last executing test programs:

53.844839799s ago: executing program 2 (id=2158):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000003ac0)={0x0, [[0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], [0x7b7f, 0x0, 0x0, 0x0, 0x0, 0x1], [0x1]], '\x00', [{0x0, 0x0, 0x0, 0x1}, {0x0, 0x1ff}, {0x0, 0x1000}, {}, {}, {0x0, 0x1}, {}, {0x1}], '\x00', 0x3b})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSF2(r4, 0x402c542d, &(0x7f0000000140)={0x9, 0x5, 0xd, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f"})
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000016c0)=0xff)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0x9)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x200)
ioctl$KVM_SET_LAPIC(r5, 0x4400ae8f, &(0x7f0000000380)={"f9bef8d1aaeadafa287efdb9450ae3e2d260489591c42ab93a0c7bca18e9a19fa8e6cd61e9f62f91123f1311f81f85b4044554cb6e3ca1b6d1fc011bd71bdda82f37ccfa5b87dd5dcd311dbbb67f240dc02c53b7eabf3651660ce801e3878538da8bb24e1dbc480dae36207bf6b7b946c7a8ec08468f9a75ec797b8c11807655272833a7c70ccfc9a8259e7a148eca4d16b6ff519973a20b65f91a7261cdd2440a5a0566d843fa334b0280f0aacc3b417322b9b56098dd842c44139da4bd1e2212a40ba043bd72b995b172b26b71d434e9f3bf74b4ed480b264e0e9d6f628732534db36bfb92ee6419fb244db44abf0cd9357755ce9c4c9a584e5eb89ffd10c8a6c3c6115265f25f798570751917cd7cfc2ca71729e268c3b30c05b3dfdb18cbbfd3036a889f5fefb0f9d56bf970bdbf2524f8e435b721c809e73a5fdafbf1594088ad1974908bf5fc752d564c1a4989a7d1e59564567d9b437442c5c1cfec93526395d18b1ecb18dedd713ced403a00a2cd27b2dc857808287ea88157b3c19075eb33f7cc60a6161a88ad37fb04d0ce0fda24176406391a5ac521299143bdf59a474a17272105e55e9870cec2942a6705993e821e54441c877a64450e739b1321ad17e1ed552e65654bbfcc8ebd1d64fc4e888609a90410f780fe5031c27737f2de05a7ddf00129eb746a2e990438d9bf6a3211779707d615d79111b3fe71c26433482306ce7563c11cdf6f8da283ae147311465af80ba5350e6d65438cd5a20ec155d78227e5336d504f8f1145f4b942180f7ba6e5c9a070d4e31289d4845229780e53713090e782a75b32729c10da28c1f2702dad57a37416fc138040064347a0a290803f51a619402d88d0a4b2bef39bf92696b6d7052459a78a258edfe2e66f2e10a80b168b483c90a1a1dd67c6d6c9b7a2336d1678131ca38552d9acff05dcd57f9f4164064b7781d8a8b5507e21edfe35d65d726bf24799535648cd04f3b7e85c3f6762f353a8f65afdc7ba63bc0eb65d7188cb1adee1d8d14c0413458d2ff65093d972ac3696fa12defc0f8dedf2309e1b80fc672205e6ccfc6b494233c4d00b5471cb52d896c73cddee40e5e51ee8a9bbe453a1a7d5b9832cacc5965220145504ccb2a157a7c1d9d718c0bf96cd350ac5ca330c827bedbff299774707f5840a0d954ae39c9421975d48e05d87a1ceddefbecae936e15ffb308364b69eefd345d6200cd128e48c162a4ebd026fefb7cc73e80204b21ff30d63e8707292f60682c6f6a587fff9c5a0fae24e0406df5363c7c9d31f72829b6a9d9237a84e83e22c33bf6313ee4072f09f9c6254d0eb7239d51cdda77b8e3d42a89449a3e1b6be8953a27651486383879490486fd11b6ac4e1b86f8a71fc294e0ebf572f4ef00582be189ee5a38c18d4d51cd3221fb1475a56cdf3cc7258bf8c559bf1a9"})
r6 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r7, 0x7dfff000)

53.29353582s ago: executing program 2 (id=2163):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

53.081393611s ago: executing program 2 (id=2168):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f0000000680)={0x8, {"e0da755a3838e8436beac9644a8951eb65b3cef68671b6ba66b27d2887f0087620bdbc7a8965faab95ec2ace329611a0b669d9ae27662c75428efdc3fcd53679dc365632cd84c443a68bca6071c376870da9187c35eb4935d77a85926788d66683fff1b429af33abe5638b1d32b722b9841b468a87c36615987edf31b83bbb0c35a94472cfca04e2e3c7c6920738ab0bc3f5bea189b52b27034eb841dd44ce4860e4b5bfefa2a19f90c7c576053d323aedead653c83b0abc12624927d593d3a7d1859fdc9d35ac79999001ae11e1d136856f16401522d8e69e74333eb3d22c97fbfe9b3438e7bbb6b13cf0b7ffb4861c00a508f13d9f3e06e58c98132c7c11dba11a42e432f963ac2284fcf2acfd36dd867c2a8bcb8c418535b4f312ea6f4261a6c450a53669d9fb6879face5c553b227900bd9061ee44cea45f5c2399af413c8909e14118ac51cda27e494ecf01fd2a982bb50967c90405cc8ce1933e2500bcde3f3095e1cd2c6ea355807b5f00955c0d130ee1c07a43c93fff0192ca2ce46dbfe93621454e8cd05320472daed25da8add7c177534b9fe1705e7cd09bb6b6a9f04c08edcdbf2144d4d881c56050e379c6396c96cf4cc42c1cffd485fe5ddcbfb0b21f08d3b72b32f149f5c4b5348e0da2e66759934ef266188526f17f06878e1396a3c332cd713747fd84b00450d371e85e4c97e318dc2c9c6e49300e1830dda5d477c03008f80997bd7c84e88a5e3ad4717e4a7d957ffcd7a77d57f7ebab091b5b04af682a95562b30630b5a3c447434c02ce2a5151998b9d52c727fb6ef4530e4d589e4196b23b828a7541ab5c53f019a0f494f6d65dda6f4c6ef4bb0db7285d1649d4dd2b4cd691716337ea3d9cfb264b1e64f4880aa00004688f27fbe51d69778098c55676e97729612338195be1ce64f629788dd8a9450f67da78a08b456340a8ffb188f466d3bbeee94113dc35209c93ed917f5f9be51777bc431714122b7ed954503f8a990a81c073c211660dbf63ca7cc3acdc3b0d17bad007140c4b7e65936239730d62ede182e2a2b114a84d1372d785ef57586003f62f4d29833569d1e3c3985b76cf362e54e6d40531dc77c2740fc3ac50b6be0e45118bc3230c0744e1b7f2a0f188cd9558f38c9213079319c1ad1411133cb5f6f17de86d43f72d0f465ca61cccbd5aa8c2b2606d3efeb39d51229221f51b0503bd3d12b906759447e4142b2198761a2e773ec818d62efaf5d2f2a8e58ea825d2a00a2c1057f93030ae8502943e82391f9a2de2da137519327d9f8d1230bcef39530c275bd1fc8fe28680ee8557f08dd9fc67ea5b5a1df0c3d7159ff1d5cd34ecefd1394cd1c03829faa0b0685984f3fccd77b598d7f543198ae1089cc37a9913be733218fd54a111882f6580b20e4f8fe2a7f5d19ee9b785eac82c379a134aaaeb3e4e1d402978cbf05ec9aa2c05a9a3c9b6db2f55e6dc333ee89fdb1d46bc8e7e4ac4a0004cfe784fbf7276cb65560a59a86a6c9d51727cde1697291289eb3cbd595c05835c71df4cee8437858314f107368b2f8bd9dbf67d87da68e68391edb9b4456e379c362fa051b212bb60e2cd5245e2f6665d8d88efcd7c1aff12edffadf5e988ba8bdf35ec65abfe5841ae669843de6353940c0e5b0fd69c1fdbd4f037959cd73d21b261d0cf363f5dc337548afe588b4bfbad84777d674c5fb74cfcdeb765a173b7343aa8a440dcd8673ea814da0ec638081b569eef38cb01bc396c8be5639ab6417cd3a250377f763aa40a46e69c8e0acbc9974af0ad3e29f71da75a6b588126f22a60859c4120ae6dcf39842c522a5270b60ca991ce2946111d21500cddff318165a5879f181a7417c88d02406c2aadbfb0c8e5035c5ea1d87d10da50bc66b80bb705ef1799948bf06b6e2f600a60adc06ff4a6d2cddb8ff5971b1054501e64f5abcfba15d351381cb1f6c49db9774aaf5eaa3f640e12d9697f37eede0906026d926f40d26e7da3cca846e33a880c904da5a0e30076bf2b0e489fe470b1225a80a3525b012c93596a8497b2a7f2cbc5e0bf039462e13b4a52d6f4919db76ef0e03381a8929f0fb279e5b42ba6c03bc07ebd173d4199cf750e49dea240ea66cf7838c9db9173675d3acbd38a6ecf771fdf73fa732f72782c6573f7067e327e8a8aae40283975f53eb7d11a1f44b6b2af17c5f176159e26ede35aaf0acd7933ea9aaaa0bd69fa17ae3a0dea9905a5b5e4849af096802bdb951d3b77003459598f4ed138e85a940e5cf1586fb8d0324b406f9191de1b5f23a7c6ab569c7d7d5a8a169c6043707cf9d1399950c1eb73b6053128eaa859f0e097f4ab2031993dc9c439279e59b1dac9782f63c8d0494a965774da7085e7fb70f78ef965904f301b59122ce28f67380c424fff4fd66f903cfc367720da357a0326eb483e4bf8162a580c105f6556859c9c2d20393a74942dbc8e79235f24bd9e12906983ba152f7ac7afa4a97cd94fe2112364d22280b44e0adb7693c9a23d9343323b036927360ca8c23154b9a96ec04b63c9fef56ef98e6a281f15bd8f75d5bc8ba4afc174e62a69e3526ea5b6e2668e1c8b7f791993b13bf5e1499fe634fbd3e7a689c00ca06bf751584d50ddffa2163917725d9cc2641548e61c298588cdf57aa8b2cb0161594d7ad0173e2f3bfd9177003f82fe97dfdb402345f21199b30afe6ae96d9feaa5376ae6a079c06475086071ad609db3db8975021ca1b6008ca1f5304e198cbff2a21e8ab9981f8c777162ed18c5aaafdddbc906c3c55d32c7f1d95b1f94267df52298063136bd86a22fd8e21ccc057f50c9a6b64fc363695f061b551f07438a968b5efdb9f5cd92615acad75cbe4211cfc86d4097a9f3887af059c34942d3a31eceae2dd194f64586fdc7d9edbb5be30bfd67d5d5b79ad4a91312685b8cbccdfa6eadb9b7b85c8f284fa24fd04691b0b69916fa8fa04f865764d7fb2dc06370632964bfbceb135d82369fcb20f89f83b03b6b4bcb6cc3462c079a302df0900b4ceec3890e45af8ac785c694b80771c41071036c562ccc4629d0fc160b0cfc22826a75f0d0affc2947fd18d8f3ff1345df39c26b7d30a5ac098233e771d1c9f7432a5aadea6745b46d8e0a64f92e5bd8006243b058d4e743344e1cb9898642f539f478395a44424713f19b3a1cfb17dc73365b82ae8b379e2e96caf923a5f9df3399f1451ff19e3ce18e69d4355851e9e20b65df7391f14e99e05420779bfe5d7ad1e55fdffee20fdabaefa999a8e3109f5545cef8070ef96c72360625d5c1764b080db74b3c4d3770d6434ba2d010da8a88d7c108dc75eaa1c8b935f9e5761c88664db07768f021a78ad9aa1dbe74b18b3eaff8896f18a690b461a324583eac2c827cbff574cb83919fc189258cfa2e75750de9468dcb7537432a76563cedac2df3c372121d1f22d4466c6b9f24a0bd5e784bbf80b6d4e80d2f93a2a8f09f7f3d30820fbc4b3047c24299b6451ea42e1c9c1066d77ff013a9d826bd30000000000b326aee8800e4e4ab4e5c3c782e12c08a17be2b6bde0552025c7497bce5cd13ee1d0c0c7effaca69f087869c169d558b89c0df6c5f22aded6ceb7fdc218548c00861f67931e78bffcdd7cf6124bdc3933d8b9252d31aa01a405ff4dc026e843375b7705a59da119356452c23b45224ff1ce5d8aae959c3d8c3b5252e66ab755e97691c6c67ed7456ca005f43c0735d4e5a6d56a7af16b12014e12fcf1519370395c719d7fa4af94689e4f5e803b3a9984684277905974a6a3f82d15d25ae49d132eb591a31ce3c4e992facce7eda44544fe531251937687ac319a2c02a503d6c338089a9404672eaceac49b38745faa987c5d7c7f915c4f5c72b7a6d519e11cd0251ebc76fac799706ceeb4b1cea02628e78887aace2ac5d0b15959389aa07d467af86e279525f27adb5073baf2b4f6e6498a3ca21af92eea768a5a33b8ad0fa35686653c7a5fa8d93bb7d6499a18b6dfb0eee45ed642c6dcb66703390785c0a16d330d677445ab9cee22fa55ac9a1e9eca09f23d43cc47e43e87f8cc0a88bc4136de5f18eb772aa76060bab4c04cb2bbc8fa23c80518c7999d17a1e2897207ca4586d44c7acc1601aad7cbe001e0e8c6085488ac691121da6eb42520068642a74ba37eb4c7da4af9ff9afd36ace56d64e42792179dbebc7e1f8ce032f4660a930575cc02834af161565f48a0b4203286cbc177b34aa52b90401f1cc9e4a0e2175871d2480322ec10e5984491039f561ab96bac77fc321ab3f6c31ba25dfc93e99b099596cd9271223c507df9f5f928c8f60baf430f9255961d7451132a2fe588e5f5d57cf9dd3bc8a0bba8fe61c549101a3df665402437cf967bc265febf83f93a9f66f533bafe0528f2ef214bd80fe85f98aeeb6cc647f81175dfd012b0783b9ac678f1d9fa6b506c984952916331584f3d944143ca5de95f5e22c3094c5d48db208d4230b51595069329edbeb2b5e0836ab405f67c702c00f897f2d84518443d0e0a264d8246862d30ef7a52567800f4c6521450f56b564c527167ee02cee406aafe00fed32b5c7403c8e768d95bb1787fe0bd7da54c3f7453409a3434599f0859312c52ef0db9efae9f58047e254a69c0123bbca9d6e43dfb7a9f8590a284d05b1eb96bb11badbeb3bb0946a341924cbd5b390d554ea2bc685312fddcbc50d180afb3aa3e4f306ab8bcd572d4c861e6627566d94939ae805790c2ef7ea56e3ed6a4e12ce9a4a4be4b2d810614e87b81c24a252ff98bbf5e723b79c1c91e7ae0cdb044016f3123588530d2850996c1b5d77893eb08d4d1eab6cc020fa10697deb47a0ea0ec9399a135a7ccebb02c0e27cf7f6394f791cc0c09cc31638f64232390c2284b92195e4f0b4e448ce6d3d24e3f4b5de29576750e25fcfa031e97beef43ef3d8b7b9cc6e6f70731b490ce87de2a62f319b66cc86415f6426970a391384ccc6b8983b6f7174033427b2cfa51f380f5aa3d84b96c6e04de95de571570ede884da020793d67f3b322774f2f586bc6262ac78182f3b3aaee6bf7f5146470808cfee840eb6a501f5190733305388224943ea58c5ce8f5f8782a17654ec20d3b8aa7899b55a1f46c4e8945245995ed9db5ea113379d9b67c9fd7b8daa0e8375276917c7911bc80fdc6c2172fa8214768000cfe656f55ea7a9a85b027a828cb79b54627126c1759d83b52dd748b120c5c519ca32e8bc3a05639b967c7fb956ad9ec4b32e830cbaceeb3b18096367b3bbc27c2efe939a2ad42edb50f505127ea8c72125484de5d31d57789e5d3466d6ec739522f7d964fc2519ca008e01e9a9b86b7ca3b83f5b735b8e03a5051f51370bec52b2e7f9afb7efbf330b87936127600da7433c840ae69d5d8f20ec56681a374ffcd5df7c9de028e093102a43d70c31aa73517f9364933ef3865f88cb02beb6f8c63d83c03e3af8429f5d4b9cdf5be1537596c9567fae3deedf871fab9f55f0f5e467227099981ab1647e2504ca79b9e894ba523ed55c4f22c3342ecf3c4b30d050766d1643d83062ef69fe3f5b63951633ab0e25976007647f1b2fcadc68ff2cf22dabaad551cd2e46a4ac7cb6fff77ab646a3d78d6a8522f491bb64eb3b28e7b3e4acba426b2cfa64fcd127ee48717c168d8e3fc6e2a004f1606a9bc6d856115b1c2e2d2fc099e959883f63dc459b5682461f9b731621ccd6a5c0aa00016937df119b49fb578d17bf6724693284c7ce14ae54f147feb32df3cff26b75bf56ab5b99d8a309190c9a47823f84000", 0x1000}}, 0x1006)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x0, 0x0, 0x0, 0xe, 0x1c, "fee8a2ab780e00001ea8ffffffff0000000000000004ddb49a000000000000000000f8ff00080000000000000097ff00000000001400", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffffffffff001700", "90be8bf4bd00000000000000000000000000001000"}})

52.96421807s ago: executing program 2 (id=2169):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
write$FUSE_NOTIFY_POLL(r2, &(0x7f0000000280)={0x18, 0x6}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

52.677496664s ago: executing program 2 (id=2174):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x1)
ioctl$TCSETAF(r2, 0x89f1, &(0x7f0000000000)={0xd51, 0x200, 0xfffb, 0xfff7, 0xf, "625b562886df9e48"})
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r5 = dup(r4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

51.842121107s ago: executing program 2 (id=2179):
r0 = syz_open_dev$video(0x0, 0x7fff, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000040)={0x1, 0x101, 0x4, {0x6, 0xfffff4f6, 0x770d0365, 0xb9c5a9dd}})

36.708709772s ago: executing program 32 (id=2179):
r0 = syz_open_dev$video(0x0, 0x7fff, 0x0)
ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000040)={0x1, 0x101, 0x4, {0x6, 0xfffff4f6, 0x770d0365, 0xb9c5a9dd}})

35.680965577s ago: executing program 4 (id=2288):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000140)="ed", 0x1}], 0x2, 0x0, 0x2)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000080)={0x7, 0x38414261, 0x1, 0xe0, 0x2, @discrete={0x8, 0xc}})
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r1, 0x40101286, &(0x7f0000000000)={0x5, 0xd068})

26.065693306s ago: executing program 0 (id=2355):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001480)={0x2020, 0x0, <r2=>0x0}, 0x2020)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000080)=<r3=>0x0)
r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008702"])
read$FUSE(r4, &(0x7f0000000400)={0x2020, 0x0, <r8=>0x0, <r9=>0x0, <r10=>0x0}, 0x2020)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000002f80)={0xa0, 0x0, r8, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r9, r10, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0)
write$FUSE_CREATE_OPEN(r1, &(0x7f00000002c0)={0xa0, 0x0, r2, {{0x5, 0x3, 0x7, 0x1, 0xffe, 0x3ff, {0x3, 0x5, 0x401, 0x80, 0x9, 0x7fff, 0xffffff94, 0xbc97, 0x1ff, 0x4000, 0x2, r3, r10, 0x5, 0x8}}}}, 0xa0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r11 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r11, 0x40045532, &(0x7f0000000100))
r12 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r12, 0x80045017, 0x0)
r13 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r13, 0x40084149, &(0x7f0000000280)=0x210003)
r14 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
ioctl$SNDRV_PCM_IOCTL_REWIND(r14, 0x40084149, &(0x7f0000000180)=0x4)
r15 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r15, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f00000001c0)={[0x1, 0x8, 0x85c8, 0x0, 0x3, 0x32800000000000, 0xff, 0x3b, 0x80, 0x7ff, 0x7fffffffffffffff, 0xdd, 0x8000000000000001, 0x2, 0xd2a4, 0x2], 0x10000, 0x80004})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

23.939920967s ago: executing program 4 (id=2288):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x88002, 0x0)
pwritev(r0, &(0x7f00000000c0)=[{0x0}, {&(0x7f0000000140)="ed", 0x1}], 0x2, 0x0, 0x2)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4})
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000080)={0x7, 0x38414261, 0x1, 0xe0, 0x2, @discrete={0x8, 0xc}})
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r1, 0x40101286, &(0x7f0000000000)={0x5, 0xd068})

23.260320597s ago: executing program 3 (id=2370):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0xeeee8000, 0x2, 0xb4, 0x10, 0x0, [{0x7, 0x6, 0x2, '\x00', 0x2}, {0x3c, 0x3, 0xb, '\x00', 0x2}, {0x12, 0xc7, 0xb, '\x00', 0x4}, {0x2, 0x7, 0x7, '\x00', 0x1}, {0x4, 0x6, 0xf, '\x00', 0x4}, {0x8, 0x0, 0x7, '\x00', 0x1}, {0x3, 0x72, 0x80, '\x00', 0x9}, {0x3, 0xf8, 0x3}, {0x81, 0xf8, 0x4, '\x00', 0x2}, {0xde, 0x1, 0x20, '\x00', 0x3}, {0x20, 0x2, 0x1, '\x00', 0x5}, {0xff, 0x5, 0x0, '\x00', 0x9}, {0x0, 0x4f, 0x5e, '\x00', 0xd}, {0xf9, 0x6, 0x5, '\x00', 0x9}, {0x3, 0x8, 0x8, '\x00', 0x81}, {0x7, 0x3, 0x10, '\x00', 0x9}, {0xf, 0x3, 0x8, '\x00', 0x9}, {0x80, 0x5, 0x1, '\x00', 0x19}, {0x0, 0xfb, 0x6, '\x00', 0x7}, {0x1, 0xe, 0x47, '\x00', 0xd}, {0x10, 0x2, 0xb, '\x00', 0x3}, {0x3, 0x5, 0xd, '\x00', 0x6}, {0x6, 0x5, 0xf8, '\x00', 0x2}, {0x4, 0x6, 0x5, '\x00', 0xd}]}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
ioctl$KVM_RUN(r2, 0xae80, 0x50000)

22.877660036s ago: executing program 3 (id=2372):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000000c0)={'macsec0\x00', 0x400})
ioctl$TUNSETQUEUE(r2, 0x400454d9, &(0x7f00000006c0)={'bridge_slave_0\x00', 0x600})
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r3=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r3, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

22.822916976s ago: executing program 0 (id=2373):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x7fffffffffffffff, 0x0, 0x1, 0x1d, 0x8, "0f74aaa2f4af11f6ffa35d446b8ef9f0732beeb2239ae850dab40884c1b27a779803e2175893261101ba32e857e8b58f6025f9d864028bead5175d01c938ae88", "d137397b58a2f4892476f32700d61ecfb62c8fb6814ef9f09dbad8d629071742237eac095126a9905cd74607098d80d875f850fdffaf70f8aa755c7842540162", "34c258af26e2b617d4aa8407f13a0f36bb3c671359e53d1c6c0e03d2f9a13c98", [0x4, 0x2]})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
ioctl$KVM_RUN(r2, 0xae80, 0x70000)

22.321538351s ago: executing program 0 (id=2375):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0xee01, <r2=>0xee01}}, './file0\x00'}) (async)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r4, &(0x7f0000000400)={0x8, {"940de312c9be185c33394390ce360adcb8443d1ca2464ad29fe46c8717a823e29b12011e867516a9c1b63394e6b4922549ac2f98b0bafc013757371b5762e5b03b4c8cfcc5d34368b21917740955f80e80fa98a68cb052b102c03e72a4c6702778dfcc5bb74ce23d914f8b143bd94d7382a385be93f61eef509d6cbffa81afee0e3524b8b768a0ef0ae00ad2a23728722436d1c150b512b6c642cb2eeaecb085719014332015474a4ddf7098bb5ac398c0ce256e4dcfd4613dbe9a34b96439546a28db9ce97b344b6c97288b3854e127b4f533f56439a74fcffc41dfeffc5d7a99c01a0fedfd937af595c05a942216581f8efd1ffa1c23c6f08d6987be16bb52420c80bda5da46987fbf7209487defe0374226a526d3588660192d921bfe407f1d1833f390dd8b41b30c53b4deba5a086c516d9bc8ca572d8f0f875303c85bd16570e89f74d7c4ef547a07dd62f334fee76e2e0ca31cca1ad0528d7448ceecd4c9785c302a40bc114335dea8775958a3beff8eeb31afcb9a2c7561980f8554220769e5e90fdfb2f5a905518ef1667a91e2dd474383e4312ea219fe65d421006734fe04661f75e69ae825120b33fb74293e3b83e7f7f563b475cd6e08fd6878ee424fa141d3aee86d952c212c2e7730796510a463a8da486852b23a1d62b714a11301499029d9efb715a11b64f24cd2660c9a47573ce4dd042e333e433ee28b2bce545cf067040193057de290965c1d547fed137e5eb22f5c0a06ad4de6b78204bf053f37c5d96b8053ea445b640360da8fce3391514dc3d1f4e4b35047138cd8c2717bcba278a4f8c27bac01b469ee3fd04004f58287a18307b0ad4120f2c26b08c3267249bfbe1064a3f171e0cfe595f7ab146f3148c73228edf694dc0c400c36e3493b1aca5f85972dadb8d02bddb607b7a431750ca4863812b8020000000000000042db2971e280541cbfa446c6c6d85b77e3327a2d327c25b7619647374e76b1be266cb68959d2651d0c7438cb1b53982191858c66500d8536013701194a9f02dd77216f932e07a4c4b4558b2a38d7e5c39a453c8fb5fae0d00550a2d143f721cd676d842f2ae39ecbf99e027b4cf9f3c2a9bf3b663e51a0b29cf4cfb0877d5b89fdfa93fd9bf33392e6a2c8df36f9f2faa3716d293b7d94c93458c17df99aaadd218fe4c7b967b43f48725e6bac67bf9176e8c63f94862b036b1870bc314b51fea9d0c92020427abaf5be10d3faad2f684d46a2461f2a92350d6f204f03ad2a9fa54cbd8a7a3e7ba2d54f3615ac5ea47f120572f8ef941e81b0812bfc4227ef5719093afbf90040ef1a5eda64563eb7fd015ea54342340ec8648d911a8f3f358ca124ef8c70685bce2fbaeeebf54d059cefd53751b5cf33fe2d92c9df6a63821b6db5188210565e132768b192fb27e745605c529e3648060a98d656f35e36dc4be3102bd678db0ceb0301c5cb0f7f7a08c55cd038a5f751a7c96116f0bd9c9a349558a7a8fc6a73cce1132549169822bf32d742fc4f4e2e50f59eb669f2384282247c60253edc98f9bc802a288a94e1011a066ce9f6eca5f87d2afd893900c3aff87be959451269bc9ac735c43c1e5ecf5d5bff262a27f0c8a1ad401492ffec662e27b12399096fee9910d0fadfd1e1bcf1f20f8f7e5ff1cce9e8db0fd71dda6f228aa96bba6b4120361a6f6acc832be5daa1aabd03a9ae810f0d21466c1a652a47c11db6a8e52580a8347326113b54a4beeaeb21b45e5ef0aa3cfbfb22d99640b7b935bce8e37cebce586f7fe72208b491795a9fbb220ec9b98dd7811ced86292189ce351e8a64c6afde9c1dccbaaebf7e5e3d5e529e926e814b381342c13ea0757ce52a0b0a155d1c85c4108deffa719a22bef7b681a17504e22d6fe9197699e0a16a7104f412e3a681c8ee41d8fbddc8610c161f1fad9e4a5e526e20ac61496e9f3596cc94b79e9680a64a832dc26d6e33e127abe5c405b16978bc4297a85ccaf1599b195db9d66b698c770d84fa90d89b51eca02ed3a3465b8eca9589af034bd6b9c8f6329e393e4753887696ae5158e8ca3ef2e66fac38a6d6a1b61e81d5b6a3c1cb007d64a33f1fe01cf39b82b270e9083ce13b1a32f0c98376d43cdbf9f17b74655f3000343fe051a75ac658a84629b1245107652d6dfa54b1a7d77922becb74539ffb11292794f12ebfd3ea8888c7cd10692d52c85340f92c5d01464fe36deaaec6ad6cc22870372d61485e2d76accd9bf93e0842efe5652e73100a6727b3a4ce4d1594c8ddb5742897d05fd6f6333fa1b90afeaab9fc7426251d24deeef43784f12c0bb09f102962ee9ab427a53fd8da8e1e3c8000ac7164e61d6258c515dcdd911fb1a519d7b38e556457da330ceda8e948aeaf7421d37faf50071f0d38c08fc938278f247084195e778ac90ab7bfafb59c2a1c643cd18d883a46a6cc41410f505ba209746d6b12c015eddf31b6c9ebf2f04605518033721cdf02b1da210ca1465129b443c0c46247b5f8cceb000af2c551fcea1c1bef29c5859e95bcf0956b9092279b47dc652134d2bc54c3688978fd4d7c203749da5e4824fe314aa57e76f58fadfafcc7660b68b1a6043acf8f9f0c259d16fe236b5906f88816e7ab69b67f762ad79a5f654c507cc49be181525ff05cde4d56b53790151efa8060c4685e2b1dd0ad89551a41e0d3dda33c2b528922849a8dfcd7246c242c3b2aa38a69e3e5a37c5806c4bcff53e08ffc7a830d925e3394b688ffffffffcbfe387c9e7df19cfb2b54303c101557aa2ed080194fe0af76d672ed77dfa4c5c0c0f9693f4e8c446d3bc19c0a8654bb4ba8b4daae69edf414615473ec2aadaa6871b7d08a51e349acc7b16fddf741f71670da4c2b0eadcf19f46f0fd18b59ecf7b943a2a5c90125638a3b3270a366c074868e62fe2e8751ff3e60411d7e1b3fb6a873f7843489f661f1bc401765cdfacbd76e1b52e15fb10fc19dc4803d3a4743ab977fae35eed00d59ddf64fcbc61f5fa0cf4098d0babde4a397d2ef100c23ca9f836656d5f25b018606e148e3f66400a682472ed5d28b7de624ed838277432623c11027da18378e46c3fd340585b4835ab1d771266322eee56c3e6bf3300f5d48b6b01f515ba7f3fb726cfc6fdf6c07a2f46bbc3f36fc9ba6e551a46335337c881cc4b73e79e76638411adcaa81ee3b6d0e6e6c721da36dcab68bfb0ca6ba7b2c267b80120143a5c4be333b2cf85b3bd2425ca691ff367d130dbbd8e5f6a819e093eae9d176c1c3fb61557f9e5080ee7703fe2ca1061b52d0a40d7ee2f408b3ceac303e302d96d929c17026793c66423d748a81adfd7cb29027f327b0dac4055e88e385f0400f97988aa1fa40cdf776f9f07991fb55d9d4bf62ebefced240d821bd4fbba62c1b62320228c6a4ca613878e3eb538eea28e92b5d909fc7e63ed5a544e7698d0b7d3d99415d4028a5da4cc67fcba3b744acd4f92938027f42b785405228a38d85fd678703b9d41a6a54cd48303a6be64408101fc5471641c1c5a747244da684fef97aa48bf1a225007f26d9f4002a0dc14d01191ef1d749ea2ea05c42c173c3244c1039c04341b0cf37574d8b78e357b451bfcfb79762ed6a4fbc689690bf37afaa92702a0349ed9aecd9111df9fd57b97749bbf5003991029344497c9ff85adaa7a2e566647ba5bad341eed62034b581981dd7c9de9fd4c241a54ad4d6e9e1cf7ca984b13c628cc65eca0829e69d4d390581e43cd2ed5c56608b45c109f35350fb875316e71f79c433319462d4b589a1f7f2d14d43092655da23d63c63298ed62dd481ab0bc58e97f397b39c94b32fad6a1e0cd9da2dfbe6897ee4986fdbafdb0e4b575f800df5da43cf318ea7a5e83a0136b3bde3296b2bd230ed212f79500c6a4458522c3881532b7bfd170647ee65931760f35a1c1f95b8c93e4233f0de2a13c83f31522f2bee05a57c8378ac6bdd3c9e30dc188b30dadb936f35a3fa247732ebae6a8d762992f8a96c1d26981bda157f2b676ac9d61bb786ac8c349da94dbf75a21b786cdceb47a92597b6d2b22f7dc1187cdb4681ce9bebd69977bab9eabf2a68c1d3b3463d6c7f1392e12a17deb97f2ce5c9ef4021d3b4e0df6b3f4b693e136e3931837e91617cd85846f3019a74d2d65f36369e73a461753631d72f9e2834c446ae7e173d6b1935adc0ce65eb0eac830d442a0344f2cbaedf8d48cb0a6959d07f208fbb2dae434f4fdf35b265fbdbde4138b455b7941096d55808de601ddd8a41a70b12968862d0b4086d4ff55152aee65eaa761a9588bb25bce193b4e55ebb183807f118bff0ccbd85ea761e7c3b6cccb64f97b3f1bf7a96eecc7ab40e770a1620209b509f23aab0f769a16c9b8092326987f0cd1de94b911ea6bef5cf15a93829b7cbf03aa85ef577633e058f81e9653fc47d15ab8bead567ed2affbbf5a470302c065086324dc304c777228050ea9f717e45b6676fc9002ccd0428fcb27d839e4139fb17d4ee72e2fe8394e5de0cc814d92663f8c5f87e131a34ef7094078be0cf54763c82004af9727c7972ff1ea6162b279beea87bc2741e996d14f549d0474aabe780c5b80a35eed311cb734c23d01c160e439662c813126747c7d09068e32fa72605d71abc2a332cb59d81071818d5e0944194285f4cfc050392e505dd93c8c882f46fb6b70b4660784d543a6bf34653487840fdc298c8280241174805bf3cf38083224d213cd6076beac135ed3f8c4c6d808c45da2a47750cb0f4d2be6beada1c481a0152d80c0b520d2f090455494c83ba78eb91e6558d52ceceb23c956bb382bb280e6382d2cb679eecd2bcfb6107e2e4f568f1be293eaa0d2ebb77169b103d5fe74d745cf082c36022108b4c430a87fa8535f1c56d0c1d5dae50c549b1b08911e2d2619eef61131c7804b35c3ca4dac1f2595c68941b013b5ded8bfd52ed41da13c0886b7f9c61a5244a815711253aad7ea74eae788b1beea9bc15addb199d2fc79e81a34b887a0e4b935ad154e961c8b6972f124cae7742e82db1e714af15f34908960dbb4ea24e44ffd750c9d11dd45bfaae73028bc88fddf74b2d24de205980ba14f4889119f8a6291b3724497503ddf95222d5d050414e487a3dc65e5eda3169e10570a50440be346cc1f1b0c848410b46610c738636707c5d740a8e3a9b688c2c1ea54135bffd2ffd87d9dfa902f3dd97b2a6068fa65f5a5f95da2b9f6124fe07682e27ab65ab96573e762f5060439e18649798e0b9d7864f91dbc4f4ed3a4ab30671f8f7f3c49c7ac504a754f9420fd9b22421afd7203f7cd6dd8c8e7a33709e12d004e402672af2b3f9046bc57854f98482538ad48723cd153cf03103c157cdb1a63e839a02c3f0041d7020280f96f3f7e0ce89c408be10d344540808dee1bfcb01f5293ab606c71ffc09f9e63b93b37e8d8007ad8432d2e81c3d1d40a57711bdb798ee91a3f05f93f4f46f883db0613bf95fabd523d955d0d4a5518e1bb3dae7646af8af8d4a4d7dcfac633c6efa3164f9e05bbb4b05947ac0e6c4edd99a768eda4c7149cf38a460b522d6405aa47fada1c78f56fbd33669719b1496427f290532334b69d0a7cf6c46cefe5ecd0fd923b14929fd3db8a1a94ba63954b58ceb9b1e0f8471a02c13a160aa763083a5fd36c199075a769768e164f17911f5a416bb96198aa0954a7d27e30c480691ce80dc71a49100", 0x1000}}, 0x1006) (async)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5, 0x1c, "ffffffff00000004ddb49a000000000000000000f8e500080000010000000000000000040000ff000000000000ffffffff00000000000000299b00", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffffffffff001700", "90be8bf4bd00000000000000000000000000001000"}}) (async)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x8, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, r2, 0x1, 0x3}}, {0x0, 0xd}}}, 0xa0) (async)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r5, 0xc004500a, &(0x7f0000000180)=0xffff0018) (async)
ioctl$SOUND_PCM_READ_BITS(r5, 0x80045005, 0x0) (async)
read$FUSE(r1, 0x0, 0x0) (async)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

21.984712495s ago: executing program 0 (id=2378):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000500), 0xb, 0x0) (async)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0) (async)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000140)) (async)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000080)=0x200000000) (async)
r3 = dup2(r2, r2)
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000400)={0x0, 0x0, 0x0, &(0x7f0000000300)=""/121, 0x0})
write$vhost_msg_v2(r3, &(0x7f0000000280)={0x2, 0x0, {&(0x7f00000001c0)=""/128, 0xfe6e, 0x0, 0x3, 0x2}}, 0x48)
ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000380)=0x1) (async)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r1, 0xc2604110, &(0x7f0000000000)={0x200, [[0x7fff], [0x2, 0x0, 0x0, 0x0, 0x0, 0xecdc, 0x0, 0xda44], [0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x4]], '\x00', [{0xfffffffe}, {}, {0x0, 0x1}, {0x7fb, 0x7fc}, {}, {0x0, 0x1004}, {}, {}, {}, {0x4}, {}, {0xe}], '\x00', 0x0, 0x0, 0x0, 0x2}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x155004)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x200, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0) (async)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000640)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000680)={<r7=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r6, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r7, 0x0, 0x0, 0x30, 0x0, @in={0x1b, 0x0, @local}, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}}}}, 0x118) (async)
r8 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0) (async)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

21.483560945s ago: executing program 0 (id=2379):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000000)=@x86={0x0, 0xf, 0x7, 0x0, 0x0, 0x9, 0xb, 0x22, 0x3, 0x2f, 0x5, 0xe, 0x0, 0x8, 0x3, 0x4, 0x4, 0x4c, 0x8, '\x00', 0x4, 0xfffffffffffffefd})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000040)=@arm64={0x3, 0x4, 0x9})
r6 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

21.254433245s ago: executing program 3 (id=2380):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000280)={0x2, 0x0, @ioapic={0xeeee8000, 0x2, 0xb4, 0x10, 0x0, [{0x7, 0x6, 0x2, '\x00', 0x2}, {0x3c, 0x3, 0xb, '\x00', 0x2}, {0x12, 0xc7, 0xb, '\x00', 0x4}, {0x2, 0x7, 0x7, '\x00', 0x1}, {0x4, 0x6, 0xf, '\x00', 0x4}, {0x8, 0x0, 0x7, '\x00', 0x1}, {0x3, 0x72, 0x80, '\x00', 0x9}, {0x3, 0xf8, 0x3}, {0x81, 0xf8, 0x4, '\x00', 0x2}, {0xde, 0x1, 0x20, '\x00', 0x3}, {0x20, 0x2, 0x1, '\x00', 0x5}, {0xff, 0x5, 0x0, '\x00', 0x9}, {0x0, 0x4f, 0x5e, '\x00', 0xd}, {0xf9, 0x6, 0x5, '\x00', 0x9}, {0x3, 0x8, 0x8, '\x00', 0x81}, {0x7, 0x3, 0x10, '\x00', 0x9}, {0xf, 0x3, 0x8, '\x00', 0x9}, {0x80, 0x5, 0x1, '\x00', 0x19}, {0x0, 0xfb, 0x6, '\x00', 0x7}, {0x1, 0xe, 0x47, '\x00', 0xd}, {0x10, 0x2, 0xb, '\x00', 0x3}, {0x3, 0x5, 0xd, '\x00', 0x6}, {0x6, 0x5, 0xf8, '\x00', 0x2}, {0x4, 0x6, 0x5, '\x00', 0xd}]}})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
ioctl$KVM_RUN(r2, 0xae80, 0x70000)

20.906625422s ago: executing program 3 (id=2382):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1, 0x3, 0x0, 0x1000, &(0x7f000078a000/0x1000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000})
ioctl$KVM_RUN(r2, 0xae80, 0x40000000)

20.642921215s ago: executing program 3 (id=2383):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x4000000004002, 0x0)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000000c0)={0x0, 0x36200}) (async)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007)

20.38954114s ago: executing program 0 (id=2384):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x0, 0x0)
close(r0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1)
write$cgroup_devices(r0, &(0x7f0000000080)={'b', ' *:* ', 'm\x00'}, 0x8)
lseek(r0, 0x1, 0x2)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000100)=[<r3=>0x0, 0x0, <r4=>0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3, 0x9, 0x2, 0x3})
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000280)=0xb0000)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x4101, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'ip6tnl0\x00', 0x4000})
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x10, r7, 0x4a19b000)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
read$FUSE(r8, &(0x7f00000003c0)={0x2020}, 0x2020)
read$nci(r7, &(0x7f0000002400)=""/39, 0x27)
read$FUSE(r8, &(0x7f0000002440)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000004480)={0xff, 0x1, 0x3ff})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000044c0)={@local, 0x2})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000004500)={{0x1, 0x1, 0x18, <r9=>r1}, './file0\x00'})
ioctl$BLKTRACESTART(r9, 0x1274, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000004540))
ioctl$TUNSETTXFILTER(r9, 0x400454d1, &(0x7f0000004640)={0x1, 0x5, [@multicast, @remote, @random="1aed63e115cc", @remote, @remote]})
ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000004680)={0x0, <r10=>0x0})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000046c0)={<r11=>0x0, 0x0, r9})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000004700)={r4, 0x3, 0x8, 0x0, 0x2, [0x0, <r12=>0x0], [0x8001, 0x0, 0x2, 0x6], [0x8, 0x3, 0xc0, 0x2], [0x2, 0x8000, 0xcd7, 0x6]})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000004780)={r3, 0xb, 0x10000, 0x101, 0x1, [0x0, 0x0, <r13=>0x0], [0xe1, 0x3b9a, 0x3ff, 0x6], [0x8, 0x7, 0x12000, 0xa], [0x5, 0x9, 0x3, 0xfcb8]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f0000004800)={r3, 0x9, 0x5, 0xf, 0x2, [r10, r11, r12, r13], [0x4, 0x9, 0x80000000, 0x5], [0xa0, 0x6, 0xffff8001, 0xfffffbff], [0xffff, 0x0, 0x6, 0xfffffffffffffff5]})
ioctl$UI_ABS_SETUP(r9, 0x401c5504, &(0x7f0000004880)={0x3, {0x8, 0x7, 0x2, 0x2, 0x8, 0x4}})

20.300201083s ago: executing program 3 (id=2386):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c182)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x1, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000})
r5 = dup(r2)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r7, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x6, 0xd, "339f020bbe82b398000000000000000000000ec0c1bce9b1c4369d03741150ceaac594b1040000000000e7ff37ef2a565ef1e80723691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "2443fb1d77a68e174ff10000000000000411e2000ea3f1f5a53e010f00", [0x0, 0xffffffffffffffff]}})
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r10, 0x0, <r11=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r9, 0x3ba0, &(0x7f0000000280)={0x48, 0x13, r11})
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

17.983648962s ago: executing program 1 (id=2392):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x408800, 0x0)
r3 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0)
r6 = syz_open_dev$loop(&(0x7f0000000080), 0x847ffff8, 0x0)
ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f0000000440)={r5, 0x2000, {0x0, 0x0, 0x0, 0x2000000000000008, 0x0, 0x0, 0x6, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a1e77a68e174f000000000000000010e200"}})
r7 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f0000000040)={@host})
r8 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001ff, 0x101301)
ioctl$USBDEVFS_SUBMITURB(r8, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0xfffffff8, 0x40, &(0x7f0000000000)={0x4b5a9da54893e123, 0x3, 0x11, 0xfffd}, 0x8, 0x0, 0x0, 0x0, 0x0, 0x20007, 0x0})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r7, 0x7ab, &(0x7f00000009c0)={&(0x7f0000000540)={{@host}, {@host=0x10}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a64dbd7b398bd4e7a247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b0899c7181ba154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227d17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d43843236b571c8d3237408c266e08d0699ebd30e0820362664ab323b15d3ae9896d6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce8622eab1cfdf82a364209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc986a2dbf6199977e9b446691bf9f95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def48f8b3583a53a0941fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c128fdacc545263ce458bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc9030"}, 0x418})
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000008c0)={'dvmrp0\x00', 0x2})
ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000000180)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff01c}, {0x16, 0x0, 0x0, 0xfffffffd}]})
ioctl$LOOP_CHANGE_FD(r6, 0x4c09, r5)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cpuacct.usage_all\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETOFFLOAD(r4, 0x400454ce, 0xa)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r10, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r5, {0xee01, <r11=>0xffffffffffffffff}}, './file0\x00'})
ioctl$TUNSETGROUP(r10, 0x400454ce, r11)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r3, 0xc4c85513, &(0x7f0000000540)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x340000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0xfffffffffffffffe, 0x0, 0x0, 0x519]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)

17.061976625s ago: executing program 1 (id=2393):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181)
r1 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x0, 0x28003)
ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x40045731, &(0x7f00000002c0))
r2 = dup(0xffffffffffffffff)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r4=>0x0})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f00000000c0)={0x1, 0xaa4, 0x0, &(0x7f0000000100)})
ioctl$KVM_XEN_HVM_CONFIG(0xffffffffffffffff, 0x4038ae7a, &(0x7f0000000180)={0x1, 0xaa4, 0x0, 0x0})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r6, 0x4188aec6, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r7, 0xc0405602, &(0x7f0000002800)={0x4, 0x1, 0x0, "833461025a78ffa177be169916ea42232f59496b79b29963084f401a544b75d0"})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000200)={0x48, 0x1, r4, 0x0, 0xb9b, 0x7})
ioctl$USBDEVFS_RESETEP(r2, 0x80045503, &(0x7f0000000080)={0x7, 0x1})
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r9, 0x8004e500, 0x0)
r10 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x2, 0x2000, &(0x7f000000b000/0x2000)=nil})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r3, 0x3b65, 0x4)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4})
read(r0, &(0x7f0000000540)=""/151, 0x97)

16.665852485s ago: executing program 1 (id=2394):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r2, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1})
r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x7, 0x7fffffffffffffff, 0x0, 0x1, 0x1d, 0x8, "0f74aaa2f4af11f6ffa35d446b8ef9f0732beeb2239ae850dab40884c1b27a779803e2175893261101ba32e857e8b58f6025f9d864028bead5175d01c938ae88", "d137397b58a2f4892476f32700d61ecfb62c8fb6814ef9f09dbad8d629071742237eac095126a9905cd74607098d80d875f850fdffaf70f8aa755c7842540162", "34c258af26e2b617d4aa8407f13a0f36bb3c671359e53d1c6c0e03d2f9a13c98", [0x4, 0x2]})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TIOCSISO7816(r5, 0xc0285443, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})
ioctl$KVM_RUN(r4, 0xae80, 0x0)

16.370647831s ago: executing program 1 (id=2395):
r0 = syz_open_dev$video(&(0x7f0000000080), 0x7ff, 0x0)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000240)={0x0, 0x2, 0x6})
openat$fb0(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000340)=0xfdd)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$UHID_CREATE(r3, &(0x7f00000002c0)={0x0, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x0, 0x57, 0x0, 0x0, 0x1, 0x0, 0x81}}, 0x120)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c643c, &(0x7f0000000300)={0x0, 0x0, r2})
r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a)
r5 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r5, &(0x7f0000000180)={0x30, 0x5, 0x0, {0x0, 0x0, 0xbc4, 0x2}}, 0x30)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000440), 0x8500, 0x0)
ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r8, 0x3b8c, &(0x7f0000000180)={0x30, 0x0, 0x3bcd9a38fd325baf, 0x0, 0xf, 0x9, 0x4, 0x0})
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r7, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r7, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[<r9=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_SETPLANE(r7, 0xc03064b7, &(0x7f0000000040)={r9})
r10 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r10, 0x40247007, &(0x7f0000000040)={0x102, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x4c000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r11, 0x3b81, &(0x7f0000000080)={0xc})

15.888894095s ago: executing program 1 (id=2396):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000200)={0x48, 0xc, 0x0, 0x0, 0x0, 0xffffffffffffffff})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r1, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

15.113757403s ago: executing program 1 (id=2397):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000500)={0xa, @pix={0x8, 0x0, 0x20343059, 0x7, 0x3, 0x0, 0x2, 0x9, 0x1, 0x6, 0x5, 0x2}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
close(r0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f00000001c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000080)=""/12, 0xc}}, 0x120)
r3 = syz_open_dev$vcsn(&(0x7f0000000300), 0xb4, 0x4300)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000340)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
read(r2, &(0x7f00000000c0)=""/51, 0xd)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

5.053607741s ago: executing program 33 (id=2384):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/custom0\x00', 0x0, 0x0)
close(r0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_STOP(r1, 0x54a1)
write$cgroup_devices(r0, &(0x7f0000000080)={'b', ' *:* ', 'm\x00'}, 0x8)
lseek(r0, 0x1, 0x2)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f00000000c0)={0x0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000100)=[<r3=>0x0, 0x0, <r4=>0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0], 0x3, 0x9, 0x2, 0x3})
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000280)=0xb0000)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000002c0), 0x4101, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000300)={'ip6tnl0\x00', 0x4000})
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x10, r7, 0x4a19b000)
r8 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
read$FUSE(r8, &(0x7f00000003c0)={0x2020}, 0x2020)
read$nci(r7, &(0x7f0000002400)=""/39, 0x27)
read$FUSE(r8, &(0x7f0000002440)={0x2020}, 0x2020)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000004480)={0xff, 0x1, 0x3ff})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f00000044c0)={@local, 0x2})
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000004500)={{0x1, 0x1, 0x18, <r9=>r1}, './file0\x00'})
ioctl$BLKTRACESTART(r9, 0x1274, 0x0)
ioctl$MEDIA_IOC_ENUM_ENTITIES(0xffffffffffffffff, 0xc1007c01, &(0x7f0000004540))
ioctl$TUNSETTXFILTER(r9, 0x400454d1, &(0x7f0000004640)={0x1, 0x5, [@multicast, @remote, @random="1aed63e115cc", @remote, @remote]})
ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000004680)={0x0, <r10=>0x0})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f00000046c0)={<r11=>0x0, 0x0, r9})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000004700)={r4, 0x3, 0x8, 0x0, 0x2, [0x0, <r12=>0x0], [0x8001, 0x0, 0x2, 0x6], [0x8, 0x3, 0xc0, 0x2], [0x2, 0x8000, 0xcd7, 0x6]})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000004780)={r3, 0xb, 0x10000, 0x101, 0x1, [0x0, 0x0, <r13=>0x0], [0xe1, 0x3b9a, 0x3ff, 0x6], [0x8, 0x7, 0x12000, 0xa], [0x5, 0x9, 0x3, 0xfcb8]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f0000004800)={r3, 0x9, 0x5, 0xf, 0x2, [r10, r11, r12, r13], [0x4, 0x9, 0x80000000, 0x5], [0xa0, 0x6, 0xffff8001, 0xfffffbff], [0xffff, 0x0, 0x6, 0xfffffffffffffff5]})
ioctl$UI_ABS_SETUP(r9, 0x401c5504, &(0x7f0000004880)={0x3, {0x8, 0x7, 0x2, 0x2, 0x8, 0x4}})

4.996754779s ago: executing program 34 (id=2386):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c182)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x1, r4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r4, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000})
r5 = dup(r2)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r6, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0)
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r8 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42)
ioctl$LOOP_CONFIGURE(r8, 0x4c0a, &(0x7f00000002c0)={r7, 0x4000, {0x0, 0x0, 0x0, 0x2ead, 0x7fff, 0x0, 0x0, 0x6, 0xd, "339f020bbe82b398000000000000000000000ec0c1bce9b1c4369d03741150ceaac594b1040000000000e7ff37ef2a565ef1e80723691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "2443fb1d77a68e174ff10000000000000411e2000ea3f1f5a53e010f00", [0x0, 0xffffffffffffffff]}})
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r10=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r10, 0x0, <r11=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r9, 0x3ba0, &(0x7f0000000280)={0x48, 0x13, r11})
ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

0s ago: executing program 35 (id=2397):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000500)={0xa, @pix={0x8, 0x0, 0x20343059, 0x7, 0x3, 0x0, 0x2, 0x9, 0x1, 0x6, 0x5, 0x2}})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
close(r0)
r2 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r2, &(0x7f00000001c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000080)=""/12, 0xc}}, 0x120)
r3 = syz_open_dev$vcsn(&(0x7f0000000300), 0xb4, 0x4300)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000340)=0x4)
r4 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r4, 0x0)
read(r2, &(0x7f00000000c0)=""/51, 0xd)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

kernel console output (not intermixed with test programs):

Call Trace:
[  242.984958][T10657]  <TASK>
[  242.984966][T10657]  dump_stack_lvl+0x189/0x250
[  242.984994][T10657]  ? __pfx____ratelimit+0x10/0x10
[  242.985026][T10657]  ? __pfx_dump_stack_lvl+0x10/0x10
[  242.985060][T10657]  ? __pfx__printk+0x10/0x10
[  242.985082][T10657]  ? __might_fault+0xb0/0x130
[  242.985117][T10657]  should_fail_ex+0x414/0x560
[  242.985147][T10657]  _copy_from_user+0x2d/0xb0
[  242.985179][T10657]  snd_seq_write+0x300/0x810
[  242.985209][T10657]  ? __pfx_snd_seq_write+0x10/0x10
[  242.985227][T10657]  ? bpf_lsm_file_permission+0x9/0x20
[  242.985245][T10657]  ? security_file_permission+0x75/0x290
[  242.985273][T10657]  ? rw_verify_area+0x258/0x650
[  242.985296][T10657]  ? __pfx_snd_seq_write+0x10/0x10
[  242.985314][T10657]  vfs_write+0x27b/0xa90
[  242.985346][T10657]  ? __pfx_vfs_write+0x10/0x10
[  242.985371][T10657]  ? __fget_files+0x2a/0x420
[  242.985400][T10657]  ? __fget_files+0x2a/0x420
[  242.985425][T10657]  ? __fget_files+0x3a0/0x420
[  242.985450][T10657]  ? __fget_files+0x2a/0x420
[  242.985489][T10657]  ksys_write+0x145/0x250
[  242.985515][T10657]  ? __pfx_ksys_write+0x10/0x10
[  242.985535][T10657]  ? rcu_is_watching+0x15/0xb0
[  242.985562][T10657]  ? do_syscall_64+0xbe/0x3b0
[  242.985584][T10657]  do_syscall_64+0xfa/0x3b0
[  242.985600][T10657]  ? lockdep_hardirqs_on+0x9c/0x150
[  242.985628][T10657]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.985645][T10657]  ? clear_bhb_loop+0x60/0xb0
[  242.985668][T10657]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  242.985684][T10657] RIP: 0033:0x7f5b31f8e929
[  242.985700][T10657] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  242.985715][T10657] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  242.985733][T10657] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  242.985746][T10657] RDX: 000000000000fdc1 RSI: 0000200000000080 RDI: 0000000000000004
[  242.985757][T10657] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  242.985768][T10657] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  242.985778][T10657] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  242.985806][T10657]  </TASK>
[  243.332557][ T5848] Bluetooth: hci0: command tx timeout
[  243.394071][T10623] chnl_net:caif_netlink_parms(): no params data found
[  243.642050][T10623] bridge0: port 1(bridge_slave_0) entered blocking state
[  243.657754][T10623] bridge0: port 1(bridge_slave_0) entered disabled state
[  243.669795][T10623] bridge_slave_0: entered allmulticast mode
[  243.677565][T10623] bridge_slave_0: entered promiscuous mode
[  243.711426][T10623] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.745981][T10623] bridge0: port 2(bridge_slave_1) entered disabled state
[  243.756511][T10623] bridge_slave_1: entered allmulticast mode
[  243.765662][T10623] bridge_slave_1: entered promiscuous mode
[  243.775419][T10668] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  243.791095][T10668] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  243.943937][T10623] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  243.961724][T10623] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  243.985718][T10678] mkiss: ax0: crc mode is auto.
[  244.118561][T10623] team0: Port device team_slave_0 added
[  244.141537][T10623] team0: Port device team_slave_1 added
[  244.235658][T10623] batman_adv: batadv0: Adding interface: batadv_slave_0
[  244.253315][T10623] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.311543][T10623] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  244.333713][T10623] batman_adv: batadv0: Adding interface: batadv_slave_1
[  244.353777][T10623] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  244.446848][T10623] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  244.618278][T10623] hsr_slave_0: entered promiscuous mode
[  244.627181][T10623] hsr_slave_1: entered promiscuous mode
[  244.654418][T10707] FAULT_INJECTION: forcing a failure.
[  244.654418][T10707] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  244.675216][T10707] CPU: 0 UID: 0 PID: 10707 Comm: syz.1.1244 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  244.675245][T10707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  244.675257][T10707] Call Trace:
[  244.675276][T10707]  <TASK>
[  244.675284][T10707]  dump_stack_lvl+0x189/0x250
[  244.675312][T10707]  ? __pfx____ratelimit+0x10/0x10
[  244.675344][T10707]  ? __pfx_dump_stack_lvl+0x10/0x10
[  244.675366][T10707]  ? __pfx__printk+0x10/0x10
[  244.675401][T10707]  should_fail_ex+0x414/0x560
[  244.675433][T10707]  _copy_to_user+0x31/0xb0
[  244.675456][T10707]  simple_read_from_buffer+0xe1/0x170
[  244.675489][T10707]  proc_fail_nth_read+0x1df/0x250
[  244.675512][T10707]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  244.675533][T10707]  ? rw_verify_area+0x258/0x650
[  244.675556][T10707]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  244.675576][T10707]  vfs_read+0x1fd/0x980
[  244.675607][T10707]  ? __pfx___mutex_lock+0x10/0x10
[  244.675627][T10707]  ? __pfx_vfs_read+0x10/0x10
[  244.675654][T10707]  ? __fget_files+0x2a/0x420
[  244.675687][T10707]  ? __fget_files+0x3a0/0x420
[  244.675721][T10707]  ? __fget_files+0x2a/0x420
[  244.675758][T10707]  ksys_read+0x145/0x250
[  244.675786][T10707]  ? __pfx_ksys_read+0x10/0x10
[  244.675807][T10707]  ? rcu_is_watching+0x15/0xb0
[  244.675835][T10707]  ? do_syscall_64+0xbe/0x3b0
[  244.675858][T10707]  do_syscall_64+0xfa/0x3b0
[  244.675875][T10707]  ? lockdep_hardirqs_on+0x9c/0x150
[  244.675905][T10707]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.675924][T10707]  ? clear_bhb_loop+0x60/0xb0
[  244.675948][T10707]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  244.675966][T10707] RIP: 0033:0x7f075bd8d33c
[  244.675983][T10707] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  244.675999][T10707] RSP: 002b:00007f075cb34030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  244.676019][T10707] RAX: ffffffffffffffda RBX: 00007f075bfb5fa0 RCX: 00007f075bd8d33c
[  244.676033][T10707] RDX: 000000000000000f RSI: 00007f075cb340a0 RDI: 0000000000000005
[  244.676045][T10707] RBP: 00007f075cb34090 R08: 0000000000000000 R09: 0000000000000000
[  244.676056][T10707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  244.676067][T10707] R13: 0000000000000000 R14: 00007f075bfb5fa0 R15: 00007ffdf86c3e18
[  244.676097][T10707]  </TASK>
[  244.981895][T10710] syz.1.1245: attempt to access beyond end of device
[  244.981895][T10710] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  245.692814][T10623] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  245.722365][T10623] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  245.758555][T10623] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  245.783871][T10733] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  245.796714][T10623] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  246.158262][T10623] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.200772][T10623] 8021q: adding VLAN 0 to HW filter on device team0
[  246.246530][ T1156] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.253753][ T1156] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.296098][ T1156] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.303355][ T1156] bridge0: port 2(bridge_slave_1) entered forwarding state
[  246.898472][T10623] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.056565][T10623] veth0_vlan: entered promiscuous mode
[  247.099699][T10623] veth1_vlan: entered promiscuous mode
[  247.165017][T10623] veth0_macvtap: entered promiscuous mode
[  247.195191][T10623] veth1_macvtap: entered promiscuous mode
[  247.268060][T10623] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.312350][T10623] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.327088][T10623] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.359310][T10623] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.375626][T10623] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.384621][T10623] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.554360][  T196] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.572419][  T196] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.613035][ T1156] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.630087][ T1156] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  248.196793][T10810] input: syz1 as /devices/virtual/input/input37
[  249.766326][T10859] binder: 10857:10859 ioctl c00c6211 0 returned -14
[  250.468369][T10886] random: crng reseeded on system resumption
[  250.767214][T10900] FAULT_INJECTION: forcing a failure.
[  250.767214][T10900] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  250.816641][T10900] CPU: 1 UID: 0 PID: 10900 Comm: syz.2.1279 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  250.816676][T10900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  250.816688][T10900] Call Trace:
[  250.816697][T10900]  <TASK>
[  250.816705][T10900]  dump_stack_lvl+0x189/0x250
[  250.816734][T10900]  ? __pfx____ratelimit+0x10/0x10
[  250.816767][T10900]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.816791][T10900]  ? __pfx__printk+0x10/0x10
[  250.816827][T10900]  should_fail_ex+0x414/0x560
[  250.816872][T10900]  _copy_to_user+0x31/0xb0
[  250.816894][T10900]  simple_read_from_buffer+0xe1/0x170
[  250.816927][T10900]  proc_fail_nth_read+0x1df/0x250
[  250.816949][T10900]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  250.816971][T10900]  ? rw_verify_area+0x258/0x650
[  250.816995][T10900]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  250.817015][T10900]  vfs_read+0x1fd/0x980
[  250.817045][T10900]  ? __pfx___mutex_lock+0x10/0x10
[  250.817065][T10900]  ? __pfx_vfs_read+0x10/0x10
[  250.817091][T10900]  ? __fget_files+0x2a/0x420
[  250.817124][T10900]  ? __fget_files+0x3a0/0x420
[  250.817157][T10900]  ? __fget_files+0x2a/0x420
[  250.817194][T10900]  ksys_read+0x145/0x250
[  250.817220][T10900]  ? __pfx_ksys_read+0x10/0x10
[  250.817250][T10900]  ? do_syscall_64+0xbe/0x3b0
[  250.817273][T10900]  do_syscall_64+0xfa/0x3b0
[  250.817292][T10900]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.817310][T10900]  ? asm_common_interrupt+0x26/0x40
[  250.817327][T10900]  ? clear_bhb_loop+0x60/0xb0
[  250.817350][T10900]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.817368][T10900] RIP: 0033:0x7f5b31f8d33c
[  250.817384][T10900] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  250.817399][T10900] RSP: 002b:00007f5b32de4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  250.817419][T10900] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8d33c
[  250.817432][T10900] RDX: 000000000000000f RSI: 00007f5b32de40a0 RDI: 0000000000000006
[  250.817443][T10900] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  250.817454][T10900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  250.817465][T10900] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  250.817493][T10900]  </TASK>
[  251.046311][    C1] vkms_vblank_simulate: vblank timer overrun
[  251.477065][T10920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  251.592631][T10930] autofs4:pid:10930:validate_dev_ioctl: path string terminator missing for cmd(0xc018937b)
[  252.973943][T10959] QAT: failed to copy from user cfg_data.
[  253.658312][T10982] i2c i2c-0: Invalid block write size 34
[  253.719714][T10984] input: syz1 as /devices/virtual/input/input39
[  254.496449][T11014] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  254.704129][T11019] binder: 11018:11019 ioctl c018620c 200000000140 returned -22
[  255.578205][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  255.585256][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  255.862898][T11063] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  255.871474][T11067] binder: 11066:11067 ioctl c018620c 200000000140 returned -22
[  255.901944][T11068] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  256.492894][T11085] input: syz0 as /devices/virtual/input/input40
[  256.656353][T11093] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  258.105330][T11131] ubi31: attaching mtd0
[  258.123251][T11131] ubi31: scanning is finished
[  258.265545][T11131] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  258.308322][T11131] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  258.326111][T11131] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  258.343628][T11131] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  258.361245][T11131] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  258.378501][T11131] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  258.397189][T11131] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3661314905
[  258.418036][T11131] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  258.446391][T11137] ubi31: background thread "ubi_bgt31d" started, PID 11137
[  259.083932][T11160] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  259.106625][T11160] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  259.666579][T11174] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  260.029796][T11186] kvm: kvm [11181]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400
[  260.345873][T11190] input: syz1 as /devices/virtual/input/input42
[  260.467366][T11192] PM: Enabling pm_trace changes system date and time during resume.
[  260.467366][T11192] PM: Correct system time has to be restored manually after resume.
[  263.072230][T11250] mkiss: ax0: crc mode is auto.
[  263.130454][T11255] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  263.165534][T11255] input: syz1 as /devices/virtual/input/input43
[  263.596005][T11268] sp0: Synchronizing with TNC
[  263.743270][T11264] [U] è
[  265.736959][T11328] kvm: user requested TSC rate below hardware speed
[  266.180331][T11339] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  266.482453][T11351] binder: 11346:11351 ioctl c018620b 200000000100 returned -14
[  267.244517][T11373] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  267.277897][T11373] input: syz1 as /devices/virtual/input/input45
[  268.763726][T11404] usb usb1: usbfs: process 11404 (syz.0.1435) did not claim interface 0 before use
[  269.982719][T11442] syz.0.1447: attempt to access beyond end of device
[  269.982719][T11442] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  270.015661][T11448] syz.1.1448: attempt to access beyond end of device
[  270.015661][T11448] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  270.476953][T11471] binder: 11470:11471 ioctl c0306201 0 returned -14
[  270.986508][T11492] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  271.539967][T11501] AppArmor: change_hat: Invalid input ''
[  272.562894][T11535] cgroup: fork rejected by pids controller in /syz1
[  272.951709][T11644] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  272.976409][T11646] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  273.047692][T11648] kvm: user requested TSC rate below hardware speed
[  273.446341][ T1167] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.511210][T11653] mkiss: ax0: crc mode is auto.
[  273.564131][ T1167] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.650667][ T1167] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.779715][ T1167] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.100118][ T1167] bridge_slave_1: left allmulticast mode
[  274.105843][ T1167] bridge_slave_1: left promiscuous mode
[  274.147509][ T1167] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.185237][ T1167] bridge_slave_0: left allmulticast mode
[  274.199479][ T1167] bridge_slave_0: left promiscuous mode
[  274.205521][ T1167] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.402565][ T5845] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  274.420727][ T5845] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  274.429019][ T5845] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  274.447935][ T5845] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  274.460245][ T5845] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  274.479518][ T5848] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  274.492481][ T5848] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  274.507644][ T5848] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  274.517209][ T5848] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  274.529850][ T5848] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  274.633050][T11682] ubi31: detaching mtd0
[  274.651261][T11682] ubi31: mtd0 is detached
[  274.929268][T11686] FAULT_INJECTION: forcing a failure.
[  274.929268][T11686] name failslab, interval 1, probability 0, space 0, times 0
[  274.947317][T11686] CPU: 0 UID: 0 PID: 11686 Comm: syz.3.1495 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  274.947343][T11686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  274.947354][T11686] Call Trace:
[  274.947361][T11686]  <TASK>
[  274.947369][T11686]  dump_stack_lvl+0x189/0x250
[  274.947395][T11686]  ? __pfx____ratelimit+0x10/0x10
[  274.947426][T11686]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.947446][T11686]  ? __pfx__printk+0x10/0x10
[  274.947472][T11686]  ? __pfx___might_resched+0x10/0x10
[  274.947492][T11686]  ? fs_reclaim_acquire+0x7d/0x100
[  274.947523][T11686]  should_fail_ex+0x414/0x560
[  274.947552][T11686]  should_failslab+0xa8/0x100
[  274.947578][T11686]  __kmalloc_noprof+0xcb/0x4f0
[  274.947598][T11686]  ? kfree+0x4d/0x440
[  274.947619][T11686]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  274.947647][T11686]  tomoyo_realpath_from_path+0xe3/0x5d0
[  274.947671][T11686]  ? tomoyo_domain+0xd9/0x130
[  274.947698][T11686]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  274.947727][T11686]  tomoyo_path_number_perm+0x1e8/0x5a0
[  274.947759][T11686]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  274.947812][T11686]  ? __lock_acquire+0xab9/0xd20
[  274.947851][T11686]  ? __fget_files+0x2a/0x420
[  274.947882][T11686]  ? __fget_files+0x2a/0x420
[  274.947907][T11686]  ? __fget_files+0x3a0/0x420
[  274.947933][T11686]  ? __fget_files+0x2a/0x420
[  274.947964][T11686]  security_file_ioctl+0xcb/0x2d0
[  274.947993][T11686]  __se_sys_ioctl+0x47/0x170
[  274.948018][T11686]  do_syscall_64+0xfa/0x3b0
[  274.948035][T11686]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.948062][T11686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.948081][T11686]  ? clear_bhb_loop+0x60/0xb0
[  274.948103][T11686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  274.948139][T11686] RIP: 0033:0x7f65be38e929
[  274.948157][T11686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  274.948172][T11686] RSP: 002b:00007f65bf1e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.948193][T11686] RAX: ffffffffffffffda RBX: 00007f65be5b5fa0 RCX: 00007f65be38e929
[  274.948207][T11686] RDX: 0000200000000080 RSI: 00000000c040565f RDI: 0000000000000007
[  274.948219][T11686] RBP: 00007f65bf1e5090 R08: 0000000000000000 R09: 0000000000000000
[  274.948231][T11686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  274.948242][T11686] R13: 0000000000000000 R14: 00007f65be5b5fa0 R15: 00007ffe7183ba48
[  274.948272][T11686]  </TASK>
[  274.948355][T11686] ERROR: Out of memory at tomoyo_realpath_from_path.
[  275.646699][ T1167] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  275.672304][ T1167] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  275.694004][ T1167] bond0 (unregistering): Released all slaves
[  276.122689][T11714] tap0: tun_chr_ioctl cmd 1074025680
[  276.154362][T11718] FAULT_INJECTION: forcing a failure.
[  276.154362][T11718] name failslab, interval 1, probability 0, space 0, times 0
[  276.201557][T11718] CPU: 1 UID: 0 PID: 11718 Comm: syz.0.1505 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  276.201589][T11718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  276.201600][T11718] Call Trace:
[  276.201608][T11718]  <TASK>
[  276.201616][T11718]  dump_stack_lvl+0x189/0x250
[  276.201642][T11718]  ? __pfx____ratelimit+0x10/0x10
[  276.201671][T11718]  ? __pfx_dump_stack_lvl+0x10/0x10
[  276.201692][T11718]  ? __pfx__printk+0x10/0x10
[  276.201716][T11718]  ? __pfx___might_resched+0x10/0x10
[  276.201737][T11718]  ? fs_reclaim_acquire+0x7d/0x100
[  276.201768][T11718]  should_fail_ex+0x414/0x560
[  276.201796][T11718]  should_failslab+0xa8/0x100
[  276.201822][T11718]  __kmalloc_noprof+0xcb/0x4f0
[  276.201844][T11718]  ? tomoyo_encode+0x28b/0x550
[  276.201869][T11718]  tomoyo_encode+0x28b/0x550
[  276.201896][T11718]  tomoyo_realpath_from_path+0x58d/0x5d0
[  276.201928][T11718]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  276.201962][T11718]  tomoyo_path_number_perm+0x1e8/0x5a0
[  276.201993][T11718]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  276.202038][T11718]  ? __lock_acquire+0xab9/0xd20
[  276.202076][T11718]  ? __fget_files+0x2a/0x420
[  276.202106][T11718]  ? __fget_files+0x2a/0x420
[  276.202132][T11718]  ? __fget_files+0x3a0/0x420
[  276.202157][T11718]  ? __fget_files+0x2a/0x420
[  276.202189][T11718]  security_file_ioctl+0xcb/0x2d0
[  276.202218][T11718]  __se_sys_ioctl+0x47/0x170
[  276.202243][T11718]  do_syscall_64+0xfa/0x3b0
[  276.202260][T11718]  ? lockdep_hardirqs_on+0x9c/0x150
[  276.202289][T11718]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.202307][T11718]  ? clear_bhb_loop+0x60/0xb0
[  276.202329][T11718]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  276.202347][T11718] RIP: 0033:0x7f9e64f8e929
[  276.202362][T11718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  276.202377][T11718] RSP: 002b:00007f9e65daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  276.202396][T11718] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8e929
[  276.202409][T11718] RDX: 0000200000000080 RSI: 00000000c040565f RDI: 0000000000000007
[  276.202421][T11718] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  276.202432][T11718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  276.202442][T11718] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  276.202471][T11718]  </TASK>
[  276.206124][T11718] ERROR: Out of memory at tomoyo_realpath_from_path.
[  276.527568][ T1167] hsr_slave_0: left promiscuous mode
[  276.560447][ T1167] hsr_slave_1: left promiscuous mode
[  276.566512][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  276.599579][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_0
[  276.609565][ T5845] Bluetooth: hci2: command tx timeout
[  276.642934][ T1167] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  276.654833][ T1167] batman_adv: batadv0: Removing interface: batadv_slave_1
[  276.743366][ T1167] veth1_macvtap: left promiscuous mode
[  276.757334][ T1167] veth0_macvtap: left promiscuous mode
[  276.779704][ T1167] veth1_vlan: left promiscuous mode
[  276.795323][ T1167] veth0_vlan: left promiscuous mode
[  277.782187][ T1167] team0 (unregistering): Port device team_slave_1 removed
[  277.827400][ T1167] team0 (unregistering): Port device team_slave_0 removed
[  278.161637][T11766] FAULT_INJECTION: forcing a failure.
[  278.161637][T11766] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  278.174937][T11766] CPU: 1 UID: 0 PID: 11766 Comm: syz.2.1514 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  278.174964][T11766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  278.174976][T11766] Call Trace:
[  278.174985][T11766]  <TASK>
[  278.174993][T11766]  dump_stack_lvl+0x189/0x250
[  278.175021][T11766]  ? __pfx____ratelimit+0x10/0x10
[  278.175054][T11766]  ? __pfx_dump_stack_lvl+0x10/0x10
[  278.175077][T11766]  ? __pfx__printk+0x10/0x10
[  278.175099][T11766]  ? __might_fault+0xb0/0x130
[  278.175146][T11766]  should_fail_ex+0x414/0x560
[  278.175176][T11766]  _copy_from_user+0x2d/0xb0
[  278.175196][T11766]  video_usercopy+0x354/0x14f0
[  278.175230][T11766]  ? __pfx___video_do_ioctl+0x10/0x10
[  278.175252][T11766]  ? __pfx_video_usercopy+0x10/0x10
[  278.175285][T11766]  ? __fget_files+0x2a/0x420
[  278.175317][T11766]  ? __fget_files+0x2a/0x420
[  278.175344][T11766]  ? __fget_files+0x3a0/0x420
[  278.175376][T11766]  v4l2_ioctl+0x18d/0x1e0
[  278.175398][T11766]  ? __pfx_v4l2_ioctl+0x10/0x10
[  278.175419][T11766]  __se_sys_ioctl+0xfc/0x170
[  278.175445][T11766]  do_syscall_64+0xfa/0x3b0
[  278.175462][T11766]  ? lockdep_hardirqs_on+0x9c/0x150
[  278.175492][T11766]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.175511][T11766]  ? clear_bhb_loop+0x60/0xb0
[  278.175542][T11766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.175560][T11766] RIP: 0033:0x7f5b31f8e929
[  278.175576][T11766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  278.175591][T11766] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.175610][T11766] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  278.175623][T11766] RDX: 0000200000000080 RSI: 00000000c040565f RDI: 0000000000000007
[  278.175635][T11766] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  278.175646][T11766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  278.175657][T11766] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  278.175695][T11766]  </TASK>
[  278.691589][ T5845] Bluetooth: hci2: command tx timeout
[  279.032385][T11761] tap0: tun_chr_ioctl cmd 1074025680
[  279.193805][T11676] chnl_net:caif_netlink_parms(): no params data found
[  279.504455][T11676] bridge0: port 1(bridge_slave_0) entered blocking state
[  279.539094][T11676] bridge0: port 1(bridge_slave_0) entered disabled state
[  279.561997][T11676] bridge_slave_0: entered allmulticast mode
[  279.589650][T11676] bridge_slave_0: entered promiscuous mode
[  279.603578][T11676] bridge0: port 2(bridge_slave_1) entered blocking state
[  279.625977][T11676] bridge0: port 2(bridge_slave_1) entered disabled state
[  279.644869][T11676] bridge_slave_1: entered allmulticast mode
[  279.664794][T11676] bridge_slave_1: entered promiscuous mode
[  279.670124][T11779] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  279.693488][T11779] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  279.826843][T11812] FAULT_INJECTION: forcing a failure.
[  279.826843][T11812] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  279.847447][T11812] CPU: 0 UID: 0 PID: 11812 Comm: syz.0.1525 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  279.847476][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  279.847488][T11812] Call Trace:
[  279.847496][T11812]  <TASK>
[  279.847504][T11812]  dump_stack_lvl+0x189/0x250
[  279.847533][T11812]  ? __pfx____ratelimit+0x10/0x10
[  279.847566][T11812]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.847589][T11812]  ? __pfx__printk+0x10/0x10
[  279.847626][T11812]  should_fail_ex+0x414/0x560
[  279.847657][T11812]  _copy_to_user+0x31/0xb0
[  279.847681][T11812]  video_usercopy+0xeb2/0x14f0
[  279.847716][T11812]  ? __pfx___video_do_ioctl+0x10/0x10
[  279.847739][T11812]  ? __pfx_video_usercopy+0x10/0x10
[  279.847774][T11812]  ? __fget_files+0x2a/0x420
[  279.847807][T11812]  ? __fget_files+0x2a/0x420
[  279.847836][T11812]  ? __fget_files+0x3a0/0x420
[  279.847869][T11812]  v4l2_ioctl+0x18d/0x1e0
[  279.847892][T11812]  ? __pfx_v4l2_ioctl+0x10/0x10
[  279.847913][T11812]  __se_sys_ioctl+0xfc/0x170
[  279.847940][T11812]  do_syscall_64+0xfa/0x3b0
[  279.847959][T11812]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.847990][T11812]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.848009][T11812]  ? clear_bhb_loop+0x60/0xb0
[  279.848033][T11812]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.848052][T11812] RIP: 0033:0x7f9e64f8e929
[  279.848070][T11812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.848086][T11812] RSP: 002b:00007f9e65daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.848107][T11812] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8e929
[  279.848122][T11812] RDX: 0000200000000080 RSI: 00000000c040565f RDI: 0000000000000007
[  279.848135][T11812] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  279.848147][T11812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  279.848158][T11812] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  279.848188][T11812]  </TASK>
[  280.051025][    C0] vkms_vblank_simulate: vblank timer overrun
[  280.061521][T11676] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  280.073822][T11676] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  280.504643][T11676] team0: Port device team_slave_0 added
[  280.523078][T11676] team0: Port device team_slave_1 added
[  280.612707][T11828] input: syz1 as /devices/virtual/input/input48
[  280.632998][T11828] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  280.729066][T11676] batman_adv: batadv0: Adding interface: batadv_slave_0
[  280.749457][T11676] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.804272][T11676] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  280.826481][T11676] batman_adv: batadv0: Adding interface: batadv_slave_1
[  280.844834][T11676] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  280.876270][T11676] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  281.157479][T11676] hsr_slave_0: entered promiscuous mode
[  281.188244][T11676] hsr_slave_1: entered promiscuous mode
[  281.216927][T11676] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  281.251840][T11676] Cannot create hsr debugfs directory
[  281.635572][T11851] FAULT_INJECTION: forcing a failure.
[  281.635572][T11851] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  281.651788][T11851] CPU: 0 UID: 0 PID: 11851 Comm: syz.3.1535 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  281.651815][T11851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  281.651826][T11851] Call Trace:
[  281.651834][T11851]  <TASK>
[  281.651842][T11851]  dump_stack_lvl+0x189/0x250
[  281.651870][T11851]  ? __pfx____ratelimit+0x10/0x10
[  281.651901][T11851]  ? __pfx_dump_stack_lvl+0x10/0x10
[  281.651923][T11851]  ? __pfx__printk+0x10/0x10
[  281.651958][T11851]  should_fail_ex+0x414/0x560
[  281.651988][T11851]  _copy_to_user+0x31/0xb0
[  281.652011][T11851]  simple_read_from_buffer+0xe1/0x170
[  281.652044][T11851]  proc_fail_nth_read+0x1df/0x250
[  281.652066][T11851]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.652088][T11851]  ? rw_verify_area+0x258/0x650
[  281.652112][T11851]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  281.652132][T11851]  vfs_read+0x1fd/0x980
[  281.652162][T11851]  ? __pfx___mutex_lock+0x10/0x10
[  281.652182][T11851]  ? __pfx_vfs_read+0x10/0x10
[  281.652208][T11851]  ? __fget_files+0x2a/0x420
[  281.652258][T11851]  ? __fget_files+0x3a0/0x420
[  281.652283][T11851]  ? __fget_files+0x2a/0x420
[  281.652319][T11851]  ksys_read+0x145/0x250
[  281.652341][T11851]  ? __fget_files+0x3a0/0x420
[  281.652368][T11851]  ? __pfx_ksys_read+0x10/0x10
[  281.652397][T11851]  ? do_syscall_64+0xbe/0x3b0
[  281.652419][T11851]  do_syscall_64+0xfa/0x3b0
[  281.652436][T11851]  ? lockdep_hardirqs_on+0x9c/0x150
[  281.652463][T11851]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.652481][T11851]  ? clear_bhb_loop+0x60/0xb0
[  281.652503][T11851]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  281.652521][T11851] RIP: 0033:0x7f65be38d33c
[  281.652537][T11851] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  281.652552][T11851] RSP: 002b:00007f65bf1e5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  281.652571][T11851] RAX: ffffffffffffffda RBX: 00007f65be5b5fa0 RCX: 00007f65be38d33c
[  281.652584][T11851] RDX: 000000000000000f RSI: 00007f65bf1e50a0 RDI: 0000000000000008
[  281.652595][T11851] RBP: 00007f65bf1e5090 R08: 0000000000000000 R09: 0000000000000000
[  281.652606][T11851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  281.652616][T11851] R13: 0000000000000000 R14: 00007f65be5b5fa0 R15: 00007ffe7183ba48
[  281.652644][T11851]  </TASK>
[  281.890183][    C0] vkms_vblank_simulate: vblank timer overrun
[  283.241870][T11676] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  283.283429][T11676] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  283.330567][T11676] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  283.394458][T11676] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  283.725416][T11676] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.811261][T11676] 8021q: adding VLAN 0 to HW filter on device team0
[  283.855546][  T196] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.862870][  T196] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.948678][  T196] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.955961][  T196] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.205221][T11676] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  284.606349][T11676] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.775495][T11676] veth0_vlan: entered promiscuous mode
[  284.834986][T11676] veth1_vlan: entered promiscuous mode
[  284.936386][T11676] veth0_macvtap: entered promiscuous mode
[  284.985427][T11676] veth1_macvtap: entered promiscuous mode
[  285.084129][T11676] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.148303][T11676] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.193052][T11676] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.224626][T11676] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.243750][T11676] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.269573][T11676] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.591486][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.610785][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.997220][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  286.020810][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  286.203165][T11991] syz.3.1567: attempt to access beyond end of device
[  286.203165][T11991] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  287.571981][T12031] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  287.937238][T12053] syz.1.1577: attempt to access beyond end of device
[  287.937238][T12053] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  289.028784][T12080] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  289.354277][T12091] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  290.964244][T12157] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  291.822097][T12149] [U] 
[  293.268628][T12232] FAULT_INJECTION: forcing a failure.
[  293.268628][T12232] name failslab, interval 1, probability 0, space 0, times 0
[  293.283843][T12232] CPU: 1 UID: 0 PID: 12232 Comm: syz.3.1623 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  293.283879][T12232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  293.283892][T12232] Call Trace:
[  293.283904][T12232]  <TASK>
[  293.283913][T12232]  dump_stack_lvl+0x189/0x250
[  293.283942][T12232]  ? __pfx____ratelimit+0x10/0x10
[  293.283974][T12232]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.283998][T12232]  ? __pfx__printk+0x10/0x10
[  293.284026][T12232]  ? __pfx___might_resched+0x10/0x10
[  293.284048][T12232]  ? fs_reclaim_acquire+0x7d/0x100
[  293.284081][T12232]  should_fail_ex+0x414/0x560
[  293.284110][T12232]  should_failslab+0xa8/0x100
[  293.284138][T12232]  __kmalloc_noprof+0xcb/0x4f0
[  293.284159][T12232]  ? kfree+0x4d/0x440
[  293.284179][T12232]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  293.284209][T12232]  tomoyo_realpath_from_path+0xe3/0x5d0
[  293.284235][T12232]  ? tomoyo_domain+0xd9/0x130
[  293.284265][T12232]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  293.284296][T12232]  tomoyo_path_number_perm+0x1e8/0x5a0
[  293.284331][T12232]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  293.284382][T12232]  ? __lock_acquire+0xab9/0xd20
[  293.284425][T12232]  ? __fget_files+0x2a/0x420
[  293.284459][T12232]  ? __fget_files+0x2a/0x420
[  293.284488][T12232]  ? __fget_files+0x3a0/0x420
[  293.284523][T12232]  ? __fget_files+0x2a/0x420
[  293.284558][T12232]  security_file_ioctl+0xcb/0x2d0
[  293.284591][T12232]  __se_sys_ioctl+0x47/0x170
[  293.284620][T12232]  do_syscall_64+0xfa/0x3b0
[  293.284639][T12232]  ? lockdep_hardirqs_on+0x9c/0x150
[  293.284671][T12232]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.284691][T12232]  ? clear_bhb_loop+0x60/0xb0
[  293.284716][T12232]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.284740][T12232] RIP: 0033:0x7f65be38e929
[  293.284758][T12232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.284776][T12232] RSP: 002b:00007f65bf1e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.284797][T12232] RAX: ffffffffffffffda RBX: 00007f65be5b5fa0 RCX: 00007f65be38e929
[  293.284812][T12232] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  293.284825][T12232] RBP: 00007f65bf1e5090 R08: 0000000000000000 R09: 0000000000000000
[  293.284838][T12232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  293.284849][T12232] R13: 0000000000000000 R14: 00007f65be5b5fa0 R15: 00007ffe7183ba48
[  293.284881][T12232]  </TASK>
[  293.284890][T12232] ERROR: Out of memory at tomoyo_realpath_from_path.
[  294.163381][T12271] FAULT_INJECTION: forcing a failure.
[  294.163381][T12271] name failslab, interval 1, probability 0, space 0, times 0
[  294.188903][T12271] CPU: 1 UID: 0 PID: 12271 Comm: syz.2.1634 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  294.188932][T12271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  294.188942][T12271] Call Trace:
[  294.188950][T12271]  <TASK>
[  294.188958][T12271]  dump_stack_lvl+0x189/0x250
[  294.188984][T12271]  ? __pfx____ratelimit+0x10/0x10
[  294.189014][T12271]  ? __pfx_dump_stack_lvl+0x10/0x10
[  294.189036][T12271]  ? __pfx__printk+0x10/0x10
[  294.189059][T12271]  ? __pfx___might_resched+0x10/0x10
[  294.189081][T12271]  ? fs_reclaim_acquire+0x7d/0x100
[  294.189112][T12271]  should_fail_ex+0x414/0x560
[  294.189141][T12271]  should_failslab+0xa8/0x100
[  294.189168][T12271]  __kmalloc_noprof+0xcb/0x4f0
[  294.189189][T12271]  ? tomoyo_encode+0x28b/0x550
[  294.189214][T12271]  tomoyo_encode+0x28b/0x550
[  294.189242][T12271]  tomoyo_realpath_from_path+0x58d/0x5d0
[  294.189274][T12271]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  294.189304][T12271]  tomoyo_path_number_perm+0x1e8/0x5a0
[  294.189336][T12271]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  294.189385][T12271]  ? __lock_acquire+0xab9/0xd20
[  294.189428][T12271]  ? __fget_files+0x2a/0x420
[  294.189460][T12271]  ? __fget_files+0x2a/0x420
[  294.189485][T12271]  ? __fget_files+0x3a0/0x420
[  294.189508][T12271]  ? __fget_files+0x2a/0x420
[  294.189538][T12271]  security_file_ioctl+0xcb/0x2d0
[  294.189567][T12271]  __se_sys_ioctl+0x47/0x170
[  294.189592][T12271]  do_syscall_64+0xfa/0x3b0
[  294.189608][T12271]  ? lockdep_hardirqs_on+0x9c/0x150
[  294.189636][T12271]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.189654][T12271]  ? clear_bhb_loop+0x60/0xb0
[  294.189677][T12271]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  294.189694][T12271] RIP: 0033:0x7f5b31f8e929
[  294.189709][T12271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  294.189724][T12271] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.189743][T12271] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  294.189756][T12271] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  294.189768][T12271] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  294.189796][T12271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  294.189808][T12271] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  294.189838][T12271]  </TASK>
[  294.436336][T12271] ERROR: Out of memory at tomoyo_realpath_from_path.
[  294.999064][T12291] vivid-000: =================  START STATUS  =================
[  295.007412][T12291] vivid-000: Enable Output Cropping: false
[  295.014874][T12291] vivid-000: Enable Output Composing: true
[  295.021551][T12291] vivid-000: Enable Output Scaler: true
[  295.027297][T12291] vivid-000: Tx RGB Quantization Range: Automatic
[  295.058371][T12291] vivid-000: Transmit Mode: HDMI
[  295.069589][T12291] vivid-000: Hotplug Present: 0x00000000
[  295.075890][T12291] vivid-000: RxSense Present: 0x00000000
[  295.089461][T12291] vivid-000: EDID Present: 0x00000000
[  295.094998][T12291] vivid-000: ==================  END STATUS  ==================
[  295.397237][T12304] FAULT_INJECTION: forcing a failure.
[  295.397237][T12304] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.446878][T12304] CPU: 0 UID: 0 PID: 12304 Comm: syz.0.1643 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  295.446914][T12304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.446927][T12304] Call Trace:
[  295.446936][T12304]  <TASK>
[  295.446944][T12304]  dump_stack_lvl+0x189/0x250
[  295.446972][T12304]  ? __pfx____ratelimit+0x10/0x10
[  295.447004][T12304]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.447026][T12304]  ? __pfx__printk+0x10/0x10
[  295.447049][T12304]  ? __might_fault+0xb0/0x130
[  295.447091][T12304]  should_fail_ex+0x414/0x560
[  295.447122][T12304]  _copy_from_user+0x2d/0xb0
[  295.447144][T12304]  video_usercopy+0x354/0x14f0
[  295.447178][T12304]  ? __pfx___video_do_ioctl+0x10/0x10
[  295.447200][T12304]  ? __pfx_video_usercopy+0x10/0x10
[  295.447233][T12304]  ? __fget_files+0x2a/0x420
[  295.447266][T12304]  ? __fget_files+0x2a/0x420
[  295.447293][T12304]  ? __fget_files+0x3a0/0x420
[  295.447325][T12304]  v4l2_ioctl+0x18d/0x1e0
[  295.447347][T12304]  ? __pfx_v4l2_ioctl+0x10/0x10
[  295.447368][T12304]  __se_sys_ioctl+0xfc/0x170
[  295.447395][T12304]  do_syscall_64+0xfa/0x3b0
[  295.447413][T12304]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.447444][T12304]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.447463][T12304]  ? clear_bhb_loop+0x60/0xb0
[  295.447487][T12304]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.447505][T12304] RIP: 0033:0x7f9e64f8e929
[  295.447521][T12304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.447536][T12304] RSP: 002b:00007f9e65daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  295.447556][T12304] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8e929
[  295.447570][T12304] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  295.447581][T12304] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  295.447593][T12304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.447603][T12304] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  295.447632][T12304]  </TASK>
[  295.655914][    C0] vkms_vblank_simulate: vblank timer overrun
[  295.887327][T12314] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  296.239678][T12320] tun1: tun_chr_ioctl cmd 1074025675
[  296.245086][T12320] tun1: persist enabled
[  296.290592][T12320] tun1: tun_chr_ioctl cmd 1074025675
[  296.329547][T12320] tun1: persist enabled
[  296.350739][T12334] AppArmor: change_hat: Invalid input ''
[  296.764879][T12347] FAULT_INJECTION: forcing a failure.
[  296.764879][T12347] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  296.841798][T12347] CPU: 1 UID: 0 PID: 12347 Comm: syz.2.1653 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  296.841829][T12347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  296.841842][T12347] Call Trace:
[  296.841851][T12347]  <TASK>
[  296.841859][T12347]  dump_stack_lvl+0x189/0x250
[  296.841888][T12347]  ? __pfx____ratelimit+0x10/0x10
[  296.841921][T12347]  ? __pfx_dump_stack_lvl+0x10/0x10
[  296.841945][T12347]  ? __pfx__printk+0x10/0x10
[  296.841983][T12347]  should_fail_ex+0x414/0x560
[  296.842014][T12347]  _copy_to_user+0x31/0xb0
[  296.842037][T12347]  video_usercopy+0xeb2/0x14f0
[  296.842073][T12347]  ? __pfx___video_do_ioctl+0x10/0x10
[  296.842096][T12347]  ? __pfx_video_usercopy+0x10/0x10
[  296.842130][T12347]  ? __fget_files+0x2a/0x420
[  296.842163][T12347]  ? __fget_files+0x2a/0x420
[  296.842191][T12347]  ? __fget_files+0x3a0/0x420
[  296.842230][T12347]  v4l2_ioctl+0x18d/0x1e0
[  296.842254][T12347]  ? __pfx_v4l2_ioctl+0x10/0x10
[  296.842274][T12347]  __se_sys_ioctl+0xfc/0x170
[  296.842303][T12347]  do_syscall_64+0xfa/0x3b0
[  296.842321][T12347]  ? lockdep_hardirqs_on+0x9c/0x150
[  296.842353][T12347]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.842373][T12347]  ? clear_bhb_loop+0x60/0xb0
[  296.842399][T12347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.842418][T12347] RIP: 0033:0x7f5b31f8e929
[  296.842436][T12347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.842453][T12347] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.842475][T12347] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  296.842490][T12347] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  296.842502][T12347] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  296.842515][T12347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.842526][T12347] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  296.842557][T12347]  </TASK>
[  297.427688][T12368] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  297.896465][T12383] can0: slcan on ptm1.
[  298.136785][T12391] FAULT_INJECTION: forcing a failure.
[  298.136785][T12391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.159505][T12391] CPU: 1 UID: 0 PID: 12391 Comm: syz.0.1664 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  298.159532][T12391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  298.159544][T12391] Call Trace:
[  298.159552][T12391]  <TASK>
[  298.159559][T12391]  dump_stack_lvl+0x189/0x250
[  298.159586][T12391]  ? __pfx____ratelimit+0x10/0x10
[  298.159616][T12391]  ? __pfx_dump_stack_lvl+0x10/0x10
[  298.159638][T12391]  ? __pfx__printk+0x10/0x10
[  298.159670][T12391]  should_fail_ex+0x414/0x560
[  298.159700][T12391]  _copy_to_user+0x31/0xb0
[  298.159721][T12391]  simple_read_from_buffer+0xe1/0x170
[  298.159753][T12391]  proc_fail_nth_read+0x1df/0x250
[  298.159774][T12391]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  298.159795][T12391]  ? rw_verify_area+0x258/0x650
[  298.159817][T12391]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  298.159836][T12391]  vfs_read+0x1fd/0x980
[  298.159864][T12391]  ? __pfx___mutex_lock+0x10/0x10
[  298.159882][T12391]  ? __pfx_vfs_read+0x10/0x10
[  298.159906][T12391]  ? __fget_files+0x2a/0x420
[  298.159936][T12391]  ? __fget_files+0x3a0/0x420
[  298.159962][T12391]  ? __fget_files+0x2a/0x420
[  298.159996][T12391]  ksys_read+0x145/0x250
[  298.160018][T12391]  ? __fget_files+0x3a0/0x420
[  298.160047][T12391]  ? __pfx_ksys_read+0x10/0x10
[  298.160083][T12391]  ? do_syscall_64+0xbe/0x3b0
[  298.160106][T12391]  do_syscall_64+0xfa/0x3b0
[  298.160122][T12391]  ? lockdep_hardirqs_on+0x9c/0x150
[  298.160150][T12391]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.160168][T12391]  ? clear_bhb_loop+0x60/0xb0
[  298.160189][T12391]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  298.160207][T12391] RIP: 0033:0x7f9e64f8d33c
[  298.160223][T12391] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  298.160238][T12391] RSP: 002b:00007f9e65daf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  298.160256][T12391] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8d33c
[  298.160268][T12391] RDX: 000000000000000f RSI: 00007f9e65daf0a0 RDI: 0000000000000004
[  298.160279][T12391] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  298.160290][T12391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  298.160301][T12391] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  298.160329][T12391]  </TASK>
[  298.170956][T12393] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  298.521058][T12380] can0 (unregistered): slcan off ptm1.
[  298.629713][T12401] misc userio: Begin command sent, but we're already running
[  298.852213][T12413] dlm: no locking on control device
[  298.876038][ T5925] psmouse serio6: Failed to reset mouse on : -5
[  299.252713][T12429] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  300.634227][T12478] block nbd0: NBD_DISCONNECT
[  302.268912][T12523] binder: 12522:12523 ioctl c0306201 0 returned -14
[  302.761719][T12545] sp0: Synchronizing with TNC
[  302.829509][ T5925] misc userio: Buffer overflowed, userio client isn't keeping up
[  302.903020][T12545] sp0: Synchronizing with TNC
[  302.914468][T12550] CUSE: info not properly terminated
[  303.415645][T12564] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  303.892711][ T5925] input: PS/2 Generic Mouse as /devices/serio6/input/input50
[  304.121630][ T5925] psmouse serio6: Failed to enable mouse on 
[  305.435595][T12629] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  306.310933][T12656] ubi31: attaching mtd0
[  306.328858][T12656] ubi31: scanning is finished
[  306.481132][T12656] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  306.493196][T12656] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  306.512802][T12656] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  306.533621][T12656] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  306.557620][T12656] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  306.583446][T12656] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  306.616835][T12656] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3661314905
[  306.642255][T12656] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  306.668741][T12663] ubi31: background thread "ubi_bgt31d" started, PID 12663
[  307.058420][T12674] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  307.477138][T12688] binder: 12687:12688 ioctl 40046210 ffffffffffffffff returned -14
[  308.556163][T12730] input: syz1 as /devices/virtual/input/input54
[  309.362216][T12754] syz.1.1755: attempt to access beyond end of device
[  309.362216][T12754] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  309.630792][T12769] kvm: kvm [12767]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x40000004)
[  309.648302][T12769] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  310.001220][   T30] audit: type=1400 audit(1750368848.156:8): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=7F35B5E8CFBF057A7FB4BD29E89EB73DF466FC6331B09B888A0F6EE7F8FFFFFFFFFFFFFFA9CBA4785F0ADD7DF3DA4F6E8EC55F265A6048039E4886BDC8D6AA72E343AD887EFDB5EDB8D7F5A29B5A7A04D0AA4B9432D92A9299646D6E78 pid=12780 comm="syz.0.1765"
[  310.035781][    C0] vkms_vblank_simulate: vblank timer overrun
[  310.199892][T12788] dlm: plock device version mismatch: kernel (1.2.0), user (1869770799.1702047587.1848600172)
[  310.239949][T12792] tun0: tun_chr_ioctl cmd 1074025675
[  310.245592][T12792] tun0: persist disabled
[  310.665154][T12804] ALSA: seq fatal error: cannot create timer (-22)
[  312.065117][T12857] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  313.236987][T12902] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  313.885268][T12918] binder: 12915:12918 unknown command 576
[  313.904227][T12918] binder: 12915:12918 ioctl c0306201 200000000480 returned -22
[  313.997276][T12927] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.1800' sets config #1
[  314.219794][T12934] tun1: tun_chr_ioctl cmd 1074025675
[  314.232745][T12934] tun1: persist enabled
[  314.240522][T12934] tun1: tun_chr_ioctl cmd 1074025675
[  314.245872][T12934] tun1: persist enabled
[  314.320700][T12934] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  314.370217][T12937] usb usb8: usbfs: interface 0 claimed by usbfs while 'syz.1.1803' resets device
[  314.687777][T12951] input: syz1 as /devices/virtual/input/input56
[  314.723066][T12950] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.138278][T12967] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4032167445 (64514679120 ns) > initial count (63607699792 ns). Using initial count to start timer.
[  315.293393][T12971] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.409875][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  315.416687][ T5848] Bluetooth: hci4: command 0x1003 tx timeout
[  316.982300][T13018] FAULT_INJECTION: forcing a failure.
[  316.982300][T13018] name failslab, interval 1, probability 0, space 0, times 0
[  316.997858][T13018] CPU: 0 UID: 0 PID: 13018 Comm: syz.1.1824 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  316.997896][T13018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  316.997912][T13018] Call Trace:
[  316.997923][T13018]  <TASK>
[  316.997935][T13018]  dump_stack_lvl+0x189/0x250
[  316.997979][T13018]  ? __pfx____ratelimit+0x10/0x10
[  316.998008][T13018]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.998028][T13018]  ? __pfx__printk+0x10/0x10
[  316.998053][T13018]  ? __pfx___might_resched+0x10/0x10
[  316.998073][T13018]  ? fs_reclaim_acquire+0x7d/0x100
[  316.998102][T13018]  should_fail_ex+0x414/0x560
[  316.998129][T13018]  should_failslab+0xa8/0x100
[  316.998154][T13018]  __kmalloc_noprof+0xcb/0x4f0
[  316.998174][T13018]  ? kfree+0x4d/0x440
[  316.998190][T13018]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  316.998216][T13018]  tomoyo_realpath_from_path+0xe3/0x5d0
[  316.998240][T13018]  ? tomoyo_domain+0xd9/0x130
[  316.998265][T13018]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  316.998293][T13018]  tomoyo_path_number_perm+0x1e8/0x5a0
[  316.998323][T13018]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  316.998366][T13018]  ? __lock_acquire+0xab9/0xd20
[  316.998402][T13018]  ? __fget_files+0x2a/0x420
[  316.998430][T13018]  ? __fget_files+0x2a/0x420
[  316.998466][T13018]  ? __fget_files+0x3a0/0x420
[  316.998490][T13018]  ? __fget_files+0x2a/0x420
[  316.998519][T13018]  security_file_ioctl+0xcb/0x2d0
[  316.998548][T13018]  __se_sys_ioctl+0x47/0x170
[  316.998572][T13018]  do_syscall_64+0xfa/0x3b0
[  316.998590][T13018]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.998617][T13018]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.998634][T13018]  ? clear_bhb_loop+0x60/0xb0
[  316.998656][T13018]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.998673][T13018] RIP: 0033:0x7f4ff558e929
[  316.998706][T13018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  316.998722][T13018] RSP: 002b:00007f4ff6349038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  316.998741][T13018] RAX: ffffffffffffffda RBX: 00007f4ff57b5fa0 RCX: 00007f4ff558e929
[  316.998755][T13018] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  316.998766][T13018] RBP: 00007f4ff6349090 R08: 0000000000000000 R09: 0000000000000000
[  316.998777][T13018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  316.998788][T13018] R13: 0000000000000000 R14: 00007f4ff57b5fa0 R15: 00007ffe7a90de08
[  316.998816][T13018]  </TASK>
[  316.998825][T13018] ERROR: Out of memory at tomoyo_realpath_from_path.
[  317.050863][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  317.267475][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  317.729702][ T5844] psmouse serio7: Failed to reset mouse on : -5
[  317.732583][T13031] loop6: detected capacity change from 0 to 524287999
[  318.203100][T13043] FAULT_INJECTION: forcing a failure.
[  318.203100][T13043] name failslab, interval 1, probability 0, space 0, times 0
[  318.257519][T13043] CPU: 0 UID: 0 PID: 13043 Comm: syz.2.1834 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  318.257551][T13043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  318.257564][T13043] Call Trace:
[  318.257573][T13043]  <TASK>
[  318.257582][T13043]  dump_stack_lvl+0x189/0x250
[  318.257611][T13043]  ? __pfx____ratelimit+0x10/0x10
[  318.257645][T13043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.257669][T13043]  ? __pfx__printk+0x10/0x10
[  318.257696][T13043]  ? __pfx___might_resched+0x10/0x10
[  318.257719][T13043]  ? fs_reclaim_acquire+0x7d/0x100
[  318.257754][T13043]  should_fail_ex+0x414/0x560
[  318.257786][T13043]  should_failslab+0xa8/0x100
[  318.257815][T13043]  __kmalloc_noprof+0xcb/0x4f0
[  318.257838][T13043]  ? tomoyo_encode+0x28b/0x550
[  318.257867][T13043]  tomoyo_encode+0x28b/0x550
[  318.257896][T13043]  tomoyo_realpath_from_path+0x58d/0x5d0
[  318.257930][T13043]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  318.257963][T13043]  tomoyo_path_number_perm+0x1e8/0x5a0
[  318.257999][T13043]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  318.258050][T13043]  ? __lock_acquire+0xab9/0xd20
[  318.258093][T13043]  ? __fget_files+0x2a/0x420
[  318.258127][T13043]  ? __fget_files+0x2a/0x420
[  318.258156][T13043]  ? __fget_files+0x3a0/0x420
[  318.258184][T13043]  ? __fget_files+0x2a/0x420
[  318.258220][T13043]  security_file_ioctl+0xcb/0x2d0
[  318.258253][T13043]  __se_sys_ioctl+0x47/0x170
[  318.258281][T13043]  do_syscall_64+0xfa/0x3b0
[  318.258300][T13043]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.258339][T13043]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.258360][T13043]  ? clear_bhb_loop+0x60/0xb0
[  318.258385][T13043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.258405][T13043] RIP: 0033:0x7f5b31f8e929
[  318.258423][T13043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.258441][T13043] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  318.258463][T13043] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  318.258478][T13043] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  318.258491][T13043] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  318.258504][T13043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.258515][T13043] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  318.258547][T13043]  </TASK>
[  318.258569][T13043] ERROR: Out of memory at tomoyo_realpath_from_path.
[  318.887730][T13058] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  319.518209][T13079] FAULT_INJECTION: forcing a failure.
[  319.518209][T13079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  319.556204][T13079] CPU: 1 UID: 0 PID: 13079 Comm: syz.2.1845 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  319.556236][T13079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  319.556248][T13079] Call Trace:
[  319.556256][T13079]  <TASK>
[  319.556265][T13079]  dump_stack_lvl+0x189/0x250
[  319.556294][T13079]  ? __pfx____ratelimit+0x10/0x10
[  319.556327][T13079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.556350][T13079]  ? __pfx__printk+0x10/0x10
[  319.556374][T13079]  ? __might_fault+0xb0/0x130
[  319.556407][T13079]  should_fail_ex+0x414/0x560
[  319.556438][T13079]  _copy_from_user+0x2d/0xb0
[  319.556458][T13079]  video_usercopy+0x354/0x14f0
[  319.556493][T13079]  ? __pfx___video_do_ioctl+0x10/0x10
[  319.556514][T13079]  ? __pfx_video_usercopy+0x10/0x10
[  319.556548][T13079]  ? __fget_files+0x2a/0x420
[  319.556580][T13079]  ? __fget_files+0x2a/0x420
[  319.556608][T13079]  ? __fget_files+0x3a0/0x420
[  319.556641][T13079]  v4l2_ioctl+0x18d/0x1e0
[  319.556664][T13079]  ? __pfx_v4l2_ioctl+0x10/0x10
[  319.556685][T13079]  __se_sys_ioctl+0xfc/0x170
[  319.556713][T13079]  do_syscall_64+0xfa/0x3b0
[  319.556732][T13079]  ? lockdep_hardirqs_on+0x9c/0x150
[  319.556763][T13079]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.556782][T13079]  ? clear_bhb_loop+0x60/0xb0
[  319.556806][T13079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.556824][T13079] RIP: 0033:0x7f5b31f8e929
[  319.556842][T13079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.556860][T13079] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  319.556882][T13079] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  319.556897][T13079] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  319.556910][T13079] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  319.556923][T13079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.556935][T13079] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  319.556974][T13079]  </TASK>
[  320.440539][T13097] input: syz1 as /devices/virtual/input/input58
[  321.247687][T13113] FAULT_INJECTION: forcing a failure.
[  321.247687][T13113] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  321.267114][T13113] CPU: 1 UID: 0 PID: 13113 Comm: syz.2.1855 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  321.267141][T13113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  321.267153][T13113] Call Trace:
[  321.267160][T13113]  <TASK>
[  321.267168][T13113]  dump_stack_lvl+0x189/0x250
[  321.267195][T13113]  ? __pfx____ratelimit+0x10/0x10
[  321.267226][T13113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.267248][T13113]  ? __pfx__printk+0x10/0x10
[  321.267281][T13113]  should_fail_ex+0x414/0x560
[  321.267310][T13113]  _copy_to_user+0x31/0xb0
[  321.267331][T13113]  video_usercopy+0xeb2/0x14f0
[  321.267364][T13113]  ? __pfx___video_do_ioctl+0x10/0x10
[  321.267385][T13113]  ? __pfx_video_usercopy+0x10/0x10
[  321.267417][T13113]  ? __fget_files+0x2a/0x420
[  321.267447][T13113]  ? __fget_files+0x2a/0x420
[  321.267490][T13113]  ? __fget_files+0x3a0/0x420
[  321.267523][T13113]  v4l2_ioctl+0x18d/0x1e0
[  321.267545][T13113]  ? __pfx_v4l2_ioctl+0x10/0x10
[  321.267566][T13113]  __se_sys_ioctl+0xfc/0x170
[  321.267594][T13113]  do_syscall_64+0xfa/0x3b0
[  321.267612][T13113]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.267642][T13113]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.267661][T13113]  ? clear_bhb_loop+0x60/0xb0
[  321.267685][T13113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.267704][T13113] RIP: 0033:0x7f5b31f8e929
[  321.267722][T13113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  321.267739][T13113] RSP: 002b:00007f5b32de4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  321.267759][T13113] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8e929
[  321.267774][T13113] RDX: 0000200000000040 RSI: 00000000c040565f RDI: 0000000000000003
[  321.267786][T13113] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  321.267798][T13113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  321.267810][T13113] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  321.267859][T13113]  </TASK>
[  321.470872][    C1] vkms_vblank_simulate: vblank timer overrun
[  321.689456][ T5844] misc userio: Buffer overflowed, userio client isn't keeping up
[  322.474085][T13141] FAULT_INJECTION: forcing a failure.
[  322.474085][T13141] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  322.489138][T13141] CPU: 1 UID: 0 PID: 13141 Comm: syz.2.1865 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  322.489168][T13141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  322.489180][T13141] Call Trace:
[  322.489188][T13141]  <TASK>
[  322.489196][T13141]  dump_stack_lvl+0x189/0x250
[  322.489224][T13141]  ? __pfx____ratelimit+0x10/0x10
[  322.489254][T13141]  ? __pfx_dump_stack_lvl+0x10/0x10
[  322.489277][T13141]  ? __pfx__printk+0x10/0x10
[  322.489313][T13141]  should_fail_ex+0x414/0x560
[  322.489344][T13141]  _copy_to_user+0x31/0xb0
[  322.489372][T13141]  simple_read_from_buffer+0xe1/0x170
[  322.489405][T13141]  proc_fail_nth_read+0x1df/0x250
[  322.489427][T13141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  322.489448][T13141]  ? rw_verify_area+0x258/0x650
[  322.489473][T13141]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  322.489494][T13141]  vfs_read+0x1fd/0x980
[  322.489525][T13141]  ? __pfx___mutex_lock+0x10/0x10
[  322.489546][T13141]  ? __pfx_vfs_read+0x10/0x10
[  322.489572][T13141]  ? __fget_files+0x2a/0x420
[  322.489606][T13141]  ? __fget_files+0x3a0/0x420
[  322.489633][T13141]  ? __fget_files+0x2a/0x420
[  322.489690][T13141]  ksys_read+0x145/0x250
[  322.489723][T13141]  ? __fget_files+0x3a0/0x420
[  322.489754][T13141]  ? __pfx_ksys_read+0x10/0x10
[  322.489786][T13141]  ? do_syscall_64+0xbe/0x3b0
[  322.489810][T13141]  do_syscall_64+0xfa/0x3b0
[  322.489829][T13141]  ? lockdep_hardirqs_on+0x9c/0x150
[  322.489861][T13141]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.489881][T13141]  ? clear_bhb_loop+0x60/0xb0
[  322.489906][T13141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  322.489925][T13141] RIP: 0033:0x7f5b31f8d33c
[  322.489943][T13141] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  322.489962][T13141] RSP: 002b:00007f5b32de4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  322.489983][T13141] RAX: ffffffffffffffda RBX: 00007f5b321b5fa0 RCX: 00007f5b31f8d33c
[  322.489999][T13141] RDX: 000000000000000f RSI: 00007f5b32de40a0 RDI: 0000000000000004
[  322.490012][T13141] RBP: 00007f5b32de4090 R08: 0000000000000000 R09: 0000000000000000
[  322.490024][T13141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  322.490036][T13141] R13: 0000000000000000 R14: 00007f5b321b5fa0 R15: 00007fffd315c6d8
[  322.490068][T13141]  </TASK>
[  322.720949][    C1] vkms_vblank_simulate: vblank timer overrun
[  322.942985][ T5844] input: PS/2 Generic Mouse as /devices/serio7/input/input57
[  323.169600][ T5844] psmouse serio7: Failed to enable mouse on 
[  325.230907][T13226] input: syz1 as /devices/virtual/input/input59
[  325.803363][T13249] usb usb1: usbfs: process 13249 (syz.3.1899) did not claim interface 0 before use
[  326.627646][T13279] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.810371][T13285] binder: 13282:13285 ioctl c00c620f 0 returned -14
[  327.595683][T13306] ubi31: detaching mtd0
[  327.606913][T13306] ubi31: mtd0 is detached
[  327.641145][T13308] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  327.971668][T13314] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  328.809704][T13339] random: crng reseeded on system resumption
[  328.862291][T13339] Restarting kernel threads ...
[  328.877800][T13339] Done restarting kernel threads.
[  329.276720][T13355] random: crng reseeded on system resumption
[  330.889564][T13394] snd_dummy snd_dummy.0: control 1:254:0:syz1:32 is already present
[  330.900933][T13394] random: crng reseeded on system resumption
[  331.423344][T13409] input: syz0 as /devices/virtual/input/input61
[  332.173930][T13421] CUSE: info not properly terminated
[  332.490964][T13431] tap0: tun_chr_ioctl cmd 1074025680
[  332.642227][T13435] binder: 13434:13435 ioctl c0046209 0 returned -22
[  335.083694][T13514] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  336.019065][T13538] ALSA: seq fatal error: cannot create timer (-22)
[  336.520299][T13558] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  337.534245][T13574] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  337.584056][T13574] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  337.835195][T13585] input: syz1 as /devices/virtual/input/input62
[  338.286853][T13601] binder: 13597:13601 ioctl 40046205 0 returned -22
[  338.859652][T13612] input: syz0 as /devices/virtual/input/input63
[  338.867284][T13610] input: syz0 as /devices/virtual/input/input64
[  338.992152][T13601] binder: 13597:13601 ioctl c0306201 200000000040 returned -14
[  340.224444][T13657] kvm: kvm [13646]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x3
[  341.766419][T13692] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  342.342631][T13711] nvme_fabrics: missing parameter 'transport=%s'
[  342.350328][T13711] nvme_fabrics: missing parameter 'nqn=%s'
[  342.954179][T13733] syz.1.2048: attempt to access beyond end of device
[  342.954179][T13733] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  344.055438][ T5848] Bluetooth: hci4: command 0x1003 tx timeout
[  344.062590][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  344.305703][T13769] misc userio: Can't change port type on an already running userio instance
[  345.834816][T13810] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[  346.269596][T13820] usb usb9: usbfs: interface 0 claimed by hub while 'syz.3.2071' sets config #0
[  346.528728][T13805] Trying to write to read-only block-device nullb0
[  346.885712][T13841] mkiss: ax0: crc mode is auto.
[  346.936998][T13843] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  347.017130][T13849] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  348.071408][T13874] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  349.271709][T13895] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  349.533507][    T9] hid-generic C98F:0003:0000.0005: item fetching failed at offset 0/2
[  349.557386][    T9] hid-generic C98F:0003:0000.0005: probe with driver hid-generic failed with error -22
[  349.867553][T13919] sp0: Synchronizing with TNC
[  349.891830][T13920] sp0: Found TNC
[  349.945391][T13920] [U] è`
[  350.219851][T13935] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  350.273687][T13933] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  350.884639][T13959] sp0: Synchronizing with TNC
[  351.350349][T13980] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  351.708137][T13987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  352.800637][T14018] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  353.027672][T14030] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  354.874884][T14105] sp0: Synchronizing with TNC
[  354.951440][T14105] [U] è
[  355.528765][T14139] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  355.589798][T14144] vivid-002: disconnect
[  355.821123][T14152] FAULT_INJECTION: forcing a failure.
[  355.821123][T14152] name failslab, interval 1, probability 0, space 0, times 0
[  355.848347][T14152] CPU: 1 UID: 0 PID: 14152 Comm: syz.1.2175 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  355.848374][T14152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  355.848385][T14152] Call Trace:
[  355.848392][T14152]  <TASK>
[  355.848400][T14152]  dump_stack_lvl+0x189/0x250
[  355.848427][T14152]  ? __pfx____ratelimit+0x10/0x10
[  355.848458][T14152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.848479][T14152]  ? __pfx__printk+0x10/0x10
[  355.848503][T14152]  ? __pfx___might_resched+0x10/0x10
[  355.848524][T14152]  ? fs_reclaim_acquire+0x7d/0x100
[  355.848556][T14152]  should_fail_ex+0x414/0x560
[  355.848584][T14152]  should_failslab+0xa8/0x100
[  355.848611][T14152]  __kmalloc_noprof+0xcb/0x4f0
[  355.848632][T14152]  ? tomoyo_encode+0x28b/0x550
[  355.848657][T14152]  tomoyo_encode+0x28b/0x550
[  355.848685][T14152]  tomoyo_realpath_from_path+0x58d/0x5d0
[  355.848710][T14152]  ? tomoyo_domain+0xd9/0x130
[  355.848758][T14152]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  355.848789][T14152]  tomoyo_path_number_perm+0x1e8/0x5a0
[  355.848823][T14152]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  355.848879][T14152]  ? __lock_acquire+0xab9/0xd20
[  355.848920][T14152]  ? __fget_files+0x2a/0x420
[  355.848954][T14152]  ? __fget_files+0x2a/0x420
[  355.848981][T14152]  ? __fget_files+0x3a0/0x420
[  355.849009][T14152]  ? __fget_files+0x2a/0x420
[  355.849042][T14152]  security_file_ioctl+0xcb/0x2d0
[  355.849073][T14152]  __se_sys_ioctl+0x47/0x170
[  355.849100][T14152]  do_syscall_64+0xfa/0x3b0
[  355.849118][T14152]  ? lockdep_hardirqs_on+0x9c/0x150
[  355.849148][T14152]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.849167][T14152]  ? clear_bhb_loop+0x60/0xb0
[  355.849191][T14152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.849210][T14152] RIP: 0033:0x7f4ff558e929
[  355.849228][T14152] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.849244][T14152] RSP: 002b:00007f4ff6349038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.849265][T14152] RAX: ffffffffffffffda RBX: 00007f4ff57b5fa0 RCX: 00007f4ff558e929
[  355.849280][T14152] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  355.849292][T14152] RBP: 00007f4ff6349090 R08: 0000000000000000 R09: 0000000000000000
[  355.849303][T14152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  355.849314][T14152] R13: 0000000000000000 R14: 00007f4ff57b5fa0 R15: 00007ffe7a90de08
[  355.849344][T14152]  </TASK>
[  355.901240][T14137] vivid-002: reconnect
[  355.903158][    C1] vkms_vblank_simulate: vblank timer overrun
[  356.103606][    C1] vkms_vblank_simulate: vblank timer overrun
[  356.109617][    C1] hrtimer: interrupt took 260253843 ns
[  356.138250][T14152] ERROR: Out of memory at tomoyo_realpath_from_path.
[  356.209684][    C1] vkms_vblank_simulate: vblank timer overrun
[  356.819123][T14176] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  357.999844][T14216] FAULT_INJECTION: forcing a failure.
[  357.999844][T14216] name failslab, interval 1, probability 0, space 0, times 0
[  358.033688][T14216] CPU: 0 UID: 0 PID: 14216 Comm: syz.1.2187 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  358.033720][T14216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  358.033732][T14216] Call Trace:
[  358.033740][T14216]  <TASK>
[  358.033749][T14216]  dump_stack_lvl+0x189/0x250
[  358.033777][T14216]  ? __pfx____ratelimit+0x10/0x10
[  358.033810][T14216]  ? __pfx_dump_stack_lvl+0x10/0x10
[  358.033834][T14216]  ? __pfx__printk+0x10/0x10
[  358.033863][T14216]  ? __pfx___might_resched+0x10/0x10
[  358.033886][T14216]  ? fs_reclaim_acquire+0x7d/0x100
[  358.033921][T14216]  should_fail_ex+0x414/0x560
[  358.033959][T14216]  should_failslab+0xa8/0x100
[  358.033988][T14216]  __kmalloc_cache_noprof+0x70/0x3d0
[  358.034013][T14216]  ? vhost_task_create+0xf6/0x290
[  358.034043][T14216]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  358.034064][T14216]  vhost_task_create+0xf6/0x290
[  358.034092][T14216]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  358.034114][T14216]  ? __pfx_vhost_task_create+0x10/0x10
[  358.034150][T14216]  ? __pfx_vhost_task_fn+0x10/0x10
[  358.034188][T14216]  ? kasan_save_track+0x4f/0x80
[  358.034208][T14216]  ? kasan_save_track+0x3e/0x80
[  358.034236][T14216]  kvm_mmu_post_init_vm+0x147/0x2b0
[  358.034264][T14216]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  358.034299][T14216]  ? __mutex_trylock_common+0x153/0x260
[  358.034329][T14216]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  358.034361][T14216]  ? rcu_is_watching+0x15/0xb0
[  358.034384][T14216]  ? look_up_lock_class+0x74/0x170
[  358.034405][T14216]  ? register_lock_class+0x51/0x320
[  358.034432][T14216]  ? __lock_acquire+0xab9/0xd20
[  358.034485][T14216]  kvm_vcpu_ioctl+0x95c/0xe90
[  358.034519][T14216]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  358.034542][T14216]  ? __lock_acquire+0xab9/0xd20
[  358.034584][T14216]  ? __fget_files+0x2a/0x420
[  358.034618][T14216]  ? __fget_files+0x2a/0x420
[  358.034647][T14216]  ? __fget_files+0x3a0/0x420
[  358.034675][T14216]  ? __fget_files+0x2a/0x420
[  358.034710][T14216]  ? bpf_lsm_file_ioctl+0x9/0x20
[  358.034732][T14216]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  358.034758][T14216]  __se_sys_ioctl+0xfc/0x170
[  358.034785][T14216]  do_syscall_64+0xfa/0x3b0
[  358.034805][T14216]  ? lockdep_hardirqs_on+0x9c/0x150
[  358.034836][T14216]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.034856][T14216]  ? clear_bhb_loop+0x60/0xb0
[  358.034881][T14216]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.034900][T14216] RIP: 0033:0x7f4ff558e929
[  358.034918][T14216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.034940][T14216] RSP: 002b:00007f4ff6349038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  358.034962][T14216] RAX: ffffffffffffffda RBX: 00007f4ff57b5fa0 RCX: 00007f4ff558e929
[  358.034976][T14216] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  358.034988][T14216] RBP: 00007f4ff6349090 R08: 0000000000000000 R09: 0000000000000000
[  358.035000][T14216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  358.035012][T14216] R13: 0000000000000000 R14: 00007f4ff57b5fa0 R15: 00007ffe7a90de08
[  358.035043][T14216]  </TASK>
[  359.630223][T14260] FAULT_INJECTION: forcing a failure.
[  359.630223][T14260] name failslab, interval 1, probability 0, space 0, times 0
[  359.643093][T14260] CPU: 1 UID: 0 PID: 14260 Comm: syz.0.2200 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  359.643124][T14260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  359.643138][T14260] Call Trace:
[  359.643148][T14260]  <TASK>
[  359.643156][T14260]  dump_stack_lvl+0x189/0x250
[  359.643186][T14260]  ? __pfx____ratelimit+0x10/0x10
[  359.643216][T14260]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.643237][T14260]  ? __pfx__printk+0x10/0x10
[  359.643261][T14260]  ? __pfx___might_resched+0x10/0x10
[  359.643282][T14260]  ? fs_reclaim_acquire+0x7d/0x100
[  359.643312][T14260]  should_fail_ex+0x414/0x560
[  359.643341][T14260]  should_failslab+0xa8/0x100
[  359.643367][T14260]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  359.643390][T14260]  ? dup_task_struct+0x52/0x860
[  359.643417][T14260]  dup_task_struct+0x52/0x860
[  359.643438][T14260]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.643469][T14260]  copy_process+0x54b/0x3c00
[  359.643527][T14260]  ? __pfx_copy_process+0x10/0x10
[  359.643561][T14260]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  359.643580][T14260]  vhost_task_create+0x1c4/0x290
[  359.643605][T14260]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  359.643625][T14260]  ? __pfx_vhost_task_create+0x10/0x10
[  359.643658][T14260]  ? __pfx_vhost_task_fn+0x10/0x10
[  359.643692][T14260]  ? kasan_save_track+0x4f/0x80
[  359.643710][T14260]  ? kasan_save_track+0x3e/0x80
[  359.643735][T14260]  kvm_mmu_post_init_vm+0x147/0x2b0
[  359.643759][T14260]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  359.643791][T14260]  ? __mutex_trylock_common+0x153/0x260
[  359.643819][T14260]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  359.643848][T14260]  ? rcu_is_watching+0x15/0xb0
[  359.643869][T14260]  ? look_up_lock_class+0x74/0x170
[  359.643888][T14260]  ? register_lock_class+0x51/0x320
[  359.643912][T14260]  ? __lock_acquire+0xab9/0xd20
[  359.643978][T14260]  kvm_vcpu_ioctl+0x95c/0xe90
[  359.644018][T14260]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  359.644045][T14260]  ? __lock_acquire+0xab9/0xd20
[  359.644094][T14260]  ? __fget_files+0x2a/0x420
[  359.644135][T14260]  ? __fget_files+0x2a/0x420
[  359.644168][T14260]  ? __fget_files+0x3a0/0x420
[  359.644197][T14260]  ? __fget_files+0x2a/0x420
[  359.644231][T14260]  ? bpf_lsm_file_ioctl+0x9/0x20
[  359.644252][T14260]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  359.644278][T14260]  __se_sys_ioctl+0xfc/0x170
[  359.644306][T14260]  do_syscall_64+0xfa/0x3b0
[  359.644325][T14260]  ? lockdep_hardirqs_on+0x9c/0x150
[  359.644357][T14260]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.644376][T14260]  ? clear_bhb_loop+0x60/0xb0
[  359.644402][T14260]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.644421][T14260] RIP: 0033:0x7f9e64f8e929
[  359.644439][T14260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.644456][T14260] RSP: 002b:00007f9e65daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  359.644478][T14260] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8e929
[  359.644500][T14260] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  359.644512][T14260] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  359.644524][T14260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.644536][T14260] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  359.644569][T14260]  </TASK>
[  359.978616][    C1] vkms_vblank_simulate: vblank timer overrun
[  360.258891][T14269] syz.3.2203: attempt to access beyond end of device
[  360.258891][T14269] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  360.595976][T14278] input: syz1 as /devices/virtual/input/input69
[  361.284265][T14295] FAULT_INJECTION: forcing a failure.
[  361.284265][T14295] name failslab, interval 1, probability 0, space 0, times 0
[  361.318977][T14295] CPU: 0 UID: 0 PID: 14295 Comm: syz.1.2212 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  361.319006][T14295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  361.319031][T14295] Call Trace:
[  361.319039][T14295]  <TASK>
[  361.319047][T14295]  dump_stack_lvl+0x189/0x250
[  361.319077][T14295]  ? __pfx____ratelimit+0x10/0x10
[  361.319109][T14295]  ? __pfx_dump_stack_lvl+0x10/0x10
[  361.319132][T14295]  ? __pfx__printk+0x10/0x10
[  361.319158][T14295]  ? __pfx___might_resched+0x10/0x10
[  361.319180][T14295]  ? fs_reclaim_acquire+0x7d/0x100
[  361.319214][T14295]  should_fail_ex+0x414/0x560
[  361.319244][T14295]  should_failslab+0xa8/0x100
[  361.319272][T14295]  __kmalloc_noprof+0xcb/0x4f0
[  361.319296][T14295]  ? security_task_alloc+0x4d/0x360
[  361.319324][T14295]  ? perf_event_init_task+0x12d/0x4b0
[  361.319349][T14295]  security_task_alloc+0x4d/0x360
[  361.319387][T14295]  copy_process+0x1530/0x3c00
[  361.319429][T14295]  ? copy_process+0x97f/0x3c00
[  361.319461][T14295]  ? __pfx_copy_process+0x10/0x10
[  361.319497][T14295]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  361.319518][T14295]  vhost_task_create+0x1c4/0x290
[  361.319546][T14295]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  361.319568][T14295]  ? __pfx_vhost_task_create+0x10/0x10
[  361.319604][T14295]  ? __pfx_vhost_task_fn+0x10/0x10
[  361.319647][T14295]  ? kasan_save_track+0x4f/0x80
[  361.319667][T14295]  ? kasan_save_track+0x3e/0x80
[  361.319694][T14295]  kvm_mmu_post_init_vm+0x147/0x2b0
[  361.319721][T14295]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  361.319757][T14295]  ? __mutex_trylock_common+0x153/0x260
[  361.319786][T14295]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  361.319818][T14295]  ? rcu_is_watching+0x15/0xb0
[  361.319840][T14295]  ? look_up_lock_class+0x74/0x170
[  361.319861][T14295]  ? register_lock_class+0x51/0x320
[  361.319888][T14295]  ? __lock_acquire+0xab9/0xd20
[  361.319939][T14295]  kvm_vcpu_ioctl+0x95c/0xe90
[  361.319972][T14295]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  361.319994][T14295]  ? __lock_acquire+0xab9/0xd20
[  361.320036][T14295]  ? __fget_files+0x2a/0x420
[  361.320069][T14295]  ? __fget_files+0x2a/0x420
[  361.320097][T14295]  ? __fget_files+0x3a0/0x420
[  361.320125][T14295]  ? __fget_files+0x2a/0x420
[  361.320158][T14295]  ? bpf_lsm_file_ioctl+0x9/0x20
[  361.320179][T14295]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  361.320204][T14295]  __se_sys_ioctl+0xfc/0x170
[  361.320231][T14295]  do_syscall_64+0xfa/0x3b0
[  361.320249][T14295]  ? lockdep_hardirqs_on+0x9c/0x150
[  361.320279][T14295]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.320299][T14295]  ? clear_bhb_loop+0x60/0xb0
[  361.320324][T14295]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.320343][T14295] RIP: 0033:0x7f4ff558e929
[  361.320360][T14295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  361.320377][T14295] RSP: 002b:00007f4ff6349038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.320398][T14295] RAX: ffffffffffffffda RBX: 00007f4ff57b5fa0 RCX: 00007f4ff558e929
[  361.320413][T14295] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  361.320425][T14295] RBP: 00007f4ff6349090 R08: 0000000000000000 R09: 0000000000000000
[  361.320437][T14295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.320448][T14295] R13: 0000000000000000 R14: 00007f4ff57b5fa0 R15: 00007ffe7a90de08
[  361.320480][T14295]  </TASK>
[  362.274438][T14313] Bluetooth: received HCILL_WAKE_UP_ACK in state 2
[  362.425036][T14317] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  363.871354][T14339] FAULT_INJECTION: forcing a failure.
[  363.871354][T14339] name failslab, interval 1, probability 0, space 0, times 0
[  363.899597][T14339] CPU: 1 UID: 0 PID: 14339 Comm: syz.3.2226 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  363.899627][T14339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  363.899640][T14339] Call Trace:
[  363.899648][T14339]  <TASK>
[  363.899656][T14339]  dump_stack_lvl+0x189/0x250
[  363.899685][T14339]  ? __pfx____ratelimit+0x10/0x10
[  363.899721][T14339]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.899745][T14339]  ? __pfx__printk+0x10/0x10
[  363.899774][T14339]  ? __pfx___might_resched+0x10/0x10
[  363.899797][T14339]  ? fs_reclaim_acquire+0x7d/0x100
[  363.899832][T14339]  should_fail_ex+0x414/0x560
[  363.899863][T14339]  should_failslab+0xa8/0x100
[  363.899892][T14339]  __kmalloc_noprof+0xcb/0x4f0
[  363.899915][T14339]  ? kfree+0x4d/0x440
[  363.899934][T14339]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  363.899964][T14339]  tomoyo_realpath_from_path+0xe3/0x5d0
[  363.899991][T14339]  ? tomoyo_domain+0xd9/0x130
[  363.900021][T14339]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  363.900053][T14339]  tomoyo_path_number_perm+0x1e8/0x5a0
[  363.900089][T14339]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  363.900139][T14339]  ? __lock_acquire+0xab9/0xd20
[  363.900253][T14339]  ? __fget_files+0x2a/0x420
[  363.900302][T14339]  ? __fget_files+0x2a/0x420
[  363.900331][T14339]  ? __fget_files+0x3a0/0x420
[  363.900360][T14339]  ? __fget_files+0x2a/0x420
[  363.900392][T14339]  security_file_ioctl+0xcb/0x2d0
[  363.900432][T14339]  __se_sys_ioctl+0x47/0x170
[  363.900460][T14339]  do_syscall_64+0xfa/0x3b0
[  363.900483][T14339]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.900502][T14339]  ? asm_sysvec_call_function_single+0x1a/0x20
[  363.900522][T14339]  ? clear_bhb_loop+0x60/0xb0
[  363.900546][T14339]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.900564][T14339] RIP: 0033:0x7f65be38e929
[  363.900583][T14339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  363.900600][T14339] RSP: 002b:00007f65bf1e5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  363.900621][T14339] RAX: ffffffffffffffda RBX: 00007f65be5b5fa0 RCX: 00007f65be38e929
[  363.900636][T14339] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  363.900648][T14339] RBP: 00007f65bf1e5090 R08: 0000000000000000 R09: 0000000000000000
[  363.900660][T14339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  363.900672][T14339] R13: 0000000000000000 R14: 00007f65be5b5fa0 R15: 00007ffe7183ba48
[  363.900705][T14339]  </TASK>
[  363.900747][T14339] ERROR: Out of memory at tomoyo_realpath_from_path.
[  364.289550][ T5848] Bluetooth: hci4: command 0x1003 tx timeout
[  364.296175][ T5845] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  364.732365][T14351] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  365.120142][T14358] input: syz1 as /devices/virtual/input/input70
[  365.308492][T14368] usb usb9: usbfs: process 14368 (syz.1.2237) did not claim interface 0 before use
[  365.520003][T14377] program syz.1.2239 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.556630][T14377] program syz.1.2239 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  365.570112][T14379] input: syz0 as /devices/virtual/input/input71
[  365.611069][T14377] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  365.729932][T14377] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  365.737552][T14377] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  366.092591][T14389] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  368.647165][T14456] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  369.637851][T14480] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  369.676123][T14480] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  370.940613][T14517] FAULT_INJECTION: forcing a failure.
[  370.940613][T14517] name failslab, interval 1, probability 0, space 0, times 0
[  370.959682][T14517] CPU: 1 UID: 0 PID: 14517 Comm: syz.0.2284 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  370.959709][T14517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  370.959724][T14517] Call Trace:
[  370.959732][T14517]  <TASK>
[  370.959739][T14517]  dump_stack_lvl+0x189/0x250
[  370.959766][T14517]  ? __pfx____ratelimit+0x10/0x10
[  370.959795][T14517]  ? __pfx_dump_stack_lvl+0x10/0x10
[  370.959816][T14517]  ? __pfx__printk+0x10/0x10
[  370.959843][T14517]  ? __pfx___might_resched+0x10/0x10
[  370.959862][T14517]  ? fs_reclaim_acquire+0x7d/0x100
[  370.959893][T14517]  should_fail_ex+0x414/0x560
[  370.959922][T14517]  should_failslab+0xa8/0x100
[  370.959948][T14517]  kmem_cache_alloc_noprof+0x73/0x3c0
[  370.959969][T14517]  ? __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  370.959995][T14517]  __kvm_mmu_topup_memory_cache+0x1b4/0x610
[  370.960027][T14517]  mmu_topup_memory_caches+0x21/0x170
[  370.960048][T14517]  kvm_mmu_load+0x9d/0x21f0
[  370.960064][T14517]  ? queue_delayed_work_on+0x1f7/0x280
[  370.960091][T14517]  ? kvm_end_pvclock_update+0x2c4/0x3b0
[  370.960118][T14517]  ? __pfx_queue_delayed_work_on+0x10/0x10
[  370.960140][T14517]  ? kvm_apic_has_interrupt+0x744/0x770
[  370.960180][T14517]  vcpu_run+0x4833/0x6f70
[  370.960274][T14517]  ? __pfx_vcpu_run+0x10/0x10
[  370.960304][T14517]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  370.960342][T14517]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  370.960377][T14517]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  370.960401][T14517]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  370.960431][T14517]  ? rcu_is_watching+0x15/0xb0
[  370.960451][T14517]  ? look_up_lock_class+0x74/0x170
[  370.960470][T14517]  ? register_lock_class+0x51/0x320
[  370.960494][T14517]  ? __lock_acquire+0xab9/0xd20
[  370.960551][T14517]  kvm_vcpu_ioctl+0x95c/0xe90
[  370.960581][T14517]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  370.960601][T14517]  ? __lock_acquire+0xab9/0xd20
[  370.960639][T14517]  ? __fget_files+0x2a/0x420
[  370.960670][T14517]  ? __fget_files+0x2a/0x420
[  370.960695][T14517]  ? __fget_files+0x3a0/0x420
[  370.960721][T14517]  ? __fget_files+0x2a/0x420
[  370.960751][T14517]  ? bpf_lsm_file_ioctl+0x9/0x20
[  370.960771][T14517]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  370.960794][T14517]  __se_sys_ioctl+0xfc/0x170
[  370.960819][T14517]  do_syscall_64+0xfa/0x3b0
[  370.960836][T14517]  ? lockdep_hardirqs_on+0x9c/0x150
[  370.960864][T14517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.960882][T14517]  ? clear_bhb_loop+0x60/0xb0
[  370.960905][T14517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  370.960927][T14517] RIP: 0033:0x7f9e64f8e929
[  370.960943][T14517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  370.960959][T14517] RSP: 002b:00007f9e65daf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  370.960978][T14517] RAX: ffffffffffffffda RBX: 00007f9e651b5fa0 RCX: 00007f9e64f8e929
[  370.960992][T14517] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  370.961003][T14517] RBP: 00007f9e65daf090 R08: 0000000000000000 R09: 0000000000000000
[  370.961014][T14517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  370.961025][T14517] R13: 0000000000000000 R14: 00007f9e651b5fa0 R15: 00007ffdd74a90e8
[  370.961054][T14517]  </TASK>
[  371.287695][    C1] vkms_vblank_simulate: vblank timer overrun
[  371.759565][T14531] usb usb1: check_ctrlrecip: process 14531 (syz.0.2287) requesting ep 01 but needs 81
[  371.769224][T14531] usb usb1: usbfs: process 14531 (syz.0.2287) did not claim interface 0 before use
[  372.012928][T14536] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  372.238456][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  372.247895][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  372.255931][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  372.269281][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  372.278180][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  372.452442][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.663670][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.831951][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  372.921891][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  373.101771][   T49] Bluetooth: hci1: Frame reassembly failed (-84)
[  373.355327][   T13] bridge_slave_1: left allmulticast mode
[  373.375078][   T13] bridge_slave_1: left promiscuous mode
[  373.393564][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.450587][   T13] bridge_slave_0: left allmulticast mode
[  373.492859][   T13] bridge_slave_0: left promiscuous mode
[  373.508924][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.755421][ T5838] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  373.771253][ T5838] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  373.780224][ T5838] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  373.799713][ T5838] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  373.807450][ T5838] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  373.849206][ T5848] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  373.858381][ T5848] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  373.866174][ T5848] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  373.874361][ T5848] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  373.883415][ T5848] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  374.688293][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  374.714498][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  374.726598][   T13] bond0 (unregistering): Released all slaves
[  374.768977][T14616] sp0: Synchronizing with TNC
[  375.169802][ T5845] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  375.170108][ T5848] Bluetooth: hci1: command 0x1003 tx timeout
[  375.261896][   T13] hsr_slave_0: left promiscuous mode
[  375.289536][   T13] hsr_slave_1: left promiscuous mode
[  375.306267][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  375.319893][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  375.342890][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  375.362154][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  375.454898][   T13] veth1_macvtap: left promiscuous mode
[  375.486212][   T13] veth0_macvtap: left promiscuous mode
[  375.515179][   T13] veth1_vlan: left promiscuous mode
[  375.529588][   T13] veth0_vlan: left promiscuous mode
[  375.980632][ T5845] Bluetooth: hci4: command tx timeout
[  376.640925][T14689] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  376.894770][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  376.925192][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  376.934250][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  376.947938][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  376.968825][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  376.982780][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.003456][   T13] team0 (unregistering): Port device team_slave_1 removed
[  377.014640][ T1156] Bluetooth: hci1: Frame reassembly failed (-84)
[  377.041734][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.049788][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.057571][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.066672][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.074515][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.082527][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.091101][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.098996][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.106850][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.114733][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.122612][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.130501][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.138344][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.146186][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.154145][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.162170][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.170193][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.178092][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.186052][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.193945][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.195280][   T13] team0 (unregistering): Port device team_slave_0 removed
[  377.204881][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.217936][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.226197][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.234460][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.242575][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.250737][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.258588][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.267085][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.276928][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.289155][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.297316][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.305616][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.313783][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.321894][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.330126][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.337973][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.346514][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.354886][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.363113][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.371441][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.382751][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.392767][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.403433][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.411510][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.422544][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.430756][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.438653][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.450169][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.458038][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.469291][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.478243][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.491693][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.502690][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.512565][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.520813][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.528718][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.537086][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.545381][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.553545][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.561728][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.573273][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.581472][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.593793][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.602085][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.611625][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.619819][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.627655][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.648564][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.658952][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.670300][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.678133][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.688608][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.708970][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.718258][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.726497][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.742639][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.750664][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.758629][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.766568][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.774560][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.782444][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.790367][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.798168][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.806033][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.815808][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.823740][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.831698][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.839518][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.847408][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.855689][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.863548][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.871544][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.879431][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.887487][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.895602][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.903446][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.911418][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.919213][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.928385][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.937633][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.947901][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.958319][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.967827][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.977489][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.985420][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  377.993352][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.001202][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.009023][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.016959][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.024768][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.034620][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.042855][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.050914][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.058775][ T5848] Bluetooth: hci4: command tx timeout
[  378.059013][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.073272][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.081163][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.089005][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.096858][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.104734][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.112709][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.120569][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.128377][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.136254][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.144463][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.153055][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.161233][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.169108][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.177037][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.184909][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.192762][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.200580][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.208359][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.216387][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.224229][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.232072][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.239913][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.247704][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.257531][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.265406][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.273674][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.293704][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.306692][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.317590][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.325448][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.333982][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.342774][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.351350][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.359268][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.367145][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.389465][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.397278][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.429515][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.443989][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.460698][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  378.467052][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  378.505200][T14584] chnl_net:caif_netlink_parms(): no params data found
[  378.513783][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.525036][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.562680][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.571259][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.579130][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.600918][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.609091][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.637080][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.665252][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.721350][   T43] hid-generic 0008:0000:FFFFFBFF.0006: unknown main item tag 0x0
[  378.736216][   T43] hid-generic 0008:0000:FFFFFBFF.0006: hidraw0: <UNKNOWN> HID v9.86 Device [syz0] on syz1
[  378.763049][T14584] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.795260][T14584] bridge0: port 1(bridge_slave_0) entered disabled state
[  378.814066][T14584] bridge_slave_0: entered allmulticast mode
[  378.833736][T14584] bridge_slave_0: entered promiscuous mode
[  378.872560][T14718] fido_id[14718]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  378.875268][T14584] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.899763][T14584] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.907693][T14584] bridge_slave_1: entered allmulticast mode
[  378.969104][T14584] bridge_slave_1: entered promiscuous mode
[  379.009462][ T5845] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  379.207288][T14584] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.244346][T14584] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  379.439133][T14584] team0: Port device team_slave_0 added
[  379.460657][T14584] team0: Port device team_slave_1 added
[  379.606960][T14584] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.625593][T14584] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.699458][T14584] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.723776][T14584] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.749954][T14584] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.775934][    C1] vkms_vblank_simulate: vblank timer overrun
[  379.813894][T14584] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  380.017258][T14584] hsr_slave_0: entered promiscuous mode
[  380.038394][T14584] hsr_slave_1: entered promiscuous mode
[  380.057267][T14584] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  380.087462][T14584] Cannot create hsr debugfs directory
[  380.130318][ T5848] Bluetooth: hci4: command tx timeout
[  380.645390][T14584] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  380.664302][T14584] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  380.677686][T14584] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  380.726037][T14584] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  380.902378][T14779] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  381.042085][T14584] 8021q: adding VLAN 0 to HW filter on device bond0
[  381.107977][T14584] 8021q: adding VLAN 0 to HW filter on device team0
[  381.127300][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  381.134542][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  381.181425][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  381.188601][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  381.519805][T14809] kvm: kvm [14808]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7
[  381.552371][T14809] program syz.1.2350 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  381.572572][ T5848] Bluetooth: hci1: command 0x1003 tx timeout
[  381.577098][T14809] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  381.579063][ T5845] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  381.873715][T14584] 8021q: adding VLAN 0 to HW filter on device batadv0
[  382.209594][ T5845] Bluetooth: hci4: command tx timeout
[  382.798452][T14584] veth0_vlan: entered promiscuous mode
[  382.826924][T14584] veth1_vlan: entered promiscuous mode
[  382.913642][T14584] veth0_macvtap: entered promiscuous mode
[  382.925597][T14584] veth1_macvtap: entered promiscuous mode
[  382.985674][T14584] batman_adv: batadv0: Interface activated: batadv_slave_0
[  383.047847][T14584] batman_adv: batadv0: Interface activated: batadv_slave_1
[  383.075146][T14584] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  383.098152][T14584] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  383.135257][T14584] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  383.156662][T14584] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  383.328119][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  383.347756][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.051695][T14873] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  384.057701][T14873] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  384.674007][   T49] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  384.895895][   T49] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.093326][   T49] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.295489][   T49] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  385.556480][T14929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  385.635993][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  385.650229][ T5848] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  385.658762][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  385.671398][ T5848] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  385.679307][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  385.693460][ T5845] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  385.726132][ T5845] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  385.738228][ T5845] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  385.761497][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  385.783631][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  385.947282][   T49] bridge_slave_1: left allmulticast mode
[  385.973408][   T49] bridge_slave_1: left promiscuous mode
[  385.999634][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[  386.030744][   T49] bridge_slave_0: left allmulticast mode
[  386.036472][   T49] bridge_slave_0: left promiscuous mode
[  386.045874][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[  386.794169][   T49] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  386.825837][   T49] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  386.839292][   T49] bond0 (unregistering): Released all slaves
[  387.063367][T14959] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  387.072936][T14959] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  387.479126][   T49] hsr_slave_0: left promiscuous mode
[  387.494771][   T49] hsr_slave_1: left promiscuous mode
[  387.501944][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  387.522519][   T49] batman_adv: batadv0: Removing interface: batadv_slave_0
[  387.538066][T14987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  387.556317][   T49] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  387.577424][   T49] batman_adv: batadv0: Removing interface: batadv_slave_1
[  387.675106][   T49] veth1_macvtap: left promiscuous mode
[  387.710645][   T49] veth0_macvtap: left promiscuous mode
[  387.716378][   T49] veth1_vlan: left promiscuous mode
[  387.749959][   T49] veth0_vlan: left promiscuous mode
[  388.393689][T15018] loop6: detected capacity change from 0 to 63
[  388.427744][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.439890][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.447931][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.574067][T15021] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  388.613565][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.633777][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.661568][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.697361][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.733733][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.769893][T15018] ldm_validate_partition_table(): Disk read failed.
[  388.798725][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.820196][T15018] Buffer I/O error on dev loop6, logical block 0, async page read
[  388.830502][T15018] Dev loop6: unable to read RDB block 0
[  388.836657][T15018]  loop6: unable to read partition table
[  388.843889][T15018] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  389.082608][   T49] team0 (unregistering): Port device team_slave_1 removed
[  389.127358][   T49] team0 (unregistering): Port device team_slave_0 removed
[  389.747443][T14935] chnl_net:caif_netlink_parms(): no params data found
[  389.920359][T15039] input: syz0 as /devices/virtual/input/input72
[  389.996589][T14935] bridge0: port 1(bridge_slave_0) entered blocking state
[  390.015530][T14935] bridge0: port 1(bridge_slave_0) entered disabled state
[  390.039702][T14935] bridge_slave_0: entered allmulticast mode
[  390.057815][T14935] bridge_slave_0: entered promiscuous mode
[  390.072459][T14935] bridge0: port 2(bridge_slave_1) entered blocking state
[  390.089339][T14935] bridge0: port 2(bridge_slave_1) entered disabled state
[  390.107462][T14935] bridge_slave_1: entered allmulticast mode
[  390.115734][T14935] bridge_slave_1: entered promiscuous mode
[  390.239257][T14935] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  390.292947][T14935] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  390.390545][T14935] team0: Port device team_slave_0 added
[  390.403338][T14935] team0: Port device team_slave_1 added
[  390.467758][T14935] batman_adv: batadv0: Adding interface: batadv_slave_0
[  390.481309][T15056] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  390.485629][T14935] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.525028][T14935] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  390.541970][T14935] batman_adv: batadv0: Adding interface: batadv_slave_1
[  390.559539][T14935] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  390.596190][T14935] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  390.660160][T15058] Invalid logical block size (7)
[  390.748570][T14935] hsr_slave_0: entered promiscuous mode
[  390.755818][T14935] hsr_slave_1: entered promiscuous mode
[  390.768365][T14935] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  390.776741][T14935] Cannot create hsr debugfs directory
[  391.382789][T15071] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  391.465973][T14935] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  391.483121][T14935] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  391.503139][T14935] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  391.522826][T14935] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  391.723990][T14935] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.757639][T14935] 8021q: adding VLAN 0 to HW filter on device team0
[  391.776030][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.783249][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.805501][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.812681][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[  392.257323][T14935] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.766251][T14935] veth0_vlan: entered promiscuous mode
[  392.793189][T14935] veth1_vlan: entered promiscuous mode
[  392.855230][T14935] veth0_macvtap: entered promiscuous mode
[  392.883390][T14935] veth1_macvtap: entered promiscuous mode
[  392.933417][T14935] batman_adv: batadv0: Interface activated: batadv_slave_0
[  392.953251][T14935] batman_adv: batadv0: Interface activated: batadv_slave_1
[  392.983942][T14935] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  392.994785][T14935] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.007889][T14935] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.020831][T14935] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.893318][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  439.900045][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  501.334096][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  501.340670][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  533.329573][   T31] INFO: task kworker/1:1:43 blocked for more than 143 seconds.
[  533.337198][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  533.345008][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  533.353895][   T31] task:kworker/1:1     state:D stack:24488 pid:43    tgid:43    ppid:2      task_flags:0x4208060 flags:0x00004000
[  533.366009][   T31] Workqueue: events rfkill_global_led_trigger_worker
[  533.373012][   T31] Call Trace:
[  533.376313][   T31]  <TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  533.379255][   T31]  __schedule+0x16f5/0x4d00
[  533.384003][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  533.390975][   T31]  ? schedule+0x165/0x360
[  533.395774][   T31]  ? __pfx___schedule+0x10/0x10
[  533.400741][   T31]  ? schedule+0x91/0x360
[  533.405031][   T31]  schedule+0x165/0x360
[  533.409249][   T31]  schedule_preempt_disabled+0x13/0x30
[  533.414828][   T31]  __mutex_lock+0x724/0xe80
[  533.419425][   T31]  ? look_up_lock_class+0x74/0x170
[  533.424574][   T31]  ? __mutex_lock+0x51b/0xe80
[  533.429777][   T31]  ? rfkill_global_led_trigger_worker+0x27/0xd0
[  533.462602][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  533.467980][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  533.478217][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  533.484275][   T31]  rfkill_global_led_trigger_worker+0x27/0xd0
[  533.494176][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  533.502239][   T31]  process_scheduled_works+0xae1/0x17b0
[  533.507870][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  533.517405][   T31]  worker_thread+0x8a0/0xda0
[  533.522319][   T31]  kthread+0x70e/0x8a0
[  533.526444][   T31]  ? __pfx_worker_thread+0x10/0x10
[  533.535173][   T31]  ? __pfx_kthread+0x10/0x10
[  533.540067][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  533.545398][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.550687][   T31]  ? __pfx_kthread+0x10/0x10
[  533.555310][   T31]  ret_from_fork+0x3f9/0x770
[  533.559964][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  533.565100][   T31]  ? __switch_to_asm+0x39/0x70
[  533.569968][   T31]  ? __switch_to_asm+0x33/0x70
[  533.574762][   T31]  ? __pfx_kthread+0x10/0x10
[  533.579415][   T31]  ret_from_fork_asm+0x1a/0x30
[  533.584226][   T31]  </TASK>
[  533.587365][   T31] INFO: task syz.0.2384:15004 blocked for more than 143 seconds.
[  533.595267][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  533.602941][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  533.611684][   T31] task:syz.0.2384      state:D stack:26760 pid:15004 tgid:15000 ppid:10623  task_flags:0x400040 flags:0x00004006
[  533.623659][   T31] Call Trace:
[  533.626939][   T31]  <TASK>
[  533.629954][   T31]  __schedule+0x16f5/0x4d00
[  533.634508][   T31]  ? __lock_acquire+0xab9/0xd20
[  533.639410][   T31]  ? schedule+0x165/0x360
[  533.643780][   T31]  ? __pfx___schedule+0x10/0x10
[  533.648685][   T31]  ? schedule+0x91/0x360
[  533.653217][   T31]  schedule+0x165/0x360
[  533.657423][   T31]  schedule_preempt_disabled+0x13/0x30
[  533.662997][   T31]  __mutex_lock+0x724/0xe80
[  533.667539][   T31]  ? kobject_put+0x43f/0x480
[  533.672219][   T31]  ? __mutex_lock+0x51b/0xe80
[  533.676923][   T31]  ? rfkill_unregister+0xc8/0x220
[  533.682015][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  533.687071][   T31]  ? __pfx_device_del+0x10/0x10
[  533.692028][   T31]  rfkill_unregister+0xc8/0x220
[  533.696906][   T31]  nfc_unregister_device+0x96/0x2a0
[  533.702162][   T31]  ? __pfx_virtual_ncidev_close+0x10/0x10
[  533.707912][   T31]  virtual_ncidev_close+0x56/0x90
[  533.713003][   T31]  __fput+0x44c/0xa70
[  533.717028][   T31]  task_work_run+0x1d1/0x260
[  533.721706][   T31]  ? __pfx_task_work_run+0x10/0x10
[  533.726858][   T31]  get_signal+0x11ed/0x1340
[  533.731704][   T31]  ? task_work_add+0x281/0x420
[  533.736530][   T31]  ? __pfx_vfs_read+0x10/0x10
[  533.741403][   T31]  arch_do_signal_or_restart+0x9a/0x750
[  533.747111][   T31]  ? __pfx___fput_deferred+0x10/0x10
[  533.752490][   T31]  ? __fget_files+0x2a/0x420
[  533.757149][   T31]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  533.763578][   T31]  ? exit_to_user_mode_loop+0x40/0x110
[  533.769151][   T31]  exit_to_user_mode_loop+0x75/0x110
[  533.774513][   T31]  do_syscall_64+0x2bd/0x3b0
[  533.779127][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.784405][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.790580][   T31]  ? clear_bhb_loop+0x60/0xb0
[  533.795295][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  533.802482][   T31] RIP: 0033:0x7f9e64f8e929
[  533.807049][   T31] RSP: 002b:00007f9e65d8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  533.815621][   T31] RAX: fffffffffffffff2 RBX: 00007f9e651b6080 RCX: 00007f9e64f8e929
[  533.823771][   T31] RDX: 0000000000000027 RSI: 0000200000002400 RDI: 0000000000000005
[  533.831834][   T31] RBP: 00007f9e65010b39 R08: 0000000000000000 R09: 0000000000000000
[  533.839889][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  533.848050][   T31] R13: 0000000000000000 R14: 00007f9e651b6080 R15: 00007ffdd74a90e8
[  533.856132][   T31]  </TASK>
[  533.859191][   T31] INFO: task syz.3.2386:15012 blocked for more than 143 seconds.
[  533.867372][   T31]       Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0
[  533.875282][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  533.884022][   T31] task:syz.3.2386      state:D stack:28328 pid:15012 tgid:15009 ppid:6723   task_flags:0x400140 flags:0x00004004
[  533.896126][   T31] Call Trace:
[  533.899486][   T31]  <TASK>
[  533.902441][   T31]  __schedule+0x16f5/0x4d00
[  533.906993][   T31]  ? __lock_acquire+0xab9/0xd20
[  533.911987][   T31]  ? schedule+0x165/0x360
[  533.916369][   T31]  ? __pfx___schedule+0x10/0x10
[  533.921319][   T31]  ? schedule+0x91/0x360
[  533.925616][   T31]  schedule+0x165/0x360
[  533.929887][   T31]  schedule_preempt_disabled+0x13/0x30
[  533.935398][   T31]  __mutex_lock+0x724/0xe80
[  533.940022][   T31]  ? __lock_acquire+0xab9/0xd20
[  533.944900][   T31]  ? __mutex_lock+0x51b/0xe80
[  533.949657][   T31]  ? nfc_rfkill_set_block+0x50/0x2e0
[  533.954977][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  533.960089][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  533.965326][   T31]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  533.971358][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  533.977738][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  533.983714][   T31]  nfc_rfkill_set_block+0x50/0x2e0
[  533.988855][   T31]  ? __pfx_nfc_rfkill_set_block+0x10/0x10
[  533.994653][   T31]  rfkill_set_block+0x1cf/0x440
[  533.999573][   T31]  rfkill_fop_write+0x44b/0x570
[  534.004521][   T31]  ? common_file_perm+0x199/0x200
[  534.009629][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  534.015115][   T31]  ? security_kernfs_init_security+0x250/0x290
[  534.021352][   T31]  ? rw_verify_area+0x258/0x650
[  534.026240][   T31]  ? __pfx_rfkill_fop_write+0x10/0x10
[  534.031705][   T31]  vfs_write+0x27b/0xa90
[  534.035993][   T31]  ? __pfx_vfs_write+0x10/0x10
[  534.040841][   T31]  ? __fget_files+0x2a/0x420
[  534.045478][   T31]  ? __fget_files+0x2a/0x420
[  534.050168][   T31]  ? __fget_files+0x3a0/0x420
[  534.054890][   T31]  ? __fget_files+0x2a/0x420
[  534.059589][   T31]  ksys_write+0x145/0x250
[  534.063985][   T31]  ? __pfx_ksys_write+0x10/0x10
[  534.068961][   T31]  ? rcu_is_watching+0x15/0xb0
[  534.073824][   T31]  ? do_syscall_64+0xbe/0x3b0
[  534.078537][   T31]  do_syscall_64+0xfa/0x3b0
[  534.083102][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  534.088348][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.094700][   T31]  ? clear_bhb_loop+0x60/0xb0
[  534.099450][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  534.105369][   T31] RIP: 0033:0x7f65be38e929
[  534.109862][   T31] RSP: 002b:00007f65bf1c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  534.118319][   T31] RAX: ffffffffffffffda RBX: 00007f65be5b6080 RCX: 00007f65be38e929
[  534.126359][   T31] RDX: 0000000000000008 RSI: 0000200000000080 RDI: 0000000000000007
[  534.134395][   T31] RBP: 00007f65be410b39 R08: 0000000000000000 R09: 0000000000000000
[  534.142440][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  534.150486][   T31] R13: 0000000000000000 R14: 00007f65be5b6080 R15: 00007ffe7183ba48
[  534.158476][   T31]  </TASK>
[  534.161589][   T31] 
[  534.161589][   T31] Showing all locks held in the system:
[  534.175410][   T31] 1 lock held by ksoftirqd/0/15:
[  534.180861][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  534.190987][   T31] 1 lock held by khungtaskd/31:
[  534.195938][   T31]  #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  534.205870][   T31] 3 locks held by kworker/1:1/43:
[  534.211103][   T31]  #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  534.222159][   T31]  #1: ffffc90000b37bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  534.235778][   T31]  #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0
[  534.247289][   T31] 1 lock held by klogd/5196:
[  534.251978][   T31]  #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  534.262058][   T31] 2 locks held by getty/5598:
[  534.266752][   T31]  #0: ffff888034fe20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  534.276700][   T31]  #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  534.286920][   T31] 2 locks held by syz-executor/14935:
[  534.295439][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.304090][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820
[  534.314308][   T31] 2 locks held by syz.0.2384/15004:
[  534.319577][   T31]  #0: ffff88807c1b2100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0
[  534.329461][   T31]  #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_unregister+0xc8/0x220
[  534.339694][   T31] 2 locks held by syz.3.2386/15012:
[  534.344916][   T31]  #0: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_write+0x191/0x570
[  534.355138][   T31]  #1: ffff88807c1b2100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0
[  534.364902][   T31] 1 lock held by syz.1.2397/15130:
[  534.370173][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.378695][   T31] 1 lock held by syz-executor/15185:
[  534.384031][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.392607][   T31] 1 lock held by syz-executor/15186:
[  534.397925][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.406514][   T31] 1 lock held by syz-executor/15277:
[  534.411894][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.420453][   T31] 1 lock held by syz-executor/15287:
[  534.425785][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.434363][   T31] 1 lock held by syz-executor/15295:
[  534.439705][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.448162][   T31] 1 lock held by syz-executor/15296:
[  534.453600][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.462160][   T31] 1 lock held by syz-executor/15298:
[  534.467464][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.476011][   T31] 1 lock held by syz-executor/15300:
[  534.481364][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.489933][   T31] 1 lock held by syz-executor/15311:
[  534.495240][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.503784][   T31] 1 lock held by syz-executor/15312:
[  534.509232][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.517765][   T31] 1 lock held by syz-executor/15314:
[  534.523102][   T31]  #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330
[  534.531802][   T31] 
[  534.534162][   T31] =============================================
[  534.534162][   T31] 
[  534.542912][   T31] NMI backtrace for cpu 1
[  534.542928][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  534.542950][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  534.542961][   T31] Call Trace:
[  534.542969][   T31]  <TASK>
[  534.542977][   T31]  dump_stack_lvl+0x189/0x250
[  534.543001][   T31]  ? __wake_up_klogd+0xd9/0x110
[  534.543029][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  534.543051][   T31]  ? __pfx__printk+0x10/0x10
[  534.543085][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  534.543114][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  534.543137][   T31]  ? _printk+0xcf/0x120
[  534.543161][   T31]  ? __pfx__printk+0x10/0x10
[  534.543184][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  534.543216][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  534.543245][   T31]  watchdog+0xfee/0x1030
[  534.543266][   T31]  ? watchdog+0x1de/0x1030
[  534.543292][   T31]  kthread+0x70e/0x8a0
[  534.543321][   T31]  ? __pfx_watchdog+0x10/0x10
[  534.543337][   T31]  ? __pfx_kthread+0x10/0x10
[  534.543365][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  534.543391][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  534.543418][   T31]  ? __pfx_kthread+0x10/0x10
[  534.543444][   T31]  ret_from_fork+0x3f9/0x770
[  534.543466][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  534.543491][   T31]  ? __switch_to_asm+0x39/0x70
[  534.543513][   T31]  ? __switch_to_asm+0x33/0x70
[  534.543535][   T31]  ? __pfx_kthread+0x10/0x10
[  534.543562][   T31]  ret_from_fork_asm+0x1a/0x30
[  534.543600][   T31]  </TASK>
[  534.543607][   T31] Sending NMI from CPU 1 to CPUs 0:
[  534.701452][    C0] NMI backtrace for cpu 0
[  534.701469][    C0] CPU: 0 UID: 0 PID: 1156 Comm: kworker/u8:6 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  534.701490][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  534.701501][    C0] Workqueue: events_unbound nsim_dev_trap_report_work
[  534.701528][    C0] RIP: 0010:get_page_from_freelist+0x21fa/0x22c0
[  534.701557][    C0] Code: f6 0f 94 c3 4c 89 ef 44 8b 74 24 74 44 89 f2 e8 ec 25 ff ff 41 f7 c6 00 00 04 00 0f 94 c0 08 d8 75 0d 4c 89 ef 48 8b 74 24 20 <e8> 41 f4 fe ff 4c 8b 74 24 38 41 83 e6 04 41 d1 ee 49 8d 5d 08 48
[  534.701572][    C0] RSP: 0018:ffffc90003f673e0 EFLAGS: 00000246
[  534.701585][    C0] RAX: 0000000000000000 RBX: ffff88813fffc100 RCX: 07ba1db724b6c800
[  534.701597][    C0] RDX: 0000000000000004 RSI: 0000000000000003 RDI: ffffea0001150600
[  534.701608][    C0] RBP: ffffc90003f67650 R08: ffff88801cda49ff R09: 1ffff110039b493f
[  534.701620][    C0] R10: dffffc0000000000 R11: ffffed10039b4940 R12: dffffc0000000000
[  534.701633][    C0] R13: ffffea0001150600 R14: 00000000000d2820 R15: ffffc90003f676bc
[  534.701644][    C0] FS:  0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
[  534.701658][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  534.701669][    C0] CR2: 000055dd0557cfb0 CR3: 000000000e138000 CR4: 00000000003526f0
[  534.701684][    C0] DR0: 0000000000000008 DR1: 00000000000000ff DR2: fffffffffffffffb
[  534.701695][    C0] DR3: 3e00000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  534.701706][    C0] Call Trace:
[  534.701712][    C0]  <TASK>
[  534.701725][    C0]  ? unwind_next_frame+0xa5/0x2390
[  534.701748][    C0]  ? unwind_next_frame+0xa5/0x2390
[  534.701765][    C0]  ? ret_from_fork_asm+0x1a/0x30
[  534.701796][    C0]  ? __pfx_get_page_from_freelist+0x10/0x10
[  534.701823][    C0]  ? prepare_alloc_pages+0x213/0x610
[  534.701850][    C0]  __alloc_frozen_pages_noprof+0x181/0x370
[  534.701876][    C0]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  534.701906][    C0]  ? policy_nodemask+0x27c/0x720
[  534.701926][    C0]  ? ___slab_alloc+0x240/0x1480
[  534.701950][    C0]  alloc_pages_mpol+0x232/0x4a0
[  534.701973][    C0]  allocate_slab+0x8a/0x3b0
[  534.701999][    C0]  ___slab_alloc+0xbfc/0x1480
[  534.702024][    C0]  ? __alloc_skb+0x142/0x2d0
[  534.702046][    C0]  __kmalloc_node_track_caller_noprof+0x2f8/0x4e0
[  534.702067][    C0]  ? __alloc_skb+0x142/0x2d0
[  534.702087][    C0]  ? __alloc_skb+0x142/0x2d0
[  534.702105][    C0]  kmalloc_reserve+0x136/0x290
[  534.702127][    C0]  __alloc_skb+0x142/0x2d0
[  534.702147][    C0]  nsim_dev_trap_report_work+0x29a/0xb80
[  534.702177][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  534.702196][    C0]  process_scheduled_works+0xae1/0x17b0
[  534.702228][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  534.702254][    C0]  worker_thread+0x8a0/0xda0
[  534.702285][    C0]  kthread+0x70e/0x8a0
[  534.702309][    C0]  ? __pfx_worker_thread+0x10/0x10
[  534.702326][    C0]  ? __pfx_kthread+0x10/0x10
[  534.702349][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  534.702373][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  534.702397][    C0]  ? __pfx_kthread+0x10/0x10
[  534.702420][    C0]  ret_from_fork+0x3f9/0x770
[  534.702443][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  534.702462][    C0]  ? __switch_to_asm+0x39/0x70
[  534.702482][    C0]  ? __switch_to_asm+0x33/0x70
[  534.702502][    C0]  ? __pfx_kthread+0x10/0x10
[  534.702523][    C0]  ret_from_fork_asm+0x1a/0x30
[  534.702552][    C0]  </TASK>
[  534.704064][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  535.041627][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[  535.053451][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  535.063693][   T31] Call Trace:
[  535.067007][   T31]  <TASK>
[  535.069966][   T31]  dump_stack_lvl+0x99/0x250
[  535.074600][   T31]  ? __asan_memcpy+0x40/0x70
[  535.079213][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  535.084431][   T31]  ? __pfx__printk+0x10/0x10
[  535.089084][   T31]  panic+0x2db/0x790
[  535.093028][   T31]  ? __pfx_panic+0x10/0x10
[  535.097461][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  535.103287][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  535.108688][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  535.114880][   T31]  watchdog+0x102d/0x1030
[  535.119226][   T31]  ? watchdog+0x1de/0x1030
[  535.123659][   T31]  kthread+0x70e/0x8a0
[  535.127764][   T31]  ? __pfx_watchdog+0x10/0x10
[  535.132450][   T31]  ? __pfx_kthread+0x10/0x10
[  535.137063][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  535.142281][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  535.147497][   T31]  ? __pfx_kthread+0x10/0x10
[  535.152106][   T31]  ret_from_fork+0x3f9/0x770
[  535.156715][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  535.161851][   T31]  ? __switch_to_asm+0x39/0x70
[  535.166631][   T31]  ? __switch_to_asm+0x33/0x70
[  535.171490][   T31]  ? __pfx_kthread+0x10/0x10
[  535.176094][   T31]  ret_from_fork_asm+0x1a/0x30
[  535.180884][   T31]  </TASK>
[  535.184237][   T31] Kernel Offset: disabled
[  535.188591][   T31] Rebooting in 86400 seconds..