPACE(r2, 0x8010500c, &(0x7f00000000c0))
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000300)=ANY=[@ANYBLOB="030000000000138fc952cf230b34f4b6c1b5a569af4248491aafd530275f75eed839590100"/48])
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000400)={0xf0f015, 0x105})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r9 = openat$kvm(0x0, &(0x7f0000000440), 0x1, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000002000000000000140b4d4f000000007e000000"])
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xfffffffffffffe30, &(0x7f0000000040)="c4", 0x10001})
ioctl$F2FS_IOC_WRITE_CHECKPOINT(0xffffffffffffffff, 0xf507, 0x0)
r10 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x8, 0x9})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f0000000180)={0x1, 0x2, 0x9})
r11 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x80)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r11, 0xc02064b2, &(0x7f0000000080)={0x80000002, 0x5, 0xb, 0x0, <r12=>0x0})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r10, 0xc00464b4, &(0x7f0000000000)={r12})
r13 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x40280, 0x0)
ioctl$KVM_CREATE_VM(r13, 0xae01, 0x0)

11m50.524046685s ago: executing program 0 (id=212):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)=ANY=[@ANYBLOB="0100b240000000004d070000000000000000"]) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000001c0)={0x52, 0x1, 0x0, "600000eef2000020000000ddee4f9100000000000000000000ff0057e31e9400"}) (async)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r5, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

11m50.047731571s ago: executing program 0 (id=215):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) (async)
r1 = syz_open_dev$media(&(0x7f0000000940), 0x0, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r1, 0x541b, 0x0)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r0, 0xc0884113, &(0x7f0000000240)={0x1, 0x10, 0x5, 0x197, 0x9, 0x2, 0x80005, 0x81, 0x1, 0x5, 0x3, 0x2})
close(r0) (async)
openat$vmci(0xffffffffffffff9c, &(0x7f0000002880), 0x2, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x4) (async)
r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x109842, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f00000001c0)=0x2000) (async)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'veth1_to_bridge\x00', 0x10})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6}]}) (async)
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0xc0109207, &(0x7f0000000080)={0x0, 0x0, 0xf6}) (async)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000000)={'vlan0\x00', 0x400}) (async)
ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000040)={'wlan0\x00', 0xa00}) (async)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf) (async)
ioctl$TCFLSH(r4, 0x400455c8, 0x2) (async)
read(r0, 0x0, 0x0) (async)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000300), 0xa4441, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000640)={0x400, 0x20, 0x780, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0x0, 0x200}, {}, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x2}) (async)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r6, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
ioctl$BLKTRACETEARDOWN(r6, 0x1276, 0x0) (async)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r0, 0x4068aea3, &(0x7f0000000080)={0xdf, 0x0, 0x4000}) (async)
ioctl$TCSETA(r7, 0x5406, &(0x7f0000000200)={0xff02, 0x2, 0xffff, 0xb, 0xd, "5f730000a9003f00"})
ioctl$TIOCL_GETMOUSEREPORTING(r7, 0x5412, &(0x7f00000006c0)=0x5f) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)

11m49.938857202s ago: executing program 0 (id=216):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x1, 0x0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20) (async)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r1, 0x6f000)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0xffff0018) (async)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
read(r2, &(0x7f00000001c0)=""/157, 0x9d)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_VDPA_SET_CONFIG_CALL(r3, 0x4004af77, &(0x7f00000000c0)=0x5)

11m49.711285623s ago: executing program 0 (id=218):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x40002, 0x0) (async)
preadv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000b80)=""/164, 0xa4}], 0x1, 0x5ce, 0x7)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

11m34.568450894s ago: executing program 32 (id=218):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) (async)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
preadv(r1, &(0x7f0000001b00)=[{&(0x7f00000009c0)=""/239, 0xef}], 0x1, 0x40002, 0x0) (async)
preadv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000b80)=""/164, 0xa4}], 0x1, 0x5ce, 0x7)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

7m43.876835464s ago: executing program 3 (id=1925):
openat$urandom(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r3 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_SMBUS(r3, 0x720, &(0x7f00000003c0)={0x0, 0x0, 0x8, 0xfffffffffffffffe})
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000940)=[<r5=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r4, 0xc05064a7, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000008c0)=[0x0, <r6=>0x0], &(0x7f0000000900), 0x0, 0x2, 0x0, 0x0, r5})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)=[<r7=>0x0], 0x0, 0x0, 0x0, 0x1})
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0)
read$FUSE(r8, &(0x7f0000000bc0)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000240)={0x1, r6, r7})
ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000180)={<r9=>r2, 0x5, 0x357c8713, 0x200})
write$USERIO_CMD_SEND_INTERRUPT(r9, &(0x7f00000001c0), 0x2)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000000)=0x6)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r11 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r11, 0x4c0a, &(0x7f0000000440)={r10, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323695c58d66500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
ioctl$LOOP_SET_STATUS(r11, 0x4c02, &(0x7f0000000200)={0x0, {}, 0x0, {}, 0x6000, 0x6, 0x0, 0x0, "cd0d05a286a8d9c7b438dd4350274fc803519e3d7d156d943d4034728428556b2b5a97d6203497d63e98ec46bc3116e3930f9b02cdc0f982e0d499db318cb04c", "e39fb4a6d3333aba8405d70d523a5a783847b8bc04869aad25d757c86a08e932", [0xd027, 0x7]})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

7m43.417633873s ago: executing program 3 (id=1927):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4140aecd, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

7m42.848129003s ago: executing program 3 (id=1931):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000480)={0x1, 0x0, [{0x639, 0x0, 0x7a31}]})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000480)={0x1, 0x0, [{0x639, 0x0, 0x7a31}]}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000) (async)

7m42.504412646s ago: executing program 3 (id=1935):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f00000000c0)={0x524, 0x80000001}) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000}) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r5, 0x4048aec9, &(0x7f0000000740)={0x2, 0x0, @ioapic={0x4000, 0x2, 0x800000, 0x100, 0x0, [{0x6, 0x3, 0x6, '\x00', 0x8}, {0x0, 0x3, 0x3}, {0x3, 0x4, 0xc}, {0x1a, 0x7, 0x7, '\x00', 0x5}, {0x4, 0x3f, 0x1, '\x00', 0x58}, {0x2, 0x1, 0x8, '\x00', 0x7}, {0x6, 0xb, 0x1, '\x00', 0x9d}, {0x2, 0xa0, 0x4, '\x00', 0x4}, {0xf7, 0x4, 0xd, '\x00', 0xec}, {0x2, 0x7, 0x1, '\x00', 0x5}, {0x6, 0xa, 0x0, '\x00', 0x9}, {0x2, 0x6, 0x8, '\x00', 0x3}, {0x26, 0x3, 0x6, '\x00', 0x9}, {0x2, 0x0, 0x7, '\x00', 0x3}, {0xc, 0x5, 0x37, '\x00', 0x4}, {0x6, 0x5, 0x5, '\x00', 0x10}, {0x5, 0x8, 0x0, '\x00', 0x5}, {0x7, 0x4, 0x3, '\x00', 0x3}, {0x8, 0x4, 0x0, '\x00', 0x81}, {0x5, 0x3, 0xfc, '\x00', 0xc6}, {0x7f, 0x9, 0x4, '\x00', 0x3}, {0x1, 0x3, 0x4, '\x00', 0xfa}, {0xbd, 0x7, 0x8, '\x00', 0x9}, {0x7d, 0xc, 0x5, '\x00', 0x7}]}})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

7m42.245086295s ago: executing program 3 (id=1938):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f00000002c0)=0x20) (async)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r5, 0x6f000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) (async)
r6 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000003c0)={{0x1, 0x1, 0x18, r6}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
r7 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_RELEASE_PORT(r7, 0x5514, 0x0) (async)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m41.907747684s ago: executing program 3 (id=1942):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x8, 0x0, 0x8, 0x2}, 0x0, 0x7, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0xfffffffe}}, 0x1, 0x0, 0xfe}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xcd8e9000)

7m26.84114301s ago: executing program 33 (id=1942):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285628, &(0x7f0000000080)={0x3, @win={{0x8, 0x0, 0x8, 0x2}, 0x0, 0x7, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0xfffffffe}}, 0x1, 0x0, 0xfe}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0xcd8e9000)

20.520253181s ago: executing program 5 (id=4711):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
write$UHID_DESTROY(r1, &(0x7f0000000000), 0x4)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

20.14378882s ago: executing program 5 (id=4714):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000002c0), 0xe89b0051de36c984, 0x0)
ioctl$UI_DEV_CREATE(r1, 0x5501)
r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(r5, 0x4048aecb, &(0x7f0000000080))
write$apparmor_current(r2, &(0x7f0000000340)=@profile={'changeprofile ', '\x00'}, 0xf)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x103403, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r7, 0x4020aeb2, &(0x7f0000000080)={0x0, 0x2c01, @ioapic={0x100010000, 0x1, 0x0, 0x0, 0x0, [{0x6, 0x7, 0x8, '\x00', 0xab}, {0x2, 0x0, 0x2, '\x00', 0x5b}, {0x60, 0x4, 0x8, '\x00', 0x3}, {0x5, 0xe, 0x7, '\x00', 0xf1}, {0xc, 0xc, 0x9, '\x00', 0x43}, {0x4, 0x79, 0xc5, '\x00', 0x9}, {0x94, 0x5, 0x9, '\x00', 0xfe}, {0xf, 0x0, 0x6, '\x00', 0xfc}, {0x1, 0x4, 0x8, '\x00', 0x33}, {0x81, 0xf, 0x57, '\x00', 0x9}, {0x5, 0x4, 0x1, '\x00', 0x6}, {0x81, 0x6, 0x6, '\x00', 0x48}, {0x3, 0x1, 0x8, '\x00', 0xff}, {0x6, 0x3, 0x2, '\x00', 0x2}, {0x6, 0x5, 0x3, '\x00', 0x50}, {0xd, 0x2, 0xd, '\x00', 0x2}, {0x8, 0x80, 0x81, '\x00', 0xb}, {0x3, 0x89, 0x1, '\x00', 0xf}, {0x78, 0x7, 0x2, '\x00', 0x5}, {0x3, 0x3, 0xc1, '\x00', 0x7}, {0x5, 0x26, 0x5, '\x00', 0x9}, {0x7, 0x9, 0xe4, '\x00', 0x6}, {0xc1, 0xd, 0x81, '\x00', 0x10}, {0xfd, 0x3, 0x80, '\x00', 0x6}]}})
write$apparmor_current(r2, &(0x7f0000000000)=@profile={'permprofile ', ']\x96%)//.!-\x00'}, 0x16)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r8, 0xaf02, 0x0)
r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x121300, 0x0)
ioctl$TCSETSF2(r9, 0x402c542d, &(0x7f0000000080)={0x8, 0xe0, 0x9, 0x5, 0x9, "af12b17375d7685bb6c220cf9992033411e7e9", 0xae1, 0x9})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

19.461793125s ago: executing program 1 (id=4717):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x438301, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x438301, 0x0) (async)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async)
write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) (async)

19.341318425s ago: executing program 1 (id=4718):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xaece, 0x2)
r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af04, 0x0)
read(r2, &(0x7f0000000040)=""/8, 0x8)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0xa34, 0x0, 0x3e}, {0x9fe, 0x0, 0x3}]})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r1, 0xaece, 0x2) (async)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) (async)
ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) (async)
ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af04, 0x0) (async)
read(r2, &(0x7f0000000040)=""/8, 0x8) (async)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)={0x2, 0x0, [{0xa34, 0x0, 0x3e}, {0x9fe, 0x0, 0x3}]}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000) (async)

18.786975595s ago: executing program 1 (id=4721):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@hyper}, 0x0, 0x3, 0x7})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_TMR_TIMEBASE(r2, 0xc0045401, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

18.362758434s ago: executing program 1 (id=4722):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 64)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (rerun: 64)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2) (async, rerun: 32)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async, rerun: 32)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r5, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

18.284988054s ago: executing program 5 (id=4724):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000040)={0x1, 0xff, 0x7, &(0x7f0000000140)={0xc, "b7fc741714bd8325de9540e3cfc840d0b9358338de5fdb7ad189aa80277f6cd2e2"}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r1, 0x7dfff000)

18.053693413s ago: executing program 5 (id=4725):
r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r0, 0xc080aebe, &(0x7f0000000000)={{0x0, 0x0, 0x80}})
ioctl$KVM_GET_REG_LIST(r0, 0xc008aeb0, &(0x7f0000002080)={0x7, [0x2c, 0x9, 0x4f22, 0x5, 0x9, 0x10000, 0xfff]})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f00000020c0)={<r1=>0x0, 0x657c, 0xffffffffffff8000, 0x1})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f00000024c0)={r1, 0x4, 0xfe00000000000000})
r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000028c0), 0x20001, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000002900)={{0x0, 0xdddd1000, 0x10, 0x3, 0x6, 0x6, 0x7, 0x7, 0x4, 0x6f, 0x9, 0x9}, {0xeeee8000, 0x2, 0x0, 0x1, 0x9, 0x9, 0xde, 0x1, 0x10, 0x80, 0x4, 0xf4}, {0x10000, 0x2, 0xf, 0x5b, 0x52, 0x2, 0x40, 0x7, 0xf, 0xb, 0xa0, 0x6d}, {0x8000000, 0x8000000, 0x4, 0x5, 0x1, 0x6, 0xe, 0x82, 0x1, 0x84, 0x9, 0x92}, {0x8090000, 0x6000, 0xe, 0x2, 0x7, 0x6, 0x8f, 0x0, 0x2, 0x8, 0xe7, 0xb}, {0x8000000, 0x1, 0x8, 0x81, 0x9, 0x6, 0x6, 0x8, 0x5, 0x2, 0xe, 0xfb}, {0x4, 0x8080000, 0x3, 0x7b, 0xba, 0x1, 0xf, 0x4, 0x82, 0x2, 0x0, 0x5}, {0x4, 0x80a0000, 0x8, 0x64, 0x9, 0x0, 0x6, 0x6, 0x9, 0x3f, 0x9, 0x68}, {0x100000, 0x2}, {0xd000}, 0x20, 0x0, 0x5000, 0x48, 0x2, 0x0, 0x2000, [0x7f, 0x2, 0xfc6c, 0x6]})
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r3, 0x4068aea3, &(0x7f0000002a40)={0x80, 0x0, 0x4})
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000002ac0)={{0x0, 0x0, 0x80}})
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000004b40)={0xc, <r4=>0x0})
ioctl$IOMMU_IOAS_COPY$syz(r2, 0x3b83, &(0x7f0000004b80)={0x28, 0x10000, r4, 0x0, 0x19f893, 0x2, 0x7, 0xa65c1})
ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000004bc0)={0x100, <r5=>0x0, 0x1})
ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000004c00)={0x8, r5})
ioctl$IOMMU_VFIO_IOAS$CLEAR(0xffffffffffffffff, 0x3b88, &(0x7f0000004c40)={0xc})
ioctl$EVIOCGSW(r2, 0x8040451b, &(0x7f0000004c80)=""/236)
r6 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000004d80), 0x200, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r6, 0x8040ae9f, &(0x7f0000004dc0))
ioctl$TUNGETVNETHDRSZ(r6, 0x800454d7, &(0x7f0000004e00))
openat$vimc2(0xffffffffffffff9c, &(0x7f0000004e40), 0x2, 0x0)
ioctl$DRM_IOCTL_RM_MAP(r2, 0x4028641b, &(0x7f0000004e80)={0x0, 0x0, 0x0, 0x0, &(0x7f0000ffb000/0x4000)=nil})
ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000004ec0)={0x3, 0xffffffff, 0x1ff, 0x9, 0xfffffffa, 0x3})
ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000004f00)={0x9, 0x1, 0x2})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000004f40)={0x5, 0x0, [{0xb70, 0x0, 0x4}, {0x20e, 0x0, 0x4}, {0xc001103b, 0x0, 0x2}, {0x40b, 0x0, 0x3}, {0xb44, 0x0, 0xfffffffffffffff6}]})
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0xf501, 0x0)
ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f0000004fc0))
r7 = syz_open_dev$sndpcmp(&(0x7f0000005080), 0x33fe, 0x208a01)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f00000050c0)={0x0, 0x9, 0xde17, 0x2, 0x6, 0x7, 0x6, 0x54b1, 0x7fffffff, 0xffffffffffffffff, 0x5, 0x5})
ioctl$BTRFS_IOC_LOGICAL_INO(r6, 0xc0389424, &(0x7f00000051c0)={0x9, 0x20, '\x00', 0x0, &(0x7f0000005180)=[0x0, 0x0, 0x0, 0x0]})
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x10, r7, 0x66d96000)

17.799906581s ago: executing program 5 (id=4727):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = syz_open_dev$tty20(0xc, 0x4, 0x0)
write(r3, &(0x7f0000000680)="7ae3b8089afa057e92de00320dcabb2f897c23d6e29b7a84473d7d2569ed50a2f39cb95f39c68f7068c1f3de2781e8154ced42718993b003c317ad46fe595b8d89893411e80beda0300a7d52eb2ebeac548cb4d851d5b3fb24e2d4dd9a37c7b8d13c1a4e77ccf95d394f69c42685d64dcdd9362624325fe188ae025a844b99f21fcc030fbf6f12e7cae296245f4a3ec0e1e7a329370241b00701ff2db006fa87df86584ebf15d4e7f27dff5033d290241f8c4b4022d7e6b59c78f737a9838e320d1bd2109c8573e2cbc1f382809a", 0xce) (async)
write(r3, &(0x7f0000000680)="7ae3b8089afa057e92de00320dcabb2f897c23d6e29b7a84473d7d2569ed50a2f39cb95f39c68f7068c1f3de2781e8154ced42718993b003c317ad46fe595b8d89893411e80beda0300a7d52eb2ebeac548cb4d851d5b3fb24e2d4dd9a37c7b8d13c1a4e77ccf95d394f69c42685d64dcdd9362624325fe188ae025a844b99f21fcc030fbf6f12e7cae296245f4a3ec0e1e7a329370241b00701ff2db006fa87df86584ebf15d4e7f27dff5033d290241f8c4b4022d7e6b59c78f737a9838e320d1bd2109c8573e2cbc1f382809a", 0xce)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000280)={0x0, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SET_MASTER(r6, 0x641e)
ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000600)={0x1, 0x0, @pic={0x2a, 0xbe, 0x3, 0x6, 0xfb, 0x0, 0xf, 0x7, 0x7, 0x3, 0x3, 0x58, 0x90, 0x5, 0x9, 0x7f}})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)=ANY=[]) (async)
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000003c0)=ANY=[])
ioctl$KVM_RUN(r2, 0xae80, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a)
read(r7, &(0x7f0000000080)=""/109, 0x6d)
r8 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001100), 0x0, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041) (async)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) (async)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
write$sndseq(r9, &(0x7f0000000080)=[{0xb, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)
r10 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r10, 0xc0145608, &(0x7f0000000200)={0x1000, 0x1, 0x2})
ioctl$vim2m_VIDIOC_S_FMT(r10, 0xc0d05605, &(0x7f00000002c0)={0x2, @win={{0x0, 0x8001}, 0x0, 0x0, 0x0, 0x0, 0x0}})
ioctl$SNDCTL_SEQ_GETTIME(r8, 0x40045109, &(0x7f0000002240))
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000006, 0x20010, r11, 0x97af1000) (async)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000006, 0x20010, r11, 0x97af1000)
syz_open_dev$vim2m(&(0x7f0000000000), 0x8001, 0x2) (async)
syz_open_dev$vim2m(&(0x7f0000000000), 0x8001, 0x2)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

17.717788744s ago: executing program 1 (id=4728):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
r2 = openat$rdma_cm(0xffffff9c, &(0x7f0000000f00), 0x2, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000fc0)={0x16, 0x40, 0xfa00, {{0xa, 0x4e23, 0xccf1, @private0}, {0xa, 0x4e23, 0x0, @local}}}, 0x48) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

17.526841022s ago: executing program 1 (id=4729):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$nci(r3, 0x0, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000005e40)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
pwritev2(r3, &(0x7f00000001c0), 0x0, 0x25, 0x5, 0x2)
write$FUSE_ATTR(r4, &(0x7f0000005340)={0x78, 0x0, r5, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r6, r7, 0xb, 0x8, 0x1000000}}}, 0x78)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, <r8=>0x0}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r3, {r6, r8}}, './file0\x00'})
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r9, &(0x7f0000000100)=""/159, 0xfffffe5a)

16.930913953s ago: executing program 5 (id=4734):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0xf41e0000)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000480)={0x80000000, 0x0, &(0x7f0000000400)=[{}, {{<r2=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001040)={{r2}}) (async)
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001040)={{r2}})
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0xffffd827, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000001c0)={[0x1, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x10000, 0x4, 0x0, 0x0, 0x0, 0x2, 0x1, 0x6a, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
read$FUSE(r3, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x4d0100, 0x0)
dup(r7) (async)
r8 = dup(r7)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf0000000000000077020000000000008fffffffffffffff12d11f03b11d59db8240cef2757cb5bca13b4b36e5090286ca2cfa8464b38f4a5da3d5cb35c10afafbf2cb4880382327e48aaa936fee8e45903a0147cd9b3a8d78c514fd9485aa43ca478c4326debd5fc26023cc5271571b3b6eae61578c7fa53e75491979215e996f56082e2339cd3265db53c36952163392dd25389ea770951705bb999f75263f9763df9c34b5a9901f1e8dea3aa59786757fbda7188d1d3d3be1f28e3d6cefb4d1583e2b267093783602a03f6629a25815493f33fed329bca58b47e46d3aba0c27345c1b7d9e8210d0a73c654ceb"])
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)

16.810302193s ago: executing program 2 (id=4735):
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40186f40, &(0x7f0000000000)={0x1, 0x0, 0x1, 0x6, 'syz1\x00', 0x4})
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = dup(r1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)
ioctl$KVM_X86_SETUP_MCE(r5, 0x4008ae9c, &(0x7f0000002900)={0x15, 0x7, 0x80})
ioctl$KVM_GET_CPUID2(r0, 0xc008ae91, &(0x7f00000000c0)={0x2, 0x0, [{}, {}]})
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x420a00, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r6, 0x7dfff000)

16.686549596s ago: executing program 2 (id=4736):
r0 = syz_open_dev$video(&(0x7f0000000000), 0x8, 0x200)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x0, @raw_data="0dc016f142d6bb28dd0ba98c4b6fedae2389a1ad92880dd220569fcad809ee836627b195977e21de42fb20fc740ed6a10cdbe468aa0ef1ade5718767583a5f2f74cfea8dc1b80d2d6c4bd9be9dd647ba7bcc3d0645d40ee87fffab519795d94e3e1a34bec984903331672bd7773cf08ecfbc33a90bad1cf892cf32747f9cb5deac31b27d114709b9e6303e48148816b7a4d348e4442c62de7527ce6f56e100a95c48a4fa18afa98c0f63252b6da9e8270886a625c161f4622b5be694ba631a58120ad728edf14e95"})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x19)
write(r1, 0x0, 0x0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$cgroup_netprio_ifpriomap(r2, &(0x7f00000000c0), 0x2, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xbf0e1b954cd3cd9f, 0x80010, r3, 0x251fb000)
syz_open_dev$video(&(0x7f0000000000), 0x8, 0x200) (async)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x0, @raw_data="0dc016f142d6bb28dd0ba98c4b6fedae2389a1ad92880dd220569fcad809ee836627b195977e21de42fb20fc740ed6a10cdbe468aa0ef1ade5718767583a5f2f74cfea8dc1b80d2d6c4bd9be9dd647ba7bcc3d0645d40ee87fffab519795d94e3e1a34bec984903331672bd7773cf08ecfbc33a90bad1cf892cf32747f9cb5deac31b27d114709b9e6303e48148816b7a4d348e4442c62de7527ce6f56e100a95c48a4fa18afa98c0f63252b6da9e8270886a625c161f4622b5be694ba631a58120ad728edf14e95"}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
syz_open_dev$ttys(0xc, 0x2, 0x1) (async)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x19) (async)
write(r1, 0x0, 0x0) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f00000000c0), 0x2, 0x0) (async)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xbf0e1b954cd3cd9f, 0x80010, r3, 0x251fb000) (async)

16.556190173s ago: executing program 2 (id=4737):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000) (async, rerun: 64)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'}) (rerun: 64)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000080)={0x2, 0xf50, 0x1, 'queue0\x00', 0x6b2})

16.519272565s ago: executing program 2 (id=4738):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x101781)
ioctl$USBDEVFS_FREE_STREAMS(r3, 0x802c550a, &(0x7f0000000040)=ANY=[@ANYBLOB="023f"])
mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r2, 0x10000000000)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r5, 0x7dfff000)

16.37189065s ago: executing program 2 (id=4740):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x80, 0x0, 0x6}})
read(r0, &(0x7f00000003c0)=""/4096, 0x1000)
read(r0, &(0x7f0000000040)=""/248, 0xf8)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

16.276356263s ago: executing program 4 (id=4741):
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0x591000, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000040)={<r1=>0x0, 0xa, 0x1, [0x9, 0x3, 0x4, 0x1], [0x8284, 0x8, 0x3, 0x5, 0x5, 0x5, 0xf, 0x4, 0x10, 0x1, 0x2, 0x400, 0x8001, 0x4, 0x1, 0x8, 0x1, 0x100000000, 0x7, 0x9, 0x180000, 0xb, 0x9, 0x80d0, 0x5, 0x3, 0x0, 0x8, 0xf, 0x2, 0x8, 0x5, 0xe0, 0x3, 0x400, 0x5, 0xfffffffffffffffd, 0x1, 0x9, 0x7, 0x8, 0x0, 0x1, 0xf, 0x7, 0x40, 0x2, 0xa, 0x9, 0x0, 0xa48, 0x7, 0x8000000000000000, 0x4, 0xfffffffffffffff8, 0x3840000, 0x8, 0x2, 0x2, 0x400, 0x623c, 0xfffffffffffffffd, 0x0, 0x4, 0x1, 0x9, 0x5, 0x3, 0x9, 0x7fffffffffffffff, 0x3ce2, 0x7fffffff, 0x7, 0xf016, 0x80, 0x0, 0x0, 0x101, 0x401, 0xbd1, 0x0, 0x3, 0x5c80, 0x8, 0xa0, 0xffffffff, 0xa9, 0x1, 0xb6, 0x2, 0x0, 0x99eb, 0x9, 0x4, 0x8, 0x8, 0x1, 0xffff, 0xffffffffffffffff, 0x20c, 0x4, 0x2, 0x4, 0xffffffffffff0000, 0x5, 0x6, 0x1ff, 0x4, 0x7a6, 0x8000, 0xfffffffffffffffd, 0x5, 0xd, 0x400, 0x4b, 0x8, 0x2, 0x80, 0x508, 0x10001, 0x80000001]})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000480)={r1, 0xc355, 0x1, [0x3f, 0x6, 0x57, 0xd, 0x8], [0x100000000, 0x2, 0x7fffffff, 0xfff, 0x5, 0xd0, 0x29fe, 0xffffffffffffffff, 0x3, 0x4, 0xffffffff, 0x4, 0x9, 0x3, 0x8, 0x101, 0xa0d, 0x0, 0xd5, 0x7, 0x9, 0x1, 0x3, 0x4b3b, 0x0, 0x9, 0x8, 0xfffffffffffffffe, 0x5, 0xfffffffffffffff7, 0x3, 0x100, 0xeb48, 0x9, 0x76, 0x1, 0x4c, 0x3ff, 0xd5, 0x7, 0x9b4, 0x8000, 0x8, 0x7fffffff, 0x9, 0x7, 0xfffffffffffffffd, 0x3, 0x101, 0x400, 0xd, 0x3, 0xd2, 0x8, 0x0, 0x3, 0x400, 0x1, 0x5, 0x8000, 0x8000, 0x5, 0x9, 0x0, 0x3, 0x7, 0x2, 0x9, 0x40, 0xf, 0xa75, 0x1fe, 0x40, 0x0, 0x0, 0xa, 0xa9, 0x40000000000000, 0x6, 0x3, 0x0, 0x2, 0x1000, 0xfffffffffffffffb, 0x3ce, 0x3, 0x9, 0x2, 0xc8, 0x3c60, 0x1, 0x4, 0x67, 0x4, 0xd980, 0xc, 0x3, 0x6, 0xe177, 0x1, 0x4, 0x100000001, 0x40, 0x7, 0x200, 0x5, 0x2, 0xfffffffffffffff7, 0xe, 0x1, 0x80000000, 0x4, 0x0, 0xb, 0x2, 0xd, 0x3, 0xfffffffffffffff9, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc]})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f00000008c0)={0x6, 0x800, 0xf0})
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000940)='/proc/bus/input/devices\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r2, 0x404c534a, &(0x7f0000000980)={0x78fa, 0x2, 0x6})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r0, 0x404c534a, &(0x7f0000000a00)={0xfff, 0x5, 0x4})
read$char_usb(r0, &(0x7f0000000a80)=""/251, 0xfb)
write$sndseq(0xffffffffffffffff, &(0x7f0000001b80)=[{0xa, 0xfb, 0xbd, 0x5, @time={0x0, 0x6}, {0x4, 0xda}, {0x0, 0x40}, @control={0x7, 0x3, 0x1}}, {0x3d, 0x0, 0xb4, 0xf9, @time={0x3, 0x4a1d}, {0x7, 0x10}, {0x2, 0x6}, @queue={0x2, {0x8ec3}}}, {0x0, 0xe2, 0x81, 0x3, @time={0x5, 0x100}, {0xf, 0xfa}, {0x4}, @ext={0x1000, &(0x7f0000000b80)="366e2fb48996d812b56749729fa98bba636339060c1a8d765e56a6fb49a1a2755bc0f5caa8b80a4eb59be22d298f538b2ab15f2204beb257d781d175ab1cf007dd26209d65bb05a260535ae4ec99eff931b41062a13fb52f78482b98703759807b3788b23e99e94fd4ff0da013b1066ece69a3fdce336e7826bc8dd9cda412b7ca661822a98a559751c8fabca401aa6a8f78ba4841e940e8b457876ce8b167ec5c5cd1600472a488245985963795454fc6fa3ade540ef2e00b7d4947e959ca98e4d12c23184dd150c616595069bd51c4bf1e69a87c24f8d0e08ec78efda591125284402c6f475bfe08521e85cf916a0dd198b3af6f76c3ee5ed814963ef1cb382a5d5633e73b7a2d7c9fbc839bbb4b7707a475e7858e1810d9ff5e010ed6495993b91898a1a084e4e53e07d0e182fab5eeb94e9076c6dfe9f28281e481482ccdd0eeda1fef5bad3e702223fa6c490f5c760b5608e7f98731e503656aeb354ac7cd58ddbb30d7397c33730755e642d6067c776a1c998630bb5b977d118e73ba62609c641bb78d56fec7263b03415fe1487d4fdd53e9d208db39c7414565b8e1337dbd79bead40cdc020ddcf44c056fab3f4e2b8f263fa259a8186f18dc54f0fdd26b76006e7bd7429fa7ff4941b2012e3d55e444ab50e97dda612178b021acbd8d78cbcd0866d7f90957c1feb8ccb8719b626bee1eea2ba90cf428fb83d18a9247d5bd32eecda286a99014c60611e091e6c180929f1380d33eb23c64fc2f40cbfeebbe127962a86c94da432c1c09b87b76fb35fa9526e0ef72dc09c2ecd8ca43e3dc12a0dbd91b1132c93e5bef165d7061fa3ce4006d04ca29ad131ef54643246caa5bfe09fc00b3c982e76041477efad2b075fead5be4d98d2d96f51f789b732c6714213d4a4d4e6563dc5a7a0e2ffe514c0be68d969e52d7f989ce6203266be6e9ded430fee74682e93ab2edf55b113e88e1f1bfd637046094b75407c1ad675ea7c94f78b4c4afa998f26053fcbbedd46c9b42e3a56359ae58859c1382dd8dc4aee81edd50ba6e8a6a1cebb8dac845a5191d5feb9c75633e81de8089df4b8e4768887c354932adfea54d9c74e8367701eb839273cdfbb33e8e24936b92cb7edf0983b2176c389d34945732f0c13b8ccdd57645d4b8efb665714322f6651add93cafe0cff0ae6d16494c466bc0379a76d7f1719984807f10eb402a23b0bd9d016475d7b67b81fec8415655ccaba0db3aea3f8d456eb7d0e43cf63084da5ed08266439f008b59a233d7daaa51d3f13fa5eb1402b9dab48dc768d82246efcdafcfd4efdfaec487a85550a39309302f8eddcac5a6d43c96205a6b94fe9663291d7f6bc64950f237dfa4b910a15c83522053ec54982d7dbc07a59117a0b578fa2d1e79aae56cbb9054fcc1218b9a211975552b27416abfdde6dfafe7e633746fe00118ca50833f86877611b861a85f97a7acc62f7aeabe7a2dac65dbe29e165e608e277fbf21e4b009b6b3dc766457cb0f8d4c34e3f12f0da030e561d0764ad7ec90599927eacbcb1f90e27700bffbee6b6300fa90ce71ab3f3c58d9058384695b18d2ab1f5d74aceb191138a08b42b9db0a1a6d9ec8ef88b5e9eb08a618c0b75fc9f6cb67236ff4811d896eb8f01f62164036c6edf26f9951d0f4730977de78307c671521bf4a8bc8ba5b4d9714abc6d3cf73a22fe67f102942278192e86d6276598389a5459448d3b989e198120e53d74887cab01e0f40d0b27e296299e63a85e7c52f686dd152a35ee256be419878df42de3813bfd5a0bed4955d08accc87d8e4f3186a5159344615735b15c5892682c98f38e64de6afcc90c286f9ddc3360c92295b2606360874c73b8ce12269d43ca658dcadf9771a4bee3e0c9eaf912fa85a7bce21b9fcd5f646d1b31d5e23ce323d222e98e1b222ff08adcb809db3b3d2e1eb87bee5619b8b299132a05307ecda7ad00bd35b3d2fe0d3fb5a6e5ab7f9a7cca3568f158b785cff2f5f38b22b78833c215a29b3b26a5bd932bb9e1f42cc3b52ef1696dea0dcaf9b1d3adfc9af78ee076dd8afa53fca9bb4fa857147d149c837444a59aa687dd96b997d4e3d88489d609910ce14fc652d0fb0b9667370ded63e8c26cb3b78b274a78d287a358b25e071fcc7e842225f190b36049cae0e4847b331bee7d8477ef60e78296638dc5b64a3a999eda7e77a8eb2a971f279efa6a6ee8fd989d985c55486a164e37c30e389f9e6c289a4c33ead05dfdc415a1c96f3b5513e48698acc170c10caa7bfc90784d482bc38e197e3b5a52eb7e791cd03d04b0872b1d767399810c00f73df345a60991066717c5f8f48f00573d0b7b2677a01f9902db80c46e593b072bec526c786f4008648be232ca84160ffd6828a1809ddd64945f57ed2fb3d50327a990ead303c4d80e40789e019087422be63330b91c0b38d3623522be3aced9b11b301ad53e3a5e31349331d67c5743f950ef5e712932c01333e087e83b67e69aa85d5861f0c0579193bd4c982681b96a058adbba247871d8633cdea1a7559ce184874e217ba5660a466e871c01e900a11d49b52b5e82c4ede82f0bb341794418300ccc7ef2db93ff898195678d2af03fdc9b7b6cb4e284f2f5bf6669d905c9e1ed9d2fcd8d2ee64fd1e0948a1ad6a18767447a2eb77eded0d9215ddf82801437d70b850cc6083eec0988734c95a97b9ed371540ec89f4366ca884d357837de696398bee0dd3dea789a5d2583524a04f2250f5ce2201c2223f44941a7379f57d5df951bd552b0c6f2af7177ddaa909d1cf2d4de08e1bc30b6546a31409aa3a1576c54f0d8562cc86e8745332fedf075bf5c9ada979f63934f99fc18f1c9625acf2c187792434ee56b4e6a86357b6721d89ec5210d90e229c58b9178464a0a3fa5f4fd19cc3102036c3c6fe699f14faca15ea913d195b05b00b0ce4c2dc599bde48991d39b34ff8fa62dbe81ecbe4d1fab4f4dfa3067b54847b704a8efd05fb2a3888ef9727c716109151bb1071d495f94c2c2219b00a90d53c449c005719d6d15052d0ac459410da94f50da48fa299f3bd6c175e3e5c3a0cc8465edbba6bbe7b361e1a9f39d34b7ddb2fe732d93660be40b3cf7fa45e1126101372e96445ee480eeb5779a2a4befb03d62849bfa131dc0f2bfd22085d9ebe469231b08e9ab97db10488ad799f813588c4d5eb050e1e0acc282cca0e7ff2fa3ef5ba39c6af52c5211b90339d797d81f21dcb6ad17d96fb2f7dd99056fb7d344c33b8a4a1a8e8edb79799824d278f07a3e29a318dd9c3615d925a625d769d575a16f1e1158cb00c7e1797e520bf3e18f93e2a4b87509831ed3d8130cddf502c386b596bd4494e7b808a7bfeb00bf56dbf5039cdf6189b9b82e64391dfaee59d445e3cd585cba2ae41c10e39d4076a353c25b55c1ee824e8a5eca5869471e3ee5c85b141bc24e31df38a34068bf89c32a4e29cd6ae6a6ebc44edd4e6ee62227bd8d29584c235d47e9813b0a85192c30f451a5c1396cf5e65bd568e42f18f91cc8d19b42071c1e5ae4dc77bca838c4c5e56cec6fb0b2654a6b4c74475376ed6eedd0c982c6f82f5b44358173a9eec267b9f104df05e67fe741517eab2355f9cbcc687373ee4c7faf4f5803a2ebc626aa72c63b0924dab79b81b0477289e1033f44d47f7a3dcc7ef3a26ada0dfc42afc85cbae49f0c11de8a6d52bc111db59f338b8bbce47e2adfd8af274b6a564bb350512e1cfb0214767d767d39b540cd2a74d27d7d59e6d9913fbea548306a100e5a96442c7dcea8095b798d3fe2894dab7764220e892b6bac66c82c32558d58d6c46ca44a37c268d1e9811d22d3a82e07d17a2ef709adba995a7443384fcad0472b3cd93e20758572e20abba2d60b3e2680054e11ab42d6ca0afb88d02d3d7026a26c29abe44c30bb4a21b6425ba26bd9914a4b4aa8166caa18ac4cf667e4883ebb11dc43e7163cf41366813d7bb98af13378f11f9b2354cb00d606d918d57f45aa093eed0f7e015a4091ff2a3438c5a20b0395d143f2d06282bbca3b2f1c82045bbb92333fcb2fad2bc635378ae5fb6243a7b86e810a014e20ac1665f5e8b58dbe6558425a0c478a82c07cb050da0e1f08238ca8571580a341e6e0156e87b9cda4b2fc109627831fb708e44b6e07d3e5740bf5524dd699a8d14cf30b81ee8d3f3b1b56c6c70e34eebb3aa04f3f23726b9a5b123b078c674089e238dd0dd46784d3d68dcbc66b37745178e88c564aa93a2b6120a6968d2fa056fe1baf301681e17a5260a3e399c5155469b5d149745baf1c7ab73dc7a68a629a72d4f6bb1b3c2ef3df6408b58ecd486e67799b555e06bfec483b34801a6374eda4918bc294e5cbf5851ec258f8193b26d63efaf821ce8c1e8ba480f42b8c5c3f1d19bbc26cfd8b8777f00581f6581addcf20118e9609e0e23c7524fa37fa8af16147a8d169b8632c44ac87646779f89f821ac1994be2715a16d8cc20967bf6c9eac42fac1700a891ce5e85dd31cd1c35023e629f4f8ae9027932765e529676b211e2e247b0b79c422ee0846e5fa5140623f90419378db0bab6c83b44e1de0d9dd2861a957ae6d2bcb8781d3d2bf2d4b7072bee1ddb0eec675143d7a2a00c6732f6c118f6664903c06f8dae653e968b29e42e0e288db1f9459c50e9cf4f362bed809c0b5e924b200bb0c4ef00207863f3b795b89ed9130da912d66da6702817cca1afc956359531fcb5866baa158d558f9957678700bb65c133a6ba052fc21436afb66c38685870e8383788cd24d6c68de56f756e3e369ec5d2b2982bee9060c71ab5980616c4b502be706c3b273c1de172aec3526c6afbdc2d6437aac9328acea66b239708919c7a9903e83a31f0bc98c904f86861b90bbc279fa288ad944fd80f3d5d8f2143e694a4ac62317e0fc23ce7596dd843230b43fa9d619e7fadd5b02c89eefccec54c2602f922479c6c60ce1a92d6e4a389eef63950cf32cdcf44cb971c8a65d798a39f6361e9ff25bfb37017422f20ca5bbd0fc5c1cb84fed767c81cefbffca5ccfd149c6317e7f43de1668dcfcb3ed10dd58b2debcc7b676102562c84a38d066df6d426eeacd8ede47990a53df6040f6fc0931d5c1cf8d9b5e4539b38978e08e225b831d78a53ca35167dec80ffd0941764ebaf75ff2f4797613952ec1a809a5d3a6e39db6816e936fed840b60ae60cc6b10d4df30076aeac19b282fe615838385070eaefbd3fb40459510d9153456584a0281f1a0803b69e2fd9a284d76565fd4083ac3d1198d0c8621ef810cbf38902361319c9a6aa3c08f12384802ad780a65f5fe081f1c908683d67daee233adf401f62fecf29c8c383364b823a4eede55c1bad54cf2e00ffe9f446fa09bbc9f0c0ab2cd1d9c03c95ac61d552f989efe856adebe05a202b3a12ed9bc120f8e78a6677a3ecd7b809b5f1cbc3fc98653615b3ba8df33b28e86e4c1819720a927e9be2c548280e814cd545276051ce246c4d03202020cbc14b9f54dfc871a96115400227c2191b96c989f612a709f7ef921bb41315a09e762fa7bb9b18df0b8af3a3a8065d449781e84ef0f3a0780a0c308b3eb36683b99d1603f42ba319fa857213ae098427a4e4ecf1d83b091779c9cb9dd67cd85f97d73cea7d1c153917e3159bf4c3133644590029419f8cc48016e2c84e14e4938604ddd649fa73c257d297328c727cb4283ccafb9336d3c2fe852bcc6bbab876d7095bb9801bff508a92b0a6f118434cf747db954fb1f3845788dd1dd7654fd9441b3e3c67d9492ec0d1cd12e3a"}}, {0x0, 0xf9, 0x9, 0x1, @tick=0x400, {0x2, 0x81}, {0x7, 0x7}, @control={0x10, 0x3, 0xfff}}, {0x9, 0x72, 0x8, 0x4, @tick=0xfffffe01, {0x7, 0x5}, {0x5, 0x1}, @quote={{0xb8, 0x3}, 0x9}}], 0x8c)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001c40), 0x22000)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r3, 0x4040534e, &(0x7f0000001c80)={0x2, @tick=0x2, 0x4, {0x80, 0x24}, 0x1, 0x1, 0xff})
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001cc0)='/proc/vmstat\x00', 0x0, 0x0)
ioctl$KDGETKEYCODE(r4, 0x4b4c, &(0x7f0000001d00)={0x0, 0x4})
ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000001d40)={{0x2, 0x1, 0x589, 0x2, 0x1}})
read$char_usb(r2, &(0x7f0000001d80)=""/38, 0x26)
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001dc0)='/proc/vmstat\x00', 0x0, 0x0)
r6 = syz_open_dev$sndctrl(&(0x7f0000001e00), 0x7, 0x400)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r6, 0xc0096616, &(0x7f0000001e40)={0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000001e80), 0x100, 0x0)
preadv(r7, &(0x7f0000002000)=[{&(0x7f0000001ec0)=""/69, 0x45}, {&(0x7f0000001f40)=""/40, 0x28}, {&(0x7f0000001f80)=""/87, 0x57}], 0x3, 0xfffffe01, 0x46b)
ioctl$BTRFS_IOC_TREE_SEARCH(r2, 0xd0009411, &(0x7f0000002040)={{<r8=>0x0, 0xffffffffffffffff, 0x1, 0x800, 0x7, 0x8a3e, 0xc697, 0x6, 0xaa4, 0x1ecb5e2e, 0x8, 0x7d, 0x401, 0xb, 0x7}})
ioctl$BTRFS_IOC_TREE_SEARCH(r7, 0xd0009411, &(0x7f0000003040)={{r8, 0x6, 0x2, 0x9, 0x0, 0xfffffffffffffff8, 0x81, 0x8, 0x0, 0x0, 0x9, 0xae, 0x0, 0x10000, 0x6}})
write$sndseq(r5, &(0x7f0000004080)=[{0x23, 0x4, 0x0, 0x4, @tick=0x6, {0xa, 0x9}, {0x7, 0xd2}, @queue={0x8, {0x6, 0x5}}}, {0x5, 0x80, 0x2, 0x0, @time={0x0, 0x262}, {0x6, 0x4}, {0x2, 0x1}, @raw8={"a9d72fe11e52635462a59675"}}, {0x6, 0x3, 0x1, 0x1, @tick=0x8, {0x6, 0x3}, {0xff, 0x4}, @raw8={"09609fd1ef472c6fb0070721"}}, {0xe, 0x5, 0x1, 0x3, @time={0xcb0c, 0xa5c}, {0x7, 0x4}, {0x6, 0x9}, @quote={{0x6, 0x72}, 0xe2e, &(0x7f0000004040)={0x80, 0x9, 0x82, 0x0, @time, {0xfa, 0x1}, {0x3, 0x7}, @quote={{0x0, 0x4}, 0x6}}}}, {0x4, 0x3, 0x81, 0x6, @time={0xfffeffff, 0x7f}, {0x3, 0x3}, {0xb}, @time=@time={0x4, 0xf3c1}}], 0x8c)
r9 = openat$cgroup_freezer_state(r0, &(0x7f0000004140), 0x2, 0x0)
write$cgroup_freezer_state(r9, &(0x7f0000004180)='FROZEN\x00', 0x7)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000041c0), 0xf81)
write$sndseq(r10, &(0x7f0000004240)=[{0x4, 0x4, 0xa, 0x8, @tick=0x1000, {0xfa, 0x4}, {0x9d, 0xa}, @control={0xb1, 0x40000000, 0x7256}}, {0xd8, 0xa, 0x7, 0x6, @time={0xc9a8, 0x1}, {0x3, 0x7}, {0x6, 0x6}, @ext={0x3, &(0x7f0000004200)="cd73c5"}}, {0x65, 0x9, 0x0, 0x0, @time={0x7, 0xfffffffc}, {0xc, 0x5}, {0x8, 0x2}, @queue={0xf8, {0x40}}}], 0x54)
ioctl$LOOP_SET_CAPACITY(r7, 0x4c07)

16.223024984s ago: executing program 4 (id=4742):
openat$rnullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x438b00, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x438b00, 0x0)
read(r0, &(0x7f0000000400)=""/175, 0xaf)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_DEBUGREGS(r3, 0x4080aea2, &(0x7f00000000c0)={[], 0x0, 0x80ffff00000000})
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f0000001b40)) (async)
ioctl$KVM_GET_XSAVE(r5, 0x9000aea4, &(0x7f0000001b40))
read$FUSE(r4, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x100, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0)
r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r10, 0xae04)
mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r11, 0x300000b, 0x11, r9, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0xd2, 0x0, 0xee, '\x00', 0x7fff}) (async)
ioctl$KVM_SET_VCPU_EVENTS(r9, 0x4040aea0, &(0x7f0000000000)=@arm64={0xd2, 0x0, 0xee, '\x00', 0x7fff})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
dup(r6) (async)
r12 = dup(r6)
openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) (async)
r13 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
read$rfkill(r13, 0x0, 0x0) (async)
read$rfkill(r13, 0x0, 0x0)
write(r13, &(0x7f0000000240)="369fc3ba7645dbb4b7aeb1b17d6c0e05d608431ebaa7a2081c3ed9255fd6e9059fd64d9ef1cad9a62322ff75590510f4a1265348086a9d1d296a25e2cc516fd615c6230dbe778923d64caff5f4d6ceaa92", 0x51)
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x2)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async)
write$rfkill(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r12, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)

15.815950615s ago: executing program 4 (id=4743):
write$UHID_INPUT(0xffffffffffffffff, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd8456a18f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0x1fe00)
ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000200)=""/82)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000040), 0xabd6, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000080)={0x5, 0xd8, 0xfffffff8})
r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0)
write$vga_arbiter(r3, &(0x7f0000000040)=ANY=[@ANYBLOB='lock i'], 0xc)
write$apparmor_current(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='permprofile &'], 0xff)
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r4, 0xc0405602, &(0x7f00000001c0)={0x18, 0x1, 0x0, "14a5593b595ccb9e289f1548f12ec9745f90084a013424cf6dc99d2466980300"})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f000001aa80)={0x7, {"a2e3ad214fc752f91b4809094bf70e0dd038e7ff7fc6e5539b326d078b089b3b083872090890e0878f0e1ac6e7049b3d68959b4c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b08320d075d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f0000000c558cdc0a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000e0a37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7076600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed050000000000000046684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5399e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df2928924486cfff799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d3a6df40babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e74322f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f39a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60559516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df11fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fffffff7f00000000758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x181000, 0x0)
r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2002)
write$sndseq(r8, &(0x7f0000000080)=[{0xff, 0x0, 0x0, 0x0, @tick, {}, {}, @addr}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {0xfe}, @queue}], 0x38)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000980)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_VFIO_IOAS$SET(r7, 0x3b88, &(0x7f00000009c0)={0xc, r9})
ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r7, 0x3b71, &(0x7f00000001c0)={0x20, 0x3, 0xfffffffffffffffd, 0xfffffffffffffffc, 0xffffffffffff638c})
r10 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r11=>0x0], &(0x7f0000000340)=[<r12=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r10, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r12, r11], 0x2, 0x0, 0x0, <r13=>0xffffffffffffffff})
ioctl$TIOCL_GETKMSGREDIRECT(r13, 0x541c, &(0x7f00000001c0))
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r10, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]})
mmap(&(0x7f0000448000/0x2000)=nil, 0x2000, 0x3, 0x2010, r0, 0x37ee000)
r14 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_ENTRY(r14, &(0x7f0000001fc0)=ANY=[@ANYBLOB="420000000300000000000000000000000000000000000000212b"], 0x42)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

15.531228516s ago: executing program 4 (id=4744):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0xc0800, 0x0)

15.50030648s ago: executing program 2 (id=4745):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x181003)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc})
close(r2)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bb, 0x8, 0x4, {0x6, 0x2, 0x100000002, 0x0, 0x6, 0x4, 0x7fffffff, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r3 = openat$cgroup_type(r1, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000240), 0x9)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000001c0)={0x1, 0xfc})
r5 = dup(r4)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

15.436143574s ago: executing program 4 (id=4746):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8, 0x2)
ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0285628, &(0x7f0000000080)={0x1, @win={{0x0, 0x0, 0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0}})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x6c, 0x0, 0x9}, {0x6}]})
r3 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000040)=[<r6=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000540)={0x0, 0x0, r6, <r7=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r4, 0xc06864ce, &(0x7f0000000080)={r7, 0x0, 0x0, 0x0, 0x0, [<r8=>0x0]})
ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, &(0x7f00000001c0)={r8})
ioctl$DRM_IOCTL_GEM_FLINK(r4, 0xc008640a, &(0x7f00000002c0)={r8})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x200)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

15.114123696s ago: executing program 4 (id=4747):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x68000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000d00)={0x8, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x411b00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x68000, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc}) (async)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]}) (async)
ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000d00)={0x8, r2}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x411b00, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async)

2.082730862s ago: executing program 34 (id=4729):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
read$nci(r3, 0x0, 0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r4, &(0x7f0000005e40)={0x2020, 0x0, <r5=>0x0, <r6=>0x0, <r7=>0x0}, 0x2020)
pwritev2(r3, &(0x7f00000001c0), 0x0, 0x25, 0x5, 0x2)
write$FUSE_ATTR(r4, &(0x7f0000005340)={0x78, 0x0, r5, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r6, r7, 0xb, 0x8, 0x1000000}}}, 0x78)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, <r8=>0x0}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r3, {r6, r8}}, './file0\x00'})
r9 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r9, &(0x7f0000000100)=""/159, 0xfffffe5a)

1.060405433s ago: executing program 35 (id=4734):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0xf41e0000)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = syz_open_dev$media(&(0x7f0000000000), 0x0, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r1, 0xc0287c02, &(0x7f0000000480)={0x80000000, 0x0, &(0x7f0000000400)=[{}, {{<r2=>0x80000000}}]})
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001040)={{r2}}) (async)
ioctl$MEDIA_IOC_SETUP_LINK(r1, 0xc0347c03, &(0x7f0000001040)={{r2}})
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0xffffd827, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"])
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, &(0x7f0000000000)=0x7e)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000001c0)={[0x1, 0x6, 0x0, 0x4, 0x10003, 0x0, 0x400200cc4, 0x10000, 0x4, 0x0, 0x0, 0x0, 0x2, 0x1, 0x6a, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
read$FUSE(r3, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280), 0x4d0100, 0x0)
dup(r7) (async)
r8 = dup(r7)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r9, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
r10 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f00000004c0)=ANY=[@ANYBLOB="bf0000000000000077020000000000008fffffffffffffff12d11f03b11d59db8240cef2757cb5bca13b4b36e5090286ca2cfa8464b38f4a5da3d5cb35c10afafbf2cb4880382327e48aaa936fee8e45903a0147cd9b3a8d78c514fd9485aa43ca478c4326debd5fc26023cc5271571b3b6eae61578c7fa53e75491979215e996f56082e2339cd3265db53c36952163392dd25389ea770951705bb999f75263f9763df9c34b5a9901f1e8dea3aa59786757fbda7188d1d3d3be1f28e3d6cefb4d1583e2b267093783602a03f6629a25815493f33fed329bca58b47e46d3aba0c27345c1b7d9e8210d0a73c654ceb"])
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)

40.028695ms ago: executing program 36 (id=4747):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x68000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]})
ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000d00)={0x8, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x411b00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x68000, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc}) (async)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x20, r2, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]}) (async)
ioctl$IOMMU_DESTROY$ioas(r1, 0x3b80, &(0x7f0000000d00)={0x8, r2}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x411b00, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async)

0s ago: executing program 37 (id=4745):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x181003)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc})
close(r2)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bb, 0x8, 0x4, {0x6, 0x2, 0x100000002, 0x0, 0x6, 0x4, 0x7fffffff, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r3 = openat$cgroup_type(r1, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_type(r3, &(0x7f0000000240), 0x9)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000001c0)={0x1, 0xfc})
r5 = dup(r4)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

kernel console output (not intermixed with test programs):

fa0 RCX: 00007f8612b8e929
[  593.637765][T18870] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  593.637777][T18870] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  593.637789][T18870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  593.637800][T18870] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  593.637831][T18870]  </TASK>
[  593.638570][T18870] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  593.759986][T18867] fido_id[18867]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  594.922997][T18891] usb usb8: usbfs: process 18891 (syz.1.3280) did not claim interface 0 before use
[  595.802774][T18916] FAULT_INJECTION: forcing a failure.
[  595.802774][T18916] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  595.829369][T18916] CPU: 0 UID: 0 PID: 18916 Comm: syz.2.3286 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  595.829399][T18916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  595.829411][T18916] Call Trace:
[  595.829419][T18916]  <TASK>
[  595.829428][T18916]  dump_stack_lvl+0x189/0x250
[  595.829457][T18916]  ? __pfx____ratelimit+0x10/0x10
[  595.829490][T18916]  ? __pfx_dump_stack_lvl+0x10/0x10
[  595.829512][T18916]  ? __pfx__printk+0x10/0x10
[  595.829537][T18916]  ? fs_reclaim_acquire+0x7d/0x100
[  595.829574][T18916]  should_fail_ex+0x414/0x560
[  595.829605][T18916]  prepare_alloc_pages+0x213/0x610
[  595.829642][T18916]  __alloc_frozen_pages_noprof+0x123/0x370
[  595.829675][T18916]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  595.829713][T18916]  ? policy_nodemask+0x27c/0x720
[  595.829745][T18916]  alloc_pages_mpol+0x232/0x4a0
[  595.829776][T18916]  alloc_pages_noprof+0xa9/0x190
[  595.829803][T18916]  get_free_pages_noprof+0xf/0x80
[  595.829832][T18916]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  595.829868][T18916]  mmu_topup_memory_caches+0xd6/0x170
[  595.829891][T18916]  kvm_mmu_load+0x9d/0x21f0
[  595.829908][T18916]  ? queue_delayed_work_on+0x1f7/0x280
[  595.829938][T18916]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  595.829965][T18916]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  595.829989][T18916]  ? kvm_apic_has_interrupt+0x744/0x770
[  595.830031][T18916]  vcpu_run+0x4833/0x6f70
[  595.830146][T18916]  ? __pfx_vcpu_run+0x10/0x10
[  595.830174][T18916]  ? __pfx___set_sregs_common+0x10/0x10
[  595.830203][T18916]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  595.830237][T18916]  ? __set_sregs+0x15a/0x200
[  595.830274][T18916]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  595.830312][T18916]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  595.830343][T18916]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  595.830407][T18916]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  595.830439][T18916]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  595.830469][T18916]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  595.830507][T18916]  kvm_vcpu_ioctl+0x95c/0xe90
[  595.830539][T18916]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  595.830561][T18916]  ? __lock_acquire+0xab9/0xd20
[  595.830605][T18916]  ? __fget_files+0x2a/0x420
[  595.830637][T18916]  ? __fget_files+0x2a/0x420
[  595.830662][T18916]  ? __fget_files+0x3a0/0x420
[  595.830688][T18916]  ? __fget_files+0x2a/0x420
[  595.830720][T18916]  ? bpf_lsm_file_ioctl+0x9/0x20
[  595.830741][T18916]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  595.830765][T18916]  __se_sys_ioctl+0xfc/0x170
[  595.830792][T18916]  do_syscall_64+0xfa/0x3b0
[  595.830810][T18916]  ? lockdep_hardirqs_on+0x9c/0x150
[  595.830839][T18916]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.830858][T18916]  ? clear_bhb_loop+0x60/0xb0
[  595.830882][T18916]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  595.830901][T18916] RIP: 0033:0x7fc708b8e929
[  595.830919][T18916] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  595.830936][T18916] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  595.830957][T18916] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  595.830972][T18916] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  595.830984][T18916] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  595.830996][T18916] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  595.831008][T18916] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  595.831041][T18916]  </TASK>
[  595.831856][T18916] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  597.070949][T18948] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.521873][   T30] audit: type=1400 audit(1750387805.386:18): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=5D9625292F2F2E212D pid=18957 comm="syz.5.3297"
[  597.582715][T18955] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.834323][T18964] syz.2.3299: attempt to access beyond end of device
[  597.834323][T18964] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  598.422088][T18979] syz.1.3304: attempt to access beyond end of device
[  598.422088][T18979] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  598.470539][T18979] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  599.008362][T18997] input: syz0 as /devices/virtual/input/input117
[  599.025529][ T3513] Bluetooth: hci3: Frame reassembly failed (-84)
[  600.239618][T19022] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  600.753025][T19036] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  601.106867][ T5845] Bluetooth: hci3: command 0x1003 tx timeout
[  601.107032][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  602.140749][T19083] vivid-003: disconnect
[  602.419488][T19082] vivid-003: reconnect
[  603.123030][T19117] FAULT_INJECTION: forcing a failure.
[  603.123030][T19117] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  603.137050][T19117] CPU: 1 UID: 0 PID: 19117 Comm: syz.2.3343 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  603.137077][T19117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  603.137089][T19117] Call Trace:
[  603.137097][T19117]  <TASK>
[  603.137106][T19117]  dump_stack_lvl+0x189/0x250
[  603.137145][T19117]  ? __pfx____ratelimit+0x10/0x10
[  603.137176][T19117]  ? __pfx_dump_stack_lvl+0x10/0x10
[  603.137198][T19117]  ? __pfx__printk+0x10/0x10
[  603.137222][T19117]  ? fs_reclaim_acquire+0x7d/0x100
[  603.137260][T19117]  should_fail_ex+0x414/0x560
[  603.137291][T19117]  prepare_alloc_pages+0x213/0x610
[  603.137326][T19117]  __alloc_frozen_pages_noprof+0x123/0x370
[  603.137360][T19117]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  603.137396][T19117]  ? policy_nodemask+0x27c/0x720
[  603.137427][T19117]  alloc_pages_mpol+0x232/0x4a0
[  603.137458][T19117]  alloc_pages_noprof+0xa9/0x190
[  603.137485][T19117]  get_free_pages_noprof+0xf/0x80
[  603.137514][T19117]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  603.137551][T19117]  mmu_topup_memory_caches+0xd6/0x170
[  603.137572][T19117]  kvm_mmu_load+0x9d/0x21f0
[  603.137589][T19117]  ? queue_delayed_work_on+0x1f7/0x280
[  603.137618][T19117]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  603.137645][T19117]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  603.137667][T19117]  ? kvm_apic_has_interrupt+0x744/0x770
[  603.137707][T19117]  vcpu_run+0x4833/0x6f70
[  603.137816][T19117]  ? __pfx_vcpu_run+0x10/0x10
[  603.137844][T19117]  ? __pfx___set_sregs_common+0x10/0x10
[  603.137872][T19117]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  603.137905][T19117]  ? __set_sregs+0x15a/0x200
[  603.137934][T19117]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  603.137971][T19117]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  603.137995][T19117]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  603.138060][T19117]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  603.138093][T19117]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  603.138123][T19117]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  603.138169][T19117]  kvm_vcpu_ioctl+0x95c/0xe90
[  603.138200][T19117]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  603.138221][T19117]  ? __lock_acquire+0xab9/0xd20
[  603.138265][T19117]  ? __fget_files+0x2a/0x420
[  603.138296][T19117]  ? __fget_files+0x2a/0x420
[  603.138322][T19117]  ? __fget_files+0x3a0/0x420
[  603.138348][T19117]  ? __fget_files+0x2a/0x420
[  603.138378][T19117]  ? bpf_lsm_file_ioctl+0x9/0x20
[  603.138398][T19117]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  603.138421][T19117]  __se_sys_ioctl+0xfc/0x170
[  603.138448][T19117]  do_syscall_64+0xfa/0x3b0
[  603.138466][T19117]  ? lockdep_hardirqs_on+0x9c/0x150
[  603.138494][T19117]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.138513][T19117]  ? clear_bhb_loop+0x60/0xb0
[  603.138537][T19117]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  603.138554][T19117] RIP: 0033:0x7fc708b8e929
[  603.138572][T19117] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  603.138588][T19117] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  603.138610][T19117] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  603.138623][T19117] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  603.138635][T19117] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  603.138647][T19117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  603.138658][T19117] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  603.138692][T19117]  </TASK>
[  603.139417][T19117] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  603.567720][T19126] loop6: detected capacity change from 0 to 4
[  604.316700][T19152] FAULT_INJECTION: forcing a failure.
[  604.316700][T19152] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  604.367008][T19152] CPU: 0 UID: 0 PID: 19152 Comm: syz.4.3353 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  604.367039][T19152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  604.367051][T19152] Call Trace:
[  604.367059][T19152]  <TASK>
[  604.367068][T19152]  dump_stack_lvl+0x189/0x250
[  604.367099][T19152]  ? __pfx____ratelimit+0x10/0x10
[  604.367129][T19152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  604.367152][T19152]  ? __pfx__printk+0x10/0x10
[  604.367177][T19152]  ? fs_reclaim_acquire+0x7d/0x100
[  604.367214][T19152]  should_fail_ex+0x414/0x560
[  604.367244][T19152]  prepare_alloc_pages+0x213/0x610
[  604.367281][T19152]  __alloc_frozen_pages_noprof+0x123/0x370
[  604.367315][T19152]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  604.367350][T19152]  ? policy_nodemask+0x27c/0x720
[  604.367380][T19152]  alloc_pages_mpol+0x232/0x4a0
[  604.367409][T19152]  alloc_pages_noprof+0xa9/0x190
[  604.367430][T19152]  get_free_pages_noprof+0xf/0x80
[  604.367463][T19152]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  604.367496][T19152]  mmu_topup_memory_caches+0xd6/0x170
[  604.367515][T19152]  kvm_mmu_load+0x9d/0x21f0
[  604.367530][T19152]  ? queue_delayed_work_on+0x1f7/0x280
[  604.367556][T19152]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  604.367579][T19152]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  604.367600][T19152]  ? kvm_apic_has_interrupt+0x744/0x770
[  604.367638][T19152]  vcpu_run+0x4833/0x6f70
[  604.367732][T19152]  ? __pfx_vcpu_run+0x10/0x10
[  604.367757][T19152]  ? __pfx___set_sregs_common+0x10/0x10
[  604.367782][T19152]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  604.367810][T19152]  ? __set_sregs+0x15a/0x200
[  604.367836][T19152]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  604.367868][T19152]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  604.367890][T19152]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  604.367946][T19152]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  604.367975][T19152]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  604.368001][T19152]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  604.368040][T19152]  kvm_vcpu_ioctl+0x95c/0xe90
[  604.368069][T19152]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  604.368087][T19152]  ? __lock_acquire+0xab9/0xd20
[  604.368126][T19152]  ? __fget_files+0x2a/0x420
[  604.368152][T19152]  ? __fget_files+0x2a/0x420
[  604.368174][T19152]  ? __fget_files+0x3a0/0x420
[  604.368197][T19152]  ? __fget_files+0x2a/0x420
[  604.368223][T19152]  ? bpf_lsm_file_ioctl+0x9/0x20
[  604.368241][T19152]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  604.368262][T19152]  __se_sys_ioctl+0xfc/0x170
[  604.368286][T19152]  do_syscall_64+0xfa/0x3b0
[  604.368301][T19152]  ? lockdep_hardirqs_on+0x9c/0x150
[  604.368325][T19152]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.368342][T19152]  ? clear_bhb_loop+0x60/0xb0
[  604.368363][T19152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.368379][T19152] RIP: 0033:0x7f8612b8e929
[  604.368395][T19152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.368410][T19152] RSP: 002b:00007f8613a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  604.368430][T19152] RAX: ffffffffffffffda RBX: 00007f8612db5fa0 RCX: 00007f8612b8e929
[  604.368442][T19152] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  604.368459][T19152] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  604.368469][T19152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  604.368479][T19152] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  604.368508][T19152]  </TASK>
[  604.375170][T19152] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  605.063262][T19166] input: syz1 as /devices/virtual/input/input118
[  605.858067][T19194] FAULT_INJECTION: forcing a failure.
[  605.858067][T19194] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  605.874994][T19194] CPU: 0 UID: 0 PID: 19194 Comm: syz.2.3365 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  605.875023][T19194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  605.875034][T19194] Call Trace:
[  605.875043][T19194]  <TASK>
[  605.875052][T19194]  dump_stack_lvl+0x189/0x250
[  605.875082][T19194]  ? __pfx____ratelimit+0x10/0x10
[  605.875112][T19194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  605.875134][T19194]  ? __pfx__printk+0x10/0x10
[  605.875159][T19194]  ? fs_reclaim_acquire+0x7d/0x100
[  605.875210][T19194]  should_fail_ex+0x414/0x560
[  605.875240][T19194]  prepare_alloc_pages+0x213/0x610
[  605.875277][T19194]  __alloc_frozen_pages_noprof+0x123/0x370
[  605.875310][T19194]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  605.875348][T19194]  ? policy_nodemask+0x27c/0x720
[  605.875379][T19194]  alloc_pages_mpol+0x232/0x4a0
[  605.875410][T19194]  alloc_pages_noprof+0xa9/0x190
[  605.875436][T19194]  get_free_pages_noprof+0xf/0x80
[  605.875463][T19194]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  605.875500][T19194]  mmu_topup_memory_caches+0xd6/0x170
[  605.875523][T19194]  kvm_mmu_load+0x9d/0x21f0
[  605.875540][T19194]  ? queue_delayed_work_on+0x1f7/0x280
[  605.875570][T19194]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  605.875597][T19194]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  605.875621][T19194]  ? kvm_apic_has_interrupt+0x744/0x770
[  605.875663][T19194]  vcpu_run+0x4833/0x6f70
[  605.875769][T19194]  ? __pfx_vcpu_run+0x10/0x10
[  605.875797][T19194]  ? __pfx___set_sregs_common+0x10/0x10
[  605.875826][T19194]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  605.875859][T19194]  ? __set_sregs+0x15a/0x200
[  605.875889][T19194]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  605.875927][T19194]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  605.875951][T19194]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  605.876015][T19194]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  605.876051][T19194]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  605.876079][T19194]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  605.876116][T19194]  kvm_vcpu_ioctl+0x95c/0xe90
[  605.876145][T19194]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  605.876165][T19194]  ? __lock_acquire+0xab9/0xd20
[  605.876217][T19194]  ? __fget_files+0x2a/0x420
[  605.876249][T19194]  ? __fget_files+0x2a/0x420
[  605.876275][T19194]  ? __fget_files+0x3a0/0x420
[  605.876300][T19194]  ? __fget_files+0x2a/0x420
[  605.876332][T19194]  ? bpf_lsm_file_ioctl+0x9/0x20
[  605.876353][T19194]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  605.876377][T19194]  __se_sys_ioctl+0xfc/0x170
[  605.876404][T19194]  do_syscall_64+0xfa/0x3b0
[  605.876423][T19194]  ? lockdep_hardirqs_on+0x9c/0x150
[  605.876448][T19194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.876468][T19194]  ? clear_bhb_loop+0x60/0xb0
[  605.876492][T19194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  605.876510][T19194] RIP: 0033:0x7fc708b8e929
[  605.876529][T19194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  605.876544][T19194] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  605.876566][T19194] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  605.876580][T19194] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  605.876592][T19194] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  605.876604][T19194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  605.876615][T19194] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  605.876648][T19194]  </TASK>
[  606.224107][    C0] vkms_vblank_simulate: vblank timer overrun
[  606.247335][T19194] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  606.300106][   T13] Bluetooth: hci3: Frame reassembly failed (-84)
[  606.300833][ T5845] Bluetooth: hci3: unexpected event 0x02 length: 0 < 1
[  606.472568][T19202] dlm: Unknown command passed to DLM device : 0
[  606.472568][T19202] 
[  606.722069][T19214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  607.040226][T19227] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  607.052960][T19226] iommufd_mock iommufd_mock0: Adding to iommu group 1
[  607.160456][T19229] FAULT_INJECTION: forcing a failure.
[  607.160456][T19229] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  607.174184][T19229] CPU: 0 UID: 0 PID: 19229 Comm: syz.5.3377 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  607.174213][T19229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  607.174224][T19229] Call Trace:
[  607.174231][T19229]  <TASK>
[  607.174238][T19229]  dump_stack_lvl+0x189/0x250
[  607.174261][T19229]  ? __pfx____ratelimit+0x10/0x10
[  607.174285][T19229]  ? __pfx_dump_stack_lvl+0x10/0x10
[  607.174302][T19229]  ? __pfx__printk+0x10/0x10
[  607.174321][T19229]  ? fs_reclaim_acquire+0x7d/0x100
[  607.174349][T19229]  should_fail_ex+0x414/0x560
[  607.174373][T19229]  prepare_alloc_pages+0x213/0x610
[  607.174400][T19229]  __alloc_frozen_pages_noprof+0x123/0x370
[  607.174427][T19229]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  607.174455][T19229]  ? policy_nodemask+0x27c/0x720
[  607.174479][T19229]  alloc_pages_mpol+0x232/0x4a0
[  607.174503][T19229]  alloc_pages_noprof+0xa9/0x190
[  607.174523][T19229]  get_free_pages_noprof+0xf/0x80
[  607.174545][T19229]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  607.174572][T19229]  mmu_topup_memory_caches+0xd6/0x170
[  607.174588][T19229]  kvm_mmu_load+0x9d/0x21f0
[  607.174601][T19229]  ? queue_delayed_work_on+0x1f7/0x280
[  607.174623][T19229]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  607.174644][T19229]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  607.174661][T19229]  ? kvm_apic_has_interrupt+0x744/0x770
[  607.174694][T19229]  vcpu_run+0x4833/0x6f70
[  607.174775][T19229]  ? __pfx_vcpu_run+0x10/0x10
[  607.174796][T19229]  ? __pfx___set_sregs_common+0x10/0x10
[  607.174818][T19229]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  607.174843][T19229]  ? __set_sregs+0x15a/0x200
[  607.174865][T19229]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  607.174893][T19229]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  607.174912][T19229]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  607.174960][T19229]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  607.174986][T19229]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  607.175008][T19229]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  607.175037][T19229]  kvm_vcpu_ioctl+0x95c/0xe90
[  607.175062][T19229]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  607.175078][T19229]  ? __lock_acquire+0xab9/0xd20
[  607.175111][T19229]  ? __fget_files+0x2a/0x420
[  607.175135][T19229]  ? __fget_files+0x2a/0x420
[  607.175155][T19229]  ? __fget_files+0x3a0/0x420
[  607.175181][T19229]  ? __fget_files+0x2a/0x420
[  607.175205][T19229]  ? bpf_lsm_file_ioctl+0x9/0x20
[  607.175221][T19229]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  607.175239][T19229]  __se_sys_ioctl+0xfc/0x170
[  607.175259][T19229]  do_syscall_64+0xfa/0x3b0
[  607.175272][T19229]  ? lockdep_hardirqs_on+0x9c/0x150
[  607.175294][T19229]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.175308][T19229]  ? clear_bhb_loop+0x60/0xb0
[  607.175326][T19229]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.175340][T19229] RIP: 0033:0x7f2bb818e929
[  607.175354][T19229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  607.175367][T19229] RSP: 002b:00007f2bb8f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  607.175383][T19229] RAX: ffffffffffffffda RBX: 00007f2bb83b5fa0 RCX: 00007f2bb818e929
[  607.175394][T19229] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  607.175403][T19229] RBP: 00007f2bb8f72090 R08: 0000000000000000 R09: 0000000000000000
[  607.175412][T19229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  607.175422][T19229] R13: 0000000000000000 R14: 00007f2bb83b5fa0 R15: 00007ffee25242d8
[  607.175447][T19229]  </TASK>
[  607.176036][T19229] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  607.529856][    C0] vkms_vblank_simulate: vblank timer overrun
[  608.097019][T19252] vivid-001: =================  START STATUS  =================
[  608.104937][T19252] vivid-001: Radio HW Seek Mode: Bounded
[  608.141279][T19252] vivid-001: Radio Programmable HW Seek: false
[  608.163938][T19252] vivid-001: RDS Rx I/O Mode: Block I/O
[  608.214024][T19252] vivid-001: Generate RBDS Instead of RDS: false
[  608.236129][T19252] vivid-001: RDS Reception: true
[  608.241262][T19252] vivid-001: RDS Program Type: 0 inactive
[  608.296123][T19252] vivid-001: RDS PS Name:  inactive
[  608.306249][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  608.326100][T19252] vivid-001: RDS Radio Text:  inactive
[  608.341760][T19252] vivid-001: RDS Traffic Announcement: false inactive
[  608.348835][T19252] vivid-001: RDS Traffic Program: false inactive
[  608.369076][T19252] vivid-001: RDS Music: false inactive
[  608.375050][T19252] vivid-001: ==================  END STATUS  ==================
[  608.700713][T19262] FAULT_INJECTION: forcing a failure.
[  608.700713][T19262] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  608.731235][T19262] CPU: 0 UID: 0 PID: 19262 Comm: syz.4.3388 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  608.731267][T19262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  608.731279][T19262] Call Trace:
[  608.731287][T19262]  <TASK>
[  608.731297][T19262]  dump_stack_lvl+0x189/0x250
[  608.731326][T19262]  ? __pfx____ratelimit+0x10/0x10
[  608.731358][T19262]  ? __pfx_dump_stack_lvl+0x10/0x10
[  608.731379][T19262]  ? __pfx__printk+0x10/0x10
[  608.731404][T19262]  ? fs_reclaim_acquire+0x7d/0x100
[  608.731442][T19262]  should_fail_ex+0x414/0x560
[  608.731473][T19262]  prepare_alloc_pages+0x213/0x610
[  608.731511][T19262]  __alloc_frozen_pages_noprof+0x123/0x370
[  608.731544][T19262]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  608.731582][T19262]  ? policy_nodemask+0x27c/0x720
[  608.731613][T19262]  alloc_pages_mpol+0x232/0x4a0
[  608.731644][T19262]  alloc_pages_noprof+0xa9/0x190
[  608.731672][T19262]  get_free_pages_noprof+0xf/0x80
[  608.731700][T19262]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  608.731737][T19262]  mmu_topup_memory_caches+0xd6/0x170
[  608.731759][T19262]  kvm_mmu_load+0x9d/0x21f0
[  608.731777][T19262]  ? queue_delayed_work_on+0x1f7/0x280
[  608.731806][T19262]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  608.731833][T19262]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  608.731856][T19262]  ? kvm_apic_has_interrupt+0x744/0x770
[  608.731899][T19262]  vcpu_run+0x4833/0x6f70
[  608.732008][T19262]  ? __pfx_vcpu_run+0x10/0x10
[  608.732037][T19262]  ? __pfx___set_sregs_common+0x10/0x10
[  608.732065][T19262]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  608.732099][T19262]  ? __set_sregs+0x15a/0x200
[  608.732137][T19262]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  608.732175][T19262]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  608.732200][T19262]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  608.732265][T19262]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  608.732298][T19262]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  608.732328][T19262]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  608.732367][T19262]  kvm_vcpu_ioctl+0x95c/0xe90
[  608.732397][T19262]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  608.732418][T19262]  ? __lock_acquire+0xab9/0xd20
[  608.732463][T19262]  ? __fget_files+0x2a/0x420
[  608.732495][T19262]  ? __fget_files+0x2a/0x420
[  608.732521][T19262]  ? __fget_files+0x3a0/0x420
[  608.732547][T19262]  ? __fget_files+0x2a/0x420
[  608.732579][T19262]  ? bpf_lsm_file_ioctl+0x9/0x20
[  608.732600][T19262]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  608.732624][T19262]  __se_sys_ioctl+0xfc/0x170
[  608.732651][T19262]  do_syscall_64+0xfa/0x3b0
[  608.732669][T19262]  ? lockdep_hardirqs_on+0x9c/0x150
[  608.732697][T19262]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.732716][T19262]  ? clear_bhb_loop+0x60/0xb0
[  608.732740][T19262]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  608.732759][T19262] RIP: 0033:0x7f8612b8e929
[  608.732777][T19262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  608.732793][T19262] RSP: 002b:00007f8613a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  608.732816][T19262] RAX: ffffffffffffffda RBX: 00007f8612db5fa0 RCX: 00007f8612b8e929
[  608.732830][T19262] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  608.732842][T19262] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  608.732854][T19262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  608.732866][T19262] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  608.732900][T19262]  </TASK>
[  608.733659][T19262] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  609.916837][T19290] FAULT_INJECTION: forcing a failure.
[  609.916837][T19290] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  609.934330][T19290] CPU: 0 UID: 0 PID: 19290 Comm: syz.1.3398 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  609.934359][T19290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  609.934371][T19290] Call Trace:
[  609.934379][T19290]  <TASK>
[  609.934388][T19290]  dump_stack_lvl+0x189/0x250
[  609.934426][T19290]  ? __pfx____ratelimit+0x10/0x10
[  609.934456][T19290]  ? __pfx_dump_stack_lvl+0x10/0x10
[  609.934477][T19290]  ? __pfx__printk+0x10/0x10
[  609.934500][T19290]  ? fs_reclaim_acquire+0x7d/0x100
[  609.934537][T19290]  should_fail_ex+0x414/0x560
[  609.934567][T19290]  prepare_alloc_pages+0x213/0x610
[  609.934603][T19290]  __alloc_frozen_pages_noprof+0x123/0x370
[  609.934635][T19290]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  609.934672][T19290]  ? policy_nodemask+0x27c/0x720
[  609.934703][T19290]  alloc_pages_mpol+0x232/0x4a0
[  609.934734][T19290]  alloc_pages_noprof+0xa9/0x190
[  609.934760][T19290]  get_free_pages_noprof+0xf/0x80
[  609.934788][T19290]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  609.934824][T19290]  mmu_topup_memory_caches+0xd6/0x170
[  609.934846][T19290]  kvm_mmu_load+0x9d/0x21f0
[  609.934863][T19290]  ? queue_delayed_work_on+0x1f7/0x280
[  609.934892][T19290]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  609.934917][T19290]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  609.934940][T19290]  ? kvm_apic_has_interrupt+0x744/0x770
[  609.934982][T19290]  vcpu_run+0x4833/0x6f70
[  609.935004][T19290]  ? rcu_is_watching+0x15/0xb0
[  609.935178][T19290]  ? __pfx_vcpu_run+0x10/0x10
[  609.935201][T19290]  ? __pfx___set_sregs_common+0x10/0x10
[  609.935228][T19290]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  609.935261][T19290]  ? __set_sregs+0x15a/0x200
[  609.935291][T19290]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  609.935327][T19290]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  609.935351][T19290]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  609.935422][T19290]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  609.935454][T19290]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  609.935483][T19290]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  609.935520][T19290]  kvm_vcpu_ioctl+0x95c/0xe90
[  609.935552][T19290]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  609.935572][T19290]  ? __lock_acquire+0xab9/0xd20
[  609.935616][T19290]  ? __fget_files+0x2a/0x420
[  609.935646][T19290]  ? __fget_files+0x2a/0x420
[  609.935671][T19290]  ? __fget_files+0x3a0/0x420
[  609.935696][T19290]  ? __fget_files+0x2a/0x420
[  609.935728][T19290]  ? bpf_lsm_file_ioctl+0x9/0x20
[  609.935754][T19290]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  609.935778][T19290]  __se_sys_ioctl+0xfc/0x170
[  609.935805][T19290]  do_syscall_64+0xfa/0x3b0
[  609.935823][T19290]  ? lockdep_hardirqs_on+0x9c/0x150
[  609.935850][T19290]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.935869][T19290]  ? clear_bhb_loop+0x60/0xb0
[  609.935893][T19290]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  609.935912][T19290] RIP: 0033:0x7f96c258e929
[  609.935930][T19290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  609.935946][T19290] RSP: 002b:00007f96c3395038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  609.935967][T19290] RAX: ffffffffffffffda RBX: 00007f96c27b5fa0 RCX: 00007f96c258e929
[  609.935981][T19290] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  609.935992][T19290] RBP: 00007f96c3395090 R08: 0000000000000000 R09: 0000000000000000
[  609.936004][T19290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  609.936016][T19290] R13: 0000000000000000 R14: 00007f96c27b5fa0 R15: 00007ffeb9426068
[  609.936047][T19290]  </TASK>
[  610.289242][    C0] vkms_vblank_simulate: vblank timer overrun
[  610.312508][T19290] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  610.947982][T19316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  611.425028][T19330] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  611.440722][T19330] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  611.450315][T19332] usb usb8: usbfs: process 19332 (syz.2.3408) did not claim interface 0 before use
[  611.868979][T19327] loop6: detected capacity change from 0 to 524287999
[  612.930105][T19368] blktrace: Concurrent blktraces are not allowed on sg0
[  613.256494][T19376] random: crng reseeded on system resumption
[  614.360464][T19404] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.861849][T19414] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  615.359542][T19429] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  615.569527][T19433] vivid-000: =================  START STATUS  =================
[  615.577660][T19433] vivid-000: Test Pattern: 75% Colorbar
[  615.583615][T19433] vivid-000: Fill Percentage of Frame: 100
[  615.591175][T19433] vivid-000: Horizontal Movement: Move Left Slow
[  615.602908][T19433] vivid-000: Vertical Movement: Move Up Slow
[  615.610251][T19433] vivid-000: OSD Text Mode: All
[  615.615478][T19433] vivid-000: Show Border: false
[  615.624805][T19433] vivid-000: Show Square: true
[  615.630768][T19433] vivid-000: Sensor Flipped Horizontally: true
[  615.639932][T19433] vivid-000: Sensor Flipped Vertically: true
[  615.645998][T19433] vivid-000: Insert SAV Code in Image: false
[  615.653513][T19433] vivid-000: Insert EAV Code in Image: true
[  615.664392][T19433] vivid-000: Insert Video Guard Band: false
[  615.672202][T19433] vivid-000: Reduced Framerate: true
[  615.681567][T19433] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  615.691206][T19433] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  615.703496][T19433] vivid-000: Enable Capture Cropping: false
[  615.713538][T19433] vivid-000: Enable Capture Composing: false
[  615.725712][T19433] vivid-000: Enable Capture Scaler: true
[  615.734684][T19433] vivid-000: Timestamp Source: End of Frame
[  615.744007][T19433] vivid-000: Colorspace: sRGB
[  615.750460][T19433] vivid-000: Transfer Function: Default
[  615.761365][T19433] vivid-000: Y'CbCr Encoding: Default
[  615.768373][T19433] vivid-000: HSV Encoding: Hue 0-256
[  615.774357][T19433] vivid-000: Quantization: Limited Range
[  615.783989][T19433] vivid-000: Apply Alpha To Red Only: true
[  615.793178][T19433] vivid-000: Standard Aspect Ratio: 14x9
[  615.802092][T19433] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  615.813222][T19433] vivid-000: DV Timings: 640x480p59 inactive
[  615.824862][T19433] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  615.839150][T19433] vivid-000: Maximum EDID Blocks: 2
[  615.844614][T19433] vivid-000: Limited RGB Range (16-235): false
[  615.852599][T19433] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[  615.864015][T19433] vivid-000: Power Present: 0x00000001
[  615.870584][T19433] tpg source WxH: 320x180 (R'G'B)
[  615.876988][T19433] tpg field: 1
[  615.881390][T19433] tpg crop: (0,0)/320x180
[  615.885895][T19433] tpg compose: (0,0)/320x180
[  615.890916][T19433] tpg colorspace: 6
[  615.899074][T19433] tpg transfer function: 0/1
[  615.904043][T19433] tpg quantization: 2/2
[  615.911774][T19433] tpg RGB range: 0/2
[  615.923826][T19433] vivid-000: ==================  END STATUS  ==================
[  622.567115][T19598] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  622.609020][T19601] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  623.143866][T19605] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.606859][T19609] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  624.714398][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  624.728592][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  624.934854][T19661] input input119: cannot allocate more than FF_MAX_EFFECTS effects
[  625.005447][T19663] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  625.016607][T19663] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  627.378971][   T12] Bluetooth: hci3: Frame reassembly failed (-90)
[  627.390493][T19723] Bluetooth: hci3: Frame reassembly failed (-84)
[  627.403230][T19723] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  627.700952][T19736] mkiss: ax0: crc mode is auto.
[  627.830863][T19736] mkiss: ax1: crc mode is auto.
[  627.913243][T19741] Context (ID=0x1) not attached to queue pair (handle=0x4d6:0x8)
[  629.362091][T19778] tun0: tun_chr_ioctl cmd 1074025675
[  629.368876][T19778] tun0: persist disabled
[  629.416411][ T5845] Bluetooth: hci3: command 0x1003 tx timeout
[  629.423551][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  630.564514][T19818] random: crng reseeded on system resumption
[  630.670526][T19819] input: syz1 as /devices/virtual/input/input121
[  632.159500][T19853] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  632.207884][T19858] FAULT_INJECTION: forcing a failure.
[  632.207884][T19858] name failslab, interval 1, probability 0, space 0, times 0
[  632.221377][T19858] CPU: 0 UID: 0 PID: 19858 Comm: syz.5.3556 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  632.221401][T19858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  632.221411][T19858] Call Trace:
[  632.221418][T19858]  <TASK>
[  632.221426][T19858]  dump_stack_lvl+0x189/0x250
[  632.221451][T19858]  ? __pfx____ratelimit+0x10/0x10
[  632.221478][T19858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.221496][T19858]  ? __pfx__printk+0x10/0x10
[  632.221519][T19858]  ? __pfx___might_resched+0x10/0x10
[  632.221538][T19858]  ? fs_reclaim_acquire+0x7d/0x100
[  632.221565][T19858]  should_fail_ex+0x414/0x560
[  632.221593][T19858]  should_failslab+0xa8/0x100
[  632.221632][T19858]  kmem_cache_alloc_noprof+0x73/0x3c0
[  632.221650][T19858]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  632.221673][T19858]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  632.221703][T19858]  kvm_mmu_load+0x9d/0x21f0
[  632.221718][T19858]  ? queue_delayed_work_on+0x1f7/0x280
[  632.221742][T19858]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  632.221764][T19858]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  632.221783][T19858]  ? kvm_apic_has_interrupt+0x744/0x770
[  632.221818][T19858]  vcpu_run+0x4833/0x6f70
[  632.221912][T19858]  ? __pfx_vcpu_run+0x10/0x10
[  632.221936][T19858]  ? __pfx___set_sregs_common+0x10/0x10
[  632.221959][T19858]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  632.221987][T19858]  ? __set_sregs+0x15a/0x200
[  632.222013][T19858]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  632.222044][T19858]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  632.222066][T19858]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  632.222126][T19858]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  632.222159][T19858]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  632.222189][T19858]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  632.222234][T19858]  kvm_vcpu_ioctl+0x95c/0xe90
[  632.222266][T19858]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  632.222296][T19858]  ? __lock_acquire+0xab9/0xd20
[  632.222340][T19858]  ? __fget_files+0x2a/0x420
[  632.222372][T19858]  ? __fget_files+0x2a/0x420
[  632.222397][T19858]  ? __fget_files+0x3a0/0x420
[  632.222423][T19858]  ? __fget_files+0x2a/0x420
[  632.222451][T19858]  ? bpf_lsm_file_ioctl+0x9/0x20
[  632.222470][T19858]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  632.222493][T19858]  __se_sys_ioctl+0xfc/0x170
[  632.222520][T19858]  do_syscall_64+0xfa/0x3b0
[  632.222539][T19858]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.222567][T19858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.222587][T19858]  ? clear_bhb_loop+0x60/0xb0
[  632.222611][T19858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.222630][T19858] RIP: 0033:0x7f2bb818e929
[  632.222648][T19858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  632.222666][T19858] RSP: 002b:00007f2bb8f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  632.222687][T19858] RAX: ffffffffffffffda RBX: 00007f2bb83b5fa0 RCX: 00007f2bb818e929
[  632.222701][T19858] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  632.222712][T19858] RBP: 00007f2bb8f72090 R08: 0000000000000000 R09: 0000000000000000
[  632.222724][T19858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  632.222735][T19858] R13: 0000000000000000 R14: 00007f2bb83b5fa0 R15: 00007ffee25242d8
[  632.222768][T19858]  </TASK>
[  632.628529][T19856] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  632.703305][T19861] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  633.701519][T19879] syz.4.3561: attempt to access beyond end of device
[  633.701519][T19879] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  633.954823][T19886] input: syz1 as /devices/virtual/input/input122
[  634.291549][T19895] binder: 19894:19895 ioctl c0306201 200000000300 returned -22
[  634.336632][T19895] binder: 19894:19895 ioctl c018620c 200000000000 returned -22
[  634.646897][T19905] FAULT_INJECTION: forcing a failure.
[  634.646897][T19905] name failslab, interval 1, probability 0, space 0, times 0
[  634.680047][T19905] CPU: 0 UID: 0 PID: 19905 Comm: syz.2.3566 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  634.680077][T19905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  634.680088][T19905] Call Trace:
[  634.680097][T19905]  <TASK>
[  634.680105][T19905]  dump_stack_lvl+0x189/0x250
[  634.680135][T19905]  ? __pfx____ratelimit+0x10/0x10
[  634.680164][T19905]  ? __pfx_dump_stack_lvl+0x10/0x10
[  634.680184][T19905]  ? __pfx__printk+0x10/0x10
[  634.680210][T19905]  ? __pfx___might_resched+0x10/0x10
[  634.680231][T19905]  ? fs_reclaim_acquire+0x7d/0x100
[  634.680263][T19905]  should_fail_ex+0x414/0x560
[  634.680310][T19905]  should_failslab+0xa8/0x100
[  634.680338][T19905]  kmem_cache_alloc_noprof+0x73/0x3c0
[  634.680359][T19905]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  634.680386][T19905]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  634.680421][T19905]  kvm_mmu_load+0x9d/0x21f0
[  634.680439][T19905]  ? queue_delayed_work_on+0x1f7/0x280
[  634.680468][T19905]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  634.680495][T19905]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  634.680519][T19905]  ? kvm_apic_has_interrupt+0x744/0x770
[  634.680560][T19905]  vcpu_run+0x4833/0x6f70
[  634.680667][T19905]  ? __pfx_vcpu_run+0x10/0x10
[  634.680695][T19905]  ? __pfx___set_sregs_common+0x10/0x10
[  634.680723][T19905]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  634.680755][T19905]  ? __set_sregs+0x15a/0x200
[  634.680781][T19905]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  634.680841][T19905]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  634.680866][T19905]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  634.680929][T19905]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  634.680961][T19905]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  634.680990][T19905]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  634.681027][T19905]  kvm_vcpu_ioctl+0x95c/0xe90
[  634.681059][T19905]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  634.681081][T19905]  ? __lock_acquire+0xab9/0xd20
[  634.681124][T19905]  ? __fget_files+0x2a/0x420
[  634.681157][T19905]  ? __fget_files+0x2a/0x420
[  634.681182][T19905]  ? __fget_files+0x3a0/0x420
[  634.681209][T19905]  ? __fget_files+0x2a/0x420
[  634.681240][T19905]  ? bpf_lsm_file_ioctl+0x9/0x20
[  634.681261][T19905]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  634.681294][T19905]  __se_sys_ioctl+0xfc/0x170
[  634.681321][T19905]  do_syscall_64+0xfa/0x3b0
[  634.681339][T19905]  ? lockdep_hardirqs_on+0x9c/0x150
[  634.681367][T19905]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.681386][T19905]  ? clear_bhb_loop+0x60/0xb0
[  634.681410][T19905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  634.681428][T19905] RIP: 0033:0x7fc708b8e929
[  634.681447][T19905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  634.681463][T19905] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  634.681485][T19905] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  634.681499][T19905] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  634.681512][T19905] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  634.681523][T19905] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  634.681534][T19905] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  634.681562][T19905]  </TASK>
[  636.827404][T19954] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  636.890719][T19954] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  636.997202][T19957] syz.5.3575: attempt to access beyond end of device
[  636.997202][T19957] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  637.081614][T19963] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  637.163083][T19966] FAULT_INJECTION: forcing a failure.
[  637.163083][T19966] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  637.193798][T19966] CPU: 1 UID: 0 PID: 19966 Comm: syz.2.3578 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  637.193828][T19966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  637.193839][T19966] Call Trace:
[  637.193848][T19966]  <TASK>
[  637.193856][T19966]  dump_stack_lvl+0x189/0x250
[  637.193887][T19966]  ? __pfx____ratelimit+0x10/0x10
[  637.193917][T19966]  ? __pfx_dump_stack_lvl+0x10/0x10
[  637.193939][T19966]  ? __pfx__printk+0x10/0x10
[  637.193963][T19966]  ? fs_reclaim_acquire+0x7d/0x100
[  637.194000][T19966]  should_fail_ex+0x414/0x560
[  637.194029][T19966]  prepare_alloc_pages+0x213/0x610
[  637.194066][T19966]  __alloc_frozen_pages_noprof+0x123/0x370
[  637.194099][T19966]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  637.194136][T19966]  ? policy_nodemask+0x27c/0x720
[  637.194167][T19966]  alloc_pages_mpol+0x232/0x4a0
[  637.194198][T19966]  alloc_pages_noprof+0xa9/0x190
[  637.194225][T19966]  get_free_pages_noprof+0xf/0x80
[  637.194252][T19966]  __kvm_mmu_topup_memory_cache+0x24f/0x610
[  637.194296][T19966]  mmu_topup_memory_caches+0xd6/0x170
[  637.194319][T19966]  kvm_mmu_load+0x9d/0x21f0
[  637.194336][T19966]  ? queue_delayed_work_on+0x1f7/0x280
[  637.194365][T19966]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  637.194392][T19966]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  637.194416][T19966]  ? kvm_apic_has_interrupt+0x744/0x770
[  637.194457][T19966]  vcpu_run+0x4833/0x6f70
[  637.194566][T19966]  ? __pfx_vcpu_run+0x10/0x10
[  637.194594][T19966]  ? __pfx___set_sregs_common+0x10/0x10
[  637.194622][T19966]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  637.194655][T19966]  ? __set_sregs+0x15a/0x200
[  637.194685][T19966]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  637.194723][T19966]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  637.194746][T19966]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  637.194810][T19966]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  637.194843][T19966]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  637.194873][T19966]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  637.194911][T19966]  kvm_vcpu_ioctl+0x95c/0xe90
[  637.194943][T19966]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  637.194963][T19966]  ? __lock_acquire+0xab9/0xd20
[  637.195007][T19966]  ? __fget_files+0x2a/0x420
[  637.195037][T19966]  ? __fget_files+0x2a/0x420
[  637.195062][T19966]  ? __fget_files+0x3a0/0x420
[  637.195089][T19966]  ? __fget_files+0x2a/0x420
[  637.195120][T19966]  ? bpf_lsm_file_ioctl+0x9/0x20
[  637.195141][T19966]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  637.195165][T19966]  __se_sys_ioctl+0xfc/0x170
[  637.195191][T19966]  do_syscall_64+0xfa/0x3b0
[  637.195209][T19966]  ? lockdep_hardirqs_on+0x9c/0x150
[  637.195236][T19966]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.195255][T19966]  ? clear_bhb_loop+0x60/0xb0
[  637.195286][T19966]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  637.195304][T19966] RIP: 0033:0x7fc708b8e929
[  637.195322][T19966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  637.195338][T19966] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  637.195360][T19966] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  637.195374][T19966] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  637.195386][T19966] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  637.195397][T19966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.195408][T19966] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  637.195441][T19966]  </TASK>
[  637.542702][    C1] vkms_vblank_simulate: vblank timer overrun
[  637.553125][T19966] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  637.752620][T19973] input: syz1 as /devices/virtual/input/input123
[  637.892136][T18017] Bluetooth: hci3: Frame reassembly failed (-84)
[  638.738375][T20003] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  638.841529][T20009] FAULT_INJECTION: forcing a failure.
[  638.841529][T20009] name failslab, interval 1, probability 0, space 0, times 0
[  638.855400][T20009] CPU: 1 UID: 0 PID: 20009 Comm: syz.5.3589 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  638.855427][T20009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  638.855438][T20009] Call Trace:
[  638.855446][T20009]  <TASK>
[  638.855453][T20009]  dump_stack_lvl+0x189/0x250
[  638.855476][T20009]  ? __pfx____ratelimit+0x10/0x10
[  638.855501][T20009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  638.855518][T20009]  ? __pfx__printk+0x10/0x10
[  638.855540][T20009]  ? __pfx___might_resched+0x10/0x10
[  638.855556][T20009]  ? fs_reclaim_acquire+0x7d/0x100
[  638.855581][T20009]  should_fail_ex+0x414/0x560
[  638.855605][T20009]  should_failslab+0xa8/0x100
[  638.855626][T20009]  kmem_cache_alloc_noprof+0x73/0x3c0
[  638.855643][T20009]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  638.855664][T20009]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  638.855691][T20009]  kvm_mmu_load+0x9d/0x21f0
[  638.855705][T20009]  ? queue_delayed_work_on+0x1f7/0x280
[  638.855726][T20009]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  638.855747][T20009]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  638.855765][T20009]  ? kvm_apic_has_interrupt+0x744/0x770
[  638.855798][T20009]  vcpu_run+0x4833/0x6f70
[  638.855880][T20009]  ? __pfx_vcpu_run+0x10/0x10
[  638.855901][T20009]  ? __pfx___set_sregs_common+0x10/0x10
[  638.855923][T20009]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  638.855948][T20009]  ? __set_sregs+0x15a/0x200
[  638.855972][T20009]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  638.856000][T20009]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  638.856018][T20009]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  638.856080][T20009]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  638.856112][T20009]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  638.856137][T20009]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  638.856166][T20009]  kvm_vcpu_ioctl+0x95c/0xe90
[  638.856191][T20009]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  638.856216][T20009]  ? __lock_acquire+0xab9/0xd20
[  638.856249][T20009]  ? __fget_files+0x2a/0x420
[  638.856274][T20009]  ? __fget_files+0x2a/0x420
[  638.856293][T20009]  ? __fget_files+0x3a0/0x420
[  638.856313][T20009]  ? __fget_files+0x2a/0x420
[  638.856336][T20009]  ? bpf_lsm_file_ioctl+0x9/0x20
[  638.856352][T20009]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  638.856370][T20009]  __se_sys_ioctl+0xfc/0x170
[  638.856390][T20009]  do_syscall_64+0xfa/0x3b0
[  638.856404][T20009]  ? lockdep_hardirqs_on+0x9c/0x150
[  638.856425][T20009]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.856439][T20009]  ? clear_bhb_loop+0x60/0xb0
[  638.856458][T20009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  638.856471][T20009] RIP: 0033:0x7f2bb818e929
[  638.856485][T20009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  638.856498][T20009] RSP: 002b:00007f2bb8f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  638.856515][T20009] RAX: ffffffffffffffda RBX: 00007f2bb83b5fa0 RCX: 00007f2bb818e929
[  638.856526][T20009] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  638.856535][T20009] RBP: 00007f2bb8f72090 R08: 0000000000000000 R09: 0000000000000000
[  638.856544][T20009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.856553][T20009] R13: 0000000000000000 R14: 00007f2bb83b5fa0 R15: 00007ffee25242d8
[  638.856577][T20009]  </TASK>
[  639.179435][    C1] vkms_vblank_simulate: vblank timer overrun
[  639.898710][ T5845] Bluetooth: hci3: command 0x1003 tx timeout
[  639.905130][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  640.150965][T20057] vivid-000: disconnect
[  640.676608][T20055] vivid-000: reconnect
[  640.844522][T20069] input: syz0 as /devices/virtual/input/input124
[  641.330956][T20075] ALSA: mixer_oss: invalid OSS volume ''
[  641.762988][T20088] vim2m vim2m.0: Fourcc format (0x56595559) invalid.
[  641.777786][T20088] kernel profiling enabled (shift: 63)
[  641.792781][T20088] profiling shift: 63 too large
[  642.493243][T20111] PM: Enabling pm_trace changes system date and time during resume.
[  642.493243][T20111] PM: Correct system time has to be restored manually after resume.
[  644.042036][T20168] syz.5.3632: vmalloc error: size 2768896, failed to allocated page array size 5408, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  644.066484][T20168] CPU: 0 UID: 0 PID: 20168 Comm: syz.5.3632 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  644.066513][T20168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  644.066524][T20168] Call Trace:
[  644.066532][T20168]  <TASK>
[  644.066541][T20168]  dump_stack_lvl+0x189/0x250
[  644.066575][T20168]  ? __pfx_dump_stack_lvl+0x10/0x10
[  644.066597][T20168]  ? __pfx__printk+0x10/0x10
[  644.066621][T20168]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  644.066743][T20168]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  644.066769][T20168]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  644.066798][T20168]  warn_alloc+0x214/0x310
[  644.066832][T20168]  ? __pfx_warn_alloc+0x10/0x10
[  644.066869][T20168]  ? __get_vm_area_node+0x28f/0x300
[  644.066895][T20168]  ? vb2_vmalloc_alloc+0xef/0x340
[  644.066952][T20168]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  644.067024][T20168]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  644.067056][T20168]  ? __kasan_kmalloc+0x93/0xb0
[  644.067106][T20168]  vmalloc_user_noprof+0xad/0xf0
[  644.067131][T20168]  ? vb2_vmalloc_alloc+0xef/0x340
[  644.067153][T20168]  vb2_vmalloc_alloc+0xef/0x340
[  644.067174][T20168]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  644.067196][T20168]  __vb2_queue_alloc+0x9bf/0x15a0
[  644.067250][T20168]  vb2_core_reqbufs+0xc31/0x1420
[  644.067291][T20168]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  644.067309][T20168]  ? vb2_verify_memory_type+0x1fc/0x570
[  644.067331][T20168]  ? vb2_reqbufs+0x3a9/0x630
[  644.067371][T20168]  v4l2_m2m_ioctl_reqbufs+0x10d/0x200
[  644.067426][T20168]  __video_do_ioctl+0xc98/0xdb0
[  644.067479][T20168]  ? __pfx___video_do_ioctl+0x10/0x10
[  644.067518][T20168]  video_usercopy+0x86e/0x14f0
[  644.067552][T20168]  ? __pfx___video_do_ioctl+0x10/0x10
[  644.067573][T20168]  ? __pfx_video_usercopy+0x10/0x10
[  644.067607][T20168]  ? __fget_files+0x2a/0x420
[  644.067639][T20168]  ? __fget_files+0x2a/0x420
[  644.067665][T20168]  ? __fget_files+0x3a0/0x420
[  644.067696][T20168]  v4l2_ioctl+0x18d/0x1e0
[  644.067718][T20168]  ? __pfx_v4l2_ioctl+0x10/0x10
[  644.067739][T20168]  __se_sys_ioctl+0xfc/0x170
[  644.067766][T20168]  do_syscall_64+0xfa/0x3b0
[  644.067786][T20168]  ? lockdep_hardirqs_on+0x9c/0x150
[  644.067814][T20168]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.067833][T20168]  ? clear_bhb_loop+0x60/0xb0
[  644.067858][T20168]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  644.067875][T20168] RIP: 0033:0x7f2bb818e929
[  644.067893][T20168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  644.067910][T20168] RSP: 002b:00007f2bb8f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  644.067932][T20168] RAX: ffffffffffffffda RBX: 00007f2bb83b5fa0 RCX: 00007f2bb818e929
[  644.067946][T20168] RDX: 0000200000000080 RSI: 00000000c0145608 RDI: 0000000000000009
[  644.067959][T20168] RBP: 00007f2bb8210b39 R08: 0000000000000000 R09: 0000000000000000
[  644.067970][T20168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  644.068067][T20168] R13: 0000000000000000 R14: 00007f2bb83b5fa0 R15: 00007ffee25242d8
[  644.068111][T20168]  </TASK>
[  644.068120][T20168] Mem-Info:
[  644.406135][T20168] active_anon:12059 inactive_anon:0 isolated_anon:0
[  644.406135][T20168]  active_file:17582 inactive_file:44206 isolated_file:0
[  644.406135][T20168]  unevictable:768 dirty:2832 writeback:0
[  644.406135][T20168]  slab_reclaimable:12307 slab_unreclaimable:95421
[  644.406135][T20168]  mapped:24216 shmem:5478 pagetables:1423
[  644.406135][T20168]  sec_pagetables:0 bounce:0
[  644.406135][T20168]  kernel_misc_reclaimable:0
[  644.406135][T20168]  free:1310786 free_pcp:20162 free_cma:0
[  644.468926][T20168] Node 0 active_anon:46036kB inactive_anon:0kB active_file:70328kB inactive_file:176624kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:100864kB dirty:11328kB writeback:0kB shmem:20376kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11696kB pagetables:5440kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  644.502724][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.511567][T20168] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  644.543253][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.557723][T20168] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  644.586566][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.594205][T20168] lowmem_reserve[]: 0 2497 2498 2498 2498
[  644.594292][T20168] Node 0 DMA32 free:1331264kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48692kB inactive_anon:0kB active_file:70328kB inactive_file:175308kB unevictable:1536kB writepending:11328kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:54380kB local_pcp:21400kB free_cma:0kB
[  644.633308][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.639877][T20168] lowmem_reserve[]: 0 0 1 1 1
[  644.639929][T20168] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  644.639980][T20168] lowmem_reserve[]: 0 0 0 0 0
[  644.640022][T20168] Node 1 Normal free:3903000kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:19780kB local_pcp:8916kB free_cma:0kB
[  644.640075][T20168] lowmem_reserve[]: 0 0 0 0 0
[  644.640119][T20168] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  644.640304][T20168] Node 0 DMA32: 1722*4kB (UME) 1572*8kB (UME) 924*16kB (UME) 636*32kB (UME) 93*64kB (ME) 25*128kB (ME) 17*256kB (UME) 39*512kB (UM) 34*1024kB (UME) 2*2048kB (U) 294*4096kB (UM) = 1331208kB
[  644.640493][T20168] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB
[  644.640619][T20168] Node 1 Normal: 184*4kB (UE) 45*8kB (UME) 41*16kB (UME) 102*32kB (UME) 32*64kB (UME) 5*128kB (UME) 4*256kB (UME) 4*512kB (ME) 3*1024kB (UME) 1*2048kB (E) 949*4096kB (M) = 3903000kB
[  644.640839][T20168] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  644.640858][T20168] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  644.640875][T20168] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  644.640892][T20168] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  644.640907][T20168] 67262 total pagecache pages
[  644.640917][T20168] 0 pages in swap cache
[  644.640925][T20168] Free swap  = 124996kB
[  644.640934][T20168] Total swap = 124996kB
[  644.640944][T20168] 2097051 pages RAM
[  644.640953][T20168] 0 pages HighMem/MovableOnly
[  644.640961][T20168] 425688 pages reserved
[  644.640970][T20168] 0 pages cma reserved
[  644.753313][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.790194][    C1] vkms_vblank_simulate: vblank timer overrun
[  644.915407][    C1] vkms_vblank_simulate: vblank timer overrun
[  645.627537][T20201] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  645.692984][T20201] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  645.994758][T20208] random: crng reseeded on system resumption
[  646.138150][T20211] input: syz1 as /devices/virtual/input/input126
[  646.226442][T20208] Restarting kernel threads ...
[  646.246201][T20208] Done restarting kernel threads.
[  646.619831][T20220] [U] ^R
[  647.863680][T20249] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  648.143583][T20257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  648.735493][T20275] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  650.809672][T20313] Scaler: =================  START STATUS  =================
[  650.827637][T20313] Scaler: ==================  END STATUS  ==================
[  651.552806][T20336] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  652.223839][T20353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  652.309353][T20357] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  653.303472][T20378] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38415262, 8, 0, 0, 0)
[  653.692028][T20394] sp0: Synchronizing with TNC
[  654.233095][T20409] vivid-000: disconnect
[  654.629362][T20406] vivid-000: reconnect
[  655.254760][T20423] can0: slcan on ttyS3.
[  655.485406][T20433] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  655.966277][T20415] can0 (unregistered): slcan off ttyS3.
[  656.780637][T20471] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  656.843119][T20477] autofs4:pid:20477:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189374)
[  656.908071][T20477] autofs4:pid:20477:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[  660.613262][T20561] random: crng reseeded on system resumption
[  660.786189][ T5907] psmouse serio10: Failed to reset mouse on : -5
[  661.003240][T20567] input: syz0 as /devices/virtual/input/input129
[  661.234253][T20574] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  661.769167][T20587] CUSE: info not properly terminated
[  661.961153][T20592] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  662.928087][T20612] kernel profiling enabled (shift: 63)
[  662.933851][T20612] profiling shift: 63 too large
[  663.036505][T20613] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  663.063500][T20613] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  664.556123][ T5907] misc userio: Buffer overflowed, userio client isn't keeping up
[  664.971222][T20647] autofs4:pid:20647:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[  665.610686][ T5907] input: PS/2 Generic Mouse as /devices/serio10/input/input128
[  665.846213][ T5907] psmouse serio10: Failed to enable mouse on 
[  666.360371][T20672] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  666.540716][T20678] input: syz0 as /devices/virtual/input/input130
[  666.853951][T20681] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  667.184877][T20696] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  667.303289][T20698] loop8: detected capacity change from 0 to 7
[  667.313672][T16895] Dev loop8: unable to read RDB block 7
[  667.323734][T16895]  loop8: unable to read partition table
[  667.333032][T16895] loop8: partition table beyond EOD, truncated
[  667.351927][T20698] Dev loop8: unable to read RDB block 7
[  667.366440][T20698]  loop8: unable to read partition table
[  667.376759][T20698] loop8: partition table beyond EOD, truncated
[  667.383009][T20698] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  667.427601][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  668.078117][T20721] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  669.925775][T20751] sd 0:0:1:0: device reset
[  670.146589][T20760] binder: 20757:20760 ioctl c018620c 200000000140 returned -22
[  670.183117][T20758] sp0: Synchronizing with TNC
[  671.954938][T20802] CUSE: zero length info key specified
[  672.649311][T20818] binder: 20817:20818 ioctl 400c620e 2000000014c0 returned -22
[  672.793062][T20822] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  672.991689][T20833] sp0: Synchronizing with TNC
[  673.029401][T20832] [U] è
[  674.186878][T20858] usb usb8: usbfs: process 20858 (syz.2.3820) did not claim interface 0 before use
[  674.221473][T20857] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  674.536593][ T5844] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  674.536822][ T5845] Bluetooth: hci3: command 0x1003 tx timeout
[  674.807975][T20878] loop6: detected capacity change from 0 to 524288000
[  675.599321][T20908] rtc_cmos 00:00: Alarms can be up to one day in the future
[  675.820893][T20915] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  676.478682][T20900] rtc_cmos 00:00: Alarms can be up to one day in the future
[  676.816325][T20928] input: syz1 as /devices/virtual/input/input131
[  677.079886][ T5836] rtc_cmos 00:00: Alarms can be up to one day in the future
[  677.123754][ T5836] rtc_cmos 00:00: Alarms can be up to one day in the future
[  677.149577][ T5836] rtc_cmos 00:00: Alarms can be up to one day in the future
[  677.173004][ T5836] rtc_cmos 00:00: Alarms can be up to one day in the future
[  677.196121][ T5836] rtc rtc0: __rtc_set_alarm: err=-22
[  677.735910][T20953] syz.4.3845: attempt to access beyond end of device
[  677.735910][T20953] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  681.871345][T21081] binder: 21079:21081 ioctl 40046210 ffffffffffffffff returned -14
[  681.882325][T21080] binder: 21079:21080 unknown command 576
[  681.891661][T21080] binder: 21079:21080 ioctl c0306201 200000000480 returned -22
[  685.859454][T21200] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  685.973682][T21209] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.145037][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  686.169290][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  686.357311][T21222] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  686.389155][T21223] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  687.403886][T21260] input: syz0 as /devices/virtual/input/input133
[  687.986408][T21283] input: syz0 as /devices/virtual/input/input134
[  688.925959][T21316] [U] ^H
[  689.983905][   T30] audit: type=1400 audit(1750387897.736:19): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2221D01A0B978D2F2F262D2A83D1 pid=21348 comm="syz.5.3945"
[  690.297409][T21365] tap0: tun_chr_ioctl cmd 1074812118
[  690.299322][T21365] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  690.315348][T21362] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  690.721027][T21376] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  690.925555][T21382] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  696.276830][T21544] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  701.633824][T21711] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  702.388609][T21719] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  706.261125][T21840] serio: Serial port ttynull
[  706.355010][T21843] dlm: no locking on control device
[  707.276647][T21865] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  707.701346][T21887] vivid-000: =================  START STATUS  =================
[  707.715857][T21887] vivid-000: Radio HW Seek Mode: Bounded
[  707.722110][T21887] vivid-000: Radio Programmable HW Seek: false
[  707.733583][T21887] vivid-000: RDS Rx I/O Mode: Block I/O
[  707.739541][T21887] vivid-000: Generate RBDS Instead of RDS: false
[  707.746266][T21887] vivid-000: RDS Reception: false
[  707.751567][T21887] vivid-000: RDS Program Type: 0 inactive
[  707.758933][T21887] vivid-000: RDS PS Name:  inactive
[  707.764369][T21887] vivid-000: RDS Radio Text:  inactive
[  707.770222][T21887] vivid-000: RDS Traffic Announcement: false inactive
[  707.777241][T21887] vivid-000: RDS Traffic Program: false inactive
[  707.783819][T21887] vivid-000: RDS Music: false inactive
[  707.789671][T21887] vivid-000: ==================  END STATUS  ==================
[  709.231440][T21939] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  709.498725][T21943] CUSE: DEVNAME unspecified
[  709.927560][T21959] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  710.354489][T21970] binder: 21968:21970 ioctl c0306201 200000000480 returned -14
[  710.592267][T21980] blktrace: Concurrent blktraces are not allowed on sg0
[  710.695462][T21984] program syz.2.4127 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  710.837528][T21993] skbuff: bad partial csum: csum=65489/0 headroom=64 headlen=65491
[  711.897040][T22027] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  712.755153][T22057] ptm ptm27: ldisc open failed (-12), clearing slot 27
[  713.470947][T22086] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  714.702686][T22115] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  715.297282][T22136] FAULT_INJECTION: forcing a failure.
[  715.297282][T22136] name failslab, interval 1, probability 0, space 0, times 0
[  715.364346][T22136] CPU: 1 UID: 0 PID: 22136 Comm: syz.1.4168 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  715.364375][T22136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  715.364387][T22136] Call Trace:
[  715.364395][T22136]  <TASK>
[  715.364403][T22136]  dump_stack_lvl+0x189/0x250
[  715.364438][T22136]  ? __pfx____ratelimit+0x10/0x10
[  715.364471][T22136]  ? __pfx_dump_stack_lvl+0x10/0x10
[  715.364493][T22136]  ? __pfx__printk+0x10/0x10
[  715.364521][T22136]  ? __pfx___might_resched+0x10/0x10
[  715.364543][T22136]  ? fs_reclaim_acquire+0x7d/0x100
[  715.364577][T22136]  should_fail_ex+0x414/0x560
[  715.364609][T22136]  should_failslab+0xa8/0x100
[  715.364637][T22136]  __kmalloc_noprof+0xcb/0x4f0
[  715.364655][T22136]  ? kfree+0x4d/0x440
[  715.364670][T22136]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  715.364698][T22136]  tomoyo_realpath_from_path+0xe3/0x5d0
[  715.364721][T22136]  ? tomoyo_domain+0xd9/0x130
[  715.364748][T22136]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  715.364787][T22136]  tomoyo_path_number_perm+0x1e8/0x5a0
[  715.364817][T22136]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  715.364863][T22136]  ? __lock_acquire+0xab9/0xd20
[  715.364907][T22136]  ? __fget_files+0x2a/0x420
[  715.364939][T22136]  ? __fget_files+0x2a/0x420
[  715.364963][T22136]  ? __fget_files+0x3a0/0x420
[  715.364989][T22136]  ? __fget_files+0x2a/0x420
[  715.365019][T22136]  security_file_ioctl+0xcb/0x2d0
[  715.365063][T22136]  __se_sys_ioctl+0x47/0x170
[  715.365090][T22136]  do_syscall_64+0xfa/0x3b0
[  715.365108][T22136]  ? lockdep_hardirqs_on+0x9c/0x150
[  715.365135][T22136]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.365155][T22136]  ? clear_bhb_loop+0x60/0xb0
[  715.365178][T22136]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.365196][T22136] RIP: 0033:0x7f96c258e929
[  715.365212][T22136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  715.365228][T22136] RSP: 002b:00007f96c3395038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  715.365249][T22136] RAX: ffffffffffffffda RBX: 00007f96c27b5fa0 RCX: 00007f96c258e929
[  715.365263][T22136] RDX: 00002000000000c0 RSI: 00000000c034564b RDI: 0000000000000003
[  715.365274][T22136] RBP: 00007f96c3395090 R08: 0000000000000000 R09: 0000000000000000
[  715.365284][T22136] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  715.365295][T22136] R13: 0000000000000000 R14: 00007f96c27b5fa0 R15: 00007ffeb9426068
[  715.365325][T22136]  </TASK>
[  715.365333][T22136] ERROR: Out of memory at tomoyo_realpath_from_path.
[  715.795382][T22148] dlm: no locking on control device
[  715.837174][T22153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  715.933041][T22153] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  716.565386][T22178] FAULT_INJECTION: forcing a failure.
[  716.565386][T22178] name failslab, interval 1, probability 0, space 0, times 0
[  716.624399][T22178] CPU: 0 UID: 0 PID: 22178 Comm: syz.5.4179 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  716.624432][T22178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  716.624444][T22178] Call Trace:
[  716.624452][T22178]  <TASK>
[  716.624461][T22178]  dump_stack_lvl+0x189/0x250
[  716.624490][T22178]  ? __pfx____ratelimit+0x10/0x10
[  716.624521][T22178]  ? __pfx_dump_stack_lvl+0x10/0x10
[  716.624543][T22178]  ? __pfx__printk+0x10/0x10
[  716.624568][T22178]  ? __pfx___might_resched+0x10/0x10
[  716.624590][T22178]  ? fs_reclaim_acquire+0x7d/0x100
[  716.624621][T22178]  should_fail_ex+0x414/0x560
[  716.624652][T22178]  should_failslab+0xa8/0x100
[  716.624680][T22178]  __kmalloc_noprof+0xcb/0x4f0
[  716.624702][T22178]  ? tomoyo_encode+0x28b/0x550
[  716.624729][T22178]  tomoyo_encode+0x28b/0x550
[  716.624758][T22178]  tomoyo_realpath_from_path+0x58d/0x5d0
[  716.624794][T22178]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  716.624836][T22178]  tomoyo_path_number_perm+0x1e8/0x5a0
[  716.624866][T22178]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  716.624912][T22178]  ? __lock_acquire+0xab9/0xd20
[  716.624955][T22178]  ? __fget_files+0x2a/0x420
[  716.624985][T22178]  ? __fget_files+0x2a/0x420
[  716.625008][T22178]  ? __fget_files+0x3a0/0x420
[  716.625033][T22178]  ? __fget_files+0x2a/0x420
[  716.625065][T22178]  security_file_ioctl+0xcb/0x2d0
[  716.625095][T22178]  __se_sys_ioctl+0x47/0x170
[  716.625122][T22178]  do_syscall_64+0xfa/0x3b0
[  716.625140][T22178]  ? lockdep_hardirqs_on+0x9c/0x150
[  716.625168][T22178]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.625187][T22178]  ? clear_bhb_loop+0x60/0xb0
[  716.625211][T22178]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.625230][T22178] RIP: 0033:0x7f2bb818e929
[  716.625248][T22178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  716.625264][T22178] RSP: 002b:00007f2bb8f72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  716.625285][T22178] RAX: ffffffffffffffda RBX: 00007f2bb83b5fa0 RCX: 00007f2bb818e929
[  716.625300][T22178] RDX: 00002000000000c0 RSI: 00000000c034564b RDI: 0000000000000003
[  716.625312][T22178] RBP: 00007f2bb8f72090 R08: 0000000000000000 R09: 0000000000000000
[  716.625324][T22178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  716.625335][T22178] R13: 0000000000000000 R14: 00007f2bb83b5fa0 R15: 00007ffee25242d8
[  716.625367][T22178]  </TASK>
[  716.625390][T22178] ERROR: Out of memory at tomoyo_realpath_from_path.
[  716.752473][T22182] random: crng reseeded on system resumption
[  717.885949][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  717.925308][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  717.935180][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  717.968748][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  717.986889][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  718.035872][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  718.044451][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  718.054611][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  718.068140][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  718.076362][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  718.169330][T22210] loop8: detected capacity change from 0 to 7
[  718.181383][T16895] Dev loop8: unable to read RDB block 7
[  718.194992][T22199] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  718.202390][T16895]  loop8: unable to read partition table
[  718.210367][T16895] loop8: partition table beyond EOD, truncated
[  718.230076][T22199] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  718.245637][T22210] Dev loop8: unable to read RDB block 7
[  718.261795][T22210]  loop8: unable to read partition table
[  718.274337][T22210] loop8: partition table beyond EOD, truncated
[  718.281359][T22210] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[  718.741755][T18017] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  718.886364][T22233] FAULT_INJECTION: forcing a failure.
[  718.886364][T22233] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  718.928095][T22233] CPU: 0 UID: 0 PID: 22233 Comm: syz.4.4193 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  718.928125][T22233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  718.928135][T22233] Call Trace:
[  718.928143][T22233]  <TASK>
[  718.928151][T22233]  dump_stack_lvl+0x189/0x250
[  718.928180][T22233]  ? __pfx____ratelimit+0x10/0x10
[  718.928209][T22233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  718.928231][T22233]  ? __pfx__printk+0x10/0x10
[  718.928264][T22233]  should_fail_ex+0x414/0x560
[  718.928292][T22233]  _copy_to_user+0x31/0xb0
[  718.928333][T22233]  simple_read_from_buffer+0xe1/0x170
[  718.928434][T22233]  proc_fail_nth_read+0x1df/0x250
[  718.928482][T22233]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.928503][T22233]  ? rw_verify_area+0x258/0x650
[  718.928550][T22233]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  718.928569][T22233]  vfs_read+0x1fd/0x980
[  718.928598][T22233]  ? __pfx___mutex_lock+0x10/0x10
[  718.928645][T22233]  ? __pfx_vfs_read+0x10/0x10
[  718.928667][T22233]  ? __fget_files+0x2a/0x420
[  718.928697][T22233]  ? __fget_files+0x3a0/0x420
[  718.928723][T22233]  ? __fget_files+0x2a/0x420
[  718.928770][T22233]  ksys_read+0x145/0x250
[  718.928793][T22233]  ? __fget_files+0x3a0/0x420
[  718.928821][T22233]  ? __pfx_ksys_read+0x10/0x10
[  718.928852][T22233]  ? do_syscall_64+0xbe/0x3b0
[  718.928876][T22233]  do_syscall_64+0xfa/0x3b0
[  718.928893][T22233]  ? lockdep_hardirqs_on+0x9c/0x150
[  718.928921][T22233]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.928939][T22233]  ? clear_bhb_loop+0x60/0xb0
[  718.928963][T22233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  718.928981][T22233] RIP: 0033:0x7f8612b8d33c
[  718.928999][T22233] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  718.929015][T22233] RSP: 002b:00007f8613a8b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  718.929037][T22233] RAX: ffffffffffffffda RBX: 00007f8612db5fa0 RCX: 00007f8612b8d33c
[  718.929051][T22233] RDX: 000000000000000f RSI: 00007f8613a8b0a0 RDI: 0000000000000004
[  718.929063][T22233] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  718.929075][T22233] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  718.929086][T22233] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  718.929118][T22233]  </TASK>
[  719.241490][T18017] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  719.608493][T18017] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.171051][T18017] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  720.283524][T22261] FAULT_INJECTION: forcing a failure.
[  720.283524][T22261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  720.301865][T22261] CPU: 1 UID: 0 PID: 22261 Comm: syz.2.4201 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  720.301894][T22261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  720.301905][T22261] Call Trace:
[  720.301913][T22261]  <TASK>
[  720.301921][T22261]  dump_stack_lvl+0x189/0x250
[  720.301950][T22261]  ? __pfx____ratelimit+0x10/0x10
[  720.301981][T22261]  ? __pfx_dump_stack_lvl+0x10/0x10
[  720.302002][T22261]  ? __pfx__printk+0x10/0x10
[  720.302038][T22261]  should_fail_ex+0x414/0x560
[  720.302068][T22261]  _copy_to_user+0x31/0xb0
[  720.302091][T22261]  simple_read_from_buffer+0xe1/0x170
[  720.302122][T22261]  proc_fail_nth_read+0x1df/0x250
[  720.302144][T22261]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  720.302166][T22261]  ? rw_verify_area+0x258/0x650
[  720.302187][T22261]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  720.302206][T22261]  vfs_read+0x1fd/0x980
[  720.302237][T22261]  ? __pfx___mutex_lock+0x10/0x10
[  720.302257][T22261]  ? __pfx_vfs_read+0x10/0x10
[  720.302282][T22261]  ? __fget_files+0x2a/0x420
[  720.302314][T22261]  ? __fget_files+0x3a0/0x420
[  720.302339][T22261]  ? __fget_files+0x2a/0x420
[  720.302375][T22261]  ksys_read+0x145/0x250
[  720.302394][T22261]  ? __fget_files+0x3a0/0x420
[  720.302422][T22261]  ? __pfx_ksys_read+0x10/0x10
[  720.302451][T22261]  ? do_syscall_64+0xbe/0x3b0
[  720.302472][T22261]  do_syscall_64+0xfa/0x3b0
[  720.302489][T22261]  ? lockdep_hardirqs_on+0x9c/0x150
[  720.302514][T22261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.302532][T22261]  ? clear_bhb_loop+0x60/0xb0
[  720.302564][T22261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.302581][T22261] RIP: 0033:0x7fc708b8d33c
[  720.302599][T22261] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  720.302615][T22261] RSP: 002b:00007fc709a98030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  720.302635][T22261] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8d33c
[  720.302648][T22261] RDX: 000000000000000f RSI: 00007fc709a980a0 RDI: 0000000000000004
[  720.302660][T22261] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  720.302672][T22261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  720.302684][T22261] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  720.302716][T22261]  </TASK>
[  720.541096][    C1] vkms_vblank_simulate: vblank timer overrun
[  720.756973][T22195] chnl_net:caif_netlink_parms(): no params data found
[  721.347887][T18017] bridge_slave_1: left allmulticast mode
[  721.356109][T18017] bridge_slave_1: left promiscuous mode
[  721.361953][T18017] bridge0: port 2(bridge_slave_1) entered disabled state
[  721.497577][T18017] bridge_slave_0: left allmulticast mode
[  721.505440][T18017] bridge_slave_0: left promiscuous mode
[  721.516511][T18017] bridge0: port 1(bridge_slave_0) entered disabled state
[  721.593157][T22298] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  721.727300][T22307] FAULT_INJECTION: forcing a failure.
[  721.727300][T22307] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  721.741627][T22307] CPU: 1 UID: 0 PID: 22307 Comm: syz.4.4212 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  721.741657][T22307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  721.741669][T22307] Call Trace:
[  721.741677][T22307]  <TASK>
[  721.741685][T22307]  dump_stack_lvl+0x189/0x250
[  721.741713][T22307]  ? __pfx____ratelimit+0x10/0x10
[  721.741752][T22307]  ? __pfx_dump_stack_lvl+0x10/0x10
[  721.741773][T22307]  ? __pfx__printk+0x10/0x10
[  721.741808][T22307]  should_fail_ex+0x414/0x560
[  721.741839][T22307]  _copy_to_user+0x31/0xb0
[  721.741861][T22307]  simple_read_from_buffer+0xe1/0x170
[  721.741893][T22307]  proc_fail_nth_read+0x1df/0x250
[  721.741914][T22307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  721.741936][T22307]  ? rw_verify_area+0x258/0x650
[  721.741958][T22307]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  721.741979][T22307]  vfs_read+0x1fd/0x980
[  721.742009][T22307]  ? __pfx___mutex_lock+0x10/0x10
[  721.742029][T22307]  ? __pfx_vfs_read+0x10/0x10
[  721.742055][T22307]  ? __fget_files+0x2a/0x420
[  721.742085][T22307]  ? __fget_files+0x3a0/0x420
[  721.742109][T22307]  ? __fget_files+0x2a/0x420
[  721.742145][T22307]  ksys_read+0x145/0x250
[  721.742167][T22307]  ? __fget_files+0x3a0/0x420
[  721.742192][T22307]  ? __pfx_ksys_read+0x10/0x10
[  721.742220][T22307]  ? do_syscall_64+0xbe/0x3b0
[  721.742244][T22307]  do_syscall_64+0xfa/0x3b0
[  721.742260][T22307]  ? lockdep_hardirqs_on+0x9c/0x150
[  721.742288][T22307]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.742306][T22307]  ? clear_bhb_loop+0x60/0xb0
[  721.742330][T22307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  721.742348][T22307] RIP: 0033:0x7f8612b8d33c
[  721.742364][T22307] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  721.742380][T22307] RSP: 002b:00007f8613a8b030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  721.742401][T22307] RAX: ffffffffffffffda RBX: 00007f8612db5fa0 RCX: 00007f8612b8d33c
[  721.742415][T22307] RDX: 000000000000000f RSI: 00007f8613a8b0a0 RDI: 0000000000000004
[  721.742426][T22307] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  721.742436][T22307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  721.742445][T22307] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  721.742477][T22307]  </TASK>
[  721.980579][    C1] vkms_vblank_simulate: vblank timer overrun
[  722.274036][T22316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  723.916771][T18017] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  723.996743][T18017] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  724.041562][T18017] bond0 (unregistering): Released all slaves
[  724.101447][T22195] bridge0: port 1(bridge_slave_0) entered blocking state
[  724.108860][T22195] bridge0: port 1(bridge_slave_0) entered disabled state
[  724.116617][T22195] bridge_slave_0: entered allmulticast mode
[  724.124775][T22195] bridge_slave_0: entered promiscuous mode
[  724.133139][T22195] bridge0: port 2(bridge_slave_1) entered blocking state
[  724.140619][T22195] bridge0: port 2(bridge_slave_1) entered disabled state
[  724.158751][T22195] bridge_slave_1: entered allmulticast mode
[  724.166877][T22195] bridge_slave_1: entered promiscuous mode
[  724.383372][T22195] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  724.599025][T22195] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  725.272223][T22195] team0: Port device team_slave_0 added
[  725.451409][T22195] team0: Port device team_slave_1 added
[  725.938689][T18017] hsr_slave_0: left promiscuous mode
[  726.000485][T18017] hsr_slave_1: left promiscuous mode
[  726.009536][T18017] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  726.055974][T18017] batman_adv: batadv0: Removing interface: batadv_slave_0
[  726.094985][T22377] CUSE: zero length info key specified
[  726.110219][T18017] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  726.142190][T18017] batman_adv: batadv0: Removing interface: batadv_slave_1
[  726.294182][T18017] veth1_macvtap: left promiscuous mode
[  726.309884][T18017] veth0_macvtap: left promiscuous mode
[  726.330003][T18017] veth1_vlan: left promiscuous mode
[  726.354991][T18017] veth0_vlan: left promiscuous mode
[  726.478545][T22396] input: syz0 as /devices/virtual/input/input140
[  726.590657][T16895] udevd[16895]: setting mode of /dev/input/event4 to 020660 failed: No such file or directory
[  726.608363][T16895] udevd[16895]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  727.486660][T22426] random: crng reseeded on system resumption
[  729.377707][T18017] team0 (unregistering): Port device team_slave_1 removed
[  729.647935][T18017] team0 (unregistering): Port device team_slave_0 removed
[  732.049249][T22195] batman_adv: batadv0: Adding interface: batadv_slave_0
[  732.056409][T22195] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  732.083798][T22195] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  732.141036][T22195] batman_adv: batadv0: Adding interface: batadv_slave_1
[  732.160655][T22195] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  732.220113][T22195] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  732.894626][T22471] input: syz1 as /devices/virtual/input/input141
[  732.906483][T22195] hsr_slave_0: entered promiscuous mode
[  732.917533][T22195] hsr_slave_1: entered promiscuous mode
[  732.933078][T22195] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  732.956719][T22195] Cannot create hsr debugfs directory
[  733.875072][T22486] binder: 22485:22486 ioctl 40047211 200000000100 returned -22
[  733.946358][T22487] binder: 22485:22487 ioctl c06855c8 2000000006c0 returned -22
[  733.963535][T22490] binder: 22485:22490 ioctl c06855c8 2000000006c0 returned -22
[  734.374715][T22505] usb usb9: usbfs: process 22505 (syz.4.4262) did not claim interface 0 before use
[  734.511543][T22511] blktrace: Concurrent blktraces are not allowed on rnullb0
[  734.534929][T22513] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  734.818665][T22524] program syz.1.4267 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  734.833450][T22524] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  735.829514][T22195] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  735.890743][T22195] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  735.984783][T22195] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  736.066545][T22195] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  736.314723][T22673] FAULT_INJECTION: forcing a failure.
[  736.314723][T22673] name failslab, interval 1, probability 0, space 0, times 0
[  736.363306][T22673] CPU: 0 UID: 0 PID: 22673 Comm: syz.2.4278 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  736.363335][T22673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  736.363346][T22673] Call Trace:
[  736.363354][T22673]  <TASK>
[  736.363363][T22673]  dump_stack_lvl+0x189/0x250
[  736.363392][T22673]  ? __pfx____ratelimit+0x10/0x10
[  736.363431][T22673]  ? __pfx_dump_stack_lvl+0x10/0x10
[  736.363453][T22673]  ? __pfx__printk+0x10/0x10
[  736.363482][T22673]  ? __pfx___might_resched+0x10/0x10
[  736.363503][T22673]  ? fs_reclaim_acquire+0x7d/0x100
[  736.363535][T22673]  should_fail_ex+0x414/0x560
[  736.363566][T22673]  should_failslab+0xa8/0x100
[  736.363592][T22673]  __kmalloc_noprof+0xcb/0x4f0
[  736.363612][T22673]  ? kfree+0x4d/0x440
[  736.363629][T22673]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  736.363656][T22673]  tomoyo_realpath_from_path+0xe3/0x5d0
[  736.363679][T22673]  ? tomoyo_domain+0xd9/0x130
[  736.363707][T22673]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  736.363735][T22673]  tomoyo_path_number_perm+0x1e8/0x5a0
[  736.363767][T22673]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  736.363815][T22673]  ? __lock_acquire+0xab9/0xd20
[  736.363858][T22673]  ? __fget_files+0x2a/0x420
[  736.363887][T22673]  ? __fget_files+0x2a/0x420
[  736.363911][T22673]  ? __fget_files+0x3a0/0x420
[  736.363936][T22673]  ? __fget_files+0x2a/0x420
[  736.363969][T22673]  security_file_ioctl+0xcb/0x2d0
[  736.363999][T22673]  __se_sys_ioctl+0x47/0x170
[  736.364026][T22673]  do_syscall_64+0xfa/0x3b0
[  736.364043][T22673]  ? lockdep_hardirqs_on+0x9c/0x150
[  736.364072][T22673]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.364091][T22673]  ? clear_bhb_loop+0x60/0xb0
[  736.364115][T22673]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.364133][T22673] RIP: 0033:0x7fc708b8e929
[  736.364151][T22673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  736.364173][T22673] RSP: 002b:00007fc709a98038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  736.364194][T22673] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8e929
[  736.364208][T22673] RDX: 00002000000000c0 RSI: 00000000c034564b RDI: 0000000000000003
[  736.364220][T22673] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  736.364232][T22673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  736.364244][T22673] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  736.364275][T22673]  </TASK>
[  736.364425][T22673] ERROR: Out of memory at tomoyo_realpath_from_path.
[  736.405652][T22195] 8021q: adding VLAN 0 to HW filter on device bond0
[  736.769263][T22195] 8021q: adding VLAN 0 to HW filter on device team0
[  736.807982][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  736.815203][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  736.872259][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  736.879487][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  737.848754][T22718] FAULT_INJECTION: forcing a failure.
[  737.848754][T22718] name failslab, interval 1, probability 0, space 0, times 0
[  737.906700][T22718] CPU: 1 UID: 0 PID: 22718 Comm: syz.4.4287 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  737.906732][T22718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  737.906743][T22718] Call Trace:
[  737.906752][T22718]  <TASK>
[  737.906760][T22718]  dump_stack_lvl+0x189/0x250
[  737.906789][T22718]  ? __pfx____ratelimit+0x10/0x10
[  737.906820][T22718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  737.906842][T22718]  ? __pfx__printk+0x10/0x10
[  737.906868][T22718]  ? __pfx___might_resched+0x10/0x10
[  737.906890][T22718]  ? fs_reclaim_acquire+0x7d/0x100
[  737.906922][T22718]  should_fail_ex+0x414/0x560
[  737.906953][T22718]  should_failslab+0xa8/0x100
[  737.906978][T22718]  __kmalloc_noprof+0xcb/0x4f0
[  737.907000][T22718]  ? tomoyo_encode+0x28b/0x550
[  737.907026][T22718]  tomoyo_encode+0x28b/0x550
[  737.907054][T22718]  tomoyo_realpath_from_path+0x58d/0x5d0
[  737.907086][T22718]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  737.907113][T22718]  tomoyo_path_number_perm+0x1e8/0x5a0
[  737.907144][T22718]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  737.907193][T22718]  ? __lock_acquire+0xab9/0xd20
[  737.907236][T22718]  ? __fget_files+0x2a/0x420
[  737.907266][T22718]  ? __fget_files+0x2a/0x420
[  737.907292][T22718]  ? __fget_files+0x3a0/0x420
[  737.907317][T22718]  ? __fget_files+0x2a/0x420
[  737.907349][T22718]  security_file_ioctl+0xcb/0x2d0
[  737.907378][T22718]  __se_sys_ioctl+0x47/0x170
[  737.907404][T22718]  do_syscall_64+0xfa/0x3b0
[  737.907422][T22718]  ? lockdep_hardirqs_on+0x9c/0x150
[  737.907450][T22718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.907469][T22718]  ? clear_bhb_loop+0x60/0xb0
[  737.907492][T22718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.907511][T22718] RIP: 0033:0x7f8612b8e929
[  737.907528][T22718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  737.907544][T22718] RSP: 002b:00007f8613a8b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  737.907566][T22718] RAX: ffffffffffffffda RBX: 00007f8612db5fa0 RCX: 00007f8612b8e929
[  737.907580][T22718] RDX: 00002000000000c0 RSI: 00000000c034564b RDI: 0000000000000003
[  737.907592][T22718] RBP: 00007f8613a8b090 R08: 0000000000000000 R09: 0000000000000000
[  737.907604][T22718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  737.907614][T22718] R13: 0000000000000000 R14: 00007f8612db5fa0 R15: 00007ffcc086bf58
[  737.907657][T22718]  </TASK>
[  737.907679][T22718] ERROR: Out of memory at tomoyo_realpath_from_path.
[  738.204909][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  738.383992][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  738.406880][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  738.426456][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  738.436196][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  738.444989][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  738.520108][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  738.541993][ T5844] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  738.555067][ T5844] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  738.565929][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  738.602997][ T5844] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  738.610896][ T5844] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  738.960591][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  739.262332][T22195] 8021q: adding VLAN 0 to HW filter on device batadv0
[  739.460514][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  740.123458][T22765] sp0: Synchronizing with TNC
[  740.389758][   T13] bridge_slave_1: left allmulticast mode
[  740.395488][   T13] bridge_slave_1: left promiscuous mode
[  740.406831][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  740.540515][   T13] bridge_slave_0: left allmulticast mode
[  740.556066][   T13] bridge_slave_0: left promiscuous mode
[  740.561993][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  740.697766][ T5844] Bluetooth: hci3: command tx timeout
[  742.776435][ T5844] Bluetooth: hci3: command tx timeout
[  742.867881][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  742.988918][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  743.020794][   T13] bond0 (unregistering): Released all slaves
[  743.425434][T22823] FAULT_INJECTION: forcing a failure.
[  743.425434][T22823] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  743.439988][T22823] CPU: 1 UID: 0 PID: 22823 Comm: syz.2.4299 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  743.440017][T22823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  743.440029][T22823] Call Trace:
[  743.440036][T22823]  <TASK>
[  743.440045][T22823]  dump_stack_lvl+0x189/0x250
[  743.440072][T22823]  ? __pfx____ratelimit+0x10/0x10
[  743.440102][T22823]  ? __pfx_dump_stack_lvl+0x10/0x10
[  743.440123][T22823]  ? __pfx__printk+0x10/0x10
[  743.440158][T22823]  should_fail_ex+0x414/0x560
[  743.440188][T22823]  _copy_to_user+0x31/0xb0
[  743.440209][T22823]  simple_read_from_buffer+0xe1/0x170
[  743.440260][T22823]  proc_fail_nth_read+0x1df/0x250
[  743.440281][T22823]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  743.440303][T22823]  ? rw_verify_area+0x258/0x650
[  743.440325][T22823]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  743.440345][T22823]  vfs_read+0x1fd/0x980
[  743.440374][T22823]  ? __pfx___mutex_lock+0x10/0x10
[  743.440392][T22823]  ? __pfx_vfs_read+0x10/0x10
[  743.440416][T22823]  ? __fget_files+0x2a/0x420
[  743.440446][T22823]  ? __fget_files+0x3a0/0x420
[  743.440469][T22823]  ? __fget_files+0x2a/0x420
[  743.440501][T22823]  ksys_read+0x145/0x250
[  743.440521][T22823]  ? __fget_files+0x3a0/0x420
[  743.440548][T22823]  ? __pfx_ksys_read+0x10/0x10
[  743.440575][T22823]  ? do_syscall_64+0xbe/0x3b0
[  743.440592][T22823]  do_syscall_64+0xfa/0x3b0
[  743.440602][T22823]  ? lockdep_hardirqs_on+0x9c/0x150
[  743.440619][T22823]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.440639][T22823]  ? clear_bhb_loop+0x60/0xb0
[  743.440652][T22823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  743.440663][T22823] RIP: 0033:0x7fc708b8d33c
[  743.440675][T22823] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  743.440685][T22823] RSP: 002b:00007fc709a98030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  743.440699][T22823] RAX: ffffffffffffffda RBX: 00007fc708db5fa0 RCX: 00007fc708b8d33c
[  743.440707][T22823] RDX: 000000000000000f RSI: 00007fc709a980a0 RDI: 0000000000000004
[  743.440714][T22823] RBP: 00007fc709a98090 R08: 0000000000000000 R09: 0000000000000000
[  743.440721][T22823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  743.440728][T22823] R13: 0000000000000000 R14: 00007fc708db5fa0 R15: 00007fff1b5cd738
[  743.440745][T22823]  </TASK>
[  743.678549][    C1] vkms_vblank_simulate: vblank timer overrun
[  743.792981][T22726] chnl_net:caif_netlink_parms(): no params data found
[  744.281202][T22195] veth0_vlan: entered promiscuous mode
[  744.670633][T22726] bridge0: port 1(bridge_slave_0) entered blocking state
[  744.686318][T22726] bridge0: port 1(bridge_slave_0) entered disabled state
[  744.728888][T22726] bridge_slave_0: entered allmulticast mode
[  744.747845][T22726] bridge_slave_0: entered promiscuous mode
[  744.768566][T22726] bridge0: port 2(bridge_slave_1) entered blocking state
[  744.775957][T22726] bridge0: port 2(bridge_slave_1) entered disabled state
[  744.809084][T22726] bridge_slave_1: entered allmulticast mode
[  744.822440][T22726] bridge_slave_1: entered promiscuous mode
[  744.856702][ T5844] Bluetooth: hci3: command tx timeout
[  744.882421][T22195] veth1_vlan: entered promiscuous mode
[  745.086245][   T13] hsr_slave_0: left promiscuous mode
[  745.116259][   T13] hsr_slave_1: left promiscuous mode
[  745.122901][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  745.137571][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  745.187127][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  745.205088][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  745.291591][   T13] veth1_macvtap: left promiscuous mode
[  745.297538][   T13] veth0_macvtap: left promiscuous mode
[  745.303386][   T13] veth1_vlan: left promiscuous mode
[  745.310503][   T13] veth0_vlan: left promiscuous mode
[  746.936397][ T5844] Bluetooth: hci3: command tx timeout
[  747.589975][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  747.598002][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  747.818297][   T13] team0 (unregistering): Port device team_slave_1 removed
[  748.077625][   T13] team0 (unregistering): Port device team_slave_0 removed
[  751.029161][T22726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  751.257668][T22726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  751.597469][T22882] sp0: Synchronizing with TNC
[  751.621267][T22881] [U] è
[  751.702591][T22726] team0: Port device team_slave_0 added
[  751.719249][T22726] team0: Port device team_slave_1 added
[  751.901459][T22195] veth0_macvtap: entered promiscuous mode
[  752.134532][T22726] batman_adv: batadv0: Adding interface: batadv_slave_0
[  752.142887][T22726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  752.174613][T22726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  752.361735][T22195] veth1_macvtap: entered promiscuous mode
[  752.375756][T22726] batman_adv: batadv0: Adding interface: batadv_slave_1
[  752.401921][T22726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  752.433465][T22726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  752.580568][T22917] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  752.675198][T22195] batman_adv: batadv0: Interface activated: batadv_slave_0
[  752.888454][T22726] hsr_slave_0: entered promiscuous mode
[  752.895362][T22726] hsr_slave_1: entered promiscuous mode
[  752.930273][T22726] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  752.946142][T22726] Cannot create hsr debugfs directory
[  752.975367][T22195] batman_adv: batadv0: Interface activated: batadv_slave_1
[  753.172911][T22195] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  753.289340][T22195] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  753.307038][T22195] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  753.315816][T22195] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  754.595487][  T145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  754.614657][  T145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.142818][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  755.155975][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  755.234664][T22982] input: syz0 as /devices/virtual/input/input142
[  755.268518][T22983] QAT: Stopping all acceleration devices.
[  755.356249][T22984] vivid-000: =================  START STATUS  =================
[  755.387432][T22984] vivid-000: Enable Output Cropping: true
[  755.393273][T22984] vivid-000: Enable Output Composing: true
[  755.465975][T22984] vivid-000: Enable Output Scaler: true
[  755.491893][T22984] vivid-000: Tx RGB Quantization Range: Automatic
[  755.500559][T22984] vivid-000: Transmit Mode: HDMI
[  755.510156][T22984] vivid-000: Hotplug Present: 0x00000000
[  755.516529][T22984] vivid-000: RxSense Present: 0x00000000
[  755.562636][T22984] vivid-000: EDID Present: 0x00000000
[  755.577498][T22984] vivid-000: ==================  END STATUS  ==================
[  756.201600][T22986] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  756.219928][T22986] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  757.124649][T22726] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  757.211932][T22726] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  757.342428][T22726] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  757.588695][T22726] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  758.012354][T22726] 8021q: adding VLAN 0 to HW filter on device bond0
[  758.122630][T22726] 8021q: adding VLAN 0 to HW filter on device team0
[  758.183026][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  758.190401][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  758.248150][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  758.255481][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  758.979105][T22726] 8021q: adding VLAN 0 to HW filter on device batadv0
[  759.220916][T22726] veth0_vlan: entered promiscuous mode
[  759.275720][T22726] veth1_vlan: entered promiscuous mode
[  759.393075][T23099] tap0: tun_chr_ioctl cmd 1074025677
[  759.439155][T23099] tap0: linktype set to 776
[  759.479356][T22726] veth0_macvtap: entered promiscuous mode
[  759.525547][T22726] veth1_macvtap: entered promiscuous mode
[  759.639225][T22726] batman_adv: batadv0: Interface activated: batadv_slave_0
[  759.661854][T22726] batman_adv: batadv0: Interface activated: batadv_slave_1
[  759.693882][T22726] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  759.726191][T22726] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  759.745675][T22726] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  759.765174][T22726] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  760.157619][T23113] program syz.4.4348 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  760.392120][T23120] binder: 23117:23120 ioctl c018620b 9999999999999999 returned -14
[  760.575857][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.595780][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  760.611261][T23120] binder: 23117:23120 ioctl 127f 2000000000c0 returned -22
[  760.892019][T18017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  760.892072][T18017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  761.707973][T23157] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[  762.801794][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  762.829868][T23199] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  762.838035][T23198] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  763.851076][T23226] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  764.198068][T23237] input: syz1 as /devices/virtual/input/input145
[  764.602311][T23249] binder: 23248:23249 ioctl c018620c 200000000080 returned -22
[  764.627070][T23249] syz.1.4377: attempt to access beyond end of device
[  764.627070][T23249] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  764.857829][T23254] Bluetooth: hci4: command 0x1003 tx timeout
[  764.861354][ T5844] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  764.912021][T23258] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  765.446809][T23273] sp0: Synchronizing with TNC
[  765.731674][T23283] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  766.777519][ T5845] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  766.942830][T23298] program syz.4.4393 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  768.059998][T23340] random: crng reseeded on system resumption
[  768.924233][T23365] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  769.331150][T23366] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  770.120313][T23382] syz.4.4409: attempt to access beyond end of device
[  770.120313][T23382] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  770.205717][T23384] binder: 23383:23384 ioctl c0306201 0 returned -14
[  773.307960][T23480] kvm: kvm [23475]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253
[  774.087148][T23500] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  774.241470][T23505] QAT: Invalid ioctl -2146896623
[  774.254093][T23505] QAT: Invalid ioctl 1074328842
[  774.261755][T23505] QAT: Invalid ioctl -805268418
[  774.267853][T23505] QAT: Invalid ioctl -2114415556
[  774.454349][T23508] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  774.992999][T23534] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  776.112392][T23547] can0: slcan on ptm0.
[  776.826340][T23543] can0 (unregistered): slcan off ptm0.
[  777.317049][T23575] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  779.866691][T23648] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  780.123822][T23655] syz.1.4482: attempt to access beyond end of device
[  780.123822][T23655] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  780.195439][T23659] binder: 23657:23659 ioctl 40489426 0 returned -22
[  780.610615][T23670] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  781.118460][T23684] random: crng reseeded on system resumption
[  781.156857][T23682] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  781.582529][T23697] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  781.782072][T23706] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  782.930308][T23726] support for the xor transformation has been removed.
[  783.343762][T23734] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  783.549453][T23743] input: syz1 as /devices/virtual/input/input146
[  784.495384][T23765] vivid-000: =================  START STATUS  =================
[  784.503665][T23765] vivid-000: Enable Output Cropping: true
[  784.522871][T23765] vivid-000: Enable Output Composing: true
[  784.529010][T23765] vivid-000: Enable Output Scaler: true
[  784.534908][T23765] vivid-000: Tx RGB Quantization Range: Automatic
[  784.545058][T23765] vivid-000: Transmit Mode: HDMI
[  784.551143][T23765] vivid-000: Hotplug Present: 0x00000000
[  784.559780][T23765] vivid-000: RxSense Present: 0x00000000
[  784.565583][T23765] vivid-000: EDID Present: 0x00000000
[  784.575840][T23765] vivid-000: ==================  END STATUS  ==================
[  784.626507][T23768] binder: 23767:23768 ioctl c018620b 200000000100 returned -14
[  785.518399][T23793] mkiss: ax0: crc mode is auto.
[  785.633814][T23796] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  786.015278][T23805] binder: 23797:23805 ioctl 40046205 0 returned -22
[  786.152493][T23807] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  786.216279][T23805] binder: 23797:23805 ioctl c0306201 0 returned -14
[  786.255795][T23802] binder: 23797:23802 ioctl c0306201 0 returned -14
[  787.632302][   T36] Bluetooth: hci5: Frame reassembly failed (-84)
[  787.639502][T23254] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  788.696467][T23254] Bluetooth: hci4: command 0x1003 tx timeout
[  788.696574][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  788.811935][T23872] CUSE: info not properly terminated
[  789.656486][ T5844] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  789.942173][T23894] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  789.994403][T23894] loop8: detected capacity change from 0 to 7
[  790.004596][T23894] Dev loop8: unable to read RDB block 7
[  790.011080][T23894]  loop8: unable to read partition table
[  790.019525][T23894] loop8: partition table beyond EOD, truncated
[  790.025780][T23894] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  790.559614][T23918] input: syz0 as /devices/virtual/input/input148
[  791.353802][T23944] sd 0:0:1:0: device reset
[  792.284554][T23988] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  792.315553][T23993] program syz.5.4581 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  792.370668][T23994] program syz.5.4581 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  792.387387][T23994] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  792.398760][T23994] loop6: detected capacity change from 0 to 63
[  792.405877][T23994] buffer_io_error: 27 callbacks suppressed
[  792.405896][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.445338][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.456409][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.464844][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.472531][T23996] binder: 23995:23996 ioctl c018620c 2000000015c0 returned -1
[  792.478225][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.481110][T23996] binder: 23995:23996 ioctl c080661a 200000001900 returned -22
[  792.488876][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.524884][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.547175][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.645748][T23994] ldm_validate_partition_table(): Disk read failed.
[  792.689013][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.718211][T23994] Buffer I/O error on dev loop6, logical block 0, async page read
[  792.740995][T23994] Dev loop6: unable to read RDB block 0
[  792.756691][T23994]  loop6: unable to read partition table
[  792.762807][T23994] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  793.078089][T24023] mkiss: ax0: crc mode is auto.
[  793.120092][T24014] syz.2.4588: attempt to access beyond end of device
[  793.120092][T24014] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  793.394065][T24026] can0: slcan on ptm0.
[  793.497746][T24025] can0 (unregistered): slcan off ptm0.
[  793.710031][T24036] input: syz0 as /devices/virtual/input/input149
[  793.817782][T24038] binder: 24037:24038 ioctl c0306201 0 returned -14
[  794.564110][T24065] support for the xor transformation has been removed.
[  795.529115][T24085] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  795.643116][ T5844] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  795.656770][ T5844] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  795.675940][ T5844] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  795.706562][ T5844] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  795.717260][ T5844] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  795.763275][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  795.782628][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  795.791611][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  795.810100][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  795.825407][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  795.973282][T24096] binder_alloc: binder_alloc_mmap_handler: 24095 200000735000-200000736000 already mapped failed -16
[  796.420014][   T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  796.942457][T24117] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  796.998338][   T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.227930][   T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.461939][   T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  797.679493][T24116] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  797.699405][T24087] chnl_net:caif_netlink_parms(): no params data found
[  797.707035][T24116] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  797.719058][T24141] loop6: detected capacity change from 0 to 4
[  797.745512][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  797.755146][    C1] buffer_io_error: 11 callbacks suppressed
[  797.755162][    C1] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  798.412205][T24087] bridge0: port 1(bridge_slave_0) entered blocking state
[  798.439849][T24087] bridge0: port 1(bridge_slave_0) entered disabled state
[  798.460659][T24087] bridge_slave_0: entered allmulticast mode
[  798.487938][T24087] bridge_slave_0: entered promiscuous mode
[  798.518576][   T36] bridge_slave_1: left allmulticast mode
[  798.538913][   T36] bridge_slave_1: left promiscuous mode
[  798.550704][   T36] bridge0: port 2(bridge_slave_1) entered disabled state
[  798.642478][   T36] bridge_slave_0: left allmulticast mode
[  798.656168][   T36] bridge_slave_0: left promiscuous mode
[  798.662044][   T36] bridge0: port 1(bridge_slave_0) entered disabled state
[  799.116173][T24180] input: syz0 as /devices/virtual/input/input153
[  800.966811][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  801.047042][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  801.088281][   T36] bond0 (unregistering): Released all slaves
[  801.156486][T24087] bridge0: port 2(bridge_slave_1) entered blocking state
[  801.163701][T24087] bridge0: port 2(bridge_slave_1) entered disabled state
[  801.171757][T24087] bridge_slave_1: entered allmulticast mode
[  801.180206][T24087] bridge_slave_1: entered promiscuous mode
[  801.572749][T24212] block device autoloading is deprecated and will be removed.
[  801.607477][T24214] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  801.805472][T24087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  801.845109][T24087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  801.975276][T24220] syz.5.4641: attempt to access beyond end of device
[  801.975276][T24220] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  802.070704][T24230] input: syz1 as /devices/virtual/input/input154
[  802.408494][T24242] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  802.645786][T24087] team0: Port device team_slave_0 added
[  802.681587][T24087] team0: Port device team_slave_1 added
[  802.866446][   T36] hsr_slave_0: left promiscuous mode
[  802.917686][   T36] hsr_slave_1: left promiscuous mode
[  802.924574][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  802.936433][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[  803.014473][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  803.030155][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[  803.102521][T24269] vivid-001: =================  START STATUS  =================
[  803.110979][T24269] vivid-001: Radio HW Seek Mode: Bounded
[  803.113472][   T36] veth1_macvtap: left promiscuous mode
[  803.117049][T24269] vivid-001: Radio Programmable HW Seek: false
[  803.130172][T24269] vivid-001: RDS Rx I/O Mode: Block I/O
[  803.130396][   T36] veth0_macvtap: left promiscuous mode
[  803.136371][T24269] vivid-001: Generate RBDS Instead of RDS: false
[  803.144013][   T36] veth1_vlan: left promiscuous mode
[  803.150240][T24269] vivid-001: RDS Reception: 
[  803.154513][   T36] veth0_vlan: left promiscuous mode
[  803.157505][T24269] true
[  803.167422][T24269] vivid-001: RDS Program Type: 0 inactive
[  803.173428][T24269] vivid-001: RDS PS Name:  inactive
[  803.178992][T24269] vivid-001: RDS Radio Text:  inactive
[  803.184694][T24269] vivid-001: RDS Traffic Announcement: false inactive
[  803.192017][T24269] vivid-001: RDS Traffic Program: false inactive
[  803.198673][T24269] vivid-001: RDS Music: false inactive
[  803.205526][T24269] vivid-001: ==================  END STATUS  ==================
[  803.306768][T24274] input: syz0 as /devices/virtual/input/input155
[  803.361336][T24274] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  804.195408][T24290] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  805.727273][   T36] team0 (unregistering): Port device team_slave_1 removed
[  805.968638][   T36] team0 (unregistering): Port device team_slave_0 removed
[  808.760886][T24087] batman_adv: batadv0: Adding interface: batadv_slave_0
[  808.768320][T24087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  808.794844][T24087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  808.988580][T24087] batman_adv: batadv0: Adding interface: batadv_slave_1
[  808.995807][T24087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  809.048768][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  809.055164][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  809.082564][T24087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  809.295462][T24087] hsr_slave_0: entered promiscuous mode
[  809.308992][T24087] hsr_slave_1: entered promiscuous mode
[  809.334823][T24087] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  809.350314][T24087] Cannot create hsr debugfs directory
[  810.139818][T24372] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  810.442011][T24392] CUSE: info not properly terminated
[  810.925375][T24411] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  811.910796][T24444] binder: 24442:24444 ioctl c018620c 200000000140 returned -1
[  812.215029][T24087] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  812.281897][T24087] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  812.341697][T24087] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  812.413278][T24087] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  812.744285][T24087] 8021q: adding VLAN 0 to HW filter on device bond0
[  812.798438][T24087] 8021q: adding VLAN 0 to HW filter on device team0
[  812.821868][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  812.829127][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  812.889855][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  812.897067][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.072163][T24489] usb usb8: usbfs: process 24489 (syz.5.4699) did not claim interface 0 before use
[  813.161199][T24489] blktrace: Concurrent blktraces are not allowed on nullb0
[  813.652468][T24087] 8021q: adding VLAN 0 to HW filter on device batadv0
[  814.539729][T24087] veth0_vlan: entered promiscuous mode
[  814.561179][T24087] veth1_vlan: entered promiscuous mode
[  814.682755][T24087] veth0_macvtap: entered promiscuous mode
[  814.740134][T24087] veth1_macvtap: entered promiscuous mode
[  814.793607][T24087] batman_adv: batadv0: Interface activated: batadv_slave_0
[  814.816389][T24087] batman_adv: batadv0: Interface activated: batadv_slave_1
[  814.878240][T24087] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  814.899395][T24087] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  814.924643][T24087] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  814.947020][T24087] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  814.975738][T24553] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  815.459339][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.484672][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  815.744601][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  815.796532][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  816.189333][   T30] audit: type=1400 audit(1750388024.046:20): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=5D9625292F2F2E212D pid=24566 comm="syz.5.4714"
[  816.209901][    C0] vkms_vblank_simulate: vblank timer overrun
[  817.350273][T24635] input: syz1 as /devices/virtual/input/input157
[  817.386105][T24635] input: failed to attach handler leds to device input157, error: -6
[  818.117078][T24665] CUSE: info not properly terminated
[  818.410033][T24667] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  818.735682][T24683] ubi: mtd0 is already attached to ubi31
[  819.061278][T24696] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  819.628765][   T30] audit: type=1400 audit(1750388027.496:21): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=24709 comm="syz.4.4743"
[  870.470917][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  870.477402][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  931.902526][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  931.909169][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  962.616970][   T31] INFO: task kworker/1:2:24178 blocked for more than 143 seconds.
[  962.624860][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  962.632723][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  962.641587][   T31] task:kworker/1:2     state:D stack:25032 pid:24178 tgid:24178 ppid:2      task_flags:0x4208060 flags:0x00004000
[  962.653929][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  962.660942][   T31] Call Trace:
[  962.664240][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  962.667279][   T31]  __schedule+0x16f5/0x4d00
[  962.671893][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  962.677417][   T31]  ? schedule+0x165/0x360
[  962.681892][   T31]  ? __pfx___schedule+0x10/0x10
[  962.686869][   T31]  ? schedule+0x91/0x360
[  962.691615][   T31]  schedule+0x165/0x360
[  962.695830][   T31]  schedule_preempt_disabled+0x13/0x30
[  962.725964][   T31]  __mutex_lock+0x724/0xe80
[  962.730594][   T31]  ? look_up_lock_class+0x74/0x170
[  962.735764][   T31]  ? __mutex_lock+0x51b/0xe80
[  962.772431][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  962.778891][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  962.784043][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  962.789832][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  962.795583][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  962.801733][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  962.807888][   T31]  process_scheduled_works+0xae1/0x17b0
[  962.813560][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  962.819657][   T31]  worker_thread+0x8a0/0xda0
[  962.824303][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  962.830721][   T31]  ? __kthread_parkme+0x7b/0x200
[  962.835759][   T31]  kthread+0x70e/0x8a0
[  962.839969][   T31]  ? __pfx_worker_thread+0x10/0x10
[  962.845122][   T31]  ? __pfx_kthread+0x10/0x10
[  962.849998][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  962.855242][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  962.860889][   T31]  ? __pfx_kthread+0x10/0x10
[  962.865558][   T31]  ret_from_fork+0x3f9/0x770
[  962.870757][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  962.876219][   T31]  ? __switch_to_asm+0x39/0x70
[  962.881059][   T31]  ? __switch_to_asm+0x33/0x70
[  962.885879][   T31]  ? __pfx_kthread+0x10/0x10
[  962.890598][   T31]  ret_from_fork_asm+0x1a/0x30
[  962.895472][   T31]  </TASK>
[  962.898713][   T31] INFO: task syz.1.4729:24659 blocked for more than 143 seconds.
[  962.906667][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  962.914409][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  962.923147][   T31] task:syz.1.4729      state:D stack:24376 pid:24659 tgid:24658 ppid:22726  task_flags:0x400040 flags:0x00004006
[  962.935267][   T31] Call Trace:
[  962.938746][   T31]  <TASK>
[  962.941730][   T31]  __schedule+0x16f5/0x4d00
[  962.946334][   T31]  ? __lock_acquire+0xab9/0xd20
[  962.951237][   T31]  ? schedule+0x165/0x360
[  962.955660][   T31]  ? __pfx___schedule+0x10/0x10
[  962.960624][   T31]  ? schedule+0x91/0x360
[  962.964986][   T31]  schedule+0x165/0x360
[  962.969262][   T31]  schedule_preempt_disabled+0x13/0x30
[  962.974797][   T31]  __mutex_lock+0x724/0xe80
[  962.979680][   T31]  ? kobject_put+0x43f/0x480
[  962.984481][   T31]  ? __mutex_lock+0x51b/0xe80
[  962.989254][   T31]  ? rfkill_unregister+0xc8/0x220
[  962.994437][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  962.999788][   T31]  ? __pfx_device_del+0x10/0x10
[  963.004745][   T31]  rfkill_unregister+0xc8/0x220
[  963.010060][   T31]  nfc_unregister_device+0x96/0x2a0
[  963.015584][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  963.021543][   T31]  virtual_ncidev_close+0x56/0x90
[  963.026658][   T31]  __fput+0x44c/0xa70
[  963.030678][   T31]  task_work_run+0x1d1/0x260
[  963.035272][   T31]  ? __pfx_task_work_run+0x10/0x10
[  963.040573][   T31]  get_signal+0x11ed/0x1340
[  963.045124][   T31]  ? task_work_add+0x377/0x420
[  963.049978][   T31]  ? __pfx_vfs_read+0x10/0x10
[  963.054696][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  963.060400][   T31]  ? __pfx___fput_deferred+0x10/0x10
[  963.065742][   T31]  ? __fget_files+0x2a/0x420
[  963.070435][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  963.076730][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  963.082391][   T31]  exit_to_user_mode_loop+0x75/0x110
[  963.087973][   T31]  do_syscall_64+0x2bd/0x3b0
[  963.092601][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  963.098303][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.104405][   T31]  ? clear_bhb_loop+0x60/0xb0
[  963.109454][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.115393][   T31] RIP: 0033:0x7fa731d8e929
[  963.120010][   T31] RSP: 002b:00007fa732c65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  963.128557][   T31] RAX: fffffffffffffff2 RBX: 00007fa731fb5fa0 RCX: 00007fa731d8e929
[  963.136674][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006
[  963.144851][   T31] RBP: 00007fa731e10b39 R08: 0000000000000000 R09: 0000000000000000
[  963.152919][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  963.160973][   T31] R13: 0000000000000000 R14: 00007fa731fb5fa0 R15: 00007ffe8e684338
[  963.169041][   T31]  </TASK>
[  963.172091][   T31] INFO: task syz.5.4734:24679 blocked for more than 143 seconds.
[  963.180005][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  963.187829][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  963.196804][   T31] task:syz.5.4734      state:D stack:25928 pid:24679 tgid:24676 ppid:22195  task_flags:0x400040 flags:0x00004004
[  963.208808][   T31] Call Trace:
[  963.212088][   T31]  <TASK>
[  963.215036][   T31]  __schedule+0x16f5/0x4d00
[  963.219649][   T31]  ? __lock_acquire+0xab9/0xd20
[  963.224625][   T31]  ? schedule+0x165/0x360
[  963.229120][   T31]  ? __pfx___schedule+0x10/0x10
[  963.234020][   T31]  ? schedule+0x91/0x360
[  963.238455][   T31]  schedule+0x165/0x360
[  963.242655][   T31]  schedule_preempt_disabled+0x13/0x30
[  963.248227][   T31]  __mutex_lock+0x724/0xe80
[  963.252783][   T31]  ? __lock_acquire+0xab9/0xd20
[  963.258146][   T31]  ? __mutex_lock+0x51b/0xe80
[  963.262869][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  963.268328][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  963.273484][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  963.278808][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  963.284757][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  963.291187][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  963.297063][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  963.302250][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  963.308303][   T31]  rfkill_set_block+0x1cf/0x440
[  963.313257][   T31]  rfkill_fop_write+0x44b/0x570
[  963.318315][   T31]  ? common_file_perm+0x199/0x200
[  963.323436][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  963.329067][   T31]  ? security_kernfs_init_security+0x250/0x290
[  963.335398][   T31]  ? rw_verify_area+0x258/0x650
[  963.340744][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  963.346252][   T31]  vfs_write+0x27b/0xa90
[  963.350576][   T31]  ? __pfx_vfs_write+0x10/0x10
[  963.355462][   T31]  ? __fget_files+0x2a/0x420
[  963.360165][   T31]  ? __fget_files+0x2a/0x420
[  963.364789][   T31]  ? __fget_files+0x3a0/0x420
[  963.369623][   T31]  ? __fget_files+0x2a/0x420
[  963.374249][   T31]  ksys_write+0x145/0x250
[  963.378700][   T31]  ? __pfx_ksys_write+0x10/0x10
[  963.383623][   T31]  ? rcu_is_watching+0x15/0xb0
[  963.388480][   T31]  ? do_syscall_64+0xbe/0x3b0
[  963.393264][   T31]  do_syscall_64+0xfa/0x3b0
[  963.398012][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  963.403249][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.409380][   T31]  ? clear_bhb_loop+0x60/0xb0
[  963.414182][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  963.423891][   T31] RIP: 0033:0x7f4d19d8e929
[  963.428751][   T31] RSP: 002b:00007f4d1abfc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  963.437479][   T31] RAX: ffffffffffffffda RBX: 00007f4d19fb6080 RCX: 00007f4d19d8e929
[  963.445478][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 000000000000000b
[  963.453691][   T31] RBP: 00007f4d19e10b39 R08: 0000000000000000 R09: 0000000000000000
[  963.461725][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  963.469758][   T31] R13: 0000000000000000 R14: 00007f4d19fb6080 R15: 00007ffcecacdd58
[  963.477834][   T31]  </TASK>
[  963.480904][   T31] 
[  963.480904][   T31] Showing all locks held in the system:
[  963.491814][   T31] 1 lock held by khungtaskd/31:
[  963.496791][   T31]  #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  963.506795][   T31] 2 locks held by getty/5597:
[  963.511500][   T31]  #0: ffff8880312b10a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  963.521842][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  963.532166][   T31] 3 locks held by kworker/1:2/24178:
[  963.537638][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  963.549269][   T31]  #1: ffffc9000c20fbc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  963.563139][   T31]  #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  963.574573][   T31] 2 locks held by syz.1.4729/24659:
[  963.580009][   T31]  #0: ffff88807f8c5100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  963.590034][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  963.600198][   T31] 2 locks held by syz.5.4734/24679:
[  963.605412][   T31]  #0: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  963.615830][   T31]  #1: ffff88807f8c5100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  963.625820][   T31] 2 locks held by syz.2.4745/24719:
[  963.631142][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.639881][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  963.650437][   T31] 1 lock held by syz.4.4747/24723:
[  963.655584][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.664518][   T31] 1 lock held by syz-executor/24732:
[  963.670505][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.679223][   T31] 1 lock held by syz-executor/24735:
[  963.684540][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.693345][   T31] 1 lock held by syz-executor/24739:
[  963.698707][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.707274][   T31] 1 lock held by syz-executor/24740:
[  963.712572][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.721281][   T31] 1 lock held by syz-executor/24750:
[  963.726833][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.735310][   T31] 1 lock held by syz-executor/24752:
[  963.740834][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.751111][   T31] 1 lock held by syz-executor/24756:
[  963.757085][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.765633][   T31] 1 lock held by syz-executor/24757:
[  963.771332][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.780069][   T31] 1 lock held by syz-executor/24770:
[  963.785401][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.794023][   T31] 1 lock held by syz-executor/24772:
[  963.799415][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.808142][   T31] 1 lock held by syz-executor/24775:
[  963.813458][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.822126][   T31] 1 lock held by syz-executor/24776:
[  963.827572][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  963.836242][   T31] 
[  963.838694][   T31] =============================================
[  963.838694][   T31] 
[  963.848452][   T31] NMI backtrace for cpu 0
[  963.848468][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  963.848488][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  963.848497][   T31] Call Trace:
[  963.848505][   T31]  <TASK>
[  963.848513][   T31]  dump_stack_lvl+0x189/0x250
[  963.848538][   T31]  ? __wake_up_klogd+0xd9/0x110
[  963.848655][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  963.848674][   T31]  ? __pfx__printk+0x10/0x10
[  963.848708][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  963.848737][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  963.848759][   T31]  ? _printk+0xcf/0x120
[  963.848782][   T31]  ? __pfx__printk+0x10/0x10
[  963.848805][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  963.848837][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  963.848867][   T31]  watchdog+0xfee/0x1030
[  963.848889][   T31]  ? watchdog+0x1de/0x1030
[  963.848917][   T31]  kthread+0x70e/0x8a0
[  963.848944][   T31]  ? __pfx_watchdog+0x10/0x10
[  963.848961][   T31]  ? __pfx_kthread+0x10/0x10
[  963.848987][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  963.849014][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  963.849041][   T31]  ? __pfx_kthread+0x10/0x10
[  963.849068][   T31]  ret_from_fork+0x3f9/0x770
[  963.849092][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  963.849118][   T31]  ? __switch_to_asm+0x39/0x70
[  963.849141][   T31]  ? __switch_to_asm+0x33/0x70
[  963.849172][   T31]  ? __pfx_kthread+0x10/0x10
[  963.849200][   T31]  ret_from_fork_asm+0x1a/0x30
[  963.849237][   T31]  </TASK>
[  963.849244][   T31] Sending NMI from CPU 0 to CPUs 1:
[  964.008850][    C1] NMI backtrace for cpu 1
[  964.008869][    C1] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  964.008888][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  964.008897][    C1] Workqueue: bat_events batadv_nc_worker
[  964.008999][    C1] RIP: 0010:mark_lock+0x3c/0x190
[  964.009019][    C1] Code: 00 03 00 83 f9 01 bb 09 00 00 00 83 db 00 83 fa 08 0f 45 da bd 01 00 00 00 89 d9 d3 e5 25 ff 1f 00 00 48 0f a3 05 e4 51 29 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 30 f3 68 93 eb 48 83 3d 2b e1
[  964.009032][    C1] RSP: 0018:ffffc90000ac7808 EFLAGS: 00000007
[  964.009045][    C1] RAX: 0000000000000748 RBX: 0000000000000008 RCX: 0000000000000008
[  964.009055][    C1] RDX: 0000000000000008 RSI: ffff8881416b2940 RDI: ffff8881416b1e00
[  964.009066][    C1] RBP: 0000000000000100 R08: 0000000000000000 R09: ffffffff8b3b57d7
[  964.009075][    C1] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: 00000000ffffff05
[  964.009086][    C1] R13: 0000000000000003 R14: ffff8881416b2940 R15: 0000000000000000
[  964.009096][    C1] FS:  0000000000000000(0000) GS:ffff888125b1c000(0000) knlGS:0000000000000000
[  964.009108][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  964.009119][    C1] CR2: 00007fff887140a0 CR3: 000000000e138000 CR4: 00000000003526f0
[  964.009135][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000800
[  964.009144][    C1] DR3: 0000000100000001 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  964.009155][    C1] Call Trace:
[  964.009162][    C1]  <TASK>
[  964.009170][    C1]  __lock_acquire+0x6a8/0xd20
[  964.009188][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  964.009208][    C1]  lock_acquire+0x120/0x360
[  964.009223][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  964.009244][    C1]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  964.009263][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  964.009283][    C1]  _raw_spin_lock_bh+0x36/0x50
[  964.009304][    C1]  ? batadv_nc_purge_paths+0xe7/0x3b0
[  964.009323][    C1]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[  964.009344][    C1]  batadv_nc_purge_paths+0xe7/0x3b0
[  964.009368][    C1]  batadv_nc_worker+0x369/0x610
[  964.009387][    C1]  ? process_scheduled_works+0x9ef/0x17b0
[  964.009405][    C1]  process_scheduled_works+0xae1/0x17b0
[  964.009429][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  964.009458][    C1]  worker_thread+0x8a0/0xda0
[  964.009475][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  964.009498][    C1]  ? __kthread_parkme+0x7b/0x200
[  964.009518][    C1]  kthread+0x70e/0x8a0
[  964.009537][    C1]  ? __pfx_worker_thread+0x10/0x10
[  964.009553][    C1]  ? __pfx_kthread+0x10/0x10
[  964.009571][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  964.009590][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  964.009610][    C1]  ? __pfx_kthread+0x10/0x10
[  964.009629][    C1]  ret_from_fork+0x3f9/0x770
[  964.009646][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  964.009662][    C1]  ? __switch_to_asm+0x39/0x70
[  964.009679][    C1]  ? __switch_to_asm+0x33/0x70
[  964.009696][    C1]  ? __pfx_kthread+0x10/0x10
[  964.009714][    C1]  ret_from_fork_asm+0x1a/0x30
[  964.009738][    C1]  </TASK>
[  964.009899][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  964.322563][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  964.334572][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  964.345575][   T31] Call Trace:
[  964.348881][   T31]  <TASK>
[  964.351820][   T31]  dump_stack_lvl+0x99/0x250
[  964.357106][   T31]  ? __asan_memcpy+0x40/0x70
[  964.362013][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  964.367232][   T31]  ? __pfx__printk+0x10/0x10
[  964.371826][   T31]  panic+0x2db/0x790
[  964.375932][   T31]  ? __pfx_panic+0x10/0x10
[  964.380825][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  964.386834][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  964.392356][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  964.398723][   T31]  watchdog+0x102d/0x1030
[  964.403061][   T31]  ? watchdog+0x1de/0x1030
[  964.407571][   T31]  kthread+0x70e/0x8a0
[  964.411645][   T31]  ? __pfx_watchdog+0x10/0x10
[  964.416318][   T31]  ? __pfx_kthread+0x10/0x10
[  964.421173][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  964.426508][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  964.431837][   T31]  ? __pfx_kthread+0x10/0x10
[  964.436464][   T31]  ret_from_fork+0x3f9/0x770
[  964.441235][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  964.446378][   T31]  ? __switch_to_asm+0x39/0x70
[  964.451187][   T31]  ? __switch_to_asm+0x33/0x70
[  964.455961][   T31]  ? __pfx_kthread+0x10/0x10
[  964.460562][   T31]  ret_from_fork_asm+0x1a/0x30
[  964.465338][   T31]  </TASK>
[  964.468567][   T31] Kernel Offset: disabled
[  964.472896][   T31] Rebooting in 86400 seconds..