last executing test programs: 22.245512497s ago: executing program 3 (id=4): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x1a9a00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f0000000000)={0x80, 0x0, 0x7}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000180)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) read(r4, &(0x7f00000001c0)=""/36, 0x24) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000a, 0x11, r4, 0x633fb000) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r5, 0xae03, 0xc0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r3, 0x400455c8, 0x0) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000240), 0x80, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000280), 0x14440, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r6, 0xc0189375, &(0x7f0000000080)={{0x1, 0x1, 0x18, r1}, './file0/file0\x00'}) openat$cgroup_int(r7, &(0x7f0000000200)='cpuset.memory_spread_page\x00', 0x2, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000600)={0x0, 0x52, 0x1, [0x5, 0x7fffffff, 0x1, 0x7, 0xf9b], [0x8000000, 0x9, 0x6e, 0x2, 0x5, 0x7fff, 0x1, 0x7fff, 0x1, 0x8, 0x8, 0x10, 0x4, 0xb5d, 0x5, 0x9, 0x8000000000000000, 0x3, 0x0, 0x6, 0x0, 0x6, 0x6, 0x9, 0xff, 0x20, 0x4, 0x6, 0x1684, 0x9, 0x6, 0x400, 0xffff, 0xffff, 0x800, 0xd, 0x2, 0x357, 0x8000000000000001, 0x8, 0x6a, 0x5, 0x1, 0x41b, 0x4, 0x0, 0x1, 0x7, 0x15c, 0x617, 0x5, 0x8, 0x2, 0x3, 0x3ca, 0x100003, 0x5, 0x6, 0xae, 0xb9, 0xfffffffffffffffa, 0x3ff, 0x3, 0x9, 0x3, 0x7fff, 0x7fffffff, 0x640, 0xffffffffffffffff, 0x3, 0x4, 0x1, 0xd7, 0x1, 0xfffffffffffffffc, 0x7, 0x7ff, 0xa, 0x800, 0x22e2, 0x5, 0x3, 0x8, 0x5, 0x7, 0x8, 0x4, 0x9, 0x1000, 0x7, 0x24, 0x2, 0x7, 0x1ff, 0x8000000000000001, 0xfffffffffffffff7, 0x7, 0xffff, 0x7, 0x2, 0x6, 0xed, 0xffffffffffffff80, 0x8, 0x4, 0x1, 0x7, 0x7, 0x4, 0x6, 0x7, 0x5, 0x6, 0x0, 0xa, 0xffffffffffffffff, 0xdaa, 0x6, 0xd, 0xfffffffffffffffe, 0x40]}) ioctl$KDSIGACCEPT(r3, 0x800455ca, 0x2e) r8 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r8, 0xc0445624, &(0x7f00000005c0)) ioctl$VIDIOC_QUERYCAP(r8, 0x80685600, &(0x7f0000000100)) r9 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x503002) mmap$dsp(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x4, 0x4124010, r7, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f0000000340)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r11, 0x4010ae68, &(0x7f0000000040)={0xfffffffffffff001, 0x2000}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r9, 0xc02064b2, &(0x7f0000000300)={0x5, 0xfffffff9, 0x101}) 20.57168811s ago: executing program 0 (id=11): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0x4148, 0x0) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$radio(&(0x7f00000003c0), 0x2, 0x2) r5 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r5, 0x4008af00, &(0x7f0000000000)) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) ioctl$int_in(r6, 0x40000000af01, 0x0) ioctl$VHOST_SET_LOG_FD(r6, 0x4004af07, &(0x7f0000000340)) read(r4, &(0x7f0000001e80)=""/96, 0x60) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 19.87678618s ago: executing program 1 (id=20): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x141202, 0x0) write$vga_arbiter(r3, &(0x7f00000000c0)=@other={'lock', ' ', 'mem'}, 0x9) write$vga_arbiter(r3, &(0x7f00000006c0)=@other={'unlock', ' ', 'none'}, 0xc) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x61) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000) 19.81390898s ago: executing program 3 (id=21): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000100), 0x141042, 0x0) write$sequencer(r1, &(0x7f0000000f00)=[@t={0x81, 0x8}], 0x8) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r2, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 19.696381048s ago: executing program 1 (id=23): ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, &(0x7f0000000080)={0x0, 0x34324241, 0x0, @stepwise}) r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0285629, &(0x7f0000000080)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x101000) ioctl$CEC_TRANSMIT(r1, 0xc0386105, &(0x7f0000000040)={0xffffffff, 0xfff, 0x1, 0x6, 0xe20, 0x3ff, "69c0d555ac7a05000000000000000363", 0x8, 0xc6, 0x6, 0xd, 0x2, 0xf, 0x4}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) close(r2) preadv(r2, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) 19.632361229s ago: executing program 1 (id=24): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x7, 0x12, r0, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 19.255910439s ago: executing program 1 (id=25): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001640), 0x2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0x0) 19.161095666s ago: executing program 1 (id=27): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) splice(r0, 0x0, r0, &(0x7f0000000040)=0x6, 0x4, 0xe) ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e3880, 0x3c, "e34e00000000000000000000001000", 0x82, 0x4aa59754}) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r1, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r4 = syz_open_dev$usbmon(&(0x7f0000000040), 0x4, 0x60400) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000001280)) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000080)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r3, 0x5000943f, &(0x7f0000000280)={{r4}, r5, 0x1c, @unused=[0x3, 0x9, 0x3, 0x6], @devid}) ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f0000000000)=r5) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000) 19.09968359s ago: executing program 3 (id=28): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x581080, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040)) read$nci(0xffffffffffffffff, &(0x7f0000000080), 0x0) write$vga_arbiter(r0, &(0x7f00000000c0)=@target={'target ', {'PCI:', '1f', ':', '3', ':', '10', '.', '19'}}, 0x16) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x6, 0x0, [{0x266, 0x0, 0x80000001}, {0xa9e, 0x0, 0x1}, {0x3b8, 0x0, 0x8}, {0x3bc, 0x0, 0x5}, {0x3f5, 0x0, 0x3ff}, {0x64e}]}) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000180)={0x19, 0x0, 0x9}) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x3}) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r0, 0x4068aea3, &(0x7f0000000200)={0xc5, 0x0, r2}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000340)={0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9, &(0x7f0000000280)="5c1e9f4df952b6216fc1c3691c75bf8d8a7ee4047f066b295d9ed73e438b51c35eef660553115bb3c43576f6c0e876cc7e6e29deb21d6cbeb6b9c9343db29bc328648e10bbb76c3c378a9f2a9525207cb3f3411bdc42d1c75550348cbabfff91c9e023a7a69f59a3801094bafa47d68f8dfb9e6cad49a39c5e242106c6c5a8381dd9acf1931edbf8b9838f4ae273c7a4efb470788951afeca723c850cc408fd7f8fc3aeddce3d8fb127caa722a086375353b33156b5bc439c9"}) ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000380)={0x8, r3}) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f00000003c0)={0x3000000000000000, 0x10000, 0x0, 0x5, 0xe}) write$vga_arbiter(r0, &(0x7f0000000400), 0xf) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000000440)=""/74) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, 0x0, 0x0, 0x0}) ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000540)={0x8, r4}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000580)={[{0x9, 0x8000, 0xe, 0x0, 0x81, 0x8, 0x40, 0x8, 0x5, 0x3, 0x5, 0x2, 0x2}, {0xc4a, 0x3, 0x5d, 0x9, 0x3, 0x6f, 0x8, 0x0, 0x81, 0xa1, 0x7, 0xd, 0x2}, {0x2, 0x39, 0x9b, 0x0, 0xb5, 0x2, 0x9, 0xb6, 0xe, 0xb, 0xf, 0x5, 0x9}], 0xe}) write$vga_arbiter(r0, &(0x7f0000000600), 0xf) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r0, 0xf505, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000640)={{0x1, 0x1, 0x18, r1, {0x8, 0xffffffff}}, './file0\x00'}) close(r5) close(r0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) write$nci(r6, &(0x7f00000006c0)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x0, 0x4, "c73f2dbc"}}, 0x9) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000009, 0x4000010, r1, 0x3ba3b000) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000700)) 19.056405879s ago: executing program 1 (id=29): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc0405519, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 17.989534186s ago: executing program 2 (id=30): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x5c, 0x5, 0x46}) (async) ioctl$vim2m_VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000080)={0x8, @vbi}) (async) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x640003, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0x1b) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 17.435973254s ago: executing program 0 (id=31): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x300000f, 0x20000000cc071, 0xffffffffffffffff, 0x1000000000040000) 17.122559695s ago: executing program 2 (id=32): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000789000/0x1000)=nil, 0x1000, 0x5, 0x110, r0, 0x67f9b000) r1 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x5, 0x2}) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"]) r2 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x100080) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0xd, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45ff8ffffff7d3d458dd4992861ac000000000000000000000000000000000400", "90be8b1c551265406c7f306003d8a0f4bd00", [0x1000000]}}) r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102) r8 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r8, 0x40045532, &(0x7f0000000100)) r9 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r9, 0x80045017, 0x0) r10 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r10, 0x80184153, 0x0) ioctl$USBDEVFS_CONNECTINFO(r7, 0x40085511, &(0x7f00000001c0)) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x10002, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000001c0)={[0xf8a, 0x6, 0x0, 0x0, 0x10003, 0x0, 0x400200cc4, 0xffe, 0x800000000004, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r11 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r11, 0xc2604110, &(0x7f0000000b40)={0x0, [[0x9ef8, 0x0, 0x0, 0x0, 0x5d11], [0x10000, 0x0, 0x0, 0x0, 0x3a3], [0x7]], '\x00', [{}, {0x3, 0x8}, {0x1, 0x8000}, {0x0, 0x80000000}, {0x3, 0x0, 0x0, 0x1, 0x1}, {0x18, 0x405f}, {}, {0x0, 0x6}, {0x0, 0x81}, {0x0, 0xfffffffe}, {0x0, 0xbcf}, {0x0, 0x2}], '\x00', 0x1000}) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000) 16.70978849s ago: executing program 0 (id=33): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2200, 0x0) ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f0000000080)) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = syz_open_dev$video(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_G_FMT(r2, 0xc0d05605, &(0x7f0000000600)={0x7, @sdr}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close(r1) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETOWNER(r3, 0x400454cc, 0xffffffffffffffff) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) write$proc_mixer(r0, &(0x7f00000000c0)=[{'DIGITAL1', @void}, {'DIGITAL2', @void}, {'MIC', @void}, {'BASS', @val={' \'', 'Master'}}], 0x39) syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x20000) mmap(&(0x7f0000788000/0x4000)=nil, 0x4000, 0x2000009, 0x50013, r2, 0x6b9fe000) 16.557840563s ago: executing program 0 (id=34): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x80080, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) close(0x5) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r6, 0x4004ae86, &(0x7f0000000000)=0x8) close(0x4) close(r5) r7 = dup(r2) mmap(&(0x7f00006b7000/0x3000)=nil, 0x3000, 0x1000006, 0x28011, r7, 0x0) ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 15.987867125s ago: executing program 2 (id=35): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x5}}, './file0\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x11, r1, 0x2000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) 15.948075375s ago: executing program 0 (id=36): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) close(r0) ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f0000000040)={0x0, @ctrl}) (async) r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x3, 0x109000) ioctl$I2C_TENBIT(r1, 0x704, 0x0) (async) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) (async) r2 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r2, 0x5421, &(0x7f0000000180)=0x8de6) (async) ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f00000001c0)={0x2, 0x3ff, 0x1}) (async, rerun: 64) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) (async, rerun: 64) r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.bfq.sectors\x00', 0x0, 0x0) ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f0000000280)={0x1, r4}) (async) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000300)={0x9e67c1c452ac77b5, @capture={0x1000, 0x0, {0x7fff, 0x39f}, 0x5, 0x6}}) (async) write(r5, &(0x7f0000000400)="cce08b2efd0efee7b090875e87d03f86b26c6a94b2031875d5b3e35b4c3903d1a3e0a5532ba5bd36b4e62799c8d92ad79db6107b4b0acbfab5b069e0cb4bfc2a6b902ff2c591160c90e308d45579", 0x4e) r6 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$vhost_msg_v2(r6, &(0x7f0000000600)={0x2, 0x0, {&(0x7f00000004c0), 0x0, &(0x7f0000000500)=""/196, 0x3, 0x2}}, 0x48) (async) write$RDMA_USER_CM_CMD_GET_EVENT(r4, &(0x7f0000000800)={0xc, 0x8, 0xfa00, {&(0x7f0000000680)}}, 0x10) (async, rerun: 64) ioctl$VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000840)={0x1, @pix_mp={0xcd3, 0x5, 0x3447504d, 0x5, 0xb, [{0xfffffffb, 0x4}, {0xeb5, 0x10000}, {0x200}, {0x5, 0x8000}, {0x9, 0x1000}, {0x4e3a, 0x5}, {0x7fff, 0x800}, {0xffffffff, 0x2}], 0x6, 0xb, 0x8, 0x1, 0x5}}) (async, rerun: 64) read$FUSE(r4, &(0x7f0000000940)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000002a00)={{0x8, 0x1, 0x1, 0x8001, '\x00', 0x800}, 0x1, 0x100, 0xa55, r8, 0x5, 0x264, 'syz1\x00', &(0x7f0000002980)=['cgroup.subtree_control\x00', '$^{-\x00', 'cgroup.subtree_control\x00', '/\x87/!,]/)|.m}\x00', '@\x00'], 0x42}) (async, rerun: 32) ioctl$BTRFS_IOC_START_SYNC(r6, 0x80089418, &(0x7f0000002b40)=0x0) (rerun: 32) ioctl$BTRFS_IOC_RM_DEV_V2(r4, 0x5000943a, &(0x7f0000002c00)={{r3}, r9, 0x2, @inherit={0x60, &(0x7f0000002b80)={0x1, 0x3, 0x100000000, 0x9, {0x20, 0x0, 0xf9, 0x4, 0x6}, [0x1, 0x38, 0x4]}}, @name="dc0701370075f5c3a51ec569508bcc76d7ec4d639be0430f06509e7a23e6f9b7ccc40326e91c24c8b3698c304aae7e6ea4e4dfb1898309a646925eb2f006e5d6c5bcb6e67c4d60e42327295765332306be06a72f8071948035f3b6587e1ab89c0b72bb055aec79799e546777886a97345ca097c4373c592152d200ebbdd44814a0f612283baa7d267c2927d140e34a61c1dd9bdf09a034d39a32cf4037dd3ff081c621eaab2adf6309294089b2f82214a3bad8f8910f85f48aafde8ec090a6f443c49aea19f9b64ff5b8c6f3162d2e62b95a0b83ef5121ebd239b964581ca8dff415e0714e08aaaec28e01f853324ab650351145afe362c11c908ee262905f56dc663f76a8107f9c9bd39706c5635a414cda8012ff5b9ee6ca203c151e79eb6569fb5ae429cd3514678c2bbc3dba70625fa048b93783e030d1846cc4c68613d4cb1ea6d6b63df69116e47fc385143d0fd68e09970d545e533e42b1f387fd48278f8fd054a0bef6e6402aac4d16967d6344e76a82b19db6c88e334f980d01e385f8912fb8f16790003037e27ba1958a06e3d6e2d92a98fe65c92122f05f949e38931baa29183d9b24b94ed044a5a842f474d23ae5ca5def08f2e3fb99a59b49f7b1b241ab71e6155cca0adc83e50f9f87fada1c3c92eafc32f7ceb4376183ae34966cdd21b87aaaf8f68fcbd6bfebe192df10045e9b217c36677b15e02fad6d912de4b7e7f0faf027b4bf5aff08a790f7eed8b44c11c3a9c742100507f34305f319453a3191911aa33214deaa2a0d886bea6885d99de124fc82b093c4a0a4b1b85c2146171f1c68777a0becc93d923e364b2e3344933d031bce251e989c88041a16d8c6090c0317047104ab027f53742013dcf36b35e3cdfd36dfa5cf33104e4a28470e549fd6666a321a6399468b6f8869d742b93bfa0ed6928ee9d382876b4fc39abd5f278b7c228cf3788824839a5d3e3a4a2b9aadbed1186fa74f5e5e444d662fd895d244d68e5d595a83033ccfa598487779e8ca08672ecbf59a572d233f7e0d0357e71011795b1fa0f41babe46f12314ce7c1ec4e442bc6cf03b3ffdb635800fab0897a848660a805c7d852c1104c06dd48f775ee7bd7924e1a90ae9bd4bb89c2cd45c7129e7f09031b3422a6bf4d25c92a83b27decdceb7937c6d3ed7d80cbd9d3e1488fe78b83a8e6f7ea5b02ee6e67f5fa82dd840709ed4e5a9de81b9c8ba4dc5413da9eef662ce3fbf7c950f497eac665abe9e224ae19ca7b6ab8dd1b6ec01d396af8348a629be289a472aeea710146d87f0738ef9fdf29205a603ba60faef9f7328c25bb12526fe7bf9642decc31cbb385debb653ee6ff866caa2aed0f8febea9194fefbc4bdbee6dcc18935d1b18933890c65c2adf26885e6c1c837c80068e178ca399f1147972fe234071561e62df0e675da9a7e100088bae4788bbc5a65245d110793fb0a74abf6f34f3693e6c50d798377695b41aa62214973c38eb14e2f0dd2b986b41633292f3696afd7c655b841f9096d3441649ee2573c2c2b4781a42dab747ca8c13822a865cc8d842a74f55d7ff762a064d794647c88e6a55657efebaa92446109f5f5eb94d7f451d7b59ffdda1daef46d1f2701eae3962fc97b58804e1bf6025844d704d6a345a1475efe5d667ae41d273b873a5dcfcf3088206240f68143db681dbb5e91ac69da544137fa4d5b4bd9aaeef7ecdaad1aa5d63dcecb8a50c011406553fa8dbe06e17bc4ceb78fcadea194f1ce3426ead0432551609af33e7f254638f4f56f2b9f7a823b63f04f5cc889e5c91e9b32f8a1d3c00db86d0902ce13073483231823b2d5e8f512e32e29773a4a69d2f0445a7f0f29b809e407e1d0c4df45e632c7e2bc3a079919377400857c4e6e614d6eb4a3b22fae65caba55290e285c108352696e7812086df271d63a4bab7438fd0cbecc8835b3ef79e3df9f67673c2a5675c88ec4ee4dcdde678124927c99a490c05060b61f1c7cb19c5a26b20fa142cdc137095f594c2ed56c2a066f391f17c581566f1e7428a68d44f2fd8d041e26e23d4b3d372683a240c5fd8a3029c3baa4792e370db6a85411983cc177bda6e5c13ccf45056b3be8b7aeaffed9dbbcd00bd7a82dc7feb42fc6ec192d79831d9541e2115bd28afdd067d2e2de5f4f67935530153a4e73796ef0150b6f1af8cd89b5de11c4d39e749397296e40b4138da02e4d053242c0d387a6e12aee35f931459479792b31995d411549c98ec32c642ca8fafeaabca3e912e3711412cc137e509554841589df2094dba455d4390eb117f4fbdd26c8dd36667ff905d244c0576b2c4d4351b34d422c73f14d3ae111c95e73c9385740121d5a9f97ed363ac5a6c8da276f28270cd85e75bb0a8e6717ae84990aed6350e0fd79d949e9d3c8a85cc87c910edb99936a862585a79262659882a36b23f1938e156f4dd20a5f94251eaf4f7c6d7f0ec256a62e2e47302e97e4a8d0a5d3ff0e81c3bb37d3a4b2571eb3c0a6ae1c497425fd129640d13754b50a58f310b242e4f2ec3ec6e916bd467c0bc5240199ef8f8faa73bb4b60e51909f0b96463f9b69b106d401de7e97f801a66882eec54e7ad078f8a1671c0cc8326c7656c7f4abd5182f9f73554c9efd5fb205a9bd39a782df807d96140399df7963219838df658d597988d9edd7268db6d91d42f17aeb30fbeef1994a8713f1dad9347af86cc527b6b56263454c1111a26f8fb255686735fd92c55cfa01d6985a826f4378ecb2158d572a219cae518b7c42731d603786575594ef0ebaf84347e3de15ad43b5e96104d82e46a04250ef99f8feff86cfae7dfe05cf4d6cef69cdb2dcaaf6f9fdd249f2b3e08438955f940d0dab16908ae32585ab0992862da14ec77357841fd1e3bbe9dcc8a56883e5f3b73dced953e4de96967952c04c37446e60a36b03e5238a6a638e4bc0cf80cd8a2bfefb2f633a8ff22d6f924eecce6c35a3dea725fd7191be662365677309f394fa1bc09477eda1c474e5261ca1732283f3c8f758ab00ee8eba666f7ee6caf5496c420e8f89452c9f64a2a2fb70c1e277b690ebf22354af174e24596fbbf97a6384ef328c129b2feebd8ad6c70fee3843e7f53a0f62400431748eb10c6e3b2e97c03f9bc48bba45401786a4e466e9f1e2668db1c2cb3294042acbfcdeaf182c8f5d6a80da7178c11e4537af5d5b73f0620c3fd03b930c33afafc3bfb8cc305316282f5a4d6dec804307789b4c44e17bc11ee5473bb566bfe1356d489e31135a2bd483fb20950d8b7ce2924f110fd1aa0c4d4f67f59b92fe1777fd6e2ff0e22086c05b9852cacd24769fcde13eb54293b6f8668c057c933b680e59231f8937e3ee10dfd90217c218e41e374cd974967f3ef5af9af1af9c0bf0e348d184ae0d479a44b02b47723a09d77961a22434f51c95e877d844bf14beeda638a4716a08c9f41e2f13cac761df7f8036d5c08bc8b1acd00b35fa70be70380e5d0e2c039edb9805ed9ee74909c2d3b1e214d510081aa80af1d7c4a3e147aec9906082cb9d67a8cb83d0b33db6638ff32c654765b319f76881d5793746a087d3a79ae4996c8592d19bf23593fa4221427510a9ba92c8ada88762d33a10021d9a319a27fa967ce81381f2b7733bbe0586147c0396746b4df9ea214ed68e7e905500d8ef6350c143f54c3eeeb53a10ec2d373acb1f5aafe3537b4282509d07172a705229c404e690c4937d1c805fb8b11307fbb93d2a86bb517863f8d3fb7e02c0d6eca55d6a8a366cb488fee68e22926a46191dcbf27bb84dbfb4006b0ca47d55c53271a5027f4894d3974b8f3f06dc5d3887914fc64e6dc2c545013c69103592f5ae48da7f6dbbb890afbdd82272f52d2469af9f3622df510d4639f827888d4a21610ba0054186fa09715119d070ac416c9be144ae152e49a785f417dccdb1b45c8c1140e026aed69b0de81457255e12aa6e9ac2d1b06d980bab5475a82bb6a003718ee4e92a98dd345bfe8d8f6029a44f160101ec88e375d554cdea074fe8c172f31b1bb2f3b8a87ab4a2c7a79cb3c7f46e246363c2dd73d577d1eae8e9c0bfdcfff70b6270c812bdb8b07ee0e01e8fc5cc971b3fd5f5760bdf32733040ee2e6ba62cdc87465b3f5ca8f8f66f7850950ff7ec870776d785c4ba1491e495aa8fd8760a0ffc794c13d6028ecd9f73344b46f3f7b448b977af10d903debaa71525705800d933b46f4dabc75cd3455d2e6cdfdf12df49be536b53924f59e413663dfeb917bce6d0678f7c44b874020f01feec559600ccab29fec24e2075c8be16e4f5edf5ea1e92334d5d724d55e75c5de88a1d17e9f29cf6aa0c858ea6849f33ab10c66239ae69c65b26f2e46e488bed98c4e881870f91359ab508ffefd52e29ba04c1d1ae79954467568892745d97330526ba58de25aa6c4a8df3fbe9683f605b52e90790e906a479661b1bcc2d1a3c35d086ba89d410195f8580f2d070fe7a4029edb72d8827e97778c3527e3135c7029a6f4c9137c5303560ab8f8774ffcd616dff6b4d584b6c13b4b37f5eb2c0b2e1caa39564bfefccb75668531bd4a6adb49d70c7fc9ad97e1b1c2d6963877bca2d1139853b5fef05d7a194ab4841581e0549852c7d59801b17e45288cd8c868dbc471c750a28af1e17338cbfb5187f54d7315e0a987005300d960dcd6f8c950b5f7c973dcc388c64f8926ebeb6761cff5386c2e78747be458759ca6da11979bc5814c065a85c7dcad3a150eb1be6c5c61f09d08896d8868b3f0c0612c050816f9655e6168fb3a7defbed4aa07f420f4b9f9147fb48f4c480f7586618531ec6421ab9fdbbd951569ea014ca90b3e7e3ba3fa75f6b93b46cfd4dbb741e7230aa92c9662aff93a66badbedc36ad59be2a0739f5a58aff94f06dbafa0363271428b7c1cf8252cf0035bf419b969e584873808fd1b1bef7d587f28a7016d743fbe3366371248c07d2805f89fa5ea099b4759a25d34e061c71ab2e6270aa9b0ab0a1ed2dfd261c23e42105efd208f46d6327166622511c617364b2f429b25a4f385cbaabcb29024351f7a440e699ec881691ca8ba78d60717097ca00cfff320403a489df22a9a231359b19a929991451b48fb7ab112c7d5c78c3fd371859d4ed1af8c4b264afd15531f2755d8d3c8beb8e776665844bd02521e6e52c6e3aa097cb9ff7d5aca921fdd5eb7e8d8cd71c9ce2426162d12c376a3317b1b5a30928d94fc58c8f2838e66b24e9f7a256ab53e3a06a54a78b47c96928fad2f4476ebb0af0f12f3df45e83b0a9f14aebbee5fcdb6684841aaac7134bc5a4af256ca752cb7274a951168c4b8317fee7880b72e75832763350413852043fbc07c84d4ccce1df7b8824951fdf4dd1b1e08f0e0032000a8e134b1d5873747f5044ca934167a73e1618d109b7b5dc51401c195c8cde2ef5d601581c9315ad2cd002c07e400d73f3e0cedbb53cb8b060867f7b956b37835c21a9c3645f16fbb150b30e0ba26690d8423bfec7862695fb96eb30c3c81eed6c7fcff6107f38415a61f00b5b5aac087089d6e2fcb21818a186ef879b1cf116b4caf38e98943069bc2b72c847ea7826169eaa762346d493d7fdfb53168e251faf15e4865fb0cfbee1b02903b8697bb4651000ba8da1d78d0107e6c04ef7de0d1a4c80c075ff9778852af89351c7490b91a89f4e1856a064a26454c3effd6b3aaf3cb450b0722ffff00"}) (async) syz_open_dev$dmmidi(&(0x7f0000003c00), 0x7cb7, 0x0) (async) r10 = syz_open_dev$video4linux(&(0x7f0000003c40), 0x6, 0x400000) ioctl$VIDIOC_SUBDEV_S_SELECTION(r10, 0xc040563e, &(0x7f0000003c80)={0x0, 0x0, 0x2, 0x5, {0x9, 0x2, 0x1, 0x5}}) ioctl$EXT4_IOC_GETSTATE(r10, 0x40046629, &(0x7f0000003cc0)) (async, rerun: 64) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000003d00)={0x20, 0xffffffffffffffda, r7, {0x0, 0x305eb808710d8f93}}, 0x20) (async, rerun: 64) write$6lowpan_enable(r4, &(0x7f0000003d40)='1', 0x1) (async) ioctl$VIDIOC_SUBDEV_S_EDID(r10, 0xc0285629, &(0x7f0000003dc0)={0x0, 0x8, 0x0, '\x00', &(0x7f0000003d80)=0x2}) 15.794047422s ago: executing program 2 (id=37): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r2 = openat(r1, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x401342, 0x40) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x0, "ff0f00000000000001a82d866bf4ff0713e4b89c3c00", 0xffffffffffffffff}) ioctl$SYNC_IOC_FILE_INFO(r4, 0x40103e05, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x2, 0x0}) write$cgroup_pid(r2, 0x0, 0x0) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000180)) read$FUSE(r1, &(0x7f0000000300)={0x2020, 0x0, 0x0}, 0x2020) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000000)=0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x0, 0xee01}}, './file0\x00'}) write$FUSE_CREATE_OPEN(r2, &(0x7f00000000c0)={0xa0, 0xfffffffffffffffe, r5, {{0x4, 0x1, 0xffffffffffffffff, 0x8, 0x3, 0x7ff, {0x0, 0x754, 0x4, 0x101, 0x6, 0x6, 0x6, 0x401, 0x0, 0xa000, 0x7, r6, r7, 0x80, 0x7}}, {0x0, 0x16}}}, 0xa0) r8 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$tcp_congestion(r8, &(0x7f0000000100)='reno\x00', 0x5) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) ioctl$VT_GETMODE(r2, 0x5601, &(0x7f0000000200)) write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12) 15.656014532s ago: executing program 2 (id=38): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0) write$cgroup_devices(r1, &(0x7f0000000200)=ANY=[@ANYBLOB='b *:* rwr'], 0x9) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 15.630046093s ago: executing program 0 (id=39): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$tcp_congestion(r2, 0x0, 0xffffff93) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f00000001c0)={0xfffffffe, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r6, &(0x7f0000002f80)={0xa0, 0x0, r7, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r8, r9, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r10, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r10, &(0x7f0000002f80)={0xa0, 0x0, r11, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r12, r13, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000200)={0xa0, 0x0, r5, {{0x2, 0x1, 0x6, 0x9, 0x9, 0x8, {0x5, 0xb27, 0x3, 0xe, 0x1, 0xfffffffffffffffe, 0x5, 0x1, 0xfffffff8, 0x2000, 0x0, r8, r13, 0x9, 0xffff246b}}, {0x0, 0x4}}}, 0xa0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 15.131314744s ago: executing program 2 (id=40): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1a5000, 0x0) read(r1, &(0x7f00000001c0)=""/218, 0xda) r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00) preadv(r2, &(0x7f0000000840)=[{&(0x7f0000000640)=""/223, 0xdf}], 0x1, 0xe, 0x23) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 4.094884653s ago: executing program 32 (id=28): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x581080, 0x0) ioctl$KVM_CREATE_PIT2(r0, 0x4040ae77, &(0x7f0000000040)) read$nci(0xffffffffffffffff, &(0x7f0000000080), 0x0) write$vga_arbiter(r0, &(0x7f00000000c0)=@target={'target ', {'PCI:', '1f', ':', '3', ':', '10', '.', '19'}}, 0x16) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2) ioctl$KVM_RUN(r1, 0xae80, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000100)={0x6, 0x0, [{0x266, 0x0, 0x80000001}, {0xa9e, 0x0, 0x1}, {0x3b8, 0x0, 0x8}, {0x3bc, 0x0, 0x5}, {0x3f5, 0x0, 0x3ff}, {0x64e}]}) ioctl$KVM_X86_SETUP_MCE(r1, 0x4008ae9c, &(0x7f0000000180)={0x19, 0x0, 0x9}) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f00000001c0)={0x3}) ioctl$KVM_CAP_VM_COPY_ENC_CONTEXT_FROM(r0, 0x4068aea3, &(0x7f0000000200)={0xc5, 0x0, r2}) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000340)={0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb9, &(0x7f0000000280)="5c1e9f4df952b6216fc1c3691c75bf8d8a7ee4047f066b295d9ed73e438b51c35eef660553115bb3c43576f6c0e876cc7e6e29deb21d6cbeb6b9c9343db29bc328648e10bbb76c3c378a9f2a9525207cb3f3411bdc42d1c75550348cbabfff91c9e023a7a69f59a3801094bafa47d68f8dfb9e6cad49a39c5e242106c6c5a8381dd9acf1931edbf8b9838f4ae273c7a4efb470788951afeca723c850cc408fd7f8fc3aeddce3d8fb127caa722a086375353b33156b5bc439c9"}) ioctl$IOMMU_DESTROY$hwpt(r0, 0x3b80, &(0x7f0000000380)={0x8, r3}) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f00000003c0)={0x3000000000000000, 0x10000, 0x0, 0x5, 0xe}) write$vga_arbiter(r0, &(0x7f0000000400), 0xf) ioctl$EVIOCGREP(r0, 0x80084503, &(0x7f0000000440)=""/74) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000004c0)={0x48, 0x2, 0x0, 0x0, 0x0}) ioctl$IOMMU_DESTROY$stdev(r0, 0x3b80, &(0x7f0000000540)={0x8, r4}) ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000580)={[{0x9, 0x8000, 0xe, 0x0, 0x81, 0x8, 0x40, 0x8, 0x5, 0x3, 0x5, 0x2, 0x2}, {0xc4a, 0x3, 0x5d, 0x9, 0x3, 0x6f, 0x8, 0x0, 0x81, 0xa1, 0x7, 0xd, 0x2}, {0x2, 0x39, 0x9b, 0x0, 0xb5, 0x2, 0x9, 0xb6, 0xe, 0xb, 0xf, 0x5, 0x9}], 0xe}) write$vga_arbiter(r0, &(0x7f0000000600), 0xf) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r0, 0xf505, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(r0, 0xc0189377, &(0x7f0000000640)={{0x1, 0x1, 0x18, r1, {0x8, 0xffffffff}}, './file0\x00'}) close(r5) close(r0) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000680), 0x2, 0x0) write$nci(r6, &(0x7f00000006c0)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x0, 0x2, 0x2, 0x4, {0x0, 0x4, "c73f2dbc"}}, 0x9) mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000009, 0x4000010, r1, 0x3ba3b000) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$TIOCMGET(r0, 0x5415, &(0x7f0000000700)) 3.072334304s ago: executing program 33 (id=29): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc0405519, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 40.912755ms ago: executing program 34 (id=39): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000001c0), 0x1, 0x0) write$tcp_congestion(r2, 0x0, 0xffffff93) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r1, &(0x7f00000001c0)={0xfffffffe, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0}, 0x2020) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r6, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r6, &(0x7f0000002f80)={0xa0, 0x0, r7, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r8, r9, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) r10 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r10, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r10, &(0x7f0000002f80)={0xa0, 0x0, r11, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r12, r13, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) write$FUSE_CREATE_OPEN(r4, &(0x7f0000000200)={0xa0, 0x0, r5, {{0x2, 0x1, 0x6, 0x9, 0x9, 0x8, {0x5, 0xb27, 0x3, 0xe, 0x1, 0xfffffffffffffffe, 0x5, 0x1, 0xfffffff8, 0x2000, 0x0, r8, r13, 0x9, 0xffff246b}}, {0x0, 0x4}}}, 0xa0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 0s ago: executing program 35 (id=40): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1a5000, 0x0) read(r1, &(0x7f00000001c0)=""/218, 0xda) r2 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00) preadv(r2, &(0x7f0000000840)=[{&(0x7f0000000640)=""/223, 0xdf}], 0x1, 0xe, 0x23) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.40' (ED25519) to the list of known hosts. [ 82.647518][ T5823] cgroup: Unknown subsys name 'net' [ 82.780017][ T5823] cgroup: Unknown subsys name 'cpuset' [ 82.789022][ T5823] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 84.347775][ T5823] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 88.406974][ T5845] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 88.414702][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 88.415338][ T5846] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 88.422967][ T5845] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 88.437019][ T5846] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 88.439705][ T5845] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 88.446058][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 88.452369][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 88.458444][ T5846] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 88.466953][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 88.479696][ T5845] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 88.513664][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 88.516194][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 88.521943][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 88.532851][ T5848] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 88.543137][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 88.551939][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 88.559739][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 88.576192][ T5848] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 88.576898][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 89.051671][ T5835] chnl_net:caif_netlink_parms(): no params data found [ 89.259983][ T5834] chnl_net:caif_netlink_parms(): no params data found [ 89.299336][ T5833] chnl_net:caif_netlink_parms(): no params data found [ 89.337891][ T5835] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.345528][ T5835] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.353362][ T5835] bridge_slave_0: entered allmulticast mode [ 89.361022][ T5835] bridge_slave_0: entered promiscuous mode [ 89.375009][ T5836] chnl_net:caif_netlink_parms(): no params data found [ 89.402112][ T5835] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.409500][ T5835] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.416825][ T5835] bridge_slave_1: entered allmulticast mode [ 89.424053][ T5835] bridge_slave_1: entered promiscuous mode [ 89.552035][ T5834] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.559408][ T5834] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.567244][ T5834] bridge_slave_0: entered allmulticast mode [ 89.574539][ T5834] bridge_slave_0: entered promiscuous mode [ 89.584913][ T5835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.608905][ T5834] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.616795][ T5834] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.623981][ T5834] bridge_slave_1: entered allmulticast mode [ 89.631672][ T5834] bridge_slave_1: entered promiscuous mode [ 89.640126][ T5835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.749827][ T5835] team0: Port device team_slave_0 added [ 89.759069][ T5835] team0: Port device team_slave_1 added [ 89.778388][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.785720][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.793065][ T5836] bridge_slave_0: entered allmulticast mode [ 89.800914][ T5836] bridge_slave_0: entered promiscuous mode [ 89.810614][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.817771][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state [ 89.824945][ T5833] bridge_slave_0: entered allmulticast mode [ 89.833220][ T5833] bridge_slave_0: entered promiscuous mode [ 89.842850][ T5834] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 89.855829][ T5834] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 89.877284][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.884401][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.891856][ T5836] bridge_slave_1: entered allmulticast mode [ 89.899336][ T5836] bridge_slave_1: entered promiscuous mode [ 89.920777][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.929921][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state [ 89.937362][ T5833] bridge_slave_1: entered allmulticast mode [ 89.944502][ T5833] bridge_slave_1: entered promiscuous mode [ 89.978325][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 89.985387][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.011972][ T5835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.072673][ T5835] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.079707][ T5835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.107153][ T5835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.120907][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.147544][ T5834] team0: Port device team_slave_0 added [ 90.156816][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 90.175262][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.187102][ T5834] team0: Port device team_slave_1 added [ 90.207719][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 90.301185][ T5836] team0: Port device team_slave_0 added [ 90.311710][ T5833] team0: Port device team_slave_0 added [ 90.333434][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.340434][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.367551][ T5834] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.380371][ T5836] team0: Port device team_slave_1 added [ 90.391458][ T5833] team0: Port device team_slave_1 added [ 90.402864][ T5835] hsr_slave_0: entered promiscuous mode [ 90.411471][ T5835] hsr_slave_1: entered promiscuous mode [ 90.418832][ T5834] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.426191][ T5834] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.452526][ T5834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.529039][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.536201][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.563620][ T5845] Bluetooth: hci1: command tx timeout [ 90.569388][ T5845] Bluetooth: hci0: command tx timeout [ 90.576437][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.589095][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.596374][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.622639][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.633346][ T5845] Bluetooth: hci2: command tx timeout [ 90.638951][ T51] Bluetooth: hci3: command tx timeout [ 90.646259][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 90.653235][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.679556][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 90.720314][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 90.727382][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.753382][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 90.847554][ T5833] hsr_slave_0: entered promiscuous mode [ 90.854124][ T5833] hsr_slave_1: entered promiscuous mode [ 90.861098][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.868989][ T5833] Cannot create hsr debugfs directory [ 90.894965][ T5834] hsr_slave_0: entered promiscuous mode [ 90.901434][ T5834] hsr_slave_1: entered promiscuous mode [ 90.908343][ T5834] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.916352][ T5834] Cannot create hsr debugfs directory [ 90.949624][ T5836] hsr_slave_0: entered promiscuous mode [ 90.956202][ T5836] hsr_slave_1: entered promiscuous mode [ 90.962346][ T5836] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 90.970169][ T5836] Cannot create hsr debugfs directory [ 91.407949][ T5835] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 91.431250][ T5835] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 91.441489][ T5835] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 91.461019][ T5835] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 91.509447][ T5833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 91.532834][ T5833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 91.557260][ T5833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 91.569504][ T5833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 91.628322][ T5836] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 91.658807][ T5836] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 91.670969][ T5836] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 91.681646][ T5836] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 91.751603][ T43] cfg80211: failed to load regulatory.db [ 91.808556][ T5834] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 91.822007][ T5834] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 91.845852][ T5834] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 91.864363][ T5834] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 91.919636][ T5835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.948389][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 91.982155][ T5833] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.012632][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.020015][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.039413][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.046586][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.070047][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.080872][ T5835] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.111645][ T1093] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.118854][ T1093] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.156557][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.163718][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.214524][ T5836] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.258297][ T5834] 8021q: adding VLAN 0 to HW filter on device bond0 [ 92.267206][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.274388][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.304313][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.311504][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.359654][ T5834] 8021q: adding VLAN 0 to HW filter on device team0 [ 92.432983][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 92.440207][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 92.501710][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 92.508938][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 92.627666][ T51] Bluetooth: hci0: command tx timeout [ 92.633197][ T5845] Bluetooth: hci1: command tx timeout [ 92.710168][ T5845] Bluetooth: hci2: command tx timeout [ 92.715841][ T51] Bluetooth: hci3: command tx timeout [ 92.841349][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.919513][ T5835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 92.993754][ T5833] veth0_vlan: entered promiscuous mode [ 93.014187][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.054199][ T5833] veth1_vlan: entered promiscuous mode [ 93.090578][ T5835] veth0_vlan: entered promiscuous mode [ 93.119708][ T5835] veth1_vlan: entered promiscuous mode [ 93.143833][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 93.158733][ T5833] veth0_macvtap: entered promiscuous mode [ 93.168395][ T5836] veth0_vlan: entered promiscuous mode [ 93.189151][ T5833] veth1_macvtap: entered promiscuous mode [ 93.219855][ T5836] veth1_vlan: entered promiscuous mode [ 93.229400][ T5835] veth0_macvtap: entered promiscuous mode [ 93.244252][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.270312][ T5835] veth1_macvtap: entered promiscuous mode [ 93.287284][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.301401][ T5833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.310761][ T5833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.319873][ T5833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.329884][ T5833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.373964][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.381421][ T5834] veth0_vlan: entered promiscuous mode [ 93.415028][ T5835] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.424232][ T5834] veth1_vlan: entered promiscuous mode [ 93.443674][ T5835] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.453115][ T5835] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.462736][ T5835] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.471540][ T5835] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.493334][ T5836] veth0_macvtap: entered promiscuous mode [ 93.509963][ T5836] veth1_macvtap: entered promiscuous mode [ 93.580585][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.583374][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.595843][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.623363][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.632834][ T5834] veth0_macvtap: entered promiscuous mode [ 93.662927][ T5836] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.672515][ T5836] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.681791][ T5836] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.690825][ T5836] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.712156][ T5834] veth1_macvtap: entered promiscuous mode [ 93.754310][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.764229][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.800553][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 93.830041][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.845143][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.854706][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 93.877374][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 93.906500][ T5834] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.916425][ T5834] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.925184][ T5834] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.934365][ T5834] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 93.967683][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.979990][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.061266][ T5926] usb usb8: usbfs: process 5926 (syz.0.1) did not claim interface 0 before use [ 94.091365][ T5927] usb usb8: usbfs: process 5927 (syz.0.1) did not claim interface 0 before use [ 94.127679][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.135562][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.201270][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.239519][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.320405][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.343693][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.369233][ T1093] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 94.383542][ T1093] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 94.449391][ T5937] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 94.705811][ T5845] Bluetooth: hci1: command tx timeout [ 94.711314][ T51] Bluetooth: hci0: command tx timeout [ 94.778777][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 94.786010][ T51] Bluetooth: hci2: command tx timeout [ 94.786761][ T5844] Bluetooth: hci3: command tx timeout [ 96.786171][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 96.786286][ T5844] Bluetooth: hci4: command 0x1003 tx timeout [ 96.792479][ T51] Bluetooth: hci1: command tx timeout [ 96.792529][ T51] Bluetooth: hci0: command tx timeout [ 96.866061][ T5845] Bluetooth: hci2: command tx timeout [ 96.871559][ T51] Bluetooth: hci3: command tx timeout [ 98.634758][ T6025] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 98.655672][ T6025] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 98.694823][ T6025] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 98.713847][ T6025] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 98.759733][ T6025] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 98.778025][ T6025] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 98.815890][ T6025] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 98.840455][ T6025] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 132.718564][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.725085][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.148369][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.154712][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 245.985737][ T31] INFO: task kworker/0:1:10 blocked for more than 143 seconds. [ 245.993348][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 246.001048][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.009841][ T31] task:kworker/0:1 state:D stack:23928 pid:10 tgid:10 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 246.021969][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 246.031593][ T31] Call Trace: SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 246.034918][ T31] [ 246.037915][ T31] __schedule+0x16f5/0x4d00 [ 246.042620][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 246.051068][ T31] ? schedule+0x165/0x360 [ 246.055475][ T31] ? __pfx___schedule+0x10/0x10 [ 246.060446][ T31] ? schedule+0x91/0x360 [ 246.064728][ T31] schedule+0x165/0x360 [ 246.118649][ T31] schedule_preempt_disabled+0x13/0x30 [ 246.132193][ T31] __mutex_lock+0x724/0xe80 [ 246.136869][ T31] ? look_up_lock_class+0x74/0x170 [ 246.142018][ T31] ? __mutex_lock+0x51b/0xe80 [ 246.146799][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 246.153070][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 246.158293][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 246.164050][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 246.169859][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 246.176071][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 246.181819][ T31] process_scheduled_works+0xae1/0x17b0 [ 246.187490][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 246.193524][ T31] worker_thread+0x8a0/0xda0 [ 246.198283][ T31] kthread+0x70e/0x8a0 [ 246.202392][ T31] ? __pfx_worker_thread+0x10/0x10 [ 246.207577][ T31] ? __pfx_kthread+0x10/0x10 [ 246.212199][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 246.217559][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.222906][ T31] ? __pfx_kthread+0x10/0x10 [ 246.227613][ T31] ret_from_fork+0x3f9/0x770 [ 246.232244][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 246.237505][ T31] ? __switch_to_asm+0x39/0x70 [ 246.242308][ T31] ? __switch_to_asm+0x33/0x70 [ 246.247138][ T31] ? __pfx_kthread+0x10/0x10 [ 246.251764][ T31] ret_from_fork_asm+0x1a/0x30 [ 246.257160][ T31] [ 246.260319][ T31] INFO: task syz.3.28:6016 blocked for more than 143 seconds. [ 246.268621][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 246.276342][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.285070][ T31] task:syz.3.28 state:D stack:25128 pid:6016 tgid:6016 ppid:5836 task_flags:0x400040 flags:0x00004004 [ 246.297092][ T31] Call Trace: [ 246.300388][ T31] [ 246.303329][ T31] __schedule+0x16f5/0x4d00 [ 246.307976][ T31] ? __lock_acquire+0xab9/0xd20 [ 246.312856][ T31] ? schedule+0x165/0x360 [ 246.317294][ T31] ? __pfx___schedule+0x10/0x10 [ 246.322194][ T31] ? schedule+0x91/0x360 [ 246.326530][ T31] schedule+0x165/0x360 [ 246.330737][ T31] schedule_preempt_disabled+0x13/0x30 [ 246.336295][ T31] __mutex_lock+0x724/0xe80 [ 246.340826][ T31] ? kobject_put+0x43f/0x480 [ 246.345421][ T31] ? __mutex_lock+0x51b/0xe80 [ 246.350207][ T31] ? rfkill_unregister+0xc8/0x220 [ 246.355449][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 246.360625][ T31] ? __pfx_device_del+0x10/0x10 [ 246.365609][ T31] rfkill_unregister+0xc8/0x220 [ 246.370493][ T31] nfc_unregister_device+0x96/0x2a0 [ 246.375790][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 246.381542][ T31] virtual_ncidev_close+0x56/0x90 [ 246.386629][ T31] __fput+0x44c/0xa70 [ 246.390649][ T31] task_work_run+0x1d1/0x260 [ 246.395254][ T31] ? __pfx_task_work_run+0x10/0x10 [ 246.400477][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 246.405996][ T31] exit_to_user_mode_loop+0xec/0x110 [ 246.411290][ T31] do_syscall_64+0x2bd/0x3b0 [ 246.415961][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.421197][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.427324][ T31] ? clear_bhb_loop+0x60/0xb0 [ 246.432042][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.438038][ T31] RIP: 0033:0x7fb5e2f8e929 [ 246.442494][ T31] RSP: 002b:00007ffeb74f93e8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 246.450999][ T31] RAX: 0000000000000000 RBX: 00007fb5e31b7ba0 RCX: 00007fb5e2f8e929 [ 246.459070][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 246.471888][ T31] RBP: 00007fb5e31b7ba0 R08: 000000000000025c R09: 0000001eb74f96df [ 246.480567][ T31] R10: 00000000003ffb7c R11: 0000000000000246 R12: 00000000000180f2 [ 246.488724][ T31] R13: 00007fb5e31b6080 R14: ffffffffffffffff R15: 00007ffeb74f9500 [ 246.496831][ T31] [ 246.499883][ T31] INFO: task syz.1.29:6025 blocked for more than 143 seconds. [ 246.509604][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 246.517508][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.526391][ T31] task:syz.1.29 state:D stack:24296 pid:6025 tgid:6017 ppid:5834 task_flags:0x400040 flags:0x00004006 [ 246.538668][ T31] Call Trace: [ 246.541979][ T31] [ 246.544915][ T31] __schedule+0x16f5/0x4d00 [ 246.549582][ T31] ? __lock_acquire+0xab9/0xd20 [ 246.554466][ T31] ? schedule+0x165/0x360 [ 246.558954][ T31] ? __pfx___schedule+0x10/0x10 [ 246.563855][ T31] ? schedule+0x91/0x360 [ 246.568191][ T31] schedule+0x165/0x360 [ 246.572470][ T31] schedule_preempt_disabled+0x13/0x30 [ 246.578061][ T31] __mutex_lock+0x724/0xe80 [ 246.582588][ T31] ? __lock_acquire+0xab9/0xd20 [ 246.587517][ T31] ? __mutex_lock+0x51b/0xe80 [ 246.592242][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 246.597706][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 246.602778][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.608083][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 246.614014][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 246.620467][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 246.626418][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 246.631570][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 246.637463][ T31] rfkill_set_block+0x1cf/0x440 [ 246.642351][ T31] rfkill_fop_write+0x44b/0x570 [ 246.647263][ T31] ? common_file_perm+0x199/0x200 [ 246.652312][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 246.657843][ T31] ? security_kernfs_init_security+0x250/0x290 [ 246.664036][ T31] ? rw_verify_area+0x258/0x650 [ 246.668949][ T31] ? __pfx_rfkill_fop_write+0x10/0x10 [ 246.674362][ T31] vfs_write+0x27b/0xa90 [ 246.678768][ T31] ? __pfx_vfs_write+0x10/0x10 [ 246.683571][ T31] ? __fget_files+0x2a/0x420 [ 246.688255][ T31] ? __fget_files+0x2a/0x420 [ 246.692887][ T31] ? __fget_files+0x3a0/0x420 [ 246.697703][ T31] ? __fget_files+0x2a/0x420 [ 246.702346][ T31] ksys_write+0x145/0x250 [ 246.706856][ T31] ? __pfx_ksys_write+0x10/0x10 [ 246.711751][ T31] ? rcu_is_watching+0x15/0xb0 [ 246.716655][ T31] ? do_syscall_64+0xbe/0x3b0 [ 246.721378][ T31] do_syscall_64+0xfa/0x3b0 [ 246.725981][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 246.731226][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.737436][ T31] ? clear_bhb_loop+0x60/0xb0 [ 246.742149][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.748112][ T31] RIP: 0033:0x7fa3b9f8e929 [ 246.752548][ T31] RSP: 002b:00007fa3baeb5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 246.761076][ T31] RAX: ffffffffffffffda RBX: 00007fa3ba1b6080 RCX: 00007fa3b9f8e929 [ 246.769106][ T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000005 [ 246.777217][ T31] RBP: 00007fa3ba010b39 R08: 0000000000000000 R09: 0000000000000000 [ 246.785216][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.793970][ T31] R13: 0000000000000000 R14: 00007fa3ba1b6080 R15: 00007ffe4381aa18 [ 246.802154][ T31] [ 246.805320][ T31] INFO: task syz.0.39:6123 blocked for more than 144 seconds. [ 246.820527][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 246.828243][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 246.837087][ T31] task:syz.0.39 state:D stack:25464 pid:6123 tgid:6119 ppid:5833 task_flags:0x400140 flags:0x00004004 [ 246.849100][ T31] Call Trace: [ 246.852407][ T31] [ 246.855365][ T31] __schedule+0x16f5/0x4d00 [ 246.859952][ T31] ? __lock_acquire+0xab9/0xd20 [ 246.864847][ T31] ? schedule+0x165/0x360 [ 246.869451][ T31] ? __pfx___schedule+0x10/0x10 [ 246.874365][ T31] ? schedule+0x91/0x360 [ 246.878736][ T31] schedule+0x165/0x360 [ 246.882927][ T31] schedule_preempt_disabled+0x13/0x30 [ 246.888468][ T31] __mutex_lock+0x724/0xe80 [ 246.893002][ T31] ? __mutex_lock+0x51b/0xe80 [ 246.897747][ T31] ? rfkill_fop_open+0x12d/0x820 [ 246.902712][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 246.907804][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 246.913115][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 246.918568][ T31] rfkill_fop_open+0x12d/0x820 [ 246.923365][ T31] ? __pfx_rfkill_fop_open+0x10/0x10 [ 246.928781][ T31] misc_open+0x2bc/0x330 [ 246.933064][ T31] chrdev_open+0x4cc/0x5e0 [ 246.937561][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 246.942537][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 246.947583][ T31] do_dentry_open+0xdf3/0x1970 [ 246.952387][ T31] vfs_open+0x3b/0x340 [ 246.956534][ T31] ? path_openat+0x2ecd/0x3830 [ 246.961333][ T31] path_openat+0x2ee5/0x3830 [ 246.966049][ T31] ? arch_stack_walk+0xfc/0x150 [ 246.970963][ T31] ? __pfx_path_openat+0x10/0x10 [ 246.976126][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.982271][ T31] do_filp_open+0x1fa/0x410 [ 246.986837][ T31] ? __lock_acquire+0xab9/0xd20 [ 246.991730][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 246.996865][ T31] ? _raw_spin_unlock+0x28/0x50 [ 247.001750][ T31] ? alloc_fd+0x64c/0x6c0 [ 247.006177][ T31] do_sys_openat2+0x121/0x1c0 [ 247.010888][ T31] ? __se_sys_futex+0x36f/0x400 [ 247.015817][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 247.021073][ T31] ? rcu_is_watching+0x15/0xb0 [ 247.025997][ T31] __x64_sys_openat+0x138/0x170 [ 247.030884][ T31] do_syscall_64+0xfa/0x3b0 [ 247.035392][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.040654][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.046790][ T31] ? clear_bhb_loop+0x60/0xb0 [ 247.051507][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.057464][ T31] RIP: 0033:0x7f1f4478e929 [ 247.061902][ T31] RSP: 002b:00007f1f45541038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 247.070362][ T31] RAX: ffffffffffffffda RBX: 00007f1f449b6080 RCX: 00007f1f4478e929 [ 247.078383][ T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 247.086591][ T31] RBP: 00007f1f44810b39 R08: 0000000000000000 R09: 0000000000000000 [ 247.094696][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.102743][ T31] R13: 0000000000000000 R14: 00007f1f449b6080 R15: 00007ffd8b5bdb88 [ 247.110867][ T31] [ 247.113947][ T31] INFO: task syz.0.39:6126 blocked for more than 144 seconds. [ 247.121481][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 247.131070][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 247.139842][ T31] task:syz.0.39 state:D stack:27240 pid:6126 tgid:6119 ppid:5833 task_flags:0x400040 flags:0x00004004 [ 247.152064][ T31] Call Trace: [ 247.155367][ T31] [ 247.158387][ T31] __schedule+0x16f5/0x4d00 [ 247.162930][ T31] ? __kasan_slab_free+0x62/0x70 [ 247.167936][ T31] ? security_file_open+0xb1/0x270 [ 247.173107][ T31] ? do_dentry_open+0x35e/0x1970 [ 247.178112][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.183023][ T31] ? schedule+0x165/0x360 [ 247.187476][ T31] ? __pfx___schedule+0x10/0x10 [ 247.192375][ T31] ? schedule+0x91/0x360 [ 247.196841][ T31] schedule+0x165/0x360 [ 247.201151][ T31] schedule_preempt_disabled+0x13/0x30 [ 247.206673][ T31] __mutex_lock+0x724/0xe80 [ 247.211216][ T31] ? __mutex_lock+0x51b/0xe80 [ 247.215966][ T31] ? misc_open+0x51/0x330 [ 247.220337][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 247.225382][ T31] misc_open+0x51/0x330 [ 247.229620][ T31] chrdev_open+0x4cc/0x5e0 [ 247.234112][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.239218][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.244243][ T31] do_dentry_open+0xdf3/0x1970 [ 247.249104][ T31] vfs_open+0x3b/0x340 [ 247.253206][ T31] ? path_openat+0x2ecd/0x3830 [ 247.258052][ T31] path_openat+0x2ee5/0x3830 [ 247.262677][ T31] ? arch_stack_walk+0xfc/0x150 [ 247.267725][ T31] ? __pfx_path_openat+0x10/0x10 [ 247.272704][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.278848][ T31] do_filp_open+0x1fa/0x410 [ 247.283373][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.288308][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 247.293371][ T31] ? _raw_spin_unlock+0x28/0x50 [ 247.298263][ T31] ? alloc_fd+0x64c/0x6c0 [ 247.302621][ T31] do_sys_openat2+0x121/0x1c0 [ 247.307532][ T31] ? __se_sys_futex+0x36f/0x400 [ 247.312418][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 247.317715][ T31] ? rcu_is_watching+0x15/0xb0 [ 247.322506][ T31] __x64_sys_openat+0x138/0x170 [ 247.327432][ T31] do_syscall_64+0xfa/0x3b0 [ 247.332055][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.337306][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.343408][ T31] ? clear_bhb_loop+0x60/0xb0 [ 247.348190][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.354115][ T31] RIP: 0033:0x7f1f4478e929 [ 247.358582][ T31] RSP: 002b:00007f1f421f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 247.367067][ T31] RAX: ffffffffffffffda RBX: 00007f1f449b6240 RCX: 00007f1f4478e929 [ 247.375075][ T31] RDX: 0000000000000002 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 247.383119][ T31] RBP: 00007f1f44810b39 R08: 0000000000000000 R09: 0000000000000000 [ 247.391156][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.399197][ T31] R13: 0000000000000000 R14: 00007f1f449b6240 R15: 00007ffd8b5bdb88 [ 247.407237][ T31] [ 247.410353][ T31] INFO: task syz.0.39:6128 blocked for more than 144 seconds. [ 247.418054][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 247.425820][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 247.434506][ T31] task:syz.0.39 state:D stack:28328 pid:6128 tgid:6119 ppid:5833 task_flags:0x400040 flags:0x00004004 [ 247.446491][ T31] Call Trace: [ 247.449792][ T31] [ 247.452726][ T31] __schedule+0x16f5/0x4d00 [ 247.457365][ T31] ? __kasan_slab_free+0x62/0x70 [ 247.462337][ T31] ? security_file_open+0xb1/0x270 [ 247.467521][ T31] ? do_dentry_open+0x35e/0x1970 [ 247.472481][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.477443][ T31] ? schedule+0x165/0x360 [ 247.481814][ T31] ? __pfx___schedule+0x10/0x10 [ 247.486747][ T31] ? schedule+0x91/0x360 [ 247.491027][ T31] schedule+0x165/0x360 [ 247.495210][ T31] schedule_preempt_disabled+0x13/0x30 [ 247.500732][ T31] __mutex_lock+0x724/0xe80 [ 247.505261][ T31] ? __mutex_lock+0x51b/0xe80 [ 247.510126][ T31] ? misc_open+0x51/0x330 [ 247.514741][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 247.519881][ T31] misc_open+0x51/0x330 [ 247.524089][ T31] chrdev_open+0x4cc/0x5e0 [ 247.528729][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.533699][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.538705][ T31] do_dentry_open+0xdf3/0x1970 [ 247.543593][ T31] vfs_open+0x3b/0x340 [ 247.547712][ T31] ? path_openat+0x2ecd/0x3830 [ 247.552507][ T31] path_openat+0x2ee5/0x3830 [ 247.557162][ T31] ? arch_stack_walk+0xfc/0x150 [ 247.562068][ T31] ? __pfx_path_openat+0x10/0x10 [ 247.567068][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.573174][ T31] do_filp_open+0x1fa/0x410 [ 247.577740][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.582617][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 247.587749][ T31] ? _raw_spin_unlock+0x28/0x50 [ 247.592672][ T31] ? alloc_fd+0x64c/0x6c0 [ 247.597074][ T31] do_sys_openat2+0x121/0x1c0 [ 247.601790][ T31] ? __se_sys_futex+0x36f/0x400 [ 247.606703][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 247.611926][ T31] ? rcu_is_watching+0x15/0xb0 [ 247.616771][ T31] __x64_sys_openat+0x138/0x170 [ 247.621657][ T31] do_syscall_64+0xfa/0x3b0 [ 247.626217][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.631447][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.637754][ T31] ? clear_bhb_loop+0x60/0xb0 [ 247.642470][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.648425][ T31] RIP: 0033:0x7f1f4478e929 [ 247.652862][ T31] RSP: 002b:00007f1f41dd1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 247.661314][ T31] RAX: ffffffffffffffda RBX: 00007f1f449b6320 RCX: 00007f1f4478e929 [ 247.669436][ T31] RDX: 0000000000000002 RSI: 00002000000003c0 RDI: ffffffffffffff9c [ 247.677477][ T31] RBP: 00007f1f44810b39 R08: 0000000000000000 R09: 0000000000000000 [ 247.685470][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.693487][ T31] R13: 0000000000000000 R14: 00007f1f449b6320 R15: 00007ffd8b5bdb88 [ 247.701533][ T31] [ 247.704571][ T31] INFO: task syz.2.40:6132 blocked for more than 145 seconds. [ 247.712556][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 247.720228][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 247.728936][ T31] task:syz.2.40 state:D stack:26824 pid:6132 tgid:6131 ppid:5835 task_flags:0x400040 flags:0x00004004 [ 247.740924][ T31] Call Trace: [ 247.744204][ T31] [ 247.747357][ T31] __schedule+0x16f5/0x4d00 [ 247.751903][ T31] ? __kasan_slab_free+0x62/0x70 [ 247.756907][ T31] ? security_file_open+0xb1/0x270 [ 247.762062][ T31] ? do_dentry_open+0x35e/0x1970 [ 247.767097][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.772016][ T31] ? schedule+0x165/0x360 [ 247.776442][ T31] ? __pfx___schedule+0x10/0x10 [ 247.781336][ T31] ? schedule+0x91/0x360 [ 247.785651][ T31] schedule+0x165/0x360 [ 247.789846][ T31] schedule_preempt_disabled+0x13/0x30 [ 247.795315][ T31] __mutex_lock+0x724/0xe80 [ 247.799866][ T31] ? __mutex_lock+0x51b/0xe80 [ 247.804574][ T31] ? misc_open+0x51/0x330 [ 247.808976][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 247.814040][ T31] misc_open+0x51/0x330 [ 247.818367][ T31] chrdev_open+0x4cc/0x5e0 [ 247.822833][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.828493][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 247.833489][ T31] do_dentry_open+0xdf3/0x1970 [ 247.838329][ T31] vfs_open+0x3b/0x340 [ 247.842437][ T31] ? path_openat+0x2ecd/0x3830 [ 247.847265][ T31] path_openat+0x2ee5/0x3830 [ 247.851895][ T31] ? arch_stack_walk+0xfc/0x150 [ 247.856996][ T31] ? __pfx_path_openat+0x10/0x10 [ 247.861950][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.868106][ T31] do_filp_open+0x1fa/0x410 [ 247.872641][ T31] ? __lock_acquire+0xab9/0xd20 [ 247.877543][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 247.882607][ T31] ? _raw_spin_unlock+0x28/0x50 [ 247.887533][ T31] ? alloc_fd+0x64c/0x6c0 [ 247.891923][ T31] do_sys_openat2+0x121/0x1c0 [ 247.896680][ T31] ? __se_sys_futex+0x36f/0x400 [ 247.901571][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 247.906882][ T31] ? rcu_is_watching+0x15/0xb0 [ 247.911671][ T31] __x64_sys_openat+0x138/0x170 [ 247.916597][ T31] do_syscall_64+0xfa/0x3b0 [ 247.921142][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 247.926420][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.932515][ T31] ? clear_bhb_loop+0x60/0xb0 [ 247.937286][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 247.943199][ T31] RIP: 0033:0x7fc9e458e929 [ 247.947688][ T31] RSP: 002b:00007fc9e533b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 247.956163][ T31] RAX: ffffffffffffffda RBX: 00007fc9e47b5fa0 RCX: 00007fc9e458e929 [ 247.964155][ T31] RDX: 0000000000000802 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 247.972343][ T31] RBP: 00007fc9e4610b39 R08: 0000000000000000 R09: 0000000000000000 [ 247.980357][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 247.988437][ T31] R13: 0000000000000000 R14: 00007fc9e47b5fa0 R15: 00007ffc1046fe48 [ 247.996504][ T31] [ 247.999566][ T31] [ 247.999566][ T31] Showing all locks held in the system: [ 248.007354][ T31] 3 locks held by kworker/0:1/10: [ 248.012404][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 248.023491][ T31] #1: ffffc900000f7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 248.037047][ T31] #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 248.048436][ T31] 2 locks held by kworker/u8:1/13: [ 248.053562][ T31] #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 248.063556][ T31] #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x314/0x6d0 [ 248.075039][ T31] 1 lock held by khungtaskd/31: [ 248.080084][ T31] #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 248.090025][ T31] 2 locks held by getty/5596: [ 248.094698][ T31] #0: ffff888030be50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 248.104513][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 248.114798][ T31] 2 locks held by syz.3.28/6016: [ 248.119810][ T31] #0: ffff8881436db100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 248.129685][ T31] #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220 [ 248.139934][ T31] 2 locks held by syz.1.29/6025: [ 248.144904][ T31] #0: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570 [ 248.155185][ T31] #1: ffff8881436db100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 248.165013][ T31] 2 locks held by syz.0.39/6123: [ 248.170012][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.178527][ T31] #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820 [ 248.188758][ T31] 1 lock held by syz.0.39/6126: [ 248.193600][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.202103][ T31] 1 lock held by syz.0.39/6128: [ 248.207006][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.215495][ T31] 1 lock held by syz.2.40/6132: [ 248.220411][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.228945][ T31] 1 lock held by syz-executor/6151: [ 248.234210][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.242751][ T31] 1 lock held by syz-executor/6153: [ 248.247995][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.256555][ T31] 1 lock held by syz-executor/6157: [ 248.261775][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.270279][ T31] 1 lock held by syz-executor/6158: [ 248.275493][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.284038][ T31] 1 lock held by syz-executor/6167: [ 248.289290][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.297949][ T31] 1 lock held by syz-executor/6169: [ 248.303142][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.311711][ T31] 1 lock held by syz-executor/6172: [ 248.316991][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.325459][ T31] 1 lock held by syz-executor/6173: [ 248.330699][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.339235][ T31] 1 lock held by syz-executor/6180: [ 248.344461][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.352976][ T31] 1 lock held by syz-executor/6182: [ 248.358216][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.366736][ T31] 1 lock held by syz-executor/6185: [ 248.372051][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.380604][ T31] 1 lock held by syz-executor/6186: [ 248.386068][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 248.394722][ T31] [ 248.397116][ T31] ============================================= [ 248.397116][ T31] [ 248.405625][ T31] NMI backtrace for cpu 1 [ 248.405650][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 248.405674][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.405685][ T31] Call Trace: [ 248.405693][ T31] [ 248.405701][ T31] dump_stack_lvl+0x189/0x250 [ 248.405724][ T31] ? __wake_up_klogd+0xd9/0x110 [ 248.405754][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.405777][ T31] ? __pfx__printk+0x10/0x10 [ 248.405814][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 248.405845][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 248.405870][ T31] ? _printk+0xcf/0x120 [ 248.405898][ T31] ? __pfx__printk+0x10/0x10 [ 248.405916][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 248.405941][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 248.405963][ T31] watchdog+0xfee/0x1030 [ 248.405978][ T31] ? watchdog+0x1de/0x1030 [ 248.405997][ T31] kthread+0x70e/0x8a0 [ 248.406019][ T31] ? __pfx_watchdog+0x10/0x10 [ 248.406031][ T31] ? __pfx_kthread+0x10/0x10 [ 248.406051][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.406072][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.406093][ T31] ? __pfx_kthread+0x10/0x10 [ 248.406113][ T31] ret_from_fork+0x3f9/0x770 [ 248.406130][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 248.406148][ T31] ? __switch_to_asm+0x39/0x70 [ 248.406165][ T31] ? __switch_to_asm+0x33/0x70 [ 248.406182][ T31] ? __pfx_kthread+0x10/0x10 [ 248.406202][ T31] ret_from_fork_asm+0x1a/0x30 [ 248.406231][ T31] [ 248.406236][ T31] Sending NMI from CPU 1 to CPUs 0: [ 248.563366][ C0] NMI backtrace for cpu 0 [ 248.563381][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 248.563399][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.563408][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 248.563437][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 09 1b 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 248.563449][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 248.563463][ C0] RAX: fb034acade9f2c00 RBX: ffffffff81979d58 RCX: fb034acade9f2c00 [ 248.563474][ C0] RDX: 0000000000000001 RSI: ffffffff8da4c121 RDI: ffffffff8be41880 [ 248.563485][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 248.563496][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fc232f0 [ 248.563507][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 248.563516][ C0] FS: 0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000 [ 248.563529][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 248.563539][ C0] CR2: 0000560582b8e168 CR3: 000000000e138000 CR4: 00000000003526f0 [ 248.563552][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 248.563561][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 248.563570][ C0] Call Trace: [ 248.563576][ C0] [ 248.563581][ C0] default_idle+0x13/0x20 [ 248.563597][ C0] default_idle_call+0x74/0xb0 [ 248.563614][ C0] do_idle+0x1e8/0x510 [ 248.563634][ C0] ? __pfx_do_idle+0x10/0x10 [ 248.563651][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.563675][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 248.563697][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 248.563722][ C0] cpu_startup_entry+0x44/0x60 [ 248.563740][ C0] rest_init+0x2de/0x300 [ 248.563757][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 248.563781][ C0] start_kernel+0x47d/0x500 [ 248.563800][ C0] x86_64_start_reservations+0x24/0x30 [ 248.563827][ C0] x86_64_start_kernel+0x143/0x1c0 [ 248.563848][ C0] common_startup_64+0x13e/0x147 [ 248.563876][ C0] [ 248.564712][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 248.787324][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 248.799136][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 248.809201][ T31] Call Trace: [ 248.812489][ T31] [ 248.815432][ T31] dump_stack_lvl+0x99/0x250 [ 248.820046][ T31] ? __asan_memcpy+0x40/0x70 [ 248.824653][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 248.829865][ T31] ? __pfx__printk+0x10/0x10 [ 248.834480][ T31] panic+0x2db/0x790 [ 248.838404][ T31] ? __pfx_panic+0x10/0x10 [ 248.842826][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 248.848649][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 248.854056][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 248.860233][ T31] watchdog+0x102d/0x1030 [ 248.864574][ T31] ? watchdog+0x1de/0x1030 [ 248.869003][ T31] kthread+0x70e/0x8a0 [ 248.873112][ T31] ? __pfx_watchdog+0x10/0x10 [ 248.877803][ T31] ? __pfx_kthread+0x10/0x10 [ 248.882408][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 248.887645][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 248.892877][ T31] ? __pfx_kthread+0x10/0x10 [ 248.897486][ T31] ret_from_fork+0x3f9/0x770 [ 248.902097][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 248.907223][ T31] ? __switch_to_asm+0x39/0x70 [ 248.911996][ T31] ? __switch_to_asm+0x33/0x70 [ 248.916769][ T31] ? __pfx_kthread+0x10/0x10 [ 248.921381][ T31] ret_from_fork_asm+0x1a/0x30 [ 248.926168][ T31] [ 248.929537][ T31] Kernel Offset: disabled [ 248.933871][ T31] Rebooting in 86400 seconds..