last executing test programs: 8.431359333s ago: executing program 2 (id=1242): r0 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) ioctl$BLKIOOPT(r0, 0x1279, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000007c0)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000080)=[{0x30, 0xcf, 0x5, 0xfffff000}, {0x6}]}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x1, 0x0) r4 = syz_open_dev$ndb(&(0x7f00000000c0), 0x0, 0x0) ioctl$NBD_CLEAR_SOCK(r4, 0xab04) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r6, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="010000000000000001000000000000000000000000000000001b0300ff"]) ioctl$KVM_SET_NESTED_STATE(r6, 0x4080aebf, &(0x7f0000000300)={{0x3, 0x0, 0x80, {0x5000, 0x80a0000}}, "f4cbeeb756336fcf354a429bfd496c66a6a4f391a9710cc234e0a8d04e9d6d0d53390ee30ef2ba18224437ed8df5c86b9713586059380fc7d773e3a3f0d06dfacb4acf381f5a5b537f66d15928472559b84684003d398f5d3bc1bca7aee5c39385bcd0062388842a1eaa099803119b61ff83003f7dfba2c0081223274eff7a2fe580a4233b21c1829a03dd7c60a1cce7bc783a2ab74c41b5b598332818dcd14c49c5352c4ce77bae6006bf89e7ac74ca18139fa0243743969692640b3ecf1fd9ae1ba224a2da12419f6733c466e8594b045b350c62c05176928fc37ee273864fde3aef1171730108a4b3eac583bdeb123252b2ff8c7f3183f5a3dd7872b3a7922e0cb24688273f7d64877ce789e7c6405bfedd12bc33c53738fd2d3de169dd9ad605bbab8f58618c9c170cae78c480438d87a12131be8e0014fb95b5f3ee54525ec93dbb3f06fb2c75edf5fd47bcc118c8c618c1b61109a9ce992441f83f42a0e7324e433d3cca61b0a96e60b650b5d42f5b8175311f8d2002407270ffdbea88bcc6a5920bc94d06851686c84224396f3ee2ec94676d3295ca98ddded2fa62603fe47d33f58a2594831df881623b18ebe95a00db267532b00ffcb501528c69632365d447ebcf2ecaab61d8727c7d2eb6bb0531c380961147d83686024682999e46db6a2ef4c0b29732fc75d72d0fdaba29a525a7a9e42342cc848034b93187170c0dffbe330ff955ddb4c4dce051c653da2db1f47992b9a6e71e05e31d9966123b59433f2ebe4e2faa307af9bd6d6569b81180f67c62a1d434ef19e88b2a49ddb4af972623054c5896b993b31388dd5d96f991aa6a37c151d37a5884eae88db6e4b77d6ef526e13ff31134228b64a5e844dbc3f8b549fffe41597abdfe235d080e3e3e9068eb37b0653a2dff65c846819b1427feca1a90247a69ba7699af1f04b90d1a0ceec2c1b1fc9bf20626f7531aa7c4e5ba6c84e761553fc4a76626cf9da7b9602464aba0515a1994b913eded69e623a452428d9037ddce882671f6ac133660296ce44118ab4bb5b3e6a3126a55168005227b3575673066258eb4ff5c23805ed1728f249283498b0e67e12dfba02bacae23f676a690e842bf02ab002b756e7c5153cf8bd4580e1be26ccc77e46a6d7166a5008034e1be6eaf5c6c44bd43a3a722f1697d6a46871eb49ca5773c7b3066ae24a6548841fb73320667ba1a0c6a484019d1aab525d85061e16cb129e9b4c1c93aa2ba5e193c214e158b69ff7cee0086535116d59c154e08f2817f66eb90af5f704ef6ec4cabfaef20eeba1ba54bd9cf6605c54706126f6701335bc8e8cbd1ced11ef86b8f4a20ddea4568983b4df60822f736e5970ac4a07af71cfbfff9292e9143f2cba391cc8a9495fd76a92f8bb6b01b8f94154e6397cb4bab66eaf623f590da17d7e244289485e00673a93a93b3fbaca0caf98529e788c9cceb457d803af7e7c2d5a27fff8d60f44a911f05fff39af3254151f1c0b43c80d9b6e67aa03fd1e9e0d2ac8f941d29ef65152a46d79f5a66b21867dd3446dd6c47fee6e8c94eccd58dbf37cb08536ece2d8e49892f25e2339faa66f6c04f12572e0ef4391b3db9ac8b509d43de347f7bd3c36542f701f8f9f1ea094ab71a0c83f0d3b78d6ff603b5f3ea0a8b2e36931cca5c1a9a27d582769a4f82053fae03a8cc17b19edd843a9ec6171b806af452eac111ac9f4940c4f8ff385fa07f43684fea51dc1610efbd6cf63427f084819f9e5525093d38b9977d7ba230ddbeccf05ddc7f12be568a81cbacb40e7e08da317b6ab01ff8102fe3539cc8d37e372fbb7d34201a6e1f4e208093011f3949d04eae986a93fedea49fa388142fbb14b9a04ee2b47843aa513628835c1e2079e726322deded47a30d2413028b1e62427ac13c59bb2cab4bf91a90dc1a48ce03c2fadcc86a7e45ba3bdef1671009c2d96f349cc9cdbaf538521c58d92f92a8b6c2fa1283a37c718a6f0c4480e35eb8264a00f6603e31d6a99d01782ed2a978f91387504134765faf606080203a722840cbdb0b59468c81484b7cd7fedc4bf6374515bdc2d881f9def756e454ebf06ce24c610313abc56d6884e27f56197580ef95ced24e6640dc9d6440d341934a75f877031e0440b6b89ca9088d6ac74d2acddfbbaa7881caeb8dbd8f4713b3c67ee60a0e8c43537bf1c6e24ddcbf2c13f45c227424156f6e1176424556652a0ce3dac4c76ba99763bc2d70e8916e2ba5fb46a94e9ec58ce304fa5b6dc5bc99aa82b84432d29917e3113c34e83beae5d047f7c85bc8af02f5c05e46a5bb5ad5a071b58b8cc6c70ee8ff80b223a0c60a9008503a647f2de9d3b9e9d245419a2b21535cf243d4c96a1e1db05c59ed172d72f2d65039650c8b8409750303b49095b0ddbed680ce4f281d40ad7b35ed4057057b7cae99099aa3cfbba62a7f1b8164d30b454a9d43cbb7129d3798a3e135f12fcea062c834c779eebd6e617dd36960632c9bfb18bfa506f4b0d3a01a33be4b1f78ab8c94ce7a1edadd8e1f1fa3ddedcd8dd8d08787c22920a770c75c565e2e34317338f4d09eeff2c5318bda4c141ecc9237c5715f76f1867e0033ae3c8b8d1b916579631c91b3d59c76c5ed64349f0964c836062a1dd74a3a8e7b26197acb18b25ceabf9d82b80ff44020878404be630776b24590e9ca70150e7ec739bd7a0fe941043925315a0dc6a31f55acb4f5c5a4c1f1894633a52c7e0a1ffac99db84c9a3a832570c2b6b1c22ad4705b793590b56d988c92213936cf038f94dfcfd863b39fb8b34838cd6dd77c8b6c9dfd491adfeab04a63d75498070dc383594b140d89ce405c20e748289d0d44dc24c594aa5619a0592872f84f975a70d9aba612d85c40224c5af31c65a31033213a6d31745f448797ed1506a023290af61e7f28e305d2ee8d4a5f4423ff9ec6acb0414f9a177ed43b087b645d5b49140a3165899fbc280697c0c6b6ce24e34107f0cfd50214086998675d476b71457e53582c81cad64483e07eace8c3d7f81ec239cd404afebd6b7703f0fea9d6d68efc46b018b2c029ebd65a0057dce75853d52d63c95ee9ae0970e3bd94173b368cb1c4d75af10b4d0f8f4ed217a927d978e5b663483b05df6d55be88a5c8eef612105a41497c877dc8603c9517f99416a94aefb56f4a193e2c7f7a5720ccee8a9f2c32a88d516b194f30774caa0d82da53041d856c676a7b1115268a0565d9f96631f351388680a6530665b3f602c49b5d256a4156ef9633c0f19b82115c131f4620619273acf00ddd903290e4c2464ea92678835233284f6f32590272e15a9742a8e1a2701d3b79460903816a21ccbcc6e87391c9b53bb740c63cc6ba67a1c5fd74c63bee4eada19c3713863724fa9165213045f90fa3a6cb0ba3a7cc8f339f547421680171be36b13b15f3e3c3db61b1db10657dabea859a4a4c4c86d6dc1a069060ba7f5ac4631226019692318e0024f0e564e1bfb942533aac251d5238a200915f827bfa98ef9f0ad8769899080e7e961419a550f339c3594906062c0813dde20769c4598b1e7851b0d564e7700de04ce0286d32135ca295631d792818a1d41da2d6d107a2eda082d7dd3cc790ad69c2ab29e1edf41932e5279fe9c605542f3cf442a5098f4fe7082969efe9d99f8ce41daaad5297a15741678629ecd009d102718d90dc0169ac9019a22a0fee9e74666d754cc737dbd26f7cfcd0017b3d96728e866a26f55e049bba592b5d77d4e638e2f8b04e9234398a4c1a265b4e058883a15828ffe19134166be7cbcc2efa4b05b6700318f09372b9b77a503f0cef6be3419a0539d3f11c5a10031babb91d22f65f36bc93632dfc7983480204760c537c1c672eb7033d23d2e694e8f54a5765395fa0cc7ab70366a2fbd6206f6f960ac5472ccc657ade101d59a0e2ed845be80a45d1c8ae08958e5b0e45ed9f1efcbfa4233b19797f22ebf0687bc7a00290878b80ea11d6e60f435f0a7ca52abea2bec404f5a6696bbd796f7b3e987eddae9f1ff2648dbf47bcce61604a35de7379cbbf8cabfc186be6d1cf8d1294acc6240eef87def4fa57127ed21b1f08030955d068b8a5fccd6d8ae1382272fe959cd96200b3e476005ab64f9f1dcbb63f7dbef447ca55a4a05b70c56b1b31dc6da9f72b0006f48b514f51c48d18ddc8256471a22da7278e3e92369c753b219b1dfcd3d7df750a4f40f114b75921cb6abc70b692e8324e846a3400650f00ba6dfd95db2e84c21676d15dcf48c67ab3241b949fcb87a260128ab0693f7b95df9afbd021721b2ac4d7b6ea14295c6adf76bf088beb49c5c52c8c121abb8ff2a0767ba042eca40804fad3bcd35d981586cd00430222e60dfce5a9c5851a1bd5a216ad393c39d2dea94599a32e16c375826ba191bb90a788b6bd19ddbf0d7f37c432a6eb53c5ace7fadd0f740e7c35ed073bad4d9a41b1c659e597e8f89455b057e798b172187b919a93f1e6a07008d70c3903eacc16574358ee064f41bf78090db48fde09a212f278a83c41b3b12df1441eac777bfa9d8d97d08cbafce1dd3043ecb7c4d8d710a2f3eec61965a518710c23175a92456565df30459ef5af71b24d29e29156ef75e0e29c169e6d8ab2292615bb021d5fd0dcea15586392e6b3ad45805316e0a581f8a579021d2323f6f5e61fa7ea3c04b3b52ffdaba8076f3a60868a30dd2a824b7f81598fb90e943ed8f5a4ed87f4bf090c37bcfe11dfa6432cfe7b1857a83c8186da769dad2c2816f2f6128644430180ffaa0ebf78b34c6f64586feffc7ac5d6785064c6ae6c1b1cc5246450a2aaf8e9e701745d3260fee5b0b5a83d3ed426c29bd830cca62b579fd25582a53a6f371c703703feae600feb47708a16b189eb08bbd01736c21ea31fc33feb2808a9c92ebeee90142312833f4086f0e5d0856b827c8291289f39cffcfd3847f50d94418fb69fc05b50fb9dc88b6fa1c0f1bd93f94adcdf8afced95cc3c688ca6a0869eb9cb8583f88664d8a5e40594bfb32e1e65c5683c65a9271ffe91766be4c4b80e4ca987e30c39ba985e1891041c7ac11c79bd0570eebf5f609105ca42fbe76f13b49a03eb8d8f1f1d94f945f23ac9b678811f82081acd59a520f6511a10b82230dee299652606eca7bef68cf2e2a7b65f2c44d761f9d4a110b64fda17787be8c48a9ba5dd76e069fc0ebc3c9f05928f4f01eee2d430318ff8146b7eb5eb3f61bb33be8182f652c1472d42e803bbe1744215c6b6d1a62cc523856db2111cd1423174bf79e9f5f6cf9ddae3f5e5d77ccd56b0299cfd05229f4871477b333e80123631db621a7a21348f7f54e4d0f968260fd22a4990a7fcc10475d4c4738c8d0714d65138e22ecbbb669ed9f1f86ab04298903273c2c4ac3892caea02b20b3aaeccacfd96f5f7618b0550427e2d2fbd9bc9b140974dfd71ded30a6b3ca95eaec0278258ee4b0ee46ed013de2eacd451d6e4f497371a8afb1ad147bb0f01f5582886546c35da6bacb40d536576a430f15da428835c9b83492ae39da41534dc1fab69145b4282090044dc713cda0bf4a2fd34430cf435978574a8d403612927f952985b38aae0e510d7d22513e6960c947ce3420d341e2f227bd73a23546e47ffe3f441c0d476495a783487dddda20e979718aac5233f986111ec63fe4846888275b63db19df930662185f826efb97113a6d4d20a0b2ec0a578d361d4d6890b68a0427f0a2d483f070cac4be55fdb25167910cfa7696ea44d6eda2addc51a00147971577ec387e5d72f77d250dbe783", "482f8ebe94303088028889733bc3fe2b7f5001f39ef80ea65e790cfc9a1b41b9715e377847fc793b0d7b6bd54d5aef90af791a30a1efd4bfb64d4fceb423768e4bbca89a8493ccb39fc9d15b68e9ffa94daf6768d43de289fc2fa931ae9e3c25271acc30416861d5e13c7fd5f264b6b2cf47f882c4b6a309a119f59cf3dd71d3b8de40c4ae3fb5f7c9762df74e2fc55ac5db725b251cca39cdc7153716fe5e0f391921ce4aeb6b2f8362f5551df75b22b44fa29a20015e1fa99f9e4dd817d176a42086ce2bbf5e36f077dbdbf9d2ced992538c018182eda6164ad7916b80abb60836dbd475042a911afdf77cac6747edcf48905f6574ea49be20c39c96ce6b2a9af37cc8a9851fa0be4d841a6795c7d70baa4909dfc9bfb0dce75983dc61d2d055c8e1a8ef5ffc847b23ed998aa12f180baa41664402631814ff73d5858ff380c2223cdfdcd9819fa9b8ff5a0862ef238be2b29ffc10981cf51df7001804b2b1eae5fc64dab311ecf438d807e06ec5bf7d1565db15b03974b410e95426c848aa490661827ede88eac4b01aebf41b64c640edb9ac70624d085d401a5ee8abd3edde2277f6a44fff67dee3fbf257c268736b7b9b2bce8fc7dc6c5d6deaf81a2c9e2ea984392094aa32230ac8c5462ab02dae4f006bde02928349d70de77075b511e7c771bc23fc5927c96ab91f904e74ec76ddac252eee38b16ff8a006134480f1b2f38729c177604e4806664b1e0c85a8db38edac2fcb0a18c7ae07f52d0e6999e216d80aaf589d2184b37165eb7da452db831120b0fb0b476adafe12af03b2ffbf7419e5b4b3dc8df5da1974eaff014afe85aa21b60c5153ef85a083ebae9337521aa046d02c989ba57f9132c316303102ebd89a5ce95a6f66013572232228371db58eacd78eeb47ef1fe536ae1658f82464370271529e3e38137ecf0e6aaab083e9883e3f3c15ecd22e9b8347e755219c458b4b3387d9fc978714a99093e7908d37acdd932f65a918ec335f4eaeccfbe5262c49efc39d4b4c19a7bca3b8fe680cef13afab93fa5cfa77ce5c1635cf7bec5a2297d8ed3527eedfa1cf1eef5dae0698abf711991dbc14644dbdfe6f663541558ea72b1f9609ede6543e62f0822ac96106186c8e01fb8fa28900c8fce7fcec6e18598c9cfeb36b5c45dce59633ad89b7578624da8d26456157ab7af6f0814750d37e5a9efc9badb876b04255299b3e7b4e54a7d6ad0fa1749f0818b2859ee29c2380108fdc7582fe026d9496e786fae394c8f9586dd593539abf14533a33e15f1cd2af3ba6004663f56ac5a2961b1b604313dbf2f248f6376e8732fe8e36923589844ed7590b09c92fb487f9993f0799a965ff4473ce346f8ff518565264a5f212c18dcda319b9014059279759160247a9aa2878ae62fc67049bd7077f3e56c59b8411f89c579c15d5b608ea22ad9e6350c7e7d855130ae9d2f8918762c92aa1c37a86d8768a1a814e46d82a0d95dec58fae3cd552ba14b6ac9b69131d3079c9cde41aff124ad29d8af9757e0dcfc35e2b3c56e6c3c81d257cd52b5a83aa8b35dd86745d8cfc1ee5686aeffae8a374cf7994f5baed44a2130495bcc7fe04d42b287d1fb2ee74bea869cc16824c67b5baa6d2d9adb06128f364eeeb38e9c3090b0444c405a0d7b0926649c2c652faa7fa44d0858cc99cda60d7e06ac6ed95a0c582f91f2c46e1cd97bb5935c536e050337c59b1e673fe8a9afcf2cbb82b9b2be034054f59b4dacf6ae1b217418d701a339fea50781493399e37ef70808f7e7a39491bfdc7b6e6757a37130682b80227de03dbc127e46f8638981c9e5e0cbff229af844ec0d5ec9a1f93638c7917ef00d77f57aaeb828e764de09df5a526f3bc0b0f7e71da209ed3bb724f53687b2a208d787878145b0cc1a1faa02e45fafa29e5f504298b0db2a8bff59bc489088942372cee209219a0616ca366d9553029f90277a4b48cc4da2bf65267853ff1c766db43940b20ad7e1647a932c9fe7f39d6cd14326fd7611cbe6ed049851ee6727a6191291e522ce539073de040b3479a4b7b789f6f8127765551111a3593622b10ef192ad0cc3ce7566d9fd30cbb64187c74b38ce88e5cf5fd8d089089b23e257ebfa82e5ebc2f482e6a29f60652746ecf36054e25f7795bf62e09fd92079babdfbd4d250def0fad1ee3026a1194b84a38b06251b31a32ee38b5ec2016379e13599c8faec9c28e095c2914acbadfddbde212990c244d053b8fb7a708344ebb293b65b538f71f3c1c06d7574a57d3a6d1efbc118a70156cf8219758038a51f3985e7aacdcdc7f9f189b7ab887222752332b05b1b3c7961c3421afb27b91e7eb0eef88b1b37a0646d890d791bc7aa3706b9133bf5e941d6b801ca0411eb0d7cd429702096a18339f7f423b43fca309c971a857e70686ab4e4acba2722cdb2856bc69c4106d5a5cc6c98a59e6cee134983757396d38dcbf41fb90bf3ab655582319d323478c3a99ef85e9617cf3c97375483182046d34fe94dfda94b4ecbc594d1c6914078bdaee9353bbce0e73c37f9c3c7161b76d5254d1dd44d93d372f4775097db50a13382619bd8834a8b7d841d2c9f38da2de087e9c5e743ddc2ced474ff8f081fde98539e13ed9c7a61788c4cc35638480b2ffad06b2973dea5dcc0fd5ceb0f397d3b15584f230bab3f6619611e6c20dfffb9db26c39372fde44003a16520aaa5c5b9f49249281024da720b8dba719fe07228d9aa419940327e524f6cd90f80aab3873ef2a2d2216417064abd1f7288d0633f626e5483e37d60885ac920ba8d4450798a04cafb76f084c820b514fbfe069c4fa1e36f1c0ddc06c0dd3fcfe129bce79598a3d584339f203b4d591fae7e855b7649cb6aef3b9aa0112afe5f0aac3ab23bf60e4cde71775f59f04f49897e1b3760d0165e9a5cde8440626abad2b8a8b87398f3b274ae4ac49f39460f27e3142f3a1941b164b91c5316a176751899cbc009a37c6cbc99d34e37f62b61f2ff6cf22e1fe94d86de2c4381f246fabf3b0a98ea20f5a249699a7fbf2845a0e7f12454aeee443bda81ddaca2effaa6a8251bcc8bd2bbbc8634cdb9823def7f865a4b781a9a484b44a280a81f6dce1160ccf37fe42cab7abf1eb4d7fb8cbc8bd4c0a941c4ee0e74cc47a19ccc257432f72d569e3b2953e80c3f7bef92fd8dfbe115a880d9eb4d46e5f69ea9a346d1a41d77094e3ca40f7c7c9529a3b107d3e8d31d1fa6297c40b5af98457a3da821829fcf0526eea041bf8e936b64e0adb218d4792c932ce0eabaf6f5a44511df6c15d5da84f0ed3d3cbf0438c9bca799e5d03e698c368467b8acbe7849b02a116ad3315c6be7c8d91190477c7858ea5e06099d48d09f0ff2e17a0607e8af03dcc7e1f343682aa11745250a67c5588b8bb60e10dab1dfce273ec9ffdd3d1d743678ed7c389267d7007a2ccf250d5b30c01c89df82530c4465a8a30064079c9e073d6e87a628e3dba8ae35e7bf0409346c212459b8d8236ab497c4fe8db49198f8e9a78b0e4dd4671d2d3170677717b63d33e053d71d006951fcf75b0a13bbe33462bea686eb62756c2475670ac110b520f143440de93227e6f5a8ccaf138bf31de0e3797dd0a6d51c1f22d703af5bc4eab7a40b602244994cf4c5a30bf3f3bfa9de7ca628d9a61d31abe621e78a6c65d6f46803ec66c492c0ac58cce04f8a99d759c6f9eb4111df284d3cd04d9884fd73311941b6a7d2218433f0cbe21c8983e8ad00b5c80b0c951e3fcffb7d67329f531641600e8ad8fab775ef71d8ec05caf64698b6c9932578b1e9a3783aa1cc46ba4590c09057cc7128c1ded5eb7823fcb74535139b526cafc0c2554cd3a24f82b969305df4a856f3b4f62504040295fb7b66e05f6441b2445066d13e890d73b9ee99d198bf52ecc2bb5907b35e0429f7a0d3dc157f9398e3251e732c28c3a5f9d2b3f918e20ef60ccdb77917f7b2e07e73426210377ddd6ec361a4b771871f08af99b5b412bf9584e390db6a78a07b71491dbec161fe6d7ded3501051eeb96f14da5bf825ea9a3815a7881ecc0912da3477b11ef0d2aa378a24d28fde683f0927dc02ce419916a8e2fddecc515c7d62d2f05c0d856ed96727343c28437470d3736018189d25b27ed8fc936c59fc27911fb68fc1be50f680627768a183b9583afa0c674f24300179d315ea82bb1fadbedb19d86ed2c78209592c9195b5e34527202c0d27df43a525f913ac86d2572b61c4aab5c83b61f497e48ea009cc96c8e21b18977cb01340fe9832a56be6ba681ba22cc160a3b1739fd3cd8182cb0a944ea143aa36e687be80e8bd81ed733b551ad37313b9f41c5daaeaaf39f382c00f75cafa79c1ae86ae881f69850326c131017f24724c3f1f726b2b2150132e19056a8b5297185de7267bf6ad4800b18dadecb540c4c466db12f0fb5dfef9cadd1565ea48acf1fc84f529a6e5b09c80162771e735149aac4b07686ad42b4f074719cb0e4c301210a9b86e36738e6ce883b06a705b2a7ba537878599965fb2e400c284016536cd882a9a238a270336a57c62f6af977c0604354df4fea6e2ef5b446e85f2edaef4d94fea9b4d983850b77d7b84b2f13769a78f0cf709f613645c4681209229c0b6b0e8f0a00f4286be978df3774684a30315e36bcc1d33692915037fd4bffc38cb662079852cf1bbdf394e495fc2f495e4eb0c52bb8c0e114f28973481b06778f203798b99fa4d007a33ab1fc72b39ff6f06caabf38e8d7d6e93fefcd0ea1d3efd426eec9d20bb9c85f470b98078c913ee12977558ccdde00b8cebec4a18f5d153e4563bdecc72ee7d74f9e4fd991069b069da5ae260c13028b5f207b26b829155c6a6a455a1778ad3da0eff2d5dea394732f68096418683df5ba1f3c544cb54506640709d2d22b42bbcf7dbf6fcb28327a0336124475cb6e29ee58589d3b266bd9f1bde2ff2dd72344cd8a741754efa3463b2b711cf89c17cc42751efe4ca09d58f5a0ee4f49c626d6083d7a0d622eb7e07a769521777e30a77f0c7ee84aed4c833175d3ee107b52548c2c25bed976b0b92e829d2b2bd8770c27f756a8ccf1b742791314bcf3994e4a753f9f82b662fb453f8116f279a57cc11fc8e3bdfc2b5b08347c9432534f86329fc199ffcac7de1aeb50dbf6aa13d689088bf5ac323fffa75d1175e164ecb5346e206c0be2caec56f4201268e0565713d846eaff713d1183617627a4ce5c457e9e6f387d7ddced0753811cf76f28bb9ece0798a80f403972e587277438a87356c098ea8050990bb2c78316bfa2c1b7f09d15dc53fa8a480ab965d080af7f937f8c6566dbfe74c1309a68348041d2d7a7b65a4b68ea5610add1b21ed855df6a9007592c14a0f46af0c16e0a77b534e476d2308d8060df073a9a1caf37a1bad8986dae7768600b4d8fd810b5ce5c3f61169b747b4489c8c445b7c83776beb0d3eed3e03275bc339c30333883a42e29ef12a28738c22ec1de09d449820b2ae58ef590474d4c083c6cb94ef13e6778e5d0e67a8d0d99b3577e401273b39b1258177b6d9e8814f5807eb06c78ca46d279df3eb7b64b627371fb23ffbdbfb748e7f981d5d4b9ae8f782d8e3e10af107c9545855e5b7dea415da103f61d5318b12787f29a560f15394e3152ea4b13e54249514215954a69dd75c75116757fddde9a99079eecff6d6a9590d5a0678bdc93a1fae290079c1ef503d12b9aefb24c08ff007887a9301a0c7ed94015eb16274083d514af33ad78d9f5facf07db30ec92f7f0b3e481a058b8a3590"}) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r9, 0x4010ae67, &(0x7f0000000040)={0x0, 0x7000, 0x1}) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$TCFLSH(r7, 0x400455c8, 0x400000009) ioctl$TIOCSTI(r7, 0x5412, &(0x7f0000000040)=0x3) read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) 5.765702945s ago: executing program 2 (id=1265): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) (async) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000006780)='./binderfs/binder1\x00', 0x802, 0x0) ioctl$BINDER_SET_MAX_THREADS(r2, 0x40046205, &(0x7f00000067c0)=0x3) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001380)={0x44, 0x0, &(0x7f0000000540)=[@reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x1, 0x0, &(0x7f0000000480)='*'}) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7e001000) 5.673342824s ago: executing program 2 (id=1267): r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0x1000000, 0x1, 0xfe, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 5.617932503s ago: executing program 2 (id=1269): r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) write$FUSE_INIT(r0, 0x0, 0x0) openat$rnullb(0xffffffffffffff9c, 0x0, 0x28200, 0x0) r1 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/pids.max\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[@ANYBLOB='-0'], 0x6) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000380), 0x100, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc1105518, 0x0) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x7, @sdr={0x3234564e}}) 5.464546531s ago: executing program 2 (id=1272): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f00000005c0)={0x5, @sliced}) (async) r2 = syz_open_dev$dri(&(0x7f0000000880), 0x1, 0x101001) (async) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r3, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x0, 0x0, 0x30, 0x0, @in6={0xa, 0x4e20, 0x5, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, 0x8001}, @in={0x2, 0x4e25, @broadcast}}}, 0x118) (async) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000180)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f0000000100)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f00000001c0), 0x3, r4, 0xeeeeeeee}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f00000003c0)=[r4], &(0x7f0000000180), &(0x7f0000000400)=[r5], &(0x7f0000000280), 0x0, 0x3ff}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) ioctl$BLKTRACESTOP(r0, 0x1275, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r7, 0x4068aea3, &(0x7f00000004c0)={0x79, 0x0, 0x3}) ioctl$KVM_SET_GSI_ROUTING(r7, 0x4008ae6a, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000000100000002000000000000000000007f00ec97630000f1ffffff"]) (async) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x3) (async) ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000a80)=0xff) ioctl$KVM_SET_LAPIC(r8, 0x4400ae8f, &(0x7f0000000840)={"3ac1e78c7bde43bf2ad211a79624f5d74b7a1d9aa92e04251921a548b5c4f44f2300a7ad5b510e3d62c8377ab142763cf12f3bb674b0651d586b4d3b26a42b5b22da84d3ecb5de143fe9df2c1e6858ada42eb6b10d181bf379464c2be2306126ef6da6cd7f10260aa8b235130e80673f6c4894016ba6d176309ffabd0fc93fa1c0c08fa9a6f25e1ab993cf9ca691aebb9ae8a0af571db3ee0b37134cdf3955073b02598e87e81bfe5bef21c31b28a225a871ff2a160eb262744640f405abefb07bc567c7f07ded8c14304e0829282bfcb67527cd4fc0ccb1d6a3d169f1b56cec570d33fda460da59861cab99a5f961a85206938d700d16bf989449cac32380cf441fee55a46c4a5ec00ff27f98eaeb908630ed2a2d105968c22fc4561d284e6a164a4003d5624e0c9a3b0f7f8f8c5ecf1478eea5af7af1397e877987403e892e49774b06279fa7524ea97ec9eca2687e488d797d1f5c508ab19d85f4337eb3b96cd10b29193c5ff504dae8f5126f6364b498e1ede9c8bdea4a7e7639b011829a884fdc712f646040a2002cfc6cbb367663f274396409c8f7bc01b3dc36e1165711d42c8e3cc3dfde45919784ac3a162a737d18de62f142139b4ad202e26054294db5de2a88479544a38a931cccf301977787400c9f6556ab90566ca00b25a7d8fb1875af98555b2224aee000dc57d3ff211be9733f32c770320b2c7de4cb7287a71c2b910d2fcebe1b4851c9aae0cf167a751902e3e39af506d274cb7a0347dd34b49c1f08b212c59fe66019f994553b4a491973358cf919b2d00416f0f8025bb3eb084eebaa36016a49e21e419099bfce1c4f61147d1b9bbcbe17e10b476ca33f2f19f55b631b7b5cc2441c192956ff33896cb5581e617817a9229eba06bf86655b453c3ef70520b282f8287c264d74cac30551229582b8abf03b52a197165951e8c560ef431d07e19c2ed1458e8fba85c8863aa758b7582491bd79b40d600598194a97ef88fbeac5d05de0824aa0c071e2b64ad159bdc5e49e47a3e60c95c2570731e6fefe7f103f60f31332b9e141c09bc7cccd4c44665937fabf3a315e0f027aa9705b5b30226054ce47a587f01af8a64641a0bf9243055b3c57749a904adbe13c0a80d06fae2655db9ef3a6fffd525b82ecdfd563e968714f51cf6581ad487e47bed310e580365e6aaa0f51a055624679795c0169ce96b413a641c15fdddfbc72f3cd5edcdcaaae3eb0ccf6d8f2d42d5a4705b5cbddaa2119624467946d4a748c4117a72afcb42729b12a19d6d3ff5400f4b72f3084a82c093867055596ec16c92df0c9e7d1612ab927f509155fe6ca65e5bd40cdcea566906150f948fb8c91f29f76064ebb330c87d0e91872149e7906335fad7346693c0a0df105e5280f4e53e6af319960c6109ab45e1c82f8b4cb4195f0c7f63c12f23d2af54811f2"}) (async) ioctl$KVM_RUN(r8, 0xae80, 0x0) (async) ioctl$KVM_SET_GUEST_DEBUG(r8, 0x4048ae9b, &(0x7f00000001c0)={0x0, 0x0, [0x6, 0xe5f6, 0x384d, 0x8, 0xffffffffffffff89, 0x2, 0x3]}) (async) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 5.101672567s ago: executing program 2 (id=1274): syz_open_dev$tty1(0xc, 0x4, 0x3) r0 = syz_open_dev$video(&(0x7f0000000100), 0x7fff, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000040)={0x1, 0x102, 0x4, {0x4, 0xf7fff4f6, 0x770d0365, 0xb9c5a9dd}}) (fail_nth: 3) 5.063011833s ago: executing program 1 (id=1275): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5203) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r2, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xffffffffffdfffff, 0x0, 0x10, r6, 0x0) write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r7 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r7, 0x7a7, &(0x7f0000000040)=0x10000) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_MAGIC(r8, 0x80046402, 0x0) close(r8) ioctl$IOCTL_VMCI_INIT_CONTEXT(r7, 0x7a0, &(0x7f00000000c0)={@hyper}) ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r7, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2], 0x2, 0x400}) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 3.513567369s ago: executing program 1 (id=1282): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) write$rfkill(r0, &(0x7f0000000040)={0x2, 0x6}, 0x8) 3.475687614s ago: executing program 1 (id=1283): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0xfffffffffffffffe, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x4000000000000002, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x2}}, {0x0, 0x1a}}}, 0xa0) openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x4080, 0x0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000380)={0x1, @pix={0x0, 0x0, 0x31424752}}) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 2.561450188s ago: executing program 0 (id=1288): r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000280)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f00000002c0)={@hyper}) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f0000000080)={{@any, 0xffffffff}, 0x1, 0x0, 0x1}) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x40) ioctl$SNDRV_SEQ_IOCTL_RUNNING_MODE(r3, 0xc0105303, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) mmap$binder(&(0x7f0000735000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0x0, 0x1, 0xfe, 0x0, 'syz0\x00'}, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) 2.407317742s ago: executing program 0 (id=1289): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_INPUT(r1, &(0x7f0000000680)={0x8, {"e0da755a3838e8436beac9644a8951eb65b3cef68671b6ba66b27d2887f0087620bdbc7a8965faab95ec2ace329611a0b669d9ae27662c75428efdc3fcd53679dc365632cd84c443a68bca6071c376870da9187c35eb4935d77a85926788d66683fff1b429af33abe5638b1d32b722b9841b468a87c36615987edf31b83bbb0c35a94472cfca04e2e3c7c6920738ab0bc3f5bea189b52b27034eb841dd44ce4860e4b5bfefa2a19f90c7c576053d323aedead653c83b0abc12624927d593d3a7d1859fdc9d35ac79999001ae11e1d136856f16401522d8e69e74333eb3d22c97fbfe9b3438e7bbb6b13cf0b7ffb4861c00a508f13d9f3e06e58c98132c7c11dba11a42e432f963ac2284fcf2acfd36dd867c2a8bcb8c418535b4f312ea6f4261a6c450a53669d9fb6879face5c553b227900bd9061ee44cea45f5c2399af413c8909e14118ac51cda27e494ecf01fd2a982bb50967c90405cc8ce1933e2500bcde3f3095e1cd2c6ea355807b5f00955c0d130ee1c07a43c93fff0192ca2ce46dbfe93621454e8cd05320472daed25da8add7c177534b9fe1705e7cd09bb6b6a9f04c08edcdbf2144d4d881c56050e379c6396c96cf4cc42c1cffd485fe5ddcbfb0b21f08d3b72b32f149f5c4b5348e0da2e66759934ef266188526f17f06878e1396a3c332cd713747fd84b00450d371e85e4c97e318dc2c9c6e49300e1830dda5d477c03008f80997bd7c84e88a5e3ad4717e4a7d957ffcd7a77d57f7ebab091b5b04af682a95562b30630b5a3c447434c02ce2a5151998b9d52c727fb6ef4530e4d589e4196b23b828a7541ab5c53f019a0f494f6d65dda6f4c6ef4bb0db7285d1649d4dd2b4cd691716337ea3d9cfb264b1e64f4880aa00004688f27fbe51d69778098c55676e97729612338195be1ce64f629788dd8a9450f67da78a08b456340a8ffb188f466d3bbeee94113dc35209c93ed917f5f9be51777bc431714122b7ed954503f8a990a81c073c211660dbf63ca7cc3acdc3b0d17bad007140c4b7e65936239730d62ede182e2a2b114a84d1372d785ef57586003f62f4d29833569d1e3c3985b76cf362e54e6d40531dc77c2740fc3ac50b6be0e45118bc3230c0744e1b7f2a0f188cd9558f38c9213079319c1ad1411133cb5f6f17de86d43f72d0f465ca61cccbd5aa8c2b2606d3efeb39d51229221f51b0503bd3d12b906759447e4142b2198761a2e773ec818d62efaf5d2f2a8e58ea825d2a00a2c1057f93030ae8502943e82391f9a2de2da137519327d9f8d1230bcef39530c275bd1fc8fe28680ee8557f08dd9fc67ea5b5a1df0c3d7159ff1d5cd34ecefd1394cd1c03829faa0b0685984f3fccd77b598d7f543198ae1089cc37a9913be733218fd54a111882f6580b20e4f8fe2a7f5d19ee9b785eac82c379a134aaaeb3e4e1d402978cbf05ec9aa2c05a9a3c9b6db2f55e6dc333ee89fdb1d46bc8e7e4ac4a0004cfe784fbf7276cb65560a59a86a6c9d51727cde1697291289eb3cbd595c05835c71df4cee8437858314f107368b2f8bd9dbf67d87da68e68391edb9b4456e379c362fa051b212bb60e2cd5245e2f6665d8d88efcd7c1aff12edffadf5e988ba8bdf35ec65abfe5841ae669843de6353940c0e5b0fd69c1fdbd4f037959cd73d21b261d0cf363f5dc337548afe588b4bfbad84777d674c5fb74cfcdeb765a173b7343aa8a440dcd8673ea814da0ec638081b569eef38cb01bc396c8be5639ab6417cd3a250377f763aa40a46e69c8e0acbc9974af0ad3e29f71da75a6b588126f22a60859c4120ae6dcf39842c522a5270b60ca991ce2946111d21500cddff318165a5879f181a7417c88d02406c2aadbfb0c8e5035c5ea1d87d10da50bc66b80bb705ef1799948bf06b6e2f600a60adc06ff4a6d2cddb8ff5971b1054501e64f5abcfba15d351381cb1f6c49db9774aaf5eaa3f640e12d9697f37eede0906026d926f40d26e7da3cca846e33a880c904da5a0e30076bf2b0e489fe470b1225a80a3525b012c93596a8497b2a7f2cbc5e0bf039462e13b4a52d6f4919db76ef0e03381a8929f0fb279e5b42ba6c03bc07ebd173d4199cf750e49dea240ea66cf7838c9db9173675d3acbd38a6ecf771fdf73fa732f72782c6573f7067e327e8a8aae40283975f53eb7d11a1f44b6b2af17c5f176159e26ede35aaf0acd7933ea9aaaa0bd69fa17ae3a0dea9905a5b5e4849af096802bdb951d3b77003459598f4ed138e85a940e5cf1586fb8d0324b406f9191de1b5f23a7c6ab569c7d7d5a8a169c6043707cf9d1399950c1eb73b6053128eaa859f0e097f4ab2031993dc9c439279e59b1dac9782f63c8d0494a965774da7085e7fb70f78ef965904f301b59122ce28f67380c424fff4fd66f903cfc367720da357a0326eb483e4bf8162a580c105f6556859c9c2d20393a74942dbc8e79235f24bd9e12906983ba152f7ac7afa4a97cd94fe2112364d22280b44e0adb7693c9a23d9343323b036927360ca8c23154b9a96ec04b63c9fef56ef98e6a281f15bd8f75d5bc8ba4afc174e62a69e3526ea5b6e2668e1c8b7f791993b13bf5e1499fe634fbd3e7a689c00ca06bf751584d50ddffa2163917725d9cc2641548e61c298588cdf57aa8b2cb0161594d7ad0173e2f3bfd9177003f82fe97dfdb402345f21199b30afe6ae96d9feaa5376ae6a079c06475086071ad609db3db8975021ca1b6008ca1f5304e198cbff2a21e8ab9981f8c777162ed18c5aaafdddbc906c3c55d32c7f1d95b1f94267df52298063136bd86a22fd8e21ccc057f50c9a6b64fc363695f061b551f07438a968b5efdb9f5cd92615acad75cbe4211cfc86d4097a9f3887af059c34942d3a31eceae2dd194f64586fdc7d9edbb5be30bfd67d5d5b79ad4a91312685b8cbccdfa6eadb9b7b85c8f284fa24fd04691b0b69916fa8fa04f865764d7fb2dc06370632964bfbceb135d82369fcb20f89f83b03b6b4bcb6cc3462c079a302df0900b4ceec3890e45af8ac785c694b80771c41071036c562ccc4629d0fc160b0cfc22826a75f0d0affc2947fd18d8f3ff1345df39c26b7d30a5ac098233e771d1c9f7432a5aadea6745b46d8e0a64f92e5bd8006243b058d4e743344e1cb9898642f539f478395a44424713f19b3a1cfb17dc73365b82ae8b379e2e96caf923a5f9df3399f1451ff19e3ce18e69d4355851e9e20b65df7391f14e99e05420779bfe5d7ad1e55fdffee20fdabaefa999a8e3109f5545cef8070ef96c72360625d5c1764b080db74b3c4d3770d6434ba2d010da8a88d7c108dc75eaa1c8b935f9e5761c88664db07768f021a78ad9aa1dbe74b18b3eaff8896f18a690b461a324583eac2c827cbff574cb83919fc189258cfa2e75750de9468dcb7537432a76563cedac2df3c372121d1f22d4466c6b9f24a0bd5e784bbf80b6d4e80d2f93a2a8f09f7f3d30820fbc4b3047c24299b6451ea42e1c9c1066d77ff013a9d826bd30000000000b326aee8800e4e4ab4e5c3c782e12c08a17be2b6bde0552025c7497bce5cd13ee1d0c0c7effaca69f087869c169d558b89c0df6c5f22aded6ceb7fdc218548c00861f67931e78bffcdd7cf6124bdc3933d8b9252d31aa01a405ff4dc026e843375b7705a59da119356452c23b45224ff1ce5d8aae959c3d8c3b5252e66ab755e97691c6c67ed7456ca005f43c0735d4e5a6d56a7af16b12014e12fcf1519370395c719d7fa4af94689e4f5e803b3a9984684277905974a6a3f82d15d25ae49d132eb591a31ce3c4e992facce7eda44544fe531251937687ac319a2c02a503d6c338089a9404672eaceac49b38745faa987c5d7c7f915c4f5c72b7a6d519e11cd0251ebc76fac799706ceeb4b1cea02628e78887aace2ac5d0b15959389aa07d467af86e279525f27adb5073baf2b4f6e6498a3ca21af92eea768a5a33b8ad0fa35686653c7a5fa8d93bb7d6499a18b6dfb0eee45ed642c6dcb66703390785c0a16d330d677445ab9cee22fa55ac9a1e9eca09f23d43cc47e43e87f8cc0a88bc4136de5f18eb772aa76060bab4c04cb2bbc8fa23c80518c7999d17a1e2897207ca4586d44c7acc1601aad7cbe001e0e8c6085488ac691121da6eb42520068642a74ba37eb4c7da4af9ff9afd36ace56d64e42792179dbebc7e1f8ce032f4660a930575cc02834af161565f48a0b4203286cbc177b34aa52b90401f1cc9e4a0e2175871d2480322ec10e5984491039f561ab96bac77fc321ab3f6c31ba25dfc93e99b099596cd9271223c507df9f5f928c8f60baf430f9255961d7451132a2fe588e5f5d57cf9dd3bc8a0bba8fe61c549101a3df665402437cf967bc265febf83f93a9f66f533bafe0528f2ef214bd80fe85f98aeeb6cc647f81175dfd012b0783b9ac678f1d9fa6b506c984952916331584f3d944143ca5de95f5e22c3094c5d48db208d4230b51595069329edbeb2b5e0836ab405f67c702c00f897f2d84518443d0e0a264d8246862d30ef7a52567800f4c6521450f56b564c527167ee02cee406aafe00fed32b5c7403c8e768d95bb1787fe0bd7da54c3f7453409a3434599f0859312c52ef0db9efae9f58047e254a69c0123bbca9d6e43dfb7a9f8590a284d05b1eb96bb11badbeb3bb0946a341924cbd5b390d554ea2bc685312fddcbc50d180afb3aa3e4f306ab8bcd572d4c861e6627566d94939ae805790c2ef7ea56e3ed6a4e12ce9a4a4be4b2d810614e87b81c24a252ff98bbf5e723b79c1c91e7ae0cdb044016f3123588530d2850996c1b5d77893eb08d4d1eab6cc020fa10697deb47a0ea0ec9399a135a7ccebb02c0e27cf7f6394f791cc0c09cc31638f64232390c2284b92195e4f0b4e448ce6d3d24e3f4b5de29576750e25fcfa031e97beef43ef3d8b7b9cc6e6f70731b490ce87de2a62f319b66cc86415f6426970a391384ccc6b8983b6f7174033427b2cfa51f380f5aa3d84b96c6e04de95de571570ede884da020793d67f3b322774f2f586bc6262ac78182f3b3aaee6bf7f5146470808cfee840eb6a501f5190733305388224943ea58c5ce8f5f8782a17654ec20d3b8aa7899b55a1f46c4e8945245995ed9db5ea113379d9b67c9fd7b8daa0e8375276917c7911bc80fdc6c2172fa8214768000cfe656f55ea7a9a85b027a828cb79b54627126c1759d83b52dd748b120c5c519ca32e8bc3a05639b967c7fb956ad9ec4b32e830cbaceeb3b18096367b3bbc27c2efe939a2ad42edb50f505127ea8c72125484de5d31d57789e5d3466d6ec739522f7d964fc2519ca008e01e9a9b86b7ca3b83f5b735b8e03a5051f51370bec52b2e7f9afb7efbf330b87936127600da7433c840ae69d5d8f20ec56681a374ffcd5df7c9de028e093102a43d70c31aa73517f9364933ef3865f88cb02beb6f8c63d83c03e3af8429f5d4b9cdf5be1537596c9567fae3deedf871fab9f55f0f5e467227099981ab1647e2504ca79b9e894ba523ed55c4f22c3342ecf3c4b30d050766d1643d83062ef69fe3f5b63951633ab0e25976007647f1b2fcadc68ff2cf22dabaad551cd2e46a4ac7cb6fff77ab646a3d78d6a8522f491bb64eb3b28e7b3e4acba426b2cfa64fcd127ee48717c168d8e3fc6e2a004f1606a9bc6d856115b1c2e2d2fc099e959883f63dc459b5682461f9b731621ccd6a5c0aa00016937df119b49fb578d17bf6724693284c7ce14ae54f147feb32df3cff26b75bf56ab5b99d8a309190c9a47823f84000", 0x1000}}, 0x1006) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x8, 0x0, 0x0, 0x0, 0xe, 0x1c, "fee8a2ab780efd001ea8ffffffff0000000000000004ddb49a000000000000000000f8ff000800000000000000000000000000001400", "2809e8dbe108598948f8ffd54a07c21d875397bdb22d0008b420a1819e01177d3d458dd4992861ac00000080ffffffffffffffff001700", "90be8bf4bd00000000000000000000000000001000"}}) 2.254186863s ago: executing program 0 (id=1290): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000002400), 0x228802, 0x0) write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f0000002440)={0x2, 0x1}, 0x2) read$FUSE(r1, &(0x7f00000003c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x0, 0x2, 0x2, 0xed22, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0x8000, 0x7, 0x0, r3, 0x1, 0x6}}, {0x0, 0x6}}}, 0xa0) r4 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900, 0x3}) r5 = syz_open_dev$evdev(&(0x7f0000002500), 0x5a, 0x202000) ioctl$EVIOCSKEYCODE_V2(r5, 0x40284504, &(0x7f00000000c0)={0x2, 0xd, 0xfffd, 0xd, "bdc864c236711a7eb99e0e548a71deb92566761ad10800a4a1abe476fa9600"}) ioctl$EVIOCGKEYCODE_V2(r5, 0x80284504, &(0x7f00000000c0)=""/231) ioctl$VIDIOC_QUERYMENU(r4, 0xc008561c, &(0x7f0000000400)={0x980900, 0x4003, @name="b6ae8e0f0376fa7d4eac0abd15418b9c7d97029e735ede962403968545b1c117"}) read$FUSE(r1, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r7 = dup(r6) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) openat(r1, &(0x7f0000003540)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x4c00c1, 0x72a4ae36aa0efd65) openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x480, 0x0) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r9 = openat$urandom(0xffffffffffffff9c, &(0x7f00000024c0), 0x244000, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000008, 0x12, r9, 0xac206000) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000002480), 0x2) ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0) ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 2.145491459s ago: executing program 1 (id=1291): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000) 2.11149159s ago: executing program 1 (id=1292): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0) ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000280)=0x4) ioctl$PPPIOCGIDLE(r0, 0x8010743f, &(0x7f0000000000)) ioctl$PPPIOCSMRU1(r2, 0x40047452, 0x0) read$char_usb(r0, &(0x7f0000000080)=""/223, 0xdf) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r4, 0x4020aed2, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x204742, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0xd672ed990c66297b) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 1.312408872s ago: executing program 3 (id=1302): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x665d8000) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) 1.225528673s ago: executing program 3 (id=1303): r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x77, 0x141341) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000001c0)=@urb_type_control={0x2, {0x1, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbebdf07f, 0x0, 0x0}) 1.207024869s ago: executing program 3 (id=1304): ioctl$VIDIOC_TRY_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, &(0x7f0000000080)={0x4, 0x3, 0xfffffffb, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x990a91, 0x6, '\x00', @string=&(0x7f0000000000)=0x9}}) r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x28, 0x40200) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x18000, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000140)={0x6, "b46fc1e0d1de180dc7a886e613b88b567f750a748527b15e4a3928f3dbcf736b536aa01b73d58cc676ced6a5a39a16ab2631b012655e58854cd34c8e189e4cc484b559a124c35ef5dcf2a323bcee432d06d55703245dd68b43d0dcabf893042e66e4b18a2f59ac9d19de676698044aca87995c958884e0983be3cb3beb129058ad91815fc535025e7424f5ef85859a3d3815bbb1d04ea87bc78f26384e513173b433abd77a00fbdf4b11ec584050d3642c388354fb63850f9b7ee3518426debaacda8dae3881bcc10f0ed7ffcd33e61e31bb44da54730820c0a5b4fda07b5fa22c2aa9ad4baad059a8e88b551561b210f9643adb59408b0ef7d5757945c74367df6e27a1fd176b1717edb0e652f61af36013222f683a0a1b3b284eec025f7979b8a32c5650eff7eb928ffd37cbcdcf731911fb0873233d73d1df73d4895709077a095c2a28615297e3b74c2e4d5a35ba27252cbe500155cc6b839dc8cc7f3e37a4ba5ddba64dddd5c5819aefc9cd52fb379ff0af2fa00227cfb2a737ba384bd8c47d4231cc0d9c4027df054518d6d1ae9d85accf4d3744f635b784ef578a469ec98053e6487aa0ca6e2240b313f95d627aa93d0300faa1d926585cfb4a08867d8d105d2004ac0a8b43888f8cd492d3be4741abef16ec946d1ffe2038760517c23922c8490b8716fa27df5b5259d7be2e4bc8b9a6ff7f716250aacecc28615bc7"}) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL(r0, 0xc040564b, &(0x7f0000000380)={0x3, 0x0, 0x3008, 0x7a, 0x4, {0x7, 0x6}}) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000003c0)) ioctl$VIDIOC_G_CROP(r0, 0xc014563b, &(0x7f0000000400)={0x8, {0x6, 0x1, 0x10, 0xb38d}}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x520000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000480), 0x80000) write$sndseq(r3, &(0x7f0000000640)=[{0x8, 0x81, 0x9, 0x3, @time={0xa95d}, {0x3, 0x8b}, {0x5, 0x80}, @result={0x10}}, {0x3, 0xa5, 0x7, 0x0, @tick=0x2, {0x0, 0x80}, {0x61, 0x32}, @note={0x7d, 0x3, 0xe, 0x1, 0x7}}, {0x9, 0x9, 0xd3, 0x8, @time={0x4, 0x4}, {0x70, 0xf6}, {0x15, 0x3}, @result={0x9, 0xff}}, {0x81, 0x6, 0xfd, 0x2, @time={0x8, 0x7}, {0x7, 0x5}, {0x36, 0x8}, @ext={0x87, &(0x7f00000004c0)="c32e3858697be1a2dcd85d7b659fb808e2bc76a060a3bb78191fc27a90b577d3e77898a486a1a7bf1cd25c06d0fd2ac622f4cb64353a960699145e6237da630d5fd4676d5fc5792c4a6c978b591c72f341256c257554dc516f128707fc97eda8690f7fc01604443103ae0cd02bdc1c13387e72ffca012ba201edc41c9ffaa02d47d58515cf374d"}}, {0x9, 0x7, 0x3, 0x9, @time={0x3, 0x9}, {0x7, 0x1}, {0x5, 0xfe}, @control={0x6, 0xbe, 0x7fff}}, {0xa8, 0x2, 0xe, 0x3, @tick=0x379d, {0x6, 0x7}, {0x40, 0x2}, @addr={0xee, 0xf6}}, {0x9, 0x4, 0xd7, 0x8, @tick=0xe05e, {0x7, 0xf8}, {0x18, 0xe}, @ext={0xab, &(0x7f0000000580)="fad33f3f7a361d9b5f1e74d8ca0ec5aa984b10bb760c1b01ac96872a39e092933740ecc4757f2ece2a99d58af8589a56e2dfe950212d54a3203b1a1b19bdcd034844cac435f0500c574dc4028d13d4c336e1eab1923e3e43d1044dd63be306e86ac5fbbfef51731963745cf88472de4c37e59986c608a751490467ce2450d64262f20df891827c45f381aecc8da44987e484cd89f6997f4e9d3d22af5f01380d1e5678dac594f3271bfcbd"}}, {0x7f, 0x54, 0x9, 0x7, @time={0x6, 0x80000000}, {0x2, 0xdc}, {0x8, 0x40}, @raw32={[0x5a, 0x3, 0xd90]}}, {0xa7, 0x3, 0x1, 0xf, @tick=0x6, {0x4, 0x7}, {0x3, 0x8}, @addr={0x7, 0x76}}], 0xfc) r4 = syz_open_dev$loop(&(0x7f0000000740), 0x7, 0x381000) ioctl$LOOP_CONFIGURE(0xffffffffffffffff, 0x4c0a, &(0x7f0000000780)={r4, 0x1, {0x0, 0x0, 0x0, 0x31e, 0x8, 0x0, 0x9, 0xc, 0xa, "f1e4c4658283d9ceee5202e563e0d214307c1d733b5733e25cdc969e87ff202253c59e562e09f7f1ccce981f5cf501ad6ed34f3a0aef1ae093b1c65791d4fbc9", "c681eb06f51365cf405fb0d6e595c1730575c1bda8dd7632f5f6c3c8e94173fb0dc918ab1da34f18a9af49c39d993b9001827eb0ecffed2e0336329092874c72", "9e88d9c3ea873c459e89212201f34bb67afa49607d4fd645ed4b63d68dd023a3", [0x3ff, 0x5]}}) r5 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000008c0), 0x2) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r5, 0x40505412, &(0x7f0000000900)={0x6, 0x3, 0x10000}) ioctl$TCSBRKP(r1, 0x5425, 0xcaf) ioctl$TIOCL_SETSEL(r1, 0x541c, &(0x7f0000000980)={0x2, {0x2, 0x3800, 0x120, 0x86e, 0x3, 0x3}}) read(r4, &(0x7f00000009c0)=""/60, 0x3c) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r3, 0x4058534c, &(0x7f0000000a00)={0x0, 0x4, 0xb6c, 0x91, 0x2, 0x2}) read(r5, &(0x7f0000000a80)=""/96, 0x60) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000b00)={0x0, 0x0, @ioapic={0xdddd0000, 0x2, 0x101, 0x0, 0x0, [{0x2, 0x7, 0x9, '\x00', 0x9}, {0x0, 0xe, 0x2, '\x00', 0x5}, {0x7f, 0x9, 0x1, '\x00', 0x3}, {0x5, 0x7, 0xe, '\x00', 0x2}, {0x4, 0x8a, 0x8, '\x00', 0x8}, {0x8, 0x1, 0x9, '\x00', 0x5}, {0x3, 0x2f, 0x2, '\x00', 0x10}, {0xc, 0x3, 0x8c, '\x00', 0x1}, {0x6, 0x9, 0x3, '\x00', 0xa1}, {0x8, 0x4, 0xa7}, {0x3d, 0x6, 0x6, '\x00', 0x44}, {0xa, 0xb7, 0xc, '\x00', 0x5}, {0x4, 0x40, 0x0, '\x00', 0x4}, {0x31, 0x0, 0x2, '\x00', 0x9}, {0x7, 0x5, 0x3, '\x00', 0x1}, {0x5, 0xc1, 0x1, '\x00', 0xee}, {0xfd, 0x78, 0xff, '\x00', 0x1}, {0x80, 0x3, 0xa, '\x00', 0x5}, {0x0, 0x7, 0x2, '\x00', 0x49}, {0x9, 0x1, 0xd, '\x00', 0x3}, {0x7, 0x96, 0xb, '\x00', 0xf}, {0x80, 0x8, 0x8, '\x00', 0xc}, {0x9, 0xb6, 0x0, '\x00', 0xfc}, {0x9, 0xa, 0x9, '\x00', 0x10}]}}) ioctl$LOOP_SET_DIRECT_IO(r4, 0x4c08, 0x4) r6 = syz_open_dev$sg(&(0x7f0000000d40), 0x8000, 0x2001) ioctl$SG_SET_DEBUG(r6, 0x227e, &(0x7f0000000d80)=0x1) ioctl$SG_SET_RESERVED_SIZE(r6, 0x2275, &(0x7f0000000dc0)=0xfffffff8) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f0000000e00)={0x1, 0x0, 0x103, 0x2, {0xfffffff9, 0x1, 0x1ff, 0xf2d1}}) ioctl$TCSETA(r1, 0x5406, &(0x7f0000000e40)={0x2bd, 0x4, 0x3, 0x3, 0x13, "433e099099bf5e7f"}) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000e80)) 863.807245ms ago: executing program 1 (id=1305): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000000004000"]) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"]) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_RUN(r8, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0) ioctl$BLKBSZSET(r7, 0x40081271, &(0x7f0000000000)=0x10000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 809.400356ms ago: executing program 0 (id=1306): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_ENUM_DV_TIMINGS(r4, 0xc0945662, &(0x7f0000000480)={0x7, 0x0, '\x00', {0x0, @bt={0xffffff48, 0x5, 0x1, 0x1, 0xa, 0xfffffff9, 0x10001, 0x5, 0x4, 0x10000000, 0x1, 0x84, 0x8, 0x1, 0x2, 0x0, {0x7fff, 0x1}, 0x59, 0x8}}}) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_ALLOC_STREAMS(r5, 0x8008551c, &(0x7f0000000140)={0xb630, 0x5, [{0x1, 0x1}, {0x4}, {0x6}, {0x4}, {0x5, 0x1}]}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r3, 0x100000000) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r7, 0x400c55cb, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000009, 0x12, r6, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0xb0000) r8 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2) r9 = dup(r8) read(r9, &(0x7f0000000040), 0x0) r10 = syz_open_dev$swradio(&(0x7f00000001c0), 0x0, 0x2) ioctl$VIDIOC_ENUM_FMT(r10, 0xc0585611, &(0x7f00000000c0)={0x0, 0xb, 0x0, "3e58f67896b2f2098200902177392faff604cb7ef87e7610bc39ef64257f5d33"}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000000)={@my=0x1}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, &(0x7f0000000040)={&(0x7f00000013c0)={{@host, 0x80}, {@local, 0x9}, 0x400, "c1a893f30f7dbab0181df00d8956d66a9e58cb8accacffa226e13dcb3445048621df48c56e071a9a33736a540194e30da3b28d13e131744b5d5c4646a7226960396747f53a56978bce298695001c243d9ef01169922bdc12c204c7bcc31716988c609c9c4f9a9b012f1455aaf8a8a1e7e1a9bcef36571f9cbfa9124008ec7bb4cefa048108b2b71697794766e8a0760665694a22d9d52174c4230abae2abcc86d5ed97e2770af2d5a39884a53d2e47d2bcf9d529ca835b7effc7c2c54d7039a535eb4859fd7239c8d05409d1b129da37b7180e46fb7c7538c906237b137743596dd1059a993af2bf643a49b1ac19eef5d9213c3f71377f8a417e282a9ff043ac9f597ca7fe4c96894d0d9bda6361b359eb0decd226bc3cd8507b6f0c373597048bacc12a2e44222d6bee42a802345bc14f713ad6fb00245fc7fff0cdc66e2bdb774f5bd06d6d58cacefb2adc5fa072e7694ed1b82a8c6bdaa9841ee3cb7537324faede7f8c2faf0830e57f0cb47d9603337f0883c31e982abbe24144516fec2aeca46fb43108314be25126edc9a9cb7d25c562c05b87f1946b7ee317d192b28022ce4ba61d8ccda7ddbf2685ba0c13d8cbdab12d48e6b940c052a8c1d9a4e38acc0bd70210ef34cc6ead7ecc23e27ccc5cab92e99a710d3e06d1c9a866903785b7e4fb24313752f8779e644d8e1277ea0feb2917f608373440b2216dab0d7f92d9423d63fe23a879bfa8985773e170409ef79782c38755ab023f1eb2a24f4e661d7988b14e8203a95c37f2a594a5db2578a64b561b8b6bfc6cc42dfa2e19cf7b1dde7c391ccbe603f62ad5a85b0df951dddc98071acde014eb564ee53e550e348ffd42e036e53c83f89a92a83aa2e0d68b1a38ab2b8cd2d5ea6eb0b452b904b8e27c45778addb8cc9e253743d8347c8fdd7ab750e6a5548ea82897cd0f320905e46dbb9c16f312c0bef114e434f6cf51703438ded1fa9e90aca57bea9cd1a5a038687701c7e3e7e95516fca16a7a8bc43489fa0e5a308bf47580ee86b99e974ac6612d9a9b5288a5b84e38b249dc979cef0107d5f953ab171c815947f85a984cd8a7cea021e9dddbccc5575f9bf3df3c8caf6b08e659a2a741816ee5c8ac87a62be75195f5fc4f26000c10cfdc7d87067e2bc0842dc4bbccaf7fb2051dd7ff48f67e40e5910d4acf36b676d9141c0fa89c5a1dee709c5528821e5475989fb999aa59839753b0572d228630b246f1aefa417ccf689d73be8dff67a6c9ddd2a66c824d4567f04eb93dc32c16b3e8ad7b53291d524078ae3d7fcb8ef3fdb20410f4de384a25be3f6f2389d205f76e821a7353b526e62882cebc44ddd5e0596b291eff4fb3c50d8103cf752bb22f6833d4d92041eb3a1f5f0ea3cb965a4d1056a57869a33d2b178b7b6d459c6db730841bbd10282189218de6f3249c650a44fb5cba"}, 0x418, 0x6a}) r11 = syz_open_dev$vcsa(&(0x7f0000000180), 0x3, 0x0) write$apparmor_current(r11, &(0x7f0000000200)=@hat={'permhat ', 0x1, 0x5e, ['\x00', '/dev/rnullb0\x00']}, 0x29) r12 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r12, 0x7dfff000) 553.84803ms ago: executing program 0 (id=1307): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x33524742, 0x6, 0x0, [{0xb288}, {0x1}, {}, {0x3}]}}) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) dup2(r0, r1) 481.107688ms ago: executing program 0 (id=1308): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000140), 0x8, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000000100)={0xe, 0x2, 0x0, "4b9c39f88e56d5d98deee9080b0de7611ebfeef3cef83f51fdb40f0aeab9e862"}) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x400000) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad88864"], 0xffdd) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETENCODER(r4, 0xc01464a6, &(0x7f0000000280)) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) write$cgroup_devices(r5, &(0x7f0000000200)=ANY=[], 0xffdd) read$FUSE(r2, 0x0, 0x0) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0) ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 269.479729ms ago: executing program 3 (id=1309): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000280)={0x48, 0x5, r1}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000140)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8c980, 0x0) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f00000000c0)) 107.293934ms ago: executing program 3 (id=1310): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7fff, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000200)={0x1, @vbi={0x0, 0x0, 0x36314752, 0x0, [0x300]}}) 0s ago: executing program 3 (id=1311): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$LOOP_SET_FD(r0, 0x4c00, r2) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$RFKILL_IOC_MAX_SIZE(r3, 0x2, &(0x7f00000000c0)=0x82) ioctl$RFKILL_IOC_MAX_SIZE(r3, 0x2, 0xfffffffffffffffe) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0x40405515, &(0x7f0000000080)={0x4, 0x4, 0x8, 0x0, 'syz1\x00'}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) kernel console output (not intermixed with test programs): .483765][ T6718] ? __pfx___might_resched+0x10/0x10 [ 124.483786][ T6718] ? fs_reclaim_acquire+0x7d/0x100 [ 124.483819][ T6718] should_fail_ex+0x414/0x560 [ 124.483850][ T6718] should_failslab+0xa8/0x100 [ 124.483878][ T6718] kmem_cache_alloc_noprof+0x73/0x3c0 [ 124.483902][ T6718] ? vm_area_dup+0x2b/0x680 [ 124.483932][ T6718] vm_area_dup+0x2b/0x680 [ 124.483963][ T6718] __split_vma+0x1a9/0xa00 [ 124.483995][ T6718] ? __pfx___split_vma+0x10/0x10 [ 124.484027][ T6718] ? kernel_text_address+0xa5/0xe0 [ 124.484059][ T6718] ? __kernel_text_address+0xd/0x40 [ 124.484088][ T6718] ? unwind_get_return_address+0x4d/0x90 [ 124.484114][ T6718] vms_gather_munmap_vmas+0x2de/0x12b0 [ 124.484150][ T6718] ? mtree_range_walk+0x6a7/0x840 [ 124.484181][ T6718] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 124.484223][ T6718] mmap_region+0x678/0x1f30 [ 124.484263][ T6718] ? __pfx_mmap_region+0x10/0x10 [ 124.484351][ T6718] ? mm_get_unmapped_area+0xa7/0xd0 [ 124.484379][ T6718] ? shmem_get_unmapped_area+0x2cf/0x910 [ 124.484404][ T6718] ? cap_mmap_addr+0xb0/0x100 [ 124.484433][ T6718] ? bpf_lsm_mmap_addr+0x9/0x20 [ 124.484452][ T6718] ? security_mmap_addr+0x71/0x270 [ 124.484483][ T6718] ? shmem_mapping+0xd/0x50 [ 124.484510][ T6718] ? memfd_check_seals_mmap+0x165/0x200 [ 124.484535][ T6718] do_mmap+0xc45/0x10d0 [ 124.484570][ T6718] ? __pfx_do_mmap+0x10/0x10 [ 124.484589][ T6718] ? down_write_killable+0x178/0x230 [ 124.484616][ T6718] ? end_current_label_crit_section+0x152/0x180 [ 124.484645][ T6718] ? __pfx_down_write_killable+0x10/0x10 [ 124.484677][ T6718] vm_mmap_pgoff+0x31b/0x4c0 [ 124.484705][ T6718] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 124.484726][ T6718] ? __fget_files+0x2a/0x420 [ 124.484760][ T6718] ? __fget_files+0x3a0/0x420 [ 124.484788][ T6718] ? __fget_files+0x2a/0x420 [ 124.484821][ T6718] ksys_mmap_pgoff+0x51f/0x760 [ 124.484851][ T6718] do_syscall_64+0xfa/0x3b0 [ 124.484869][ T6718] ? lockdep_hardirqs_on+0x9c/0x150 [ 124.484900][ T6718] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.484919][ T6718] ? clear_bhb_loop+0x60/0xb0 [ 124.484943][ T6718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 124.484961][ T6718] RIP: 0033:0x7fb1a638e929 [ 124.484978][ T6718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 124.484994][ T6718] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 124.485015][ T6718] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 124.485029][ T6718] RDX: 0000000002000006 RSI: 0000000000003000 RDI: 00002000004f1000 [ 124.485042][ T6718] RBP: 00007fb1a7162090 R08: 0000000000000005 R09: 00000000913e0000 [ 124.485054][ T6718] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 124.485065][ T6718] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 124.485096][ T6718] [ 126.065818][ T6739] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 126.615557][ T6753] input: syz1 as /devices/virtual/input/input11 [ 126.663860][ T6754] usb usb8: usbfs: process 6754 (syz.2.240) did not claim interface 0 before use [ 126.684429][ T6754] input: syz0 as /devices/virtual/input/input12 [ 126.751732][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 126.751747][ T30] audit: type=1804 audit(1750365692.630:27): pid=6758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.242" name="/newroot/66/cgroup.controllers" dev="tmpfs" ino=354 res=1 errno=0 [ 126.784395][ T30] audit: type=1800 audit(1750365692.630:28): pid=6758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.242" name="cgroup.controllers" dev="tmpfs" ino=354 res=0 errno=0 [ 126.807733][ T30] audit: type=1804 audit(1750365692.630:29): pid=6758 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.242" name="/newroot/66/cgroup.controllers" dev="tmpfs" ino=354 res=1 errno=0 [ 126.949789][ T6763] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 127.648194][ T30] audit: type=1804 audit(1750365693.520:30): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.251" name="/newroot/71/cgroup.controllers" dev="tmpfs" ino=380 res=1 errno=0 [ 127.672179][ T6783] FAULT_INJECTION: forcing a failure. [ 127.672179][ T6783] name failslab, interval 1, probability 0, space 0, times 0 [ 127.690420][ T30] audit: type=1800 audit(1750365693.520:31): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.251" name="cgroup.controllers" dev="tmpfs" ino=380 res=0 errno=0 [ 127.700637][ T6783] CPU: 0 UID: 0 PID: 6783 Comm: syz.0.251 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 127.700668][ T6783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 127.700682][ T6783] Call Trace: [ 127.700692][ T6783] [ 127.700702][ T6783] dump_stack_lvl+0x189/0x250 [ 127.700734][ T6783] ? __pfx____ratelimit+0x10/0x10 [ 127.700772][ T6783] ? __pfx_dump_stack_lvl+0x10/0x10 [ 127.700799][ T6783] ? __pfx__printk+0x10/0x10 [ 127.700831][ T6783] ? __pfx___might_resched+0x10/0x10 [ 127.700857][ T6783] ? fs_reclaim_acquire+0x7d/0x100 [ 127.700895][ T6783] should_fail_ex+0x414/0x560 [ 127.700931][ T6783] should_failslab+0xa8/0x100 [ 127.700965][ T6783] kmem_cache_alloc_noprof+0x73/0x3c0 [ 127.700992][ T6783] ? vm_area_dup+0x2b/0x680 [ 127.701027][ T6783] vm_area_dup+0x2b/0x680 [ 127.701061][ T6783] __split_vma+0x1a9/0xa00 [ 127.701088][ T6783] ? mas_next_slot+0xc20/0xcf0 [ 127.701129][ T6783] ? __pfx___split_vma+0x10/0x10 [ 127.701178][ T6783] vms_gather_munmap_vmas+0x4ab/0x12b0 [ 127.701225][ T6783] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 127.701274][ T6783] mmap_region+0x678/0x1f30 [ 127.701320][ T6783] ? __pfx_mmap_region+0x10/0x10 [ 127.701430][ T6783] ? mm_get_unmapped_area+0xa7/0xd0 [ 127.701462][ T6783] ? shmem_get_unmapped_area+0x2cf/0x910 [ 127.701492][ T6783] ? cap_mmap_addr+0xb0/0x100 [ 127.701528][ T6783] ? bpf_lsm_mmap_addr+0x9/0x20 [ 127.701558][ T6783] ? security_mmap_addr+0x71/0x270 [ 127.701594][ T6783] ? shmem_mapping+0xd/0x50 [ 127.701625][ T6783] ? memfd_check_seals_mmap+0x165/0x200 [ 127.701654][ T6783] do_mmap+0xc45/0x10d0 [ 127.701697][ T6783] ? __pfx_do_mmap+0x10/0x10 [ 127.701737][ T6783] ? down_write_killable+0x178/0x230 [ 127.701775][ T6783] ? end_current_label_crit_section+0x152/0x180 [ 127.701809][ T6783] ? __pfx_down_write_killable+0x10/0x10 [ 127.701841][ T6783] vm_mmap_pgoff+0x31b/0x4c0 [ 127.701874][ T6783] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 127.701895][ T6783] ? __fget_files+0x2a/0x420 [ 127.701929][ T6783] ? __fget_files+0x3a0/0x420 [ 127.701957][ T6783] ? __fget_files+0x2a/0x420 [ 127.701989][ T6783] ksys_mmap_pgoff+0x51f/0x760 [ 127.702019][ T6783] do_syscall_64+0xfa/0x3b0 [ 127.702037][ T6783] ? lockdep_hardirqs_on+0x9c/0x150 [ 127.702066][ T6783] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.702084][ T6783] ? clear_bhb_loop+0x60/0xb0 [ 127.702108][ T6783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 127.702126][ T6783] RIP: 0033:0x7f321bb8e929 [ 127.702145][ T6783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 127.702160][ T6783] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 127.702180][ T6783] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 127.702194][ T6783] RDX: 0000000002000006 RSI: 0000000000003000 RDI: 00002000004f1000 [ 127.702207][ T6783] RBP: 00007f321c9c5090 R08: 0000000000000005 R09: 00000000913e0000 [ 127.702219][ T6783] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000002 [ 127.702231][ T6783] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 127.702259][ T6783] [ 127.861898][ T5839] Bluetooth: hci4: command 0xfc11 tx timeout [ 127.928730][ T5852] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 128.053787][ T30] audit: type=1804 audit(1750365693.550:32): pid=6783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.251" name="/newroot/71/cgroup.controllers" dev="tmpfs" ino=380 res=1 errno=0 [ 128.318334][ T49] Bluetooth: hci4: Frame reassembly failed (-84) [ 129.428365][ T30] audit: type=1804 audit(1750365695.300:33): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.262" name="/newroot/66/cgroup.controllers" dev="tmpfs" ino=358 res=1 errno=0 [ 129.428517][ T30] audit: type=1800 audit(1750365695.300:34): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.262" name="cgroup.controllers" dev="tmpfs" ino=358 res=0 errno=0 [ 129.430480][ T30] audit: type=1804 audit(1750365695.300:35): pid=6820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.262" name="/newroot/66/cgroup.controllers" dev="tmpfs" ino=358 res=1 errno=0 [ 129.714472][ T30] audit: type=1804 audit(1750365695.550:36): pid=6828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.264" name="/newroot/67/cgroup.controllers" dev="tmpfs" ino=364 res=1 errno=0 [ 130.049236][ T6833] input: syz1 as /devices/virtual/input/input13 [ 130.340802][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 131.425575][ T6846] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 131.444829][ T6846] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 131.807293][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 131.807309][ T30] audit: type=1804 audit(1750365697.680:42): pid=6867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.278" name="/newroot/69/cgroup.controllers" dev="tmpfs" ino=375 res=1 errno=0 [ 131.811137][ T30] audit: type=1800 audit(1750365697.690:43): pid=6867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.278" name="cgroup.controllers" dev="tmpfs" ino=375 res=0 errno=0 [ 132.914186][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.928646][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.963554][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 133.006579][ T5839] Bluetooth: hci4: unexpected event 0x04 length: 0 < 10 [ 133.487518][ T30] audit: type=1804 audit(1750365699.360:44): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.288" name="/newroot/72/cgroup.controllers" dev="tmpfs" ino=391 res=1 errno=0 [ 133.528823][ T30] audit: type=1800 audit(1750365699.360:45): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.288" name="cgroup.controllers" dev="tmpfs" ino=391 res=0 errno=0 [ 133.557098][ T30] audit: type=1804 audit(1750365699.360:46): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.288" name="/newroot/72/cgroup.controllers" dev="tmpfs" ino=391 res=1 errno=0 [ 133.583858][ T30] audit: type=1800 audit(1750365699.360:47): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.288" name="cgroup.controllers" dev="tmpfs" ino=391 res=0 errno=0 [ 133.605330][ C1] vkms_vblank_simulate: vblank timer overrun [ 134.982197][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 134.988628][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 135.172320][ T30] audit: type=1804 audit(1750365701.040:48): pid=6928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.297" name="/newroot/83/cgroup.controllers" dev="tmpfs" ino=443 res=1 errno=0 [ 135.248861][ T30] audit: type=1800 audit(1750365701.040:49): pid=6928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.297" name="cgroup.controllers" dev="tmpfs" ino=443 res=0 errno=0 [ 135.319488][ T30] audit: type=1804 audit(1750365701.070:50): pid=6928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.297" name="/newroot/83/cgroup.controllers" dev="tmpfs" ino=443 res=1 errno=0 [ 135.599794][ T6940] random: crng reseeded on system resumption [ 136.697932][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 136.724659][ T5839] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 136.850165][ T30] audit: type=1804 audit(1750365702.720:51): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.307" name="/newroot/87/cgroup.controllers" dev="tmpfs" ino=464 res=1 errno=0 [ 136.923065][ T30] audit: type=1800 audit(1750365702.720:52): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.307" name="cgroup.controllers" dev="tmpfs" ino=464 res=0 errno=0 [ 136.971073][ T6962] rtc_cmos 00:00: Alarms can be up to one day in the future [ 136.976187][ T30] audit: type=1804 audit(1750365702.720:53): pid=6960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.307" name="/newroot/87/cgroup.controllers" dev="tmpfs" ino=464 res=1 errno=0 [ 137.058565][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 137.076180][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 137.092565][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 137.113304][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 137.125059][ T5928] rtc rtc0: __rtc_set_alarm: err=-22 [ 138.742937][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 138.749493][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 139.061754][ T5839] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 139.230755][ T30] audit: type=1804 audit(1750365705.090:54): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.326" name="/newroot/81/cgroup.controllers" dev="tmpfs" ino=438 res=1 errno=0 [ 139.252859][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.276323][ T30] audit: type=1800 audit(1750365705.090:55): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.326" name="cgroup.controllers" dev="tmpfs" ino=438 res=0 errno=0 [ 139.318495][ T30] audit: type=1804 audit(1750365705.090:56): pid=7012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.326" name="/newroot/81/cgroup.controllers" dev="tmpfs" ino=438 res=1 errno=0 [ 139.552215][ T7018] loop8: detected capacity change from 0 to 7 [ 139.566976][ T7018] Dev loop8: unable to read RDB block 7 [ 139.576107][ T7018] loop8: unable to read partition table [ 139.586850][ T7018] loop8: partition table beyond EOD, truncated [ 139.603437][ T7018] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 139.984585][ T7031] block device autoloading is deprecated and will be removed. [ 140.017628][ T7031] syz.3.334: attempt to access beyond end of device [ 140.017628][ T7031] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 140.308679][ T30] audit: type=1804 audit(1750365706.180:57): pid=7037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.336" name="/newroot/81/cgroup.controllers" dev="tmpfs" ino=435 res=1 errno=0 [ 140.334097][ T30] audit: type=1800 audit(1750365706.180:58): pid=7037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.336" name="cgroup.controllers" dev="tmpfs" ino=435 res=0 errno=0 [ 140.368552][ T30] audit: type=1804 audit(1750365706.180:59): pid=7037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.336" name="/newroot/81/cgroup.controllers" dev="tmpfs" ino=435 res=1 errno=0 [ 140.716555][ T7048] loop8: detected capacity change from 0 to 7 [ 140.755852][ T7048] Dev loop8: unable to read RDB block 7 [ 140.762926][ T7048] loop8: unable to read partition table [ 140.773277][ T7050] ALSA: mixer_oss: invalid OSS volume '' [ 140.774835][ T7048] loop8: partition table beyond EOD, truncated [ 140.800596][ T7048] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 141.039510][ T7062] FAULT_INJECTION: forcing a failure. [ 141.039510][ T7062] name failslab, interval 1, probability 0, space 0, times 0 [ 141.054878][ T7062] CPU: 1 UID: 0 PID: 7062 Comm: syz.3.345 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 141.054902][ T7062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 141.054912][ T7062] Call Trace: [ 141.054919][ T7062] [ 141.054926][ T7062] dump_stack_lvl+0x189/0x250 [ 141.054970][ T7062] ? __pfx____ratelimit+0x10/0x10 [ 141.054999][ T7062] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.055021][ T7062] ? __pfx__printk+0x10/0x10 [ 141.055047][ T7062] ? __pfx___might_resched+0x10/0x10 [ 141.055068][ T7062] ? fs_reclaim_acquire+0x7d/0x100 [ 141.055099][ T7062] should_fail_ex+0x414/0x560 [ 141.055128][ T7062] should_failslab+0xa8/0x100 [ 141.055154][ T7062] __kmalloc_noprof+0xcb/0x4f0 [ 141.055175][ T7062] ? kfree+0x4d/0x440 [ 141.055192][ T7062] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 141.055229][ T7062] tomoyo_realpath_from_path+0xe3/0x5d0 [ 141.055253][ T7062] ? tomoyo_domain+0xd9/0x130 [ 141.055281][ T7062] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 141.055311][ T7062] tomoyo_path_number_perm+0x1e8/0x5a0 [ 141.055342][ T7062] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 141.055388][ T7062] ? __lock_acquire+0xab9/0xd20 [ 141.055428][ T7062] ? __fget_files+0x2a/0x420 [ 141.055458][ T7062] ? __fget_files+0x2a/0x420 [ 141.055483][ T7062] ? __fget_files+0x3a0/0x420 [ 141.055508][ T7062] ? __fget_files+0x2a/0x420 [ 141.055542][ T7062] security_file_ioctl+0xcb/0x2d0 [ 141.055576][ T7062] __se_sys_ioctl+0x47/0x170 [ 141.055606][ T7062] do_syscall_64+0xfa/0x3b0 [ 141.055627][ T7062] ? lockdep_hardirqs_on+0x9c/0x150 [ 141.055660][ T7062] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.055680][ T7062] ? clear_bhb_loop+0x60/0xb0 [ 141.055702][ T7062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.055720][ T7062] RIP: 0033:0x7f951458e929 [ 141.055735][ T7062] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.055750][ T7062] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.055769][ T7062] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 141.055782][ T7062] RDX: 0000200000000540 RSI: 00000000000007a8 RDI: 0000000000000003 [ 141.055794][ T7062] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 141.055805][ T7062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 141.055815][ T7062] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 141.055844][ T7062] [ 141.056482][ T7062] ERROR: Out of memory at tomoyo_realpath_from_path. [ 141.084785][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 141.090742][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 142.575643][ T13] Bluetooth: hci4: Frame reassembly failed (-84) [ 142.622046][ T13] Bluetooth: hci5: Frame reassembly failed (-84) [ 142.631834][ T51] Bluetooth: hci5: unexpected event 0x02 length: 0 < 1 [ 142.696136][ T7096] usb usb1: usbfs: process 7096 (syz.2.357) did not claim interface 0 before use [ 143.624425][ T7110] rtc_cmos 00:00: Alarms can be up to one day in the future [ 143.859366][ T7116] kvm: user requested TSC rate below hardware speed [ 144.057976][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 144.065661][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 144.073309][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 144.081073][ T5928] rtc_cmos 00:00: Alarms can be up to one day in the future [ 144.088386][ T5928] rtc rtc0: __rtc_set_alarm: err=-22 [ 144.580819][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 144.580855][ T5849] Bluetooth: hci4: command 0x1003 tx timeout [ 144.660826][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 144.661069][ T5839] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 145.605668][ T5852] Bluetooth: hci4: unexpected event 0x01 length: 0 < 1 [ 145.615573][ T4484] Bluetooth: hci4: Frame reassembly failed (-84) [ 145.940825][ T5852] Bluetooth: hci6: command 0x1003 tx timeout [ 145.947503][ T51] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 146.492763][ T7179] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 146.646785][ T7183] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.663256][ T7181] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.684359][ T980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.709797][ T980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.730216][ T980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.744154][ T980] rtc_cmos 00:00: Alarms can be up to one day in the future [ 146.753105][ T980] rtc rtc0: __rtc_set_alarm: err=-22 [ 147.292258][ T7208] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 147.624996][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 148.853039][ T7254] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 149.208004][ T51] Bluetooth: hci4: unexpected event 0x01 length: 0 < 1 [ 149.708422][ T7276] vivid-000: disconnect [ 149.931926][ T7285] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 150.518459][ T7275] vivid-000: reconnect [ 151.221025][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 151.221052][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 151.640114][ T7311] binder: 7305:7311 ioctl c00c6211 0 returned -14 [ 151.847521][ T7315] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 152.839947][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 152.858503][ T51] Bluetooth: hci4: unexpected event 0x01 length: 0 < 1 [ 153.525401][ T7337] input: syz0 as /devices/virtual/input/input17 [ 153.553307][ T59] Bluetooth: hci5: Frame reassembly failed (-84) [ 153.553511][ T5852] Bluetooth: hci5: Received unexpected HCI Event 0x00 [ 154.693832][ T7348] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 154.910730][ T5852] Bluetooth: hci4: command 0x1003 tx timeout [ 154.910899][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 155.620939][ T5839] Bluetooth: hci5: command 0x1003 tx timeout [ 155.633013][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 156.204724][ T49] Bluetooth: hci4: Frame reassembly failed (-84) [ 156.388934][ T7404] FAULT_INJECTION: forcing a failure. [ 156.388934][ T7404] name failslab, interval 1, probability 0, space 0, times 0 [ 156.405613][ T7404] CPU: 1 UID: 0 PID: 7404 Comm: syz.2.456 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 156.405638][ T7404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 156.405649][ T7404] Call Trace: [ 156.405674][ T7404] [ 156.405682][ T7404] dump_stack_lvl+0x189/0x250 [ 156.405711][ T7404] ? __pfx____ratelimit+0x10/0x10 [ 156.405742][ T7404] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.405765][ T7404] ? __pfx__printk+0x10/0x10 [ 156.405795][ T7404] ? __pfx___might_resched+0x10/0x10 [ 156.405817][ T7404] ? fs_reclaim_acquire+0x7d/0x100 [ 156.405850][ T7404] should_fail_ex+0x414/0x560 [ 156.405881][ T7404] should_failslab+0xa8/0x100 [ 156.405910][ T7404] __kmalloc_cache_noprof+0x70/0x3d0 [ 156.405933][ T7404] ? snd_mixer_oss_get_volume1_vol+0xc9/0x660 [ 156.405970][ T7404] snd_mixer_oss_get_volume1_vol+0xc9/0x660 [ 156.406004][ T7404] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 156.406040][ T7404] snd_mixer_oss_get_volume1+0x153/0x300 [ 156.406082][ T7404] ? __pfx_snd_mixer_oss_get_volume1+0x10/0x10 [ 156.406108][ T7404] snd_mixer_oss_ioctl1+0x5f9/0x18b0 [ 156.406141][ T7404] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 156.406191][ T7404] ? __fget_files+0x2a/0x420 [ 156.406221][ T7404] ? __fget_files+0x2a/0x420 [ 156.406247][ T7404] ? __fget_files+0x3a0/0x420 [ 156.406272][ T7404] ? __fget_files+0x2a/0x420 [ 156.406301][ T7404] ? __pfx_snd_mixer_oss_ioctl+0x10/0x10 [ 156.406328][ T7404] snd_mixer_oss_ioctl+0x45/0x60 [ 156.406354][ T7404] __se_sys_ioctl+0xfc/0x170 [ 156.406380][ T7404] do_syscall_64+0xfa/0x3b0 [ 156.406396][ T7404] ? lockdep_hardirqs_on+0x9c/0x150 [ 156.406425][ T7404] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.406443][ T7404] ? clear_bhb_loop+0x60/0xb0 [ 156.406465][ T7404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.406482][ T7404] RIP: 0033:0x7f457178e929 [ 156.406498][ T7404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 156.406512][ T7404] RSP: 002b:00007f456f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 156.406531][ T7404] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178e929 [ 156.406545][ T7404] RDX: 0000200000000000 RSI: 0000000080086303 RDI: 0000000000000003 [ 156.406556][ T7404] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 156.406567][ T7404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 156.406577][ T7404] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 156.406606][ T7404] [ 156.658897][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.149348][ T7416] kernel profiling enabled (shift: 63) [ 157.165380][ T7416] profiling shift: 63 too large [ 157.697560][ T7438] FAULT_INJECTION: forcing a failure. [ 157.697560][ T7438] name failslab, interval 1, probability 0, space 0, times 0 [ 157.758836][ T7438] CPU: 0 UID: 0 PID: 7438 Comm: syz.1.467 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 157.758865][ T7438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 157.758877][ T7438] Call Trace: [ 157.758884][ T7438] [ 157.758893][ T7438] dump_stack_lvl+0x189/0x250 [ 157.758920][ T7438] ? __pfx____ratelimit+0x10/0x10 [ 157.758951][ T7438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 157.758973][ T7438] ? __pfx__printk+0x10/0x10 [ 157.759001][ T7438] ? __pfx___might_resched+0x10/0x10 [ 157.759022][ T7438] ? fs_reclaim_acquire+0x7d/0x100 [ 157.759053][ T7438] should_fail_ex+0x414/0x560 [ 157.759082][ T7438] should_failslab+0xa8/0x100 [ 157.759110][ T7438] __kmalloc_cache_noprof+0x70/0x3d0 [ 157.759133][ T7438] ? snd_mixer_oss_get_volume1_vol+0x103/0x660 [ 157.759167][ T7438] snd_mixer_oss_get_volume1_vol+0x103/0x660 [ 157.759201][ T7438] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 157.759234][ T7438] snd_mixer_oss_get_volume1+0x153/0x300 [ 157.759264][ T7438] ? __pfx_snd_mixer_oss_get_volume1+0x10/0x10 [ 157.759292][ T7438] snd_mixer_oss_ioctl1+0x5f9/0x18b0 [ 157.759326][ T7438] ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10 [ 157.759370][ T7438] ? __fget_files+0x2a/0x420 [ 157.759402][ T7438] ? __fget_files+0x2a/0x420 [ 157.759429][ T7438] ? __fget_files+0x3a0/0x420 [ 157.759455][ T7438] ? __fget_files+0x2a/0x420 [ 157.759486][ T7438] ? __pfx_snd_mixer_oss_ioctl+0x10/0x10 [ 157.759513][ T7438] snd_mixer_oss_ioctl+0x45/0x60 [ 157.759540][ T7438] __se_sys_ioctl+0xfc/0x170 [ 157.759566][ T7438] do_syscall_64+0xfa/0x3b0 [ 157.759585][ T7438] ? lockdep_hardirqs_on+0x9c/0x150 [ 157.759613][ T7438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.759631][ T7438] ? clear_bhb_loop+0x60/0xb0 [ 157.759654][ T7438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.759672][ T7438] RIP: 0033:0x7fb1a638e929 [ 157.759689][ T7438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.759705][ T7438] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.759724][ T7438] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 157.759737][ T7438] RDX: 0000200000000000 RSI: 0000000080086303 RDI: 0000000000000003 [ 157.759749][ T7438] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 157.759761][ T7438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.759771][ T7438] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 157.759809][ T7438] [ 158.261709][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 158.280740][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 158.730686][ T30] audit: type=1804 audit(1750365724.600:60): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.471" name="/newroot/113/cgroup.controllers" dev="tmpfs" ino=598 res=1 errno=0 [ 158.820129][ T30] audit: type=1800 audit(1750365724.600:61): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.471" name="cgroup.controllers" dev="tmpfs" ino=598 res=0 errno=0 [ 158.903512][ T30] audit: type=1804 audit(1750365724.600:62): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.471" name="/newroot/113/cgroup.controllers" dev="tmpfs" ino=598 res=1 errno=0 [ 159.113236][ T7464] sp0: Synchronizing with TNC [ 159.155890][ T7461] syz.0.475: attempt to access beyond end of device [ 159.155890][ T7461] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 159.329173][ T35] Bluetooth: hci4: Frame reassembly failed (-90) [ 159.337029][ T7474] Bluetooth: hci4: Frame reassembly failed (-84) [ 159.345293][ T7462] [U] [ 159.369257][ T7474] Bluetooth: hci4: Frame reassembly failed (-84) [ 160.959851][ T7519] binder: 7518:7519 ioctl c018620c 200000000380 returned -22 [ 161.380731][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 161.387630][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 161.486657][ T7536] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 162.175118][ T7564] FAULT_INJECTION: forcing a failure. [ 162.175118][ T7564] name failslab, interval 1, probability 0, space 0, times 0 [ 162.217081][ T7564] CPU: 1 UID: 0 PID: 7564 Comm: syz.3.501 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 162.217109][ T7564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.217121][ T7564] Call Trace: [ 162.217128][ T7564] [ 162.217136][ T7564] dump_stack_lvl+0x189/0x250 [ 162.217165][ T7564] ? __pfx____ratelimit+0x10/0x10 [ 162.217196][ T7564] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.217219][ T7564] ? __pfx__printk+0x10/0x10 [ 162.217247][ T7564] ? __pfx___might_resched+0x10/0x10 [ 162.217269][ T7564] ? fs_reclaim_acquire+0x7d/0x100 [ 162.217303][ T7564] should_fail_ex+0x414/0x560 [ 162.217335][ T7564] should_failslab+0xa8/0x100 [ 162.217362][ T7564] __kmalloc_noprof+0xcb/0x4f0 [ 162.217385][ T7564] ? vb2_core_reqbufs+0x904/0x1420 [ 162.217409][ T7564] vb2_core_reqbufs+0x904/0x1420 [ 162.217449][ T7564] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 162.217479][ T7564] ? __vb2_init_fileio+0x1e8/0xff0 [ 162.217506][ T7564] __vb2_init_fileio+0x318/0xff0 [ 162.217541][ T7564] ? __pfx___mutex_lock+0x10/0x10 [ 162.217565][ T7564] __vb2_perform_fileio+0x284/0x1600 [ 162.217606][ T7564] vb2_fop_read+0x273/0x360 [ 162.217635][ T7564] v4l2_read+0x199/0x2c0 [ 162.217665][ T7564] ? __pfx_v4l2_read+0x10/0x10 [ 162.217698][ T7564] vfs_read+0x1fd/0x980 [ 162.217734][ T7564] ? __pfx_vfs_read+0x10/0x10 [ 162.217759][ T7564] ? __fget_files+0x2a/0x420 [ 162.217799][ T7564] ? __fget_files+0x2a/0x420 [ 162.217824][ T7564] ? __fget_files+0x3a0/0x420 [ 162.217848][ T7564] ? __fget_files+0x2a/0x420 [ 162.217881][ T7564] ksys_read+0x145/0x250 [ 162.217906][ T7564] ? __pfx_ksys_read+0x10/0x10 [ 162.217926][ T7564] ? rcu_is_watching+0x15/0xb0 [ 162.217951][ T7564] ? do_syscall_64+0xbe/0x3b0 [ 162.217972][ T7564] do_syscall_64+0xfa/0x3b0 [ 162.217987][ T7564] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.218014][ T7564] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.218031][ T7564] ? clear_bhb_loop+0x60/0xb0 [ 162.218052][ T7564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.218068][ T7564] RIP: 0033:0x7f951458e929 [ 162.218083][ T7564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.218097][ T7564] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 162.218115][ T7564] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 162.218127][ T7564] RDX: 0000000000000013 RSI: 0000200000000180 RDI: 0000000000000003 [ 162.218138][ T7564] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 162.218148][ T7564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.218158][ T7564] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 162.218185][ T7564] [ 162.489837][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.817538][ T7566] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 163.395864][ T7588] FAULT_INJECTION: forcing a failure. [ 163.395864][ T7588] name failslab, interval 1, probability 0, space 0, times 0 [ 163.404321][ T7583] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 163.460779][ T7588] CPU: 1 UID: 0 PID: 7588 Comm: syz.1.510 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 163.460809][ T7588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 163.460821][ T7588] Call Trace: [ 163.460829][ T7588] [ 163.460838][ T7588] dump_stack_lvl+0x189/0x250 [ 163.460867][ T7588] ? __pfx____ratelimit+0x10/0x10 [ 163.460899][ T7588] ? __pfx_dump_stack_lvl+0x10/0x10 [ 163.460923][ T7588] ? __pfx__printk+0x10/0x10 [ 163.460952][ T7588] ? __pfx___might_resched+0x10/0x10 [ 163.460975][ T7588] ? fs_reclaim_acquire+0x7d/0x100 [ 163.461009][ T7588] should_fail_ex+0x414/0x560 [ 163.461040][ T7588] should_failslab+0xa8/0x100 [ 163.461069][ T7588] __kmalloc_noprof+0xcb/0x4f0 [ 163.461092][ T7588] ? vb2_core_reqbufs+0x97f/0x1420 [ 163.461117][ T7588] vb2_core_reqbufs+0x97f/0x1420 [ 163.461157][ T7588] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 163.461189][ T7588] ? __vb2_init_fileio+0x1e8/0xff0 [ 163.461217][ T7588] __vb2_init_fileio+0x318/0xff0 [ 163.461253][ T7588] ? __pfx___mutex_lock+0x10/0x10 [ 163.461277][ T7588] __vb2_perform_fileio+0x284/0x1600 [ 163.461329][ T7588] vb2_fop_read+0x273/0x360 [ 163.461358][ T7588] v4l2_read+0x199/0x2c0 [ 163.461381][ T7588] ? __pfx_v4l2_read+0x10/0x10 [ 163.461403][ T7588] vfs_read+0x1fd/0x980 [ 163.461438][ T7588] ? __pfx_vfs_read+0x10/0x10 [ 163.461466][ T7588] ? __fget_files+0x2a/0x420 [ 163.461500][ T7588] ? __fget_files+0x2a/0x420 [ 163.461529][ T7588] ? __fget_files+0x3a0/0x420 [ 163.461558][ T7588] ? __fget_files+0x2a/0x420 [ 163.461599][ T7588] ksys_read+0x145/0x250 [ 163.461627][ T7588] ? __pfx_ksys_read+0x10/0x10 [ 163.461650][ T7588] ? rcu_is_watching+0x15/0xb0 [ 163.461680][ T7588] ? do_syscall_64+0xbe/0x3b0 [ 163.461705][ T7588] do_syscall_64+0xfa/0x3b0 [ 163.461723][ T7588] ? lockdep_hardirqs_on+0x9c/0x150 [ 163.461755][ T7588] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.461775][ T7588] ? clear_bhb_loop+0x60/0xb0 [ 163.461811][ T7588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.461830][ T7588] RIP: 0033:0x7fb1a638e929 [ 163.461847][ T7588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.461863][ T7588] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 163.461883][ T7588] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 163.461897][ T7588] RDX: 0000000000000013 RSI: 0000200000000180 RDI: 0000000000000003 [ 163.461908][ T7588] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 163.461919][ T7588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 163.461930][ T7588] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 163.461960][ T7588] [ 163.739933][ C1] vkms_vblank_simulate: vblank timer overrun [ 163.981134][ T7598] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 165.112674][ T7620] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 165.131994][ T7621] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 165.920343][ T7662] usb usb9: usbfs: process 7662 (syz.3.533) did not claim interface 0 before use [ 167.661618][ T7708] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 168.097282][ T7713] kvm_intel: kvm [7712]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 168.438205][ T7723] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 169.403318][ T7746] FAULT_INJECTION: forcing a failure. [ 169.403318][ T7746] name failslab, interval 1, probability 0, space 0, times 0 [ 169.425757][ T7746] CPU: 0 UID: 0 PID: 7746 Comm: syz.0.559 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 169.425781][ T7746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 169.425792][ T7746] Call Trace: [ 169.425799][ T7746] [ 169.425806][ T7746] dump_stack_lvl+0x189/0x250 [ 169.425830][ T7746] ? __pfx____ratelimit+0x10/0x10 [ 169.425858][ T7746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.425878][ T7746] ? __pfx__printk+0x10/0x10 [ 169.425900][ T7746] ? __pfx___might_resched+0x10/0x10 [ 169.425920][ T7746] ? fs_reclaim_acquire+0x7d/0x100 [ 169.425949][ T7746] should_fail_ex+0x414/0x560 [ 169.425977][ T7746] should_failslab+0xa8/0x100 [ 169.426003][ T7746] __kmalloc_noprof+0xcb/0x4f0 [ 169.426024][ T7746] ? tomoyo_encode+0x28b/0x550 [ 169.426059][ T7746] tomoyo_encode+0x28b/0x550 [ 169.426086][ T7746] tomoyo_realpath_from_path+0x58d/0x5d0 [ 169.426119][ T7746] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 169.426147][ T7746] tomoyo_path_number_perm+0x1e8/0x5a0 [ 169.426179][ T7746] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 169.426224][ T7746] ? __lock_acquire+0xab9/0xd20 [ 169.426263][ T7746] ? __fget_files+0x2a/0x420 [ 169.426293][ T7746] ? __fget_files+0x2a/0x420 [ 169.426319][ T7746] ? __fget_files+0x3a0/0x420 [ 169.426345][ T7746] ? __fget_files+0x2a/0x420 [ 169.426376][ T7746] security_file_ioctl+0xcb/0x2d0 [ 169.426405][ T7746] __se_sys_ioctl+0x47/0x170 [ 169.426430][ T7746] do_syscall_64+0xfa/0x3b0 [ 169.426457][ T7746] ? lockdep_hardirqs_on+0x9c/0x150 [ 169.426484][ T7746] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.426501][ T7746] ? clear_bhb_loop+0x60/0xb0 [ 169.426522][ T7746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.426555][ T7746] RIP: 0033:0x7f321bb8e929 [ 169.426584][ T7746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.426597][ T7746] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.426632][ T7746] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 169.426645][ T7746] RDX: 0000200000000000 RSI: 00000000c0105512 RDI: 0000000000000003 [ 169.426657][ T7746] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 169.426668][ T7746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 169.426678][ T7746] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 169.426706][ T7746] [ 169.426724][ T7746] ERROR: Out of memory at tomoyo_realpath_from_path. [ 169.778163][ T7758] binder: 7757:7758 ioctl c0306201 200000000640 returned -22 [ 169.858944][ T7760] input: syz0 as /devices/virtual/input/input21 [ 170.769725][ T7772] loop8: detected capacity change from 0 to 7 [ 170.773093][ T7772] Dev loop8: unable to read RDB block 7 [ 170.773133][ T7772] loop8: unable to read partition table [ 170.773378][ T7772] loop8: partition table beyond EOD, truncated [ 170.773395][ T7772] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 172.024104][ T7791] kernel profiling enabled (shift: 63) [ 172.024138][ T7791] profiling shift: 63 too large [ 172.453449][ T7806] binfmt_misc: register: failed to install interpreter file ./cgroup [ 172.502920][ T7810] syz.1.579: attempt to access beyond end of device [ 172.502920][ T7810] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 172.548017][ T7813] Invalid logical block size (135168) [ 174.455175][ T7845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 175.018700][ T7869] input: syz1 as /devices/virtual/input/input22 [ 176.041003][ T7889] nvme_fabrics: missing parameter 'transport=%s' [ 176.080203][ T7889] nvme_fabrics: missing parameter 'nqn=%s' [ 176.369351][ T7911] QAT: Device 4 not found [ 176.410956][ T7911] QAT: Device 4 not found [ 176.415423][ T7911] QAT: Device 4 not found [ 176.419864][ T7911] QAT: Device 4 not found [ 178.323628][ T7954] FAULT_INJECTION: forcing a failure. [ 178.323628][ T7954] name failslab, interval 1, probability 0, space 0, times 0 [ 178.336901][ T7954] CPU: 0 UID: 0 PID: 7954 Comm: syz.3.624 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 178.336923][ T7954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.336934][ T7954] Call Trace: [ 178.336940][ T7954] [ 178.336947][ T7954] dump_stack_lvl+0x189/0x250 [ 178.336972][ T7954] ? __pfx____ratelimit+0x10/0x10 [ 178.337000][ T7954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.337020][ T7954] ? __pfx__printk+0x10/0x10 [ 178.337044][ T7954] ? __pfx___might_resched+0x10/0x10 [ 178.337064][ T7954] ? fs_reclaim_acquire+0x7d/0x100 [ 178.337093][ T7954] should_fail_ex+0x414/0x560 [ 178.337139][ T7954] should_failslab+0xa8/0x100 [ 178.337165][ T7954] __kmalloc_noprof+0xcb/0x4f0 [ 178.337185][ T7954] ? kfree+0x4d/0x440 [ 178.337203][ T7954] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 178.337231][ T7954] tomoyo_realpath_from_path+0xe3/0x5d0 [ 178.337265][ T7954] ? tomoyo_domain+0xd9/0x130 [ 178.337300][ T7954] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 178.337327][ T7954] tomoyo_path_number_perm+0x1e8/0x5a0 [ 178.337357][ T7954] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 178.337400][ T7954] ? __lock_acquire+0xab9/0xd20 [ 178.337436][ T7954] ? __fget_files+0x2a/0x420 [ 178.337466][ T7954] ? __fget_files+0x2a/0x420 [ 178.337490][ T7954] ? __fget_files+0x3a0/0x420 [ 178.337514][ T7954] ? __fget_files+0x2a/0x420 [ 178.337543][ T7954] security_file_ioctl+0xcb/0x2d0 [ 178.337571][ T7954] __se_sys_ioctl+0x47/0x170 [ 178.337595][ T7954] do_syscall_64+0xfa/0x3b0 [ 178.337611][ T7954] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.337638][ T7954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.337655][ T7954] ? clear_bhb_loop+0x60/0xb0 [ 178.337676][ T7954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.337692][ T7954] RIP: 0033:0x7f951458e929 [ 178.337707][ T7954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.337721][ T7954] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.337739][ T7954] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 178.337750][ T7954] RDX: 00002000000001c0 RSI: 000000008038550a RDI: 0000000000000003 [ 178.337761][ T7954] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 178.337771][ T7954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.337780][ T7954] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 178.337806][ T7954] [ 178.337813][ T7954] ERROR: Out of memory at tomoyo_realpath_from_path. [ 178.620496][ T7954] usb usb9: usbfs: process 7954 (syz.3.624) did not claim interface 0 before use [ 179.570929][ T7984] input: syz0 as /devices/virtual/input/input23 [ 179.747475][ T7987] FAULT_INJECTION: forcing a failure. [ 179.747475][ T7987] name failslab, interval 1, probability 0, space 0, times 0 [ 179.800707][ T7987] CPU: 0 UID: 0 PID: 7987 Comm: syz.1.635 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 179.800736][ T7987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 179.800748][ T7987] Call Trace: [ 179.800756][ T7987] [ 179.800764][ T7987] dump_stack_lvl+0x189/0x250 [ 179.800793][ T7987] ? __pfx____ratelimit+0x10/0x10 [ 179.800826][ T7987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 179.800850][ T7987] ? __pfx__printk+0x10/0x10 [ 179.800876][ T7987] ? __pfx___might_resched+0x10/0x10 [ 179.800900][ T7987] ? fs_reclaim_acquire+0x7d/0x100 [ 179.800941][ T7987] should_fail_ex+0x414/0x560 [ 179.800974][ T7987] should_failslab+0xa8/0x100 [ 179.801003][ T7987] __kmalloc_noprof+0xcb/0x4f0 [ 179.801027][ T7987] ? tomoyo_encode+0x28b/0x550 [ 179.801054][ T7987] tomoyo_encode+0x28b/0x550 [ 179.801084][ T7987] tomoyo_realpath_from_path+0x58d/0x5d0 [ 179.801120][ T7987] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 179.801153][ T7987] tomoyo_path_number_perm+0x1e8/0x5a0 [ 179.801188][ T7987] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 179.801239][ T7987] ? __lock_acquire+0xab9/0xd20 [ 179.801281][ T7987] ? __fget_files+0x2a/0x420 [ 179.801315][ T7987] ? __fget_files+0x2a/0x420 [ 179.801344][ T7987] ? __fget_files+0x3a0/0x420 [ 179.801371][ T7987] ? __fget_files+0x2a/0x420 [ 179.801406][ T7987] security_file_ioctl+0xcb/0x2d0 [ 179.801438][ T7987] __se_sys_ioctl+0x47/0x170 [ 179.801466][ T7987] do_syscall_64+0xfa/0x3b0 [ 179.801487][ T7987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.801505][ T7987] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 179.801526][ T7987] ? clear_bhb_loop+0x60/0xb0 [ 179.801550][ T7987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 179.801569][ T7987] RIP: 0033:0x7fb1a638e929 [ 179.801587][ T7987] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 179.801604][ T7987] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 179.801625][ T7987] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 179.801639][ T7987] RDX: 00002000000001c0 RSI: 000000008038550a RDI: 0000000000000003 [ 179.801652][ T7987] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 179.801669][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 179.801680][ T7987] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 179.801711][ T7987] [ 179.801762][ T7987] ERROR: Out of memory at tomoyo_realpath_from_path. [ 179.836269][ T7989] usb usb9: usbfs: process 7989 (syz.2.636) did not claim interface 0 before use [ 180.070017][ T7987] usb usb9: usbfs: process 7987 (syz.1.635) did not claim interface 0 before use [ 181.483323][ T8019] usb usb9: usbfs: process 8019 (syz.3.646) did not claim interface 0 before use [ 181.517893][ T8015] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 182.499044][ T8038] syz.0.654: attempt to access beyond end of device [ 182.499044][ T8038] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 182.545275][ T8046] usb usb9: usbfs: process 8046 (syz.1.656) did not claim interface 0 before use [ 182.881683][ T8055] usb usb9: usbfs: process 8055 (syz.0.661) did not claim interface 0 before use [ 184.718029][ T8107] sp0: Synchronizing with TNC [ 184.726358][ T8107] sp0: Found TNC [ 185.049304][ T8102] [U] ` [ 185.207672][ T8127] usb usb9: usbfs: process 8127 (syz.0.684) did not claim interface 0 before use [ 185.426292][ T8138] i2c i2c-0: Invalid block write size 254 [ 186.065448][ T8151] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.846766][ T8172] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.901705][ T8173] KVM: debugfs: duplicate directory 8173-4 [ 186.914598][ T8173] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 186.935426][ T8173] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 187.263338][ T8177] usb usb9: usbfs: process 8177 (syz.2.701) did not claim interface 0 before use [ 189.892189][ T8239] FAULT_INJECTION: forcing a failure. [ 189.892189][ T8239] name failslab, interval 1, probability 0, space 0, times 0 [ 189.994463][ T8239] CPU: 1 UID: 0 PID: 8239 Comm: syz.1.722 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 189.994492][ T8239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 189.994504][ T8239] Call Trace: [ 189.994512][ T8239] [ 189.994520][ T8239] dump_stack_lvl+0x189/0x250 [ 189.994548][ T8239] ? __pfx____ratelimit+0x10/0x10 [ 189.994579][ T8239] ? __pfx_dump_stack_lvl+0x10/0x10 [ 189.994602][ T8239] ? __pfx__printk+0x10/0x10 [ 189.994631][ T8239] ? __pfx___might_resched+0x10/0x10 [ 189.994652][ T8239] ? fs_reclaim_acquire+0x7d/0x100 [ 189.994684][ T8239] should_fail_ex+0x414/0x560 [ 189.994715][ T8239] should_failslab+0xa8/0x100 [ 189.994743][ T8239] __kmalloc_noprof+0xcb/0x4f0 [ 189.994765][ T8239] ? snd_ctl_new+0x6e/0x290 [ 189.994786][ T8239] ? down_write+0x162/0x1f0 [ 189.994811][ T8239] snd_ctl_new+0x6e/0x290 [ 189.994840][ T8239] snd_ctl_elem_add+0x3fd/0xa60 [ 189.994882][ T8239] snd_ctl_ioctl+0xcc7/0x1ad0 [ 189.994908][ T8239] ? stack_trace_save+0x9c/0xe0 [ 189.994936][ T8239] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 189.994971][ T8239] ? kasan_save_track+0x4f/0x80 [ 189.994991][ T8239] ? kasan_save_track+0x3e/0x80 [ 189.995010][ T8239] ? kasan_save_free_info+0x46/0x50 [ 189.995050][ T8239] ? __kasan_slab_free+0x62/0x70 [ 189.995071][ T8239] ? kfree+0x18e/0x440 [ 189.995089][ T8239] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 189.995118][ T8239] ? security_file_ioctl+0xcb/0x2d0 [ 189.995145][ T8239] ? __se_sys_ioctl+0x47/0x170 [ 189.995166][ T8239] ? do_syscall_64+0xfa/0x3b0 [ 189.995183][ T8239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.995259][ T8239] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 189.995291][ T8239] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 189.995322][ T8239] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 189.995351][ T8239] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 189.995401][ T8239] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 189.995451][ T8239] ? __lock_acquire+0xab9/0xd20 [ 189.995494][ T8239] ? __fget_files+0x2a/0x420 [ 189.995527][ T8239] ? __fget_files+0x2a/0x420 [ 189.995555][ T8239] ? __fget_files+0x3a0/0x420 [ 189.995596][ T8239] ? __fget_files+0x2a/0x420 [ 189.995628][ T8239] ? bpf_lsm_file_ioctl+0x9/0x20 [ 189.995649][ T8239] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 189.995675][ T8239] __se_sys_ioctl+0xfc/0x170 [ 189.995701][ T8239] do_syscall_64+0xfa/0x3b0 [ 189.995719][ T8239] ? lockdep_hardirqs_on+0x9c/0x150 [ 189.995748][ T8239] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.995767][ T8239] ? clear_bhb_loop+0x60/0xb0 [ 189.995790][ T8239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.995809][ T8239] RIP: 0033:0x7fb1a638e929 [ 189.995826][ T8239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 189.995841][ T8239] RSP: 002b:00007fb1a7141038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.995862][ T8239] RAX: ffffffffffffffda RBX: 00007fb1a65b6080 RCX: 00007fb1a638e929 [ 189.995876][ T8239] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000006 [ 189.995888][ T8239] RBP: 00007fb1a7141090 R08: 0000000000000000 R09: 0000000000000000 [ 189.995900][ T8239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.995911][ T8239] R13: 0000000000000000 R14: 00007fb1a65b6080 R15: 00007fff2c053798 [ 189.995942][ T8239] [ 190.324303][ C1] vkms_vblank_simulate: vblank timer overrun [ 190.553220][ T8256] input: syz1 as /devices/virtual/input/input26 [ 191.236716][ T8271] usb usb9: usbfs: process 8271 (syz.0.734) did not claim interface 0 before use [ 191.430896][ T8279] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 191.572575][ T8284] FAULT_INJECTION: forcing a failure. [ 191.572575][ T8284] name failslab, interval 1, probability 0, space 0, times 0 [ 191.623518][ T8284] CPU: 0 UID: 0 PID: 8284 Comm: syz.2.738 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 191.623544][ T8284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 191.623555][ T8284] Call Trace: [ 191.623562][ T8284] [ 191.623569][ T8284] dump_stack_lvl+0x189/0x250 [ 191.623596][ T8284] ? __pfx____ratelimit+0x10/0x10 [ 191.623625][ T8284] ? __pfx_dump_stack_lvl+0x10/0x10 [ 191.623646][ T8284] ? __pfx__printk+0x10/0x10 [ 191.623673][ T8284] ? __pfx___might_resched+0x10/0x10 [ 191.623692][ T8284] ? fs_reclaim_acquire+0x7d/0x100 [ 191.623722][ T8284] should_fail_ex+0x414/0x560 [ 191.623751][ T8284] should_failslab+0xa8/0x100 [ 191.623777][ T8284] __kmalloc_noprof+0xcb/0x4f0 [ 191.623796][ T8284] ? snd_ctl_elem_add+0x429/0xa60 [ 191.623820][ T8284] ? snd_ctl_elem_add+0x436/0xa60 [ 191.623849][ T8284] snd_ctl_elem_add+0x436/0xa60 [ 191.623887][ T8284] snd_ctl_ioctl+0xcc7/0x1ad0 [ 191.623912][ T8284] ? stack_trace_save+0x9c/0xe0 [ 191.623939][ T8284] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 191.623971][ T8284] ? kasan_save_track+0x4f/0x80 [ 191.623989][ T8284] ? kasan_save_track+0x3e/0x80 [ 191.624006][ T8284] ? kasan_save_free_info+0x46/0x50 [ 191.624032][ T8284] ? __kasan_slab_free+0x62/0x70 [ 191.624051][ T8284] ? kfree+0x18e/0x440 [ 191.624067][ T8284] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 191.624094][ T8284] ? security_file_ioctl+0xcb/0x2d0 [ 191.624119][ T8284] ? __se_sys_ioctl+0x47/0x170 [ 191.624145][ T8284] ? do_syscall_64+0xfa/0x3b0 [ 191.624162][ T8284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.624231][ T8284] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 191.624261][ T8284] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 191.624289][ T8284] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 191.624316][ T8284] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 191.624345][ T8284] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 191.624390][ T8284] ? __lock_acquire+0xab9/0xd20 [ 191.624438][ T8284] ? __fget_files+0x2a/0x420 [ 191.624465][ T8284] ? __fget_files+0x2a/0x420 [ 191.624489][ T8284] ? __fget_files+0x3a0/0x420 [ 191.624513][ T8284] ? __fget_files+0x2a/0x420 [ 191.624541][ T8284] ? bpf_lsm_file_ioctl+0x9/0x20 [ 191.624559][ T8284] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 191.624582][ T8284] __se_sys_ioctl+0xfc/0x170 [ 191.624605][ T8284] do_syscall_64+0xfa/0x3b0 [ 191.624620][ T8284] ? lockdep_hardirqs_on+0x9c/0x150 [ 191.624646][ T8284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.624662][ T8284] ? clear_bhb_loop+0x60/0xb0 [ 191.624683][ T8284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 191.624699][ T8284] RIP: 0033:0x7f457178e929 [ 191.624714][ T8284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.624725][ T8284] RSP: 002b:00007f456f5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 191.624743][ T8284] RAX: ffffffffffffffda RBX: 00007f45719b6080 RCX: 00007f457178e929 [ 191.624755][ T8284] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000006 [ 191.624766][ T8284] RBP: 00007f456f5d5090 R08: 0000000000000000 R09: 0000000000000000 [ 191.624794][ T8284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.624803][ T8284] R13: 0000000000000000 R14: 00007f45719b6080 R15: 00007ffecdd7a238 [ 191.624830][ T8284] [ 192.325104][ T8302] random: crng reseeded on system resumption [ 192.380169][ T8302] vivid-003: disconnect [ 192.395920][ T8301] vivid-003: reconnect [ 192.589835][ T8312] usb usb9: usbfs: process 8312 (syz.2.744) did not claim interface 0 before use [ 192.619397][ T8309] binder: 8308:8309 ioctl c0306201 2000000003c0 returned -14 [ 192.674749][ T8318] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 192.864610][ T8330] FAULT_INJECTION: forcing a failure. [ 192.864610][ T8330] name failslab, interval 1, probability 0, space 0, times 0 [ 192.910857][ T8330] CPU: 0 UID: 0 PID: 8330 Comm: syz.0.752 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 192.910886][ T8330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 192.910898][ T8330] Call Trace: [ 192.910906][ T8330] [ 192.910915][ T8330] dump_stack_lvl+0x189/0x250 [ 192.910943][ T8330] ? __pfx____ratelimit+0x10/0x10 [ 192.910976][ T8330] ? __pfx_dump_stack_lvl+0x10/0x10 [ 192.911000][ T8330] ? __pfx__printk+0x10/0x10 [ 192.911026][ T8330] ? __pfx___might_resched+0x10/0x10 [ 192.911056][ T8330] ? fs_reclaim_acquire+0x7d/0x100 [ 192.911090][ T8330] should_fail_ex+0x414/0x560 [ 192.911122][ T8330] should_failslab+0xa8/0x100 [ 192.911151][ T8330] __kmalloc_noprof+0xcb/0x4f0 [ 192.911174][ T8330] ? tomoyo_encode+0x28b/0x550 [ 192.911203][ T8330] tomoyo_encode+0x28b/0x550 [ 192.911233][ T8330] tomoyo_realpath_from_path+0x58d/0x5d0 [ 192.911269][ T8330] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 192.911302][ T8330] tomoyo_path_number_perm+0x1e8/0x5a0 [ 192.911337][ T8330] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 192.911389][ T8330] ? __lock_acquire+0xab9/0xd20 [ 192.911432][ T8330] ? __fget_files+0x2a/0x420 [ 192.911465][ T8330] ? __fget_files+0x2a/0x420 [ 192.911494][ T8330] ? __fget_files+0x3a0/0x420 [ 192.911522][ T8330] ? __fget_files+0x2a/0x420 [ 192.911556][ T8330] security_file_ioctl+0xcb/0x2d0 [ 192.911588][ T8330] __se_sys_ioctl+0x47/0x170 [ 192.911615][ T8330] do_syscall_64+0xfa/0x3b0 [ 192.911633][ T8330] ? lockdep_hardirqs_on+0x9c/0x150 [ 192.911664][ T8330] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.911684][ T8330] ? clear_bhb_loop+0x60/0xb0 [ 192.911708][ T8330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 192.911727][ T8330] RIP: 0033:0x7f321bb8e929 [ 192.911744][ T8330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 192.911760][ T8330] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 192.911780][ T8330] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 192.911811][ T8330] RDX: 0000200000000200 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 192.911824][ T8330] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 192.911835][ T8330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 192.911846][ T8330] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 192.911885][ T8330] [ 192.911903][ T8330] ERROR: Out of memory at tomoyo_realpath_from_path. [ 193.984614][ T8355] FAULT_INJECTION: forcing a failure. [ 193.984614][ T8355] name failslab, interval 1, probability 0, space 0, times 0 [ 193.994913][ T8356] binder: binder_mmap: 8349 200000001000-20000000b000 bad vm_flags failed -1 [ 194.033656][ T8355] CPU: 0 UID: 0 PID: 8355 Comm: syz.1.763 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 194.033682][ T8355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.033702][ T8355] Call Trace: [ 194.033709][ T8355] [ 194.033717][ T8355] dump_stack_lvl+0x189/0x250 [ 194.033745][ T8355] ? __pfx____ratelimit+0x10/0x10 [ 194.033777][ T8355] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.033800][ T8355] ? __pfx__printk+0x10/0x10 [ 194.033825][ T8355] ? __pfx___might_resched+0x10/0x10 [ 194.033848][ T8355] ? fs_reclaim_acquire+0x7d/0x100 [ 194.033881][ T8355] should_fail_ex+0x414/0x560 [ 194.033913][ T8355] should_failslab+0xa8/0x100 [ 194.033942][ T8355] __kmalloc_noprof+0xcb/0x4f0 [ 194.033964][ T8355] ? tomoyo_encode+0x28b/0x550 [ 194.033991][ T8355] tomoyo_encode+0x28b/0x550 [ 194.034021][ T8355] tomoyo_realpath_from_path+0x58d/0x5d0 [ 194.034067][ T8355] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 194.034096][ T8355] tomoyo_path_number_perm+0x1e8/0x5a0 [ 194.034128][ T8355] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 194.034173][ T8355] ? __lock_acquire+0xab9/0xd20 [ 194.034211][ T8355] ? __fget_files+0x2a/0x420 [ 194.034242][ T8355] ? __fget_files+0x2a/0x420 [ 194.034269][ T8355] ? __fget_files+0x3a0/0x420 [ 194.034295][ T8355] ? __fget_files+0x2a/0x420 [ 194.034326][ T8355] security_file_ioctl+0xcb/0x2d0 [ 194.034355][ T8355] __se_sys_ioctl+0x47/0x170 [ 194.034381][ T8355] do_syscall_64+0xfa/0x3b0 [ 194.034398][ T8355] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.034425][ T8355] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.034444][ T8355] ? clear_bhb_loop+0x60/0xb0 [ 194.034467][ T8355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.034484][ T8355] RIP: 0033:0x7fb1a638e929 [ 194.034500][ T8355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.034515][ T8355] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.034534][ T8355] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 194.034547][ T8355] RDX: 0000200000000200 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 194.034559][ T8355] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 194.034570][ T8355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.034580][ T8355] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 194.034608][ T8355] [ 194.034627][ T8355] ERROR: Out of memory at tomoyo_realpath_from_path. [ 194.345351][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.385122][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.562447][ T8351] loop4: detected capacity change from 0 to 524255232 [ 194.846525][ T8367] loop6: detected capacity change from 0 to 7 [ 194.855622][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.855728][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.856475][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.856504][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.856676][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.856700][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.857331][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.857361][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.857583][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.857609][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.857778][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.857804][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.857959][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.857985][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.858058][ T8367] ldm_validate_partition_table(): Disk read failed. [ 194.858156][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.858183][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.858392][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.858417][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.858570][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 194.858596][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 194.859480][ T8367] Dev loop6: unable to read RDB block 0 [ 194.860417][ T8367] loop6: unable to read partition table [ 194.870748][ T8367] loop6: partition table beyond EOD, truncated [ 194.870784][ T8367] loop_reread_partitions: partition scan of loop6 (被x() failed (rc=-5) [ 195.978129][ T8382] FAULT_INJECTION: forcing a failure. [ 195.978129][ T8382] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 195.978163][ T8382] CPU: 1 UID: 0 PID: 8382 Comm: syz.0.772 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 195.978185][ T8382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.978196][ T8382] Call Trace: [ 195.978204][ T8382] [ 195.978212][ T8382] dump_stack_lvl+0x189/0x250 [ 195.978250][ T8382] ? __pfx____ratelimit+0x10/0x10 [ 195.978303][ T8382] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.978326][ T8382] ? __pfx__printk+0x10/0x10 [ 195.978352][ T8382] ? __might_fault+0xb0/0x130 [ 195.978386][ T8382] should_fail_ex+0x414/0x560 [ 195.978416][ T8382] _copy_from_user+0x2d/0xb0 [ 195.978436][ T8382] video_usercopy+0x354/0x14f0 [ 195.978468][ T8382] ? __pfx___video_do_ioctl+0x10/0x10 [ 195.978491][ T8382] ? __pfx_video_usercopy+0x10/0x10 [ 195.978523][ T8382] ? __fget_files+0x2a/0x420 [ 195.978556][ T8382] ? __fget_files+0x2a/0x420 [ 195.978584][ T8382] ? __fget_files+0x3a0/0x420 [ 195.978616][ T8382] v4l2_ioctl+0x18d/0x1e0 [ 195.978639][ T8382] ? __pfx_v4l2_ioctl+0x10/0x10 [ 195.978659][ T8382] __se_sys_ioctl+0xfc/0x170 [ 195.978686][ T8382] do_syscall_64+0xfa/0x3b0 [ 195.978704][ T8382] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.978734][ T8382] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.978753][ T8382] ? clear_bhb_loop+0x60/0xb0 [ 195.978785][ T8382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.978804][ T8382] RIP: 0033:0x7f321bb8e929 [ 195.978821][ T8382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.978837][ T8382] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 195.978857][ T8382] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 195.978871][ T8382] RDX: 0000200000000200 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 195.978883][ T8382] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 195.978895][ T8382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 195.978906][ T8382] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 195.978935][ T8382] [ 196.625948][ T8395] FAULT_INJECTION: forcing a failure. [ 196.625948][ T8395] name failslab, interval 1, probability 0, space 0, times 0 [ 196.625990][ T8395] CPU: 0 UID: 0 PID: 8395 Comm: syz.2.777 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 196.626011][ T8395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 196.626021][ T8395] Call Trace: [ 196.626028][ T8395] [ 196.626036][ T8395] dump_stack_lvl+0x189/0x250 [ 196.626061][ T8395] ? __pfx____ratelimit+0x10/0x10 [ 196.626090][ T8395] ? __pfx_dump_stack_lvl+0x10/0x10 [ 196.626111][ T8395] ? __pfx__printk+0x10/0x10 [ 196.626138][ T8395] ? __pfx___might_resched+0x10/0x10 [ 196.626158][ T8395] ? fs_reclaim_acquire+0x7d/0x100 [ 196.626189][ T8395] should_fail_ex+0x414/0x560 [ 196.626217][ T8395] should_failslab+0xa8/0x100 [ 196.626242][ T8395] __kmalloc_noprof+0xcb/0x4f0 [ 196.626262][ T8395] ? kfree+0x4d/0x440 [ 196.626279][ T8395] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 196.626307][ T8395] tomoyo_realpath_from_path+0xe3/0x5d0 [ 196.626330][ T8395] ? tomoyo_domain+0xd9/0x130 [ 196.626357][ T8395] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 196.626386][ T8395] tomoyo_path_number_perm+0x1e8/0x5a0 [ 196.626435][ T8395] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 196.626483][ T8395] ? __lock_acquire+0xab9/0xd20 [ 196.626524][ T8395] ? __fget_files+0x2a/0x420 [ 196.626556][ T8395] ? __fget_files+0x2a/0x420 [ 196.626583][ T8395] ? __fget_files+0x3a0/0x420 [ 196.626610][ T8395] ? __fget_files+0x2a/0x420 [ 196.626643][ T8395] security_file_ioctl+0xcb/0x2d0 [ 196.626674][ T8395] __se_sys_ioctl+0x47/0x170 [ 196.626701][ T8395] do_syscall_64+0xfa/0x3b0 [ 196.626730][ T8395] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.626748][ T8395] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 196.626768][ T8395] ? clear_bhb_loop+0x60/0xb0 [ 196.626791][ T8395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.626809][ T8395] RIP: 0033:0x7f457178e929 [ 196.626825][ T8395] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.626840][ T8395] RSP: 002b:00007f456f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 196.626860][ T8395] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178e929 [ 196.626886][ T8395] RDX: 0000200000000080 RSI: 0000000040305652 RDI: 0000000000000003 [ 196.626897][ T8395] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 196.626908][ T8395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.626918][ T8395] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 196.626946][ T8395] [ 196.627152][ T8395] ERROR: Out of memory at tomoyo_realpath_from_path. [ 197.099081][ C1] vkms_vblank_simulate: vblank timer overrun [ 197.433587][ T8417] FAULT_INJECTION: forcing a failure. [ 197.433587][ T8417] name failslab, interval 1, probability 0, space 0, times 0 [ 197.477335][ T8417] CPU: 0 UID: 0 PID: 8417 Comm: syz.0.786 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 197.477363][ T8417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.477376][ T8417] Call Trace: [ 197.477384][ T8417] [ 197.477393][ T8417] dump_stack_lvl+0x189/0x250 [ 197.477420][ T8417] ? __pfx____ratelimit+0x10/0x10 [ 197.477454][ T8417] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.477477][ T8417] ? __pfx__printk+0x10/0x10 [ 197.477515][ T8417] ? __pfx___might_resched+0x10/0x10 [ 197.477539][ T8417] ? fs_reclaim_acquire+0x7d/0x100 [ 197.477573][ T8417] should_fail_ex+0x414/0x560 [ 197.477605][ T8417] should_failslab+0xa8/0x100 [ 197.477634][ T8417] __kmalloc_noprof+0xcb/0x4f0 [ 197.477657][ T8417] ? tomoyo_encode+0x28b/0x550 [ 197.477685][ T8417] tomoyo_encode+0x28b/0x550 [ 197.477715][ T8417] tomoyo_realpath_from_path+0x58d/0x5d0 [ 197.477751][ T8417] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 197.477822][ T8417] tomoyo_path_number_perm+0x1e8/0x5a0 [ 197.477859][ T8417] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 197.477910][ T8417] ? __lock_acquire+0xab9/0xd20 [ 197.477952][ T8417] ? __fget_files+0x2a/0x420 [ 197.477987][ T8417] ? __fget_files+0x2a/0x420 [ 197.478015][ T8417] ? __fget_files+0x3a0/0x420 [ 197.478043][ T8417] ? __fget_files+0x2a/0x420 [ 197.478077][ T8417] security_file_ioctl+0xcb/0x2d0 [ 197.478109][ T8417] __se_sys_ioctl+0x47/0x170 [ 197.478138][ T8417] do_syscall_64+0xfa/0x3b0 [ 197.478157][ T8417] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.478188][ T8417] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.478208][ T8417] ? clear_bhb_loop+0x60/0xb0 [ 197.478232][ T8417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.478263][ T8417] RIP: 0033:0x7f321bb8e929 [ 197.478281][ T8417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.478296][ T8417] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 197.478316][ T8417] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 197.478330][ T8417] RDX: 0000200000000080 RSI: 0000000040305652 RDI: 0000000000000003 [ 197.478343][ T8417] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 197.478354][ T8417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.478364][ T8417] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 197.478420][ T8417] [ 197.478441][ T8417] ERROR: Out of memory at tomoyo_realpath_from_path. [ 197.544661][ T8422] usb usb8: usbfs: process 8422 (syz.3.784) did not claim interface 0 before use [ 198.964448][ T8450] FAULT_INJECTION: forcing a failure. [ 198.964448][ T8450] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 198.977944][ T8450] CPU: 1 UID: 0 PID: 8450 Comm: syz.3.799 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 198.977970][ T8450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 198.977982][ T8450] Call Trace: [ 198.977990][ T8450] [ 198.977997][ T8450] dump_stack_lvl+0x189/0x250 [ 198.978026][ T8450] ? __pfx____ratelimit+0x10/0x10 [ 198.978057][ T8450] ? __pfx_dump_stack_lvl+0x10/0x10 [ 198.978089][ T8450] ? __pfx__printk+0x10/0x10 [ 198.978111][ T8450] ? __might_fault+0xb0/0x130 [ 198.978143][ T8450] should_fail_ex+0x414/0x560 [ 198.978171][ T8450] _copy_from_user+0x2d/0xb0 [ 198.978191][ T8450] video_usercopy+0x354/0x14f0 [ 198.978222][ T8450] ? __pfx___video_do_ioctl+0x10/0x10 [ 198.978242][ T8450] ? __pfx_video_usercopy+0x10/0x10 [ 198.978273][ T8450] ? __fget_files+0x2a/0x420 [ 198.978302][ T8450] ? __fget_files+0x2a/0x420 [ 198.978328][ T8450] ? __fget_files+0x3a0/0x420 [ 198.978357][ T8450] v4l2_ioctl+0x18d/0x1e0 [ 198.978377][ T8450] ? __pfx_v4l2_ioctl+0x10/0x10 [ 198.978396][ T8450] __se_sys_ioctl+0xfc/0x170 [ 198.978419][ T8450] do_syscall_64+0xfa/0x3b0 [ 198.978436][ T8450] ? lockdep_hardirqs_on+0x9c/0x150 [ 198.978464][ T8450] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.978482][ T8450] ? clear_bhb_loop+0x60/0xb0 [ 198.978511][ T8450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 198.978528][ T8450] RIP: 0033:0x7f951458e929 [ 198.978544][ T8450] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 198.978559][ T8450] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 198.978577][ T8450] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 198.978591][ T8450] RDX: 0000200000000080 RSI: 0000000040305652 RDI: 0000000000000003 [ 198.978602][ T8450] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 198.978613][ T8450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 198.978624][ T8450] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 198.978651][ T8450] [ 199.762581][ T8465] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 199.795206][ T8465] input: syz1 as /devices/virtual/input/input28 [ 201.232633][ T8517] sp0: Synchronizing with TNC [ 201.848360][ T8539] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 201.866488][ T8539] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 201.998547][ T30] audit: type=1800 audit(1750365767.870:63): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.830" name="memory.events" dev="tmpfs" ino=968 res=0 errno=0 [ 202.060382][ T30] audit: type=1804 audit(1750365767.920:64): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.830" name="/newroot/187/memory.events" dev="tmpfs" ino=968 res=1 errno=0 [ 203.072279][ T8568] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 203.576910][ T8589] random: crng reseeded on system resumption [ 204.133203][ T8592] binder: 8591:8592 ioctl c0306201 2000000003c0 returned -14 [ 204.158970][ T8592] binder: BINDER_SET_CONTEXT_MGR already set [ 204.167295][ T8592] binder: 8591:8592 ioctl 4018620d 200000000000 returned -16 [ 204.891274][ T8611] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 205.051291][ T8617] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 205.206037][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 205.230337][ T5839] Bluetooth: hci4: unexpected event 0x01 length: 0 < 1 [ 205.543492][ T8632] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 206.090142][ T8646] random: crng reseeded on system resumption [ 206.165918][ T8646] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 206.174347][ T8646] program syz.0.862 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 207.078085][ T8661] binder: BC_ATTEMPT_ACQUIRE not supported [ 207.090590][ T8661] binder: 8660:8661 ioctl c0306201 200000000100 returned -22 [ 207.221073][ T5839] Bluetooth: hci4: command 0x1003 tx timeout [ 207.221125][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 207.871290][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 207.900103][ T5839] Bluetooth: hci4: unexpected event 0x01 length: 0 < 1 [ 209.267643][ T8727] mkiss: ax0: crc mode is auto. [ 209.503485][ T8735] ALSA: seq fatal error: cannot create timer (-22) [ 209.744428][ T8745] syz.1.897: attempt to access beyond end of device [ 209.744428][ T8745] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 209.778419][ T8742] syz.1.897: attempt to access beyond end of device [ 209.778419][ T8742] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 209.852404][ T8748] FAULT_INJECTION: forcing a failure. [ 209.852404][ T8748] name failslab, interval 1, probability 0, space 0, times 0 [ 209.870820][ T8748] CPU: 0 UID: 0 PID: 8748 Comm: syz.0.899 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 209.870847][ T8748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.870860][ T8748] Call Trace: [ 209.870868][ T8748] [ 209.870877][ T8748] dump_stack_lvl+0x189/0x250 [ 209.870904][ T8748] ? __pfx____ratelimit+0x10/0x10 [ 209.870933][ T8748] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.870954][ T8748] ? __pfx__printk+0x10/0x10 [ 209.870983][ T8748] ? __pfx___might_resched+0x10/0x10 [ 209.871004][ T8748] ? fs_reclaim_acquire+0x7d/0x100 [ 209.871038][ T8748] should_fail_ex+0x414/0x560 [ 209.871074][ T8748] should_failslab+0xa8/0x100 [ 209.871108][ T8748] __kmalloc_noprof+0xcb/0x4f0 [ 209.871138][ T8748] ? kernfs_fop_write_iter+0x158/0x4f0 [ 209.871172][ T8748] kernfs_fop_write_iter+0x158/0x4f0 [ 209.871211][ T8748] vfs_write+0x548/0xa90 [ 209.871246][ T8748] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 209.871277][ T8748] ? __pfx_vfs_write+0x10/0x10 [ 209.871318][ T8748] ? __fget_files+0x2a/0x420 [ 209.871364][ T8748] ksys_write+0x145/0x250 [ 209.871397][ T8748] ? __pfx_ksys_write+0x10/0x10 [ 209.871442][ T8748] do_syscall_64+0xfa/0x3b0 [ 209.871467][ T8748] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.871489][ T8748] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 209.871512][ T8748] ? clear_bhb_loop+0x60/0xb0 [ 209.871540][ T8748] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.871562][ T8748] RIP: 0033:0x7f321bb8e929 [ 209.871583][ T8748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.871603][ T8748] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.871639][ T8748] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 209.871655][ T8748] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000005 [ 209.871670][ T8748] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 209.871685][ T8748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.871697][ T8748] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 209.871746][ T8748] [ 209.943372][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 210.956501][ T8774] FAULT_INJECTION: forcing a failure. [ 210.956501][ T8774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 211.003294][ T8774] CPU: 0 UID: 0 PID: 8774 Comm: syz.0.910 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 211.003320][ T8774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 211.003332][ T8774] Call Trace: [ 211.003338][ T8774] [ 211.003346][ T8774] dump_stack_lvl+0x189/0x250 [ 211.003371][ T8774] ? __pfx____ratelimit+0x10/0x10 [ 211.003400][ T8774] ? __pfx_dump_stack_lvl+0x10/0x10 [ 211.003420][ T8774] ? __pfx__printk+0x10/0x10 [ 211.003440][ T8774] ? __might_fault+0xb0/0x130 [ 211.003471][ T8774] should_fail_ex+0x414/0x560 [ 211.003503][ T8774] _copy_from_iter+0x1db/0x16f0 [ 211.003540][ T8774] ? __pfx__copy_from_iter+0x10/0x10 [ 211.003569][ T8774] ? rcu_is_watching+0x15/0xb0 [ 211.003590][ T8774] ? trace_kmalloc+0x1f/0xd0 [ 211.003610][ T8774] ? kernfs_fop_write_iter+0x158/0x4f0 [ 211.003636][ T8774] kernfs_fop_write_iter+0x19f/0x4f0 [ 211.003664][ T8774] vfs_write+0x548/0xa90 [ 211.003691][ T8774] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 211.003714][ T8774] ? __pfx_vfs_write+0x10/0x10 [ 211.003747][ T8774] ? __fget_files+0x2a/0x420 [ 211.003781][ T8774] ksys_write+0x145/0x250 [ 211.003806][ T8774] ? __pfx_ksys_write+0x10/0x10 [ 211.003826][ T8774] ? rcu_is_watching+0x15/0xb0 [ 211.003850][ T8774] ? do_syscall_64+0xbe/0x3b0 [ 211.003872][ T8774] do_syscall_64+0xfa/0x3b0 [ 211.003887][ T8774] ? lockdep_hardirqs_on+0x9c/0x150 [ 211.003914][ T8774] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.003932][ T8774] ? clear_bhb_loop+0x60/0xb0 [ 211.003954][ T8774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.003971][ T8774] RIP: 0033:0x7f321bb8e929 [ 211.003986][ T8774] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 211.004002][ T8774] RSP: 002b:00007f321c9c5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 211.004020][ T8774] RAX: ffffffffffffffda RBX: 00007f321bdb5fa0 RCX: 00007f321bb8e929 [ 211.004033][ T8774] RDX: 0000000000000012 RSI: 0000200000000040 RDI: 0000000000000005 [ 211.004043][ T8774] RBP: 00007f321c9c5090 R08: 0000000000000000 R09: 0000000000000000 [ 211.004054][ T8774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 211.004064][ T8774] R13: 0000000000000000 R14: 00007f321bdb5fa0 R15: 00007fffeb9af728 [ 211.004092][ T8774] [ 211.423214][ T4484] Bluetooth: hci4: Frame reassembly failed (-84) [ 211.457091][ T51] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 211.957307][ T8797] binder: 8793:8797 ioctl c0306201 200000000640 returned -22 [ 213.307372][ T8819] binder: 8818:8819 ioctl c00c6211 0 returned -14 [ 213.436933][ T8825] binder: 8820:8825 ioctl c018620c 200000000140 returned -1 [ 213.461219][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 213.461811][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 213.490203][ T8823] usb usb9: usbfs: process 8823 (syz.1.926) did not claim interface 0 before use [ 213.502464][ T8823] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 214.596905][ T51] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 214.609210][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 215.250462][ T8861] program syz.3.941 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 215.467760][ T8866] usb usb9: usbfs: process 8866 (syz.1.944) did not claim interface 0 before use [ 215.725290][ T35] Bluetooth: hci5: Frame reassembly failed (-84) [ 215.768412][ T8879] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 216.660788][ T5839] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 216.667304][ T5852] Bluetooth: hci4: command 0x1003 tx timeout [ 217.217091][ T8897] usb usb9: usbfs: process 8897 (syz.0.954) did not claim interface 0 before use [ 217.542245][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 217.556460][ T5839] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 217.780742][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 217.780757][ T5839] Bluetooth: hci5: command 0x1003 tx timeout [ 219.517588][ T8957] dlm: Unknown command passed to DLM device : 0 [ 219.517588][ T8957] [ 219.541029][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 220.481838][ T59] Bluetooth: hci4: Frame reassembly failed (-84) [ 220.605244][ T8986] can0: slcan on ptm1. [ 221.508954][ T9011] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 221.587149][ T8984] can0 (unregistered): slcan off ptm1. [ 222.360183][ T9042] usb usb9: usbfs: process 9042 (syz.3.997) did not claim interface 0 before use [ 222.500847][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 222.501373][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 224.004445][ T9071] usb usb9: usbfs: process 9071 (syz.0.1007) did not claim interface 0 before use [ 224.127089][ T4484] Bluetooth: hci4: Frame reassembly failed (-84) [ 224.432530][ T9084] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 225.043147][ T9099] usb usb9: usbfs: process 9099 (syz.2.1018) did not claim interface 0 before use [ 225.453023][ T9108] FAULT_INJECTION: forcing a failure. [ 225.453023][ T9108] name failslab, interval 1, probability 0, space 0, times 0 [ 225.478052][ T9108] CPU: 1 UID: 0 PID: 9108 Comm: syz.1.1021 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 225.478076][ T9108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 225.478087][ T9108] Call Trace: [ 225.478093][ T9108] [ 225.478100][ T9108] dump_stack_lvl+0x189/0x250 [ 225.478125][ T9108] ? __pfx____ratelimit+0x10/0x10 [ 225.478154][ T9108] ? __pfx_dump_stack_lvl+0x10/0x10 [ 225.478174][ T9108] ? __pfx__printk+0x10/0x10 [ 225.478197][ T9108] ? __pfx___might_resched+0x10/0x10 [ 225.478217][ T9108] ? fs_reclaim_acquire+0x7d/0x100 [ 225.478252][ T9108] should_fail_ex+0x414/0x560 [ 225.478278][ T9108] should_failslab+0xa8/0x100 [ 225.478303][ T9108] __kmalloc_noprof+0xcb/0x4f0 [ 225.478323][ T9108] ? video_usercopy+0x18f/0x14f0 [ 225.478347][ T9108] video_usercopy+0x18f/0x14f0 [ 225.478375][ T9108] ? __pfx___video_do_ioctl+0x10/0x10 [ 225.478395][ T9108] ? __pfx_video_usercopy+0x10/0x10 [ 225.478424][ T9108] ? __fget_files+0x2a/0x420 [ 225.478453][ T9108] ? __fget_files+0x2a/0x420 [ 225.478477][ T9108] ? __fget_files+0x3a0/0x420 [ 225.478506][ T9108] v4l2_ioctl+0x18d/0x1e0 [ 225.478525][ T9108] ? __pfx_v4l2_ioctl+0x10/0x10 [ 225.478544][ T9108] __se_sys_ioctl+0xfc/0x170 [ 225.478568][ T9108] do_syscall_64+0xfa/0x3b0 [ 225.478583][ T9108] ? lockdep_hardirqs_on+0x9c/0x150 [ 225.478610][ T9108] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.478627][ T9108] ? clear_bhb_loop+0x60/0xb0 [ 225.478648][ T9108] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 225.478665][ T9108] RIP: 0033:0x7fb1a638e929 [ 225.478680][ T9108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 225.478696][ T9108] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 225.478714][ T9108] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 225.478727][ T9108] RDX: 00002000000002c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 225.478738][ T9108] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 225.478749][ T9108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.478759][ T9108] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 225.478785][ T9108] [ 226.030635][ T9121] usb usb9: usbfs: process 9121 (syz.2.1027) did not claim interface 0 before use [ 226.180636][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 226.300435][ T9133] FAULT_INJECTION: forcing a failure. [ 226.300435][ T9133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 226.314949][ T9133] CPU: 1 UID: 0 PID: 9133 Comm: syz.2.1031 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 226.314973][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 226.314983][ T9133] Call Trace: [ 226.314991][ T9133] [ 226.314998][ T9133] dump_stack_lvl+0x189/0x250 [ 226.315023][ T9133] ? __pfx____ratelimit+0x10/0x10 [ 226.315051][ T9133] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.315070][ T9133] ? __pfx__printk+0x10/0x10 [ 226.315089][ T9133] ? __might_fault+0xb0/0x130 [ 226.315118][ T9133] should_fail_ex+0x414/0x560 [ 226.315146][ T9133] _copy_from_user+0x2d/0xb0 [ 226.315165][ T9133] video_usercopy+0x354/0x14f0 [ 226.315194][ T9133] ? __pfx___video_do_ioctl+0x10/0x10 [ 226.315213][ T9133] ? __pfx_video_usercopy+0x10/0x10 [ 226.315242][ T9133] ? __fget_files+0x2a/0x420 [ 226.315278][ T9133] ? __fget_files+0x2a/0x420 [ 226.315302][ T9133] ? __fget_files+0x3a0/0x420 [ 226.315331][ T9133] v4l2_ioctl+0x18d/0x1e0 [ 226.315350][ T9133] ? __pfx_v4l2_ioctl+0x10/0x10 [ 226.315368][ T9133] __se_sys_ioctl+0xfc/0x170 [ 226.315392][ T9133] do_syscall_64+0xfa/0x3b0 [ 226.315408][ T9133] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.315434][ T9133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.315451][ T9133] ? clear_bhb_loop+0x60/0xb0 [ 226.315473][ T9133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.315489][ T9133] RIP: 0033:0x7f457178e929 [ 226.315505][ T9133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.315518][ T9133] RSP: 002b:00007f456f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 226.315534][ T9133] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178e929 [ 226.315547][ T9133] RDX: 00002000000002c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 226.315559][ T9133] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 226.315569][ T9133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.315579][ T9133] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 226.315605][ T9133] [ 227.981775][ T35] Bluetooth: hci4: Frame reassembly failed (-84) [ 228.837855][ T9203] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 230.025939][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 230.035405][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 231.343830][ T9269] input: syz1 as /devices/virtual/input/input30 [ 231.532803][ T9271] binder: 9270:9271 ioctl c018620c 200000000640 returned -22 [ 231.664109][ T9274] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 232.804403][ T9299] usb usb9: usbfs: process 9299 (syz.0.1087) did not claim interface 0 before use [ 232.828372][ T9298] input: syz1 as /devices/virtual/input/input31 [ 232.869999][ T9294] input: syz0 as /devices/virtual/input/input32 [ 232.962495][ T9294] input: failed to attach handler leds to device input32, error: -6 [ 233.590181][ T9327] usb usb9: usbfs: process 9327 (syz.0.1097) did not claim interface 0 before use [ 234.608513][ T9357] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 234.778146][ T9359] usb usb9: usbfs: process 9359 (syz.2.1108) did not claim interface 0 before use [ 234.979054][ T75] Bluetooth: hci4: Frame reassembly failed (-84) [ 235.351563][ T9374] usb usb9: usbfs: process 9374 (syz.1.1114) did not claim interface 0 before use [ 235.486664][ T9375] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 236.189945][ T9389] usb usb9: usbfs: process 9389 (syz.1.1119) did not claim interface 0 before use [ 236.594184][ T9409] FAULT_INJECTION: forcing a failure. [ 236.594184][ T9409] name failslab, interval 1, probability 0, space 0, times 0 [ 236.607533][ T9409] CPU: 0 UID: 0 PID: 9409 Comm: syz.3.1126 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 236.607560][ T9409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 236.607571][ T9409] Call Trace: [ 236.607580][ T9409] [ 236.607588][ T9409] dump_stack_lvl+0x189/0x250 [ 236.607616][ T9409] ? __pfx____ratelimit+0x10/0x10 [ 236.607648][ T9409] ? __pfx_dump_stack_lvl+0x10/0x10 [ 236.607671][ T9409] ? __pfx__printk+0x10/0x10 [ 236.607699][ T9409] ? __pfx___might_resched+0x10/0x10 [ 236.607722][ T9409] ? fs_reclaim_acquire+0x7d/0x100 [ 236.607755][ T9409] should_fail_ex+0x414/0x560 [ 236.607785][ T9409] should_failslab+0xa8/0x100 [ 236.607813][ T9409] __kmalloc_noprof+0xcb/0x4f0 [ 236.607837][ T9409] ? video_usercopy+0x18f/0x14f0 [ 236.607865][ T9409] video_usercopy+0x18f/0x14f0 [ 236.607898][ T9409] ? __pfx___video_do_ioctl+0x10/0x10 [ 236.607920][ T9409] ? __pfx_video_usercopy+0x10/0x10 [ 236.607954][ T9409] ? __fget_files+0x2a/0x420 [ 236.607986][ T9409] ? __fget_files+0x2a/0x420 [ 236.608013][ T9409] ? __fget_files+0x3a0/0x420 [ 236.608057][ T9409] v4l2_ioctl+0x18d/0x1e0 [ 236.608079][ T9409] ? __pfx_v4l2_ioctl+0x10/0x10 [ 236.608100][ T9409] __se_sys_ioctl+0xfc/0x170 [ 236.608127][ T9409] do_syscall_64+0xfa/0x3b0 [ 236.608145][ T9409] ? lockdep_hardirqs_on+0x9c/0x150 [ 236.608176][ T9409] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.608195][ T9409] ? clear_bhb_loop+0x60/0xb0 [ 236.608218][ T9409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 236.608238][ T9409] RIP: 0033:0x7f951458e929 [ 236.608255][ T9409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 236.608272][ T9409] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 236.608292][ T9409] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 236.608305][ T9409] RDX: 00002000000000c0 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 236.608318][ T9409] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 236.608330][ T9409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 236.608342][ T9409] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 236.608372][ T9409] [ 236.831948][ C0] vkms_vblank_simulate: vblank timer overrun [ 236.845070][ T5929] psmouse serio5: Failed to reset mouse on : -5 [ 236.984054][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 236.995222][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 237.018104][ T9411] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 237.224985][ T9421] usb usb9: usbfs: process 9421 (syz.3.1130) did not claim interface 0 before use [ 238.510188][ T9451] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present [ 238.695807][ T9453] usb usb9: usbfs: process 9453 (syz.3.1141) did not claim interface 0 before use [ 239.063231][ T9462] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 239.070848][ T9462] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 239.129631][ T9466] input: syz1 as /devices/virtual/input/input34 [ 239.389679][ T9479] usb usb9: usbfs: process 9479 (syz.1.1150) did not claim interface 0 before use [ 240.600950][ T5929] misc userio: Buffer overflowed, userio client isn't keeping up [ 241.100944][ T9536] kvm: kvm [9535]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 241.268278][ T9545] FAULT_INJECTION: forcing a failure. [ 241.268278][ T9545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 241.284241][ T9545] CPU: 0 UID: 0 PID: 9545 Comm: syz.1.1172 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 241.284265][ T9545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 241.284287][ T9545] Call Trace: [ 241.284298][ T9545] [ 241.284306][ T9545] dump_stack_lvl+0x189/0x250 [ 241.284331][ T9545] ? __pfx____ratelimit+0x10/0x10 [ 241.284359][ T9545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.284380][ T9545] ? __pfx__printk+0x10/0x10 [ 241.284404][ T9545] ? __might_fault+0xb0/0x130 [ 241.284434][ T9545] should_fail_ex+0x414/0x560 [ 241.284462][ T9545] _copy_from_user+0x2d/0xb0 [ 241.284481][ T9545] snd_ctl_ioctl+0x37d/0x1ad0 [ 241.284505][ T9545] ? stack_trace_save+0x9c/0xe0 [ 241.284532][ T9545] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 241.284562][ T9545] ? kasan_save_track+0x4f/0x80 [ 241.284579][ T9545] ? kasan_save_track+0x3e/0x80 [ 241.284596][ T9545] ? kasan_save_free_info+0x46/0x50 [ 241.284621][ T9545] ? __kasan_slab_free+0x62/0x70 [ 241.284639][ T9545] ? kfree+0x18e/0x440 [ 241.284662][ T9545] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 241.284687][ T9545] ? security_file_ioctl+0xcb/0x2d0 [ 241.284711][ T9545] ? __se_sys_ioctl+0x47/0x170 [ 241.284729][ T9545] ? do_syscall_64+0xfa/0x3b0 [ 241.284744][ T9545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.284807][ T9545] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 241.284835][ T9545] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 241.284862][ T9545] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 241.284888][ T9545] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 241.284915][ T9545] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 241.284957][ T9545] ? __lock_acquire+0xab9/0xd20 [ 241.284993][ T9545] ? __fget_files+0x2a/0x420 [ 241.285021][ T9545] ? __fget_files+0x2a/0x420 [ 241.285045][ T9545] ? __fget_files+0x3a0/0x420 [ 241.285069][ T9545] ? __fget_files+0x2a/0x420 [ 241.285098][ T9545] ? bpf_lsm_file_ioctl+0x9/0x20 [ 241.285116][ T9545] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 241.285138][ T9545] __se_sys_ioctl+0xfc/0x170 [ 241.285162][ T9545] do_syscall_64+0xfa/0x3b0 [ 241.285178][ T9545] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.285204][ T9545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.285221][ T9545] ? clear_bhb_loop+0x60/0xb0 [ 241.285241][ T9545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.285258][ T9545] RIP: 0033:0x7fb1a638e929 [ 241.285273][ T9545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.285288][ T9545] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 241.285306][ T9545] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 241.285324][ T9545] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000003 [ 241.285336][ T9545] RBP: 00007fb1a7162090 R08: 0000000000000000 R09: 0000000000000000 [ 241.285346][ T9545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.285357][ T9545] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 241.285383][ T9545] [ 241.579491][ C0] vkms_vblank_simulate: vblank timer overrun [ 241.815267][ T5929] input: PS/2 Generic Mouse as /devices/serio5/input/input33 [ 242.038272][ T9563] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 242.042106][ T5929] psmouse serio5: Failed to enable mouse on [ 242.071928][ T9565] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 242.079967][ T9562] ptm ptm7: ldisc open failed (-12), clearing slot 7 [ 242.210734][ T9571] binder: 9570:9571 ioctl c00c6211 0 returned -14 [ 242.251786][ T9573] binder: 9572:9573 ioctl c00c6211 0 returned -14 [ 242.324207][ T9576] FAULT_INJECTION: forcing a failure. [ 242.324207][ T9576] name failslab, interval 1, probability 0, space 0, times 0 [ 242.340190][ T9576] CPU: 0 UID: 0 PID: 9576 Comm: syz.2.1183 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 242.340218][ T9576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 242.340230][ T9576] Call Trace: [ 242.340239][ T9576] [ 242.340247][ T9576] dump_stack_lvl+0x189/0x250 [ 242.340276][ T9576] ? __pfx____ratelimit+0x10/0x10 [ 242.340308][ T9576] ? __pfx_dump_stack_lvl+0x10/0x10 [ 242.340331][ T9576] ? __pfx__printk+0x10/0x10 [ 242.340360][ T9576] ? __pfx___might_resched+0x10/0x10 [ 242.340382][ T9576] ? fs_reclaim_acquire+0x7d/0x100 [ 242.340416][ T9576] should_fail_ex+0x414/0x560 [ 242.340447][ T9576] should_failslab+0xa8/0x100 [ 242.340476][ T9576] __kmalloc_noprof+0xcb/0x4f0 [ 242.340503][ T9576] ? snd_ctl_new+0x6e/0x290 [ 242.340523][ T9576] ? down_write+0x162/0x1f0 [ 242.340548][ T9576] snd_ctl_new+0x6e/0x290 [ 242.340576][ T9576] snd_ctl_elem_add+0x3fd/0xa60 [ 242.340636][ T9576] snd_ctl_ioctl+0xcc7/0x1ad0 [ 242.340664][ T9576] ? stack_trace_save+0x9c/0xe0 [ 242.340695][ T9576] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 242.340731][ T9576] ? kasan_save_track+0x4f/0x80 [ 242.340752][ T9576] ? kasan_save_track+0x3e/0x80 [ 242.340772][ T9576] ? kasan_save_free_info+0x46/0x50 [ 242.340810][ T9576] ? __kasan_slab_free+0x62/0x70 [ 242.340832][ T9576] ? kfree+0x18e/0x440 [ 242.340852][ T9576] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 242.340882][ T9576] ? security_file_ioctl+0xcb/0x2d0 [ 242.340911][ T9576] ? __se_sys_ioctl+0x47/0x170 [ 242.340933][ T9576] ? do_syscall_64+0xfa/0x3b0 [ 242.340951][ T9576] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.341029][ T9576] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.341063][ T9576] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.341095][ T9576] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 242.341126][ T9576] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 242.341158][ T9576] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 242.341208][ T9576] ? __lock_acquire+0xab9/0xd20 [ 242.341251][ T9576] ? __fget_files+0x2a/0x420 [ 242.341286][ T9576] ? __fget_files+0x2a/0x420 [ 242.341315][ T9576] ? __fget_files+0x3a0/0x420 [ 242.341343][ T9576] ? __fget_files+0x2a/0x420 [ 242.341377][ T9576] ? bpf_lsm_file_ioctl+0x9/0x20 [ 242.341399][ T9576] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 242.341425][ T9576] __se_sys_ioctl+0xfc/0x170 [ 242.341453][ T9576] do_syscall_64+0xfa/0x3b0 [ 242.341471][ T9576] ? lockdep_hardirqs_on+0x9c/0x150 [ 242.341503][ T9576] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.341523][ T9576] ? clear_bhb_loop+0x60/0xb0 [ 242.341548][ T9576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 242.341566][ T9576] RIP: 0033:0x7f457178e929 [ 242.341583][ T9576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 242.341601][ T9576] RSP: 002b:00007f456f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 242.341622][ T9576] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178e929 [ 242.341637][ T9576] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000003 [ 242.341650][ T9576] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 242.341663][ T9576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 242.341675][ T9576] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 242.341707][ T9576] [ 242.665347][ C0] vkms_vblank_simulate: vblank timer overrun [ 242.680788][ T9577] usb usb9: usbfs: process 9577 (syz.1.1182) did not claim interface 0 before use [ 242.802482][ T9571] usb usb9: usbfs: process 9571 (syz.3.1181) did not claim interface 0 before use [ 243.456587][ T9605] loop8: detected capacity change from 0 to 7 [ 243.465806][ T5847] Dev loop8: unable to read RDB block 7 [ 243.471770][ T5847] loop8: unable to read partition table [ 243.477665][ T5847] loop8: partition table beyond EOD, truncated [ 243.494045][ T9605] Dev loop8: unable to read RDB block 7 [ 243.499650][ T9605] loop8: unable to read partition table [ 243.506104][ T9605] loop8: partition table beyond EOD, truncated [ 243.512375][ T9605] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 243.695006][ T9610] FAULT_INJECTION: forcing a failure. [ 243.695006][ T9610] name failslab, interval 1, probability 0, space 0, times 0 [ 243.775038][ T9610] CPU: 0 UID: 0 PID: 9610 Comm: syz.2.1193 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 243.775064][ T9610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.775074][ T9610] Call Trace: [ 243.775082][ T9610] [ 243.775089][ T9610] dump_stack_lvl+0x189/0x250 [ 243.775114][ T9610] ? __pfx____ratelimit+0x10/0x10 [ 243.775142][ T9610] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.775162][ T9610] ? __pfx__printk+0x10/0x10 [ 243.775187][ T9610] ? __pfx___might_resched+0x10/0x10 [ 243.775206][ T9610] ? fs_reclaim_acquire+0x7d/0x100 [ 243.775235][ T9610] should_fail_ex+0x414/0x560 [ 243.775262][ T9610] should_failslab+0xa8/0x100 [ 243.775287][ T9610] __kmalloc_noprof+0xcb/0x4f0 [ 243.775307][ T9610] ? snd_ctl_new+0x6e/0x290 [ 243.775324][ T9610] ? down_write+0x162/0x1f0 [ 243.775347][ T9610] snd_ctl_new+0x6e/0x290 [ 243.775372][ T9610] snd_ctl_elem_add+0x3fd/0xa60 [ 243.775409][ T9610] snd_ctl_ioctl+0xcc7/0x1ad0 [ 243.775433][ T9610] ? stack_trace_save+0x9c/0xe0 [ 243.775467][ T9610] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 243.775498][ T9610] ? kasan_save_track+0x4f/0x80 [ 243.775516][ T9610] ? kasan_save_track+0x3e/0x80 [ 243.775533][ T9610] ? kasan_save_free_info+0x46/0x50 [ 243.775557][ T9610] ? __kasan_slab_free+0x62/0x70 [ 243.775575][ T9610] ? kfree+0x18e/0x440 [ 243.775592][ T9610] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 243.775617][ T9610] ? security_file_ioctl+0xcb/0x2d0 [ 243.775642][ T9610] ? __se_sys_ioctl+0x47/0x170 [ 243.775661][ T9610] ? do_syscall_64+0xfa/0x3b0 [ 243.775676][ T9610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.775742][ T9610] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 243.775769][ T9610] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 243.775797][ T9610] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 243.775822][ T9610] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 243.775850][ T9610] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 243.775893][ T9610] ? __lock_acquire+0xab9/0xd20 [ 243.775929][ T9610] ? __fget_files+0x2a/0x420 [ 243.775958][ T9610] ? __fget_files+0x2a/0x420 [ 243.775981][ T9610] ? __fget_files+0x3a0/0x420 [ 243.776006][ T9610] ? __fget_files+0x2a/0x420 [ 243.776034][ T9610] ? bpf_lsm_file_ioctl+0x9/0x20 [ 243.776053][ T9610] ? __pfx_snd_ctl_ioctl+0x10/0x10 [ 243.776081][ T9610] __se_sys_ioctl+0xfc/0x170 [ 243.776105][ T9610] do_syscall_64+0xfa/0x3b0 [ 243.776121][ T9610] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.776148][ T9610] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.776165][ T9610] ? clear_bhb_loop+0x60/0xb0 [ 243.776186][ T9610] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.776203][ T9610] RIP: 0033:0x7f457178e929 [ 243.776218][ T9610] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.776233][ T9610] RSP: 002b:00007f456f5f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 243.776252][ T9610] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178e929 [ 243.776265][ T9610] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000003 [ 243.776275][ T9610] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 243.776286][ T9610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.776295][ T9610] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 243.776320][ T9610] [ 244.103391][ C0] vkms_vblank_simulate: vblank timer overrun [ 244.431004][ T30] audit: type=1804 audit(1750365810.310:65): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1199" name="/newroot/337/cgroup.controllers" dev="tmpfs" ino=1758 res=1 errno=0 [ 244.455631][ T30] audit: type=1800 audit(1750365810.330:66): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1199" name="cgroup.controllers" dev="tmpfs" ino=1758 res=0 errno=0 [ 244.497588][ T30] audit: type=1804 audit(1750365810.350:67): pid=9627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1199" name="/newroot/337/cgroup.controllers" dev="tmpfs" ino=1758 res=1 errno=0 [ 244.558442][ T9631] mkiss: ax0: crc mode is auto. [ 244.586176][ T9634] loop8: detected capacity change from 0 to 7 [ 244.619343][ T9634] Dev loop8: unable to read RDB block 7 [ 244.620084][ T4484] Bluetooth: hci4: Frame reassembly failed (-90) [ 244.626740][ T9634] loop8: unable to read partition table [ 244.637512][ T9634] loop8: partition table beyond EOD, truncated [ 244.650131][ T9634] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 244.838768][ T9643] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present [ 244.854143][ T9643] FAULT_INJECTION: forcing a failure. [ 244.854143][ T9643] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 244.867402][ T9643] CPU: 1 UID: 0 PID: 9643 Comm: syz.2.1205 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 244.867424][ T9643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 244.867435][ T9643] Call Trace: [ 244.867441][ T9643] [ 244.867448][ T9643] dump_stack_lvl+0x189/0x250 [ 244.867474][ T9643] ? __pfx____ratelimit+0x10/0x10 [ 244.867503][ T9643] ? __pfx_dump_stack_lvl+0x10/0x10 [ 244.867523][ T9643] ? __pfx__printk+0x10/0x10 [ 244.867554][ T9643] should_fail_ex+0x414/0x560 [ 244.867582][ T9643] _copy_to_user+0x31/0xb0 [ 244.867609][ T9643] simple_read_from_buffer+0xe1/0x170 [ 244.867640][ T9643] proc_fail_nth_read+0x1df/0x250 [ 244.867660][ T9643] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.867679][ T9643] ? rw_verify_area+0x258/0x650 [ 244.867700][ T9643] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 244.867718][ T9643] vfs_read+0x1fd/0x980 [ 244.867745][ T9643] ? __pfx___mutex_lock+0x10/0x10 [ 244.867764][ T9643] ? __pfx_vfs_read+0x10/0x10 [ 244.867787][ T9643] ? __fget_files+0x2a/0x420 [ 244.867817][ T9643] ? __fget_files+0x3a0/0x420 [ 244.867841][ T9643] ? __fget_files+0x2a/0x420 [ 244.867875][ T9643] ksys_read+0x145/0x250 [ 244.867900][ T9643] ? __pfx_ksys_read+0x10/0x10 [ 244.867919][ T9643] ? rcu_is_watching+0x15/0xb0 [ 244.867945][ T9643] ? do_syscall_64+0xbe/0x3b0 [ 244.867966][ T9643] do_syscall_64+0xfa/0x3b0 [ 244.867982][ T9643] ? lockdep_hardirqs_on+0x9c/0x150 [ 244.868008][ T9643] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.868024][ T9643] ? clear_bhb_loop+0x60/0xb0 [ 244.868046][ T9643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.868063][ T9643] RIP: 0033:0x7f457178d33c [ 244.868079][ T9643] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 244.868093][ T9643] RSP: 002b:00007f456f5f6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 244.868111][ T9643] RAX: ffffffffffffffda RBX: 00007f45719b5fa0 RCX: 00007f457178d33c [ 244.868124][ T9643] RDX: 000000000000000f RSI: 00007f456f5f60a0 RDI: 0000000000000004 [ 244.868134][ T9643] RBP: 00007f456f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 244.868145][ T9643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 244.868155][ T9643] R13: 0000000000000000 R14: 00007f45719b5fa0 R15: 00007ffecdd7a238 [ 244.868181][ T9643] [ 245.320132][ T9652] input: syz1 as /devices/virtual/input/input35 [ 245.797480][ T9656] binder: 9655:9656 ioctl c0306201 2000000003c0 returned -14 [ 246.544912][ T9675] input: syz1 as /devices/virtual/input/input36 [ 246.661481][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 246.667839][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 246.716418][ T9681] loop8: detected capacity change from 0 to 5 [ 246.756596][ T5850] Dev loop8: unable to read RDB block 5 [ 246.768234][ T5850] loop8: unable to read partition table [ 246.774661][ T5850] loop8: partition table beyond EOD, truncated [ 246.784381][ T9681] Dev loop8: unable to read RDB block 5 [ 246.809007][ T9681] loop8: unable to read partition table [ 246.818395][ T9681] loop8: partition table beyond EOD, truncated [ 246.825278][ T9681] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 246.941911][ T9686] sp0: Synchronizing with TNC [ 247.062150][ T9685] [U] [ 247.102878][ T9694] No buffer was provided with the request [ 247.943810][ T9712] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 247.974554][ T9714] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 249.300660][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 249.300875][ T51] Bluetooth: hci4: command 0x1003 tx timeout [ 250.180969][ T9765] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.371894][ T4484] Bluetooth: hci5: Frame reassembly failed (-84) [ 250.379119][ T5839] Bluetooth: hci5: Malformed Event: 0x02 [ 250.388223][ T9771] Bluetooth: hci5: Frame reassembly failed (-84) [ 250.963940][ T9790] FAULT_INJECTION: forcing a failure. [ 250.963940][ T9790] name failslab, interval 1, probability 0, space 0, times 0 [ 250.977801][ T9790] CPU: 1 UID: 0 PID: 9790 Comm: syz.3.1255 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 250.977829][ T9790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.977842][ T9790] Call Trace: [ 250.977851][ T9790] [ 250.977860][ T9790] dump_stack_lvl+0x189/0x250 [ 250.977888][ T9790] ? __pfx____ratelimit+0x10/0x10 [ 250.977922][ T9790] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.977947][ T9790] ? __pfx__printk+0x10/0x10 [ 250.977977][ T9790] ? __pfx___might_resched+0x10/0x10 [ 250.978000][ T9790] ? fs_reclaim_acquire+0x7d/0x100 [ 250.978035][ T9790] should_fail_ex+0x414/0x560 [ 250.978067][ T9790] should_failslab+0xa8/0x100 [ 250.978114][ T9790] __kmalloc_noprof+0xcb/0x4f0 [ 250.978137][ T9790] ? kfree+0x4d/0x440 [ 250.978155][ T9790] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 250.978185][ T9790] tomoyo_realpath_from_path+0xe3/0x5d0 [ 250.978212][ T9790] ? tomoyo_domain+0xd9/0x130 [ 250.978241][ T9790] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 250.978285][ T9790] tomoyo_path_number_perm+0x1e8/0x5a0 [ 250.978317][ T9790] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 250.978364][ T9790] ? __lock_acquire+0xab9/0xd20 [ 250.978403][ T9790] ? __fget_files+0x2a/0x420 [ 250.978434][ T9790] ? __fget_files+0x2a/0x420 [ 250.978460][ T9790] ? __fget_files+0x3a0/0x420 [ 250.978486][ T9790] ? __fget_files+0x2a/0x420 [ 250.978517][ T9790] security_file_ioctl+0xcb/0x2d0 [ 250.978547][ T9790] __se_sys_ioctl+0x47/0x170 [ 250.978572][ T9790] do_syscall_64+0xfa/0x3b0 [ 250.978590][ T9790] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.978618][ T9790] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.978637][ T9790] ? clear_bhb_loop+0x60/0xb0 [ 250.978659][ T9790] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.978677][ T9790] RIP: 0033:0x7f951458e929 [ 250.978693][ T9790] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.978709][ T9790] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 250.978729][ T9790] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 250.978743][ T9790] RDX: 0000200000000040 RSI: 00000000c040565e RDI: 0000000000000004 [ 250.978755][ T9790] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 250.978767][ T9790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.978778][ T9790] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 250.978807][ T9790] [ 250.978815][ T9790] ERROR: Out of memory at tomoyo_realpath_from_path. [ 251.325802][ T9795] loop8: detected capacity change from 0 to 7 [ 251.335916][ T9795] Dev loop8: unable to read RDB block 7 [ 251.342264][ T9795] loop8: unable to read partition table [ 251.348042][ T9795] loop8: partition table beyond EOD, truncated [ 251.355160][ T9795] loop_reread_partitions: partition scan of loop8 (被xA) failed (rc=-5) [ 251.508495][ T9800] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 251.689177][ T9809] usb usb9: usbfs: process 9809 (syz.3.1262) did not claim interface 0 before use [ 251.700913][ T5852] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 251.700964][ T5839] Bluetooth: hci4: command 0xfc11 tx timeout [ 251.894845][ T9813] FAULT_INJECTION: forcing a failure. [ 251.894845][ T9813] name failslab, interval 1, probability 0, space 0, times 0 [ 251.907815][ T9813] CPU: 1 UID: 0 PID: 9813 Comm: syz.3.1264 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 251.907838][ T9813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 251.907848][ T9813] Call Trace: [ 251.907855][ T9813] [ 251.907862][ T9813] dump_stack_lvl+0x189/0x250 [ 251.907886][ T9813] ? __pfx____ratelimit+0x10/0x10 [ 251.907914][ T9813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.907935][ T9813] ? __pfx__printk+0x10/0x10 [ 251.907957][ T9813] ? __pfx___might_resched+0x10/0x10 [ 251.907977][ T9813] ? fs_reclaim_acquire+0x7d/0x100 [ 251.908007][ T9813] should_fail_ex+0x414/0x560 [ 251.908034][ T9813] should_failslab+0xa8/0x100 [ 251.908059][ T9813] __kmalloc_noprof+0xcb/0x4f0 [ 251.908080][ T9813] ? tomoyo_encode+0x28b/0x550 [ 251.908104][ T9813] tomoyo_encode+0x28b/0x550 [ 251.908130][ T9813] tomoyo_realpath_from_path+0x58d/0x5d0 [ 251.908161][ T9813] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 251.908188][ T9813] tomoyo_path_number_perm+0x1e8/0x5a0 [ 251.908217][ T9813] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 251.908260][ T9813] ? __lock_acquire+0xab9/0xd20 [ 251.908296][ T9813] ? __fget_files+0x2a/0x420 [ 251.908343][ T9813] ? __fget_files+0x2a/0x420 [ 251.908369][ T9813] ? __fget_files+0x3a0/0x420 [ 251.908395][ T9813] ? __fget_files+0x2a/0x420 [ 251.908426][ T9813] security_file_ioctl+0xcb/0x2d0 [ 251.908455][ T9813] __se_sys_ioctl+0x47/0x170 [ 251.908480][ T9813] do_syscall_64+0xfa/0x3b0 [ 251.908497][ T9813] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.908526][ T9813] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.908544][ T9813] ? clear_bhb_loop+0x60/0xb0 [ 251.908566][ T9813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.908584][ T9813] RIP: 0033:0x7f951458e929 [ 251.908600][ T9813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.908616][ T9813] RSP: 002b:00007f95153f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 251.908635][ T9813] RAX: ffffffffffffffda RBX: 00007f95147b5fa0 RCX: 00007f951458e929 [ 251.908649][ T9813] RDX: 0000200000000040 RSI: 00000000c040565e RDI: 0000000000000004 [ 251.908660][ T9813] RBP: 00007f95153f6090 R08: 0000000000000000 R09: 0000000000000000 [ 251.908672][ T9813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.908683][ T9813] R13: 0000000000000000 R14: 00007f95147b5fa0 R15: 00007ffc7c2a4008 [ 251.908711][ T9813] [ 251.908729][ T9813] ERROR: Out of memory at tomoyo_realpath_from_path. [ 252.421179][ T5852] Bluetooth: hci5: command 0x1003 tx timeout [ 252.421203][ T51] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 252.533770][ T5833] cgroup: fork rejected by pids controller in /syz2 [ 253.096731][ T9841] Attempt to restore checkpoint with obsolete wellknown handles [ 253.186144][ T4484] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.388315][ T4484] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.724203][ T4484] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 253.800363][ T5852] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 253.816941][ T5852] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 253.824621][ T5852] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 253.840618][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 253.848916][ T5852] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 253.857521][ T9852] loop8: detected capacity change from 0 to 7 [ 253.868227][ T51] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 253.878403][ T51] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 253.885784][ T51] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 253.896611][ T51] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 253.904198][ T51] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 253.933491][ T9852] Dev loop8: unable to read RDB block 7 [ 253.949847][ T9852] loop8: unable to read partition table [ 253.995370][ T9852] loop8: partition table beyond EOD, truncated [ 254.002446][ T9852] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 254.114520][ T4484] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 254.639836][ T4484] bridge_slave_1: left allmulticast mode [ 254.667387][ T4484] bridge_slave_1: left promiscuous mode [ 254.683390][ T4484] bridge0: port 2(bridge_slave_1) entered disabled state [ 254.742497][ T4484] bridge_slave_0: left allmulticast mode [ 254.748274][ T4484] bridge_slave_0: left promiscuous mode [ 254.768724][ T4484] bridge0: port 1(bridge_slave_0) entered disabled state [ 255.258968][ T9885] QAT: failed to copy from user cfg_data. [ 255.413221][ T9893] binder_alloc: binder_alloc_mmap_handler: 9892 200000735000-200000736000 already mapped failed -16 [ 255.440347][ T9893] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present [ 255.482501][ T9869] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 255.488455][ T9869] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 255.567997][ T9897] loop8: detected capacity change from 0 to 7 [ 255.579354][ T5850] Dev loop8: unable to read RDB block 7 [ 255.587287][ T5850] loop8: unable to read partition table [ 255.594959][ T5850] loop8: partition table beyond EOD, truncated [ 255.604319][ T9897] Dev loop8: unable to read RDB block 7 [ 255.609978][ T9897] loop8: unable to read partition table [ 255.616910][ T9897] loop8: partition table beyond EOD, truncated [ 255.623615][ T9897] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 255.785379][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.794887][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.026947][ T9910] usb usb9: usbfs: process 9910 (syz.3.1293) did not claim interface 0 before use [ 256.421566][ T9923] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 256.645926][ T4484] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 256.689891][ T9931] usb usb9: usbfs: process 9931 (syz.3.1303) did not claim interface 0 before use [ 256.704092][ T4484] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 256.749774][ T9933] Sensor A: ================= START STATUS ================= [ 256.760266][ T9933] Sensor A: Test Pattern: 75% Colorbar [ 256.766597][ T9933] Sensor A: Show Information: All [ 256.769396][ T4484] bond0 (unregistering): Released all slaves [ 256.772395][ T9933] Sensor A: Vertical Flip: false [ 256.772433][ T9933] Sensor A: Horizontal Flip: false [ 256.772455][ T9933] Sensor A: Brightness: 255 [ 256.772477][ T9933] Sensor A: Contrast: 128 [ 256.772498][ T9933] Sensor A: Hue: 0 [ 256.772519][ T9933] Sensor A: Saturation: 128 [ 256.772540][ T9933] Sensor A: ================== END STATUS ================== [ 256.896280][ T9849] chnl_net:caif_netlink_parms(): no params data found [ 257.229840][ T9942] usb usb8: usbfs: process 9942 (syz.0.1306) did not claim interface 0 before use [ 257.268822][ T9849] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.313299][ T9849] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.344061][ T9849] bridge_slave_0: entered allmulticast mode [ 257.365455][ T9849] bridge_slave_0: entered promiscuous mode [ 257.436444][ T9938] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xa5c pfn:0x73ce0 [ 257.473459][ T9849] bridge0: port 2(bridge_slave_1) entered blocking state [ 257.493938][ T9938] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 257.512137][ T9849] bridge0: port 2(bridge_slave_1) entered disabled state [ 257.519368][ T9849] bridge_slave_1: entered allmulticast mode [ 257.534659][ T9938] memcg:ffff88807b4c0000 [ 257.537941][ T9849] bridge_slave_1: entered promiscuous mode [ 257.549157][ T9938] flags: 0xfff00000000041(locked|head|node=0|zone=1|lastcpupid=0x7ff) [ 257.560308][ T9938] raw: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 257.574163][ T9938] raw: 0000000000000a5c 0000000000000000 00000001ffffffff ffff88807b4c0000 [ 257.630548][ T9938] head: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000 [ 257.640137][ T9938] head: 0000000000000a5c 0000000000000000 00000001ffffffff ffff88807b4c0000 [ 257.671540][ T9938] head: 00fff00000000202 ffffea0001cf3801 00000000ffffffff 00000000ffffffff [ 257.680272][ T9938] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 257.711009][ T9938] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping)) [ 257.725532][ T9849] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 257.742765][ T9849] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 257.748677][ T9938] page_owner tracks the page as allocated [ 257.774283][ T9938] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152c40(GFP_NOFS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 9938, tgid 9937 (syz.1.1305), ts 257436410599, free_ts 248080206208 [ 257.800808][ T9938] post_alloc_hook+0x240/0x2a0 [ 257.805716][ T9938] get_page_from_freelist+0x21e4/0x22c0 [ 257.815772][ T9938] __alloc_frozen_pages_noprof+0x181/0x370 [ 257.822694][ T9938] alloc_pages_mpol+0x232/0x4a0 [ 257.830669][ T9938] alloc_pages_noprof+0xa9/0x190 [ 257.836118][ T9938] folio_alloc_noprof+0x1e/0x30 [ 257.841353][ T9938] filemap_alloc_folio_noprof+0xdf/0x470 [ 257.852011][ T9938] page_cache_ra_order+0x5e5/0xc70 [ 257.864088][ T9938] do_sync_mmap_readahead+0x4b5/0x5f0 [ 257.875297][ T9938] filemap_fault+0x62a/0x1200 [ 257.885444][ T9938] __do_fault+0x138/0x390 [ 257.894572][ T9938] __handle_mm_fault+0x198b/0x5620 [ 257.906605][ T9938] handle_mm_fault+0x40a/0x8e0 [ 257.916739][ T9938] do_user_addr_fault+0x764/0x1390 [ 257.927764][ T9938] exc_page_fault+0x76/0xf0 [ 257.945359][ T9938] asm_exc_page_fault+0x26/0x30 [ 257.965897][ T9938] page last free pid 9690 tgid 9690 stack trace: [ 257.985867][ T9938] free_unref_folios+0xc66/0x14d0 [ 257.997909][ T9938] folios_put_refs+0x559/0x640 [ 258.024710][ T9938] truncate_inode_pages_range+0x346/0xda0 [ 258.055054][ T9938] blkdev_flush_mapping+0x108/0x270 [ 258.073398][ T9938] bdev_release+0x417/0x650 [ 258.080276][ T9938] blkdev_release+0x15/0x20 [ 258.085635][ T9938] __fput+0x44c/0xa70 [ 258.089687][ T9938] task_work_run+0x1d1/0x260 [ 258.099731][ T9938] do_exit+0x6ad/0x22e0 [ 258.104958][ T9938] do_group_exit+0x21c/0x2d0 [ 258.109603][ T9938] __x64_sys_exit_group+0x3f/0x40 [ 258.119413][ T9938] x64_sys_call+0x21ba/0x21c0 [ 258.124247][ T9938] do_syscall_64+0xfa/0x3b0 [ 258.129838][ T9938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.139919][ T9938] ------------[ cut here ]------------ [ 258.145861][ T9938] kernel BUG at mm/filemap.c:868! [ 258.157763][ T9938] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 258.164051][ T9938] CPU: 0 UID: 0 PID: 9938 Comm: syz.1.1305 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 258.176069][ T9938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 258.186146][ T9938] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 258.192265][ T9938] Code: 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cb a2 10 00 90 0f 0b e8 83 02 c9 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 b4 a2 10 00 90 <0f> 0b e8 6c 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 9d a2 10 00 [ 258.211908][ T9938] RSP: 0018:ffffc90018f1ee60 EFLAGS: 00010246 [ 258.217998][ T9938] RAX: 49da1d97cbce2d00 RBX: 0000000000000002 RCX: 0000000000000000 [ 258.225991][ T9938] RDX: 0000000000000007 RSI: ffffffff8da4c121 RDI: 00000000ffffffff [ 258.233980][ T9938] RBP: ffffc90018f1efc8 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e [ 258.241982][ T9938] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffea0001cf3800 [ 258.249987][ T9938] R13: dffffc0000000000 R14: ffffea0001cf3808 R15: 0000000000000004 [ 258.257978][ T9938] FS: 00007fb1a71626c0(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000 [ 258.266926][ T9938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.273531][ T9938] CR2: 00007f95153b3f98 CR3: 0000000075c0a000 CR4: 00000000003526f0 [ 258.281531][ T9938] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 258.289530][ T9938] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 258.297520][ T9938] Call Trace: [ 258.300823][ T9938] [ 258.303789][ T9938] ? percpu_ref_put+0x19/0x180 [ 258.308585][ T9938] ? __pfx___filemap_add_folio+0x10/0x10 [ 258.314257][ T9938] ? percpu_ref_put+0xf9/0x180 [ 258.319057][ T9938] filemap_add_folio+0xd5/0x270 [ 258.323948][ T9938] page_cache_ra_order+0x74c/0xc70 [ 258.329100][ T9938] do_sync_mmap_readahead+0x4b5/0x5f0 [ 258.334514][ T9938] ? __pfx_do_sync_mmap_readahead+0x10/0x10 [ 258.340448][ T9938] ? count_memcg_event_mm+0x1d/0x250 [ 258.345774][ T9938] ? count_memcg_event_mm+0x1d/0x250 [ 258.351103][ T9938] filemap_fault+0x62a/0x1200 [ 258.355826][ T9938] ? __pfx_filemap_fault+0x10/0x10 [ 258.360995][ T9938] __do_fault+0x138/0x390 [ 258.365371][ T9938] __handle_mm_fault+0x198b/0x5620 [ 258.370522][ T9938] ? __pfx___handle_mm_fault+0x10/0x10 [ 258.376017][ T9938] ? find_vma+0xe7/0x160 [ 258.380291][ T9938] ? __pfx_find_vma+0x10/0x10 [ 258.384995][ T9938] handle_mm_fault+0x40a/0x8e0 [ 258.389789][ T9938] do_user_addr_fault+0x764/0x1390 [ 258.394952][ T9938] exc_page_fault+0x76/0xf0 [ 258.399495][ T9938] asm_exc_page_fault+0x26/0x30 [ 258.404370][ T9938] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 258.410214][ T9938] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 ff f6 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 258.429852][ T9938] RSP: 0018:ffffc90018f1f7f8 EFLAGS: 00050206 [ 258.436037][ T9938] RAX: ffffffff84c5b201 RBX: ffff888027063000 RCX: 0000000000001000 [ 258.444056][ T9938] RDX: 0000000000000000 RSI: ffff888027063000 RDI: 00002000001e4100 [ 258.452055][ T9938] RBP: ffffc90018f1f948 R08: ffff888027063fff R09: 1ffff11004e0c7ff [ 258.460049][ T9938] R10: dffffc0000000000 R11: ffffed1004e0c800 R12: 1ffff920031e3faf [ 258.468151][ T9938] R13: 00002000001e4100 R14: ffffc90018f1fd88 R15: 0000000000001000 [ 258.476165][ T9938] ? _copy_to_iter+0x161/0x16f0 [ 258.481100][ T9938] _copy_to_iter+0x24c/0x16f0 [ 258.485836][ T9938] ? __pfx_filemap_get_pages+0x10/0x10 [ 258.491349][ T9938] ? __pfx__copy_to_iter+0x10/0x10 [ 258.496517][ T9938] ? folio_mark_accessed+0x26f/0x8b0 [ 258.501841][ T9938] ? __pfx_folio_mark_accessed+0x10/0x10 [ 258.507510][ T9938] ? page_copy_sane+0x4e/0x280 [ 258.512479][ T9938] copy_page_to_iter+0x10c/0x1c0 [ 258.517452][ T9938] filemap_read+0x7c0/0x11a0 [ 258.522086][ T9938] ? __pfx_filemap_read+0x10/0x10 [ 258.527155][ T9938] ? end_current_label_crit_section+0x152/0x180 [ 258.533435][ T9938] ? down_read+0x1ad/0x2e0 [ 258.537882][ T9938] blkdev_read_iter+0x30a/0x440 [ 258.542771][ T9938] vfs_read+0x4cd/0x980 [ 258.546976][ T9938] ? __pfx_vfs_read+0x10/0x10 [ 258.551694][ T9938] ? __fget_files+0x2a/0x420 [ 258.556342][ T9938] ksys_read+0x145/0x250 [ 258.560614][ T9938] ? __pfx_ksys_read+0x10/0x10 [ 258.565439][ T9938] ? rcu_is_watching+0x15/0xb0 [ 258.570229][ T9938] ? do_syscall_64+0xbe/0x3b0 [ 258.574927][ T9938] do_syscall_64+0xfa/0x3b0 [ 258.579451][ T9938] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.584682][ T9938] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.590776][ T9938] ? clear_bhb_loop+0x60/0xb0 [ 258.595487][ T9938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.601405][ T9938] RIP: 0033:0x7fb1a638e929 [ 258.605851][ T9938] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.625476][ T9938] RSP: 002b:00007fb1a7162038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 258.633915][ T9938] RAX: ffffffffffffffda RBX: 00007fb1a65b5fa0 RCX: 00007fb1a638e929 [ 258.641902][ T9938] RDX: 00000000fffffe5a RSI: 0000200000000100 RDI: 0000000000000003 [ 258.649890][ T9938] RBP: 00007fb1a6410b39 R08: 0000000000000000 R09: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 258.657884][ T9938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 258.665888][ T9938] R13: 0000000000000000 R14: 00007fb1a65b5fa0 R15: 00007fff2c053798 [ 258.673889][ T9938] [ 258.676922][ T9938] Modules linked in: [ 258.680890][ C0] vkms_vblank_simulate: vblank timer overrun [ 258.687539][ T9938] ---[ end trace 0000000000000000 ]--- [ 258.700161][ T4484] hsr_slave_0: left promiscuous mode [ 258.707311][ T9938] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0 [ 258.723212][ T9938] Code: 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cb a2 10 00 90 0f 0b e8 83 02 c9 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 b4 a2 10 00 90 <0f> 0b e8 6c 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 9d a2 10 00 [ 258.748144][ T4484] hsr_slave_1: left promiscuous mode [ 258.791718][ T4484] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 258.799143][ T4484] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 258.841313][ T9938] RSP: 0018:ffffc90018f1ee60 EFLAGS: 00010246 [ 258.848036][ T4484] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 258.857632][ T4484] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 258.864866][ T9938] RAX: 49da1d97cbce2d00 RBX: 0000000000000002 RCX: 0000000000000000 [ 258.873473][ T9938] RDX: 0000000000000007 RSI: ffffffff8da4c121 RDI: 00000000ffffffff [ 258.881552][ T9938] RBP: ffffc90018f1efc8 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e [ 258.893551][ T4484] veth1_macvtap: left promiscuous mode [ 258.895538][ T9938] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffea0001cf3800 [ 258.899096][ T4484] veth0_macvtap: left promiscuous mode [ 258.908167][ T9938] R13: dffffc0000000000 R14: ffffea0001cf3808 R15: 0000000000000004 [ 258.915424][ T4484] veth1_vlan: left promiscuous mode [ 258.924818][ T9938] FS: 00007fb1a71626c0(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000 [ 258.926666][ T4484] veth0_vlan: left promiscuous mode [ 258.935659][ T9938] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.948250][ T9938] CR2: 0000557f0428b000 CR3: 0000000075c0a000 CR4: 00000000003526f0 [ 258.956466][ T9938] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 258.964767][ T9938] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 258.977742][ T9938] Kernel panic - not syncing: Fatal exception [ 258.984171][ T9938] Kernel Offset: disabled [ 258.988524][ T9938] Rebooting in 86400 seconds..