last executing test programs:

5m42.904533216s ago: executing program 2 (id=599):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x1010, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000080))
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x32)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

5m41.420434254s ago: executing program 2 (id=607):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000001540), 0x121100, 0x0)
read(r0, &(0x7f0000001580)=""/207, 0xcf)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff, {0x5}}, './file0\x00'})
preadv2(r1, &(0x7f0000001480)=[{&(0x7f0000000380)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/220, 0xdc}, {&(0x7f00000001c0)=""/62, 0x3e}, {&(0x7f0000001380)=""/239, 0xef}, {&(0x7f0000000200)=""/46, 0x2e}, {&(0x7f0000000240)=""/22, 0x16}], 0x6, 0x3, 0x3, 0x9)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {0xe}, @raw32}], 0x1c)
ioctl$HIDIOCSUSAGE(r1, 0x4018480c, &(0x7f0000001680)={0x3, 0x3, 0x7f, 0x7, 0x1, 0x8})
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000001500)={{0x1, 0x1, 0x18, r1, {0x8}}, './file0\x00'})
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

5m40.395040907s ago: executing program 2 (id=611):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0205647, &(0x7f0000000180)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90f, 0xffffbfff, '\x00', @p_u32=&(0x7f0000000140)}})
r2 = syz_open_dev$swradio(&(0x7f00000000c0), 0x1, 0x2)
ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f00000001c0)=<r3=>0xffffffffffffffff)
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205649, &(0x7f0000000280)={0x990000, 0x7f, 0x9, r3, 0x0, &(0x7f0000000240)={0x990a2d, 0x7, '\x00', @p_u32=&(0x7f00000002c0)=0x6}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r4, 0x400455c8, 0x400000009)
close(0x4)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

5m39.849884441s ago: executing program 2 (id=612):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x0, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0xffffffffffffffff, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x2468e421663b9ff0}}}, 0xa0)
r2 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000240)={0x7, 0x0, [{0xc0000001, 0xffffffff, 0x1, 0x0, 0x6, 0x6, 0x2}, {0x80000007, 0x4, 0x0, 0x7fff, 0x27, 0x7, 0x8}, {0x40000001, 0x8, 0x0, 0x3, 0x7fffffff, 0x5, 0xffff}, {0xb, 0xe5f, 0x1, 0x7, 0xdf4, 0x6, 0x7fffffff}, {0x0, 0x201, 0x1, 0x6, 0x80000000, 0x0, 0xffffffff}, {0xd, 0x2bb, 0x1, 0xd, 0x3, 0x7df, 0xffffffff}, {0x80000008, 0x3ff, 0x0, 0xf9, 0xffffa15c, 0xa524, 0x7}]})
read$FUSE(r1, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r6, 0x4b72, &(0x7f0000000080)={0x4, 0x0, 0x1e, 0x10, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88691b9ae21b3e3b4523ae25c1e27d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b2687a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348307774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d7788b8ebfdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec960400000085a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71829f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc4291507000000000000002195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15d34ca7a819c85e800555db64a717eb23a811356d00"})
r7 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
openat$cgroup_ro(r1, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r8, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_FEATURES(r8, 0x4008af00, &(0x7f0000000080)=0x200000000)
r9 = dup2(r8, r8)
ioctl$VHOST_VSOCK_SET_RUNNING(r9, 0x4004af61, &(0x7f0000000380)=0x1)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

5m38.896015315s ago: executing program 2 (id=618):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {0x2}})
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
close(0x3)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$UHID_INPUT(r6, &(0x7f0000001040)={0xc, {"a2e3ad214fc752f91b38090987f70e06d038e7ff7fc6e5539b5064078b089b0e082363090890e0878f0e1ac6e7049b334c959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b39300d3b6d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d780231c9c99a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f097cbbaba8f1cefdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f068bb87af8b90fd8f08876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b281769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c0ad21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edd0f3349832386469a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a09d367e5f84c96ec664b72934b4905109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e51074b41bc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0xfffffffffffffed6}}, 0x1006)
write$FUSE_DIRENT(r2, &(0x7f0000000140)=ANY=[@ANYBLOB='0\x00\x00\x00\x00\x00\x00\x00', @ANYRES64=0x0, @ANYBLOB="06000000000000000800000000000000020000002f"], 0xfd3e)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r9, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xb, 0x0, 0x8, 0x0, 0x0, 0x2, 0x6, 0x8, 0x9, 0x10}, {0x2, 0x0, 0xc, 0x0, 0x2, 0x0, 0x7, 0x0, 0x5, 0x7, 0x4, 0x4}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x4, 0xfc}, {0x3000, 0xd000, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0xeeef0000, 0x9, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0xdddd1000, 0x0, 0x85, 0x0, 0x0, 0x2, 0x0, 0xa, 0x2}, {0xeeee0000, 0xdddd1000, 0xa, 0xfe, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x6000, 0x1}, {0xdddd1000, 0xffff}, 0xddf8ffdb, 0x0, 0xeeef0000, 0x430, 0x0, 0x2501, 0x4000, [0x100000, 0x0, 0x2]})
ioctl$KVM_SET_GUEST_DEBUG(r9, 0x4048ae9b, &(0x7f0000000300)={0x170003, 0x0, [0x53b2, 0x9, 0x4, 0x5, 0xffffffffffff1e53, 0x5, 0x9, 0xb82]})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
r13 = dup(r12)
ioctl$KVM_SET_MSRS(r13, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="f400000000000000b10000400000000000000000000010"])
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r14, 0xae03, 0xe7)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1)

5m38.394831385s ago: executing program 2 (id=620):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x41a180, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4008af21, &(0x7f0000000240)={0x0, 0x820000, 0x0, 0x0, 0x0})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x1000000, 0x0, 0x20000000})
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000280)={0x80, 0x400000b4, 0x0, 0x0})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x511440)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f0000000140)={0x0, @reserved})
r8 = dup(r6)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x50864c3c5b6a2a38, 0xffffffffffffffff, 0x4b17e000)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x48b}]})
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r9, 0x40384708, &(0x7f0000000040)={0x8, 0x1, 0x9, 0x800, 0x1a, "3eccd25569e20900"})
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r10, 0x5015, 0x0)
read$FUSE(r8, &(0x7f0000000440)={0x2020}, 0x2020)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

5m23.185340236s ago: executing program 32 (id=620):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x41a180, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4008af21, &(0x7f0000000240)={0x0, 0x820000, 0x0, 0x0, 0x0})
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES(r2, 0x3ba0, &(0x7f0000000240)={0x48, 0x4, 0xffffffffffffffff, 0x0, 0x1000000, 0x0, 0x20000000})
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x2})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000000)={0x0, 0x40000105, 0x0, 0x0})
ioctl$KVM_XEN_HVM_CONFIG(r5, 0x4038ae7a, &(0x7f0000000280)={0x80, 0x400000b4, 0x0, 0x0})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = syz_open_dev$video(&(0x7f0000000040), 0x0, 0x511440)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f0000000140)={0x0, @reserved})
r8 = dup(r6)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x50864c3c5b6a2a38, 0xffffffffffffffff, 0x4b17e000)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x48b}]})
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380), 0xc0001, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r9, 0x40384708, &(0x7f0000000040)={0x8, 0x1, 0x9, 0x800, 0x1a, "3eccd25569e20900"})
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_NONBLOCK(r10, 0x5015, 0x0)
read$FUSE(r8, &(0x7f0000000440)={0x2020}, 0x2020)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

4.019553919s ago: executing program 0 (id=2591):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x80c002000104082, 0x0)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000b, 0x13, r1, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000009940), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000009980)={0x2e, 0x6, 0x0, {0x0, 0x0, 0xffffffffffffff07, 0x0, 'syz1\x00'}}, 0x2e)
r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x640, 0x1, 0x2800, 0xd59f83, 0x19f2, 0x3f, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xba2, 0x0, 0x38, {0x8, 0xffffffff}, 0xd0, 0x9}})
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000100))
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r4, 0x4018aee2, 0x0)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103381, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r5, 0x40085112, &(0x7f0000000000)=@e={0xff, 0xb, 0x3, 0x16, @SEQ_NOTEON=@special, 0x0, 0x1, 0x1})

3.771767514s ago: executing program 0 (id=2592):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000200), 0x1)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307201, &(0x7f0000000480)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x22302)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$UI_BEGIN_FF_ERASE(r5, 0xc00c55ca, &(0x7f0000000040)={0x10})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

3.114053538s ago: executing program 1 (id=2597):
ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000000)={0xfb4, 0x581, 0x8, 0x1, 0x1b, "99ff626aaac91094b4237e61d80b788c378b05"})
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x2902, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x1)
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f00000000c0)={<r1=>0x0, "0e666f9a5e68cd0a98b012c4373bc51e"})
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f00000010c0)={<r2=>r1, 0xc2, 0x81})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000014c0), 0x4da981, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r3, 0xf50f, 0x0)
ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000001500)=0x8)
ioctl$SG_GET_COMMAND_Q(r3, 0x2270, &(0x7f0000001540))
read(r0, &(0x7f0000001580)=""/4096, 0x1000)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r4, 0x4068aea3, &(0x7f0000002580))
ioctl$KVM_INTERRUPT(r3, 0x4004ae86, &(0x7f0000002600)=0x7)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r4, 0xf501, 0x0)
r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000002640), 0x391000, 0x0)
ioctl$RTC_IRQP_READ(r5, 0x8008700b, &(0x7f0000002680))
ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000026c0)={0x45, "f84b723dfabc42cf0e87e9a5c3e87e4b3408c4343b40c8ecc3dc8fd8ebd40bc10d746c0d751026b1838bc4e1ead12095b654ff2a553811a80101726fe77e4f055c705d39544bf5735bc448e976b5e1be2fe6822270d8b798d00c53d00921ddb901892ece33fcca6f2662718cce3d807f3c1a74420241f5a028a329e6345d21c7d488a89ec6ab821934908f363f41b53f868e87dcb886ce91b68a8e033378ca4f80232e77f9e6603db58853b60c0d2b1cbc8bf900c78d8487917ca65f0fb198b9cf54868d42ebc42fc2ae490129292a86f2368d168c3b1398d3c4ff3326663ba3a42bae32729e63dfb9fbd143dbed85d0e7b41824e7f9c5386d22a3b8511ea9b05f0de405ab4b08c2ecc13a329dca17639f7a4fb3a00f7a6a82d20ecd5cc6fd4112af3a4bc1009271f62f506d3f59ab7f648874990dd65a77d15b7622b2a3cc36784e27342d5dd84cd872b48260acc8963bf605e60529c58f73bd2ff2b3864995e1ad485b2ee965ee23d6761a9dcc4aecfb099cb743d2eb871b5ea8879ced06c15ccea15e45bfe32495235725bca14ec7a991f51083ee08341934884f22ca78c3a5f529e64486916742c84fc53ef996ebf71d0a08c2908bf43878a5b7b884cd3634862484a5f984360a8f3081a29ae6b18b68f4ecd2224190b66fedafc226675b26ed51bea9afcc988fe1a49e34d0dc6a506b5f5cc69151b39beec003defa06f0"})
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r5, 0x80489439, &(0x7f0000002900))
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xd, 0x110, r3, 0x1194000)
r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000002980)='/proc/sys/net/ipv4/tcp_rfc1337\x00', 0x1, 0x0)
ioctl$EXT4_IOC_GETFSUUID(r6, 0x8008662c, &(0x7f00000029c0))
ioctl$RTC_UIE_OFF(r3, 0x7004)
r7 = syz_open_dev$sg(&(0x7f0000002a00), 0x3, 0x101000)
ioctl$SG_SCSI_RESET(r7, 0x2284, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f0000002a40)={0x2, 0x6, 0xa1b, 0x9, 0xf0, 0x3ff})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000002a80)={r2, "aa3806ca4a5b786164f8611efe040388"})
ioctl$TIOCGPGRP(r3, 0x540f, &(0x7f0000003a80))
ioctl$BTRFS_IOC_SPACE_INFO(r7, 0xc0109414, &(0x7f0000003ac0)={0x90e, 0x10000, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
ioctl$PTP_CLOCK_GETCAPS(r3, 0x80503d01, &(0x7f0000011440))

2.885779461s ago: executing program 1 (id=2599):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f00000004c0)={0x20, 0x4, 0xd5})
ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0x0, 0x0, 0x20003, 0x10020f5b, 0x0, [{}, {}, {}, {0x0, 0x35}, {0x20}, {0x5}, {}, {0x1, 0x6}, {0x0, 0x1}, {0xf, 0x1, 0x2, '\x00', 0x1}, {0x0, 0x0, 0xfe}, {}, {0xfe}, {0x0, 0x0, 0x2}, {0x7, 0x0, 0x0, '\x00', 0x39}, {0x0, 0xa, 0x0, '\x00', 0x8}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {0x3, 0x0, 0xfa}, {0x0, 0x2}, {}, {0x0, 0x0, 0x0, '\x00', 0x1}]}})
ioctl$KVM_RUN(r3, 0x8004ae98, 0x20e10000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

2.225895068s ago: executing program 1 (id=2603):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
r3 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0)
preadv(r3, &(0x7f00000002c0)=[{&(0x7f0000000380)=""/4096, 0x1000}, {0x0, 0xfffffeef}], 0x2, 0x1, 0x9)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000080)={0x48, 0x1, r4, 0x0, 0x0, 0x4}) (async, rerun: 32)
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async, rerun: 32)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

2.025718667s ago: executing program 4 (id=2605):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1.944298306s ago: executing program 1 (id=2606):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000000140)={0x2020, 0x0, <r4=>0x0}, 0x2020)
write$FUSE_DIRENT(r3, &(0x7f0000002180)={0x10, 0xffffffffffffffda, r4}, 0x10)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\t'])
r5 = openat$userio(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r5, &(0x7f00000002c0)={0x1, 0x1}, 0x2)
write$USERIO_CMD_REGISTER(r5, &(0x7f0000000080)={0x0, 0xa7}, 0x2)
preadv(r5, &(0x7f0000001980)=[{0x0}, {&(0x7f00000005c0)=""/241, 0xf1}], 0x2, 0x9, 0x4)
r6 = syz_open_dev$swradio(&(0x7f0000000800), 0x0, 0x2)
ioctl$VIDIOC_QUERY_EXT_CTRL(r6, 0xc0e85667, &(0x7f00000000c0)={0x40980001, 0x0, "bf5dff0f258c6b1765c2141433ae000000000000000000000000000000008000", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3]})
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4008ae6a, &(0x7f00000021c0)={0x5, 0x0, [{0xd2c, 0x2, 0x1, 0x0, @irqchip={0x8000, 0x3}}, {0x1, 0x5, 0x0, 0x0, @sint={0x2, 0xede7}}, {0x0, 0x2, 0x3, 0x0, @msi={0x80000001, 0x0, 0x400, 0x5}}, {0x0, 0x3, 0x1, 0x0, @adapter={0x0, 0xe, 0xffffffffffffffff, 0x2}}, {0x4, 0x3, 0x0, 0x0, @msi={0x1, 0xffff, 0x10, 0x9064}}]})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1)
ioctl$KVM_GET_VCPU_EVENTS(r9, 0x4140aecd, &(0x7f0000000000))
read(r0, &(0x7f0000000100)=""/155, 0x9b)

1.677864218s ago: executing program 4 (id=2607):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCGETS(r2, 0x560d, &(0x7f0000001000)) (async)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000100)=0x80000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000140)) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r1, 0x7aa, 0x0) (async)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r3, 0x0, 0x0) (async)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4) (async)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r7=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r6, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000000)=0x1, r7, 0x0, 0x2, 0x4}}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1.549024269s ago: executing program 0 (id=2608):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x41e940, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x69)
r3 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0)
lseek(r3, 0xffffffffffff2a09, 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x450a01, 0x0)
read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r4, 0x40101286, 0x0)
r5 = openat$mice(0xffffffffffffff9c, 0x0, 0x80082)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x200000002, 0x2, 0x2, 0x6c0, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xfffffffffffffd65)
preadv2(r2, &(0x7f0000000780)=[{&(0x7f00000000c0)}, {&(0x7f00000002c0)=""/52, 0x34}, {&(0x7f00000003c0)=""/63, 0x3f}, {&(0x7f0000000400)=""/89, 0x59}, {&(0x7f0000000480)=""/224, 0xe0}, {&(0x7f0000000580)=""/223, 0xdf}, {&(0x7f0000000680)=""/217, 0xd9}], 0x7, 0xfffff000, 0x7ff, 0x1)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f0000000040)={'nicvf0\x00', 0x5902})
ioctl$BLKRRPART(r7, 0x125f, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x42000)
ioctl$vim2m_VIDIOC_G_FMT(r7, 0xc0d05604, &(0x7f00000001c0)={0x3, @raw_data="19c44ac884059ef6b30fdef84e87d2ac19e928c1c46ea6441cfc3acf18be71046a3c49b37cd0d3bc047844381811211d1e8ea83a2149b754353dbd086feefc8e06fdd7bb8ee4c82f3fc6897c411990d620becb2979f680e4970036f28a165c524886ead7aa1a155e5987b2e2097b0b19b101712a967a1734fc2e3f51ded5a3b7b7da051a462313b751e93bb486b190908a9988de1202aec1313d6838b442b5d5c8602e199450529d5bab3832494da24a38c41ded2a1b5762d454528dd644cb338d3549885e101b4f"})
r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/meminfo\x00', 0x0, 0x0)
lseek(r10, 0x9, 0x0)
r11 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r11, 0x7b9, &(0x7f0000001480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

1.45592175s ago: executing program 4 (id=2609):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x28200, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x141802)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000080)={0x1, 0x6576, 0xbe6})
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x100000000)
read(r1, &(0x7f00000001c0)=""/227, 0xe3)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0)
preadv2(r2, &(0x7f0000000580)=[{&(0x7f0000000400)=""/74, 0x4a}], 0x1, 0xfffffffc, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

1.329681536s ago: executing program 0 (id=2610):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000096}]}) (async)
ioctl$KVM_CAP_HYPERV_SEND_IPI(r2, 0x4068aea3, &(0x7f00000000c0))
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

1.28977703s ago: executing program 3 (id=2611):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
r1 = openat$snapshot(0xffffff9c, &(0x7f0000000180), 0x3, 0x0)
ioctl$SNAPSHOT_SET_SWAP_AREA(r1, 0x400c330d, &(0x7f00000001c0)={0x101, 0x7})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

1.129645953s ago: executing program 0 (id=2612):
syz_open_dev$tty20(0xc, 0x4, 0x0) (async)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, 0x0) (async)
ioctl$TCSETSF2(r0, 0x402c542d, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2300, 0x0)
dup(0xffffffffffffffff)
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
syz_open_dev$usbfs(&(0x7f0000000280), 0x3ff, 0x1501) (async)
r4 = syz_open_dev$usbfs(&(0x7f0000000280), 0x3ff, 0x1501)
ioctl$USBDEVFS_SETCONFIGURATION(r4, 0x80045505, &(0x7f0000000000)=0x1) (async)
ioctl$USBDEVFS_SETCONFIGURATION(r4, 0x80045505, &(0x7f0000000000)=0x1)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) (async)
ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60)
ioctl$KVM_SET_IRQCHIP(r6, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @pic={0x4, 0x8, 0x1e, 0x7f, 0x4, 0x2f, 0x9e, 0xf3, 0x1, 0xd4, 0x9, 0x3, 0xd, 0x6, 0x14}})
ioctl$KVM_IRQ_LINE_STATUS(r6, 0xc008ae67, &(0x7f00000000c0)={0x4})
r7 = syz_open_dev$media(&(0x7f0000000040), 0x20, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r7, 0xc0487c04, &(0x7f0000000640)={0x0, 0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3}) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3, 0x0, 0x0, <r8=>0x0})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x240000, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r2, 0x3b8c, &(0x7f0000000200)={0x30, r8, 0x1, 0x0, 0x5, 0xffffffffffff7fff, 0x86f, &(0x7f0000000080)=""/104}) (async)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r2, 0x3b8c, &(0x7f0000000200)={0x30, r8, 0x1, 0x0, 0x5, 0xffffffffffff7fff, 0x86f, &(0x7f0000000080)=""/104})

1.061812724s ago: executing program 3 (id=2613):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000005980), 0x2, 0x0)
pwritev(r1, &(0x7f0000000380)=[{&(0x7f00000003c0)="a1", 0x1}], 0x1, 0x0, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

1.029496054s ago: executing program 1 (id=2614):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pimreg0\x00', 0x2})
ioctl$TUNGETVNETHDRSZ(r1, 0x400454de, 0xffffffffffffffff) (async)
ioctl$TUNGETVNETHDRSZ(r1, 0x400454de, 0xffffffffffffffff)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$sndseq(0xffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000140)={{0x0, 0x1}, {0xf}}) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000140)={{0x0, 0x1}, {0xf}})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000000)={0x2b}) (async)
ioctl$PPPIOCSNPMODE(r4, 0x4008744b, &(0x7f0000000000)={0x2b})
pwritev(r2, &(0x7f0000000280)=[{&(0x7f00000001c0)}, {&(0x7f0000000200)="19fc16ebc5656ae931e63c067706f57013e9daafe71984d57d85bcdb231d282189e77b7fd401e65bbd8edc03217a16c35cb5340b319d4f9122d85891879e3f579ac4228b053caf06354115654058fa8b85e0c66d6e686f6433165fc2b12e11a4e4861935a93e0f39563df33a9c2282e86ace39d477f8f7ae79", 0x79}, {&(0x7f00000003c0)="d86be630eb4eba4242a51768e8c8c64d5dfa01534a11363c0e799e149a3a864a3c338c1391e5f6485a822c86ba7b1d3d748524d144aad2321486d5f01fe0929dd50bdb485d1bd6bd035cbe872066a28cc7acc52884184713cd842a02608c5dfc1567cc64154243a6681c05bd715b54bd3a8ca7eac2fee597a00585bce1058a6a91474861e68cc6e4cd4d5166ea9d9a74bbcbc8808ea2baa5602967aa96f3d8e88879ec310036c6f8c2ca67de79570a0e16069776399297681ff91f6acc2bcf73c4987033facd4b16c53268723fead7cead1e756a0ca511326a69bbe942903f58b02c7fd51e1a409235526c6737548e1746f2dc3ebe", 0xf5}, {&(0x7f00000004c0)="c507dcaf35f5a9afd27224418b461f8ff98dcc4aa2c39de2dfabd0248b790db58589318bd1755aa4fe9b0698555b6d401c43f88a2e3ab32a75e5ca5f4a2517f51543f0d46663bf00f381eef28b09c9965a6055cd6ec3e0dfa1c64975e05822e4d003e357b55127c96f527660c5a25fdac435c6ebbdf97979403b63f74552b1100a5756cd49969327658306c95d2e128aa204fd58ebddddabed3571f8ebe8f29da13c694486f7574ce7b0a1c4048d06b5934b151cfd07952df8a072e793c886ff6bbdcee979ad7dd168018682ffa53c0b0026", 0xd2}, {&(0x7f00000005c0)="f249f0ba6aa5a2f62284ab13d1af81474c8ed78242978f662390d698d553ecd07f96b75fa69c92bef9ca28acb928e9ecf430b1356f1365263adbded4ab629a3d12f9ca2ae83580f6bf52512c491fef22fa5424801e036be9ae0412f2358f67cce7da9afdf8268b781bc8dba88ca82ca08efc6459878aaee6645bc133257c4611599e5c22756a58c1c5de418e510fcf4eb6b9b94a88f735c39a9a6489e86bcc1f7b9e85c470a6c071fcdf6e53634960254443b6accd4ff5dd3b9b0b9237de104867d407ac8a544a733060271178f51d397d7ab2b7c87dce14c1a6f6fa5fc38aab29", 0xe1}, {&(0x7f00000006c0)="acd926dc4ca1d339bd4e75a95a03ab95c405882ad76fee1c707b3f44ce6bb75d10ec4880e53ddc1185e37e876c5ddb3703cb8c2fbd0652f964379a1ee2c049a34ac3253121c8f100ff7fe9e0a8671e304cd79cc985f18cf21398a141f60246b7cde54cf8bda3fad8f4162fc50c85bd629a1c304e41d6178394bb5edafac80243f6890f10fae16f7cad1ed2f70c408bc67cce44a6b9aefe2e15f3e0812fa6435636c6490bef3720c810d4b23cba0970ce46b6f59fe154d7cf5b9bb192eb9998641bac83aed1501fedbb733d417a209c20ca09fb1cdf3cfbb24ced789ad96fb99c772c991af531b14f830b44740867c7899a7ce0543dc6bb8866", 0xf9}, {&(0x7f00000007c0)="1a5d1c79013e5e2637a576fadeb778dbd3f3f3726f0d9fc93c266608ffa80c6e22d444e6f9bb4adadbe77a46723ec4d6d8f5d13b64d94a77936fe0e10fdece5b65174a11a8fbb774215aa88e63a9bd91762ea8fa450ec8b337d65c3c151c7cf075d65fbfa3346b654f855c49c1fc124fbec86b483e4fe5f234c9a3217576f7220ffd4027083c1253d2ede9e8321602ab68d24a44da85ef33a1d17945cf9aef518ec39f31620f8d3d70e25ab756fee0d4b1e1dbb26a9ced83e6cd0bcc2baa11c43685335904c7acb5f1328120ee4abeace70f19b767869531b3e343547d2240251c", 0xe1}], 0x7, 0x7, 0x9) (async)
pwritev(r2, &(0x7f0000000280)=[{&(0x7f00000001c0)}, {&(0x7f0000000200)="19fc16ebc5656ae931e63c067706f57013e9daafe71984d57d85bcdb231d282189e77b7fd401e65bbd8edc03217a16c35cb5340b319d4f9122d85891879e3f579ac4228b053caf06354115654058fa8b85e0c66d6e686f6433165fc2b12e11a4e4861935a93e0f39563df33a9c2282e86ace39d477f8f7ae79", 0x79}, {&(0x7f00000003c0)="d86be630eb4eba4242a51768e8c8c64d5dfa01534a11363c0e799e149a3a864a3c338c1391e5f6485a822c86ba7b1d3d748524d144aad2321486d5f01fe0929dd50bdb485d1bd6bd035cbe872066a28cc7acc52884184713cd842a02608c5dfc1567cc64154243a6681c05bd715b54bd3a8ca7eac2fee597a00585bce1058a6a91474861e68cc6e4cd4d5166ea9d9a74bbcbc8808ea2baa5602967aa96f3d8e88879ec310036c6f8c2ca67de79570a0e16069776399297681ff91f6acc2bcf73c4987033facd4b16c53268723fead7cead1e756a0ca511326a69bbe942903f58b02c7fd51e1a409235526c6737548e1746f2dc3ebe", 0xf5}, {&(0x7f00000004c0)="c507dcaf35f5a9afd27224418b461f8ff98dcc4aa2c39de2dfabd0248b790db58589318bd1755aa4fe9b0698555b6d401c43f88a2e3ab32a75e5ca5f4a2517f51543f0d46663bf00f381eef28b09c9965a6055cd6ec3e0dfa1c64975e05822e4d003e357b55127c96f527660c5a25fdac435c6ebbdf97979403b63f74552b1100a5756cd49969327658306c95d2e128aa204fd58ebddddabed3571f8ebe8f29da13c694486f7574ce7b0a1c4048d06b5934b151cfd07952df8a072e793c886ff6bbdcee979ad7dd168018682ffa53c0b0026", 0xd2}, {&(0x7f00000005c0)="f249f0ba6aa5a2f62284ab13d1af81474c8ed78242978f662390d698d553ecd07f96b75fa69c92bef9ca28acb928e9ecf430b1356f1365263adbded4ab629a3d12f9ca2ae83580f6bf52512c491fef22fa5424801e036be9ae0412f2358f67cce7da9afdf8268b781bc8dba88ca82ca08efc6459878aaee6645bc133257c4611599e5c22756a58c1c5de418e510fcf4eb6b9b94a88f735c39a9a6489e86bcc1f7b9e85c470a6c071fcdf6e53634960254443b6accd4ff5dd3b9b0b9237de104867d407ac8a544a733060271178f51d397d7ab2b7c87dce14c1a6f6fa5fc38aab29", 0xe1}, {&(0x7f00000006c0)="acd926dc4ca1d339bd4e75a95a03ab95c405882ad76fee1c707b3f44ce6bb75d10ec4880e53ddc1185e37e876c5ddb3703cb8c2fbd0652f964379a1ee2c049a34ac3253121c8f100ff7fe9e0a8671e304cd79cc985f18cf21398a141f60246b7cde54cf8bda3fad8f4162fc50c85bd629a1c304e41d6178394bb5edafac80243f6890f10fae16f7cad1ed2f70c408bc67cce44a6b9aefe2e15f3e0812fa6435636c6490bef3720c810d4b23cba0970ce46b6f59fe154d7cf5b9bb192eb9998641bac83aed1501fedbb733d417a209c20ca09fb1cdf3cfbb24ced789ad96fb99c772c991af531b14f830b44740867c7899a7ce0543dc6bb8866", 0xf9}, {&(0x7f00000007c0)="1a5d1c79013e5e2637a576fadeb778dbd3f3f3726f0d9fc93c266608ffa80c6e22d444e6f9bb4adadbe77a46723ec4d6d8f5d13b64d94a77936fe0e10fdece5b65174a11a8fbb774215aa88e63a9bd91762ea8fa450ec8b337d65c3c151c7cf075d65fbfa3346b654f855c49c1fc124fbec86b483e4fe5f234c9a3217576f7220ffd4027083c1253d2ede9e8321602ab68d24a44da85ef33a1d17945cf9aef518ec39f31620f8d3d70e25ab756fee0d4b1e1dbb26a9ced83e6cd0bcc2baa11c43685335904c7acb5f1328120ee4abeace70f19b767869531b3e343547d2240251c", 0xe1}], 0x7, 0x7, 0x9)
read$FUSE(r3, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0)
openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async)
r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VIDIOC_ENUM_FMT(r5, 0xc0585611, &(0x7f0000000200)={0x0, 0xd, 0x0, "6e145c0ef63b736608314ceb833d278f8739057c56b9f38df459aa6db8a9f4d6"})
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async)
ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
openat$mice(0xffffffffffffff9c, &(0x7f00000008c0), 0x8042)

954.172388ms ago: executing program 3 (id=2615):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x400c2, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f00000000c0)={0x28, 0x0, r2, 0x0, &(0x7f0000bf0000/0x3000)=nil, 0x3000, 0x1})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

765.549172ms ago: executing program 3 (id=2616):
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x10100, 0x0)
ioctl$PTP_PIN_SETFUNC2(r0, 0x40603d10, &(0x7f0000000180)={'\x00', 0x1, 0x3, 0x81})
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000380), 0x101202, 0x0)
read$nci(r1, &(0x7f0000000100)=""/107, 0x6b)
write$nci(r1, 0x0, 0x4)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x8e000, 0x0)
ioctl$PTP_SYS_OFFSET(r2, 0x43403d0e, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r3, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

628.683688ms ago: executing program 0 (id=2617):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x28200, 0x0) (async)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

499.498864ms ago: executing program 4 (id=2618):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_VDPA_GET_VRING_NUM(r0, 0x8002af76, &(0x7f0000000040))
ioctl$F2FS_IOC_START_VOLATILE_WRITE(0xffffffffffffffff, 0xf503, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000000080), 0x1, 0x2a00)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f00000000c0))
ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000100)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r1, 0xf505, 0x0)
r2 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$EXT4_IOC_MIGRATE(r2, 0x6609)
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x404000)
ioctl$SNDRV_TIMER_IOCTL_GINFO(r3, 0xc0f85403, &(0x7f00000003c0)={{0x3, 0x2, 0x10001, 0x3, 0x6}, 0x7ff, 0x400, 'id1\x00', 'timer1\x00', 0x0, 0xfeed, 0x3, 0xffffffffffffffff, 0x6})
splice(r3, &(0x7f00000004c0)=0x5, r0, &(0x7f0000000500)=0x7, 0x5, 0x0)
write$vhost_msg_v2(r0, &(0x7f0000000600)={0x2, 0x0, {&(0x7f0000000540)=""/65, 0x41, &(0x7f00000005c0)=""/59, 0x2, 0x6}}, 0x48)
ioctl$FIBMAP(r1, 0x1, &(0x7f0000000680)=0x3)
r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000006c0), 0x191103, 0x0)
ioctl$DRM_IOCTL_SET_VERSION(r4, 0xc0106407, &(0x7f0000000700)={0xf80, 0x3, 0x3, 0xb})
ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f0000000740)={0xffff, 0x644, 0x8, 0x3})
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r2, 0xf503, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000880)={&(0x7f0000000780)=[0x0], &(0x7f00000007c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000800)=[<r5=>0x0], &(0x7f0000000840)=[0x0, 0x0], 0x1, 0x5, 0x1, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000009c0)={&(0x7f00000008c0)=[0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0], &(0x7f0000000940)=[<r6=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000980)=[0x0, 0x0], 0x2, 0x3, 0x5, 0x2})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000b40)={&(0x7f0000000a40)=[0x0, 0x0], &(0x7f0000000a80)=[0x0, 0x0, 0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ac0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000b00)=[0x0, 0x0, 0x0], 0x2, 0xa, 0xa, 0x3})
ioctl$DRM_IOCTL_MODE_SETCRTC(r4, 0xc06864a2, &(0x7f0000000b80)={&(0x7f0000000a00)=[0x0, 0x0, r5, 0x0, r6, 0x0], 0x6, r7, 0x0, 0x7f, 0x4, 0x7, 0x4, {0x9, 0xba7, 0xe, 0x4, 0x1, 0x3, 0x101, 0x91d, 0x575, 0x1, 0xe, 0x2, 0x3, 0x7, "13a52695eca0cd0450694e377cd71423d3467b6f6954375a2eede8dfd72faef4"}})
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000c00)=0x20000)
ioctl$DRM_IOCTL_SET_VERSION(r2, 0xc0106407, &(0x7f0000000c40)={0x401, 0x7, 0x400, 0x8000})
ioctl$BTRFS_IOC_DEV_INFO(r0, 0xd000941e, &(0x7f0000000c80)={<r8=>0x0, "b05bf45497399daab050fd41ed3646d8"})
ioctl$BTRFS_IOC_GET_DEV_STATS(r4, 0xc4089434, &(0x7f0000001c80)={r8, 0x9, 0x0, [0xb, 0x518, 0x4, 0xfffffffffffffffd, 0x8000000000000001], [0x9, 0x6, 0x4, 0x6, 0x77, 0x80000000, 0x2, 0xfffffffffffffffc, 0x5, 0x4, 0x7, 0x6, 0x6, 0x2d, 0x7f, 0x3, 0x8, 0x8001, 0x8, 0x7, 0x9, 0xded1, 0x80, 0x3, 0x6, 0x7, 0x8, 0x7, 0x0, 0x2, 0x8001, 0x200, 0x80000001, 0x4, 0x1, 0x1, 0x600, 0x4, 0x9, 0x5, 0x8, 0xffffffff7fffffff, 0x3ff, 0x10000, 0x1, 0x71b0, 0x2, 0x101, 0x9, 0x7, 0x0, 0xfffffffffffffff7, 0xf8, 0x6, 0x5, 0x88c6, 0x3, 0x5a8a, 0x2, 0x1ff, 0x100000000, 0xa0, 0xffffffff, 0x0, 0x0, 0x1, 0x3, 0x0, 0x6, 0x854, 0x2, 0x2, 0x5, 0x4, 0x0, 0xf, 0x6, 0xba9, 0x9, 0x1, 0x38, 0x4, 0x7, 0x4, 0x400, 0x57a5, 0x5, 0x1, 0x5, 0xffffffffffffffff, 0xfffffffffffffffe, 0x7cf9719, 0xf2, 0x4, 0x7, 0xfffffffffffffffe, 0x4, 0x10001, 0xa0, 0xff8c, 0xc0, 0x5, 0x400, 0x5, 0x0, 0x0, 0x7fffffffffffffff, 0x7ff, 0x5, 0x3, 0xa8, 0x200, 0xb, 0x3, 0x40, 0xa4, 0x5, 0x1ff, 0x80000000, 0x6, 0x6]})
r9 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000020c0)='hugetlb.1GB.rsvd.max_usage_in_bytes\x00', 0x2, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r9, 0x81f8943c, &(0x7f0000002100))
ioctl$F2FS_IOC_SEC_TRIM_FILE(r4, 0x4018f514, &(0x7f0000002300)={0x2, 0x1, 0x3})
ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000002340)=0xfffffffa)

449.934046ms ago: executing program 3 (id=2619):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
close(0x3)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat(r1, 0x0, 0x80402, 0x41)

333.360344ms ago: executing program 4 (id=2620):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0x40405515, &(0x7f0000000040)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (async)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r0, 0xf503, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

159.571627ms ago: executing program 1 (id=2621):
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000180)={0x0, 0x0, <r0=>0xffffffffffffffff})
ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f00000001c0)={0x4, [0x0, 0x0, 0x0, 0x0]})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_DIRTYFB(r2, 0xc01864b1, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0})
read(r1, &(0x7f0000000240)=""/133, 0x85)
r3 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000140)=0x5)
r4 = syz_open_dev$video(&(0x7f0000000100), 0x7fff, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r5, 0x40045532, &(0x7f0000000840))
r6 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r7 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000000240)={0x1, 0x20, 0x9, 0x10001, 0x0, 0xffffdffffffffffd, 0x7, 0x0, 0xfffffffffffffffd, 0x9, 0xfffffffb, 0x1})
ioctl$SNDRV_PCM_IOCTL_FORWARD(r7, 0x40084149, &(0x7f0000000340)=0x6)
ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, &(0x7f0000000040)={0x1, 0x102, 0x4, {0x4, 0xf7fff4f6, 0x770d0365, 0xb9c5a9dd}})
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r8, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)
ioctl$BLKDISCARD(r8, 0x1277, &(0x7f00000000c0)=0xfffffffffffffff9)

105.805976ms ago: executing program 3 (id=2622):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000000c0), 0xb795, 0x2)
read(r2, &(0x7f0000000100)=""/4096, 0x1000)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
close(0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0xa, 0x1010, 0xffffffffffffffff, 0x1000000000040000)

0s ago: executing program 4 (id=2623):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f00000000c0)={0xf0, 0x280, 0x556, 0x600, 0x3ff, 0x6, 0x0, 0x0, {0xff, 0x2, 0x1}, {0x6, 0x9}, {0xfffffff7, 0x1, 0x1}, {0x80000000, 0x101, 0x1}, 0x3, 0x80, 0x0, 0xa8, 0xc1da4164431e128e, 0x7fffffff, 0x100, 0x22a45057, 0x8, 0x4, 0x2, 0x2, 0x3a, 0x0, 0x2, 0x4})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.10.1' (ED25519) to the list of known hosts.
[   82.677354][ T5823] cgroup: Unknown subsys name 'net'
[   82.808926][ T5823] cgroup: Unknown subsys name 'cpuset'
[   82.818550][ T5823] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   84.571957][ T5823] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   87.088469][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   87.100105][ T5834] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   87.115445][ T5834] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   87.134990][ T5834] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   87.146193][ T5834] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   87.177280][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   87.186048][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   87.194275][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   87.203008][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   87.210923][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   87.357463][ T5838] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   87.366009][ T5838] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   87.374997][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   87.383063][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   87.392699][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   87.400875][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   87.428219][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   87.445044][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   87.453384][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   87.464989][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   87.827429][ T5836] chnl_net:caif_netlink_parms(): no params data found
[   88.030539][ T5836] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.038611][ T5836] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.045978][ T5836] bridge_slave_0: entered allmulticast mode
[   88.053549][ T5836] bridge_slave_0: entered promiscuous mode
[   88.106072][ T5836] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.113234][ T5836] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.121049][ T5836] bridge_slave_1: entered allmulticast mode
[   88.128395][ T5836] bridge_slave_1: entered promiscuous mode
[   88.149817][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   88.199530][ T5836] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.216467][ T5836] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.299251][ T5836] team0: Port device team_slave_0 added
[   88.313588][ T5836] team0: Port device team_slave_1 added
[   88.341844][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   88.387786][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_0
[   88.394838][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.420802][ T5836] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   88.475066][ T5836] batman_adv: batadv0: Adding interface: batadv_slave_1
[   88.482083][ T5836] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   88.508303][ T5836] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   88.568154][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.577355][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.584621][ T5832] bridge_slave_0: entered allmulticast mode
[   88.593286][ T5832] bridge_slave_0: entered promiscuous mode
[   88.607543][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.615118][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.622280][ T5832] bridge_slave_1: entered allmulticast mode
[   88.630012][ T5832] bridge_slave_1: entered promiscuous mode
[   88.691961][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.753773][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   88.774953][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   88.784331][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.792342][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   88.799815][ T5841] bridge_slave_0: entered allmulticast mode
[   88.807187][ T5841] bridge_slave_0: entered promiscuous mode
[   88.821365][ T5836] hsr_slave_0: entered promiscuous mode
[   88.827943][ T5836] hsr_slave_1: entered promiscuous mode
[   88.868721][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.876500][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   88.883664][ T5841] bridge_slave_1: entered allmulticast mode
[   88.891518][ T5841] bridge_slave_1: entered promiscuous mode
[   88.948820][ T5832] team0: Port device team_slave_0 added
[   88.972838][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   88.998122][ T5832] team0: Port device team_slave_1 added
[   89.013656][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.117911][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.124983][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.151907][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.185519][   T51] Bluetooth: hci0: command tx timeout
[   89.197790][ T5841] team0: Port device team_slave_0 added
[   89.209964][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.217312][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.245013][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.270162][ T5841] team0: Port device team_slave_1 added
[   89.276066][   T51] Bluetooth: hci1: command tx timeout
[   89.293443][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   89.300941][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.308297][ T5842] bridge_slave_0: entered allmulticast mode
[   89.316059][ T5842] bridge_slave_0: entered promiscuous mode
[   89.358641][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.365715][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.392263][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   89.405249][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   89.412231][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.438639][   T51] Bluetooth: hci2: command tx timeout
[   89.442563][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   89.457558][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   89.465053][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.472213][ T5842] bridge_slave_1: entered allmulticast mode
[   89.479804][ T5842] bridge_slave_1: entered promiscuous mode
[   89.514871][   T51] Bluetooth: hci3: command tx timeout
[   89.573237][ T5832] hsr_slave_0: entered promiscuous mode
[   89.580524][ T5832] hsr_slave_1: entered promiscuous mode
[   89.587326][ T5832] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.595560][ T5832] Cannot create hsr debugfs directory
[   89.626555][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   89.673616][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   89.707000][ T5841] hsr_slave_0: entered promiscuous mode
[   89.713321][ T5841] hsr_slave_1: entered promiscuous mode
[   89.720156][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   89.727972][ T5841] Cannot create hsr debugfs directory
[   89.804138][ T5842] team0: Port device team_slave_0 added
[   89.841320][ T5842] team0: Port device team_slave_1 added
[   89.937407][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   89.944407][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   89.970994][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.006939][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.013929][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.040353][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.098207][ T5836] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   90.111829][ T5836] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   90.161930][ T5836] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   90.199584][ T5836] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   90.259767][ T5842] hsr_slave_0: entered promiscuous mode
[   90.266589][ T5842] hsr_slave_1: entered promiscuous mode
[   90.272624][ T5842] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.280470][ T5842] Cannot create hsr debugfs directory
[   90.516601][ T5832] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   90.527532][ T5832] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   90.561172][ T5832] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   90.572140][ T5832] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   90.641366][ T5841] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   90.660877][ T5841] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   90.671783][ T5841] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   90.685059][ T5841] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   90.800921][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   90.828564][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   90.847903][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   90.866436][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   90.884116][ T5836] 8021q: adding VLAN 0 to HW filter on device bond0
[   90.987086][ T5836] 8021q: adding VLAN 0 to HW filter on device team0
[   91.020232][ T1102] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.027589][ T1102] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.048651][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.055884][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.100376][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.166838][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   91.187277][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.211108][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.218367][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.262203][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.269528][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.277910][   T51] Bluetooth: hci0: command tx timeout
[   91.323681][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   91.346513][   T51] Bluetooth: hci1: command tx timeout
[   91.389648][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.397049][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.431006][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   91.443966][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.451173][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.487232][ T5832] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   91.505056][   T51] Bluetooth: hci2: command tx timeout
[   91.531586][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   91.551303][   T65] bridge0: port 1(bridge_slave_0) entered blocking state
[   91.558601][   T65] bridge0: port 1(bridge_slave_0) entered forwarding state
[   91.585735][   T51] Bluetooth: hci3: command tx timeout
[   91.629691][   T65] bridge0: port 2(bridge_slave_1) entered blocking state
[   91.637006][   T65] bridge0: port 2(bridge_slave_1) entered forwarding state
[   91.822916][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[   91.949613][ T5836] veth0_vlan: entered promiscuous mode
[   92.000087][ T5836] veth1_vlan: entered promiscuous mode
[   92.025395][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.074403][   T43] cfg80211: failed to load regulatory.db
[   92.132062][ T5836] veth0_macvtap: entered promiscuous mode
[   92.170148][ T5836] veth1_macvtap: entered promiscuous mode
[   92.231401][ T5832] veth0_vlan: entered promiscuous mode
[   92.259353][ T5832] veth1_vlan: entered promiscuous mode
[   92.278349][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.296323][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.326176][ T5836] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.362893][ T5836] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.372959][ T5836] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.383448][ T5836] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.393640][ T5836] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.436896][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.458239][ T5832] veth0_macvtap: entered promiscuous mode
[   92.499581][ T5832] veth1_macvtap: entered promiscuous mode
[   92.538880][ T5841] veth0_vlan: entered promiscuous mode
[   92.574076][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   92.609317][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   92.631404][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   92.641054][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   92.651945][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   92.660890][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   92.674079][ T5841] veth1_vlan: entered promiscuous mode
[   92.687979][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.698608][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.779285][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.788608][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.833111][ T5842] veth0_vlan: entered promiscuous mode
[   92.899010][ T5841] veth0_macvtap: entered promiscuous mode
[   92.914310][ T5842] veth1_vlan: entered promiscuous mode
[   92.923711][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.934347][ T5836] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   92.938047][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.961545][ T5841] veth1_macvtap: entered promiscuous mode
[   93.004551][ T3513] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.014028][ T3513] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.082057][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.133754][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.164351][ T5923] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   93.164706][ T5842] veth0_macvtap: entered promiscuous mode
[   93.222390][ T5841] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.233563][ T5841] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.252963][ T5841] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.263154][ T5841] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.280986][ T5842] veth1_macvtap: entered promiscuous mode
[   93.345739][   T51] Bluetooth: hci0: command tx timeout
[   93.356081][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   93.370366][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   93.382378][ T5842] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   93.391950][ T5842] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   93.400822][ T5842] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   93.410227][ T5842] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   93.425523][   T51] Bluetooth: hci1: command tx timeout
[   93.584921][   T51] Bluetooth: hci2: command tx timeout
[   93.601372][ T3564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.618937][ T3564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.665499][   T51] Bluetooth: hci3: command tx timeout
[   93.773382][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.806722][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.859742][ T5934] block device autoloading is deprecated and will be removed.
[   93.869779][ T5934] syz.1.7: attempt to access beyond end of device
[   93.869779][ T5934] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[   93.917840][ T3564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   93.936923][ T3564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.955859][ T5936] mkiss: ax0: crc mode is auto.
[   94.050853][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   94.065991][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.300497][ T5964] loop6: detected capacity change from 0 to 524287999
[   95.365483][ T5965] Invalid logical block size (8)
[   95.375072][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.404137][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.416000][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.424617][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.435120][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.443208][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.451640][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.459962][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.469568][ T5833] ldm_validate_partition_table(): Disk read failed.
[   95.477147][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.487194][ T5833] Buffer I/O error on dev loop6, logical block 0, async page read
[   95.495529][ T5833] Dev loop6: unable to read RDB block 0
[   95.501556][ T5833]  loop6: unable to read partition table
[   95.505456][   T51] Bluetooth: hci1: command tx timeout
[   95.518344][ T5964] ldm_validate_partition_table(): Disk read failed.
[   95.525993][ T5964] Dev loop6: unable to read RDB block 0
[   95.533410][ T5964]  loop6: unable to read partition table
[   95.540397][ T5964] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[   95.665361][   T51] Bluetooth: hci2: command tx timeout
[   95.745182][   T51] Bluetooth: hci3: command tx timeout
[   96.785397][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[   96.787879][ T5951] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[   97.444557][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   97.455308][ T5951] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   97.463990][ T5951] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   97.470287][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   97.480452][ T5951] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   97.490569][ T5951] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   97.497641][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   97.509488][ T5951] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   97.517184][ T5951] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   97.523354][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   97.532361][ T5951] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   97.578043][ T5969] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   97.584295][ T5969] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   97.599984][ T5969] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   97.609631][ T5969] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   99.585858][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[   99.586016][ T5157] Bluetooth: hci0: command 0x0c1a tx timeout
[   99.664794][ T5157] Bluetooth: hci3: command 0x0c1a tx timeout
[   99.670963][ T5157] Bluetooth: hci2: command 0x0c1a tx timeout
[   99.704435][ T6016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  100.192786][ T6035] vim2m vim2m.0: Fourcc format (0x31384142) invalid.
[  100.210052][ T6038] program syz.3.33 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  100.328573][ T6038] program syz.3.33 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  100.720643][ T6046] vivid-000: disconnect
[  100.859106][ T6044] vivid-000: reconnect
[  101.666312][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  101.672525][ T5157] Bluetooth: hci0: command 0x0c1a tx timeout
[  101.745449][ T5157] Bluetooth: hci2: command 0x0c1a tx timeout
[  101.747665][ T6074] program syz.2.41 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  101.751561][ T5157] Bluetooth: hci3: command 0x0c1a tx timeout
[  101.840833][ T6076] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  103.304447][ T6097] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  103.489821][ T6103] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  103.572216][ T6111] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  103.620727][ T6109] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  103.663921][ T6110] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  103.712742][ T6112] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  103.744975][ T5157] Bluetooth: hci1: command 0x0c1a tx timeout
[  103.824825][ T5157] Bluetooth: hci3: command 0x0c1a tx timeout
[  103.824938][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  104.601854][ T6149] loop8: detected capacity change from 0 to 8
[  104.632810][ T6149] Dev loop8: unable to read RDB block 8
[  104.654202][ T6149]  loop8: unable to read partition table
[  104.683193][ T6149] loop8: partition table beyond EOD, truncated
[  104.710408][ T6149] loop_reread_partitions: partition scan of loop8 (�被x) failed (rc=-5)
[  104.861402][ T6156] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  105.306661][ T6166] KVM: debugfs: duplicate directory 6166-5
[  105.454923][ T6166] kvm_intel: kvm [6165]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff
[  109.150519][ T6243] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  109.868865][ T6259] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  111.932131][ T6299] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  111.957454][ T6299] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  112.179701][ T6313] mkiss: ax0: crc mode is auto.
[  113.277461][ T6340] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.777947][ T6350] hub 6-0:1.0: USB hub found
[  113.800465][ T6350] hub 6-0:1.0: 1 port detected
[  114.968421][ T6372] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  115.555547][ T6377] CUSE: info not properly terminated
[  116.075104][ T6391] syz.3.128: attempt to access beyond end of device
[  116.075104][ T6391] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  116.743627][ T6412] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  116.904754][ T6415] mkiss: ax0: crc mode is auto.
[  116.957581][ T6415] CUSE: zero length info key specified
[  117.905445][ T5157] Bluetooth: hci4: command 0x1003 tx timeout
[  117.912548][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  119.219013][ T6463] usb usb1: usbfs: process 6463 (syz.1.147) did not claim interface 0 before use
[  120.803473][ T6488] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  121.313038][ T6502] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  121.658816][ T6511] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  122.327907][ T6530] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  122.650921][ T6532] loop6: detected capacity change from 0 to 524287999
[  122.836746][ T6540] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  123.371689][ T6562] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  123.930677][ T6568] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  124.033275][ T6567] [U] 
[  124.976121][ T6598] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  125.228661][ T6602] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  125.238680][ T6602] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  127.902168][ T6667] QAT: failed to copy from user.
[  131.006027][ T6753] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  131.053696][ T6753] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  131.416944][ T6766] usb usb1: usbfs: interface 0 claimed by hub while 'syz.2.235' sets config #1
[  132.409514][ T6785] usb usb8: usbfs: process 6785 (syz.0.241) did not claim interface 0 before use
[  133.031988][ T6792] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  133.033378][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  133.056972][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  134.288014][ T6825] binder: binder_mmap: 6823 200000001000-20000000b000 bad vm_flags failed -1
[  134.335439][ T6824] binder: binder_mmap: 6823 200000001000-20000000b000 bad vm_flags failed -1
[  134.755505][ T6841] syz.3.257 (6841) used obsolete PPPIOCDETACH ioctl
[  134.774349][ T6838] input: syz1 as /devices/virtual/input/input7
[  135.703171][ T6857] input: syz0 as /devices/virtual/input/input8
[  136.245485][ T6869] program syz.2.265 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  136.777919][ T6887] input: syz0 as /devices/virtual/input/input9
[  136.860175][ T6889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  137.455575][ T6903] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  137.525774][ T6903] Bluetooth: hci4: Frame reassembly failed (-84)
[  137.545176][ T3564] Bluetooth: hci4: Frame reassembly failed (-84)
[  138.852769][ T6916] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  138.874832][ T6916] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  138.891340][ T6916] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  138.911614][ T6916] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  139.505321][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  139.728055][ T6960] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  139.761991][ T6957] binder: 6956:6957 ioctl c0286687 2000000001c0 returned -22
[  139.815403][ T6957] binder: 6956:6957 ioctl c0286687 2000000001c0 returned -22
[  139.824531][ T6957] binder: 6956:6957 ioctl c0286687 2000000001c0 returned -22
[  139.932059][ T6957] binder: 6956:6957 ioctl c0286687 2000000001c0 returned -22
[  140.099571][ T6975] loop6: detected capacity change from 0 to 4
[  140.225230][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  140.378299][ T6990] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  140.655387][ T7003] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.296' sets config #0
[  140.802103][ T7009] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  140.826853][ T7009] usb usb8: usbfs: interface 0 claimed by hub while 'syz.2.298' resets device
[  140.946146][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  140.952978][ T5157] Bluetooth: hci2: command 0x0c1a tx timeout
[  140.959259][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout
[  141.413487][ T7022] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  141.451165][ T7025] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  141.834128][ T7030] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  143.648472][ T7053] ALSA: mixer_oss: invalid OSS volume ''
[  144.685261][ T7082] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  144.729036][   T30] audit: type=1400 audit(1750329544.836:2): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=7080 comm="syz.0.317"
[  145.126831][ T7084] ALSA: mixer_oss: invalid OSS volume ''
[  145.924026][ T7100] kvm: kvm [7095]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010005) = 0x1
[  146.087822][ T7107] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  146.497859][ T5881] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  146.534763][ T5881] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  146.564827][ T5881] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  146.572302][ T5881] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  146.612176][ T5881] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  146.750964][ T5881] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  147.018112][ T7122] fido_id[7122]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  148.546894][ T7147] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[  148.785615][ T7153] syz.0.336: attempt to access beyond end of device
[  148.785615][ T7153] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  149.748555][ T7179] binder: 7172:7179 ioctl 4018620d 0 returned -22
[  150.411874][ T5904] hid-generic FFF7:0008:0003.0002: unknown main item tag 0x7
[  150.423940][ T5904] hid-generic FFF7:0008:0003.0002: unknown main item tag 0x6
[  150.445616][ T5904] hid-generic FFF7:0008:0003.0002: unknown main item tag 0x0
[  150.463373][ T5904] hid-generic FFF7:0008:0003.0002: unknown main item tag 0x0
[  150.484862][ T5904] hid-generic FFF7:0008:0003.0002: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[  151.132033][ T7204] program syz.1.351 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.990519][ T7244] QAT: Device 253 not found
[  157.155091][ T7245] QAT: Invalid ioctl -1072655340
[  157.566273][ T7263] syz.1.367: attempt to access beyond end of device
[  157.566273][ T7263] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  157.827268][ T7267] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  157.945228][ T7271] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  158.738986][ T7288] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  158.961876][ T7291] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  159.071752][ T7291] mkiss: ax0: crc mode is auto.
[  160.623098][ T7314] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  160.800589][ T7318] syz.2.386: attempt to access beyond end of device
[  160.800589][ T7318] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  161.164490][ T7329] vivid-000: disconnect
[  162.018053][ T7326] vivid-000: reconnect
[  165.057266][ T7407] ptm ptm2: ldisc open failed (-12), clearing slot 2
[  165.715692][ T7424] kernel profiling enabled (shift: 6)
[  167.223963][ T7457] syz.3.428: attempt to access beyond end of device
[  167.223963][ T7457] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  167.758585][ T7477] usb usb8: usbfs: process 7477 (syz.0.434) did not claim interface 0 before use
[  168.191292][ T7487] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  170.965089][ T7554] loop2: detected capacity change from 0 to 7
[  170.995640][ T7219] Dev loop2: unable to read RDB block 7
[  171.001293][ T7219]  loop2: unable to read partition table
[  171.009719][ T7553] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  171.020423][ T7219] loop2: partition table beyond EOD, truncated
[  171.038018][ T7555] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  171.095904][ T7554] Dev loop2: unable to read RDB block 7
[  171.108692][ T7554]  loop2: unable to read partition table
[  171.118665][ T7554] loop2: partition table beyond EOD, truncated
[  171.134919][ T7554] loop_reread_partitions: partition scan of loop2 (�被x������ ) failed (rc=-5)
[  171.218427][ T5207] Dev loop2: unable to read RDB block 7
[  171.234335][ T5207]  loop2: unable to read partition table
[  171.259955][ T5207] loop2: partition table beyond EOD, truncated
[  173.206698][ T7619] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  173.343010][ T7624] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  174.134296][ T7640] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  175.972418][ T7662] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  176.823960][ T7685] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  177.157185][ T7690] random: crng reseeded on system resumption
[  178.241681][ T7711] syz.0.501: attempt to access beyond end of device
[  178.241681][ T7711] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  178.449097][ T7715] ptm ptm3: ldisc open failed (-12), clearing slot 3
[  179.089215][ T7736] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.245903][ T7775] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  180.670043][ T7784] autofs4:pid:7784:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(2.1), cmd(0xc0189374)
[  180.720094][ T7784] autofs4:pid:7784:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[  180.929057][ T7794] Context (ID=0x0) not attached to queue pair (handle=0x2:0x80000001)
[  181.094998][ T7800] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  181.136410][ T7805] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  181.837224][ T7820] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.532' sets config #-3
[  182.228660][ T7832] program syz.2.536 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  182.247400][ T7832] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.723364][ T7846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  183.564895][ T7868] syz.3.545: attempt to access beyond end of device
[  183.564895][ T7868] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  184.967729][ T5904] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  185.010021][ T5904] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  186.780886][ T7945] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  188.712364][ T8001] binder: 7999:8001 ioctl c0306201 200000000100 returned -22
[  188.738973][ T8002] binder: 8000:8002 ioctl 40046205 0 returned -22
[  188.810237][ T8001] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  188.899297][ T8010] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  191.609545][ T8078] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  191.725482][ T8080] random: crng reseeded on system resumption
[  193.014753][ T8112] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  194.495219][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  194.527519][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  194.672716][ T8149] input: syz1 as /devices/virtual/input/input16
[  195.671569][ T8166] QAT: Device 253 not found
[  195.807023][ T8166] binder: 8162:8166 ioctl c018620c 200000000140 returned -1
[  196.644492][ T8178] support for cryptoloop has been removed.  Use dm-crypt instead.
[  197.271026][ T8190] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  197.961644][ T8196] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  198.384812][ T5834] Bluetooth: hci4: command 0x1003 tx timeout
[  198.393588][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  198.436411][ T8199] binder: 8197:8199 unknown command 0
[  198.441868][ T8199] binder: 8197:8199 ioctl c0306201 200000000640 returned -22
[  199.864329][ T8231] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  200.076523][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  200.844442][ T8242] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  202.072148][   T51] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  202.081928][ T5834] Bluetooth: hci4: command 0xfc11 tx timeout
[  202.851272][ T8273] sp0: Synchronizing with TNC
[  203.605853][ T8280] vivid-007: =================  START STATUS  =================
[  203.615130][ T8280] vivid-007: Enable Output Cropping: true
[  203.621359][ T8280] vivid-007: Enable Output Composing: true
[  203.648941][ T8280] vivid-007: Enable Output Scaler: true
[  203.664791][ T8280] vivid-007: Tx RGB Quantization Range: Automatic
[  203.697928][ T8280] vivid-007: Transmit Mode: HDMI
[  203.708795][ T8280] vivid-007: Hotplug Present: 0x00000000
[  203.730108][ T8280] vivid-007: RxSense Present: 0x00000000
[  203.759109][ T8280] vivid-007: EDID Present: 0x00000000
[  203.784734][ T8280] vivid-007: ==================  END STATUS  ==================
[  204.639288][ T8303] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  206.096550][   T13] Bluetooth: hci4: Frame reassembly failed (-84)
[  206.972175][ T8327] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  208.145038][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  209.465904][ T8379] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  212.425736][   T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  212.434586][   T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  212.447686][   T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  212.460694][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  212.470376][   T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  212.910639][ T3513] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.098989][ T3513] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.382520][ T3513] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.564094][ T3513] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  213.613239][ T8404] chnl_net:caif_netlink_parms(): no params data found
[  213.789028][ T8432] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  213.911362][ T8404] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.936660][ T8404] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.970179][ T8404] bridge_slave_0: entered allmulticast mode
[  213.990960][ T8404] bridge_slave_0: entered promiscuous mode
[  214.034494][ T8404] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.069813][ T8404] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.087624][ T8440] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  214.105052][    C0] vkms_vblank_simulate: vblank timer overrun
[  214.129083][ T8404] bridge_slave_1: entered allmulticast mode
[  214.130972][ T8404] bridge_slave_1: entered promiscuous mode
[  214.173445][ T8440] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  214.241738][ T8404] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.283700][ T8404] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  214.513749][ T8404] team0: Port device team_slave_0 added
[  214.533321][ T3513] bridge_slave_1: left allmulticast mode
[  214.544802][   T51] Bluetooth: hci2: command tx timeout
[  214.565004][ T3513] bridge_slave_1: left promiscuous mode
[  214.586101][ T3513] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.631631][ T3513] bridge_slave_0: left allmulticast mode
[  214.644727][ T3513] bridge_slave_0: left promiscuous mode
[  214.651566][ T3513] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.196404][ T3513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  216.219965][ T3513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  216.250550][ T3513] bond0 (unregistering): Released all slaves
[  216.299583][ T8404] team0: Port device team_slave_1 added
[  216.624792][   T51] Bluetooth: hci2: command tx timeout
[  216.878036][ T8404] batman_adv: batadv0: Adding interface: batadv_slave_0
[  216.909715][ T8404] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.969918][ T8404] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  217.012847][ T8404] batman_adv: batadv0: Adding interface: batadv_slave_1
[  217.038312][ T8404] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  217.101771][ T8404] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  218.139851][ T8404] hsr_slave_0: entered promiscuous mode
[  218.195987][ T8404] hsr_slave_1: entered promiscuous mode
[  218.202546][ T8404] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  218.271643][ T8404] Cannot create hsr debugfs directory
[  218.342192][ T3513] hsr_slave_0: left promiscuous mode
[  218.374063][ T3513] hsr_slave_1: left promiscuous mode
[  218.384437][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  218.404810][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_0
[  218.420955][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  218.436688][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.539137][ T3513] veth1_macvtap: left promiscuous mode
[  218.565414][ T3513] veth0_macvtap: left promiscuous mode
[  218.581473][ T3513] veth1_vlan: left promiscuous mode
[  218.595071][ T3513] veth0_vlan: left promiscuous mode
[  218.705396][   T51] Bluetooth: hci2: command tx timeout
[  220.322513][ T3513] team0 (unregistering): Port device team_slave_1 removed
[  220.393463][ T3513] team0 (unregistering): Port device team_slave_0 removed
[  220.561050][ T8565] loop6: detected capacity change from 0 to 524287999
[  220.787126][   T51] Bluetooth: hci2: command tx timeout
[  221.698662][ T5891] hid-generic 0001:0081:0004.0004: unbalanced delimiter at end of report description
[  221.736927][ T5891] hid-generic 0001:0081:0004.0004: probe with driver hid-generic failed with error -22
[  222.638030][ T8404] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  222.679135][ T8404] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  222.728084][ T8404] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  222.757483][ T8404] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  223.139824][ T8404] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.210632][ T8404] 8021q: adding VLAN 0 to HW filter on device team0
[  223.269224][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.276495][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.347382][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.354685][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.236980][ T8404] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.196982][ T8404] veth0_vlan: entered promiscuous mode
[  225.237415][ T8404] veth1_vlan: entered promiscuous mode
[  225.338601][ T8404] veth0_macvtap: entered promiscuous mode
[  225.368119][ T8404] veth1_macvtap: entered promiscuous mode
[  225.430331][ T8404] batman_adv: batadv0: Interface activated: batadv_slave_0
[  225.473936][ T8404] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.555556][ T8404] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.587135][ T8404] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.599300][ T8404] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.608589][ T8404] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.822281][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.862640][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.046961][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.073151][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.559835][ T8733] input input20: cannot allocate more than FF_MAX_EFFECTS effects
[  228.302649][ T8738] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  232.828645][ T8852] syz.4.773: attempt to access beyond end of device
[  232.828645][ T8852] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  234.469968][ T8885] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  234.486396][ T8885] usb usb8: usbfs: process 8885 (syz.4.780) did not claim interface 0 before use
[  234.567700][ T8885] can0: slcan on ptm0.
[  234.692284][ T8890] kvm: emulating exchange as write
[  234.996342][ T8884] can0 (unregistered): slcan off ptm0.
[  235.055296][ T8898] input: syz1 as /devices/virtual/input/input24
[  235.970688][ T8948] input: syz0 as /devices/virtual/input/input25
[  237.702298][ T8981] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  238.396020][ T9008] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  240.580851][ T9077] input: syz0 as /devices/virtual/input/input26
[  242.047766][ T9118] input: syz1 as /devices/virtual/input/input27
[  242.311856][ T9127] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  243.267529][ T9154] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  244.492367][ T9199] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  245.926093][ T9226] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  246.552624][ T9237] tty tty28: ldisc open failed (-12), clearing slot 27
[  249.317043][ T9312] CUSE: info not properly terminated
[  250.977772][ T9354] random: crng reseeded on system resumption
[  251.063946][ T9355] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  253.497384][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.517202][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.566716][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.596360][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.626640][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.654502][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.672405][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.718407][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.745915][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.763916][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.794049][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.844678][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.852161][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.894709][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.902267][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.957950][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  253.983918][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  254.028180][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  254.054703][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  254.082903][ T3083] hid-generic FC04:0008:0003.0005: unknown main item tag 0x0
[  254.160936][ T3083] hid-generic FC04:0008:0003.0005: hidraw0: <UNKNOWN> HID v0.02 Device [syz1] on syz1
[  254.455294][ T9469] fido_id[9469]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/FC04:0008:0003.0005/report_descriptor': No such file or directory
[  255.912135][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  255.918719][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  257.535896][ T9581] syz.4.910: attempt to access beyond end of device
[  257.535896][ T9581] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  257.800837][ T9594] input: syz0 as /devices/virtual/input/input32
[  257.841531][ T9605] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  257.870144][ T9594] input: syz0 as /devices/virtual/input/input31
[  257.967852][ T9608] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  258.773800][ T9645] syz.1.918: attempt to access beyond end of device
[  258.773800][ T9645] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  259.194897][ T9652] mkiss: ax0: crc mode is auto.
[  260.226042][   T51] Bluetooth: hci0: command 0x0c1a tx timeout
[  260.234812][   T43] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  260.250420][   T43] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  260.566798][ T9707] blktrace: Concurrent blktraces are not allowed on sg0
[  260.734546][ T9707] relay: one or more items not logged [item size (48) > sub-buffer size (6)]
[  261.013978][ T9714] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  261.096480][ T9714] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  262.305133][   T51] Bluetooth: hci1: command 0x0c1a tx timeout
[  262.305309][   T43] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  262.311376][   T43] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  264.384841][   T43] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  264.388628][   T51] Bluetooth: hci3: command 0x0c1a tx timeout
[  264.390961][   T43] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  266.544847][   T43] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  266.551085][   T43] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  266.554869][   T51] Bluetooth: hci2: command 0x0c1a tx timeout
[  268.012977][ T9894] input: syz1 as /devices/virtual/input/input33
[  268.040701][ T9894] input: failed to attach handler leds to device input33, error: -6
[  269.679896][ T9969] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  269.903103][ T9978] ALSA: seq fatal error: cannot create timer (-22)
[  271.539558][T10047] binder: 10045:10047 ioctl c00c6211 0 returned -14
[  273.703582][T10123] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  273.993285][T10147] binder: 10136:10147 ioctl c0306201 200000000640 returned -22
[  274.004076][T10142] pim6reg0: tun_chr_ioctl cmd 1074025677
[  274.021566][T10142] pim6reg0: linktype set to 769
[  274.026792][T10143] binder: 10136:10143 ioctl c0306201 200000000640 returned -22
[  274.029354][T10148] syz.1.997: attempt to access beyond end of device
[  274.029354][T10148] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  274.141597][T10136] ALSA: mixer_oss: invalid OSS volume ''
[  274.513480][T10172] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  275.987540][T10347] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  276.735542][T10359] loop6: detected capacity change from 0 to 524287999
[  276.984206][T10372] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  280.438278][   T30] audit: type=1400 audit(1750329680.586:3): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=10580 comm="syz.3.1034"
[  280.469632][    C0] vkms_vblank_simulate: vblank timer overrun
[  281.137537][T10600] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.235788][T10644] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  283.047935][T10684] input: syz1 as /devices/virtual/input/input38
[  283.767776][T10723] input: syz0 as /devices/virtual/input/input39
[  283.805532][T10724] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  285.456771][ T3083] hid (null): global environment stack underflow
[  285.480606][ T3083] hid-generic 0008:0004:0004.0006: reserved main item tag 0xe
[  285.494840][ T3083] hid-generic 0008:0004:0004.0006: reserved main item tag 0xd
[  285.513050][ T3083] hid-generic 0008:0004:0004.0006: item 0 0 0 11 parsing failed
[  285.544185][ T3083] hid-generic 0008:0004:0004.0006: probe with driver hid-generic failed with error -22
[  285.966165][T10811] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  288.226041][T10881] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  288.457412][T10898] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  288.478524][T10899] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  289.164352][T10924] usb usb9: usbfs: interface 0 claimed by hub while 'syz.1.1095' sets config #0
[  289.562230][T10934] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  291.598396][T11029] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  292.500126][T11071] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  294.199017][T11148] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  294.229614][T11149] iommufd_mock iommufd_mock0: Adding to iommu group 1
[  295.012798][T11201] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  295.616594][T11221] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  297.211157][T11255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  297.276947][T11265] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  297.294971][T11266] CUSE: info not properly terminated
[  297.799840][T11288] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.832412][T11382] input: syz1 as /devices/virtual/input/input45
[  300.085039][T11399] random: crng reseeded on system resumption
[  301.975228][T11484] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  305.257557][T11579] mkiss: ax0: crc mode is auto.
[  305.763036][T11604] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  305.763981][T11603] input: syz0 as /devices/virtual/input/input46
[  306.764924][T11651] input: syz0 as /devices/virtual/input/input47
[  307.100898][T11668] usb usb8: usbfs: process 11668 (syz.4.1222) did not claim interface 0 before use
[  307.172154][T11668] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.020811][T11811] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  311.719009][T11909] input: syz1 as /devices/virtual/input/input49
[  313.819623][T12011] loop6: detected capacity change from 0 to 524287999
[  316.220175][T12122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.362085][T12133] blktrace: Concurrent blktraces are not allowed on nullb0
[  316.399715][T12134] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.673131][T12142] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  316.929387][T12150] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  317.353243][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  317.359774][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  318.373946][T12296] input: syz1 as /devices/virtual/input/input50
[  318.822009][T12346] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  319.324434][T12375] Scaler: =================  START STATUS  =================
[  319.340604][T12375] Scaler: ==================  END STATUS  ==================
[  321.117637][T12547] input: syz1 as /devices/virtual/input/input55
[  322.518003][T12620] kvm: user requested TSC rate below hardware speed
[  322.549866][T12620] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  322.592418][T12620] kvm: user requested TSC rate below hardware speed
[  322.885314][T12640] usb usb8: usbfs: process 12640 (syz.0.1336) did not claim interface 32 before use
[  322.928222][T12643] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  324.089995][T12702] tap0: tun_chr_ioctl cmd 1074025678
[  324.095973][T12702] tap0: group set to 0
[  325.718406][T12827] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.566316][T12929] input: syz1 as /devices/virtual/input/input57
[  326.939405][T12940] input: syz1 as /devices/virtual/input/input58
[  327.981806][T12999] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  330.181936][T13076] QAT: failed to copy from user cfg_data.
[  330.212894][T13076] binder: BINDER_SET_CONTEXT_MGR already set
[  330.237086][T13076] binder: 13075:13076 ioctl 40046207 0 returned -16
[  330.398466][T13084] Invalid logical block size (2)
[  331.967975][T13122] vim2m vim2m.0: vidioc_s_fmt queue busy
[  332.292137][T13128] input: syz0 as /devices/virtual/input/input60
[  332.512598][T13139] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  332.542882][T13139] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  332.749907][T13150] sp0: Synchronizing with TNC
[  333.035550][T13147] sp0: Synchronizing with TNC
[  333.360229][T13182] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.741224][T13306] input: syz1 as /devices/virtual/input/input62
[  336.840362][   T30] audit: type=1400 audit(1750329736.996:4): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=13299 comm="syz.0.1437"
[  337.762952][T13333] random: crng reseeded on system resumption
[  338.306184][T13353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  338.574910][T13373] Scaler: =================  START STATUS  =================
[  338.597836][T13373] Scaler: ==================  END STATUS  ==================
[  338.655902][T13374] program syz.4.1449 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  339.152705][   T30] audit: type=1800 audit(1750329739.316:5): pid=13392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1453" name="dmabuf" dev="dmabuf" ino=6 res=0 errno=0
[  339.292811][T13401] usb usb9: usbfs: process 13401 (syz.1.1456) did not claim interface 0 before use
[  339.387078][T13409] loop6: detected capacity change from 0 to 524287999
[  340.023112][T13418] ALSA: mixer_oss: invalid OSS volume ''
[  340.668626][T13447] vivid-000: =================  START STATUS  =================
[  340.686559][T13447] vivid-000: Test Pattern: 75% Colorbar
[  340.698488][T13447] vivid-000: Fill Percentage of Frame: 100
[  340.704465][T13447] vivid-000: Horizontal Movement: No Movement
[  340.720236][T13447] vivid-000: Vertical Movement: Move Up Slow
[  340.730220][T13447] vivid-000: OSD Text Mode: Counters Only
[  340.736934][T13447] vivid-000: Show Border: true
[  340.742504][T13447] vivid-000: Show Square: false
[  340.748287][T13447] vivid-000: Sensor Flipped Horizontally: false
[  340.755223][T13447] vivid-000: Sensor Flipped Vertically: false
[  340.761616][T13447] vivid-000: Insert SAV Code in Image: false
[  340.775061][T13447] vivid-000: Insert EAV Code in Image: false
[  340.781331][T13447] vivid-000: Insert Video Guard Band: true
[  340.789712][T13447] vivid-000: Reduced Framerate: false
[  340.798368][T13447] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  340.807533][T13447] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  340.818150][T13447] vivid-000: Enable Capture Cropping: true
[  340.824126][T13447] vivid-000: Enable Capture Composing: true
[  340.833185][T13447] vivid-000: Enable Capture Scaler: false
[  340.838491][T13452] ptm ptm0: ldisc open failed (-12), clearing slot 0
[  340.839482][T13447] vivid-000: Timestamp Source: End of Frame
[  340.853438][T13447] vivid-000: Colorspace: sRGB
[  340.858463][T13447] vivid-000: Transfer Function: Default
[  340.864158][T13447] vivid-000: Y'CbCr Encoding: ITU-R 601
[  340.870197][T13447] vivid-000: HSV Encoding: Hue 0-256
[  340.879425][T13447] vivid-000: Quantization: Limited Range
[  340.885722][T13447] vivid-000: Apply Alpha To Red Only: true
[  340.891732][T13447] vivid-000: Standard Aspect Ratio: 4x3
[  340.900076][T13447] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  340.908384][T13447] vivid-000: DV Timings: 640x480p59 inactive
[  340.914533][T13447] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  340.924215][T13447] vivid-000: Maximum EDID Blocks: 2
[  340.930560][T13447] vivid-000: Limited RGB Range (16-235): true
[  340.940736][T13447] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[  340.962092][T13447] vivid-000: Power Present: 0x00000001
[  340.968077][T13447] tpg source WxH: 320x180 (Y'CbCr)
[  340.973376][T13447] tpg field: 1
[  340.980645][T13447] tpg crop: (0,0)/320x180
[  340.985685][T13447] tpg compose: (0,0)/320x180
[  340.990451][T13447] tpg colorspace: 8
[  340.994374][T13447] tpg transfer function: 0/1
[  341.003577][T13447] tpg Y'CbCr encoding: 1/1
[  341.008481][T13447] tpg quantization: 2/1
[  341.012990][T13447] tpg RGB range: 0/1
[  341.020938][T13447] vivid-000: ==================  END STATUS  ==================
[  341.062776][T13446] ALSA: mixer_oss: invalid OSS volume ''
[  341.351559][T13466] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  341.573186][T13478] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  341.739395][T13491] i2c i2c-0: Invalid block write size 254
[  342.292818][T13501] syz.4.1475: attempt to access beyond end of device
[  342.292818][T13501] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  342.630563][T13505] binder: 13503:13505 ioctl c0306201 2000000003c0 returned -14
[  343.008738][T13527] syz.3.1482: attempt to access beyond end of device
[  343.008738][T13527] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  344.311362][T13600] vivid-000: =================  START STATUS  =================
[  344.363941][T13600] vivid-000: Test Pattern: 75% Colorbar
[  344.385193][T13600] vivid-000: Fill Percentage of Frame: 100
[  344.391236][T13600] vivid-000: Horizontal Movement: No Movement
[  344.411579][T13600] vivid-000: Vertical Movement: Move Up Slow
[  344.424980][T13600] vivid-000: OSD Text Mode: Counters Only
[  344.431848][T13604] input: syz1 as /devices/virtual/input/input67
[  344.446693][T13599] binder: 13598:13599 ioctl 40046205 0 returned -22
[  344.465670][T13600] vivid-000: Show Border: true
[  344.482423][T13600] vivid-000: Show Square: false
[  344.506232][T13600] vivid-000: Sensor Flipped Horizontally: false
[  344.515630][T13600] vivid-000: Sensor Flipped Vertically: false
[  344.521784][T13600] vivid-000: Insert SAV Code in Image: false
[  344.550877][T13600] vivid-000: Insert EAV Code in Image: false
[  344.570441][T13600] vivid-000: Insert Video Guard Band: true
[  344.591067][T13600] vivid-000: Reduced Framerate: false
[  344.632301][T13600] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[  344.641361][T13600] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[  344.653032][T13600] vivid-000: Enable Capture Cropping: true
[  344.660392][T13600] vivid-000: Enable Capture Composing: true
[  344.670120][T13600] vivid-000: Enable Capture Scaler: false
[  344.681894][T13600] vivid-000: Timestamp Source: End of Frame
[  344.696286][T13600] vivid-000: Colorspace: sRGB
[  344.701062][T13600] vivid-000: Transfer Function: Default
[  344.710684][T13600] vivid-000: Y'CbCr Encoding: ITU-R 601
[  344.712784][T13613] input: syz1 as /devices/virtual/input/input68
[  344.717961][T13600] vivid-000: HSV Encoding: Hue 0-256
[  344.733739][T13600] vivid-000: Quantization: Limited Range
[  344.743804][T13600] vivid-000: Apply Alpha To Red Only: true
[  344.766820][T13600] vivid-000: Standard Aspect Ratio: 4x3
[  344.772471][T13600] vivid-000: DV Timings Signal Mode: Current DV Timings inactive
[  344.799309][T13600] vivid-000: DV Timings: 640x480p59 inactive
[  344.822918][T13600] vivid-000: DV Timings Aspect Ratio: Source Width x Height
[  344.859063][T13600] vivid-000: Maximum EDID Blocks: 2
[  344.886725][T13600] vivid-000: Limited RGB Range (16-235): true
[  344.892910][T13600] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[  344.940890][T13600] vivid-000: Power Present: 0x00000001
[  344.949495][T13600] tpg source WxH: 320x180 (Y'CbCr)
[  344.963964][T13600] tpg field: 1
[  344.977113][T13600] tpg crop: (0,0)/320x180
[  344.982450][T13600] tpg compose: (0,0)/320x180
[  344.989561][T13600] tpg colorspace: 8
[  345.009652][T13600] tpg transfer function: 0/1
[  345.030690][T13600] tpg Y'CbCr encoding: 1/1
[  345.042225][T13600] tpg quantization: 2/1
[  345.054380][T13600] tpg RGB range: 0/1
[  345.064494][T13600] vivid-000: ==================  END STATUS  ==================
[  345.346138][T13694] program syz.4.1503 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  345.356562][T13694] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  345.370850][T13695] program syz.4.1503 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  345.382925][T13695] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  347.665203][T13850] input: syz0 as /devices/virtual/input/input69
[  347.757141][T13850] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.174227][T13868] loop6: detected capacity change from 0 to 63
[  348.268672][ T7676] buffer_io_error: 23 callbacks suppressed
[  348.268695][ T7676] Buffer I/O error on dev loop6, logical block 0, async page read
[  348.305329][ T7676] Buffer I/O error on dev loop6, logical block 0, async page read
[  348.313918][ T7676] Buffer I/O error on dev loop6, logical block 0, async page read
[  348.360942][ T7676] Buffer I/O error on dev loop6, logical block 0, async page read
[  348.381731][ T7676] Buffer I/O error on dev loop6, logical block 0, async page read
[  348.594366][T13921] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.692211][T13921] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  352.604234][T14283] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  352.780235][T14293] input: syz0 as /devices/virtual/input/input70
[  352.813301][T14292] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  353.601687][T14362] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  355.403809][T14493] binder: 14490:14493 ioctl c0306201 200000000640 returned -14
[  355.430244][T14492] binder: 14490:14492 ioctl c0306201 2000000003c0 returned -14
[  355.699260][T14501] CUSE: info not properly terminated
[  355.991534][T14508] vivid-000: disconnect
[  356.763726][T14506] vivid-000: reconnect
[  356.816141][T14533] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  356.911499][T14546] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  357.300057][T14564] sp0: Synchronizing with TNC
[  357.605694][T14585] input: syz0 as /devices/virtual/input/input71
[  357.734939][T14589] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  360.513185][T14665] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  360.661988][T14684] binder: BC_ATTEMPT_ACQUIRE not supported
[  360.678322][T14684] binder: 14673:14684 ioctl c0306201 200000000100 returned -22
[  361.118728][T14696] binder: 14694:14696 ioctl 400c620e 9999999999999999 returned -14
[  361.207013][T14696] binder: 14694:14696 ioctl 400c620e 9999999999999999 returned -14
[  361.576823][T14717] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  361.608556][T14719] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  362.072710][T14741] tty tty21: ldisc open failed (-12), clearing slot 20
[  362.326514][T14753] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  362.730453][T14772] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  364.093775][T14905] input: syz1 as /devices/virtual/input/input73
[  365.592656][T14965] sp0: Synchronizing with TNC
[  365.648865][T14971] sp1: Synchronizing with TNC
[  365.684451][T14977] sp1: Found TNC
[  365.746895][T14976] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1222729745 (39127351840 ns) > initial count (25964891200 ns). Using initial count to start timer.
[  365.891066][T14966] [U] �`
[  366.264467][T15006] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  367.195452][T15044] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  367.243522][T15047] random: crng reseeded on system resumption
[  367.525704][T15061] input: syz1 as /devices/virtual/input/input74
[  368.293155][T15084] deleting an unspecified loop device is not supported.
[  368.327942][T15084] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  368.350717][T15088] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  369.126471][T15121] blktrace: Concurrent blktraces are not allowed on nullb0
[  369.468688][T15138] program syz.3.1656 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  370.614061][T15186] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  375.469039][T15335] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  376.225508][T15378] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[  376.679322][   T30] audit: type=1400 audit(1750329776.846:6): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=15394 comm="syz.3.1704"
[  378.012203][T15424] input: syz1 as /devices/virtual/input/input78
[  378.612575][T15441] [U] 
[  378.615888][T15441] [U] K{�
[  378.619035][T15441] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[  378.626088][T15441] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  378.641657][T15441] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  378.652098][T15441] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  378.687720][T15441] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  378.711274][T15441] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[  378.722421][T15441] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  378.733979][T15441] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  378.768971][T15447] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  378.774782][T15441] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  378.792874][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  378.794513][T15441] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  378.800972][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  378.847640][T15441] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  378.847662][T15441] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[  378.847676][T15441] [U] 22��Ʃ���x?0;3u�
[  378.847694][T15441] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  378.847714][T15441] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  378.847728][T15441] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  378.847738][T15441] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  378.847751][T15441] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  378.847761][T15441] [U] �ec�
[  378.847773][T15441] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  378.977329][T15440] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  379.217723][T15463] can0: slcan on ptm0.
[  379.237506][T15457] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  379.388813][T15456] can0 (unregistered): slcan off ptm0.
[  379.733698][T15495] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  381.852215][T15574] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  384.192138][T15655] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  385.099842][T15701] binder: 15700:15701 ioctl c0306201 2000000003c0 returned -22
[  385.198360][T15713] program syz.4.1757 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  385.426784][T15722] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  385.855957][T15745] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  386.022546][T15759] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  386.360092][T15785] binder: 15779:15785 ioctl c018620c 200000000100 returned -22
[  386.520008][T15795] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  387.514925][T15836] vivid-003: disconnect
[  388.425490][T15832] vivid-003: reconnect
[  388.696427][T15935] kvm: user requested TSC rate below hardware speed
[  388.887633][T15955] kvm: kvm [15952]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4
[  390.484613][T16065] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  390.761944][T16081] program syz.1.1800 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  390.875081][T16081] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  392.603414][T16140] PM: Enabling pm_trace changes system date and time during resume.
[  392.603414][T16140] PM: Correct system time has to be restored manually after resume.
[  394.389417][T16217] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  395.657368][T16262] input: syz1 as /devices/virtual/input/input79
[  395.719516][T16262] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  396.059464][T16286] ALSA: mixer_oss: invalid OSS volume ''
[  396.977218][T16318] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  398.310521][T16378] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  398.571763][T16391] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  400.067541][T16478] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  400.093800][T16478] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  400.427499][T16498] [U] 
[  401.541984][T16546] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.221365][T16574] sp0: Synchronizing with TNC
[  403.116318][T16601] syz.0.1890: attempt to access beyond end of device
[  403.116318][T16601] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  403.420443][T16603] program syz.1.1891 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  403.438176][T16603] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  404.014484][T16633] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  406.712823][T16750] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  406.815391][T16750] block device autoloading is deprecated and will be removed.
[  406.943342][T16763] kvm: kvm [16762]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0xa1a9
[  407.677641][T16789] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  408.453355][T16828] usb usb8: usbfs: process 16828 (syz.3.1934) did not claim interface 0 before use
[  411.253080][T16896] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38415261, 8, 0, 0, 0)
[  412.828961][T16958] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.398874][T17090] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.833576][T17111] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.867183][T17110] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  417.380453][T17142] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  418.734066][T17181] sp0: Synchronizing with TNC
[  421.202243][T17201] workqueue: Failed to create a rescuer kthread for wq "nfc7_nci_tx_wq": -EINTR
[  422.167017][T17628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  422.952774][T17659] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  423.187993][T17673] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  425.465766][T17741] vivid-002: disconnect
[  425.934801][T17738] vivid-002: reconnect
[  427.181029][T17781] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  427.250191][T17782] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  428.060548][T17821] binder: 17820:17821 ioctl 4018620d 0 returned -22
[  428.368682][T17833] autofs4:pid:17833:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[  428.419759][T17833] autofs4:pid:17833:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[  429.134742][T17845] kvm: kvm [17844]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff
[  429.847253][T17876] input: syz0 as /devices/virtual/input/input87
[  432.287075][T17967] sp0: Synchronizing with TNC
[  434.417710][T18054] vivid-001: kernel_thread() failed
[  434.710826][T18063] input: syz0 as /devices/virtual/input/input88
[  435.593654][T18090] can0: slcan on ptm0.
[  435.705127][T18088] can0 (unregistered): slcan off ptm0.
[  435.724324][T18114] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.234320][T18240] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  439.532438][T18251] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  440.000836][T18271] tun0: tun_chr_ioctl cmd 1074025675
[  440.018829][T18271] tun0: persist disabled
[  440.232802][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  440.239403][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  440.595850][   T30] audit: type=1400 audit(1750329840.766:7): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=18301 comm="syz.0.2134"
[  441.757575][T18329] vivid-000: disconnect
[  441.791085][T18324] vivid-000: reconnect
[  441.994249][T18354] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  443.085878][T18393] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  443.606244][T18418] usb usb8: usbfs: process 18418 (syz.1.2155) did not claim interface 0 before use
[  444.782946][T18459] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  445.156387][T18478] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  445.230165][T18478] kvm: kvm [18477]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x4000000000000001
[  448.046946][T18579] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  449.039203][   T30] audit: type=1800 audit(1750329849.176:8): pid=18604 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2179" name="memory.events" dev="tmpfs" ino=3054 res=0 errno=0
[  449.263568][   T49] Bluetooth: hci4: Frame reassembly failed (-84)
[  451.264786][   T51] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  451.270446][ T5834] Bluetooth: hci4: command 0x1003 tx timeout
[  451.377830][T18672] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  452.764320][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  452.778368][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  452.787203][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  452.805551][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  452.813487][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  452.885589][   T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  452.897091][   T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  452.905009][   T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  452.915969][   T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  452.926122][   T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  453.041966][T18754] Bluetooth: hci4: Frame reassembly failed (-84)
[  453.096514][   T49] Bluetooth: hci4: Frame reassembly failed (-84)
[  453.328879][ T3513] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.441882][T18764] Sensor A: =================  START STATUS  =================
[  453.453557][ T3513] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.456517][T18764] Sensor A: Test Pattern: Horizontal 100% Colorbar
[  453.472271][T18764] Sensor A: Show Information: None
[  453.478264][T18764] Sensor A: Vertical Flip: false
[  453.483385][T18764] Sensor A: Horizontal Flip: false
[  453.489221][T18764] Sensor A: Brightness: 128
[  453.493995][T18764] Sensor A: Contrast: 128
[  453.499706][T18764] Sensor A: Hue: 3
[  453.503493][T18764] Sensor A: Saturation: 128
[  453.515302][T18764] Sensor A: ==================  END STATUS  ==================
[  453.554985][ T3513] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.668261][ T3513] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  453.913956][T18859] sp0: Synchronizing with TNC
[  453.978673][T18725] chnl_net:caif_netlink_parms(): no params data found
[  454.464231][ T3513] bridge_slave_1: left allmulticast mode
[  454.491416][ T3513] bridge_slave_1: left promiscuous mode
[  454.501783][ T3513] bridge0: port 2(bridge_slave_1) entered disabled state
[  454.528618][ T3513] bridge_slave_0: left allmulticast mode
[  454.550785][ T3513] bridge_slave_0: left promiscuous mode
[  454.567088][ T3513] bridge0: port 1(bridge_slave_0) entered disabled state
[  454.944850][   T51] Bluetooth: hci3: command tx timeout
[  455.104821][   T51] Bluetooth: hci4: command 0xfc11 tx timeout
[  455.105282][ T5834] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  455.819902][T18976] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  456.419143][ T3513] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  456.451065][ T3513] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  456.499222][ T3513] bond0 (unregistering): Released all slaves
[  456.744346][T18725] bridge0: port 1(bridge_slave_0) entered blocking state
[  456.784756][T18725] bridge0: port 1(bridge_slave_0) entered disabled state
[  456.793831][T18725] bridge_slave_0: entered allmulticast mode
[  456.807757][T18725] bridge_slave_0: entered promiscuous mode
[  456.882223][T18725] bridge0: port 2(bridge_slave_1) entered blocking state
[  456.906357][T18725] bridge0: port 2(bridge_slave_1) entered disabled state
[  456.913723][T18725] bridge_slave_1: entered allmulticast mode
[  456.962987][T18725] bridge_slave_1: entered promiscuous mode
[  457.034945][ T5834] Bluetooth: hci3: command tx timeout
[  457.138732][T18725] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  457.180644][T18725] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  457.433435][ T3513] hsr_slave_0: left promiscuous mode
[  457.454440][ T3513] hsr_slave_1: left promiscuous mode
[  457.463892][T19071] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.472078][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  457.496071][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_0
[  457.512102][ T3513] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  457.541964][ T3513] batman_adv: batadv0: Removing interface: batadv_slave_1
[  457.549969][T19077] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  457.605481][ T3513] veth1_macvtap: left promiscuous mode
[  457.611219][ T3513] veth0_macvtap: left promiscuous mode
[  457.635058][ T3513] veth1_vlan: left promiscuous mode
[  457.647148][ T3513] veth0_vlan: left promiscuous mode
[  459.106119][ T5834] Bluetooth: hci3: command tx timeout
[  459.505539][T19116] syz.1.2232: attempt to access beyond end of device
[  459.505539][T19116] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  459.676692][T19119] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.826510][ T3513] team0 (unregistering): Port device team_slave_1 removed
[  459.946688][ T3513] team0 (unregistering): Port device team_slave_0 removed
[  459.981656][T19128] loop6: detected capacity change from 0 to 524287487
[  459.991533][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.014681][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.022724][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.044949][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045081][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045210][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045335][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045445][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045526][T19128] ldm_validate_partition_table(): Disk read failed.
[  460.045575][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045691][T19128] Buffer I/O error on dev loop6, logical block 0, async page read
[  460.045954][T19128] Dev loop6: unable to read RDB block 0
[  460.072043][T19128]  loop6: unable to read partition table
[  460.130416][T19128] loop_reread_partitions: partition scan of loop6 (3��x��C�

) failed (rc=-5)
[  460.171461][T19135] loop6: detected capacity change from 524287487 to 0
[  460.706670][T19154] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  460.725538][T19155] iommufd_mock iommufd_mock0: Adding to iommu group 1
[  460.825805][T18725] team0: Port device team_slave_0 added
[  460.907837][T18725] team0: Port device team_slave_1 added
[  461.092200][T18725] batman_adv: batadv0: Adding interface: batadv_slave_0
[  461.101891][T18725] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  461.149749][T18725] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  461.172886][T18725] batman_adv: batadv0: Adding interface: batadv_slave_1
[  461.180174][T18725] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  461.191984][ T5834] Bluetooth: hci3: command tx timeout
[  461.224969][T18725] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  461.268843][T19235] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.419281][T18725] hsr_slave_0: entered promiscuous mode
[  461.442488][T18725] hsr_slave_1: entered promiscuous mode
[  461.459744][T18725] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  461.480187][T18725] Cannot create hsr debugfs directory
[  462.050437][T19343] dlm: no locking on control device
[  462.073755][T19343] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  463.209167][T19384] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  463.710492][T18725] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  463.756305][T18725] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  463.769171][T18725] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  463.861133][T18725] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  464.193059][T19461] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.340602][T18725] 8021q: adding VLAN 0 to HW filter on device bond0
[  464.428485][T18725] 8021q: adding VLAN 0 to HW filter on device team0
[  464.465133][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.472479][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.529010][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.536283][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  465.378318][T18725] 8021q: adding VLAN 0 to HW filter on device batadv0
[  465.567901][T18725] veth0_vlan: entered promiscuous mode
[  465.619912][T18725] veth1_vlan: entered promiscuous mode
[  465.717673][T18725] veth0_macvtap: entered promiscuous mode
[  465.767775][T18725] veth1_macvtap: entered promiscuous mode
[  465.846646][T18725] batman_adv: batadv0: Interface activated: batadv_slave_0
[  465.891649][T18725] batman_adv: batadv0: Interface activated: batadv_slave_1
[  465.960666][T18725] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  466.001374][T18725] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  466.017838][T18725] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  466.038511][T18725] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  466.276457][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.295353][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.458058][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  466.497117][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.953523][T19563] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.017632][T19638] vivid-000: =================  START STATUS  =================
[  469.038263][T19638] vivid-000: Enable Output Cropping: false
[  469.044203][T19638] vivid-000: Enable Output Composing: true
[  469.071635][T19638] vivid-000: Enable Output Scaler: true
[  469.102373][T19638] vivid-000: Tx RGB Quantization Range: Automatic
[  469.134810][T19638] vivid-000: Transmit Mode: HDMI
[  469.162346][T19638] vivid-000: Hotplug Present: 0x00000000
[  469.204717][T19638] vivid-000: RxSense Present: 0x00000000
[  469.221831][T19638] vivid-000: EDID Present: 0x00000000
[  469.290656][T19638] vivid-000: ==================  END STATUS  ==================
[  469.490717][T19611] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  469.498039][T19611] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  469.759123][T19659] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  470.611492][T19696] tap0: tun_chr_ioctl cmd 1074025677
[  470.617234][T19696] tap0: linktype set to 774
[  470.690858][T19701] tap0: tun_chr_ioctl cmd 1074025673
[  474.099684][T19814] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  474.915828][   T30] audit: type=1400 audit(1750329875.086:9): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=19834 comm="syz.0.2310"
[  475.138514][T19839] binder: 19838:19839 ioctl 4018620d 0 returned -22
[  476.582535][T19891] QAT: Invalid ioctl 26121
[  476.601494][T19891] QAT: Invalid ioctl 1075883590
[  476.617822][T19893] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  476.627430][T19891] QAT: Invalid ioctl -1072131210
[  476.651810][T19891] QAT: Invalid ioctl -1073172847
[  476.674831][T19891] QAT: Invalid ioctl 1075883590
[  476.695157][T19891] QAT: Invalid ioctl -1072150528
[  477.006659][T19907] kvm: kvm [19905]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x3
[  477.131107][T19916] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  481.424186][T20083] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  482.739188][T20129] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  483.823703][T20158] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  484.196114][T20185] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  485.498053][T20225] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  485.550069][   T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  485.565496][   T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  485.574359][   T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  485.583086][   T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  485.591713][   T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  485.614844][ T5834] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  485.623771][ T5834] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  485.631354][ T5834] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  485.646537][ T5834] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  485.655342][ T5834] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  486.077387][ T3564] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.562952][ T3564] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.717459][T20308] CUSE: info not properly terminated
[  486.745923][ T3564] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  486.979013][ T3564] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  487.291835][T20228] chnl_net:caif_netlink_parms(): no params data found
[  487.755806][ T5834] Bluetooth: hci1: command tx timeout
[  487.815639][ T3564] bridge_slave_1: left allmulticast mode
[  487.830463][ T3564] bridge_slave_1: left promiscuous mode
[  487.836506][ T3564] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.893826][ T3564] bridge_slave_0: left allmulticast mode
[  487.904909][ T3564] bridge_slave_0: left promiscuous mode
[  487.910790][ T3564] bridge0: port 1(bridge_slave_0) entered disabled state
[  488.796067][T20485] CUSE: unknown device info "MzP���{U��җ�E�s��Z$cw#�/�f�}ٔ�b,Q�[{��Ʈ$
[  488.796067][T20485] �4&I:#5o6�3�ю.l%��wC
[  488.796067][T20485] �?"
[  488.844596][T20485] CUSE: unknown device info "v�2�.7���˂����*5����SEAy���	�`?e`��l6ݡ���Q0V84܎{c"�K��^�vaO֐M ����8�f1�\.dž6��(3�i�����fω11,kb���z���"�NXj�}�	�~
�wu/�K�9�.��r��פ�"
[  488.970248][T20485] CUSE: DEVNAME unspecified
[  489.455492][ T3564] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  489.471262][ T3564] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  489.491434][ T3564] bond0 (unregistering): Released all slaves
[  489.824750][ T5834] Bluetooth: hci1: command tx timeout
[  490.041073][T20228] bridge0: port 1(bridge_slave_0) entered blocking state
[  490.092986][T20228] bridge0: port 1(bridge_slave_0) entered disabled state
[  490.103159][T20228] bridge_slave_0: entered allmulticast mode
[  490.132489][T20228] bridge_slave_0: entered promiscuous mode
[  490.168372][T20228] bridge0: port 2(bridge_slave_1) entered blocking state
[  490.204700][T20228] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.212089][T20228] bridge_slave_1: entered allmulticast mode
[  490.226869][T20228] bridge_slave_1: entered promiscuous mode
[  490.490137][T20228] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.542957][T20228] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  490.687347][ T3564] hsr_slave_0: left promiscuous mode
[  490.705846][ T3564] hsr_slave_1: left promiscuous mode
[  490.712129][ T3564] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  490.740665][ T3564] batman_adv: batadv0: Removing interface: batadv_slave_0
[  490.783156][ T3564] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  490.794907][ T3564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  490.887837][ T3564] veth1_macvtap: left promiscuous mode
[  490.893473][ T3564] veth0_macvtap: left promiscuous mode
[  490.909476][ T3564] veth1_vlan: left promiscuous mode
[  490.920531][ T3564] veth0_vlan: left promiscuous mode
[  490.999970][T20603] random: crng reseeded on system resumption
[  491.291253][T20609] vivid-000: disconnect
[  491.443950][T20613] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  491.557044][T20574] vivid-000: reconnect
[  491.906571][ T5834] Bluetooth: hci1: command tx timeout
[  492.341310][ T3564] team0 (unregistering): Port device team_slave_1 removed
[  492.471585][ T3564] team0 (unregistering): Port device team_slave_0 removed
[  493.234057][T20640] misc userio: Begin command sent, but we're already running
[  493.244115][T20641] misc userio: Begin command sent, but we're already running
[  493.266523][T20640] misc userio: Begin command sent, but we're already running
[  493.471972][T20646] QAT: failed to copy from user.
[  493.985162][ T5834] Bluetooth: hci1: command tx timeout
[  494.130393][T20228] team0: Port device team_slave_0 added
[  494.200883][T20228] team0: Port device team_slave_1 added
[  494.433597][T20228] batman_adv: batadv0: Adding interface: batadv_slave_0
[  494.458365][T20228] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.531634][T20228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  494.562767][T20228] batman_adv: batadv0: Adding interface: batadv_slave_1
[  494.586818][T20228] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  494.612756][    C1] vkms_vblank_simulate: vblank timer overrun
[  494.659897][T20228] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  494.910810][T20228] hsr_slave_0: entered promiscuous mode
[  494.940999][T20228] hsr_slave_1: entered promiscuous mode
[  495.056128][T20775] sp0: Synchronizing with TNC
[  495.208809][T20775] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  497.011537][T20228] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  497.028687][T20938] binder: 20937:20938 ioctl c0306201 200000000640 returned -22
[  497.093729][T20228] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  497.122192][T20228] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  497.163057][T20228] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  497.399207][T20968] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  497.578417][T20228] 8021q: adding VLAN 0 to HW filter on device bond0
[  497.652888][T20228] 8021q: adding VLAN 0 to HW filter on device team0
[  497.709596][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.716873][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  497.813851][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.821987][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  498.687245][T20228] 8021q: adding VLAN 0 to HW filter on device batadv0
[  498.895733][T20228] veth0_vlan: entered promiscuous mode
[  498.942794][T20228] veth1_vlan: entered promiscuous mode
[  499.057431][T20228] veth0_macvtap: entered promiscuous mode
[  499.073813][T20228] veth1_macvtap: entered promiscuous mode
[  499.141936][T20228] batman_adv: batadv0: Interface activated: batadv_slave_0
[  499.159880][T20228] batman_adv: batadv0: Interface activated: batadv_slave_1
[  499.199665][T20228] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  499.199728][T20228] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  499.199751][T20228] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  499.199772][T20228] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  499.520300][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.574636][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.723952][T18818] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.741175][T18818] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.674960][ T1305] ieee802154 phy0 wpan0: encryption failed: -22
[  501.681341][ T1305] ieee802154 phy1 wpan1: encryption failed: -22
[  501.912835][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  501.925700][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  501.943914][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  501.955547][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  501.964679][   T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  502.353320][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.688994][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  502.910428][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.019611][T21163] input: syz1 as /devices/virtual/input/input100
[  503.179180][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  503.828973][T21097] chnl_net:caif_netlink_parms(): no params data found
[  504.065388][ T5834] Bluetooth: hci0: command tx timeout
[  504.297175][T21310] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  504.403372][   T13] bridge_slave_1: left allmulticast mode
[  504.437903][   T13] bridge_slave_1: left promiscuous mode
[  504.443812][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  504.506944][   T13] bridge_slave_0: left allmulticast mode
[  504.533035][   T13] bridge_slave_0: left promiscuous mode
[  504.554943][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.314813][T21346] loop6: detected capacity change from 0 to 524287999
[  505.926034][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  505.943386][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  506.046452][   T13] bond0 (unregistering): Released all slaves
[  506.099794][T21363] blktrace: Concurrent blktraces are not allowed on nullb0
[  506.144679][ T5834] Bluetooth: hci0: command tx timeout
[  506.298828][T21097] bridge0: port 1(bridge_slave_0) entered blocking state
[  506.324358][T21097] bridge0: port 1(bridge_slave_0) entered disabled state
[  506.343818][T21097] bridge_slave_0: entered allmulticast mode
[  506.360219][T21097] bridge_slave_0: entered promiscuous mode
[  506.382118][T21097] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.411944][T21097] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.454807][T21097] bridge_slave_1: entered allmulticast mode
[  506.462856][T21097] bridge_slave_1: entered promiscuous mode
[  506.893050][T21097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  506.923030][T21097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.136953][T21097] team0: Port device team_slave_0 added
[  507.225990][T21097] team0: Port device team_slave_1 added
[  507.579981][   T13] hsr_slave_0: left promiscuous mode
[  507.607307][   T13] hsr_slave_1: left promiscuous mode
[  507.629477][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  507.654733][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  507.686147][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  507.693626][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  507.791545][   T13] veth1_macvtap: left promiscuous mode
[  507.820368][   T13] veth0_macvtap: left promiscuous mode
[  507.847852][   T13] veth1_vlan: left promiscuous mode
[  507.853287][   T13] veth0_vlan: left promiscuous mode
[  508.226200][ T5834] Bluetooth: hci0: command tx timeout
[  508.561119][T21523] binder: 21521:21523 ioctl c00c6211 0 returned -14
[  509.372016][T21547] random: crng reseeded on system resumption
[  509.787591][   T13] team0 (unregistering): Port device team_slave_1 removed
[  509.967689][   T13] team0 (unregistering): Port device team_slave_0 removed
[  510.304827][ T5834] Bluetooth: hci0: command tx timeout
[  511.343199][T21097] batman_adv: batadv0: Adding interface: batadv_slave_0
[  511.361037][T21097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.428011][T21097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  511.516038][T21097] batman_adv: batadv0: Adding interface: batadv_slave_1
[  511.534630][T21097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  511.562644][T21097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  511.912096][T21097] hsr_slave_0: entered promiscuous mode
[  511.920254][T21097] hsr_slave_1: entered promiscuous mode
[  511.929367][T21097] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  511.937336][T21097] Cannot create hsr debugfs directory
[  512.894348][T21754] dlm: no local IP address has been set
[  512.928013][T21754] dlm: cannot start dlm midcomms -107
[  513.051869][T21764] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  513.239140][T21779] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  513.823458][T21097] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  513.888920][T21097] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  513.926598][T21097] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  513.968900][T21097] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  514.254627][T21829] input: syz0 as /devices/virtual/input/input102
[  514.286747][T21831] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  514.388131][T21097] 8021q: adding VLAN 0 to HW filter on device bond0
[  514.481637][T21097] 8021q: adding VLAN 0 to HW filter on device team0
[  514.519270][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.526566][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.607223][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.614537][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.614854][T21846] input: syz1 as /devices/virtual/input/input103
[  515.519225][T21097] 8021q: adding VLAN 0 to HW filter on device batadv0
[  515.584081][T21881] syz.4.2515: attempt to access beyond end of device
[  515.584081][T21881] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  515.673793][T21097] veth0_vlan: entered promiscuous mode
[  515.721094][T21097] veth1_vlan: entered promiscuous mode
[  515.844542][T21097] veth0_macvtap: entered promiscuous mode
[  515.880633][T21097] veth1_macvtap: entered promiscuous mode
[  515.945886][T21097] batman_adv: batadv0: Interface activated: batadv_slave_0
[  515.973869][T21097] batman_adv: batadv0: Interface activated: batadv_slave_1
[  515.986160][T21097] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  515.986201][T21097] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  515.986228][T21097] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  515.986255][T21097] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  516.413245][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.434676][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  516.562089][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  516.587130][T21907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  516.614529][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  517.325273][T21940] random: crng reseeded on system resumption
[  518.812083][T21973] tun0: tun_chr_ioctl cmd 1074025675
[  518.842852][T21973] tun0: persist disabled
[  518.879819][T21977] tun0: tun_chr_ioctl cmd 1074025673
[  519.339665][T21993] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  521.470601][T22194] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  521.580964][T22194] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  521.630652][T22207] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  521.664217][T22216] iommufd_mock iommufd_mock2: Adding to iommu group 2
[  521.951652][T22232] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  523.290096][ T3513] Bluetooth: Error in BCSP hdr checksum
[  523.890450][T22293] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  524.372686][T22316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  524.499747][T22330] QAT: Stopping all acceleration devices.
[  524.535340][T22329] QAT: Stopping all acceleration devices.
[  524.718594][   T49] Bluetooth: hci5: Frame reassembly failed (-84)
[  524.783178][T22345] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  525.027068][ T5834] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  525.033769][T22339] Bluetooth: hci4: command 0x1003 tx timeout
[  525.370134][T22368] sp0: Synchronizing with TNC
[  526.785241][   T51] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  526.785275][T22339] Bluetooth: hci5: command 0x1003 tx timeout
[  527.306607][T22433] blktrace: Concurrent blktraces are not allowed on sg0
[  527.381165][T22435] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  528.326979][T22453] random: crng reseeded on system resumption
[  528.780820][T22483] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  532.200627][T22693] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  533.204083][T22740] random: crng reseeded on system resumption
[  533.429358][T22747] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  533.450364][T22746] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  534.366535][T22797] mkiss: ax0: crc mode is auto.
[  534.481796][T22803] random: crng reseeded on system resumption
[  534.538326][T22806] ==================================================================
[  534.546457][T22806] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  534.555091][T22806] Write of size 928 at addr ffffc90003e19c80 by task vivid-000-vid-c/22806
[  534.563705][T22806] 
[  534.566041][T22806] CPU: 0 UID: 0 PID: 22806 Comm: vivid-000-vid-c Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[  534.566060][T22806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  534.566069][T22806] Call Trace:
[  534.566076][T22806]  <TASK>
[  534.566083][T22806]  dump_stack_lvl+0x189/0x250
[  534.566106][T22806]  ? __pfx_dump_stack_lvl+0x10/0x10
[  534.566121][T22806]  ? __pfx__printk+0x10/0x10
[  534.566137][T22806]  ? __pfx__printk+0x10/0x10
[  534.566150][T22806]  ? _raw_spin_lock_irqsave+0xb3/0xf0
[  534.566171][T22806]  ? __virt_addr_valid+0xdc/0x5c0
[  534.566190][T22806]  print_report+0xd2/0x2b0
[  534.566208][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  534.566230][T22806]  kasan_report+0x118/0x150
[  534.566254][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  534.566277][T22806]  kasan_check_range+0x2b0/0x2c0
[  534.566296][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  534.566317][T22806]  __asan_memcpy+0x40/0x70
[  534.566331][T22806]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  534.566376][T22806]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[  534.566398][T22806]  ? finish_task_switch+0x18b/0x950
[  534.566425][T22806]  ? rcu_is_watching+0x15/0xb0
[  534.566442][T22806]  ? __schedule+0x1713/0x4d00
[  534.566466][T22806]  ? ktime_get+0x3e/0x1f0
[  534.566487][T22806]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  534.566514][T22806]  ? lockdep_hardirqs_on+0x9c/0x150
[  534.566537][T22806]  vivid_thread_vid_cap+0x8da/0x10d0
[  534.566567][T22806]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  534.566587][T22806]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  534.566606][T22806]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  534.566628][T22806]  ? __kthread_parkme+0x7b/0x200
[  534.566645][T22806]  ? __kthread_parkme+0x1a1/0x200
[  534.566662][T22806]  kthread+0x70e/0x8a0
[  534.566682][T22806]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  534.566702][T22806]  ? __pfx_kthread+0x10/0x10
[  534.566720][T22806]  ? _raw_spin_unlock_irq+0x23/0x50
[  534.566739][T22806]  ? lockdep_hardirqs_on+0x9c/0x150
[  534.566759][T22806]  ? __pfx_kthread+0x10/0x10
[  534.566777][T22806]  ret_from_fork+0x3f9/0x770
[  534.566792][T22806]  ? __pfx_ret_from_fork+0x10/0x10
[  534.566807][T22806]  ? __switch_to_asm+0x39/0x70
[  534.566824][T22806]  ? __switch_to_asm+0x33/0x70
[  534.566841][T22806]  ? __pfx_kthread+0x10/0x10
[  534.566859][T22806]  ret_from_fork_asm+0x1a/0x30
[  534.566882][T22806]  </TASK>
[  534.566887][T22806] 
[  534.798706][T22806] The buggy address belongs to the virtual mapping at
[  534.798706][T22806]  [ffffc90003e11000, ffffc90003e1b000) created by:
[  534.798706][T22806]  vb2_vmalloc_alloc+0xef/0x340
[  534.816603][T22806] 
[  534.818958][T22806] The buggy address belongs to the physical page:
[  534.825385][T22806] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x16c pfn:0x316d4
[  534.834338][T22806] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  534.841457][T22806] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  534.850041][T22806] raw: 000000000000016c 0000000000000000 00000001ffffffff 0000000000000000
[  534.858638][T22806] page dumped because: kasan: bad access detected
[  534.865070][T22806] page_owner tracks the page as allocated
[  534.870792][T22806] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 22805, tgid 22796 (syz.3.2622), ts 534507445921, free_ts 534475806562
[  534.890516][T22806]  post_alloc_hook+0x240/0x2a0
[  534.895296][T22806]  get_page_from_freelist+0x21e4/0x22c0
[  534.900847][T22806]  __alloc_frozen_pages_noprof+0x181/0x370
[  534.906659][T22806]  alloc_pages_mpol+0x232/0x4a0
[  534.911515][T22806]  alloc_pages_noprof+0xa9/0x190
[  534.916486][T22806]  __vmalloc_node_range_noprof+0x97d/0x12f0
[  534.922444][T22806]  vmalloc_user_noprof+0xad/0xf0
[  534.927408][T22806]  vb2_vmalloc_alloc+0xef/0x340
[  534.932268][T22806]  __vb2_queue_alloc+0x9bf/0x15a0
[  534.937295][T22806]  vb2_core_reqbufs+0xc31/0x1420
[  534.942237][T22806]  __vb2_init_fileio+0x318/0xff0
[  534.947179][T22806]  __vb2_perform_fileio+0x284/0x1600
[  534.952472][T22806]  vb2_fop_read+0x273/0x360
[  534.956983][T22806]  v4l2_read+0x199/0x2c0
[  534.961224][T22806]  vfs_read+0x1fd/0x980
[  534.965384][T22806]  ksys_read+0x145/0x250
[  534.969634][T22806] page last free pid 15 tgid 15 stack trace:
[  534.975713][T22806]  __free_frozen_pages+0xc71/0xe70
[  534.980833][T22806]  __tlb_remove_table+0x2d2/0x3b0
[  534.985868][T22806]  tlb_remove_table_rcu+0x85/0x100
[  534.990990][T22806]  rcu_core+0xca5/0x1710
[  534.995234][T22806]  handle_softirqs+0x286/0x870
[  534.999999][T22806]  run_ksoftirqd+0x9b/0x100
[  535.004572][T22806]  smpboot_thread_fn+0x53f/0xa60
[  535.009580][T22806]  kthread+0x70e/0x8a0
[  535.013653][T22806]  ret_from_fork+0x3f9/0x770
[  535.018247][T22806]  ret_from_fork_asm+0x1a/0x30
[  535.023018][T22806] 
[  535.025351][T22806] Memory state around the buggy address:
[  535.030978][T22806]  ffffc90003e19f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  535.039133][T22806]  ffffc90003e19f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  535.047208][T22806] >ffffc90003e1a000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  535.055273][T22806]                    ^
[  535.059337][T22806]  ffffc90003e1a080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  535.067394][T22806]  ffffc90003e1a100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
[  535.075452][T22806] ==================================================================
[  535.102974][T22806] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  535.110257][T22806] CPU: 1 UID: 0 PID: 22806 Comm: vivid-000-vid-c Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[  535.122879][T22806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.132970][T22806] Call Trace:
[  535.136277][T22806]  <TASK>
[  535.139237][T22806]  dump_stack_lvl+0x99/0x250
[  535.143862][T22806]  ? __asan_memcpy+0x40/0x70
[  535.148482][T22806]  ? __pfx_dump_stack_lvl+0x10/0x10
[  535.153704][T22806]  ? __pfx__printk+0x10/0x10
[  535.158323][T22806]  panic+0x2db/0x790
[  535.162243][T22806]  ? __pfx_panic+0x10/0x10
[  535.166663][T22806]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  535.172567][T22806]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  535.178906][T22806]  ? print_memory_metadata+0x314/0x400
[  535.184389][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  535.190049][T22806]  check_panic_on_warn+0x89/0xb0
[  535.195008][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  535.200651][T22806]  end_report+0x78/0x160
[  535.204902][T22806]  kasan_report+0x129/0x150
[  535.209414][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  535.215057][T22806]  kasan_check_range+0x2b0/0x2c0
[  535.220001][T22806]  ? tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  535.225658][T22806]  __asan_memcpy+0x40/0x70
[  535.230075][T22806]  tpg_fill_plane_buffer+0x1b9b/0x5ec0
[  535.235567][T22806]  vivid_thread_vid_cap_tick+0xfff/0x5fd0
[  535.241300][T22806]  ? finish_task_switch+0x18b/0x950
[  535.246515][T22806]  ? rcu_is_watching+0x15/0xb0
[  535.251288][T22806]  ? __schedule+0x1713/0x4d00
[  535.256032][T22806]  ? ktime_get+0x3e/0x1f0
[  535.260381][T22806]  ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10
[  535.266554][T22806]  ? lockdep_hardirqs_on+0x9c/0x150
[  535.271767][T22806]  vivid_thread_vid_cap+0x8da/0x10d0
[  535.277070][T22806]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  535.282800][T22806]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  535.288714][T22806]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  535.295054][T22806]  ? __kthread_parkme+0x7b/0x200
[  535.299995][T22806]  ? __kthread_parkme+0x1a1/0x200
[  535.305032][T22806]  kthread+0x70e/0x8a0
[  535.309108][T22806]  ? __pfx_vivid_thread_vid_cap+0x10/0x10
[  535.314842][T22806]  ? __pfx_kthread+0x10/0x10
[  535.319441][T22806]  ? _raw_spin_unlock_irq+0x23/0x50
[  535.324645][T22806]  ? lockdep_hardirqs_on+0x9c/0x150
[  535.329850][T22806]  ? __pfx_kthread+0x10/0x10
[  535.334453][T22806]  ret_from_fork+0x3f9/0x770
[  535.339054][T22806]  ? __pfx_ret_from_fork+0x10/0x10
[  535.344208][T22806]  ? __switch_to_asm+0x39/0x70
[  535.348989][T22806]  ? __switch_to_asm+0x33/0x70
[  535.353760][T22806]  ? __pfx_kthread+0x10/0x10
[  535.358364][T22806]  ret_from_fork_asm+0x1a/0x30
[  535.363154][T22806]  </TASK>
[  535.366509][T22806] Kernel Offset: disabled
[  535.370832][T22806] Rebooting in 86400 seconds..