last executing test programs:

15m6.085998026s ago: executing program 32 (id=4317):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000240)={0x1, &(0x7f00000012c0)=[{0x6, 0x3, 0x2, 0x1}]})
write(r1, &(0x7f0000000000)="16e7", 0xfeb7)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0) (async)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)) (async)
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000240)={0x1, &(0x7f00000012c0)=[{0x6, 0x3, 0x2, 0x1}]}) (async)
write(r1, &(0x7f0000000000)="16e7", 0xfeb7) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000) (async)

14m27.830510905s ago: executing program 4 (id=4649):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000080)={0x28, 0x355a80ad4125c70b, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xfffffffffffffffb})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x7, 0x6576, 0x3})
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r1, 0x100000000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r2, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r3, 0x40101286, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000280)={0xc})
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
write$uinput_user_dev(r5, &(0x7f00000004c0)={'syz0\x00', {0x40, 0x0, 0x2da9, 0x8}, 0xc, [0x9, 0x10000, 0x0, 0xffff, 0x7, 0x1, 0x200, 0xd4, 0x0, 0x80, 0xc64f, 0x1, 0x2, 0x0, 0x7fff, 0xfffffffe, 0x800d, 0x9, 0x6, 0x5, 0x800, 0x7, 0xcd1a, 0x80000000, 0x0, 0xfffffff5, 0x2, 0x100, 0x81, 0x6, 0xff, 0x2, 0x7, 0x3, 0x9, 0xc6, 0x6, 0x1, 0x400, 0x0, 0x0, 0xb, 0x0, 0xfffffff7, 0x29ac, 0xe50, 0x9, 0xc2f, 0x80, 0x5, 0x8, 0xb, 0xffffff00, 0x10001, 0x6, 0x3, 0x4, 0x6, 0x6b, 0x6, 0x5, 0xc, 0x0, 0x1], [0xfffffe00, 0x1868000, 0x6, 0x4, 0x3, 0x100, 0x0, 0x6, 0x33, 0x4, 0x81, 0x8d, 0x8, 0x10, 0x3, 0x9a, 0xb586, 0x4d21, 0xfffffffb, 0xffffb7b2, 0x0, 0x0, 0x40, 0xfffffffa, 0xffffffff, 0x2, 0x100, 0x3, 0x6, 0x81, 0xe0, 0x3, 0x8, 0x7c3c, 0x68000000, 0x6, 0x800, 0x7, 0xd, 0x10001, 0xf2, 0x7f, 0x9, 0x0, 0x5, 0xf, 0x1, 0xfffffffc, 0x101, 0x80000001, 0xffff, 0x4, 0xb, 0x200, 0x80, 0x0, 0x7fff, 0xc540, 0x4, 0x5, 0x8, 0x7, 0xd, 0xffff7fff], [0x3ff, 0x7fff, 0x8, 0x5, 0x100, 0x3, 0x8001, 0x400, 0x6, 0x1000, 0x5, 0x8, 0x400, 0x5, 0x7, 0x2, 0x0, 0x9, 0xb, 0xe6f, 0x2, 0x0, 0x5bb, 0x7, 0x2, 0xf3, 0x2, 0x0, 0x8d2f, 0x6, 0x79, 0x10, 0x5, 0xffff7fff, 0x284, 0x1d, 0x5522, 0x1000, 0x7, 0x9, 0x6, 0x2, 0x5, 0x6, 0xffff, 0x7, 0x3, 0x5, 0x0, 0x7, 0x81, 0x5, 0x3, 0x3122, 0x69f5, 0xffff, 0x5, 0x5, 0x8, 0x49d, 0x8, 0x5, 0xb642, 0xaa], [0xa, 0x7, 0xfffffffd, 0xfff, 0x5, 0x101, 0x4, 0x200, 0x1, 0x3, 0x0, 0x6, 0x4, 0x2, 0x5, 0x8, 0x5, 0x6, 0x9, 0x0, 0x2, 0x1, 0x7, 0xbad80000, 0x2, 0x1, 0x378, 0xffffa1d7, 0x5, 0x0, 0x1, 0xfffffff7, 0x1, 0x35, 0xb3e3, 0xde, 0xb4e, 0xff, 0x37a3, 0x7560, 0x200, 0xb, 0xfffffffc, 0x81, 0x9, 0x1, 0x5, 0x4, 0x0, 0x2, 0x10001, 0x8, 0x8, 0x3, 0xa0df, 0xde15, 0xffffe359, 0x4, 0x20000002, 0xa8f33e3, 0x3, 0x100, 0x1, 0x4]}, 0x45c)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_GET_PIT2(r7, 0x8070ae9f, 0x0)
r8 = openat$kvm(0xffffff9c, &(0x7f0000000040), 0x480, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000c80)=ANY=[@ANYBLOB="0100000000000031ff000040"])
r11 = syz_open_dev$vim2m(&(0x7f0000000040), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r11, 0xc0d05605, &(0x7f00000003c0)={0x2, @pix={0x0, 0x0, 0x3231564e}})
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r13 = dup(r12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r13, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)

14m27.506507959s ago: executing program 4 (id=4651):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x432000)
ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x80084503, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)

14m26.842646171s ago: executing program 4 (id=4655):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r1, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000480)={0x2020, 0x0, <r2=>0x0}, 0x2020) (async)
r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r3, &(0x7f0000005e40)={0x2020, 0x0, <r4=>0x0, <r5=>0x0, <r6=>0x0}, 0x2020)
write$FUSE_ATTR(r3, &(0x7f0000005340)={0x78, 0x0, r4, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r5, r6, 0xb, 0x8, 0x1000000}}}, 0x78) (async)
r7 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000005e40)={0x2020, 0x0, <r8=>0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
write$FUSE_ATTR(r7, &(0x7f0000005340)={0x78, 0x0, r8, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r9, r10, 0xb, 0x8, 0x1000000}}}, 0x78)
write$FUSE_ATTR(r1, &(0x7f00000001c0)={0x78, 0x0, r2, {0x4, 0xfffffff9, 0x0, {0x0, 0x2, 0x2e, 0x7, 0x5, 0x0, 0x7, 0x7, 0x9, 0x6000, 0x9, r5, r10, 0x1, 0x700}}}, 0x78) (async)
r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r12 = dup(r11)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r12, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0) (async)
syz_open_dev$MSR(&(0x7f0000000240), 0x89d7, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async)
ioctl$BLKZEROOUT(r12, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

14m26.438662062s ago: executing program 4 (id=4658):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
read$FUSE(r3, &(0x7f00000003c0)={0x2020, 0x0, <r4=>0x0}, 0x2020)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$NS_GET_OWNER_UID(r5, 0xb704, &(0x7f0000000000)=<r6=>0x0)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x5, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000000, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, r6, 0x0, 0x0, 0x3}}, {0x0, 0x1c}}}, 0xa0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r2, {0x0, <r7=>0xffffffffffffffff}}, './file0\x00'})
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000001c0)={0x78, 0x0, r4, {0x3, 0x8, 0x0, {0x0, 0x7, 0xd09, 0x43d, 0x9, 0x8, 0xd8, 0x3, 0x40, 0x2000, 0x0, r6, r7, 0x4, 0x6}}}, 0x78)

14m25.843005368s ago: executing program 4 (id=4666):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) (async)
r1 = openat$drirender128(0xffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r1, 0xc01864cb, &(0x7f00000003c0)={0x0, 0x0}) (async)
r2 = openat$sw_sync(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000040)={0x6, "df51289fdbdaf9c178ba0271a1b1ae58c229322582971dbc3ab3899333eeb698"}) (async)
r3 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r2, 0xc0285700, &(0x7f0000000080)={0x1, "7d34d996b0d519b4d79e4694fa518e74cc2ac4a85c5fba78d7ad0f35e9d904ea"})
preadv2(r3, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/97, 0x61}], 0x1, 0x0, 0x0, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000db9000/0x3000)=nil, 0x3000, 0x3, 0x4000010, 0xffffffffffffffff, 0x1000000000000000) (async)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000280)=0x10) (async)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) (async)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

14m25.670732398s ago: executing program 4 (id=4667):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2710, 0x3, 0x80a0002, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="060000000000000031090000020000000100000000000000ca9400003900000009000000feffffff000000000000000000000000000000008ee000000300000001000000000000008000000010000000060000001000000000000000000000000000000000000000060000000300000001000000000000000700000000000000050000000000000000000000000000000000000000000000ff0f00000300000001000000000000000e0000000100000000040000020000000000000000000000000000000000000003000000010000000000000000000000030000000000000004000000000000000600000000000000040000007adb0000030000000700000001000000000000000100000000000000810000006c5c0000000000000000000000000000000000002dd19b421411ed84e7fdfa5bb477f53c34008338b8e345e5b0388543a73cc47f91bded77fee78167c06fbd9bdfbc9c5e3c9eff1f54893a3b258b8f3ab2dcb63756f07f806064a90d6e4ebe0ce49e7fc13a49803d395ed93044df83e43f588766d3e39c50e7a54316db7a55"])
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x2c}, {0x6}]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)

14m10.645248591s ago: executing program 33 (id=4667):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x2710, 0x3, 0x80a0002, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="060000000000000031090000020000000100000000000000ca9400003900000009000000feffffff000000000000000000000000000000008ee000000300000001000000000000008000000010000000060000001000000000000000000000000000000000000000060000000300000001000000000000000700000000000000050000000000000000000000000000000000000000000000ff0f00000300000001000000000000000e0000000100000000040000020000000000000000000000000000000000000003000000010000000000000000000000030000000000000004000000000000000600000000000000040000007adb0000030000000700000001000000000000000100000000000000810000006c5c0000000000000000000000000000000000002dd19b421411ed84e7fdfa5bb477f53c34008338b8e345e5b0388543a73cc47f91bded77fee78167c06fbd9bdfbc9c5e3c9eff1f54893a3b258b8f3ab2dcb63756f07f806064a90d6e4ebe0ce49e7fc13a49803d395ed93044df83e43f588766d3e39c50e7a54316db7a55"])
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x2c}, {0x6}]})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)

13m9.026618452s ago: executing program 1 (id=5225):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100))
r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0) (async)
ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) (async)
r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r3, 0xc06c4124, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) (async)
ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r3, 0xc06c4124, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x8586000)
openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x519100, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

13m8.681546874s ago: executing program 1 (id=5228):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$fb0(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000000)={0x400, 0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {}, {}, {0x10000000}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

13m8.092891338s ago: executing program 1 (id=5233):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$KVM_SET_CPUID2(r1, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="03000000000000000d0000008000000001000000ca000000090000007f000000a624000000000000000000000000000007000080f9ffffff0300000005000000060000000f00000000080000000000f5ffffff00000000000000008008000000060000000500000006000000060000000900"/128])
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0xfffffffffffffffe, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0x10, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
ioctl$KVM_GET_CPUID2(r1, 0xc008ae91, &(0x7f0000000480)={0x5, 0x0, [{}, {}, {}, {}, {}]})
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000240), 0x400000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

13m6.870661143s ago: executing program 1 (id=5238):
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

13m6.771087224s ago: executing program 1 (id=5240):
r0 = syz_open_dev$ndb(&(0x7f0000000480), 0x0, 0xc0400)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x800, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pimreg\x00', 0x2bc67b5dc0ef3785})
read(r1, 0x0, 0x0)
ioctl$NBD_SET_FLAGS(r0, 0xab0a, 0xadf)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x228200, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000002c0)=ANY=[@ANYBLOB="01000000000000009700be288477bcf24a1b3077de639ad334669997c1853c4dd02ebfc433e4f938717ee483480c153a4233a732e53e42f7f9814fd9b4576d1a8415fd21e8aefeb8fd793220835a33a823df18c5293b3aad9f4e1adf99276624be4275ab379001dd101a2ddc7706537d16bb0d1be27eb89732a21110cb8b0e7402a592dd439d235c875a474749bfc4e323c137c6e7"])
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000100)={0x6, 0x6, 0x7, 0xfff, 0x5})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
openat$ttynull(0xffffff9c, &(0x7f0000000040), 0x4000, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040))
r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xed, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000140)={0x3, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0x1000000000, 0x0, 0x3e, 0x2000001, 0x0, 0x2004cb, 0x0, 0x0, 0x5, 0x9, 0x0, 0x3, 0x0, 0x9], 0x2, 0x2c0203})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat(r3, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x0, 0x0)
close(r4)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r6 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x840, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r6, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x100b})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x8010, 0xffffffffffffffff, 0x1000000000000000)

13m6.581962369s ago: executing program 1 (id=5243):
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x5})
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x9e, 0x0, 0x0, 0x0, @time={0x1505, 0x1002}, {0x0, 0x3e}, {0x9}, @queue={0x2, {0x7, 0x10001}}}], 0x1c)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) (fail_nth: 10)

12m51.528171416s ago: executing program 34 (id=5243):
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000000)={'\x00', 0x0, 0x200000a, 0x1, 0x5})
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x9e, 0x0, 0x0, 0x0, @time={0x1505, 0x1002}, {0x0, 0x3e}, {0x9}, @queue={0x2, {0x7, 0x10001}}}], 0x1c)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000)) (fail_nth: 10)

7m21.234604043s ago: executing program 2 (id=7493):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r1, 0x0, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f048})
r4 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m20.206586463s ago: executing program 2 (id=7498):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000000000010000000000000000000d000000000000000000ff"])
ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000000340)={{0x0, 0x0, 0x466, {0x8080000, 0x3000}}, "a9cbc4b723986beb2541731c8831607b6ee747534f2610e68420ac50bde6dad58d04aad3777f18b4f168b3950653ce1d7740b6225b60f102dea41282032f21c3f19760a59ad876506e4e939e80e92248edfd8137e41621c1a490cf3cbb0502fa6deb4cb0efa6bc813cca06ed4828bafa15d1afd8ac82b71d1a7b410eeac6a6f31e4995b05d3f93bf80a053ae74958ed42c6c4b4d0bcaa08d3e6025a166ac6f19973f974613e0d7ca52d6a648ed23fcce9f475faa3e49d697324fa1b2cdfef7deb66a190e9185a90f5c54c88895af1a61f8c0722f0c0bf9835d8910449682cc5551ec995aec222238bb28f41ba7f99f93b785dd2d48cf389f27da125b9c3ec7f716d6b6b696a93e625f0e17b4ff3bac5eec8e2dd837254c16d8c9b2a773ac70b8dc7216980fcf1db0cd885a6f3379dfcca516b0b5771d3dfb2212fd569b8f6003dcf8478390e14a5bf73eb1a61a12ce20ea3f5fbd6d9a56a4adf6043190cc7d559e7773668d0498f6c7438917d204ed2ec53da03cc744619be3785cd8cddb678f8e90965f22242bb62fa3590dde45cacad3852a54154a90d7495cc4cfbd7baacc19604efd864cc76a7e867cd7403301f45a3ad20ed8edf412e4aae5f279eada88ee43a436dd3b1f37098b7d81759aff2d81e5593535d44035fdcbae0f45a7163c06b8ed7da27a03e266947d7f11d9e1600f1a88b99643a0b99abad360b8137415f7800f8a5a16ba306778733d5493cc73d0aacebe1cc4618847bd620034cb617c55e47ff8d8000f52c25a6b3e9272c297e6b30bed370dda4c2b56278893a4faefb28a87c40229d3f80814e128eedb7050465e1e00547a1b77ebaef78355d9867ce521138d63f147ec3de6cac38d9eeb1d167494466e00d97a32701117bbe0f95304970e632b9cf8ded044b3f1c01326095b422678d798a9c5f8ab05f4e6549639186723aa3d38927ed4ca94a9e6de3c4f5ce99d090389473455cb366c7dfcb43ebe60271a3693e80ae4948291753007f5032f518ffc832f3e819f3bdac1085a80cdd494cdcac4a874a14818b9dae534559c2c5a542a12949a22fddb9060e8a400f96512aa8eaaa6659932dc8852f5709a808604c2fda229c79933646e36255948baec6e0c2d4fbe056628157ba456603e5cb45761b5aa97c0daceb3e6d7a192d109847057cb4322c9c5e62403c921e9cebeca77d12c3ed05f5e131e3c00d9070618872ea8a1f05e4598c98739d3a9245e537ed992aa4eb8a571e4c7c0dc797f91e3258835f9db1b6501edaaf38c9fd4d718c743d30b6f1e480ce9408aa6b894055768738e3df843301d99b476ba8d30f6483022ad7fd50493e600700ef1b70c72f607feb0df9898b61a38f4f59d23779b7af4a5b5a0e7379877d8c875d1e47a9ddbac19208cd22e05f729a9175b9bf1c96618d63585204eb5ea29e0a0f17c12219fd51bc462dcff6d3ff73b64d2a5f7ebe6ebdefd841698e909cf1018a88afefc1802fc97c22a240f20ce6938ae6b2224f7ca311622695577f3e4cb8f7e87bcf5bcdcc5311815bab1499465f687903b4da5693c83cbe13ba3d94f413bbdf9886241fc1f0b9ea00e7b2d1c2fe29d8921c56919bbfa091d4542c590a18848256b7eca92114c5542356bb15e1cd59b28a5d5b86bb92c30e88ea6edc6efd3c685a7e9b840b61f445bb57d670d3dbba61da442fcdabd4c14b9dd6543aafca5bea6ca16c00bbdc0999cec79272dfd1de86bea7d830ec2deaa339c2fc57d6490ee7cf3bb4e6cb4b8dcaa4279bef0af601f96dc25a3cf926eb6c5eb9529a266e1a9d96fbb5e0ffeb472d40e3853f42d69e725d2dd570b531779a09a5f945a2dce4ddd898be60b9d38f3c305f942f8f8a3ee992de01a0d6b3db1a4174b770681d2470edd2319a9b9d04d3cadd67583a313c071f809c89134b2b714cb2d7247d4d6b5d794302e9408e946bf1cadc767a8ae918a6608f7d2dbb2d825e949c823ac6bda0c46dea864c83222f3c7f7ec020f3a6445f3762dfaae5a28c3857053b2548d11c9b9f4af5366b43012e35d14ba139085493e95ad24bcc92b835f3c72ff762fcbe3d04ee2051e959a9e680f51425d5eeeedd99767fccda20b44bbbac6989e1d6f70f030c2530b83923fbf27fbf24f62ff7a5619b39b338e165dcf66faf6092edd19216fdacfb8eb80bd7d8a7767f538c3021e20f498c8e456bc32af1157b5988950caf1c478047f132c01f53c12929f030e9d78c284e64a521350d72748ef214c05f4c8d2e47384c3cd29c99a2df1abb2e8ff5a363a488feb119e8ad5e3c39a4f24449d00b3772090b499e2c65b50a3e6ce7f1e2f2bac0ae5e58147d1d6887617ca38d12b1cc9a5e3ee47539f40179136698acd9b9e20a4f85335dcb19d4ba4a05bcd84b27a9f1897ab8f67abf78ba3ce4d87b37c129562d33bb0836c8fe830c068e7c8b6728ed585258c7d82b5c407d0532bf5ba60cfb0a6e6f3aa44bdf3bb7ac389023c3db4395c3875a3496d85640d423775d8ac0c4c3ab1831bdd785a5ca0ba2073bdf6970e4b63718944603ab32b83d7c73af090c3a941561a76f08e2235e1ea8a0b721cd6a73466664c411c33fd1a3e46e580c77034cb09ac38b6d1824f642d3354e827b6ddc0ca15c3bd7192882eaece388d428282c859fed7d280e5d81cd0252c149154e2038a3f2535781dc81d7221278c21ee819fb913fc8d97e96f3dbbf0b2cd63a0ceeadec43fca7a760f45aa53de97597b4afb3abf5921125e9f148da377556e6de1a62aab6055b10c1698649515e62c572d62d901ae7fcd417b627db64785fbdc21f0e978eb143d7abb2771de9a912466fb6e6f55a12f209e131732d45a8293f1a36ddddfad54f857016e3ab7fceb97ddfde1a8c8569dfa972ec636e7c93e603d5e1d0e98d6f109dfa6df50ce987abfc291aba0e488ba8f0596fbd1bacd58862b611250a85cd34e7d100f785286d815281b62ef2dfeea5e8ba4ee4a019af0ff59b0f4f3049f8718d0fca57de1cf88763d13ad26c50cccec4faba99d899ef079c3400052d065cc0a44e8f73dc5bef5f8681015b29c96dacd026d920f369a2b0c341b8295f5268e2d9bf80df2d9ea1017b5b41ec2060c2fecc67c040e7c37521b6d6174c4d4ed4accc5479f6fc4ddc0e45a7f8030ff8e23f000315a3565498d07bd0cc6459f5cff23b40ffb80ace2f48fe0c1a337bb4f748bb8c057089de5cd727b278b45d84a8f7df9f898b3cef2ec319b032f888c4953bfe141c8e4b67ab3f95fa133790ea17b27be21c9478da70641265045e81e28229a4dc15f59c2f18b1b9c082d1154bc9565508fc9419912b48f3b1271609006399a844f6ccedb6323ada63d3e0b340fd07cf9e3b98b1d193bd76796c2a185366b25468017d28371d8792eb42304961bc9c1f4ef4025d2814837dacc9f1d777bfeddb30eca1cacd9f5b6619c4000252ecdabf7107dff264046c111c6f5767e3486c37ec175f52bd3460a7ad49e35bb729ba76e2fa5e117c49b750000005e0abf56340740b81ea37c5df26b7c885cc5da412cf4e9932e2561aa7945945dcba0677786c9ea9b9aee47d73454df82048f021b30a817606c96415c22e1e908316f84aae52e050e31176408d35ef33091618df7d38d22bd2b626dc138f423c32362878c8f6538dcf0b96c4298668d4bb35773c952bbebd4778c964b0eae8eac9bef3469ea5da890377c500ea027180f5308585cd7941c7e3305c32d610de49b5c1acce6c285d88a99dcebb2b5972a276d416abf25b44c1712a43d3e30005a1535553e779c0f72ff519d2407214c02e7020ca479e93c3fb2b867ad73e69ba10e92f329cd54c4c80d227d0710cf384fd9a39d4c4053afce6d1e93b47137843d149e888bd868b1b2179c1fdd8291d15724db10a756300209ae4a2ed91788fe9f980af1bb00d05a8fe1a020fe4bba91fb487c8ea674a6739067a0a86b7f2a4fc141f6c864f065fc6e5effdb5a1f1d063c6888626e13ced52f3669677dad96da1cfff7d700e9f6f74131b8ac0f4fb6c8d5fd675b1ed6001bba7dd0e95567a6d06fe28e756609821312f4725c5909c6353ad385e57fb162e2f65b5e2a0100aaa356a19b9c5c183d195d0134adb8bc8d03415daafd95f3a5e44f201741e22dd905dc12469664040ce714a5d9042f58db392d6c6af1eaa4c82cd9b4996252b44334be627708463ffe52a80d8d1c8a5b1a23f9c68144c4a6c6387e542b3cb9de7765faf05fda086986d3c6a1f0906b2ea0eba741abb9514ccd57f2d8ea1d67145c5d71749b560f85093ecc265a24239078253fa0bd39bf67f8e1d78f07e167c05d808771c7b0146af368e8859273ef76f9feedf7fc69640b5e95a25076c477338e31cc9a7348b8a31a0f8d4dd9e6c46f18126279c5d1192ddee08a7057195689954b26a19dcfd2a59febb6556c18c18abc85527372919196b29a737f8bb3b97bebaf3e6c43099064e067f12772c2333be19dd4e803289430a660d68963a26ff1b1c8c664c0318a2558dec140d984837a936651906ab960b6bff8bc8b32704f3e0769e6c85c9f5bd50270bc1030ea71f2db5c43116bd0641ed31ab6db12514aec68febe59e04d2b872c9fc2173017ee6e75a18d6832c9992d1ed2ead9452dce9b2efa01dc97ea31ee5c3f5743760f2589615f45738140d0f8c148f1858d0897094a34727493e607132bc1eefa0d0ff236f9ac5a2a0f0bf06719c1d5061846e427fa36138c808741ccbd10ad3f6f54470804e656a8ab1a9ee9a523bed87cb2fd4d6db8aa6d6b80d1e9886dc12b915665101b9094a22f44437918005356fed797ebd97ec6493bd681f69321f9735ae6d3d6822818c7cfb21c5f3a0f9d5b8ef070c916fe9ccbbf04128a27e7928e3572f125b986c52ec0de078b40135b922a2feb294b0349df06d1c3e2c9d2ed2ee88b7a1673423c6baedb51beb8f8cb1b3b986d1b9632fedfaec8e9a237311beb89cb0dd7efaa5b68537641d06b7cbfda581344c87452b4d3fe96cea6143378c4dd7586a9d55c666cce828ef91a35f3f0a5c9c369bd20c1bc7cc77fcf316a567fa21863b12c43faf3b9588dce4caa151937c6ee699cf49dba041775773ae062c69783758513a178bf46d2d40e24afe8975dd768a466755af2ffbb9fa728724a18fc9f427672ad5867a72ae8caca60fcc90cf817c291a2025b5243ae36e200b5e5c9ee4e90eac775c3b29fe1df8c35716f37d11961084fc28b0f8855376ec85d7741535f88db7977629dd832f06bb258e9a88cfc8671df2763fd9383a777f768c7aaecb9a7af9e76bb719767767c3d5178e2a10765c6b2ae80753f403125a9203ede6ed44eb96a1a010842f88f020dbb7f8df8bcbea0b60f1b99dd9b9aae2dbc995edc8ed82ec5e21e8d5e4d8d9fd0bfab342db38d12bb24c20c2a579069d74624db16bb9ec501312d8de0e653e9e74668d0ed05ccb0eb99db410c0000000fc246302635630b295ccf849e45944a25baa7f4651fa37f147e0fa977c0304e7cf25fa78260ca03abe8dc32cfb461f019f7d82194a98daae521ec4eaf3e138bb95b09d8ff2f106febcc126743abc8f8b707cd2cae1548c6fe54f64bf46c9ff03975e0c37eda3d485ff76ea5ae71fa5a2ca0d9293ea0cd4186e6e2e26fc2ba5e2cdde9400d9c1717058157a8410c9cd7ca4e679f41d8932576e7b292f28dfb9775b0ac5eb5788a8ddf797e32919e7a41c305af2e4e37eb4d5600", "1acd2077949cf1f27e1e764566e4cffaa168dcad09bfe7c84a06d9db78a4e8f0504116608cffa736ae4427d04f27d39e5de80f8935f281bc483252d1c4e0dff576831d8505d3cf34ddc4f4760b53ec5182b54b352dea1b5975eea9b6bffd5b66524559c7c3e9981d7a0ff5ffe6814c923871db66426d98286aec1debc56864a4b29ee5cb46989af08546d6d1a5d9da45db7d8abea1d392d0c668cc040da5d129ddbbe6a95a7d9e51a13328ea3fbd9ac81f03914ed9d1d2b72c234093a351f7294556996ca5459d796cb4127a9aed8e0cca398d1b5af6eae257d02db91a61d49a5677ee9c8caf1855edd2c25b9b3a9a5174d2193108e5e87d781780d9506a890687c80c429f3a46028ed71364c4b8d3b2380b38d2cf7e447dee058f556dcae2627e49dfd316d169d382f2b6775233157f57c7be54b105e2493e140ad97ecf9c12df8f0db9a973d0ef9197ebbdebc5e822ee06852a408560c7f19c65ab8527edc9ec1d6378f2c748f7e84d1d6e98de8abab3e0e42a866e1ec5d00822b124a98d77e9c8dbb3ac6648afe409b21e1cf2f5458a0588cd11af6887f552f6c16a801abf2594eb9a80e704b8053573f661dd29706e71060b630272037144b33d684f66128950510d4138785418f726eb7c7f84c7dda646b3647d673122f95ef89c863c3d4adec4477664cfe911683f19862cc918451f70a6a359dbc66b3599c0af91858ebe13c253a6e9a96758955fdfd1be103777812339e3786484a25b18994ba69b4275f26a64afb9be5219061d94d7c472236f1a20a9217d70abab15182c5f04c6080d535e34045d6497c1c8a2ea53fc022eb159d0d1be59a21f277ce441f3c5cb03ef0e7e1ac63177dfe567e2cb9055228f32c9ca6d38d99093fdc129951380cedafcca40712a2da5cc0af8d872d8f848ea5ff95210a52d2390e236da76fffce86cc8a78a8ea0e1e4464ceac9021556d29d7470ca19849b417aa6aee032f3bd437cb5c839c9f5fb20ec1367449abfb5e19f8365b7947bda60e34136e2eb53e0243766c2718d4bfe6eec77f8ca04d177cc17bad59d651a08349651de6d4dbf5856a6d42cc8cb2441ab7dfa9420d87d4a5aa5914f619b2478a0d68a98280231c8e7558d11eec87e80f2d039b5d6b287d9b3667b020dc45b999b162247bf38f5ac5fc99b5eb6ac5939d35d7d6e71b366f9553ada2784671aecdbdcaf42a2f254dc0289f7be9c6f0c045b30f63ae1a8fac778030f27e04e980bae66e474bc4f9572b8a0d8119ce13ea2ad1285b3397bc929ff26a2ba1ef2760c77e3e114d15742740b27796cb2fc84761db427cdf3c63be71fd6734ed2cb1300a8d5e2b1964f2a0320bfbad8e9bce0cd9329c8c41d79107d77f65c99f3c03813c1f0f5351869434c2ccb685f1863fac38a44ecf354ffde4926ae3cee90833db386633e6dba3585ec36f1aca6701d4d1fc13ac1c5d4cf2ae8c8c418da372bce96451dc2add28828e45ce3f6e35da3d49dcdb8ceb084a581b68fc5fcd4c45246e6b215ca98ae7239c317fe45404984292a83ac7e62614665bec4a5e80b055a0635003e93172e2045ec88144d9d7a2b50c45333720e2273b165147a0b1af77fe87089fe8c0fd32c4e950aedf6798c9007575dc86c02089414089527baf9bbbe5eaf4d58289de0987f8f310d7900ef2350daa438ac83ff255344a2bc814a3e7055269544310b0fe78b07eb0ee5f16899fc8bdf8e3cc47d27a44c93528885452195706091eaf15930f9df5874c19d0a1deedde0cbe9cda7f0618c378bc4ba6fbe911d546c7bc76954fcc6b5ef56c77d306421f9d24e0770cf8b578aaa6276bff4b98e9968e9a1f8c78c6d647d8c52a42d27ee8359840747913e0983e049ad77d87e35800eeeb19cd786a5edf6886e610f51b4d2290d959c7fe906dad2d3e2a5648c5ec0d48becaf209fbb6599d1b0d6299cb2b2fad3b3efac6ba0911a63ae399fa3f19adecc9b10533c99bba28bf9e37600db41c2b463c25b0602fb86ef043ee72aa26e7f102c3afe4073d1318671a514f8320dcbc699514792d5c90c34fe6809102cb6537a4e76530256cd997a1dba4a75b1578c7f12b409af040afa35c54001a4abf1c402f91413995ced6b64256684c34283e644246d235af905fa2edf8f802a65c1c1e0ba24ea656cb3b1f876b6f335aed27c3a6e8da53b1b9c283d299390310df6dc84e5569ad3ac1744824b329fc24cb8612c061b09440464c1168012dc40e8df788f9c708bde6bd4eb3f6111729b08796d0243b07a21ac542ae418f19ec3d7171197c8ca216b20f786784400f2834d98819a5fbbd909677f7d7309dca5c0e2cf74a8a53c1791c78488fec0520d3c71a9698e5040920acc5eb7764f4c295cb2f00b5a62d5fc1e1d0040c639886712ad4fece171739fbc0519b93c8bccac49f871a0e2f5ba97331be916aaae29b8cd646028629cc227b916d1d8b4729da3baffb0e39b533e039eb9f10073c156485902745ec60b8d281b2f84a8651fe4c533119bab8424bcecb28c067ffb1e03e05bcf9d6d44dfe0782e072934fc36e70b1acbf30387495618ac2729811aa6c2901b109b33a0010cfbe666fe9fcac86cc81023dda253863714e89c78265e219d00ba20b3c846368dd21816f699a6af20a290f075f4346b98ad40d69caaf2614856c0bdaa661907975679f5cb5afd3738ba811db58123922647476de50ccf17360393433b547bf0377b2115a7cd357699d043bd80981a2a28c638f7c2e725d85f9edd2fdcfea1f7e2bf02f9f0d4236c9d14c6d382dad99192125b219eea6a13b5685efcf34454d2a12537c5354dc5e34ecda968422cc472f0fec174b95cd298e89e7efbc164465dae45059a40e104b1a980ebc781848b0109ce9cec600b190a34dcf741dd6145d56c4ec27c983a7d6328130c122217bbbb33e2cffba1a352b6805dbd715772153b53051db7215f475ba8673b0dd59e2db414a658d3d262c5304d300b930921c7c0a9910eed96a705eea2c8657be193836a20f23fcbc8ef105ca25551626caf63c511d3c9dcffd9d485f27a63b6992e4b6fa26b02903a4da52fd7fa06397fe2883f9b6a4cac2ffb8ce1f476ec72bccaf0ec7b16e6f601e72f46e835d9bc2a82dccaa449728d22a7ff17772276f54073c66b184de0fa7f681823dcb7603a20aa94b76a9b7adb9f11f447b8764b2d719bea91ea32edbb4d340d18f18b3f53d1d07d0405facb202c30ac1ec145516e071cc71c59cc6205db061a8c19bb2d3ab463f6fea1c6d3b5a69d96e5b67ed569e1c04cff6c9f69ab9343e9a71bf6776d3b84b47de2ecf9a0d45515ef5a3b5c6d55f2c6543ef2bf0eb795219da3026ab06c9ba9bbdc30d5dc7c3782a9f58141a63f8d4683ad5c1d156c92c508cefd9702e9267263e34ff96800c425f768bd204466f4f9badabdfaf35e1a8096150e8afeea3a30586b89d1002f041612f8e81de4dcd268bf538307c4d28d1d2ae1af979f3b02017ebe942cdc8fa7964fe978254eb15fed7478e4200e381409486d37e0205c597b5ec19243ab547da051dee03f18e079af60dcb2095fe86f292a4b4bba8682ed8b220c0b48958882aaa7e93448bfecebfba6ca3ef28e0752080cbc9f752d6da814a9dc5bc552d9fe73b8a1df8eb0158df58810fce8719f11b04c4e157ac8ae3692f825a4569ff859273775c45eb999fff7a47ca461b2fda6edfe8ed8371ed29c4f7499448cfff0bc47ca1d8fc9eb35f79db389781c36e89541b686edc21f088463b2d26fd9b650eaf5ed1cda0f00040000000000009b0c527ba655252f77b77c2f4cc0f7741c52a57629fe511c5f9c17ee44fec35da363f5356343037b2705a393115062719e6bd87bbff2472a7833be6d2270fe5ff4cc9f0439a53adb91fe1520ff4841c120e80c99fcc2d0ee794fa8c91dc9c4227ef9f9ac784ce41abefa69b84acb285e385b74501ea137be765172d90738f201497cb7c992dcc2f17341c9b6a0ef3dcb14350669802e3295b5a133142df7bc5645bbf222d2da033ee4cc4f225f248ad88782945869c29943eb6498c87c2b125fb2d4067118c2b417308a1703fd9f48c48ee2a9c5af44df473e3b99b8a941fc4967060b4960864bc97e4f2bf53e7a5c2ec3d47e7bf8345b56a4df5f84d0523c1b6cf9399110e393474b3ece22c4923f531ff12242d5e2b293846a7ed06e3e7f062cb173431a2b680188fb46d2cb74d4a0d9dae59e2be485aabbb54c26406e6e77de3031e049bd8a49139fa62151716a665fb9f1966cf6c57f4185f7cffbbc43341f3b69a3ae0a4dcfd9b37f0035a69ac552830f0ca56069c8f69162280bced2ec30c6789f32cd38d7f97953f0989b65cf90f01206b20b0111a3d22f3d2f85104b03283f4fd7b80e53f20f1c91d5bf3b67aac25c4300b3191c1f5d7bb0fe112deac0f6acbea3b57c20c5d8f0bad48873a7e7347ead5a4d0b73041c86bdcd3b91d6cbe0ebb5824fb90cb4e74f439505074f236679c4ea4015fbdf0c44b4063b62cdced485cbca0eae2404da7158a974b7dc14c5207107d5424de14a35739f68f3f151c6de20d0ad19d06521baf26ab2cb7ff7e8f83d60a9f554367f99fa5c44910b886e1c9c2418a7a4b33f19fff9af4724c7c8251ffc24cc4464b8804b6704bc0572b23498ec92263d37bdb54490f3316087c5b192a20027ad6cf1a2c3fef8043e2847b8734fa8dc91ce992474796e3f71580841379279f8b10ab8e6766196fb5a9b2ff44cabece6930fb9f32e867047313410c13b11a8a788a29ad93a5b9ae1b960a46fd48fe5cdd7168815c67b267065453547cb60db74f37238b2f7f3c78abc249ffe118a1d3e7eb5cdd326ad0a07a50bd24a6be4b5e56fade7fb7c3b515b4d0b16884c9eee7ef9c82f2ea4d89113e950622cee8e63519a899da3ee83bcd369b01b373934bbed73d8f94e3312e72d82d3fb8b8e65b0f5580cffda633467fc3285023159c3ac7273a46275d874b87254df07ea15d0806f4b8312c4e95235cab31e015a3603906c188233db45dea658dcf694f5097a9e26aba8b58e248210fa5e12fa08cbbe0a01afa9b2c36d38d298dd180ee6e358d45397471bc064e2e8e51da189e98bf41cc30b50b0d937e8cbfc5b138dc66143716b27190689efebcaa5676c9eb370465f77803b219b0ee1f65f343d70b01435f9adc46979b121944e13a02cbdd47a9898b26d6cc5294a9358971bad37a6b01d8b2ee251e50b02acbd560bcd4a212124f308d87eca79d13c77b90510675989ffb70a9d5643df2db6067bd4e0fd21d0a40b84177279587777f763bb9e2fc99186402ff1905eb61b6ea3bef862beb10ede1fbca93f5b426f683bb72099ffc61c99d8a7527fe9167b13d786402864d2b4237fa47426f46b6d5e0911de793f73610b46de4e62b8a67aaed298a9a2d5b5c5b7936f8bcc62a8f9d64d8ff1470a386974b35f382f42ad1fb2c9de214b35aa0afcff7806d7601ab9142a0dade5c7a9e6b0c16027c4d0fc413ba5d16f0d4826b3f469afa6e5ce4a19e21d2a2c2c1e3055706d0ce371dee59a06e534887cf5e300bd118b7c5e8eee2a8fd4bf6ca96df566f49049bd25533c8ae08eb2334ba183529c041f3d9b45139173f3ee8b1b8f8633c9cb7caa735805d56b1e3119a97f3ce86ecd8f21256c0a5a54266cc00927c881ac18fef64f25704b3f01b4885a9c4053aec5bfe5be638563267548cacbad2a95c3c48e6a913bd87ec0c489c236214b650a17d27081ae8def0d27c0d6a25553601875192d11c9e3ef2a3273c1f9b079"})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

7m20.044594994s ago: executing program 2 (id=7499):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0)
pwritev(r2, &(0x7f0000000780)=[{&(0x7f0000000300)="e7", 0x1}], 0x1, 0x100, 0xf3)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
syz_open_dev$sndctrl(&(0x7f0000000200), 0x40000000000, 0x450401)
r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_IO(r3, 0x2285, &(0x7f00000005c0)={0x53, 0x0, 0x6, 0x0, @scatter={0x18, 0x3, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/204, 0xcc}, {0x0, 0x5c}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0})
openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
read(r3, &(0x7f0000000480)=""/130, 0x82)
read$FUSE(r1, 0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000040)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r6, 0x7af, &(0x7f0000000240)={@my=0x1})
ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000280)=0xb)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r6, 0x7b1, &(0x7f0000000000)={{}, 0x1, 0x4})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m18.969774649s ago: executing program 2 (id=7509):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fffffff, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0xf0f045})
r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
mmap(&(0x7f0000cf4000/0x2000)=nil, 0x2000, 0x4, 0x20010, r3, 0x0)
mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r3, 0x0)
r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r4, 0xc0044dff, &(0x7f0000000040)=0x7fffffff)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="020000000000ffffffff"])
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x8000, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000003b80)={0x3, 0x1, 0xf000, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x2)
ioctl$KVM_GET_VCPU_EVENTS(0xffffffffffffffff, 0x4048aecb, &(0x7f00000002c0))
mmap(&(0x7f0000551000/0x2000)=nil, 0x2000, 0x0, 0x12, r2, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000080)={<r7=>r0, 0x8000000000000000, 0x2, 0x5})
r8 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r9 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x1c1000)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r10=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r10, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r9, 0xc01864b0, &(0x7f0000000180)={r10, r11, 0x1})
ioctl$DRM_IOCTL_MODE_ADDFB2(r8, 0xc06864b8, &(0x7f0000000580)={r11, 0xc1, 0x80, 0xe43, 0x0, [0x2], [0x800], [], [0x8, 0x0, 0x1]})
ioctl$UI_DEV_SETUP(r7, 0x405c5503, &(0x7f00000001c0)={{0x200, 0x0, 0x7, 0x1}, 'syz0\x00', 0x2a})
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x100000f, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

7m18.221811366s ago: executing program 2 (id=7514):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02)
syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x2c02)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x40001, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x4, 0x3, 0x0, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="01000000000000002100004000000000ff14"])
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000280)={0x0, @bt={0xb40, 0x870, 0x1, 0x2, 0xd59f80, 0x19f2, 0x0, 0x19ef, 0x3, 0x3, 0x2800, 0x2800, 0x2, 0xd1, 0x2800, 0x30, {0xb, 0xffffffff}, 0xd0, 0x9}})
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
r6 = syz_open_dev$mouse(&(0x7f0000000680), 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r7, 0x6f000)
read(r6, 0x0, 0x2)
write$char_usb(r5, &(0x7f0000000040)="e2", 0x918)
r8 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
close(r4)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r6, 0x810c5701, &(0x7f0000000500))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)

7m17.463348093s ago: executing program 2 (id=7518):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0xfb, 0xc0000)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f00000002c0)=""/199)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x141a82, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x82040, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12)

7m16.098941052s ago: executing program 6 (id=7531):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
ioctl$VHOST_VDPA_GET_VQS_COUNT(0xffffffffffffffff, 0x8004af80, &(0x7f0000000000)) (async)
mmap(&(0x7f000003a000/0x1000)=nil, 0x1000, 0x1000004, 0x11, r2, 0xefdd0000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m15.90519998s ago: executing program 6 (id=7533):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r2, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000040)=0x10000)
r3 = dup2(r1, r1)
read$FUSE(r3, &(0x7f0000000640)={0x2020}, 0x2020)
r4 = syz_open_dev$dri(&(0x7f00000000c0), 0x328d, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r5, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000280)={&(0x7f0000000200)=[<r6=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r6, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x18d400, 0x0)
close(r7)
openat$sndtimer(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r7, 0x40345410, &(0x7f00000005c0)={{0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r7, 0x54a1)
r8 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r8, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r9 = syz_open_dev$dri(&(0x7f0000000300), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r9, 0xc01864ba, &(0x7f0000000100)={0xfffffffffffffffe, 0xe, 0x1f})
read$FUSE(r8, 0x0, 0x0)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r11 = dup(r10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m15.372308928s ago: executing program 6 (id=7538):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
ioctl$SNDCTL_SEQ_RESET(r2, 0x5100)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r2, 0x0)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0xd1383000)
ioctl$FS_IOC_RESVSP(r2, 0x40305829, &(0x7f0000000100)={0x1100, 0x0, 0x4, 0x10003})
ioctl$FIBMAP(r1, 0x1, &(0x7f00000000c0)=0xffffffdf)
r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x1000001, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000000)={0x980912})
syz_open_dev$video(&(0x7f0000000000), 0x5, 0x10cc2)
ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, &(0x7f0000000080)={'\x00', 0x5, 0x1, 0xfffffffc})

7m15.246962018s ago: executing program 6 (id=7540):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x26e1, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000080)={0x17e})
ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000040)={0x7, 0x54485746})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

7m14.236355109s ago: executing program 6 (id=7545):
r0 = openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x400600, 0x0) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 32)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (rerun: 32)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_MAX_VCPU_ID(r3, 0x4068aea3, &(0x7f0000000040)={0xda, 0x0, 0x8})
r4 = syz_open_dev$radio(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_QUERYMENU(r4, 0xc02c5625, &(0x7f0000000140)={0x8, 0xca, @name="af2f75ecbd6d395b56592e086bdc79dccd3ed7852d6b08ddbb3f52c586d15de4"}) (async)
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) (async)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x141c80)
r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000001c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r6, 0xc0505350, &(0x7f0000000340)={{0x0, 0xfc}, 'port1\x00', 0x0, 0x100201, 0x2, 0xfffffff8, 0x3, 0x0, 0x2, 0x0, 0x3, 0xf3}) (async)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r5, 0x408c5333, &(0x7f0000000180)={0x59, 0x8, 0x0, 'queue0\x00', 0x1})
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
ioctl$UI_ABS_SETUP(r7, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) (async, rerun: 64)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (rerun: 64)
ioctl$IOMMU_IOAS_ALLOC(r8, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000480)={0xffffff9e, 0x2, r9, 0x0, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r8, 0x3ba0, &(0x7f0000000800)={0x48, 0x3, r10, 0x0, 0x1004000, 0x1000, &(0x7f0000ffc000)})
r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xa200, 0x0)
r12 = ioctl$KVM_CREATE_VM(r11, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r12, 0x4048aec9, &(0x7f0000000140)={0x6, 0x0, @ioapic={0x1000000, 0x4, 0x1, 0x0, 0x0, [{0x9, 0x0, 0x0, '\x00', 0xff}, {0xfd}, {0x0, 0x7}, {0x0, 0x0, 0x0, '\x00', 0xfd}, {}, {0x0, 0x0, 0xc6, '\x00', 0x1}, {0x0, 0x0, 0x0, '\x00', 0x2}, {0x1, 0x2, 0x0, '\x00', 0x80}, {0x0, 0x0, 0x0, '\x00', 0x4}, {0x9}, {0x40, 0x0, 0x40, '\x00', 0x24}, {}, {0x0, 0x0, 0x8}, {}, {0x0, 0x9, 0x4}, {0x0, 0x2, 0xb, '\x00', 0x20}, {}, {0x3, 0x0, 0x0, '\x00', 0xfc}, {0x20, 0x0, 0x4}, {0x0, 0x0, 0x0, '\x00', 0x7}, {0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, '\x00', 0xb}, {0x0, 0x9}, {0x0, 0x0, 0x40}]}}) (async)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r8, 0x3ba0, &(0x7f0000000880)={0x48, 0x4, 0x0, 0x0, 0x1000, &(0x7f0000ffc000), 0x1}) (async, rerun: 32)
write$uinput_user_dev(r7, &(0x7f0000000c80)={'syz1\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4723], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbbb], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc]}, 0x45c) (async, rerun: 32)
ioctl$UI_SET_EVBIT(r7, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r7, 0x5501) (async)
r13 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000d00), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r13, 0x7a7, &(0x7f0000000040)=0x90000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r13, 0x7a0, &(0x7f00000005c0)={@host, 0x1}) (async, rerun: 64)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r13, 0x7ab, &(0x7f0000000000)={&(0x7f0000000700)={{@hyper}, {@my=0x0, 0x4}, 0x400, "a1bbc369a46a0b5dbb57fc3bc780c30a74d41fab87ca9d883344c09c1a4e673f1ae44dbd8fd2bd8e57097ed3df63a73281cb14647a3882dfabc8131fdbaf36ed43339c41aca8b4e6dfc97e20cc6f8d37b9911c48b7edfe99687806d9f1cfabf4df2ef6df82fd796a79e3f39fc297f3adea9586512a719e8c3e2342c0e3ccd8d97198406303cd164b5b0c4df0a961df42b833fbc0fde56bdfb52ff16516cff4f91289422515a00c64d8be7d763bab21612ce25efa9280d1e28e5a4f67418991344f0aed29009db62e851080943fd2816eeb3da39eeb033c338cc15fa3452a1f4187263122d8ca08becb24a2e2e9bd1f06e92fffd05fd2281ba292c1e5a45588e2571404534337f6b241c92e726f259dd144995419f1c9cb9b4cb2dcb10c4ee4517718930d013fd5982d50245c69834906a4e872108846d7b55730a04fd29b5689141a4a964f9bb23cdad90ff9ba82e2eb52eb76ed9d525fcd2a8f1e800b809555668e5cbd1948f27d4ab792874fe7d519c3c3db11916f80f88ad0ce7c0ab718cdfb5ceebf1fb3434ed2540469ede8aa33d32a98db17c426cdb46300d72d8de8927efaefdd2a4b2efd6f28aa1f0e799d2e50eae0bd6cdbaf43db7d94c4a0f0c57d162c6b9dbce377107fab6f524f1eb79dd80d20ac6d08d013f3bf38e8c6893ecdbbd7a598d0e2ac591fcc1620f4f5a0055f944b960260490e01e67d0d1e640be1141170fa206928fd9c21b9ed8ac00d56c05e698223cf31a9fa6eed09dc147a63f972c01b9de7b2c1d4d5d6a96a172b3cba8dcec97bc20751a7bcd973d9a9b0e3c70ab2dbcb076b991426bd712935ab490f55b945427b420e431161d9fab70f84a716541b58a9b01b2526cbe601cf8b092a853ae388b6d125c20a54add6b627f0fe10816ae44efdd70209a4addfb2ea99980fc068f7a192ef17e574e01824d6ee67706c4484ccab06963384cd46bac4a1239b43a7cb29e4967576019beeb96d7d5d46c962bbe5452826ce1d575b949eb0129c7d960f5a6fb634c16c521e28f728351970237a84532b2041b0e149a5cbf601b697a27d3bc1618910312df0e8efb38fa2b961370ec421cd7f5db9b93fc638c3720c027bf24cb758eb89fa771cf45d60ae876a1fdafeb7ba7a022ddc5e8365a09d11ac1eda1a3f8234791cd48a58b263ebb0a7938381d2764a9fc331f8b09913c7da12adf3220d2cd50b61c6b118025e14a9fc7c392d84d77284d0ff9888531dfc2f46e42444fccd02d8d735e5200221bd923c235d4eff76e666bd301fbccbd8702109b1bb035408a2597649363bffb3e3a50f04a9de6dc826df2e62fb1028d9dd5e0996e39ad596b5b3904ddb102b307f585cf0bda72e4e08fd5083c4d3314039585ad13bded0f9f54b280e7461990c005c9c4953a9420a382a593bc95bcb53cef588e8a052088f2118de6e32374a"}, 0x418, 0x1}) (rerun: 64)

7m13.802637007s ago: executing program 6 (id=7546):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000300)={'\x00', 0x0, 0xfbe7, 0x4655, 0x5, 0x1, r1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x62)
r3 = dup(r0)
write$vhost_msg(r3, &(0x7f0000000380)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000280)={0x53, 0xfffffffffffffffc, 0xae, 0x5, @scatter={0x0, 0x0, &(0x7f0000000040)}, &(0x7f00000000c0)="7a237dff0c13f8ee0ba19df85f45741234dae6459c04048add8d61e8ca6b3e723ce55ab7dc22019f265f623aa69c6424cf3441296114898b210275e2b9e2f865650e2bc580d470e03b7cd046874ab93701ae6ab65e291e204edccc077654a210013eae4c79c3b53184150e7b63a914c85ffab7c6cc21ceecb5473c01f74675582d567867cee74594bb692463740c4fa06a47c1912441bd89ad574003b40fb26d182917a84f9345aa7680d1406622", &(0x7f0000000180)=""/170, 0x0, 0x1, 0x3, &(0x7f0000000240)})
ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000080)=0x2)

7m2.410000716s ago: executing program 35 (id=7518):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000140), 0xfb, 0xc0000)
ioctl$EVIOCGKEYCODE(r0, 0x80084504, &(0x7f00000002c0)=""/199)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x141a82, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x82040, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12)

6m58.69388305s ago: executing program 36 (id=7546):
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
read$FUSE(0xffffffffffffffff, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
ioctl$SG_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000300)={'\x00', 0x0, 0xfbe7, 0x4655, 0x5, 0x1, r1})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x62)
r3 = dup(r0)
write$vhost_msg(r3, &(0x7f0000000380)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48)
ioctl$SG_IO(r3, 0x2285, &(0x7f0000000280)={0x53, 0xfffffffffffffffc, 0xae, 0x5, @scatter={0x0, 0x0, &(0x7f0000000040)}, &(0x7f00000000c0)="7a237dff0c13f8ee0ba19df85f45741234dae6459c04048add8d61e8ca6b3e723ce55ab7dc22019f265f623aa69c6424cf3441296114898b210275e2b9e2f865650e2bc580d470e03b7cd046874ab93701ae6ab65e291e204edccc077654a210013eae4c79c3b53184150e7b63a914c85ffab7c6cc21ceecb5473c01f74675582d567867cee74594bb692463740c4fa06a47c1912441bd89ad574003b40fb26d182917a84f9345aa7680d1406622", &(0x7f0000000180)=""/170, 0x0, 0x1, 0x3, &(0x7f0000000240)})
ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f0000000080)=0x2)

5m10.937373817s ago: executing program 3 (id=8164):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x2000001, 0x2010, r1, 0x7b467000)
write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12)

5m10.806352701s ago: executing program 3 (id=8166):
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x30314742}})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TCGETA(r0, 0x5405, &(0x7f0000000240))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x10}}, './file0\x00'})
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$TCFLSH(r0, 0x400455c8, 0x3f)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
read$dsp(r2, &(0x7f00000000c0)=""/105, 0x69)
ioctl$SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000000)=0xa481)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)

5m10.085525921s ago: executing program 3 (id=8173):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
write$sequencer(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="810400000000000032b3e19b1525b1412282"], 0x8) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$SNDCTL_SEQ_SYNC(r0, 0x5101) (async)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)

5m9.685322319s ago: executing program 3 (id=8177):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0)
write$cgroup_pid(r0, &(0x7f00000005c0), 0x12)
r1 = syz_open_dev$radio(&(0x7f0000000200), 0x3, 0x2)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f0000000280)={0x0, 0x1, 0x400})
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$ipvs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/vs/sync_refresh_period\x00', 0x2, 0x0) (async)
write$cgroup_pid(r0, &(0x7f00000005c0), 0x12) (async)
syz_open_dev$radio(&(0x7f0000000200), 0x3, 0x2) (async)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0405665, &(0x7f0000000280)={0x0, 0x1, 0x400}) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)

5m9.406643672s ago: executing program 3 (id=8181):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000080), 0x20100, 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0)
read$rfkill(r3, 0x0, 0x0)
preadv2(r2, &(0x7f00000000c0)=[{&(0x7f00000001c0)=""/173, 0xad}, {&(0x7f0000000280)=""/216, 0xd8}], 0x2, 0x2, 0x4, 0x4)
r4 = openat(r1, 0x0, 0x80402, 0x41)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$UI_DEV_DESTROY(r4, 0x5502)
ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f0000000280)=0x10)
ioctl$KVM_SET_BOOT_CPU_ID(r5, 0xae78, &(0x7f0000000380)=0x1)

5m9.242991851s ago: executing program 3 (id=8183):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x109000, 0x0)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x9, 0x10, r0, 0xace90000)

4m54.155469345s ago: executing program 37 (id=8183):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x109000, 0x0)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x9, 0x10, r0, 0xace90000)

3m47.473160245s ago: executing program 7 (id=8821):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x79, 0x0)
ioctl$DRM_IOCTL_SET_MASTER(r0, 0x641e) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[<r3=>0x0], &(0x7f0000000340)=[<r4=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r4, r3], 0x2, 0x0, 0x0, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r5, 0xc01064c8, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000100)=[<r6=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPLANE(r5, 0xc02064b6, &(0x7f0000000240)={r6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r8, <r9=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r7, 0xc06864ce, &(0x7f0000000340)={r9, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
r10 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) (async)
ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f0000000000)={0x0, 0x0, r8, <r11=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r10, 0xc06864ce, &(0x7f0000000280)={r11, 0x0, 0x0, 0x0, 0x0, [], [], [], [0x0, 0x3, 0x400000006]}) (async)
ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000080)={0x0, r6, r11, 0x169, 0xaa, 0x2, 0xdc, 0xfff, 0x7, 0x5, 0x9, 0x7}) (async)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r1, 0x40101286, 0x0) (async)
r12 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x40402)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r12, 0xc04064a0, &(0x7f0000000300)={0x0, &(0x7f0000000240)=[<r13=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000001c0)={0x0, 0x0, r13, <r14=>0x0})
ioctl$DRM_IOCTL_MODE_SETCRTC(r12, 0xc06864a2, &(0x7f0000000d80)={0x0, 0x0, r13, r14, 0x200000, 0x1, 0x7, 0x2, {0x4, 0x7, 0x3, 0xd, 0x7, 0x7, 0x5, 0x9, 0x6, 0x0, 0x7, 0x3, 0x100, 0x7, "dcdda51c878b0cbcd373cf12c16f0008f713dc15cc1772401486460adfc8af74"}}) (async)
r15 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r15, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r15, 0x0, 0x0) (async)
r16 = openat$nullb(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000000002a82, 0x0)
r17 = dup(r16)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r17, 0x0)
ioctl$DRM_IOCTL_MODE_GETFB2(r15, 0xc06864ce, &(0x7f0000000280)={r14, 0x9, 0x3, 0x0, 0x0, [], [0x1, 0x0, 0xd9, 0x3], [0x0, 0x101, 0x6, 0x9], [0x2, 0x2, 0x6, 0xff]}) (async)
ioctl$BLKZEROOUT(r17, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

3m47.271772014s ago: executing program 7 (id=8824):
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40, 0x44)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3fe, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0305602, &(0x7f0000000040)={0x1})
r3 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000180)='/proc/asound/card0/oss_mixer\x00', 0x2, 0x0)
write$proc_mixer(r3, &(0x7f0000000340)=ANY=[], 0x8c)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

3m46.997905781s ago: executing program 7 (id=8826):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$BLKFINISHZONE(r0, 0x40101288, &(0x7f0000000080)={0x4, 0x9})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat(r1, 0x0, 0x80402, 0x41)

3m46.546705632s ago: executing program 7 (id=8827):
r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000980), 0x0, 0x0)
ioctl$FBIOPUTCMAP(r0, 0x4605, &(0x7f0000000fc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000001b80), 0x109080, 0x0)
close(0x3)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl(r5, 0xfffff000, &(0x7f0000000000))
r6 = openat$uinput(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000000)={{0x0, 0x3, 0xfffd, 0xfffa}, 'syz1\x00', 0xffffffff})
ioctl$UI_SET_EVBIT(r6, 0x40045564, 0x1e)
r7 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000380)={0x3, 0x1})
ioctl$UI_DEV_CREATE(r6, 0x5501)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000280)={0x2, 0x3})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})
r8 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x428c80, 0x0)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x141301)
ioctl$USBDEVFS_CONTROL(r9, 0xc0105500, &(0x7f00000000c0)={0x80, 0xa, 0x303, 0x0, 0x0, 0x6e9, 0x0})
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
write$vga_arbiter(r8, &(0x7f0000000240)=ANY=[@ANYBLOB="cf21f80893e1cb13d42d00000000000080a1cd313b3598153d4000100000010000c56f794c"], 0x15)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)

3m46.403244754s ago: executing program 7 (id=8829):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x0, 0x0})
ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f00000001c0)={0x1, 0x7f, 0x7fff, 0x2080, <r2=>0xffffffffffffffff})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f0000000200))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10)
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000240), 0x1100, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000280)={0x4, <r5=>r4})
r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r7 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r7, &(0x7f0000000f00)={0x2020, 0x0, <r8=>0x0, 0x0, <r9=>0x0}, 0x2020)
write$FUSE_STATX(r7, &(0x7f0000002f40)={0x130, 0xfffffffffffffff5, r8, {0xffffffffffffffff, 0x80000333, 0x0, '\x00', {0x10, 0x800, 0x5, 0x7fff, 0x0, r9, 0x4000, '\x00', 0x6, 0x9, 0x9, 0x101, {0xffffffffffff8001, 0x5}, {0x8, 0x8000}, {0x1, 0x7}, {0xa, 0x4}, 0x9, 0x73, 0xbcf, 0x1}}}, 0x130)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r6, 0xc018937b, &(0x7f00000003c0)={{0x1, 0x1, 0x18, <r10=>r5, {0xffffffffffffffff, <r11=>r9}}, './file0\x00'})
write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, r11, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r6, 0x0, 0x0)
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r13 = dup(r12)
mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3000005, 0x42890, r12, 0xffffd000)
ioctl$IOMMU_TEST_OP_MD_CHECK_REFS(r13, 0x3ba0, &(0x7f0000000600)={0x48, 0x4, 0x0, 0x0, 0xfc, &(0x7f0000000500)="e66cabb5286b0ad9d5cb4b229a8df89b0937dbc0c3d21ae1425af6d4404b9750ba7a9ea2e0799bf5b7b43895f7a295f31ee9cc9725be8ad07c6720fcd71b4bdd3270acb7103ec00134812c6720665b280e3754f1908fd06b96de14db7352e85c5ad73ab31cbb223f8d703ce1b4dc69c2e175478fe04fb6ce625517af4333eb5aca03c39ca350969c6946711bd561ba289476f69bc5fedf2c30c9a63d8f2807835ea7f33c52383b01cecbf07d27eb2e10a5d4a0028ff84ff9bad7a8ffb160d1afb31c34e83b676284573812222a407fa6e7ec2b63b7f6bd37a600f5d66e67b6a41e64f87bab778d1babe7dd58244b088444e96f4b55d98eb5326d4db2", 0x9})
r14 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2041, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r13, 0xc0189376, &(0x7f00000002c0)={{0x1, 0x1, 0x18, <r15=>r4, {0x2c38fcfe}}, './file0\x00'})
ioctl$UI_SET_RELBIT(r15, 0x40045566, 0x9)
r16 = ioctl$KVM_CREATE_VM(r14, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING_ACQ_REL(r16, 0x4068aea3, &(0x7f0000000300)={0xdf, 0x0, 0x8000})
write$FUSE_STATFS(r10, &(0x7f0000000400)={0x60, 0xfffffffffffffff5, r8, {{0x7, 0x1, 0xfffffffffffffff8, 0x80, 0xfffffffffffff316, 0x62a, 0x6, 0x7}}}, 0x60)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r16, 0xf502, 0x0)
ioctl$BLKZEROOUT(r13, 0x127f, &(0x7f00000000c0)={0x6, 0x805ff})

3m45.677948332s ago: executing program 7 (id=8835):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r4, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x6, 0xd, "339f020bbe82b398000000000000000000000ec0c1bce9b1c4369d03741150ceaac594b1040000000000e7ff37ef2a565ef1e80723691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "2443fb1d77a68e174ff10000000000000411e2000ea3f1f5a53e010f00", [0x0, 0xffffffffffffffff]}})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000)
openat(r1, 0x0, 0x80402, 0x41)

3m30.602516829s ago: executing program 38 (id=8835):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x20040, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r4, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x6, 0xd, "339f020bbe82b398000000000000000000000ec0c1bce9b1c4369d03741150ceaac594b1040000000000e7ff37ef2a565ef1e80723691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "2443fb1d77a68e174ff10000000000000411e2000ea3f1f5a53e010f00", [0x0, 0xffffffffffffffff]}})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000)
openat(r1, 0x0, 0x80402, 0x41)

24.126174308s ago: executing program 5 (id=10484):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008e02"]) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0) (async)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000) (async)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000000)={@local})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e}) (async)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000100)=0xb0000) (async)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r8, 0x4068aea3, &(0x7f00000001c0)) (async)
ioctl$KVM_SET_GSI_ROUTING(r8, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000001"])
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000240)={@hyper}) (async)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000540)={{@hyper, 0x2}, @hyper, 0x0, 0x0, 0x5e, 0x0, 0xfffffffffffffffc})
r9 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f0000000000)=0x81)
write$cgroup_devices(r9, &(0x7f0000000200)=ANY=[@ANYBLOB='b *:* rr'], 0x9) (async)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r11 = dup(r10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0) (async)
read$FUSE(r4, &(0x7f00000003c0)={0x2020}, 0x2020) (async)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

23.468673717s ago: executing program 5 (id=10490):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x32)
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

23.302313584s ago: executing program 5 (id=10492):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000000)=0x7fffffff)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000040))
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0xa00, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
r4 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r4, 0xc05c6104, &(0x7f00000000c0)={"bcffffff", 0x0, 0x5, 0x1, 0x0, 0x0, "0000000000e0ff00", "00aa071e", "042000", "97ad3700", ["fdfbfdffffffffffffff0040", "84c9964f495c75ccffffffff", "0000ef000200", "3bf100000000000000c48400"]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$CEC_TRANSMIT(r4, 0xc0386105, &(0x7f0000000140)={0xe4a, 0x4e3bf1d1, 0x10, 0x10001, 0x0, 0x7d, "451b50acfe00060000000000909a25bb", 0x4, 0x4, 0x8, 0x0, 0x2, 0x7})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

23.162646216s ago: executing program 5 (id=10494):
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000000))
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000001240), 0x1c9800)
read$FUSE(r2, 0x0, 0x0)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000080))
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x1)
ioctl$TCSETAF(r1, 0x89f1, &(0x7f0000000000)={0xd51, 0x200, 0xfffb, 0xfff7, 0xf, "625b562886df9e48"})
r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r3, 0x0, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

21.878213632s ago: executing program 5 (id=10504):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x48000, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)
ioctl$KVM_CAP_HYPERV_ENLIGHTENED_VMCS(r3, 0x4068aea3, &(0x7f0000000000)={0xa3, 0x0, 0x0})
ioctl$KVM_SET_MSRS(r3, 0xc008aec1, &(0x7f0000000180)=ANY=[])
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r4, 0x4807b000)
syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x82082)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r5, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000200)={0x10001, 0x81, 0x9})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r8, 0xc02064b2, &(0x7f0000000180)={0x1, 0x2, 0x9})
r9 = syz_open_dev$dri(&(0x7f0000000100), 0x1, 0x0)
dup2(r9, r8)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
syz_open_dev$ptys(0xc, 0x3, 0x1)
ioctl$BLKGETSIZE(r10, 0x1260, &(0x7f0000000000))
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

21.470503512s ago: executing program 5 (id=10507):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0xffffffff00000000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0))
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000001"])
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0xc8200, 0x122)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {<r5=>0xee00, <r6=>0xffffffffffffffff}}, './file0\x00'})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r7, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559})
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r8, 0x40284504, 0x0)
r9 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
write$sndseq(r10, &(0x7f0000000080)=[{0xe, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)
read$FUSE(r9, &(0x7f0000005e40)={0x2020, 0x0, <r11=>0x0, <r12=>0x0, <r13=>0x0}, 0x2020)
r14 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r15 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VIDIOC_STREAMOFF(r15, 0x40045613, &(0x7f0000000440)=0xe)
read$nci(r14, 0x0, 0x0)
write$FUSE_ATTR(r9, &(0x7f0000005340)={0x78, 0x0, r11, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r12, r13, 0xb, 0x8, 0x1000000}}}, 0x78)
write$FUSE_CREATE_OPEN(r4, &(0x7f00000000c0)={0xa0, 0x0, r11, {{0x1, 0x2, 0x222, 0x4, 0x6, 0x0, {0x3, 0x6, 0x8, 0x7, 0x3, 0x10000, 0x1, 0x4, 0x9, 0x0, 0x1, r5, r6, 0x8b, 0x5fa8}}, {0x0, 0x8}}}, 0xa0)
r16 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r17 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
write$vga_arbiter(r17, &(0x7f0000000040)=@other={'decodes', ' ', 'mem'}, 0xc)
ioctl$VIDIOC_S_FMT(r16, 0xc0d05605, &(0x7f0000000100)={0xa, @win={{0x4, 0x753, 0x33565348, 0xf50}, 0x8, 0x5, 0x0, 0xfffffff7, 0x0, 0x5}})
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

18.054578234s ago: executing program 8 (id=10537):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0xaf)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x100000, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000000003000040000000000100f00000000000"])
read$FUSE(r3, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r9, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x0, "3eccd8f9d20000000000001000000200000500"})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
r10 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000200), 0x520, 0x400)
ioctl$SNDCTL_DSP_SUBDIVIDE(r10, 0xc0045009, &(0x7f00000000c0)=0x1)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x1a0600})

17.645244653s ago: executing program 8 (id=10541):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0x0, 0x200}})
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12)

17.398651049s ago: executing program 8 (id=10543):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETKMSGREDIRECT(r0, 0x4b4b, &(0x7f0000000000))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x3f1}]})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r6=>0x0})
r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40186f40, &(0x7f0000000440)=0x1f)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r7, 0x3ba0, &(0x7f0000000080)={0x48, 0x1, r6, 0x0, 0xffffffffffff4d52, 0xff})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r6, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6})
read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a)

17.396294451s ago: executing program 9 (id=10544):
syz_open_dev$rtc(&(0x7f0000000080), 0x0, 0x80080)
ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000040))
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

17.336156683s ago: executing program 9 (id=10546):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0xffff, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x101, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r3, 0x400454d1, &(0x7f00000000c0)={0x0, 0x0})
r4 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000001c0)={0x6002, 0xffff})

17.092299759s ago: executing program 0 (id=10547):
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x3}}, './file0\x00'})
ioctl$USBDEVFS_DISCSIGNAL(r0, 0x8010550e, &(0x7f0000000100)={0x0, &(0x7f0000000040)="ab2ac654eb9fb80698261a982240755d02e9f2599b2cf7b8f87e9fe5f9a6d9d1a9112e038fb8f43d7b122066203dca95c21698271ca2e79ae45542599e29c9aeb8ab5e1ab9c21863c6bf80e94b5f5ae6896ad55d0327b1e206369b7288728571d23fcc5f3a5e7d87649d23dd3ca17e60f333bc509f6e8ce6f1492f4c76e81db91ae08597c72c6bf1b5f7fc1e38e2ad31f021df5856f1"})
ioctl$SNDCTL_SEQ_GETTIME(r0, 0x80045113, &(0x7f0000000140))
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f0000000180)={{<r1=>0x0, 0x2, 0x5, 0x7, 0x80000001, 0x800, 0x7fffffff, 0x100, 0x5b, 0x3, 0x3, 0xd6d2, 0x400000000000000, 0x9, 0x3}, 0x28, [0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000240)={r1, 0x7fff})
r2 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x2)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000001240)={{0x1, 0x1, 0x18, <r3=>r2}, './file0\x00'})
ioctl$HIDIOCGFEATURE(r3, 0xc0404807, &(0x7f0000001280)={0x6, "096345a240b9ccd040ec5bb6e297092dedca74f96082d4257feff4179cb143c3b46c5806dc0d8101f466a158f80a91e625165f5ed66aae7f8083cdb1618cedbd"})
ioctl$KVM_CAP_HYPERV_SYNIC2(r0, 0x4068aea3, &(0x7f0000001300))
ioctl$NS_GET_OWNER_UID(r0, 0xb704, &(0x7f0000001380)=<r4=>0x0)
read$FUSE(0xffffffffffffffff, &(0x7f00000013c0)={0x2020, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000003400)={{0x1, 0x1, 0x18, <r6=>r3, {r4, r5}}, './file0\x00'})
ioctl$SOUND_MIXER_READ_STEREODEVS(r3, 0x80044dfb, &(0x7f0000003440))
r7 = syz_open_dev$usbfs(&(0x7f0000003480), 0xfffffffffffff9f3, 0x80)
read$usbfs(r7, &(0x7f00000034c0)=""/128, 0x80)
ioctl$EVIOCGBITSND(r0, 0x80404532, &(0x7f0000003540)=""/243)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000003640)=0x8)
write$6lowpan_enable(r3, &(0x7f0000003680)='0', 0x1)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000036c0), 0x4802, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000003700)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000003b00), 0x1000, 0x0)
ioctl$TUNATTACHFILTER(r8, 0x401054d5, &(0x7f0000003b80)={0x1, &(0x7f0000003b40)=[{0xe, 0x5, 0x1, 0x358}]})
r9 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000003bc0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$6lowpan_control(r9, &(0x7f0000003c00)='connect aa:aa:aa:aa:aa:11 1', 0x1b)
ioctl$USBDEVFS_SETINTERFACE(r9, 0x80085504, &(0x7f0000003c40)={0x0, 0x1000})
ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000003cc0)={0x4, 0x0, &(0x7f0000003c80)=[0x0, 0x0, 0x0, 0x0]})
r10 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(r10, 0x4010ae74, &(0x7f0000003d00)={0x3, 0x6, 0x8001})
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f0000003d40)=@usbdevfs_connect={0xcf29})
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r0, 0x80047210, &(0x7f0000003d80))

16.962692468s ago: executing program 0 (id=10548):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
write$char_usb(r1, &(0x7f00000008c0)='-0', 0x2)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat(r2, 0x0, 0x80402, 0x41)

16.941539349s ago: executing program 8 (id=10549):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0x0, &(0x7f0000000200), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_open_dev$vim2m(&(0x7f0000000080), 0x2, 0x2) (async)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x4048aecb, &(0x7f0000000080))
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000011c0), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000840)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_IOAS_MAP(r4, 0x3b85, &(0x7f0000000800)={0x28, 0x4, r5, 0x0, 0x0, 0x3d, 0x5}) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r6 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x191202, 0x0)
write$ppp(r6, &(0x7f0000000480)="493c86d5100476ad5e8752607a0b97b93acf306817c98ffe5cf01acd69ae033ae27bf522b0ceb01eac43af6fe1fceee0e415558f4a47ad0f2ea922d7d320cec422b3d5b6fdced8ba04f21b3651af1a77357f9dc3d62a14ed36952ed5bfdb1d0d50110bbc2b0a058cb1098d9ce07861ef45837cde375392bdd1296c249975c0785d3d11176c2f74f5ed2b1a118fc8f1257e89e991d34961ffee540896afb8b8d52ce1801ef10333bdfa1aadb4409a9d551701f38f16911cb2554d8edde5bd40c96f0da2c33547fbf0e46d4361a9b9a11300b2d605b0488f85a7f3c3c62f2e5abe145c7805607d3aeb6bee68b02b1d56025484957b1affce", 0xf7) (async)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r6, 0x3ba0, &(0x7f0000000240)={0x48, 0x8, r6, 0x0, 0xc99, 0x1000, &(0x7f0000001200)="005df39acfa8c71ed8ee8c513fe7a56b9925c9f8c3ba230e8ac699b25929a6e7f60e4dbc176a498c34282bfba8a2ee1a83c28939dd43e114f62b1d05171d02be80da35e27b7ce7c56443920012bdd1b7c7e615b5e27cee265249d45dff49559742eab625e5dd046d29b2629eeec083a8114e4e6bc16c51121d1a56cedc287499f994330be9a53977ba3b566e6aa003eccf679a712bd2b65b84500f32deeaedda1d1a4c630c47a115d2a7bffe981940cbfe81ab2743fc68345f45f27ab74fe1bd136ac433ff56e6813fbfa8ce58e37eb1c13fe2ccd77b524d476457ec86abce4223dc8285556853312551d3b0816c5cbab191757c4cd928beed8ae4539dc5fa9a0dfa7f21db5ca9bf6511e83cbefa5368f7b0226aaca4ba09795dc5f48cf0175139c03aea845478fe1051dd25470b8ddea098d132bcfe5c305962b3e1da67addc3a6255932d9c0ba20b3f67a4db2822786bde618843f5877e7f9e12c268298760b524d72f824c2bf26035c4c97fb01805b6ef2e6594c6daf34d0ec8b72d380730b73ff87043948c1fd73fce2c85daf64c54fe864f423a5553efefbaf43241ca18d906fdc947ebaed368d4621aee09f4f267ce24d900edbf0304182b3bdccf6dd388cfaa174bdd7228adbc820391247f56b30196de448e1fd7a6bd48915f2b2de0b0b093ea6386330a227446d70a77af01001df72f3a9602f0873d52c64098fe786d07de045a319668875c988617d20df58af267c38284154bd266c3bf416e42e2ed9fa4e630dbd315c88dba3ef9ed6d513da4afa29ab072cf0065d673a0620b5cee60f3c2b657ebb85f0766727716ecfad8e8e0d36b70515d6edcfb61a7537322d55f7930310a145f6c0cf051a90d9520857f1d9beaa55bb5b8fae71ef225980e1403ac45d0de520e1b780970591c538bf34078d5b424a8824bf545e54a8798762789e002cc2900b99681f0cdb203f891feefbbe0453512001c3c32616444a137dd1df409b7045ae9b567b61afc60777e22d73a6b839df08f43048b5e2b05be79eae70d7f847d06da12fd2cb3316218fd474b21bfbc19e1b85b32a624c2f751cc1c4c800477dbabd498463beadf8163fcf9182f2200c266f5ad7ad64fd6f890215f4f25671a6806540b7b341ba2c01f0421d06b7b6283281a7a1f7940e9c72f912ebf29050aeee29820d31657dffc1dbded64dc3f9bdf15d843435b033871b1faf55709bc2f152fb76f5718b95bfabb6ad2f8c925d5ec148dbd32007d42c15fcee0bf69a1f063a36c07961f2f29800438a7e53568432c0eab70ce5ae4d707f88eed48d4a671c0c7b4c1b399210d6cff0455881224f853a78058a94458f73964aeb6d61f3e2d70287335e106b2127c4957270b8389cf91f7a7f77d1ee45303912ebd1a477d000fbdc7cf113010382252127771374fbad9d1f6cacdf15ff4fb7bf203451468ab6bed4a8cbd4d942db6e9b99b402580f137deb0edc48218b94c55eccba42f7b0072eb13b12f7e6874564e4322f62d69f63940ac12540c9347cfa0d0b5b5bbcf01958e4b8ec0f784b898c92faf26ee649b0cde69d5729957efde758ac5cc69377132479d35dbc972d646673cec5c1a8c404560011d331759289edda80977dffa01a801dc1b7770fa6aaf139c72906104526233a4d2dd0abf9135dcf3999aa7ecc02ee56db3d741d2fbc402d076cd1c3f16c31e3690bd144074818fd563ceb9432f0cb3148c48fbee668c5ae92dd3710ae38826e16d1dfff9d7aa8b5d5ad350536721a0132001ee7800a68f846f35f0fca2a99209bd14f77a98d198799c58730378ba926878ba9aa463ed8d7ae1bf255a9ebd6b0a87be1fb1d9ceedc7d69049dd854b219418a3df7e7831cb77c30610b219f1022e173c8eaa6e32cf382b3076b1e7fc1452aa3e073ef660cce81cd67478e9e34ee97d34e4b97b0a65e57b2f2a653f47e177af105d79d853da6fa2f4ef69f9d727f4170c2ba06a6667c68b11c434f547996c7c524fb91a48a2fe7975f2417d2ac37cfc95b85ac29941425b9c956cf234fb5377e835eabcaef2c95876da43cbd60728b10fdb7a44acbef72880894c54457a8d8da976703b2fec62ce2df48e2f439970468dc53dafc55b3ba99775616d86f52d788c4c2879dce332428f3c938075cd10e27ae5c680f8357ccd43dc62bc6a5d53bc563605e798d5ed02ae7c6b561f3aea11bc1291dec79b435001fd52cbc730a1eb8d70322e222514d25919196e7df3181236873282096088920b8411c2d6b8d140484dc6ccc04547a9627f308bb9f3de1f9c9dfc3a7153d02d313f20e3d62ddaa7cac9126f65c30126a1b01b9d1ef8ce3c322917c62d3fa614d16fefdce4ebd92496749ff6b9aa8abdb97bba6e35f3abc089e59789ba1857b43445f4d70b75513df41970f38bc9f0684a003078d19dd0c6114025c83138b796c1ad4c7512743d047b81b1c0abe9ab54430dca91b54797c1a4039f0e18d8f6d9ad27f636311fb4e8b68830edc261cdcb0b9bc7c4a02bc70b824cde5d55d07ccdea7cfdc266e381e8244ce18b83c9ac4aea82f225daa0ee10d196aa86766d39bcbcf2ab770a33c7330daa791e38b1c917c20be1dbf2a89ebeeb8648dcb98080e823ad803b0e90131a00af88d9118ecfbe820727ba54df76e537c2e598643ae1a01d65f7eb1d216b99ba4000eac8eb3490528bdedd4ee1b499c67ca2e15d2c9991707e3667beb210721bb1a14891a503ac258488e0de130216b240e2d2c6f1d5ba346b62b783889eeac8c8dcf856a3352e29ac2ed725f5f38622ad957a5871452093b040775a484de1238b1878a3a0dbac852ba6239d078c492f1bec17277275bc187802112b21c4e9115e1de7b117516ccceea420f9ae1c49a0104ac92e05bd6a60778dfcbff4a2b0406d088d501f28f3a72d47d3ca8f9490c39e908d4a7af12dd437d7379f682d978742d1da72d83b66b14b21ef107a7a55f84a5a3e79735a608c247968d01f202a0b14ff25bfecc31025b62df6091f728e00c730800e8e5c129ae4c39118a89ccc1b3ca97d6d523d901d88bc1726083328ac4c1ec8860c3c368ea556a50eefcd420af9aac50772fff3aa8aedb35ad7c446fa4d33aba81a380e3136465f99af534a63790ca3170d9b383965f61baa62a83a87c4024e4b27d0666e498f0505ff9cbe50341dfa3d5a98e7d1af4d5e7028857f0a3b5246b849b4ac1b75078b0f762c22becf11a5c2b22f2e37d3e63805d7e24dcfa8e8d80009cb86b1c0c5af954beb10621104d6931e6d076b91f05f9990bab4f065353ac608b5eaa0f3a25a4807930f12745f3b77f5cf353a9fc88c7f3729d29a2651eab268b2e98da781530fc56231dd28381da0473e66fc54e81a93982ba377ea7155f63cb9ad8c227993d98a0896dbe152b34abbd946948c0a9d3106b96d62c6c320eba70ff982c8ffc74bed3b40d2256a56794f23fe416f80484eacaeb8c853d56346875b22a02bc5fc446ef1c5f68226453978d8bb1558f09b3f0f958b0d491171def9adb89e3050143d16fb627a88afca3980b722f14d27dee6ba99633af2157b27d7eb086607160b11809ba030ac84e4ecbcf5d930a455e69e118cdf62a1a1d797986c639a9a8a6ac1a3c1aa16aca13e7b3538f432df98eaa489d20dbef78b5c48d93e00b7ab094aa7e671de4009ded8dba1b43a1647173f62d451c32afe8c86adecb1e8ad3db1f4ae43213a30b80e020104d47ed732c87b012b0e034227f266225eb19fde8a50a80e36496b107f77c2741f2f61dbd4f643226d1bcb356c6f9c2e3ce8ae7d6bc4a9055f9e41b034a035f9270ec144a4b81041c543348b2d63e4cad4b0b022bad750686fd7b9ccc879954f099880d9ce21ce1cb7fcf18c260335d4968a739fd9e90843dbdbb1c7b7c77fc41c89cb415b48761c703ea7af995035d675b646c848f335ceb4fca45ce4b81ded27ca969253bb71e2d6c795ee64572cfe24ca26107704ef96f25cf0586f45b8e532d0a5c990b635cc69de496f18faec664b9ba73dc2e49eea41472242dbf2c9b6e0c00fb0050a79732d657c1a935096218f4ed0af1dd226b68ef60f923ca34f39dd1ae9bc9375b6cb9091f1e318900e0ccc8a853f9de25ec7ec3c711446fe868590651c30cee9e938c9ea39d046b93eca2a09d0547e2f3e4bb67d2d4094a7e691fe71224d46f844e12f313968011f529eac109c69c6f7c7d5a4f6205dc34a042b083aad040bd56ae993124ea33e1e6fd209b724a35262fa59244ed7d2dfda4df0aedd1f00aa771a0ffd493e788bd7b327d4150c934122936458b011cc19efc985fa74f8b5489141e27c6cc5f73248fea449496bc25850ffdfd49cbd1715aa91a5d7dfe07f001343ff2b7d6a3a6ae123b193eb6fd619a5f34bc7cc58d21ee3346c1e6e8cf464a1cb5884a4811558561aa1a2e92617c6101cf90ecd96289e773c5217697f7405047138436d58b133143ae7a541b58346fe365a8d3aa79d84570b4345c0bd65d88887e799fafa68a0a2465fc3901dc8391991d0aaa82b43ae1f94e07e641f176cbd91129c79a82bcd1b55d243e61e5ffe3ba687026a61f176032057732ae8ce3142f8f3e4a7394850296c62dda8193855b3e3a132ff23ce1b01928e016a92f99a96856874f08343417b0889d95c5b8bc4547d79ad3ef97318c1d1da35955ab04c516458a78d3b3e30fdba9e35aa96b38d99fab0ba35398e70c798083cc9223ae3276db6dcc528e41a4a7e272f4b7fb96809571edbdd452101eaa53f3b5e2dca1e90c263896e7bf12353baaa236436d5e79a6f7f54280166cd7544416c397b7ad237f3f2c0a3bcfa7fcb76611d3e7af778f59a639534c6c8f6ecfa6db84b0a45397bcaa039d6a9c09771bd57dfecfe80497672c82ebc3cd65b6a59261fd34122d2b38cbe3626c2be934541242e4e143dea93742009ac0ce4cf1c5433ed2ca2b2d5b5063719f44e7a818410ece2f96a85b08f0ae52f55bc7f46d7affcc8fad8e7213fecad8c6ccf698859cbbc98d1bf1028d9e13be6a23117eb280d06fbfba9a1830835acabe6a6fa936b5f7debd2fe21a71327084fc8eaff883529c3d8e3afa188f8828dc309d977ace099a1c0616d759cde809104b39808be683b2c044e4b2931831954681a55d0f9b5117a5547f26eecb2f51a149a3b95e1edd8b51e1b197f66297ceceb1a1f33afcc1a8d8bd7fbd4cad217c78e7ebad1a510704e41fdbd7b0abcf4c6e0ff6e31a9199d8d59272224eb2cc6916d91a9c8a4cbdddbc56be0622115cef76db0d1952d750bfc1046eb0733eeac9a8ccc4f6135d098598eadc31a415bccb78d625d3ff90a03f975a2b0e9b00c109471c091d3d28dc855ad9f5e420d3777a4df29be5c228d36738de5c21200b30f9655b7af7e891d394a21b7e92bcebaec7eb58ecdfe3341fb51ed195ba8dc2a9038160dd81cfeb3c2d3a8d3a03064a0060bb088103b28f498066bf11b04556c99b58de6d8f4783e6e9b0c525b070b2247f58288f7d984c7f214895fd9107eaefdc792618d6e91ca90470fb0f73ec0510b9ca750d86c939c8b0e5fb5cea71860d9372225a890fa47d55757ad12dffb3888f38db762d51c23389f99c1b7268461dacfa32521701b4f59d9ec86f141b4ad905000e883cc1b5f75003ffc41c8fd9194231f6e179e0b71b777368cc0bd3f27e16d3e49c7ce2cac32b59709a43c0fdcbe61ec542a532bf378bc457fe8e9657aad496b1b8129448fe4a742ab1fa8b88000a5601c0019c77cb45646ce0894c68d7246bd187643c4ca42689836", 0x1}) (async)
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000080)) (async)
ioctl$PPPIOCSMAXCID(r8, 0x40047451, &(0x7f0000000100)=0xffff0080)
ioctl$PPPIOCSMAXCID(r8, 0x40047451, &(0x7f0000000000)=0x8) (async)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x801, {0x6, 0x2, 0x100000001, 0x5, 0x5, 0x1, 0x101, 0x7c, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r7, 0x0, 0x0) (async)
r9 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000400)={0xf0f01f}) (async)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r11 = dup(r10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0) (async, rerun: 64)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0) (async, rerun: 64)
ioctl$KVM_REGISTER_COALESCED_MMIO(r11, 0x4010ae67, &(0x7f00000001c0)={0xdddd1000, 0x1000, 0x1})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async, rerun: 64)
ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (rerun: 64)

16.765186856s ago: executing program 0 (id=10550):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000100)={0x9, 0x101})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f00000001c0)={0x10, 0x200, 0x2, {0x0, @pix_mp={0x3, 0x30000000, 0x31384142, 0x3, 0x1, [{0x1, 0xfff}, {0x6c6640d3, 0x2}, {0xf0af21b0, 0x6}, {0x6, 0x1ff}, {0x3ed, 0x5}, {0x3ff, 0x1c7b}, {0x10000}, {0x100, 0x3}], 0x2, 0x8, 0x0, 0x2, 0x1}}, 0x57})
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

16.594557738s ago: executing program 9 (id=10551):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
ioctl$SG_NEXT_CMD_LEN(r1, 0x2284, &(0x7f0000000000))
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000200)={0x0, 0x0, 0x0, &(0x7f0000000180)={0x0, "9e154c329bd82a84168b42e6d53b5871edcced1f2dc3a21b4df972e4e6a1cc07aa"}})
write$sndseq(r2, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f0000000380))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x7d)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000003c0)=0x7e)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000045c0)=0x40)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000001c0)={0x1d, 0x1, 0x8})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a)
r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000740)='/proc/bus/input/handlers\x00', 0x0, 0x0)
lseek(r5, 0xfffffffffffffff5, 0x1)
pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000140)="7b3ff5898274a62148cca768b50b721024a025355567c9788d2213a947477fdd25f9de31e54b79efeff19caeed013446dd9d12ea784082521d", 0x39}], 0x1, 0x9, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r5, 0x4058534c, &(0x7f0000000080)={0x7ff, 0x7, 0x8, 0xd, 0x1, 0x6})
r6 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r6, 0x40405515, &(0x7f0000000140))
r7 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat(r7, 0x0, 0x80402, 0x41)

16.527354309s ago: executing program 0 (id=10552):
r0 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000080)={0x0, 0xfffffffffffffffb, [0x2, 0x3, 0xfffffffffffffffe, 0x100000001, 0x1, 0x9]})
lseek(r0, 0x9, 0x4)
lseek(r0, 0x8000000000000000, 0x3)
r1 = syz_open_dev$sg(&(0x7f00000000c0), 0x6, 0x40)
ioctl$SG_SET_KEEP_ORPHAN(r1, 0x2287, &(0x7f0000000100)=0x1)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000140), 0x2800, 0x0)
r3 = openat$incfs(r2, &(0x7f0000000180)='.log\x00', 0x0, 0x8)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(0xffffffffffffff9c, 0xc080661a, &(0x7f00000001c0)={@id={0x2, 0x0, @b}})
ioctl$SOUND_MIXER_WRITE_VOLUME(r2, 0xc0044d1a, &(0x7f0000000240)=0x2a)
ioctl$CEC_ADAP_S_PHYS_ADDR(r2, 0x40026102, &(0x7f0000000280))
pwritev(r1, &(0x7f0000000400)=[{&(0x7f00000002c0)="ff98b34c76087a1a90aa58ca0bd54dabf992d82882f3bd4499f7799f1d1f86bf8fa1e01a4334f769a4aa76d5ccb2ab88de88b026120c8fcbc15305ced5aec32fa0", 0x41}, {&(0x7f0000000340)="fd47b63e4bdc60e99b31496e4be72e", 0xf}, {&(0x7f0000000380)="b7d11e0478c62e06fc4b243f73b6886985829d9c475962f5b89f6f159440c0bbb725e71d2d1fe3e3542721983db625a29806d3633a6167b7c46c8e03f20cac33173e4f538805fcdad9923817b2808751fe24177259d280fa", 0x58}], 0x3, 0x6, 0x2)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0xc080661a, &(0x7f0000000440)={@desc={0x1, 0x0, @auto="ba27743f9eb5aa4a"}})
ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f00000004c0)=0xc)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x100, 0x0)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r4, 0x80047213, &(0x7f0000000540))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r1, 0xc080661a, &(0x7f0000000580)={@id={0x2, 0x0, @b}})
ioctl$TUNGETVNETHDRSZ(r2, 0x800454d7, &(0x7f0000000600))
r5 = syz_open_dev$sg(&(0x7f0000000640), 0x9, 0x111000)
ioctl$SCSI_IOCTL_SYNC(r5, 0x4)
r6 = dup2(r2, r4)
ioctl$NBD_SET_SIZE(r2, 0xab02, 0xc8)
preadv(r6, &(0x7f0000001880)=[{&(0x7f0000000680)=""/115, 0x73}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/162, 0xa2}, {&(0x7f00000017c0)=""/85, 0x55}, {&(0x7f0000001840)=""/24, 0x18}], 0x5, 0x803, 0xfffffffb)
ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r6, 0xc00464c9, &(0x7f0000001900))
ioctl$TUNGETSNDBUF(r3, 0x800454d3, &(0x7f0000001940))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000001980))
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r3, 0xc080661a, &(0x7f00000019c0)={@id={0x2, 0x0, @d}})
ioctl$NBD_SET_SIZE(r6, 0xab02, 0xc265)
ioctl$F2FS_IOC_DECOMPRESS_FILE(r1, 0xf517, 0x0)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000001a40))

16.457573643s ago: executing program 0 (id=10553):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x3, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)

16.374684888s ago: executing program 9 (id=10554):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000180), 0x0, 0x0)
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

16.369583414s ago: executing program 9 (id=10555):
ioctl$SNDRV_PCM_IOCTL_USER_PVERSION(0xffffffffffffffff, 0x40044104, &(0x7f0000000000)=0x3ff) (async, rerun: 32)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (rerun: 32)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

16.284006586s ago: executing program 9 (id=10556):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x4, 0x5000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10201, 0x0, 0x6000, 0x2000, &(0x7f00005b9000/0x2000)=nil})
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200), 0x9)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x80002)
ioctl$LOOP_SET_STATUS(r3, 0x1277, 0x0)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r2, 0x40101286, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x8f, 0x0, 0x3}]})
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0xfffffffffffffffe, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0xffffffff, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r7, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

16.226627844s ago: executing program 8 (id=10557):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, 0x0)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000240)=""/166, 0xa6)
ioctl$BLKOPENZONE(r2, 0x40101286, 0x0)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0xfffffffd, {0x6, 0xfffffffffffffffe, 0x3, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000001a00)='/sys/power/freeze_filesystems', 0x141a82, 0x0)
write$UHID_INPUT(r4, &(0x7f0000000300)={0x8, {"97bc7c59b32b0f4a2627134891095cfd11135abcc16669f5b218922ad4f44d883be451a40f53444f0a9ef589763eaf5a7720592ddb08a422b4e0cee42489fdae0d6c3c1ae334afbc50744fe90726d9deacdd3a0f9b6833129241a38392bafacd85fdc96ec811f0b65b82b5aafc3369c37949dd36530341b113dec00f3e00e7b2caede3fbe25075dc95b4d6dfa34af5e95ac70df63ca331f7f731230b9590459bc227661a273712a784be3f0b3b5755a4a79b48672917ee998343417f3346072e108b67c4779f68cac90502447bd490eb80c4662b5aade823ffeb262c1bac9daffe25f935a9d6121ddbe0ec135e15449a592a5813960f7c2bef20889feee621b5e462ce598b0c35556d18e0ac4231952708a772be1a0fbf38041970acf9e149405e27e96f41c3a60400dc902d2720a41ec5449644e4f9fdb756ce89757de72eb3d8aa456dad1295fff342648e815db362351368887f51f951414548d89ad184890aa2373f87ea0c59b181d80ca43bbafdf1932729e64c987c3adc838a4ced5599cb9654f2eb99176d623deea66883ead58b190c820980da23622fac7802018c1e96b6ce4a7948d0d37b91872d6fed8d181b7a55f22ae6c6ed4662e7af6a0d60ffc812bfe5d76a58808c5785ad14a4a24aaafc3ab909794673245e994454a91db686fc4a1c2edf1828604a954ed7fc1385d3d58b6ce30ee43e70f39400dd090060bc9d5e77939548e0764f427ef09e1bd256cc069e3b6ec9cf42b5a30b437e267c0321f3aca137a6f6f2bf21fec941c23e272c987f76deda870d2aa5a7a95a553c4d655ebec152074bd7cc1889063002124838bfbb30830baf994a02e56bd7fe4b1eb26d1cb48e9b1f79558ddae1f6cf969c655ef8a6f1dfbf7243abad00f1c4f5e24338367c2b9ca21a2f66fac9fb47cdb924c42ffb90bccc4d3021132f6632f842c734efb7b83d2b98b219b49fdcdf38fbd1c669b3ad5b62141e151ae769bb1215e4e91d041b9c2170fc0ce3e2d4d1da48a54812e8181b6c5f4d66c4adfb566d388df81d0a7e55dc28fb3e3d8f4993787e93f287c060d6105983552ade1c97d5ad39f0b2a3f6b669fcafffcf5733aea7fc0404888f822ecb24b8cf75c5f7cc2b5ebd917e3ea33992d544f91fdfd369a7406a4c4e5a895ba6e218eb3caa66f1c1642162415588fbb568fa3d03bdeef4ae66a578f5cd3e7df66b606c076f27e5e67517914bc765d979c879f7451700fe07f39071872b74c7a039e90187bc2a372ebd85d4a0bc4cf6e09b0270d2cda50f893979881c2f79e3f370a4a4e3e2f7ae1f77fe927141918faf0eb2bfa271e3c8680caa50b441b00a7e70e18ab3852466eada33104e54c0070ce3ed2ab955a267ada63d0ed06a9c97d6fdf48658d0376d9c719d9834acff867da94ef3cf4898d1e1874510019de4a2b80bd574413f1b68292f4dde6bd0903351a1e1b0c4186c35b250022c1a9969e4fccbe45e69ddb83376b9bbe9dcf2e703bb22a965e3196842772798779af784175ef16e894ec8fd8aefa38b867b2d72b2bcf07766c338beecc597ef8e46503ac76ca8fcfa1a0dbe4fb04cc51c0c8a161ff446addf5ca68bfa3bb37cb5ccb991351c2e6b843ac43e7d0129e63d12bfd26ab9605ae7cbc97f695f5a56044a7e96d4040a40a9192d22e15cee98374a6f37c4bac0892daa13e40af65736bac3f54d4028fa10982a79702fe61a79c60542ddd083d3febb6baa55ba0250392cb640347f794f8f9a2bab199849f1df738afc063eb20663ee5054170527c035cd93c568cbd4aeca6123357a9013a9bc35c7bada103a6a2589141d1e5464faf5b691192bf34870b7fb982ed47f4a973a203035358b54f8d7c7403dae927b1c02ced2f40e536208896d13df70d67b0520b581184d6040592fac19985b750883951347db04830b3f46a245e0d09499fe87a2313d06a3c41ba8cc514ebb654bb5514dab8fb9e143ac1523a45473b658f944faf370f3230a61288b630e2de5be6b7635979c1b784dd14c979232ba40cd80bd985ad3794b3dfe4744670722d14702678d0588ed2d2f1b2c919dd2f8cb7f0de9818229cec709a2f156af2b787722778c01f179097d096cd5857796e183788825d9e80337141a7bc06267d0bba2d2c279fca303dff9af57aa47d04803377c2653a60e245417da866d6cd307fde29cbdfa707677c459801bf4d80f3883092f970b440b512037d7359b70503a95822588a50a8acccd0c88487f309878ab4b0319b4377ad27b8cfcb0fc58b5abb0515ec015225366bb056c15ce70eb340085a4556101e4d70e5624ecf00bbbb11583e59c2ba13b9b21026ea87911aa0981311f069f2d4093927404ed12f93d0d96ebdef170dff17888511579ea765361981d8849f2f1620a4ed769c4380fd0511e7fd7bc0e03e8949ae5f43af962522557d31d0c1f74181ba7e174ddfa883828cc347efbc3b63b135eeaf675262c1aeda879a009b49ec1c4e4c3de6354a04ff7ff40dece8d70577fd73b1f5b25da8f8ab218916afac36cdac89ab93984555ab452fa8fb3e1169c5c657d12eb1f98e64336e4fd1684ffb35348472c7fd75f8364f2865a69c4c18540d1998767d0c61c6ad2df7305fb3006900b8013ec37cf85b07dd30c39e647fce29e4f3ac7121f8e303bc3fb1af5dddc2e76f66f919ee28e0a89647f9a0cf31a0fca57c6dbe788398f30601b1fbc5bd7712676fa466fba4f599cfc4e22d471224fe7f57d8e5b25d8ade312f0fea7f2f83ed8c8aa4425030fafd6a1a11e5d39cc678d5a17af677df0a0e5b87e5e5e4040ee375e019c064bb00d8ba2886e5acb03d1fdeb8e8a009edcacdf252ec3f6b7272e37694b1e008a3a48d366e5173f4b3bdd3c31952bfae7d30937cdc19b67e743d1ca153966a08ce1b15bf91af8f8ff4c5908f8b5e6cb2228537fd2087835643f6a236e1f0441cec35ebb595b89187678bdd151b402044ff664e86b0e7f42adc5bc54ec1447c93897d70ca4a1ed019f34e58abad7be33071788e7fafa5fdff56c51fa78d6a834e5278b13d881f58b6b55a187f711646aad1b1114b8fc8bdf18443b47a28c614c38c3cf1156e8c1294728a57eafbf7a760832fba4a01602594e439ddce4a67ae711d088fe41d30521fa58b34345de79b511380f347bf603204111dbbdb24607ba222e0524cb54a9009adc62f1a6067baeb155313faaa8279b9a5e964601d8a0833eab7397be169fa2e72faf7f4ce2369553ebd3665cb0d808a1568ab4a5f6cd3aca38f1890e89d09f4f7cdeb7bf4f33c8f2b2388478063a6c101af33b7cd5af6e034bf588fececb2f70779e5519e346305cbc6cd85c631028da3a5c80afb409a25346f5a5c63a9bef9a2c9df77347392159c249f09e0f9cb06d79fc8044f35c138ebc6a8376addb757b51d1cf0c63f5401a285d6f11ef05f43fbf9de9b376e9c4ed120d976e22c04d645816d4cf095d2769a296ae855be4f130d83325919cf649fbb8b0ceb0d9fc4a5631e1ec17abb89975410c4cfa5cc8e2fd28cea9b3d67d5b431bc274b41603f63b51dc32848e2e90f4b25f6640ea1105d70b02d8ecec7635fe0af12e8dcc7d98bdea468bc49034c55beb8f8687bdbd919b2608782a91083aa402c274077a0e12d509e3e4cc555d4b2b6b1eaa076de811e03eb33cb85c567e79ff3ddb0de7600570e217dec906d64e4bb02b1bb6c2c483569faf07a138e3d06ba48fd2be73a25c64b7778e15daaef1755d7ec26662a183336bf7b231dae7c6030b1e430b96089bfcc782f5352abe7e3ce23c3c8befe23fb5e67540ee11a4c40479e4b7cb9a077c6dfc90ee9db67b39ba52fa79a6ed646d1221ad02e816d395bf41af3b50725d83261662edfc4fcffe61849faac810b9f1b6a82b59c3bfe09dc10155e4cdefe734389eafc5bb17402b76542f7b703ff61b3b76997ebfe5da6754c3c3b54e0114582d7d89b29766627e68f9ae92449025ccdc5bc62a313e774596e4ead0598ddeb8ea4e694d56a4461a73b4363e6b0a9b4f23b1c6952bd3108079308fe9feb16d82ed432f5943330b07d3ab3fe7843483fb64062819b76a8a15fabf47e9315565abb2061ffcead8ce37bc3f0aec83967b44b2ee6b1d84e315792967e68c4c3702f0ff1123b60164a3da793c909749450319b5f002ffcbe499c2c9326b3b0b571f53b7533c8f23344201807052401bdbc3e1b7ca7d40a2a759cf7faff7c0b342ddff9aaf18204a22382c5809314d4bec23cbfd2296a6e159635ebacb081658a4863543887738bdb800fbc61e7166d3d3e326f4d587633ba5db2e3d84ec9d9d318c5b74514a68871d0d440aeb72491033f3443061a31a4e8daf5e3718c85f6c41da7cfebd48ddd6ead8ed87a230e42d2270dce1b8f81d23d3ff89353528eb556f00d6a1ffe44a2359640432d996d0d40fb6458ef01b1b46ba680911c5d9cdb402cd40e5aa92eca9eb30e6008945cfa6efe700d1ba7e4a8df31272397fb4116791a8504d95d33772e22e40e44812eefa3548e32fb34ddb1358e21cd9b6179d7eaa4a73fbcdcfcc06a233e473f44d21fdcfda75f2665addc80705ada5104310b3bd3727982e58921a5198ce2cfd725e2354c6106a916249fb31e93c37774c3ce4538720928017ccd1a0d79f41f70893063ae33b1cb8c86649617c0474aad63c01db50502384c3251ab7de958037fd938b029f9f7c2153337f5ab3cc85ba27c2bb6eb6195b934ea0691e8b11e3d6c3916f2632912429170b9db68899eedd86fed31457a87b917eb43464fe76de65b0992a4b8b3b4d3a7ea330fec1b8c8f68ee5d1e868e4c217a2b381a838d103c0581e5dd9ceaa9cacd5c42a2131c6caeb5a9f5d85a8d14f3b07d5eed40d852770bd1f1c02e1cc02142bfe0b8262a871743210a067b736265e0d910f1f5fb6c7199e9cd201a5af7a23e6873790b72da4bbde7e77627a8c7c126345b5963ec1edb0fcc6a72e02e916044bdc7630cac236138abe962545c5218e4864ae9e0b6278c70e9681e86c3d10957fe2b06a63a1d1ac3213ea258d9a8e5848ec9a8b63fd74c7ebf117c4bc071aa0c466cd73865e4577f8b0d56801394e94429d56b8870bd5b60872afde39b43cf23a30f9cc7c46ddebed1b35f55b751a9c61d4c39db14fb860435ad1b73b4b7e02f5ba5910923cfbca034dcbb7a6ff8d98a306c13d42cba33a3f9f18c52d99456532f040310770eacc20c45f3856cc67e48aabae020eb969fbcf87c1cd61898a47592ba9ee5d43ba505b138f1cd983cce65f4f586f8794810844062057ac45264279534b7829717ba1e6529ea0428b5a0c1090736776b7b6ea8a846e5e634c47fa5cf038c8097840a1c26358507f507fe93cbdbfa471af0a480284f3de0974796e695bbc90bbe51990658c40cc5c680be0628584e44fd6961ecd30e3c59b8001e93610f3a039080eb7d79eaf4fec55357333dfb76541b25cb7d61c059b786ccbb1de3dcf3ff4bf8322f3ecc636fecc3454be0bd1d06cbe3de67ff3561831782ee302ab3640a126f98e9c443522085fcf41280f7138a51374f95e8e4f6b562320e1cb2361740ac785cbfdfa0dcfdf892c94069b0fcc42eb46ad5d8feb92ca7bf67ff02762369cfd96f0f9a39c1976dc1a08fc8d8fa8643ca86ae9865e1a5826be4a898f4e19284f8b0fee16ef883b6f5dc9f5fbfc84492c31d3c0442c6d4adf3830d13bb1a42e41a21089e80a1630b2884ed04ac5454d30e9fec1de663a1c8164abe74840224ce2233d59a2ecab152fd28600797b1b4783ffb82c388ee6", 0x1000}}, 0x1006)
read$FUSE(r3, 0x0, 0x0)
ioctl$BLKOPENZONE(0xffffffffffffffff, 0x40101286, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r6 = openat$userio(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r6, &(0x7f0000000240)={0x1, 0x80}, 0x2)
write$USERIO_CMD_REGISTER(r6, &(0x7f0000000380)={0x0, 0x9}, 0x2)
close(r6)
ioctl$EXT4_IOC_SWAP_BOOT(r5, 0x6611)
write$FUSE_CREATE_OPEN(r5, 0x0, 0x0)
read$FUSE(r5, 0x0, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000002a82, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x28011, 0xffffffffffffffff, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$cgroup_devices(r5, 0x0, 0xffdd)
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000340)={0x28, 0x3, 0x0, 0x0, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000300)})
read$FUSE(0xffffffffffffffff, &(0x7f0000002400)={0x2020}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f00000003c0)={0x2020}, 0x2020)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
dup(r7)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x40000000d2a80, 0x0)

16.199968803s ago: executing program 0 (id=10558):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0x7, 0xc, 0xb})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000440)={0x0, 0x100000001, 0x1, [0x29, 0x9, 0x8000, 0xa1a, 0x7fffffffffffffff], [0x800, 0x6, 0x3, 0x8000000000000001, 0x0, 0x101, 0x7, 0x4, 0x17ce, 0x81, 0x0, 0x9, 0x3, 0x2, 0x0, 0x401, 0xc91, 0x2, 0x101, 0x4, 0xfff, 0xfde0, 0xffffffff, 0x5, 0x81, 0x6, 0x8, 0x38, 0x1, 0x9, 0x4, 0x0, 0x2, 0xa5, 0x80, 0x101, 0x9, 0x4, 0x7fffffff, 0xc, 0xf3e, 0x7, 0xeb0a, 0xfffffffffffffffc, 0x10, 0x1, 0x401, 0x2, 0x5, 0x3, 0xfffffffffffffffd, 0x554, 0x5, 0x1000000001, 0xfffffffffffff022, 0x7, 0x8, 0x346, 0x400, 0x1, 0x8001, 0xfffffffffffffffc, 0xef0, 0x5e, 0x7fffffff, 0xc, 0x1, 0x8, 0x6, 0x1b, 0x5, 0x5, 0x6, 0x80, 0xfffffffffffff801, 0x4, 0x54, 0x9, 0x6, 0x8, 0x7fffffffffffffff, 0x100000000, 0x0, 0x1, 0xc3fd, 0x80000000, 0x114d555b, 0x2400, 0x7e6, 0x5, 0x7c, 0x1, 0xe2, 0x0, 0x3, 0x3, 0x78, 0x7, 0x1, 0x6, 0x3, 0xbb, 0x8000000400000001, 0x400, 0x4, 0xffffffffffff8000, 0x8000000, 0x5, 0x4, 0x9, 0x101, 0x7fffffff, 0x1000200000000, 0x8, 0x6, 0x8, 0x9, 0xf0c, 0xa, 0x2, 0x3]})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
write$sndseq(r2, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})
r5 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=&(0x7f00000000c0)}})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r6, 0x952de000)
r7 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0)
write$rfkill(r9, 0x0, 0x700)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r10=>0x0], 0x1})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r13=>0x0], &(0x7f0000000200), 0x3, r12})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r8, 0xc01864ba, &(0x7f0000000300)={0x0, r13, r10})
ioctl$VIDIOC_QUERYMENU(r7, 0xc040564a, &(0x7f00000000c0)={0x0, 0x7, @name="123000007d000000000000e2322995090000e200"})
r14 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r14, 0x7dfff000)

15.183343478s ago: executing program 8 (id=10559):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x3}]})
close(0x5)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})
r2 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x40045731, &(0x7f0000000000))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

6.156959396s ago: executing program 39 (id=10507):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/tty/drivers\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0xffffffff00000000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f00000001c0))
ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000001"])
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/profiling', 0xc8200, 0x122)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {<r5=>0xee00, <r6=>0xffffffffffffffff}}, './file0\x00'})
r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(r7, 0xc06864b8, &(0x7f0000000040)={0x0, 0xae, 0x3ff, 0x30315559})
r8 = syz_open_dev$evdev(&(0x7f0000000040), 0x2, 0x0)
ioctl$EVIOCSKEYCODE_V2(r8, 0x40284504, 0x0)
r9 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
write$sndseq(r10, &(0x7f0000000080)=[{0xe, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)
read$FUSE(r9, &(0x7f0000005e40)={0x2020, 0x0, <r11=>0x0, <r12=>0x0, <r13=>0x0}, 0x2020)
r14 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r15 = openat$vimc2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VIDIOC_STREAMOFF(r15, 0x40045613, &(0x7f0000000440)=0xe)
read$nci(r14, 0x0, 0x0)
write$FUSE_ATTR(r9, &(0x7f0000005340)={0x78, 0x0, r11, {0x2000000007, 0x400, 0x0, {0x6, 0xfffe000000000000, 0xfffffffffffffffb, 0xff, 0x694, 0x3, 0x7f, 0x9, 0x800, 0x2000, 0x2, r12, r13, 0xb, 0x8, 0x1000000}}}, 0x78)
write$FUSE_CREATE_OPEN(r4, &(0x7f00000000c0)={0xa0, 0x0, r11, {{0x1, 0x2, 0x222, 0x4, 0x6, 0x0, {0x3, 0x6, 0x8, 0x7, 0x3, 0x10000, 0x1, 0x4, 0x9, 0x0, 0x1, r5, r6, 0x8b, 0x5fa8}}, {0x0, 0x8}}}, 0xa0)
r16 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r17 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
write$vga_arbiter(r17, &(0x7f0000000040)=@other={'decodes', ' ', 'mem'}, 0xc)
ioctl$VIDIOC_S_FMT(r16, 0xc0d05605, &(0x7f0000000100)={0xa, @win={{0x4, 0x753, 0x33565348, 0xf50}, 0x8, 0x5, 0x0, 0xfffffff7, 0x0, 0x5}})
read(r0, &(0x7f00000001c0)=""/157, 0x9d)

1.05781032s ago: executing program 40 (id=10558):
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f00000000c0)={0x7, 0xc, 0xb})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000440)={0x0, 0x100000001, 0x1, [0x29, 0x9, 0x8000, 0xa1a, 0x7fffffffffffffff], [0x800, 0x6, 0x3, 0x8000000000000001, 0x0, 0x101, 0x7, 0x4, 0x17ce, 0x81, 0x0, 0x9, 0x3, 0x2, 0x0, 0x401, 0xc91, 0x2, 0x101, 0x4, 0xfff, 0xfde0, 0xffffffff, 0x5, 0x81, 0x6, 0x8, 0x38, 0x1, 0x9, 0x4, 0x0, 0x2, 0xa5, 0x80, 0x101, 0x9, 0x4, 0x7fffffff, 0xc, 0xf3e, 0x7, 0xeb0a, 0xfffffffffffffffc, 0x10, 0x1, 0x401, 0x2, 0x5, 0x3, 0xfffffffffffffffd, 0x554, 0x5, 0x1000000001, 0xfffffffffffff022, 0x7, 0x8, 0x346, 0x400, 0x1, 0x8001, 0xfffffffffffffffc, 0xef0, 0x5e, 0x7fffffff, 0xc, 0x1, 0x8, 0x6, 0x1b, 0x5, 0x5, 0x6, 0x80, 0xfffffffffffff801, 0x4, 0x54, 0x9, 0x6, 0x8, 0x7fffffffffffffff, 0x100000000, 0x0, 0x1, 0xc3fd, 0x80000000, 0x114d555b, 0x2400, 0x7e6, 0x5, 0x7c, 0x1, 0xe2, 0x0, 0x3, 0x3, 0x78, 0x7, 0x1, 0x6, 0x3, 0xbb, 0x8000000400000001, 0x400, 0x4, 0xffffffffffff8000, 0x8000000, 0x5, 0x4, 0x9, 0x101, 0x7fffffff, 0x1000200000000, 0x8, 0x6, 0x8, 0x9, 0xf0c, 0xa, 0x2, 0x3]})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
write$sndseq(r2, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0x4, <r4=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000180)=0x6})
r5 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r5, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=&(0x7f00000000c0)}})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0xe, 0x8010, r6, 0x952de000)
r7 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r9 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x20801, 0x0)
write$rfkill(r9, 0x0, 0x700)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r10=>0x0], 0x1})
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r12=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r11, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r13=>0x0], &(0x7f0000000200), 0x3, r12})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r8, 0xc01864ba, &(0x7f0000000300)={0x0, r13, r10})
ioctl$VIDIOC_QUERYMENU(r7, 0xc040564a, &(0x7f00000000c0)={0x0, 0x7, @name="123000007d000000000000e2322995090000e200"})
r14 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r14, 0x7dfff000)

1.02284023s ago: executing program 41 (id=10556):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x2710, 0x2, 0xd000, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x1ff, 0x4, 0x5000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x10201, 0x0, 0x6000, 0x2000, &(0x7f00005b9000/0x2000)=nil})
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200), 0x9)
r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x80002)
ioctl$LOOP_SET_STATUS(r3, 0x1277, 0x0)
read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r2, 0x40101286, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x8f, 0x0, 0x3}]})
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0xfffffffffffffffe, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0xffffffff, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r7, 0x0, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r8 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000440), 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

0s ago: executing program 42 (id=10559):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x3}]})
close(0x5)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})
r2 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x40045731, &(0x7f0000000000))
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

cess 25601 (syz.7.8210) did not claim interface 0 before use
[ 1238.433853][T25603] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1238.561325][T25608] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1238.702309][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1238.709231][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1238.932384][T25618] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1239.007698][T25618] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1240.139746][T25682] dlm: plock device version mismatch: kernel (1.2.0), user (1869770799.1701523299.1937059193)
[ 1240.280006][T25688] CUSE: info not properly terminated
[ 1240.566361][T25700] input: syz1 as /devices/virtual/input/input305
[ 1241.462454][T25733] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1242.665421][T25782] program syz.8.8243 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1243.157312][T25808] input: syz0 as /devices/virtual/input/input306
[ 1243.536788][T25822] blktrace: Concurrent blktraces are not allowed on sg0
[ 1245.342278][T25899] random: crng reseeded on system resumption
[ 1245.540559][T25911] CUSE: zero length info key specified
[ 1246.554806][T25941] dlm: plock device version mismatch: kernel (1.2.0), user (1986356271.1836017967.30061)
[ 1247.377065][T25968] binder: 25967:25968 ioctl 40489426 0 returned -22
[ 1247.417816][T25968] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1247.459481][T25968] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1247.897633][T25991] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1248.605987][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x7
[ 1248.621724][T26001] dlm: plock device version mismatch: kernel (1.2.0), user (1986356271.1768453423.100)
[ 1248.647462][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x6
[ 1248.670840][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x2
[ 1248.702460][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.727672][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.754382][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.776881][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.802237][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.819363][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.835840][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.854332][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.862167][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.884681][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.908337][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.929806][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.960291][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1248.984693][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.012928][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.031048][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.041159][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.074226][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.104225][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.112014][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164304][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164337][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164363][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164389][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164414][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164439][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164464][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164490][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164515][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164540][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164565][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164590][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164616][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164640][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164666][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164691][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164743][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164768][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164793][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164818][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164843][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164868][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164898][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164924][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164950][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.164975][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165000][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165025][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165050][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165075][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165101][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165126][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165151][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165176][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165201][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165227][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165252][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165277][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165302][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165328][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165353][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165378][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165403][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165428][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165453][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165483][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165509][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165534][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165559][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165588][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165613][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165638][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165663][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165688][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165713][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165739][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165764][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165788][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165813][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165839][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165864][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165894][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165919][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165945][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165970][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.165995][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.166017][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.166039][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.166063][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.166088][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.166109][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.947442][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.956146][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1249.963911][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.024690][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.032485][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.044717][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.052491][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.222207][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.230733][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.245969][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.262407][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.270964][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.280588][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.290467][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.298454][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.306701][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.314711][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.339004][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.347036][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.371089][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.379021][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.406960][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.415077][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.422835][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.445079][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.452854][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.484181][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.491971][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.514337][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.522117][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.537301][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.545156][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.552904][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.583395][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.594318][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.602087][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.613356][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.623758][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.632081][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.640184][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.652784][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.660635][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.693559][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.710304][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.732788][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.750755][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.778998][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.808481][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.825568][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.833381][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.887080][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.902088][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.915258][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.927492][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.935906][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.943737][T24586] hid-generic 0008:0000:FFFFFBFF.0017: unknown main item tag 0x0
[ 1250.958393][T24586] hid-generic 0008:0000:FFFFFBFF.0017: hidraw0: <UNKNOWN> HID v9.86 Device [syz0] on syz1
[ 1251.103744][T26052] binder: 26051:26052 ioctl c0306201 200000000540 returned -14
[ 1251.545132][T32429] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1251.552220][T26049] fido_id[26049]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1251.554693][T32429] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1251.575585][T32429] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1251.583660][T32429] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1251.593140][T32429] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1251.613369][T20960] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1251.621071][T20960] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1251.629426][T20960] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1251.637489][T20960] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1251.645240][T20960] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1251.991747][T26103] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1252.257319][T31203] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1252.329388][T26119] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1252.477289][T31203] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1252.726247][T31203] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.013433][T26175] dlm: plock device version mismatch: kernel (1.2.0), user (1986356271.1684633135.2322277)
[ 1253.027622][T31203] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1253.209537][T26188] loop8: detected capacity change from 0 to 7
[ 1253.260135][T22371] Dev loop8: unable to read RDB block 7
[ 1253.267547][T22371]  loop8: unable to read partition table
[ 1253.274177][T22371] loop8: partition table beyond EOD, truncated
[ 1253.283030][T26188] Dev loop8: unable to read RDB block 7
[ 1253.297818][T26188]  loop8: unable to read partition table
[ 1253.311053][T26188] loop8: partition table beyond EOD, truncated
[ 1253.350431][T26188] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1253.417265][T26071] chnl_net:caif_netlink_parms(): no params data found
[ 1253.542824][T31203] bridge_slave_1: left allmulticast mode
[ 1253.552579][T31203] bridge_slave_1: left promiscuous mode
[ 1253.561032][T31203] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1253.662105][T31203] bridge_slave_0: left allmulticast mode
[ 1253.677045][T31203] bridge_slave_0: left promiscuous mode
[ 1253.683314][T31203] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1253.738330][T32429] Bluetooth: hci0: command tx timeout
[ 1254.368047][   T10] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[ 1254.387423][   T10] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1254.467830][T26320] input: syz0 as /devices/virtual/input/input308
[ 1254.535976][T26320] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1255.020230][T26341] loop8: detected capacity change from 0 to 7
[ 1255.028408][T26341] Dev loop8: unable to read RDB block 7
[ 1255.034012][T26341]  loop8: unable to read partition table
[ 1255.041388][T26341] loop8: partition table beyond EOD, truncated
[ 1255.051340][T26341] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1255.814533][T32429] Bluetooth: hci0: command tx timeout
[ 1255.925188][T31203] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1256.024864][T31203] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1256.066528][T31203] bond0 (unregistering): Released all slaves
[ 1257.116004][T26401] mkiss: ax0: crc mode is auto.
[ 1257.474607][T26453] loop8: detected capacity change from 0 to 7
[ 1257.483602][T22371] Dev loop8: unable to read RDB block 7
[ 1257.491260][T22371]  loop8: unable to read partition table
[ 1257.497979][T22371] loop8: partition table beyond EOD, truncated
[ 1257.511049][T26453] Dev loop8: unable to read RDB block 7
[ 1257.517541][T26453]  loop8: unable to read partition table
[ 1257.523338][T26453] loop8: partition table beyond EOD, truncated
[ 1257.531034][T26453] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1257.708803][T26467] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1257.765667][T26071] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1257.773009][T26071] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1257.782679][T26071] bridge_slave_0: entered allmulticast mode
[ 1257.793435][T26071] bridge_slave_0: entered promiscuous mode
[ 1257.805403][T26071] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1257.812599][T26071] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1257.823766][T26071] bridge_slave_1: entered allmulticast mode
[ 1257.836377][T26071] bridge_slave_1: entered promiscuous mode
[ 1257.896798][T32429] Bluetooth: hci0: command tx timeout
[ 1258.354465][T31203] hsr_slave_0: left promiscuous mode
[ 1258.384413][T31203] hsr_slave_1: left promiscuous mode
[ 1258.397206][T31203] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1258.414134][T31203] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1258.465225][T31203] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1258.473067][T31203] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1258.571819][T31203] veth1_macvtap: left promiscuous mode
[ 1258.586785][T31203] veth0_macvtap: left promiscuous mode
[ 1258.592622][T31203] veth1_vlan: left promiscuous mode
[ 1258.604308][T31203] veth0_vlan: left promiscuous mode
[ 1259.044987][T26525] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1259.407010][T26549] autofs4:pid:26549:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[ 1259.435702][T26549] autofs4:pid:26549:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[ 1259.974509][T32429] Bluetooth: hci0: command tx timeout
[ 1260.188600][T26566] ALSA: mixer_oss: invalid OSS volume 'dev/sequencer'
[ 1261.408682][T26628] input: syz1 as /devices/virtual/input/input310
[ 1261.726139][T31203] team0 (unregistering): Port device team_slave_1 removed
[ 1262.044754][T31203] team0 (unregistering): Port device team_slave_0 removed
[ 1262.246087][T26674] syz.5.8374: attempt to access beyond end of device
[ 1262.246087][T26674] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1263.189640][T26718] random: crng reseeded on system resumption
[ 1265.036962][T26789] loop8: detected capacity change from 0 to 7
[ 1265.044954][T26789] Dev loop8: unable to read RDB block 7
[ 1265.050564][T26789]  loop8: unable to read partition table
[ 1265.060248][T26789] loop8: partition table beyond EOD, truncated
[ 1265.066914][T26789] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1265.201099][T26071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1265.359262][T26071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1265.661064][T26071] team0: Port device team_slave_0 added
[ 1265.706049][T26071] team0: Port device team_slave_1 added
[ 1266.067119][T26071] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1266.095061][T26071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1266.121096][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1266.139977][T26071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1266.189419][T26071] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1266.200546][T26071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1266.310776][T26071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1266.849816][T26071] hsr_slave_0: entered promiscuous mode
[ 1266.862872][T26071] hsr_slave_1: entered promiscuous mode
[ 1266.869699][T26071] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1266.895857][T26071] Cannot create hsr debugfs directory
[ 1267.382571][T27015] syz.8.8412: attempt to access beyond end of device
[ 1267.382571][T27015] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1267.965392][T27075] syz.5.8415: attempt to access beyond end of device
[ 1267.965392][T27075] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1268.364293][T26071] netdevsim netdevsim9 netdevsim0: renamed from eth0
[ 1268.389692][T26071] netdevsim netdevsim9 netdevsim1: renamed from eth1
[ 1268.460791][T26071] netdevsim netdevsim9 netdevsim2: renamed from eth2
[ 1268.526648][T26071] netdevsim netdevsim9 netdevsim3: renamed from eth3
[ 1268.713213][T26071] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1268.779451][T26071] 8021q: adding VLAN 0 to HW filter on device team0
[ 1268.825981][T31203] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1268.833164][T31203] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1268.938098][T31203] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1268.945310][T31203] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1269.640277][T27234] loop8: detected capacity change from 0 to 7
[ 1269.667980][T27234] Dev loop8: unable to read RDB block 7
[ 1269.676089][T27234]  loop8: unable to read partition table
[ 1269.688174][T27234] loop8: partition table beyond EOD, truncated
[ 1269.702575][T27234] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1270.000032][T26071] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1270.817207][T26071] veth0_vlan: entered promiscuous mode
[ 1270.863034][T26071] veth1_vlan: entered promiscuous mode
[ 1270.871257][T27348] loop8: detected capacity change from 0 to 7
[ 1270.887778][T27348] Dev loop8: unable to read RDB block 7
[ 1270.902195][T27348]  loop8: unable to read partition table
[ 1270.915379][T27348] loop8: partition table beyond EOD, truncated
[ 1270.932078][T27348] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1270.944713][T26071] veth0_macvtap: entered promiscuous mode
[ 1270.966697][T26071] veth1_macvtap: entered promiscuous mode
[ 1271.076386][T26071] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1271.095894][T26071] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1271.107388][T26071] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.118035][T26071] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.127814][T26071] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.139350][T26071] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1271.288125][   T30] audit: type=1400 audit(1750324993.905:29): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=27366 comm="syz.7.8436"
[ 1271.418794][T27376] Attempt to restore checkpoint with obsolete wellknown handles
[ 1271.462187][T27376] Attempt to restore checkpoint with obsolete wellknown handles
[ 1271.489175][T31216] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.517698][T31216] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1271.549379][T27376] Attempt to restore checkpoint with obsolete wellknown handles
[ 1271.585121][ T1172] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1271.607396][ T1172] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1272.407030][T27430] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1272.413459][T27430] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1272.499186][T27430] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1273.283571][T27481] sp0: Synchronizing with TNC
[ 1273.408640][T27482] [U] ш
[ 1274.092375][T27536] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1274.454453][T32429] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1276.535431][T32429] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1277.097667][T27678] program syz.7.8482 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1277.391070][T27710] random: crng reseeded on system resumption
[ 1277.676990][T27718] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1277.980969][T27741] mkiss: ax0: crc mode is auto.
[ 1278.026058][T27741] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1278.731510][   T30] audit: type=1800 audit(1750325001.345:30): pid=27793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.8500" name="memory.events" dev="tmpfs" ino=1068 res=0 errno=0
[ 1278.771754][   T30] audit: type=1804 audit(1750325001.345:31): pid=27793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.8.8500" name="/newroot/204/memory.events" dev="tmpfs" ino=1068 res=1 errno=0
[ 1279.659415][T32429] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1279.779633][T27853] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1280.763930][T27909] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1281.691766][T27951] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1282.379773][T27974] syz.7.8533: attempt to access beyond end of device
[ 1282.379773][T27974] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1282.866633][T27996] input: syz1 as /devices/virtual/input/input316
[ 1283.252300][T28022] syz.9.8543: attempt to access beyond end of device
[ 1283.252300][T28022] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1283.937673][T28060] input: syz1 as /devices/virtual/input/input319
[ 1284.667532][T28083] cgroup: fork rejected by pids controller in /syz5
[ 1284.765694][T28087] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1285.193669][ T1105] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1286.297824][T31216] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.453836][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1286.473541][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1286.482646][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1286.505108][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1286.512858][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1286.612701][T28294] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1286.625290][T31216] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1286.886142][T31216] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1287.090480][T28335] QAT: Stopping all acceleration devices.
[ 1287.178958][T31216] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1287.254369][T32429] Bluetooth: hci1: Opcode 0x1003 failed: -110
[ 1287.302946][T28352] syz.8.8581: attempt to access beyond end of device
[ 1287.302946][T28352] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1287.685534][T28380] input: syz1 as /devices/virtual/input/input321
[ 1287.697109][T28282] chnl_net:caif_netlink_parms(): no params data found
[ 1287.717308][T28380] syz.7.8583: attempt to access beyond end of device
[ 1287.717308][T28380] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1287.747879][T31216] bridge_slave_1: left allmulticast mode
[ 1287.769062][T31216] bridge_slave_1: left promiscuous mode
[ 1287.781577][T31216] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1287.868314][T31216] bridge_slave_0: left allmulticast mode
[ 1287.874017][T31216] bridge_slave_0: left promiscuous mode
[ 1287.931361][T31216] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1287.958726][T28474] input: syz1 as /devices/virtual/input/input322
[ 1288.312227][T28505] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1288.614418][T32429] Bluetooth: hci3: command tx timeout
[ 1288.804789][T28526] loop8: detected capacity change from 0 to 7
[ 1288.829051][T28526] Dev loop8: unable to read RDB block 7
[ 1288.844311][T28526]  loop8: unable to read partition table
[ 1288.854433][T28526] loop8: partition table beyond EOD, truncated
[ 1288.877581][T28526] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1290.104316][T28566] loop8: detected capacity change from 0 to 7
[ 1290.111849][T28566] Dev loop8: unable to read RDB block 7
[ 1290.124552][T28566]  loop8: unable to read partition table
[ 1290.130429][T28566] loop8: partition table beyond EOD, truncated
[ 1290.137065][T28566] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1290.335590][T31216] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1290.368800][T28576] vivid-009: =================  START STATUS  =================
[ 1290.377943][T28576] vivid-009: FM Deviation: 75000
[ 1290.383413][T28576] vivid-009: ==================  END STATUS  ==================
[ 1290.434934][T31216] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1290.475440][T31216] bond0 (unregistering): Released all slaves
[ 1290.694204][T32429] Bluetooth: hci3: command tx timeout
[ 1290.832344][T28613] syz.9.8607: attempt to access beyond end of device
[ 1290.832344][T28613] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1291.194912][T28282] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1291.202094][T28282] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1291.222109][T28282] bridge_slave_0: entered allmulticast mode
[ 1291.246773][T28282] bridge_slave_0: entered promiscuous mode
[ 1291.408330][T28282] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1291.429075][T28282] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1291.442918][T28282] bridge_slave_1: entered allmulticast mode
[ 1291.454811][T28282] bridge_slave_1: entered promiscuous mode
[ 1291.550096][T28687] input: syz1 as /devices/virtual/input/input323
[ 1291.582591][T28687] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1291.915675][T31216] hsr_slave_0: left promiscuous mode
[ 1291.961267][T31216] hsr_slave_1: left promiscuous mode
[ 1291.975964][T31216] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1291.983434][T31216] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1292.047720][T31216] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1292.059839][T31216] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1292.150254][T31216] veth1_macvtap: left promiscuous mode
[ 1292.161195][T31216] veth0_macvtap: left promiscuous mode
[ 1292.168109][T31216] veth1_vlan: left promiscuous mode
[ 1292.173606][T31216] veth0_vlan: left promiscuous mode
[ 1292.720741][T28770] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1292.774519][T32429] Bluetooth: hci3: command tx timeout
[ 1293.780251][T28811] input: syz1 as /devices/virtual/input/input324
[ 1293.835432][T28815] usb usb8: usbfs: process 28815 (syz.7.8630) did not claim interface 0 before use
[ 1293.900309][T28817] input: syz1 as /devices/virtual/input/input325
[ 1293.930538][T28815] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1294.715691][T31216] team0 (unregistering): Port device team_slave_1 removed
[ 1294.854252][T32429] Bluetooth: hci3: command tx timeout
[ 1294.995004][T31216] team0 (unregistering): Port device team_slave_0 removed
[ 1297.438778][T28282] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1297.652966][T28282] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1297.889146][T28890] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1298.065325][T28282] team0: Port device team_slave_0 added
[ 1298.086443][T28282] team0: Port device team_slave_1 added
[ 1298.375778][T28282] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1298.395348][T28282] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1298.442100][T28954] random: crng reseeded on system resumption
[ 1298.466288][T28282] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1298.529868][T28282] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1298.538367][T28282] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1298.590551][T28282] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1299.078050][T28282] hsr_slave_0: entered promiscuous mode
[ 1299.100677][T28282] hsr_slave_1: entered promiscuous mode
[ 1299.107808][T28282] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1299.116507][T28282] Cannot create hsr debugfs directory
[ 1299.810677][T29089] FAULT_INJECTION: forcing a failure.
[ 1299.810677][T29089] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1299.826552][T29089] CPU: 1 UID: 0 PID: 29089 Comm: syz.9.8650 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1299.826577][T29089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1299.826588][T29089] Call Trace:
[ 1299.826595][T29089]  <TASK>
[ 1299.826602][T29089]  dump_stack_lvl+0x189/0x250
[ 1299.826625][T29089]  ? __pfx____ratelimit+0x10/0x10
[ 1299.826649][T29089]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1299.826678][T29089]  ? __pfx__printk+0x10/0x10
[ 1299.826698][T29089]  ? __might_fault+0xb0/0x130
[ 1299.826728][T29089]  should_fail_ex+0x414/0x560
[ 1299.826754][T29089]  _copy_from_user+0x2d/0xb0
[ 1299.826774][T29089]  sg_write+0x390/0xea0
[ 1299.826791][T29089]  ? aa_file_perm+0x11f/0xed0
[ 1299.826813][T29089]  ? __pfx_sg_write+0x10/0x10
[ 1299.826863][T29089]  ? bpf_lsm_file_permission+0x9/0x20
[ 1299.826880][T29089]  ? security_file_permission+0x75/0x290
[ 1299.826904][T29089]  ? rw_verify_area+0x258/0x650
[ 1299.826924][T29089]  ? __pfx_sg_write+0x10/0x10
[ 1299.826942][T29089]  vfs_write+0x27b/0xa90
[ 1299.826970][T29089]  ? __pfx_vfs_write+0x10/0x10
[ 1299.826993][T29089]  ? __fget_files+0x2a/0x420
[ 1299.827016][T29089]  ? __fget_files+0x2a/0x420
[ 1299.827036][T29089]  ? __fget_files+0x3a0/0x420
[ 1299.827056][T29089]  ? __fget_files+0x2a/0x420
[ 1299.827085][T29089]  ksys_write+0x145/0x250
[ 1299.827105][T29089]  ? __pfx_ksys_write+0x10/0x10
[ 1299.827121][T29089]  ? rcu_is_watching+0x15/0xb0
[ 1299.827143][T29089]  ? do_syscall_64+0xbe/0x3b0
[ 1299.827162][T29089]  do_syscall_64+0xfa/0x3b0
[ 1299.827178][T29089]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1299.827201][T29089]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1299.827216][T29089]  ? clear_bhb_loop+0x60/0xb0
[ 1299.827235][T29089]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1299.827251][T29089] RIP: 0033:0x7fc13518e929
[ 1299.827267][T29089] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1299.827281][T29089] RSP: 002b:00007fc1360a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1299.827298][T29089] RAX: ffffffffffffffda RBX: 00007fc1353b5fa0 RCX: 00007fc13518e929
[ 1299.827312][T29089] RDX: 0000000000000048 RSI: 0000200000000380 RDI: 0000000000000005
[ 1299.827324][T29089] RBP: 00007fc1360a9090 R08: 0000000000000000 R09: 0000000000000000
[ 1299.827335][T29089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1299.827346][T29089] R13: 0000000000000000 R14: 00007fc1353b5fa0 R15: 00007ffe47640638
[ 1299.827372][T29089]  </TASK>
[ 1300.076838][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1300.184877][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.191229][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1301.270559][T29163] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1301.777948][T28282] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1301.853481][T28282] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1302.001092][T28282] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1302.090143][T28282] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1302.213483][T29229] [U] 
[ 1302.437929][T28282] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1302.516808][T28282] 8021q: adding VLAN 0 to HW filter on device team0
[ 1302.573913][T31203] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1302.581159][T31203] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1302.610784][T29249] vivid-000: =================  START STATUS  =================
[ 1302.619730][T31203] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1302.626976][T31203] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1302.644209][T29249] vivid-000: ==================  END STATUS  ==================
[ 1303.133955][T29268] mkiss: ax0: crc mode is auto.
[ 1303.263674][T28282] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1304.057085][T28282] veth0_vlan: entered promiscuous mode
[ 1304.091164][T28282] veth1_vlan: entered promiscuous mode
[ 1304.108528][T29345] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1304.219206][T28282] veth0_macvtap: entered promiscuous mode
[ 1304.228930][T29351] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1304.235814][T28282] veth1_macvtap: entered promiscuous mode
[ 1304.255073][T28282] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1304.291500][T28282] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1304.342755][T28282] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.362419][T28282] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.380097][T28282] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.389665][T28282] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1304.732698][T16392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.767536][T16392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1304.849700][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1304.886155][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1305.765808][T29459] FAULT_INJECTION: forcing a failure.
[ 1305.765808][T29459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1305.799139][T29459] CPU: 1 UID: 0 PID: 29459 Comm: syz.8.8698 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1305.799166][T29459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1305.799178][T29459] Call Trace:
[ 1305.799186][T29459]  <TASK>
[ 1305.799194][T29459]  dump_stack_lvl+0x189/0x250
[ 1305.799223][T29459]  ? __pfx____ratelimit+0x10/0x10
[ 1305.799248][T29459]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1305.799267][T29459]  ? __pfx__printk+0x10/0x10
[ 1305.799286][T29459]  ? __might_fault+0xb0/0x130
[ 1305.799317][T29459]  should_fail_ex+0x414/0x560
[ 1305.799343][T29459]  _copy_from_iter+0x1db/0x16f0
[ 1305.799377][T29459]  ? __pfx__copy_from_iter+0x10/0x10
[ 1305.799409][T29459]  ? page_copy_sane+0x4e/0x280
[ 1305.799433][T29459]  copy_page_from_iter+0xdd/0x170
[ 1305.799460][T29459]  blk_rq_map_user_iov+0xdd1/0x18c0
[ 1305.799499][T29459]  ? __pfx_blk_rq_map_user_iov+0x10/0x10
[ 1305.799537][T29459]  ? import_ubuf+0xfb/0x1d0
[ 1305.799556][T29459]  blk_rq_map_user_io+0x252/0x3a0
[ 1305.799575][T29459]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1305.799601][T29459]  ? __pfx_blk_rq_map_user_io+0x10/0x10
[ 1305.799619][T29459]  ? rcu_is_watching+0x15/0xb0
[ 1305.799647][T29459]  ? sg_common_write+0xb85/0x13d0
[ 1305.799670][T29459]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1305.799692][T29459]  ? __pfx___mutex_lock+0x10/0x10
[ 1305.799709][T29459]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1305.799726][T29459]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1305.799755][T29459]  ? sg_link_reserve+0x28e/0x540
[ 1305.799778][T29459]  sg_common_write+0xcd8/0x13d0
[ 1305.799814][T29459]  ? __pfx_sg_common_write+0x10/0x10
[ 1305.799845][T29459]  sg_write+0xacd/0xea0
[ 1305.799871][T29459]  ? __pfx_sg_write+0x10/0x10
[ 1305.799924][T29459]  ? bpf_lsm_file_permission+0x9/0x20
[ 1305.799941][T29459]  ? security_file_permission+0x75/0x290
[ 1305.799966][T29459]  ? rw_verify_area+0x258/0x650
[ 1305.799986][T29459]  ? __pfx_sg_write+0x10/0x10
[ 1305.800004][T29459]  vfs_write+0x27b/0xa90
[ 1305.800033][T29459]  ? __pfx_vfs_write+0x10/0x10
[ 1305.800055][T29459]  ? __fget_files+0x2a/0x420
[ 1305.800081][T29459]  ? __fget_files+0x2a/0x420
[ 1305.800102][T29459]  ? __fget_files+0x3a0/0x420
[ 1305.800122][T29459]  ? __fget_files+0x2a/0x420
[ 1305.800153][T29459]  ksys_write+0x145/0x250
[ 1305.800177][T29459]  ? __pfx_ksys_write+0x10/0x10
[ 1305.800195][T29459]  ? rcu_is_watching+0x15/0xb0
[ 1305.800224][T29459]  ? do_syscall_64+0xbe/0x3b0
[ 1305.800244][T29459]  do_syscall_64+0xfa/0x3b0
[ 1305.800259][T29459]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1305.800280][T29459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1305.800296][T29459]  ? clear_bhb_loop+0x60/0xb0
[ 1305.800317][T29459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1305.800333][T29459] RIP: 0033:0x7f2983d8e929
[ 1305.800347][T29459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1305.800360][T29459] RSP: 002b:00007f2984c7a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1305.800378][T29459] RAX: ffffffffffffffda RBX: 00007f2983fb5fa0 RCX: 00007f2983d8e929
[ 1305.800391][T29459] RDX: 0000000000000048 RSI: 0000200000000380 RDI: 0000000000000005
[ 1305.800403][T29459] RBP: 00007f2984c7a090 R08: 0000000000000000 R09: 0000000000000000
[ 1305.800413][T29459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1305.800423][T29459] R13: 0000000000000000 R14: 00007f2983fb5fa0 R15: 00007ffe9f8fc038
[ 1305.800447][T29459]  </TASK>
[ 1306.136131][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1306.246537][T29462] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1306.258777][T29462] input input327: cannot allocate more than FF_MAX_EFFECTS effects
[ 1306.897471][T29508] FAULT_INJECTION: forcing a failure.
[ 1306.897471][T29508] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1306.928368][T29508] CPU: 0 UID: 0 PID: 29508 Comm: syz.8.8708 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1306.928394][T29508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1306.928404][T29508] Call Trace:
[ 1306.928411][T29508]  <TASK>
[ 1306.928418][T29508]  dump_stack_lvl+0x189/0x250
[ 1306.928443][T29508]  ? __pfx____ratelimit+0x10/0x10
[ 1306.928464][T29508]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1306.928479][T29508]  ? __pfx__printk+0x10/0x10
[ 1306.928502][T29508]  should_fail_ex+0x414/0x560
[ 1306.928527][T29508]  _copy_to_user+0x31/0xb0
[ 1306.928546][T29508]  simple_read_from_buffer+0xe1/0x170
[ 1306.928573][T29508]  proc_fail_nth_read+0x1df/0x250
[ 1306.928594][T29508]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1306.928612][T29508]  ? rw_verify_area+0x258/0x650
[ 1306.928631][T29508]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1306.928649][T29508]  vfs_read+0x1fd/0x980
[ 1306.928672][T29508]  ? __pfx___mutex_lock+0x10/0x10
[ 1306.928689][T29508]  ? __pfx_vfs_read+0x10/0x10
[ 1306.928709][T29508]  ? __fget_files+0x2a/0x420
[ 1306.928735][T29508]  ? __fget_files+0x3a0/0x420
[ 1306.928753][T29508]  ? __fget_files+0x2a/0x420
[ 1306.928780][T29508]  ksys_read+0x145/0x250
[ 1306.928801][T29508]  ? __pfx_ksys_read+0x10/0x10
[ 1306.928817][T29508]  ? rcu_is_watching+0x15/0xb0
[ 1306.928837][T29508]  ? do_syscall_64+0xbe/0x3b0
[ 1306.928858][T29508]  do_syscall_64+0xfa/0x3b0
[ 1306.928874][T29508]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1306.928897][T29508]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1306.928913][T29508]  ? clear_bhb_loop+0x60/0xb0
[ 1306.928932][T29508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1306.928947][T29508] RIP: 0033:0x7f2983d8d33c
[ 1306.928964][T29508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1306.928977][T29508] RSP: 002b:00007f2984c7a030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1306.928995][T29508] RAX: ffffffffffffffda RBX: 00007f2983fb5fa0 RCX: 00007f2983d8d33c
[ 1306.929006][T29508] RDX: 000000000000000f RSI: 00007f2984c7a0a0 RDI: 0000000000000006
[ 1306.929018][T29508] RBP: 00007f2984c7a090 R08: 0000000000000000 R09: 0000000000000000
[ 1306.929029][T29508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1306.929039][T29508] R13: 0000000000000000 R14: 00007f2983fb5fa0 R15: 00007ffe9f8fc038
[ 1306.929066][T29508]  </TASK>
[ 1307.223509][T29511] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1307.423614][T29525] syz.7.8711: attempt to access beyond end of device
[ 1307.423614][T29525] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1307.847361][T29553] input: syz1 as /devices/virtual/input/input329
[ 1308.642490][T29604] block device autoloading is deprecated and will be removed.
[ 1308.656282][T29604] syz.5.8727: attempt to access beyond end of device
[ 1308.656282][T29604] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1309.432111][T29672] loop8: detected capacity change from 0 to 7
[ 1309.452158][T29672] Dev loop8: unable to read RDB block 7
[ 1309.464214][T29672]  loop8: unable to read partition table
[ 1309.470267][T29672] loop8: partition table beyond EOD, truncated
[ 1309.484191][T29672] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1309.857063][T29699] usb usb1: usbfs: process 29699 (syz.8.8745) did not claim interface 0 before use
[ 1310.092167][T29709] input: syz1 as /devices/virtual/input/input332
[ 1310.240682][T29722] loop8: detected capacity change from 0 to 7
[ 1310.258924][T29722] Dev loop8: unable to read RDB block 7
[ 1310.265558][T29722]  loop8: unable to read partition table
[ 1310.275342][T29722] loop8: partition table beyond EOD, truncated
[ 1310.286022][T29722] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1310.805018][T29729] ubi31: detaching mtd0
[ 1310.840193][T29729] ubi31: mtd0 is detached
[ 1310.983754][T29740] program syz.7.8753 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1311.410746][T29753] blktrace: Concurrent blktraces are not allowed on sg0
[ 1311.694028][T29769] sp0: Synchronizing with TNC
[ 1311.745311][T29769] [U] ш
[ 1311.781511][T29777] loop8: detected capacity change from 0 to 7
[ 1311.790579][T22371] Dev loop8: unable to read RDB block 7
[ 1311.796773][T22371]  loop8: unable to read partition table
[ 1311.803177][T22371] loop8: partition table beyond EOD, truncated
[ 1311.825638][T29777] Dev loop8: unable to read RDB block 7
[ 1311.831381][T29777]  loop8: unable to read partition table
[ 1311.840892][T29777] loop8: partition table beyond EOD, truncated
[ 1311.853320][T29777] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1312.777572][T29843] loop8: detected capacity change from 0 to 7
[ 1312.838517][T29843] Dev loop8: unable to read RDB block 7
[ 1312.849548][T29843]  loop8: unable to read partition table
[ 1312.855626][T29843] loop8: partition table beyond EOD, truncated
[ 1312.873629][T29843] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1313.265817][T29862] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1314.415252][T29940] vivid-004: disconnect
[ 1314.642552][T29940] vivid-004: reconnect
[ 1315.003194][T29965] binder: 29963:29965 ioctl c018620c 200000001180 returned -22
[ 1315.469388][T29991] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1315.490199][T29994] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1316.362726][T30048] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1316.802651][T30068] binder: 30067:30068 ioctl c0306201 200000000540 returned -22
[ 1316.813095][T30068] syz.9.8812: attempt to access beyond end of device
[ 1316.813095][T30068] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1317.311840][T30100] loop8: detected capacity change from 0 to 7
[ 1317.321947][T22371] Dev loop8: unable to read RDB block 7
[ 1317.328867][T22371]  loop8: unable to read partition table
[ 1317.338509][T22371] loop8: partition table beyond EOD, truncated
[ 1317.347358][T30100] Dev loop8: unable to read RDB block 7
[ 1317.352961][T30100]  loop8: unable to read partition table
[ 1317.361862][T30100] loop8: partition table beyond EOD, truncated
[ 1317.387078][T30100] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1317.612755][T30117] ALSA: mixer_oss: invalid OSS volume ''
[ 1317.623951][T30124] CUSE: info not properly terminated
[ 1318.201036][T30145] input input334: cannot allocate more than FF_MAX_EFFECTS effects
[ 1318.217622][T30145] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1318.349541][T30154] CUSE: unknown device info ""
[ 1318.379022][T30154] CUSE: DEVNAME unspecified
[ 1318.856973][T30179] loop8: detected capacity change from 0 to 7
[ 1318.870933][T22371] Dev loop8: unable to read RDB block 7
[ 1318.876961][T22371]  loop8: unable to read partition table
[ 1318.882916][T22371] loop8: partition table beyond EOD, truncated
[ 1318.894316][T30179] Dev loop8: unable to read RDB block 7
[ 1318.899943][T30179]  loop8: unable to read partition table
[ 1318.908687][T30179] loop8: partition table beyond EOD, truncated
[ 1318.918676][T30179] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1319.410522][T30202] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1319.425491][T30208] syz.9.8838: attempt to access beyond end of device
[ 1319.425491][T30208] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1320.356931][T30251] workqueue: Failed to create a rescuer kthread for wq "nfc4_nci_cmd_wq": -EINTR
[ 1322.323668][T30348] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1322.780763][T30369] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1323.848170][T30391] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1323.857248][T30391] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1323.876767][T30391] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1323.998212][T30391] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1324.741946][T30432] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1325.480145][T30454] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1325.895373][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1325.902672][T32429] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1325.933068][T30476] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1326.073979][T30480] block nbd9: NBD_DISCONNECT
[ 1326.276977][T30488] sp0: Synchronizing with TNC
[ 1326.960819][T30519] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1327.573087][T30544] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1327.610331][T30544] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1327.977106][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1328.437130][T30575] sp0: Synchronizing with TNC
[ 1328.499580][T30580] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1328.528043][T30573] [U] ш
[ 1330.055247][ T5850] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1330.313594][T30632] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1330.935179][T30656] mkiss: ax0: crc mode is auto.
[ 1332.013909][T30705] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1332.537360][T30726] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1334.677433][T30822] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1335.114779][T32429] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1335.128868][T32429] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1335.138961][T32429] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1335.162627][T32429] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1335.171349][T32429] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1335.868484][ T1172] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1336.279517][ T1172] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1336.606793][ T1172] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1336.877103][ T1172] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1337.254400][ T5850] Bluetooth: hci1: command tx timeout
[ 1337.542013][T30846] chnl_net:caif_netlink_parms(): no params data found
[ 1337.585535][ T1172] bridge_slave_1: left allmulticast mode
[ 1337.591524][ T1172] bridge_slave_1: left promiscuous mode
[ 1337.601075][ T1172] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1337.735502][ T1172] bridge_slave_0: left allmulticast mode
[ 1337.754156][ T1172] bridge_slave_0: left promiscuous mode
[ 1337.761752][ T1172] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1338.129347][T31074] loop8: detected capacity change from 0 to 7
[ 1338.149044][T22371] Dev loop8: unable to read RDB block 7
[ 1338.162153][T22371]  loop8: unable to read partition table
[ 1338.172762][T22371] loop8: partition table beyond EOD, truncated
[ 1338.200312][T31074] Dev loop8: unable to read RDB block 7
[ 1338.207049][T31074]  loop8: unable to read partition table
[ 1338.213662][T31074] loop8: partition table beyond EOD, truncated
[ 1338.220773][T31074] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1339.334237][ T5850] Bluetooth: hci1: command tx timeout
[ 1339.865095][ T1172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1339.964733][ T1172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1340.008505][ T1172] bond0 (unregistering): Released all slaves
[ 1341.267696][T30846] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1341.275202][T30846] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1341.275416][T30846] bridge_slave_0: entered allmulticast mode
[ 1341.286983][T30846] bridge_slave_0: entered promiscuous mode
[ 1341.414216][ T5850] Bluetooth: hci1: command tx timeout
[ 1341.493869][T31209] binder: 31206:31209 ioctl c0306201 2000000003c0 returned -14
[ 1341.495553][T30846] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1341.520036][T30846] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1341.544706][T30846] bridge_slave_1: entered allmulticast mode
[ 1341.566044][T30846] bridge_slave_1: entered promiscuous mode
[ 1341.714292][T31229] loop8: detected capacity change from 0 to 7
[ 1341.738826][T31229] Dev loop8: unable to read RDB block 7
[ 1341.749454][T31229]  loop8: unable to read partition table
[ 1341.758064][T31229] loop8: partition table beyond EOD, truncated
[ 1341.776328][T31229] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1341.876096][T30846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1342.054519][ T1172] hsr_slave_0: left promiscuous mode
[ 1342.096459][ T1172] hsr_slave_1: left promiscuous mode
[ 1342.102600][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1342.120887][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1342.169500][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1342.198200][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1342.276732][ T1172] veth1_macvtap: left promiscuous mode
[ 1342.282673][ T1172] veth0_macvtap: left promiscuous mode
[ 1342.312573][ T1172] veth1_vlan: left promiscuous mode
[ 1342.344269][ T1172] veth0_vlan: left promiscuous mode
[ 1343.116311][T31304] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1343.373147][T31323] random: crng reseeded on system resumption
[ 1343.497125][ T5850] Bluetooth: hci1: command tx timeout
[ 1344.936332][ T1172] team0 (unregistering): Port device team_slave_1 removed
[ 1345.156228][ T1172] team0 (unregistering): Port device team_slave_0 removed
[ 1345.555355][T31361] Falling back ldisc for ptm1.
[ 1345.748195][T31385] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1347.003971][T31424] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1347.801282][T30846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1348.411418][T30846] team0: Port device team_slave_0 added
[ 1348.426193][T30846] team0: Port device team_slave_1 added
[ 1348.448057][T31512] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1348.760611][T30846] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1348.788048][T30846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1348.814011][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1348.911850][T30846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1349.011788][T30846] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1349.023368][T30846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1349.049324][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1349.075954][T30846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1349.078319][T31563] input: syz0 as /devices/virtual/input/input338
[ 1349.400201][T31589] binder: 31588:31589 ioctl 40046210 ffffffffffffffff returned -14
[ 1349.731774][T30846] hsr_slave_0: entered promiscuous mode
[ 1349.746564][T30846] hsr_slave_1: entered promiscuous mode
[ 1350.169108][T31675] binder: 31674:31675 ioctl 400c620e 9999999999999999 returned -14
[ 1350.687736][T31718] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1353.085361][T30846] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1353.119987][T30846] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1353.170778][T30846] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1353.207666][T30846] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1353.335539][T30846] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1353.367708][T30846] 8021q: adding VLAN 0 to HW filter on device team0
[ 1353.381912][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1353.389126][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1353.429683][ T1172] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1353.436894][ T1172] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1353.756901][T30846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1353.821108][T30846] veth0_vlan: entered promiscuous mode
[ 1353.842332][T30846] veth1_vlan: entered promiscuous mode
[ 1353.877646][T30846] veth0_macvtap: entered promiscuous mode
[ 1353.890185][T30846] veth1_macvtap: entered promiscuous mode
[ 1353.918027][T30846] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1353.938703][T30846] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1353.959720][T30846] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1353.973788][T30846] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1353.988364][T30846] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1353.999578][T30846] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1354.190972][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1354.203438][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1354.257913][ T1150] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1354.273232][ T1150] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1356.204830][T31959] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1356.221849][T31959] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1356.569765][T31959] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1356.576843][T31959] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1357.042794][T31959] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1357.051646][T31959] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[ 1357.889984][T32072] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1357.935416][T32072] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1358.446284][T32098] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1359.003464][T32136] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1360.367240][T32186] input: syz1 as /devices/virtual/input/input340
[ 1361.237551][T32226] loop8: detected capacity change from 0 to 7
[ 1361.252321][T22371] Dev loop8: unable to read RDB block 7
[ 1361.264202][T22371]  loop8: unable to read partition table
[ 1361.270111][T22371] loop8: partition table beyond EOD, truncated
[ 1361.337424][T32226] Dev loop8: unable to read RDB block 7
[ 1361.343164][T32226]  loop8: unable to read partition table
[ 1361.363702][T32226] loop8: partition table beyond EOD, truncated
[ 1361.392902][T32226] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1361.583267][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1361.591707][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1361.812304][T32254] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1362.048917][T32264] syz.0.9114: attempt to access beyond end of device
[ 1362.048917][T32264] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1362.355219][T32277] cgroup: fork rejected by pids controller in /syz0
[ 1362.857754][T32397] loop8: detected capacity change from 0 to 7
[ 1362.884777][T22371] Dev loop8: unable to read RDB block 7
[ 1362.890400][T22371]  loop8: unable to read partition table
[ 1362.915412][T22371] loop8: partition table beyond EOD, truncated
[ 1362.956014][T32397] Dev loop8: unable to read RDB block 7
[ 1362.968903][T32397]  loop8: unable to read partition table
[ 1362.989426][T32397] loop8: partition table beyond EOD, truncated
[ 1363.005237][T32397] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1363.044550][ T5207] Dev loop8: unable to read RDB block 7
[ 1363.059672][ T5207]  loop8: unable to read partition table
[ 1363.078472][ T5207] loop8: partition table beyond EOD, truncated
[ 1363.296997][ T1172] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1364.008339][  T731] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1364.337965][  T731] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1364.615459][T20960] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1364.626197][T20960] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1364.635449][T20960] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1364.655641][T20960] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1364.663306][T20960] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1364.672393][  T731] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1364.728228][T32429] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1364.742401][T32429] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1364.750282][T32429] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1364.761299][T32429] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1364.769286][T32429] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1365.089994][  T731] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1365.098045][T32517] loop8: detected capacity change from 0 to 7
[ 1365.115581][T22371] Dev loop8: unable to read RDB block 7
[ 1365.121203][T22371]  loop8: unable to read partition table
[ 1365.130541][T22371] loop8: partition table beyond EOD, truncated
[ 1365.143468][T32517] Dev loop8: unable to read RDB block 7
[ 1365.155823][T32517]  loop8: unable to read partition table
[ 1365.162163][T32517] loop8: partition table beyond EOD, truncated
[ 1365.172163][T32517] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1365.334839][ T5850] Bluetooth: hci1: Entering manufacturer mode failed (-110)
[ 1365.343114][T32429] Bluetooth: hci1: command 0xfc11 tx timeout
[ 1365.532688][T32559] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1365.879149][T32468] chnl_net:caif_netlink_parms(): no params data found
[ 1365.940067][  T731] bridge_slave_1: left allmulticast mode
[ 1365.962333][  T731] bridge_slave_1: left promiscuous mode
[ 1365.995261][  T731] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1366.006892][T32663] input: syz1 as /devices/virtual/input/input341
[ 1366.095399][  T731] bridge_slave_0: left allmulticast mode
[ 1366.101178][  T731] bridge_slave_0: left promiscuous mode
[ 1366.123208][  T731] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1366.395364][T32686] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1366.639855][T32697] loop8: detected capacity change from 0 to 7
[ 1366.685618][T32697] Dev loop8: unable to read RDB block 7
[ 1366.696052][T32697]  loop8: unable to read partition table
[ 1366.712582][T32697] loop8: partition table beyond EOD, truncated
[ 1366.794489][T32697] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1366.866839][ T5850] Bluetooth: hci2: command tx timeout
[ 1368.385530][  T731] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1368.486693][  T731] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1368.546258][  T731] bond0 (unregistering): Released all slaves
[ 1368.926604][  T307] vivid-000: =================  START STATUS  =================
[ 1368.934969][ T5850] Bluetooth: hci2: command tx timeout
[ 1368.958762][  T307] vivid-000: Enable Output Cropping: false
[ 1368.976634][  T307] vivid-000: Enable Output Composing: false
[ 1368.993803][  T307] vivid-000: Enable Output Scaler: false
[ 1369.014196][  T307] vivid-000: Tx RGB Quantization Range: Automatic
[ 1369.042572][  T307] vivid-000: Transmit Mode: HDMI
[ 1369.058485][  T307] vivid-000: Hotplug Present: 0x00000000
[ 1369.076420][  T307] vivid-000: RxSense Present: 0x00000000
[ 1369.098380][  T316] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1369.114165][  T307] vivid-000: EDID Present: 0x00000000
[ 1369.164003][  T307] vivid-000: ==================  END STATUS  ==================
[ 1370.010010][T32468] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1370.039657][T32468] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1370.050989][T32468] bridge_slave_0: entered allmulticast mode
[ 1370.069373][T32468] bridge_slave_0: entered promiscuous mode
[ 1370.324570][  T394] loop8: detected capacity change from 0 to 7
[ 1370.366014][  T394] Dev loop8: unable to read RDB block 7
[ 1370.375073][T32468] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1370.382234][T32468] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1370.383752][  T394]  loop8: unable to read partition table
[ 1370.412577][T32468] bridge_slave_1: entered allmulticast mode
[ 1370.418019][  T394] loop8: partition table beyond EOD, truncated
[ 1370.453306][  T394] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1370.453348][T32468] bridge_slave_1: entered promiscuous mode
[ 1370.659483][  T419] syz.9.9156: attempt to access beyond end of device
[ 1370.659483][  T419] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1370.860091][T32468] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1370.997121][  T458] ALSA: seq fatal error: cannot create timer (-22)
[ 1371.015068][ T5850] Bluetooth: hci2: command tx timeout
[ 1371.073450][  T731] hsr_slave_0: left promiscuous mode
[ 1371.151799][  T731] hsr_slave_1: left promiscuous mode
[ 1371.165416][  T731] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1371.183088][  T731] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1371.255706][  T731] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1371.264698][  T731] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1371.364121][  T731] veth1_macvtap: left promiscuous mode
[ 1371.369892][  T731] veth0_macvtap: left promiscuous mode
[ 1371.375896][  T731] veth1_vlan: left promiscuous mode
[ 1371.381414][  T731] veth0_vlan: left promiscuous mode
[ 1372.182735][  T485] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1373.094694][ T5850] Bluetooth: hci2: command tx timeout
[ 1373.886842][  T519] ALSA: mixer_oss: invalid OSS volume '·╬0╘0}г '
[ 1374.085057][  T731] team0 (unregistering): Port device team_slave_1 removed
[ 1374.387240][  T731] team0 (unregistering): Port device team_slave_0 removed
[ 1376.949688][T32468] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1377.117150][  T530] binder: 529:530 ioctl 40046210 ffffffffffffffff returned -14
[ 1377.320121][  T555] loop8: detected capacity change from 0 to 7
[ 1377.329669][T22371] Dev loop8: unable to read RDB block 7
[ 1377.337599][T22371]  loop8: unable to read partition table
[ 1377.343487][T22371] loop8: partition table beyond EOD, truncated
[ 1377.352671][  T555] Dev loop8: unable to read RDB block 7
[ 1377.360258][  T555]  loop8: unable to read partition table
[ 1377.367230][  T555] loop8: partition table beyond EOD, truncated
[ 1377.373875][  T555] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1377.426300][T32468] team0: Port device team_slave_0 added
[ 1377.589998][T32468] team0: Port device team_slave_1 added
[ 1377.650591][  T591] i2c i2c-0: Invalid block write size 34
[ 1377.822906][T32468] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1377.829938][T32468] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1377.856972][T32468] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1377.877057][T32468] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1377.886979][T32468] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1377.913205][T32468] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1378.269613][  T638] dlm: no locking on control device
[ 1378.339978][T32468] hsr_slave_0: entered promiscuous mode
[ 1378.350268][T32468] hsr_slave_1: entered promiscuous mode
[ 1378.389886][  T663] loop8: detected capacity change from 0 to 7
[ 1378.426842][T22371] Dev loop8: unable to read RDB block 7
[ 1378.433404][T22371]  loop8: unable to read partition table
[ 1378.451852][T22371] loop8: partition table beyond EOD, truncated
[ 1378.467580][  T663] Dev loop8: unable to read RDB block 7
[ 1378.491321][  T663]  loop8: unable to read partition table
[ 1378.526254][  T663] loop8: partition table beyond EOD, truncated
[ 1378.553062][  T663] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1378.584934][ T5207] Dev loop8: unable to read RDB block 7
[ 1378.590573][ T5207]  loop8: unable to read partition table
[ 1378.619598][  T697] [U] 

[ 1378.623483][ T5207] loop8: partition table beyond EOD, truncated
[ 1379.821564][  T812] loop8: detected capacity change from 0 to 7
[ 1379.851827][T22371] Dev loop8: unable to read RDB block 7
[ 1379.868988][T22371]  loop8: unable to read partition table
[ 1379.889493][T22371] loop8: partition table beyond EOD, truncated
[ 1379.910389][  T812] Dev loop8: unable to read RDB block 7
[ 1379.916334][  T812]  loop8: unable to read partition table
[ 1379.935139][  T812] loop8: partition table beyond EOD, truncated
[ 1379.958516][  T812] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1379.984323][T32468] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1380.038833][T32468] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1380.118830][T32468] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1380.193459][T32468] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1380.581419][T32468] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1380.643014][T32468] 8021q: adding VLAN 0 to HW filter on device team0
[ 1380.687344][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1380.694564][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1380.732737][T31216] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1380.739986][T31216] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1381.005986][  T875] loop8: detected capacity change from 0 to 7
[ 1381.034618][  T875] Dev loop8: unable to read RDB block 7
[ 1381.050563][  T875]  loop8: unable to read partition table
[ 1381.093323][  T875] loop8: partition table beyond EOD, truncated
[ 1381.109948][  T875] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1381.568020][T32468] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1381.611940][  T897] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1381.716927][T32468] veth0_vlan: entered promiscuous mode
[ 1381.766648][T32468] veth1_vlan: entered promiscuous mode
[ 1381.868561][T32468] veth0_macvtap: entered promiscuous mode
[ 1381.912007][T32468] veth1_macvtap: entered promiscuous mode
[ 1381.973951][T32468] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1382.075485][T32468] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1382.132402][T32468] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1382.186167][T32468] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1382.204915][T32468] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1382.224416][T32468] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1382.488872][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1382.524177][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1382.549544][  T966] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1382.642350][  T731] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1382.677829][  T964] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1382.688594][  T731] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1382.853227][  T985] loop8: detected capacity change from 0 to 7
[ 1382.876391][  T985] Dev loop8: unable to read RDB block 7
[ 1382.882024][  T985]  loop8: unable to read partition table
[ 1382.895825][  T985] loop8: partition table beyond EOD, truncated
[ 1382.957533][  T985] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1383.580541][ T1024] mkiss: ax0: crc mode is auto.
[ 1384.726058][ T1117] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1384.796840][ T1124] loop8: detected capacity change from 0 to 7
[ 1384.823909][T22371] Dev loop8: unable to read RDB block 7
[ 1384.839273][T22371]  loop8: unable to read partition table
[ 1384.865313][T22371] loop8: partition table beyond EOD, truncated
[ 1384.893370][ T1124] Dev loop8: unable to read RDB block 7
[ 1384.907896][ T1124]  loop8: unable to read partition table
[ 1384.920621][ T1124] loop8: partition table beyond EOD, truncated
[ 1384.957074][ T1124] loop_reread_partitions: partition scan of loop8 (■швлx) failed (rc=-5)
[ 1386.600012][ T1217] input: syz1 as /devices/virtual/input/input345
[ 1386.730851][ T1220] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1386.895762][ T1238] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1386.954998][ T1245] kvm_intel: kvm [1244]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff
[ 1387.631635][ T1288] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1387.823049][ T1284] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1387.974803][ T1313] sp0: Synchronizing with TNC
[ 1388.007647][ T1310] QAT: Invalid ioctl 21531
[ 1388.077773][ T1322] sp1: Synchronizing with TNC
[ 1388.121575][ T1302] [U] ш
[ 1388.416559][ T1346] loop6: detected capacity change from 0 to 524287999
[ 1388.528477][ T1350] loop6: detected capacity change from 524287999 to 524287952
[ 1389.055366][ T1371] input: syz1 as /devices/virtual/input/input346
[ 1389.099248][ T1371] input: syz1 as /devices/virtual/input/input347
[ 1389.337698][ T1386] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1389.776153][ T1415] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1389.822030][ T1420] iommufd_mock iommufd_mock2: Adding to iommu group 2
[ 1390.314678][ T1453] usb usb7: usbfs: process 1453 (syz.5.9285) did not claim interface 0 before use
[ 1390.397678][ T1453] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1391.852813][ T1551] syz.5.9304: attempt to access beyond end of device
[ 1391.852813][ T1551] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1392.400641][ T1567] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1393.118078][ T1604] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1395.882315][ T1762] binder: 1755:1762 ioctl c018620b 9999999999999999 returned -14
[ 1396.036864][ T1762] binder: 1755:1762 ioctl c018620b 9999999999999999 returned -14
[ 1396.149201][ T1769] syz.9.9340: attempt to access beyond end of device
[ 1396.149201][ T1769] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1396.306852][ T1780] serio: Serial port ttynull
[ 1396.377141][ T1785] binder: binder_mmap: 1778 200000001000-20000000b000 bad vm_flags failed -1
[ 1396.636669][ T1795] loop8: detected capacity change from 0 to 7
[ 1396.647814][ T1795] Dev loop8: unable to read RDB block 7
[ 1396.653436][ T1795]  loop8: unable to read partition table
[ 1396.653683][ T1795] loop8: partition table beyond EOD, truncated
[ 1396.665941][ T1795] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1396.953455][ T1821] input: syz1 as /devices/virtual/input/input348
[ 1397.076317][   T30] audit: type=1400 audit(1750325119.695:32): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="blkio.bfq.time" pid=1827 comm="syz.0.9351"
[ 1397.931636][ T1860] input: syz1 as /devices/virtual/input/input349
[ 1398.279996][ T1888] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0)
[ 1399.540830][ T2055] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1399.581398][ T2056] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1400.021175][ T2085] usb usb8: usbfs: process 2085 (syz.5.9377) did not claim interface 0 before use
[ 1400.023718][ T2084] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1400.193452][ T2094] ALSA: seq fatal error: cannot create timer (-22)
[ 1400.370372][ T2103] mkiss: ax0: crc mode is auto.
[ 1400.394818][ T2106] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1400.533491][ T2119] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1402.214039][ T2217] loop8: detected capacity change from 0 to 7
[ 1402.253024][ T2217] Dev loop8: unable to read RDB block 7
[ 1402.291383][ T2217]  loop8: unable to read partition table
[ 1402.313506][ T2217] loop8: partition table beyond EOD, truncated
[ 1402.335490][ T2217] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1403.266412][ T2271] loop8: detected capacity change from 0 to 7
[ 1403.300400][ T2271] Dev loop8: unable to read RDB block 7
[ 1403.318453][ T2271]  loop8: unable to read partition table
[ 1403.328211][ T2271] loop8: partition table beyond EOD, truncated
[ 1403.356855][ T2271] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1403.672684][ T2279] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1404.353839][ T2328] sp0: Synchronizing with TNC
[ 1404.639534][ T2345] loop8: detected capacity change from 0 to 7
[ 1404.671977][T20443] Dev loop8: unable to read RDB block 7
[ 1404.684132][T20443]  loop8: unable to read partition table
[ 1404.690105][T20443] loop8: partition table beyond EOD, truncated
[ 1404.721858][ T2345] Dev loop8: unable to read RDB block 7
[ 1404.738313][ T2345]  loop8: unable to read partition table
[ 1404.752120][ T2345] loop8: partition table beyond EOD, truncated
[ 1404.758885][ T2345] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1404.771637][ T5207] Dev loop8: unable to read RDB block 7
[ 1404.791774][ T5207]  loop8: unable to read partition table
[ 1404.791774][ T2359] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1404.824996][ T5207] loop8: partition table beyond EOD, truncated
[ 1406.058832][ T2517] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1406.182750][ T2570] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1406.276922][ T2517] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1407.437214][ T2620] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1407.973679][ T2662] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1408.389947][ T2708] loop8: detected capacity change from 0 to 7
[ 1408.410609][ T2708] Dev loop8: unable to read RDB block 7
[ 1408.411757][ T2701] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1408.423265][ T2708]  loop8: unable to read partition table
[ 1408.430469][ T2708] loop8: partition table beyond EOD, truncated
[ 1408.446954][ T2708] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1409.250059][ T2766] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1409.519281][ T2789] vivid-000: =================  START STATUS  =================
[ 1409.529258][ T2789] vivid-000: Generate PTS: true
[ 1409.534900][ T2789] vivid-000: Generate SCR: true
[ 1409.539809][ T2789] tpg source WxH: 720x576 (Y'CbCr)
[ 1409.550070][ T2789] tpg field: 4
[ 1409.553476][ T2789] tpg crop: (0,0)/720x576
[ 1409.560199][ T2789] tpg compose: (0,0)/720x576
[ 1409.570307][ T2789] tpg colorspace: 1
[ 1409.601046][ T2789] tpg transfer function: 2/2
[ 1409.611221][ T2789] tpg Y'CbCr encoding: 2/2
[ 1409.611449][ T2798] syz.8.9459: attempt to access beyond end of device
[ 1409.611449][ T2798] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1409.630594][ T2789] tpg quantization: 2/2
[ 1409.644503][ T2789] tpg RGB range: 0/1
[ 1409.649594][ T2789] vivid-000: ==================  END STATUS  ==================
[ 1410.442362][ T2849] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1410.678562][ T2867] input: syz1 as /devices/virtual/input/input351
[ 1411.383478][ T2912] binder: 2911:2912 ioctl c0306201 200000000300 returned -22
[ 1411.908637][ T2941] binder: 2934:2941 ioctl c0306201 0 returned -14
[ 1412.007603][ T2944] loop8: detected capacity change from 0 to 7
[ 1412.027960][ T2944] Dev loop8: unable to read RDB block 7
[ 1412.045083][ T2944]  loop8: unable to read partition table
[ 1412.065931][ T2944] loop8: partition table beyond EOD, truncated
[ 1412.080901][ T2944] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1412.300156][ T2956] binder: 2950:2956 ioctl c0306201 200000000300 returned -22
[ 1412.898998][ T2968] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1416.087193][ T3144] can0: slcan on ptm1.
[ 1416.534998][ T3166] syz.0.9525: attempt to access beyond end of device
[ 1416.534998][ T3166] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1416.924643][ T3138] can0 (unregistered): slcan off ptm1.
[ 1418.331603][ T3277] Invalid logical block size (16)
[ 1419.158277][ T3328] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1419.276787][ T3334] random: crng reseeded on system resumption
[ 1419.921615][ T3369] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[ 1421.139430][ T3413] Sensor A: =================  START STATUS  =================
[ 1421.148463][ T3413] Sensor A: Test Pattern: 75% Colorbar
[ 1421.154882][ T3413] Sensor A: Show Information: None
[ 1421.161871][ T3413] Sensor A: Vertical Flip: true
[ 1421.167829][ T3413] Sensor A: Horizontal Flip: true
[ 1421.173231][ T3413] Sensor A: Brightness: 255
[ 1421.178570][ T3413] Sensor A: Contrast: 0
[ 1421.182892][ T3413] Sensor A: Hue: 3
[ 1421.188569][ T3413] Sensor A: Saturation: 0
[ 1421.193052][ T3413] Sensor A: ==================  END STATUS  ==================
[ 1421.568773][ T3432] Failed to get privilege flags for destination (handle=0x2:0x10)
[ 1423.030925][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.037764][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.794602][ T3532] input: syz1 as /devices/virtual/input/input354
[ 1424.386958][ T3567] loop8: detected capacity change from 0 to 7
[ 1424.414973][T22371] Dev loop8: unable to read RDB block 7
[ 1424.422693][T22371]  loop8: unable to read partition table
[ 1424.434783][T22371] loop8: partition table beyond EOD, truncated
[ 1424.442424][ T3567] Dev loop8: unable to read RDB block 7
[ 1424.453427][ T3567]  loop8: unable to read partition table
[ 1424.461890][ T3567] loop8: partition table beyond EOD, truncated
[ 1424.471567][ T3567] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1424.513892][ T3572] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1424.608842][ T3578] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1425.402498][ T3606] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1425.414945][ T3606] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1425.515823][ T3606] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1425.973194][ T3642] program syz.5.9613 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1426.010235][ T3642] random: crng reseeded on system resumption
[ 1426.308296][ T3646] binder_alloc: binder_alloc_mmap_handler: 3638 200000735000-200000736000 already mapped failed -16
[ 1426.876018][ T3680] input: syz1 as /devices/virtual/input/input357
[ 1427.094876][ T3655] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1427.101190][ T3655] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1427.251404][ T3698] blktrace: Concurrent blktraces are not allowed on rnullb0
[ 1427.259418][ T3696] blktrace: Concurrent blktraces are not allowed on rnullb0
[ 1427.448415][ T3716] loop8: detected capacity change from 0 to 7
[ 1427.456773][T22371] Dev loop8: unable to read RDB block 7
[ 1427.462493][T22371]  loop8: unable to read partition table
[ 1427.471553][T22371] loop8: partition table beyond EOD, truncated
[ 1427.479440][ T3716] Dev loop8: unable to read RDB block 7
[ 1427.488014][ T3716]  loop8: unable to read partition table
[ 1427.502279][ T3716] loop8: partition table beyond EOD, truncated
[ 1427.508817][ T3716] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1427.928078][ T3741] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1428.418969][ T3778] binder: 3777:3778 ioctl 400c620e 2000000000c0 returned -22
[ 1428.753316][ T3801] Context (ID=0x10) not attached to queue pair (handle=0x2:0x9)
[ 1429.846058][ T3835] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1430.723635][ T3890] loop8: detected capacity change from 0 to 7
[ 1430.742962][T22371] Dev loop8: unable to read RDB block 7
[ 1430.771639][T22371]  loop8: unable to read partition table
[ 1430.778172][T22371] loop8: partition table beyond EOD, truncated
[ 1430.792128][ T3890] Dev loop8: unable to read RDB block 7
[ 1430.804176][ T3890]  loop8: unable to read partition table
[ 1430.814783][ T3890] loop8: partition table beyond EOD, truncated
[ 1430.834206][ T3890] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1431.139299][ T3915] vimc link validate: Scaler:src:16x16 (0x33424752, 0, 0, 0, 0) RGB/YUV Capture:snk:16x16 (0x38416761, 8, 0, 0, 0)
[ 1431.744448][ T3947] loop8: detected capacity change from 0 to 7
[ 1431.758459][T22371] Dev loop8: unable to read RDB block 7
[ 1431.777009][T22371]  loop8: unable to read partition table
[ 1431.787321][T22371] loop8: partition table beyond EOD, truncated
[ 1431.801793][ T3947] Dev loop8: unable to read RDB block 7
[ 1431.817104][ T3947]  loop8: unable to read partition table
[ 1431.833496][ T3947] loop8: partition table beyond EOD, truncated
[ 1431.853242][ T3947] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1433.047483][ T4001] sg_write: data in/out 1836477195/26 bytes for SCSI command 0xfe-- guessing data in;
[ 1433.047483][ T4001]    program syz.9.9677 not setting count and/or reply_len properly
[ 1433.353080][ T4014] loop8: detected capacity change from 0 to 7
[ 1433.366070][T22371] Dev loop8: unable to read RDB block 7
[ 1433.371732][T22371]  loop8: unable to read partition table
[ 1433.403756][T22371] loop8: partition table beyond EOD, truncated
[ 1433.430606][ T4014] Dev loop8: unable to read RDB block 7
[ 1433.448035][ T4014]  loop8: unable to read partition table
[ 1433.467142][ T4014] loop8: partition table beyond EOD, truncated
[ 1433.487083][ T4014] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1435.068110][ T4082] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1435.270679][ T4093] binder: 4092:4093 ioctl c00c620f 0 returned -14
[ 1435.407953][ T4108] loop8: detected capacity change from 0 to 7
[ 1435.437289][ T4108] Dev loop8: unable to read RDB block 7
[ 1435.443233][ T4108]  loop8: unable to read partition table
[ 1435.486532][ T4108] loop8: partition table beyond EOD, truncated
[ 1435.503400][ T4108] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1435.727158][    C1] sd 0:0:1:0: [sda] tag#1210 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[ 1435.737680][    C1] sd 0:0:1:0: [sda] tag#1210 CDB: Read(6) 08 00 00 00 85 f0
[ 1436.341664][ T4157] loop8: detected capacity change from 0 to 7
[ 1436.364906][ T4157] Dev loop8: unable to read RDB block 7
[ 1436.390405][ T4157]  loop8: unable to read partition table
[ 1436.397211][ T4157] loop8: partition table beyond EOD, truncated
[ 1436.404411][ T4157] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1436.511145][T20457] hid-generic C98F:0003:0000.0019: item fetching failed at offset 0/2
[ 1436.537672][T20457] hid-generic C98F:0003:0000.0019: probe with driver hid-generic failed with error -22
[ 1436.598459][ T4174] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1437.740699][ T4229] loop8: detected capacity change from 0 to 7
[ 1437.756372][ T4229] Dev loop8: unable to read RDB block 7
[ 1437.772300][ T4229]  loop8: unable to read partition table
[ 1437.781358][ T4229] loop8: partition table beyond EOD, truncated
[ 1437.794133][ T4229] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1439.356220][ T4293] binder: 4292:4293 ioctl 40046205 0 returned -22
[ 1439.580298][   T30] audit: type=1400 audit(1750325162.195:33): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2221D01A0B978D2F2F262D2A83D1 pid=4301 comm="syz.5.9743"
[ 1440.133914][ T4384] syz.0.9745: attempt to access beyond end of device
[ 1440.133914][ T4384] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1441.003315][ T4485] CUSE: info not properly terminated
[ 1441.097728][ T4485] ALSA: seq fatal error: cannot create timer (-22)
[ 1441.583816][ T4507] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1441.799296][ T5904] hid-generic 009C:0008:0003.001A: unknown main item tag 0x3
[ 1441.812679][ T5904] hid-generic 009C:0008:0003.001A: unknown main item tag 0x0
[ 1441.839129][ T5904] hid-generic 009C:0008:0003.001A: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[ 1441.979602][ T4529] mkiss: ax0: crc mode is auto.
[ 1442.693663][ T4562] loop8: detected capacity change from 0 to 7
[ 1442.701719][ T4562] Dev loop8: unable to read RDB block 7
[ 1442.708250][ T4562]  loop8: unable to read partition table
[ 1442.715161][ T4562] loop8: partition table beyond EOD, truncated
[ 1442.724334][ T4562] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1443.179509][ T4583] input: syz1 as /devices/virtual/input/input365
[ 1443.433620][ T4600] loop8: detected capacity change from 0 to 7
[ 1443.446502][T22371] Dev loop8: unable to read RDB block 7
[ 1443.452947][T22371]  loop8: unable to read partition table
[ 1443.459724][T22371] loop8: partition table beyond EOD, truncated
[ 1443.470771][ T4600] Dev loop8: unable to read RDB block 7
[ 1443.480564][ T4600]  loop8: unable to read partition table
[ 1443.488998][ T4600] loop8: partition table beyond EOD, truncated
[ 1443.506027][ T4600] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1443.731578][ T4624] usb usb7: usbfs: process 4624 (syz.0.9782) did not claim interface 0 before use
[ 1443.748672][ T4624] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1444.364899][ T4658] loop8: detected capacity change from 0 to 7
[ 1444.373704][T22371] Dev loop8: unable to read RDB block 7
[ 1444.381559][T22371]  loop8: unable to read partition table
[ 1444.391841][T22371] loop8: partition table beyond EOD, truncated
[ 1444.403721][ T4658] Dev loop8: unable to read RDB block 7
[ 1444.409762][ T4658]  loop8: unable to read partition table
[ 1444.415791][ T4658] loop8: partition table beyond EOD, truncated
[ 1444.422147][ T4658] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1445.110975][ T4694] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1445.351635][ T4705] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1445.480155][ T4715] loop8: detected capacity change from 0 to 7
[ 1445.488722][T22371] Dev loop8: unable to read RDB block 7
[ 1445.504401][T22371]  loop8: unable to read partition table
[ 1445.510362][T22371] loop8: partition table beyond EOD, truncated
[ 1445.517698][ T4715] Dev loop8: unable to read RDB block 7
[ 1445.549815][ T4715]  loop8: unable to read partition table
[ 1445.556252][ T4715] loop8: partition table beyond EOD, truncated
[ 1445.562560][ T4715] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1445.674962][ T4720] syz.0.9800: attempt to access beyond end of device
[ 1445.674962][ T4720] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1445.980823][ T4743] binder: 4739:4743 ioctl c0306201 2000000003c0 returned -14
[ 1446.162390][ T4751] loop8: detected capacity change from 0 to 7
[ 1446.173214][T22371] Dev loop8: unable to read RDB block 7
[ 1446.180164][T22371]  loop8: unable to read partition table
[ 1446.190804][T22371] loop8: partition table beyond EOD, truncated
[ 1446.199352][ T4751] Dev loop8: unable to read RDB block 7
[ 1446.208360][ T4751]  loop8: unable to read partition table
[ 1446.217670][ T4751] loop8: partition table beyond EOD, truncated
[ 1446.224402][ T4751] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1446.901898][ T4801] loop8: detected capacity change from 0 to 7
[ 1446.913205][T22371] Dev loop8: unable to read RDB block 7
[ 1446.919658][T22371]  loop8: unable to read partition table
[ 1446.929729][T22371] loop8: partition table beyond EOD, truncated
[ 1446.946520][ T4801] Dev loop8: unable to read RDB block 7
[ 1446.952176][ T4801]  loop8: unable to read partition table
[ 1446.960089][ T4801] loop8: partition table beyond EOD, truncated
[ 1446.968964][ T4801] loop_reread_partitions: partition scan of loop8 (■швлx) failed (rc=-5)
[ 1447.150741][ T4815] loop8: detected capacity change from 0 to 7
[ 1447.174694][   T30] audit: type=1800 audit(1750325169.785:34): pid=4817 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.9821" name="memory.events" dev="tmpfs" ino=815 res=0 errno=0
[ 1447.213105][ T4815] Dev loop8: unable to read RDB block 7
[ 1447.224166][ T4815]  loop8: unable to read partition table
[ 1447.249335][ T4815] loop8: partition table beyond EOD, truncated
[ 1447.260332][ T4815] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1447.539443][ T4830] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1447.552707][ T4830] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1448.264474][ T4867] loop8: detected capacity change from 0 to 7
[ 1448.281906][ T4867] Dev loop8: unable to read RDB block 7
[ 1448.288104][ T4867]  loop8: unable to read partition table
[ 1448.298805][ T4867] loop8: partition table beyond EOD, truncated
[ 1448.299106][ T4873] binder: binder_mmap: 4871 200000001000-20000000b000 bad vm_flags failed -1
[ 1448.308800][ T4867] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1448.688310][ T4891] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1450.376247][ T4997] usb usb1: usbfs: process 4997 (syz.5.9857) did not claim interface 0 before use
[ 1450.609149][ T5007] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1451.146606][ T5050] blktrace: Concurrent blktraces are not allowed on nullb0
[ 1451.155227][ T5050] dlm: plock device version mismatch: kernel (1.2.0), user (158.5381.4098)
[ 1451.345502][ T5060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1451.698587][ T5085] random: crng reseeded on system resumption
[ 1451.739598][ T5085] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1451.775566][ T5085] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1451.790840][ T5085] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1452.231923][ T5108] input: syz1 as /devices/virtual/input/input366
[ 1452.328276][ T5106] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1454.002251][ T5199] input: syz1 as /devices/virtual/input/input371
[ 1454.533878][ T5236] input: syz1 as /devices/virtual/input/input372
[ 1455.638742][ T5292] input input374: cannot allocate more than FF_MAX_EFFECTS effects
[ 1456.062966][ T5317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1457.154527][ T5455] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1457.559295][ T5471] binder: 5470:5471 ioctl c0109428 200000000000 returned -22
[ 1457.604404][ T5471] input: syz0 as /devices/virtual/input/input375
[ 1458.030240][ T5507] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1458.353840][ T5530] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1458.671155][   T30] audit: type=1800 audit(1750325181.285:35): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.9930" name="memory.events" dev="tmpfs" ino=912 res=0 errno=0
[ 1458.746175][   T30] audit: type=1804 audit(1750325181.315:36): pid=5540 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.9930" name="/newroot/174/memory.events" dev="tmpfs" ino=912 res=1 errno=0
[ 1459.936836][T32429] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1459.959157][T32429] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1459.974769][T32429] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1459.983043][T32429] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1459.992403][T32429] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1460.013447][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1460.021831][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1460.030253][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1460.049379][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1460.061742][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1460.687876][ T5638] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1460.881667][ T1172] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.147271][ T1172] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.463948][ T1172] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.686216][ T1172] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1461.922981][ T5593] chnl_net:caif_netlink_parms(): no params data found
[ 1462.135876][ T5850] Bluetooth: hci1: command tx timeout
[ 1462.434723][ T5593] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1462.441916][ T5593] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1462.458371][ T5593] bridge_slave_0: entered allmulticast mode
[ 1462.466896][ T5593] bridge_slave_0: entered promiscuous mode
[ 1462.493285][ T5593] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1462.501098][ T5593] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1462.508894][ T5593] bridge_slave_1: entered allmulticast mode
[ 1462.525805][ T5593] bridge_slave_1: entered promiscuous mode
[ 1462.815036][ T1172] bridge_slave_1: left allmulticast mode
[ 1462.827016][ T1172] bridge_slave_1: left promiscuous mode
[ 1462.832767][ T1172] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1462.955158][ T1172] bridge_slave_0: left allmulticast mode
[ 1462.960830][ T1172] bridge_slave_0: left promiscuous mode
[ 1462.986142][ T1172] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1464.217626][ T5850] Bluetooth: hci1: command tx timeout
[ 1464.679399][ T6010] syz.9.9977: attempt to access beyond end of device
[ 1464.679399][ T6010] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1465.240125][ T1172] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1465.331744][ T1172] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1465.403269][ T1172] bond0 (unregistering): Released all slaves
[ 1465.468902][ T5593] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1465.495822][ T5593] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1465.637899][ T6040] syz.0.9984: attempt to access beyond end of device
[ 1465.637899][ T6040] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1466.100655][ T5593] team0: Port device team_slave_0 added
[ 1466.118543][ T5593] team0: Port device team_slave_1 added
[ 1466.271071][ T6085] kvm: kvm [6081]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010058) = 0x4000000000000001
[ 1466.297079][ T5850] Bluetooth: hci1: command tx timeout
[ 1466.673639][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1466.687753][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1466.722286][ T5593] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1466.742742][ T5593] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1466.752663][ T5593] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1466.759499][   T30] audit: type=1400 audit(1750325189.375:37): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=6130 comm="syz.5.9993"
[ 1466.778608][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1466.804993][ T5593] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1467.134155][ T1172] hsr_slave_0: left promiscuous mode
[ 1467.174616][ T1172] hsr_slave_1: left promiscuous mode
[ 1467.181719][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1467.191314][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1467.237522][ T1172] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1467.245262][ T1172] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1467.312763][ T1172] veth1_macvtap: left promiscuous mode
[ 1467.318525][ T1172] veth0_macvtap: left promiscuous mode
[ 1467.325032][ T1172] veth1_vlan: left promiscuous mode
[ 1467.330464][ T1172] veth0_vlan: left promiscuous mode
[ 1467.339769][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1467.353635][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1467.368477][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1467.379545][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1467.389942][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1467.463387][ T6178] random: crng reseeded on system resumption
[ 1468.180069][ T6207] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1468.374387][ T5850] Bluetooth: hci1: command tx timeout
[ 1468.790373][ T6226] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1468.892934][ T6233] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1469.815398][ T1172] team0 (unregistering): Port device team_slave_1 removed
[ 1470.045099][ T1172] team0 (unregistering): Port device team_slave_0 removed
[ 1473.272780][ T5593] hsr_slave_0: entered promiscuous mode
[ 1473.281392][ T5593] hsr_slave_1: entered promiscuous mode
[ 1473.288877][ T5593] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1473.296838][ T5593] Cannot create hsr debugfs directory
[ 1473.657523][ T6375] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1474.410060][ T6427] binder: 6417:6427 ioctl c018620b 200000000100 returned -14
[ 1475.790728][ T6587] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[ 1475.866227][ T6595] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1475.955332][ T6587] iommufd_mock iommufd_mock0: Adding to iommu group 1
[ 1476.068015][ T5593] netdevsim netdevsim8 netdevsim0: renamed from eth0
[ 1476.139767][ T5593] netdevsim netdevsim8 netdevsim1: renamed from eth1
[ 1476.225921][ T5593] netdevsim netdevsim8 netdevsim2: renamed from eth2
[ 1476.293591][ T5593] netdevsim netdevsim8 netdevsim3: renamed from eth3
[ 1476.593879][ T5593] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1476.640269][ T5593] 8021q: adding VLAN 0 to HW filter on device team0
[ 1476.679254][ T1172] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1476.686478][ T1172] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1476.761955][T16392] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1476.769222][T16392] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1477.289352][ T5593] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1477.601916][ T5593] veth0_vlan: entered promiscuous mode
[ 1477.632190][ T5593] veth1_vlan: entered promiscuous mode
[ 1477.671686][ T5593] veth0_macvtap: entered promiscuous mode
[ 1477.693939][ T5593] veth1_macvtap: entered promiscuous mode
[ 1477.706332][ T6759] binder: 6757:6759 ioctl c018620b 200000000100 returned -14
[ 1477.732670][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1477.763626][ T5593] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1477.804671][ T5593] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1477.813427][ T5593] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1477.827039][ T5593] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1477.838321][ T5593] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1478.092428][T16392] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1478.122763][T16392] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1478.169784][T32641] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1478.194559][T32641] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1478.694182][T32429] Bluetooth: hci4: command 0xfc11 tx timeout
[ 1478.701773][ T5850] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[ 1478.961051][ T6806] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1482.426541][ T6992] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1482.851541][ T7020] mkiss: ax0: crc mode is auto.
[ 1482.902988][   T30] audit: type=1400 audit(1750325205.515:38): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7024 comm="syz.9.10093"
[ 1482.922018][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1483.048162][ T7037] loop8: detected capacity change from 0 to 7
[ 1483.057887][ T7037] Dev loop8: unable to read RDB block 7
[ 1483.063584][ T7037]  loop8: unable to read partition table
[ 1483.069841][ T7037] loop8: partition table beyond EOD, truncated
[ 1483.077092][ T7037] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1483.466736][ T7050] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer.
[ 1483.640068][ T7076] QAT: Device 6 not found
[ 1483.776495][ T7083] binder: 7082:7083 ioctl c0306201 200000000300 returned -22
[ 1483.798138][ T7085] loop8: detected capacity change from 0 to 7
[ 1483.826135][ T7085] Dev loop8: unable to read RDB block 7
[ 1483.831915][ T7085]  loop8: unable to read partition table
[ 1483.843730][ T7085] loop8: partition table beyond EOD, truncated
[ 1483.852118][ T7085] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1484.288142][ T7112] relay: one or more items not logged [item size (64) > sub-buffer size (8)]
[ 1484.469706][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.476329][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1484.599819][ T7131] loop8: detected capacity change from 0 to 7
[ 1484.609131][T22371] Dev loop8: unable to read RDB block 7
[ 1484.623660][T22371]  loop8: unable to read partition table
[ 1484.634968][T22371] loop8: partition table beyond EOD, truncated
[ 1484.645172][ T7131] Dev loop8: unable to read RDB block 7
[ 1484.650932][ T7131]  loop8: unable to read partition table
[ 1484.676695][ T7131] loop8: partition table beyond EOD, truncated
[ 1484.698377][ T7131] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1485.053113][ T7150] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1485.130417][   T30] audit: type=1800 audit(1750325207.745:39): pid=7156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.10122" name="dmabuf" dev="dmabuf" ino=61 res=0 errno=0
[ 1485.339342][ T7164] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1485.375046][ T7164] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1485.690680][ T7189] loop8: detected capacity change from 0 to 7
[ 1485.707155][ T7189] Dev loop8: unable to read RDB block 7
[ 1485.719924][ T7189]  loop8: unable to read partition table
[ 1485.732073][ T7189] loop8: partition table beyond EOD, truncated
[ 1485.759459][ T7189] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1485.787457][ T5207] Dev loop8: unable to read RDB block 7
[ 1485.793096][ T5207]  loop8: unable to read partition table
[ 1485.832033][ T5207] loop8: partition table beyond EOD, truncated
[ 1486.313497][ T7208] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1486.386047][ T7220] input: syz0 as /devices/virtual/input/input383
[ 1486.523248][ T7238] loop8: detected capacity change from 0 to 7
[ 1486.537744][ T7238] Dev loop8: unable to read RDB block 7
[ 1486.543376][ T7238]  loop8: unable to read partition table
[ 1486.553331][ T7238] loop8: partition table beyond EOD, truncated
[ 1486.559999][ T7238] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1486.962862][ T7257] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1486.969416][ T7257] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1487.085488][ T7257] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1487.639582][ T7293] loop8: detected capacity change from 0 to 7
[ 1487.649243][ T7293] Dev loop8: unable to read RDB block 7
[ 1487.674341][ T7293]  loop8: unable to read partition table
[ 1487.680233][ T7293] loop8: partition table beyond EOD, truncated
[ 1487.734563][ T7293] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1488.396293][ T7329] binder: binder_mmap: 7327 200000001000-20000000b000 bad vm_flags failed -1
[ 1488.517286][ T7333] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1488.684421][ T7350] loop8: detected capacity change from 0 to 7
[ 1488.691725][ T7349] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1488.693330][T22371] Dev loop8: unable to read RDB block 7
[ 1488.708679][T22371]  loop8: unable to read partition table
[ 1488.728272][T22371] loop8: partition table beyond EOD, truncated
[ 1488.743689][ T7350] Dev loop8: unable to read RDB block 7
[ 1488.751853][ T7350]  loop8: unable to read partition table
[ 1488.758228][ T7350] loop8: partition table beyond EOD, truncated
[ 1488.771130][ T7350] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1488.934448][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1489.298272][ T7390] loop8: detected capacity change from 0 to 7
[ 1489.320581][ T7390] Dev loop8: unable to read RDB block 7
[ 1489.320629][ T7390]  loop8: unable to read partition table
[ 1489.320841][ T7390] loop8: partition table beyond EOD, truncated
[ 1489.320877][ T7390] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1489.511076][ T7399] autofs4:pid:7399:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[ 1489.511106][ T7399] autofs4:pid:7399:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[ 1490.159810][ T7435] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1490.286921][ T7439] loop8: detected capacity change from 0 to 7
[ 1490.309402][T22371] Dev loop8: unable to read RDB block 7
[ 1490.322135][T22371]  loop8: unable to read partition table
[ 1490.341790][T22371] loop8: partition table beyond EOD, truncated
[ 1490.359745][ T7439] Dev loop8: unable to read RDB block 7
[ 1490.377444][ T7439]  loop8: unable to read partition table
[ 1490.393666][ T7439] loop8: partition table beyond EOD, truncated
[ 1490.411814][ T7439] loop_reread_partitions: partition scan of loop8 (    ) failed (rc=-5)
[ 1491.031546][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1491.817453][ T7502] input: syz0 as /devices/virtual/input/input384
[ 1491.871911][   T30] audit: type=1400 audit(1750325214.485:40): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=7504 comm="syz.9.10195"
[ 1492.669859][ T7538] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1493.038952][ T7556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1493.096372][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1494.572160][ T7641] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1494.922060][ T7663] CUSE: zero length info key specified
[ 1494.995794][ T7667] vivid-001: disconnect
[ 1495.051523][ T7667] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1495.913464][ T7661] vivid-001: reconnect
[ 1496.025960][ T7730] random: crng reseeded on system resumption
[ 1496.101478][ T7734] binder: 7733:7734 ioctl 40046205 0 returned -22
[ 1496.211376][ T7739] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1496.467233][ T7747] ALSA: seq fatal error: cannot create timer (-19)
[ 1496.502118][ T7756] binder: 7755:7756 ioctl 40046205 0 returned -22
[ 1496.521873][ T7758] binder: 7755:7758 ioctl c0306201 0 returned -14
[ 1498.270612][ T7869] program syz.8.10259 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1499.265321][ T7914] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1500.582609][ T7979] mkiss: ax0: crc mode is auto.
[ 1500.855562][ T7996] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1501.358275][ T8035] syz.5.10297: attempt to access beyond end of device
[ 1501.358275][ T8035] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1501.378104][ T8036] syz.5.10297: attempt to access beyond end of device
[ 1501.378104][ T8036] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1501.990454][ T8054] binder: 8053:8054 ioctl 4018620d 0 returned -22
[ 1502.375847][ T8063] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1502.499918][ T8076] ALSA: seq fatal error: cannot create timer (-22)
[ 1502.513351][ T8077] ALSA: seq fatal error: cannot create timer (-22)
[ 1503.508225][ T8127] snd_aloop snd_aloop.0: control 1:1023:2227:syz1:7 is already present
[ 1504.212339][ T8163] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1504.283440][ T8168] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1504.618891][ T8181] vim2m vim2m.0: Fourcc format (0x42474752) invalid.
[ 1505.063519][ T8208] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1505.921614][ T8234] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1506.630951][ T8268] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1506.747746][ T8286] AppArmor: change_hat: Invalid input, NULL hat and NULL magic
[ 1507.177806][ T8300] random: crng reseeded on system resumption
[ 1508.563783][ T8383] syz.5.10367: attempt to access beyond end of device
[ 1508.563783][ T8383] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1509.161240][ T8422] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1510.000776][ T8465] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1510.787060][ T8489] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1511.131966][ T8509] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1512.628402][ T8583] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1512.992806][ T8606] vivid-000: =================  START STATUS  =================
[ 1513.011696][ T8606] vivid-000: Test Pattern: 100% Colorbar
[ 1513.019479][ T8606] vivid-000: Fill Percentage of Frame: 4
[ 1513.028115][ T8606] vivid-000: Horizontal Movement: Move Left Slow
[ 1513.034821][ T8606] vivid-000: Vertical Movement: Move Up Slow
[ 1513.041427][ T8606] vivid-000: OSD Text Mode: Counters Only
[ 1513.057452][ T8606] vivid-000: Show Border: true
[ 1513.074920][ T8606] vivid-000: Show Square: true
[ 1513.082425][ T8606] vivid-000: Sensor Flipped Horizontally: true
[ 1513.091529][ T8606] vivid-000: Sensor Flipped Vertically: false
[ 1513.100461][ T8606] vivid-000: Insert SAV Code in Image: true
[ 1513.107638][ T8606] vivid-000: Insert EAV Code in Image: true
[ 1513.113671][ T8606] vivid-000: Insert Video Guard Band: true
[ 1513.128920][ T8606] vivid-000: Reduced Framerate: true
[ 1513.135775][ T8606] vivid-000: HDMI 000-0 Is Connected To: Test Pattern Generator
[ 1513.143757][ T8608] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1513.152537][ T8606] vivid-000: S-Video 000-0 Is Connected To: Test Pattern Generator
[ 1513.161624][ T8606] vivid-000: Enable Capture Cropping: false
[ 1513.170607][ T8606] vivid-000: Enable Capture Composing: false
[ 1513.170937][ T8613] binder: 8612:8613 ioctl c00c620f 200000000140 returned -22
[ 1513.178292][ T8606] vivid-000: Enable Capture Scaler: false
[ 1513.223033][ T8606] vivid-000: Timestamp Source: End of Frame
[ 1513.250602][ T8606] vivid-000: Colorspace: SMPTE 170M
[ 1513.271800][ T8606] vivid-000: Transfer Function: sRGB
[ 1513.282442][ T8606] vivid-000: Y'CbCr Encoding: Rec. 709
[ 1513.291659][ T8606] vivid-000: HSV Encoding: Hue 0-256
[ 1513.300446][ T8606] vivid-000: Quantization: Limited Range
[ 1513.307928][ T8606] vivid-000: Apply Alpha To Red Only: true
[ 1513.314239][ T8606] vivid-000: Standard Aspect Ratio: 14x9
[ 1513.320067][ T8606] vivid-000: DV Timings Signal Mode: No Signal inactive
[ 1513.330507][ T8606] vivid-000: DV Timings: 4096x2160p60 inactive
[ 1513.337492][ T8606] vivid-000: DV Timings Aspect Ratio: 14x9
[ 1513.347963][ T8606] vivid-000: Maximum EDID Blocks: 1
[ 1513.353277][ T8606] vivid-000: Limited RGB Range (16-235): true
[ 1513.367931][ T8606] vivid-000: Rx RGB Quantization Range: RGB Full Range (0-255)
[ 1513.376631][ T8606] vivid-000: Power Present: 0x00000000
[ 1513.382224][ T8606] tpg source WxH: 720x480 (R'G'B)
[ 1513.392719][ T8606] tpg field: 4
[ 1513.397183][ T8606] tpg crop: (0,0)/720x480
[ 1513.401613][ T8606] tpg compose: (0,0)/720x480
[ 1513.408587][ T8606] tpg colorspace: 9
[ 1513.412488][ T8606] tpg transfer function: 7/7
[ 1513.420188][ T8606] tpg quantization: 1/1
[ 1513.431074][ T8606] tpg RGB range: 0/1
[ 1513.436267][ T8606] vivid-000: ==================  END STATUS  ==================
[ 1514.590431][ T8698] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1514.741989][ T8709] loop8: detected capacity change from 0 to 7
[ 1514.753525][ T8709] Dev loop8: unable to read RDB block 7
[ 1514.780828][ T8709]  loop8: unable to read partition table
[ 1514.793627][ T8709] loop8: partition table beyond EOD, truncated
[ 1514.807445][ T8709] loop_reread_partitions: partition scan of loop8 (■швлx) failed (rc=-5)
[ 1514.830852][ T8712] Dev loop8: unable to read RDB block 7
[ 1514.836679][ T8712]  loop8: unable to read partition table
[ 1514.842657][ T8712] loop8: partition table beyond EOD, truncated
[ 1515.114520][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1515.305444][ T8745] CUSE: unknown device info ""
[ 1515.312514][ T8745] CUSE: DEVNAME unspecified
[ 1515.321576][ T8745] CUSE: info not properly terminated
[ 1515.823746][ T8777] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1516.547147][ T8814] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1517.001434][   T30] audit: type=1400 audit(1750325239.615:41): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041
[ 1517.739132][ T8873] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1517.830153][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1517.837869][ T8880] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1518.960516][ T8891] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1519.155972][ T8919] binder: 8916:8919 unknown command 576
[ 1519.164024][ T8919] binder: 8916:8919 ioctl c0306201 200000000480 returned -22
[ 1520.214249][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1520.277012][ T8972] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1520.837239][ T8998] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1521.413738][ T9021] vivid-000: =================  START STATUS  =================
[ 1521.432182][ T9021] vivid-000: Enable Output Cropping: false
[ 1521.454060][ T9021] vivid-000: Enable Output Composing: false
[ 1521.460034][ T9021] vivid-000: Enable Output Scaler: false
[ 1521.476114][ T9021] vivid-000: Tx RGB Quantization Range: Automatic
[ 1521.487613][ T9021] vivid-000: Transmit Mode: HDMI
[ 1521.492969][ T9021] vivid-000: Hotplug Present: 0x00000000
[ 1521.499435][ T9021] vivid-000: RxSense Present: 0x00000000
[ 1521.505396][ T9021] vivid-000: EDID Present: 0x00000000
[ 1521.510940][ T9021] vivid-000: ==================  END STATUS  ==================
[ 1521.944413][ T9051] syz.0.10496: attempt to access beyond end of device
[ 1521.944413][ T9051] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1523.497016][ T9142] CUSE: info not properly terminated
[ 1523.514957][ T9142] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem
[ 1523.745901][ T9162] binder: 9144:9162 ioctl c0306201 200000002800 returned -14
[ 1524.332934][ T9193] input: syz0 as /devices/virtual/input/input391
[ 1524.848504][ T9238] binder: 9231:9238 ioctl c0306201 0 returned -14
[ 1524.901229][ T9232] binder: 9231:9232 ioctl c0306201 0 returned -14
[ 1525.405307][ T9252] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1525.831244][ T9275] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1526.262595][ T9303] dlm: Unknown command passed to DLM device : 0
[ 1526.262595][ T9303] 
[ 1526.694407][ T5850] Bluetooth: hci1: command 0x0c1a tx timeout
[ 1526.701454][T21791] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[ 1526.718076][T21791] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[ 1527.373645][ T9362] ubi31: attaching mtd0
[ 1527.396028][ T9362] ubi31: scanning is finished
[ 1527.429911][ T9371] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1527.568761][ T9362] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[ 1527.586679][ T9362] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[ 1527.601791][ T9362] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[ 1527.613761][ T9362] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[ 1527.628912][ T9362] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[ 1527.636940][ T9362] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[ 1527.648376][ T9362] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 363228723
[ 1527.659646][ T9362] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[ 1527.672119][ T9382] ubi31: background thread "ubi_bgt31d" started, PID 9382
[ 1528.586582][   T30] audit: type=1800 audit(1750325251.205:42): pid=9432 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.10558" name="memory.events" dev="tmpfs" ino=1680 res=0 errno=0
[ 1528.607918][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1545.908220][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1545.914742][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1607.340956][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.347393][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1668.778713][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[ 1668.786827][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[ 1682.854163][   T31] INFO: task kworker/0:4:5904 blocked for more than 143 seconds.
[ 1682.861927][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1682.869848][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1682.878667][   T31] task:kworker/0:4     state:D stack:24296 pid:5904  tgid:5904  ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1682.890752][   T31] Workqueue: events rfkill_global_led_trigger_worker
[ 1682.897499][   T31] Call Trace:
[ 1682.900793][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1682.903742][   T31]  __schedule+0x16f5/0x4d00
[ 1682.914241][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[ 1682.919749][   T31]  ? schedule+0x165/0x360
[ 1682.935585][   T31]  ? __pfx___schedule+0x10/0x10
[ 1682.940502][   T31]  ? schedule+0x91/0x360
[ 1682.959248][   T31]  schedule+0x165/0x360
[ 1682.963474][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1682.994002][   T31]  __mutex_lock+0x724/0xe80
[ 1682.998570][   T31]  ? look_up_lock_class+0x74/0x170
[ 1683.003691][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1683.017928][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[ 1683.024485][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1683.029545][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1683.035358][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1683.041092][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[ 1683.047432][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1683.053179][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1683.058804][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1683.064931][   T31]  worker_thread+0x8a0/0xda0
[ 1683.069565][   T31]  kthread+0x70e/0x8a0
[ 1683.073644][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1683.078805][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.083402][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1683.088884][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1683.094307][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.098924][   T31]  ret_from_fork+0x3f9/0x770
[ 1683.103547][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1683.110282][   T31]  ? __switch_to_asm+0x39/0x70
[ 1683.115253][   T31]  ? __switch_to_asm+0x33/0x70
[ 1683.120039][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.125243][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1683.130046][   T31]  </TASK>
[ 1683.133145][   T31] INFO: task kworker/0:5:21791 blocked for more than 143 seconds.
[ 1683.141890][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1683.152400][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1683.161141][   T31] task:kworker/0:5     state:D stack:24680 pid:21791 tgid:21791 ppid:2      task_flags:0x4208060 flags:0x00004000
[ 1683.173225][   T31] Workqueue: events rfkill_op_handler
[ 1683.178903][   T31] Call Trace:
[ 1683.182197][   T31]  <TASK>
[ 1683.186252][   T31]  __schedule+0x16f5/0x4d00
[ 1683.190804][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1683.196700][   T31]  ? schedule+0x165/0x360
[ 1683.201068][   T31]  ? __pfx___schedule+0x10/0x10
[ 1683.208162][   T31]  ? schedule+0x91/0x360
[ 1683.212426][   T31]  schedule+0x165/0x360
[ 1683.216680][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1683.222157][   T31]  __mutex_lock+0x724/0xe80
[ 1683.226812][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1683.231671][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1683.236375][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[ 1683.241667][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1683.246720][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1683.251935][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1683.258073][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1683.264492][   T31]  ? kobject_uevent_env+0x36b/0x8c0
[ 1683.269696][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1683.275481][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[ 1683.280598][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[ 1683.286343][   T31]  rfkill_set_block+0x1cf/0x440
[ 1683.291205][   T31]  rfkill_epo+0x7e/0x180
[ 1683.295552][   T31]  rfkill_op_handler+0x84/0x240
[ 1683.300403][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[ 1683.306180][   T31]  process_scheduled_works+0xae1/0x17b0
[ 1683.311750][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1683.319667][   T31]  worker_thread+0x8a0/0xda0
[ 1683.324359][   T31]  kthread+0x70e/0x8a0
[ 1683.328444][   T31]  ? __pfx_worker_thread+0x10/0x10
[ 1683.333566][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.338314][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1683.343528][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1683.348773][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.353370][   T31]  ret_from_fork+0x3f9/0x770
[ 1683.357980][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1683.363106][   T31]  ? __switch_to_asm+0x39/0x70
[ 1683.367907][   T31]  ? __switch_to_asm+0x33/0x70
[ 1683.372678][   T31]  ? __pfx_kthread+0x10/0x10
[ 1683.377303][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1683.382083][   T31]  </TASK>
[ 1683.385183][   T31] INFO: task syz.5.10507:9132 blocked for more than 143 seconds.
[ 1683.392895][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1683.407010][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1683.415804][   T31] task:syz.5.10507     state:D stack:25768 pid:9132  tgid:9131  ppid:28282  task_flags:0x400140 flags:0x00004006
[ 1683.427902][   T31] Call Trace:
[ 1683.431183][   T31]  <TASK>
[ 1683.434635][   T31]  __schedule+0x16f5/0x4d00
[ 1683.439168][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1683.444244][   T31]  ? schedule+0x165/0x360
[ 1683.448617][   T31]  ? __pfx___schedule+0x10/0x10
[ 1683.453510][   T31]  ? schedule+0x91/0x360
[ 1683.457831][   T31]  schedule+0x165/0x360
[ 1683.462014][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1683.467779][   T31]  __mutex_lock+0x724/0xe80
[ 1683.472300][   T31]  ? kobject_put+0x43f/0x480
[ 1683.476934][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1683.481619][   T31]  ? rfkill_unregister+0xc8/0x220
[ 1683.486669][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1683.491721][   T31]  ? __pfx_device_del+0x10/0x10
[ 1683.496865][   T31]  rfkill_unregister+0xc8/0x220
[ 1683.501736][   T31]  nfc_unregister_device+0x96/0x2a0
[ 1683.506974][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[ 1683.512700][   T31]  virtual_ncidev_close+0x56/0x90
[ 1683.517759][   T31]  __fput+0x44c/0xa70
[ 1683.521751][   T31]  task_work_run+0x1d1/0x260
[ 1683.526396][   T31]  ? __pfx_task_work_run+0x10/0x10
[ 1683.531531][   T31]  get_signal+0x11ed/0x1340
[ 1683.536090][   T31]  ? task_work_add+0x377/0x420
[ 1683.540865][   T31]  ? __pfx_vfs_read+0x10/0x10
[ 1683.545600][   T31]  arch_do_signal_or_restart+0x9a/0x750
[ 1683.551154][   T31]  ? __pfx___fput_deferred+0x10/0x10
[ 1683.556482][   T31]  ? __fget_files+0x2a/0x420
[ 1683.561082][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[ 1683.567290][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[ 1683.572752][   T31]  exit_to_user_mode_loop+0x75/0x110
[ 1683.578355][   T31]  do_syscall_64+0x2bd/0x3b0
[ 1683.582964][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1683.588302][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.594410][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1683.599098][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.605073][   T31] RIP: 0033:0x7f3c06d8e929
[ 1683.609496][   T31] RSP: 002b:00007f3c07b53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1683.617944][   T31] RAX: fffffffffffffff2 RBX: 00007f3c06fb5fa0 RCX: 00007f3c06d8e929
[ 1683.626000][   T31] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d
[ 1683.634021][   T31] RBP: 00007f3c06e10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1683.642002][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1683.650058][   T31] R13: 0000000000000000 R14: 00007f3c06fb5fa0 R15: 00007ffd6c46fde8
[ 1683.658087][   T31]  </TASK>
[ 1683.661109][   T31] INFO: task syz.9.10556:9435 blocked for more than 144 seconds.
[ 1683.668876][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1683.676574][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1683.685285][   T31] task:syz.9.10556     state:D stack:27840 pid:9435  tgid:9424  ppid:26071  task_flags:0x400040 flags:0x00004004
[ 1683.697255][   T31] Call Trace:
[ 1683.700539][   T31]  <TASK>
[ 1683.703471][   T31]  __schedule+0x16f5/0x4d00
[ 1683.708048][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1683.713012][   T31]  ? security_file_open+0xb1/0x270
[ 1683.718185][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1683.723128][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1683.728009][   T31]  ? schedule+0x165/0x360
[ 1683.732352][   T31]  ? __pfx___schedule+0x10/0x10
[ 1683.737324][   T31]  ? schedule+0x91/0x360
[ 1683.741582][   T31]  schedule+0x165/0x360
[ 1683.745784][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1683.751256][   T31]  __mutex_lock+0x724/0xe80
[ 1683.755805][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1683.760505][   T31]  ? misc_open+0x51/0x330
[ 1683.764885][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1683.769925][   T31]  misc_open+0x51/0x330
[ 1683.774132][   T31]  chrdev_open+0x4cc/0x5e0
[ 1683.778570][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1683.783500][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1683.788498][   T31]  do_dentry_open+0xdf3/0x1970
[ 1683.793275][   T31]  vfs_open+0x3b/0x340
[ 1683.797393][   T31]  ? path_openat+0x2ecd/0x3830
[ 1683.802170][   T31]  path_openat+0x2ee5/0x3830
[ 1683.806795][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1683.811671][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1683.817479][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.823589][   T31]  do_filp_open+0x1fa/0x410
[ 1683.828155][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1683.833021][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1683.838104][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1683.842962][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1683.847335][   T31]  do_sys_openat2+0x121/0x1c0
[ 1683.852016][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1683.856927][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1683.862134][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1683.866943][   T31]  __x64_sys_openat+0x138/0x170
[ 1683.871802][   T31]  do_syscall_64+0xfa/0x3b0
[ 1683.876346][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1683.881554][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.887642][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1683.892327][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1683.898264][   T31] RIP: 0033:0x7fc13518e929
[ 1683.902681][   T31] RSP: 002b:00007fc136088038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1683.911127][   T31] RAX: ffffffffffffffda RBX: 00007fc1353b6080 RCX: 00007fc13518e929
[ 1683.919126][   T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[ 1683.927134][   T31] RBP: 00007fc135210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1683.935146][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1683.943122][   T31] R13: 0000000000000000 R14: 00007fc1353b6080 R15: 00007ffe47640638
[ 1683.951164][   T31]  </TASK>
[ 1683.954227][   T31] INFO: task syz.0.10558:9432 blocked for more than 144 seconds.
[ 1683.961952][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1683.969857][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1683.978694][   T31] task:syz.0.10558     state:D stack:25880 pid:9432  tgid:9431  ppid:32468  task_flags:0x400140 flags:0x00004004
[ 1683.990651][   T31] Call Trace:
[ 1683.993958][   T31]  <TASK>
[ 1683.996926][   T31]  __schedule+0x16f5/0x4d00
[ 1684.001452][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.006329][   T31]  ? schedule+0x165/0x360
[ 1684.010672][   T31]  ? __pfx___schedule+0x10/0x10
[ 1684.015565][   T31]  ? schedule+0x91/0x360
[ 1684.019818][   T31]  schedule+0x165/0x360
[ 1684.024019][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1684.029491][   T31]  __mutex_lock+0x724/0xe80
[ 1684.034042][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1684.038727][   T31]  ? rfkill_fop_open+0x12d/0x820
[ 1684.043653][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.048704][   T31]  ? __raw_spin_lock_init+0x45/0x100
[ 1684.054269][   T31]  ? __init_waitqueue_head+0xa9/0x150
[ 1684.059659][   T31]  rfkill_fop_open+0x12d/0x820
[ 1684.064488][   T31]  ? __pfx_rfkill_fop_open+0x10/0x10
[ 1684.069793][   T31]  misc_open+0x2bc/0x330
[ 1684.074072][   T31]  chrdev_open+0x4cc/0x5e0
[ 1684.078511][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.083470][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.088447][   T31]  do_dentry_open+0xdf3/0x1970
[ 1684.093226][   T31]  vfs_open+0x3b/0x340
[ 1684.097356][   T31]  ? path_openat+0x2ecd/0x3830
[ 1684.102131][   T31]  path_openat+0x2ee5/0x3830
[ 1684.106744][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1684.111618][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1684.116582][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.122661][   T31]  do_filp_open+0x1fa/0x410
[ 1684.127215][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.132067][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1684.137206][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1684.142235][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1684.146607][   T31]  do_sys_openat2+0x121/0x1c0
[ 1684.151288][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1684.156196][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1684.161409][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1684.166214][   T31]  __x64_sys_openat+0x138/0x170
[ 1684.171112][   T31]  do_syscall_64+0xfa/0x3b0
[ 1684.175677][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1684.181358][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.187504][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1684.192198][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.198135][   T31] RIP: 0033:0x7f04fdd8e929
[ 1684.202559][   T31] RSP: 002b:00007f04feb36038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1684.211019][   T31] RAX: ffffffffffffffda RBX: 00007f04fdfb5fa0 RCX: 00007f04fdd8e929
[ 1684.219759][   T31] RDX: 0000000000020801 RSI: 0000200000000180 RDI: ffffffffffffff9c
[ 1684.228008][   T31] RBP: 00007f04fde10b39 R08: 0000000000000000 R09: 0000000000000000
[ 1684.236025][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1684.244063][   T31] R13: 0000000000000000 R14: 00007f04fdfb5fa0 R15: 00007fffee1287b8
[ 1684.252048][   T31]  </TASK>
[ 1684.255122][   T31] INFO: task syz.8.10559:9443 blocked for more than 144 seconds.
[ 1684.262835][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1684.270541][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1684.279254][   T31] task:syz.8.10559     state:D stack:24488 pid:9443  tgid:9442  ppid:5593   task_flags:0x400040 flags:0x00004004
[ 1684.291195][   T31] Call Trace:
[ 1684.294539][   T31]  <TASK>
[ 1684.297489][   T31]  __schedule+0x16f5/0x4d00
[ 1684.302009][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1684.306991][   T31]  ? security_file_open+0xb1/0x270
[ 1684.312119][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1684.317117][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.321987][   T31]  ? schedule+0x165/0x360
[ 1684.326403][   T31]  ? __pfx___schedule+0x10/0x10
[ 1684.331271][   T31]  ? schedule+0x91/0x360
[ 1684.335589][   T31]  schedule+0x165/0x360
[ 1684.339754][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1684.345253][   T31]  __mutex_lock+0x724/0xe80
[ 1684.349760][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1684.354481][   T31]  ? misc_open+0x51/0x330
[ 1684.358821][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.363838][   T31]  misc_open+0x51/0x330
[ 1684.368035][   T31]  chrdev_open+0x4cc/0x5e0
[ 1684.372451][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.377463][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.382410][   T31]  do_dentry_open+0xdf3/0x1970
[ 1684.387242][   T31]  vfs_open+0x3b/0x340
[ 1684.391312][   T31]  ? path_openat+0x2ecd/0x3830
[ 1684.396109][   T31]  path_openat+0x2ee5/0x3830
[ 1684.400702][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1684.405638][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1684.410589][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.416718][   T31]  do_filp_open+0x1fa/0x410
[ 1684.421228][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.426102][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1684.431141][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1684.436034][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1684.440398][   T31]  do_sys_openat2+0x121/0x1c0
[ 1684.445149][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1684.450018][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1684.455271][   T31]  ? __pfx___se_sys_futex+0x10/0x10
[ 1684.460476][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1684.465281][   T31]  __x64_sys_openat+0x138/0x170
[ 1684.470138][   T31]  do_syscall_64+0xfa/0x3b0
[ 1684.474704][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1684.479914][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.485999][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1684.490685][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.496603][   T31] RIP: 0033:0x7f108b38e929
[ 1684.501018][   T31] RSP: 002b:00007f108c14f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1684.509450][   T31] RAX: ffffffffffffffda RBX: 00007f108b5b5fa0 RCX: 00007f108b38e929
[ 1684.517470][   T31] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c
[ 1684.525497][   T31] RBP: 00007f108b410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1684.533476][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1684.541469][   T31] R13: 0000000000000000 R14: 00007f108b5b5fa0 R15: 00007ffd117c50b8
[ 1684.549479][   T31]  </TASK>
[ 1684.552497][   T31] INFO: task syz.8.10559:9444 blocked for more than 145 seconds.
[ 1684.560309][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1684.567991][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1684.576730][   T31] task:syz.8.10559     state:D stack:26024 pid:9444  tgid:9442  ppid:5593   task_flags:0x400040 flags:0x00004004
[ 1684.588680][   T31] Call Trace:
[ 1684.591963][   T31]  <TASK>
[ 1684.594944][   T31]  __schedule+0x16f5/0x4d00
[ 1684.599478][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1684.604498][   T31]  ? security_file_open+0xb1/0x270
[ 1684.609622][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1684.614608][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.619466][   T31]  ? schedule+0x165/0x360
[ 1684.623788][   T31]  ? __pfx___schedule+0x10/0x10
[ 1684.628684][   T31]  ? schedule+0x91/0x360
[ 1684.632941][   T31]  schedule+0x165/0x360
[ 1684.637191][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1684.642666][   T31]  __mutex_lock+0x724/0xe80
[ 1684.647210][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1684.651896][   T31]  ? misc_open+0x51/0x330
[ 1684.656297][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.661348][   T31]  misc_open+0x51/0x330
[ 1684.665539][   T31]  chrdev_open+0x4cc/0x5e0
[ 1684.669967][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.674950][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.679893][   T31]  do_dentry_open+0xdf3/0x1970
[ 1684.684709][   T31]  vfs_open+0x3b/0x340
[ 1684.688784][   T31]  ? path_openat+0x2ecd/0x3830
[ 1684.693532][   T31]  path_openat+0x2ee5/0x3830
[ 1684.698185][   T31]  ? arch_stack_walk+0xfc/0x150
[ 1684.703088][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1684.708086][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.714198][   T31]  do_filp_open+0x1fa/0x410
[ 1684.718706][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.723542][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1684.728607][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1684.733466][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1684.737853][   T31]  do_sys_openat2+0x121/0x1c0
[ 1684.742536][   T31]  ? __se_sys_futex+0x36f/0x400
[ 1684.747436][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1684.752645][   T31]  ? rcu_is_watching+0x15/0xb0
[ 1684.757448][   T31]  __x64_sys_openat+0x138/0x170
[ 1684.762314][   T31]  do_syscall_64+0xfa/0x3b0
[ 1684.766872][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1684.772083][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.778399][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1684.783099][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1684.789060][   T31] RIP: 0033:0x7f108b38e929
[ 1684.793576][   T31] RSP: 002b:00007f108c12e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1684.802260][   T31] RAX: ffffffffffffffda RBX: 00007f108b5b6080 RCX: 00007f108b38e929
[ 1684.810337][   T31] RDX: 0000000000000001 RSI: 0000200000000080 RDI: ffffffffffffff9c
[ 1684.818371][   T31] RBP: 00007f108b410b39 R08: 0000000000000000 R09: 0000000000000000
[ 1684.826404][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1684.834420][   T31] R13: 0000000000000000 R14: 00007f108b5b6080 R15: 00007ffd117c50b8
[ 1684.842420][   T31]  </TASK>
[ 1684.845501][   T31] INFO: task syz-executor:9448 blocked for more than 145 seconds.
[ 1684.853317][   T31]       Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0
[ 1684.861016][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 1684.869722][   T31] task:syz-executor    state:D stack:28008 pid:9448  tgid:9448  ppid:1      task_flags:0x400040 flags:0x00004000
[ 1684.881679][   T31] Call Trace:
[ 1684.884988][   T31]  <TASK>
[ 1684.887913][   T31]  __schedule+0x16f5/0x4d00
[ 1684.892413][   T31]  ? __kasan_slab_free+0x62/0x70
[ 1684.897378][   T31]  ? security_file_open+0xb1/0x270
[ 1684.902500][   T31]  ? do_dentry_open+0x35e/0x1970
[ 1684.907473][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1684.912332][   T31]  ? schedule+0x165/0x360
[ 1684.916714][   T31]  ? __pfx___schedule+0x10/0x10
[ 1684.921582][   T31]  ? schedule+0x91/0x360
[ 1684.925862][   T31]  schedule+0x165/0x360
[ 1684.930025][   T31]  schedule_preempt_disabled+0x13/0x30
[ 1684.935551][   T31]  __mutex_lock+0x724/0xe80
[ 1684.940059][   T31]  ? __mutex_lock+0x51b/0xe80
[ 1684.944764][   T31]  ? misc_open+0x51/0x330
[ 1684.949101][   T31]  ? __pfx___mutex_lock+0x10/0x10
[ 1684.954186][   T31]  misc_open+0x51/0x330
[ 1684.958361][   T31]  chrdev_open+0x4cc/0x5e0
[ 1684.962800][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.967813][   T31]  ? __pfx_chrdev_open+0x10/0x10
[ 1684.972766][   T31]  do_dentry_open+0xdf3/0x1970
[ 1684.977571][   T31]  vfs_open+0x3b/0x340
[ 1684.981624][   T31]  ? path_openat+0x2ecd/0x3830
[ 1684.986412][   T31]  path_openat+0x2ee5/0x3830
[ 1684.991009][   T31]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1684.996549][   T31]  ? count_memcg_event_mm+0x21/0x260
[ 1685.001849][   T31]  ? __pfx_path_openat+0x10/0x10
[ 1685.006823][   T31]  ? __pfx___up_read+0x10/0x10
[ 1685.011592][   T31]  ? do_user_addr_fault+0xbc1/0x1390
[ 1685.016949][   T31]  do_filp_open+0x1fa/0x410
[ 1685.021459][   T31]  ? __lock_acquire+0xab9/0xd20
[ 1685.026341][   T31]  ? __pfx_do_filp_open+0x10/0x10
[ 1685.031382][   T31]  ? _raw_spin_unlock+0x28/0x50
[ 1685.036277][   T31]  ? alloc_fd+0x64c/0x6c0
[ 1685.040627][   T31]  do_sys_openat2+0x121/0x1c0
[ 1685.045333][   T31]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1685.050535][   T31]  ? fd_install+0x97/0x540
[ 1685.055048][   T31]  ? fd_install+0x30d/0x540
[ 1685.059562][   T31]  __x64_sys_openat+0x138/0x170
[ 1685.064440][   T31]  do_syscall_64+0xfa/0x3b0
[ 1685.068947][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1685.074175][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1685.080248][   T31]  ? clear_bhb_loop+0x60/0xb0
[ 1685.084977][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1685.090879][   T31] RIP: 0033:0x7fd44118d211
[ 1685.095345][   T31] RSP: 002b:00007ffec0746740 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 1685.103772][   T31] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fd44118d211
[ 1685.111782][   T31] RDX: 0000000000000002 RSI: 00007fd441211506 RDI: 00000000ffffff9c
[ 1685.119815][   T31] RBP: 00007fd441211506 R08: 0000000000000000 R09: 00007fd441eed6c0
[ 1685.127843][   T31] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008
[ 1685.135845][   T31] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[ 1685.143809][   T31]  </TASK>
[ 1685.146877][   T31] 
[ 1685.146877][   T31] Showing all locks held in the system:
[ 1685.154625][   T31] 1 lock held by khungtaskd/31:
[ 1685.159466][   T31]  #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[ 1685.169362][   T31] 2 locks held by getty/5597:
[ 1685.174128][   T31]  #0: ffff88814c9f60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[ 1685.184730][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[ 1685.194893][   T31] 3 locks held by kworker/0:4/5904:
[ 1685.200072][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1685.211069][   T31]  #1: ffffc900045c7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1685.224624][   T31]  #2: ffffffff8f9fd3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[ 1685.236210][   T31] 4 locks held by kworker/0:5/21791:
[ 1685.241504][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[ 1685.252683][   T31]  #1: ffffc90005677bc0 ((rfkill_op_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[ 1685.264647][   T31]  #2: ffffffff8f9fd3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_epo+0x4c/0x180
[ 1685.274237][   T31]  #3: ffff888031776100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[ 1685.283980][   T31] 2 locks held by syz.5.10507/9132:
[ 1685.289179][   T31]  #0: ffff888031776100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[ 1685.298964][   T31]  #1: ffffffff8f9fd3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[ 1685.309116][   T31] 1 lock held by syz.9.10556/9435:
[ 1685.314269][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.322750][   T31] 2 locks held by syz.0.10558/9432:
[ 1685.328001][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.336506][   T31]  #1: ffffffff8f9fd3a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[ 1685.346573][   T31] 1 lock held by syz.8.10559/9443:
[ 1685.351691][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.360238][   T31] 1 lock held by syz.8.10559/9444:
[ 1685.365400][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.373941][   T31] 1 lock held by syz-executor/9448:
[ 1685.379156][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.387699][   T31] 1 lock held by syz-executor/9457:
[ 1685.392892][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.401381][   T31] 1 lock held by syz-executor/9458:
[ 1685.406620][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.415122][   T31] 1 lock held by syz-executor/9460:
[ 1685.420312][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.428785][   T31] 1 lock held by syz-executor/9483:
[ 1685.434018][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.442497][   T31] 1 lock held by syz-executor/9491:
[ 1685.447771][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.456304][   T31] 1 lock held by syz-executor/9492:
[ 1685.461488][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.469973][   T31] 1 lock held by syz-executor/9495:
[ 1685.475201][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.483638][   T31] 1 lock held by syz-executor/9519:
[ 1685.488865][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.497423][   T31] 1 lock held by syz-executor/9522:
[ 1685.502612][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.511132][   T31] 1 lock held by syz-executor/9523:
[ 1685.516358][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.524873][   T31] 1 lock held by syz-executor/9525:
[ 1685.530067][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[ 1685.538538][   T31] 
[ 1685.540861][   T31] =============================================
[ 1685.540861][   T31] 
[ 1685.549312][   T31] NMI backtrace for cpu 1
[ 1685.549326][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1685.549343][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1685.549354][   T31] Call Trace:
[ 1685.549361][   T31]  <TASK>
[ 1685.549369][   T31]  dump_stack_lvl+0x189/0x250
[ 1685.549389][   T31]  ? __wake_up_klogd+0xd9/0x110
[ 1685.549412][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1685.549431][   T31]  ? __pfx__printk+0x10/0x10
[ 1685.549458][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[ 1685.549483][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[ 1685.549502][   T31]  ? _printk+0xcf/0x120
[ 1685.549524][   T31]  ? __pfx__printk+0x10/0x10
[ 1685.549544][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1685.549569][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[ 1685.549593][   T31]  watchdog+0xfee/0x1030
[ 1685.549613][   T31]  ? watchdog+0x1de/0x1030
[ 1685.549638][   T31]  kthread+0x70e/0x8a0
[ 1685.549663][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1685.549680][   T31]  ? __pfx_kthread+0x10/0x10
[ 1685.549703][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1685.549726][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1685.549746][   T31]  ? __pfx_kthread+0x10/0x10
[ 1685.549767][   T31]  ret_from_fork+0x3f9/0x770
[ 1685.549787][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1685.549810][   T31]  ? __switch_to_asm+0x39/0x70
[ 1685.549829][   T31]  ? __switch_to_asm+0x33/0x70
[ 1685.549846][   T31]  ? __pfx_kthread+0x10/0x10
[ 1685.549868][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1685.549902][   T31]  </TASK>
[ 1685.549910][   T31] Sending NMI from CPU 1 to CPUs 0:
[ 1685.706336][    C0] NMI backtrace for cpu 0
[ 1685.706352][    C0] CPU: 0 UID: 0 PID: 32641 Comm: kworker/u8:1 Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1685.706371][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1685.706383][    C0] Workqueue: bat_events batadv_nc_worker
[ 1685.706408][    C0] RIP: 0010:__lock_acquire+0xacc/0xd20
[ 1685.706426][    C0] Code: 83 78 40 00 0f 84 6a 01 00 00 4c 89 f6 89 ea 4c 89 f9 e8 17 38 00 00 85 c0 0f 84 e4 01 00 00 41 f6 46 22 10 75 2e 48 8b 1c 24 <4c> 89 bb e0 0a 00 00 8b 83 e8 0a 00 00 ff c0 89 83 e8 0a 00 00 83
[ 1685.706439][    C0] RSP: 0018:ffffc900042278f0 EFLAGS: 00000046
[ 1685.706452][    C0] RAX: 0000000000000001 RBX: ffff888065bb5a00 RCX: b0b623b60363e000
[ 1685.706464][    C0] RDX: 0000000000000000 RSI: ffff888065bb6540 RDI: ffff888065bb5a00
[ 1685.706474][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b3adda2
[ 1685.706484][    C0] R10: dffffc0000000000 R11: ffffffff8b3adcd0 R12: 0000000033262aed
[ 1685.706496][    C0] R13: ffff888065bb64f0 R14: ffff888065bb6540 R15: d1daf415edcbb1c1
[ 1685.706513][    C0] FS:  0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
[ 1685.706526][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1685.706537][    C0] CR2: 00007f37e14d0ce0 CR3: 000000000e138000 CR4: 00000000003526f0
[ 1685.706551][    C0] DR0: fffffffffffffff8 DR1: 0000000000000006 DR2: 0200000000000000
[ 1685.706562][    C0] DR3: 0000000000000005 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1685.706573][    C0] Call Trace:
[ 1685.706579][    C0]  <TASK>
[ 1685.706588][    C0]  ? batadv_nc_worker+0xd2/0x610
[ 1685.706606][    C0]  lock_acquire+0x120/0x360
[ 1685.706619][    C0]  ? batadv_nc_worker+0xd2/0x610
[ 1685.706640][    C0]  ? batadv_nc_worker+0xd2/0x610
[ 1685.706657][    C0]  ? batadv_nc_worker+0xd2/0x610
[ 1685.706675][    C0]  batadv_nc_worker+0xef/0x610
[ 1685.706692][    C0]  ? batadv_nc_worker+0xd2/0x610
[ 1685.706710][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[ 1685.706728][    C0]  process_scheduled_works+0xae1/0x17b0
[ 1685.706752][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1685.706774][    C0]  worker_thread+0x8a0/0xda0
[ 1685.706790][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1685.706813][    C0]  ? __kthread_parkme+0x7b/0x200
[ 1685.706833][    C0]  kthread+0x70e/0x8a0
[ 1685.706852][    C0]  ? __pfx_worker_thread+0x10/0x10
[ 1685.706867][    C0]  ? __pfx_kthread+0x10/0x10
[ 1685.706885][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1685.706902][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1685.706921][    C0]  ? __pfx_kthread+0x10/0x10
[ 1685.706938][    C0]  ret_from_fork+0x3f9/0x770
[ 1685.706954][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[ 1685.706970][    C0]  ? __switch_to_asm+0x39/0x70
[ 1685.706988][    C0]  ? __switch_to_asm+0x33/0x70
[ 1685.707004][    C0]  ? __pfx_kthread+0x10/0x10
[ 1685.707021][    C0]  ret_from_fork_asm+0x1a/0x30
[ 1685.707043][    C0]  </TASK>
[ 1685.707343][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[ 1685.989267][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00082-gfb4d33ab452e #0 PREEMPT(full) 
[ 1686.001060][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1686.011102][   T31] Call Trace:
[ 1686.014376][   T31]  <TASK>
[ 1686.017298][   T31]  dump_stack_lvl+0x99/0x250
[ 1686.021881][   T31]  ? __asan_memcpy+0x40/0x70
[ 1686.026459][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1686.031658][   T31]  ? __pfx__printk+0x10/0x10
[ 1686.036247][   T31]  panic+0x2db/0x790
[ 1686.040130][   T31]  ? __pfx_panic+0x10/0x10
[ 1686.044534][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[ 1686.050332][   T31]  ? irq_work_queue+0xc3/0x140
[ 1686.055089][   T31]  watchdog+0x102d/0x1030
[ 1686.059406][   T31]  ? watchdog+0x1de/0x1030
[ 1686.063814][   T31]  kthread+0x70e/0x8a0
[ 1686.067879][   T31]  ? __pfx_watchdog+0x10/0x10
[ 1686.072541][   T31]  ? __pfx_kthread+0x10/0x10
[ 1686.077201][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1686.082395][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1686.087586][   T31]  ? __pfx_kthread+0x10/0x10
[ 1686.092174][   T31]  ret_from_fork+0x3f9/0x770
[ 1686.096754][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[ 1686.101857][   T31]  ? __switch_to_asm+0x39/0x70
[ 1686.106613][   T31]  ? __switch_to_asm+0x33/0x70
[ 1686.111366][   T31]  ? __pfx_kthread+0x10/0x10
[ 1686.115947][   T31]  ret_from_fork_asm+0x1a/0x30
[ 1686.120714][   T31]  </TASK>
[ 1686.123957][   T31] Kernel Offset: disabled
[ 1686.128275][   T31] Rebooting in 86400 seconds..