last executing test programs:

1m48.773623798s ago: executing program 0 (id=3063):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
ioctl$BLKFRAGET(r1, 0x1265, &(0x7f0000000080))
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRESDEC=r1], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12)

1m48.537287269s ago: executing program 0 (id=3065):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000000)={0x4, <r2=>0xffffffffffffffff})
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x12, r2, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r3, 0x40101286, 0x0) (async)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1dd, 0x0, 0x390}]}) (async)
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r7, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r7, 0x0, 0x0) (async)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r9 = dup(r8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r9, 0x0)
ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1m47.747396234s ago: executing program 0 (id=3070):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(0xffffffffffffffff, &(0x7f0000000080)={0x1, 0xa}, 0x2) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f00000003c0)={0x75, 0x4, 0xfffffffd})
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r4, 0x4004ae8b, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000)

1m47.336001893s ago: executing program 0 (id=3074):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x288802, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r1, 0x7a5, &(0x7f0000000240)={{@hyper, 0xfffffffa}, 0x1, 0x2})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x101, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYRES16=r0])
syz_open_dev$video(&(0x7f0000000040), 0x2, 0x4000)
r5 = syz_open_dev$evdev(&(0x7f0000000380), 0x0, 0x2000)
ioctl$EVIOCSCLOCKID(r5, 0x400445a0, &(0x7f00000003c0)=0x5)
preadv2(r0, &(0x7f0000000880)=[{&(0x7f0000000240)=""/170, 0xaa}, {&(0x7f00000003c0)=""/57, 0x39}, {&(0x7f0000000400)=""/36, 0x24}, {&(0x7f0000000440)=""/200, 0xc8}, {&(0x7f0000000540)=""/161, 0xa1}, {&(0x7f0000000600)=""/226, 0xeb}, {&(0x7f00000000c0)=""/38, 0x1d}, {&(0x7f0000000740)=""/7, 0x7}, {&(0x7f0000000940)=""/176, 0xb0}, {&(0x7f0000000840)=""/56, 0xfffffd8b}], 0x10000000000002e8, 0xa66, 0x2, 0xf)

1m46.965783419s ago: executing program 0 (id=3080):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)={0x1, 0x0, [{0x40000096}]})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000040)={0x0, 0x0, {0x1, 0x0, 0x0, 0x1, 0x81}, 0x743c})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x4001, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3, 0x2010, r6, 0x1000000000000000)

1m46.4402052s ago: executing program 0 (id=3086):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020)
r4 = dup(r2)
write$UHID_INPUT(r4, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r5=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r5, 0x0, 0x97, 0x8000000})
syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
dup(0xffffffffffffffff) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) (async)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020) (async)
dup(r2) (async)
write$UHID_INPUT(r4, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) (async)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc}) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r5, 0x0, 0x97, 0x8000000}) (async)
syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, 0x0) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)

1m31.392518276s ago: executing program 32 (id=3086):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020)
r4 = dup(r2)
write$UHID_INPUT(r4, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r5=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r5, 0x0, 0x97, 0x8000000})
syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
dup(0xffffffffffffffff) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1) (async)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) (async)
write$dsp(r3, &(0x7f0000002000)='`', 0x88020) (async)
dup(r2) (async)
write$UHID_INPUT(r4, &(0x7f0000002a00)={0xd, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f35006c090890e0878f0e1ac6e7049b336d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) (async)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000000)={0xc}) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r5, 0x0, 0x97, 0x8000000}) (async)
syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x0) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r5, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) (async)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) (async)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) (async)
ioctl$KVM_SET_VAPIC_ADDR(r8, 0x4008ae93, 0x0) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r5}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)

3.149334661s ago: executing program 4 (id=3890):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2)
ioctl$AUTOFS_IOC_FAIL(r0, 0x40187542, 0x200000000000) (async)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000640)={<r1=>0x0, 0x6, 0x53})
ioctl$BTRFS_IOC_GET_DEV_STATS(r0, 0xc4089434, &(0x7f0000000a40)={r1, 0xfe00000000000, 0x0, [0xfffffffffffffff9, 0x401, 0x0, 0x6, 0x8], [0x800, 0x5, 0x8, 0x4, 0x8, 0x4, 0x6, 0x700000000, 0x3, 0x9, 0x5, 0x8000, 0xe2, 0xa, 0x9, 0x8, 0xfffffffffffffff8, 0x54, 0x1000, 0x6, 0x0, 0x10000, 0x3, 0x6, 0xfffffffffffffff8, 0x8000000000000001, 0x7, 0x1, 0x3bb, 0x400, 0x1, 0x6, 0x7, 0x1, 0x7, 0xfffffffffffffff1, 0x800, 0x5, 0x4, 0xbf3, 0x3e51aef2, 0x8, 0x9, 0x9, 0x48d6, 0x2, 0xca3, 0x5, 0xffffffff, 0x10001, 0x3, 0x2, 0xc, 0x1, 0x401, 0x0, 0x0, 0xfffffffffffffe00, 0x81, 0x7f, 0x80000001, 0xd26000000000, 0x5ce, 0x3, 0x5, 0x5fd, 0xa, 0x6, 0x62, 0x0, 0x1, 0x0, 0x1, 0x9, 0x8a, 0x2, 0x27, 0x2551, 0x2, 0x2, 0x1ff, 0x10000, 0x1, 0x9, 0x0, 0x0, 0x9, 0x22, 0x9, 0x4, 0x244, 0x100, 0x6, 0x9, 0x6, 0xf9e, 0x4, 0x5, 0x8, 0x0, 0xfffffffffffffff6, 0x9, 0x7, 0x409908fd, 0x4, 0x2, 0x1, 0x60e, 0xffffffffffffffff, 0x6, 0x7, 0x800, 0x100000001, 0xe3, 0x6, 0x9, 0x101, 0xccad, 0x0, 0x8, 0x100000000]}) (async)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0)
ioctl$mixer_OSS_GETVERSION(r2, 0x40086602, &(0x7f0000000000)) (async)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r4, 0x4020565a, &(0x7f0000000080)={0x5, 0x2})
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f00000000c0)=0x3) (async)
ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000200)) (async)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) (async, rerun: 32)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32)
ioctl$FICLONERANGE(r3, 0x4020940d, &(0x7f0000000080)={{r7}, 0x0, 0x2, 0x1})
r8 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0)
write$apparmor_exec(r8, &(0x7f0000000600)=ANY=[@ANYBLOB='stack #(%#{//&@\\)//&'], 0x20) (async)
write$cgroup_subtree(r6, &(0x7f0000000000)=ANY=[], 0x32600)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r9, 0x40505331, &(0x7f00000000c0)={0xf00}) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0xc4000, 0x0)
ioctl$KVM_NMI(r6, 0xae9a) (async, rerun: 64)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0) (rerun: 64)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x20000000ec071, 0xffffffffffffffff, 0x4000) (async)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000002, 0x4000932, 0xffffffffffffffff, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r12, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000000b0100007700"/24])
write$cgroup_int(r5, &(0x7f0000000040)=0x900, 0x12)

2.961857879s ago: executing program 4 (id=3893):
ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000080)=0xb62)
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
r1 = openat$vmci(0xffffff9c, &(0x7f0000001640), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x10000)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r2, 0x40045532, &(0x7f0000000040))
r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r4 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r4, 0xc0884113, &(0x7f0000000240)={0x20000001, 0x0, 0x0, 0x7, 0xfffffffffffffff8, 0x3, 0xbdf2, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x0, 0xfffffffb, 0x5})
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f00000000c0)={@hyper})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r1, 0x7b2, &(0x7f00000010c0)={&(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000], 0x2, 0x400})
write(r0, &(0x7f0000000380)="fb196dec69a10b2284f761ca101022bcc68752cd2a4ddad8fb4427a23a27b90193ac13a4af86fe765f972d765daff264784bbd7bb9758824e951404b348375ddf05290d0ac0d1193da1090cae4ae32d841f14b4463125af7074084be37266ad8ffda263654000bec6327c11e0e3029907058c64629ad771d9b152fdcc2121b2a355ab2a4754e155e74e1a2618acc20f055d7f69bacaeebdecbcede36c675896677245097c7d87c727afc8890a6acabd6dc660bc389ef8379fb67212653aa766c1d6eca7c7b622835696a5e0ba4c04e7ac7263122337c3dc19d7974310bf43a8251cbc75ff3cffeab3d2e0e9d8e3edbd6bccb93185ab0f08af349c81512f0140643a55eb53a6cae06d378ecc95b7772f3b638d6f34b6ddc61e5014a16be5d7167800e5f992a71983d0698ace86ceb24f3f016bfb640c2833bf3bcba65c329d43e65351c89f9b8a392267438a8c10b0022546cdf39bdd0a57084c8d3a79e97bf75aa5409ff114febd2e48a59d118a4396ff5cee71b8d0b34e63343216281cb47a4a28b329de3104068ec02bd2e849a523c3b92c060dd023c3b9968c3329dd076db9c5f377b94168adc3a766b7f7f941cb4c6b507c77864c839770943f504a7f616b9e7c6b3dc2a81c617c0c6e6f5b0a6d0389ceb0da410e8562bdc5bb88de4a47810a21174488a4d3ef8dcba8a033ecd5f2361c8ba179ed58cf88c335433dfc0f0c1ed5716df27cb1823af02a2ca4f89754f3567b2f51b17f8ef04e8ce3e60e8c1d7773e98a4948f5bf5cee4b0732a78e67ab86a677b0d34cb3f852245e466f05618b844213fe8700cc6fc0b6813ba41a113b524709fb15ad68493da36443f83fc3cc25948dac9f32968e693e3b8c15386fdfd21344cec28e6170b2c94f8d2a6cd1c087297a18c82947e60b97e12742fc0ef6007ec136b3429ba2d4ef1b1fa77428fcc626c6eee96174c2a32a8e0cfa8b7cce8a39a8eef0d921cbf35a2a5ea6c1c8fedeb5bc783502b60392752262e38666f7f2eef6153471ddc469d89f911dadb2aeb40615cba6f5c37cd3ee584aed4f950063dbe223469190cd61281008ca4458373f98f9294115089801dda01deb69d56cdb0e10563a0c78045d6564c41bba6e31ab1e2141d5081624d108c8e8ddaafe7099a7114e2552dd46900f0a5aeaccab141175d377ab872f94d23b083c03cac21abd19ed2307264568e111d5927c08547716b5fdc4db72e4e715c35adb6333a3413b5a4b6b62bd82ab3fc52412929d4945c974ca5e42a2f7ec3f4987f1cc697e4dcbeb25a24c8755038c67da8e6b295f60ce900a5b6fd5a9ef3d50ffcb21ccbae6f05203d135f1bdf20d1d03fa044520cd6e7b5ea79c2f21c76914d47df5961ea77087967fc69836e819ba91d6ed2daf2a21c1100a1bb3320997422234b4d166eeb4c1d6498f508c4fbffdbb6fa8971598782d2d5ad10a38f785592151d406bfa8a3b72f35bcd895acc762182f7f56f851d808c0b872ab787472bcc07f311f442cf2755f3fd737b5ebe059d703306eb51f97de3fc62204d0a8ef4032e720dcf2c7afb2ffc0d07b1fe2da1568f44b0fd9979c2b1c69d4895145931dc6de29c0fbaae24607bf445a73237409b9595780bb173ab5938461120a70f64707cb90fa38dfec31259dab069b4a108d8ff7073de4f28fefe9acb318e725ca1d937e987c54b1b7c88b1ff8d82ee78291a4e80ae588d07b8dfe9303cc80172048992932642502d0a34a1135fd9fe480b891feead766a5d0ea906ea90e7e42800ae1d4c2ec23bf98e307c35ca76606e8b261c9a8ddde2d057bb0cfaaf4233f7a3e0ab5eb2565afc2210c2e33f2d63c51afb7d823acf58e6e602f544872dc3821f9c4fbb5e64eeb30de1df52a406fe25d024dde2cf3ce08230830f6359ab499ca38a4b442d56f28fb8a017657b2c241c10f490d3b7904325098ec40e5d90311b08a23446e107ca4a5ac7146764c9daeaaf7d1e288880296b91387ecb75a8f442c3cf29704460144ce5c03b8d74e689a7ff091e2883c1e4a45cfb8d124caab6d8518c983b1d958921c7d02e0d2f881d8379fa01f76ece37b67a59d6692ddcf34badd6d081bae36b43ab6e961409677bfdc445b3bb67ba9ee779af19cb42de9cf2e18ba6e6859152280f69cecf5fe120aaa5a894d0e125ce24fa33e77a90696a367d88d839663b4ce7f195ce6b158f6204c8e380f0b1be2c41b10d8984d55ba4f51262dbd6e3254660604efe5fc8f6ae5e2b3c0a219650060bc40d839b86c5a07247f36f2bf83d282ca0951b056c1ea748785984d5b686dd74618d4e28090ba47aaf2512d03eb21b7e97fdea9197b75da73d8b9a29b566254bd6654f3f1eec1006b7b671301dcb5051c18435f247d366fae034022f5c965a922fe2225bdb7e757daa2e7c2bf8b03be0d4590895c34bd8582ee1d04939b60e4bd28d6e77a243e14e60e6dc9e07297d5b17f54d1c105f1334e7436c498c6c57179ce4b5a835b076e06e41fec35ef4b962fad389c935f77fa5cae0fb19c4d5b9", 0x701)

2.687705872s ago: executing program 1 (id=3896):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x2, 0x84})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
read$FUSE(r2, &(0x7f00000003c0)={0x2020, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x100000000000002, 0x6bf, 0x8, 0x3, {0x6, 0x2, 0x100000001, 0x100, 0x6, 0x1, 0x7, 0x7, 0xe, 0xa000, 0x7, 0x0, r3, 0x1, 0x9}}, {0x0, 0x1c}}}, 0xa0)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x20, 0x20})
read$FUSE(r2, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

2.236235924s ago: executing program 3 (id=3899):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0xdddd1000, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x0, 0x8, 0x9, 0x10}, {0x10000, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x3000, 0xd000, 0x0, 0x0, 0x4, 0x0, 0xff, 0x0, 0x6, 0x3, 0x4}, {0xeeee8000, 0x2000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x9, 0x80}, {0xdddd1000, 0x0, 0xa, 0x6, 0x0, 0x0, 0x3}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x26}, {0x80a0000}, {0xdddd1000}, 0xddf8ffcb, 0x0, 0xf0ffffffffffff, 0x40361, 0x0, 0xd01, 0x0, [0x0, 0x0, 0x1]})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r4, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

2.064690461s ago: executing program 2 (id=3900):
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r0, 0x4030ae7b, &(0x7f0000000000)={0x9, 0x0, 0xc5e7, 0x6, 0x2}) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32)
ioctl$KVM_SET_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee1, &(0x7f0000000180)=@attr_arm64={0x0, 0x1, 0x2, &(0x7f0000000000)=0x9}) (async, rerun: 32)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x541b, 0x0) (async)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r5=>0x0})
r6 = syz_open_dev$vcsa(&(0x7f0000000040), 0xe7, 0x0)
lseek(r6, 0x0, 0x0)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x1d, [0x6, 0xc95a, 0xfffffff3, 0x9, 0x7f, 0x2, 0x1, 0x7f, 0x6, 0xfffffff9, 0xfffffff2, 0x5f, 0xa, 0x3, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x0, 0x80000001, 0x4, 0x7, 0x3, 0x3c5b, 0x1, 0x24, 0xffffffff, 0xfffffffe, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x9, 0x3, 0x7fff, 0x4c74, 0x8f00, 0x642, 0x7, 0xa, 0x0, 0x71, 0x7, 0x7, 0x103, 0x0, 0x5, 0x3c, 0x91, 0x6, 0xfffffffd, 0x3, 0x200, 0x4, 0x6, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x8, 0x12f, 0x8000, 0x10, 0x8, 0x129432e2, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffe, 0x3, 0x0, 0x7, 0x3, 0x2f, 0xe, 0x312, 0x75, 0xea4, 0xa, 0x4, 0x4000, 0x8000, 0x9, 0x400, 0x1, 0x6, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0x4, 0x0, 0x6, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x5, 0x80, 0x1, 0x8000, 0xffff, 0x2, 0x7f, 0x9, 0x5, 0x8, 0x4, 0x1, 0x7, 0xb, 0x9, 0x48c93690, 0x3, 0xff], [0x7, 0x4, 0x0, 0x64e, 0xfffffdfe, 0x7fffffff, 0x8d2, 0x9, 0x1, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x10000009, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0xf, 0x8, 0x4, 0x6d01, 0x5, 0x3b, 0x3, 0x200, 0x80, 0x3, 0x4, 0x2, 0x0, 0xa2, 0x7, 0x53cfe97b, 0x5, 0x6, 0x54fe12d2, 0xbf, 0x200, 0x3, 0x400002, 0xfffffff9, 0x0, 0x6, 0x5, 0x0, 0x6, 0xfffffffb, 0x120000, 0x3, 0x6, 0x9, 0x4, 0x3], [0x9, 0xbb2f, 0x3, 0x7, 0x5, 0x938, 0x6, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7fff, 0x8bfff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x5, 0xffffffff, 0x7ffffffe, 0x5, 0x8, 0xc8, 0x2, 0x3, 0xffff, 0x3, 0x9, 0x100, 0x9602, 0x2383, 0x2, 0x4, 0x6, 0x1, 0x10000, 0x5, 0x8, 0x2b91, 0xa1f, 0x80008, 0x9, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x200, 0xffff3441, 0xffd]}, 0x45c) (async)
r7 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r8, &(0x7f0000000040)="e2", 0x918) (async)
read$FUSE(r7, 0x0, 0x0) (async)
r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0xe80, 0x0)
ioctl$FS_IOC_MEASURE_VERITY(r9, 0xc0046686, &(0x7f0000000000)={0x1})
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r6, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r10=>r1}, './file0\x00'})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r10, 0x3ba0, &(0x7f0000000300)={0x48, 0xa, 0x0, 0x0, r5})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000180)={0x20, r5, 0x2, 0x0, &(0x7f00000001c0)=[{0x0, 0x1}, {0x3, 0x5}]}) (async)
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r3, 0x3b82, &(0x7f0000000640)={0x18, r5, 0x0, 0x0, 0x0})
r11 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(r11, 0x5035, 0x0) (async)
ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000000"])
r12 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0)
ioctl$SNDRV_TIMER_IOCTL_INFO(r12, 0x80e85411, 0x0) (async)
r13 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000001c0), 0xa8002, 0x0)
preadv2(r13, &(0x7f0000000880)=[{&(0x7f0000000240)=""/170, 0xaa}, {&(0x7f00000003c0)=""/57, 0x39}, {&(0x7f0000000400)=""/36, 0x24}, {&(0x7f0000000440)=""/200, 0xc8}, {&(0x7f0000000540)=""/161, 0xa1}, {&(0x7f0000000600)=""/226, 0xeb}, {&(0x7f00000000c0)=""/38, 0x1d}, {&(0x7f0000000740)=""/7, 0x7}, {&(0x7f0000000940)=""/176, 0xb0}, {&(0x7f0000000840)=""/56, 0xfffffd8b}], 0x10000000000002e8, 0xa66, 0x2, 0xf)

1.921667445s ago: executing program 4 (id=3901):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
ioctl$vim2m_VIDIOC_EXPBUF(r1, 0xc0405610, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x80480})
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000)

1.835266269s ago: executing program 1 (id=3902):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
write$UHID_INPUT(r3, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b33316d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
r4 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004e4, 0x62, 0x0, 0x0, 0x0, 0x0, 0x3], 0x10000, 0x2011c0})
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="03000000000000007508000000000000030000000000000061f57c86d978"])
ioctl$KVM_RUN(r6, 0xae80, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r7, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
r8 = syz_open_dev$sndpcmp(&(0x7f0000001840), 0x1, 0x200)
ioctl$SNDRV_PCM_IOCTL_READN_FRAMES(r8, 0x80184153, 0x0)
pwritev(r8, &(0x7f0000000280)=[{&(0x7f00000001c0)="45ba025f9b7fbd9906d110067dc03e88b1203a062ead981fd9f57d933b6225fe534ea507be3c4f764bcd2d8def4c112c4a893666d407d8f9d061962a9006bf56300b6c6eb84b73388c3c84adbd21ffdae36951eb94c2c31bf852c573fb7459cf07badb132e05352020196ee2c245e7d9125f98bcfef5b970698a7e168c63c71abc98c4b8fede805f", 0x88}, {&(0x7f0000000080)="bcd529a86f146b90c03e0a28d0e22e80b39dd7442a4c3b5ce2581c507e2b636c4b0c5e840e0e762910eb5a314370525353ad252afc4e4107a3a4c4e14370db6b7ebb8a8814a0fbd0d1d1c19b473b972b55129a550cf90614c6f81217498e052415f0298601f7aa2a65a3388a86374315320531eabaa3f9f66493", 0x7a}, {&(0x7f0000000000)="03c9f455bd8540fdbc5d141af918950d1f405634e6ad55268e11d838cb81d569d711c0c9c44c86e63577b6076c", 0x2d}], 0x3, 0x2a, 0x8)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1.781527721s ago: executing program 3 (id=3903):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000001180))
mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x200000a, 0x12, r1, 0x0)
mmap$dsp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8, 0x11, r1, 0x0)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r5, 0x0, 0x0, 0x0, <r6=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f0000000380)={0x28, 0x0, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0})
r7 = syz_open_dev$swradio(&(0x7f0000000140), 0x0, 0x2)
ioctl$VIDIOC_S_FREQUENCY(r7, 0x402c5639, &(0x7f0000000180)={0x0, 0x5})
ioctl$IOMMU_HWPT_ALLOC$NONE(r4, 0x3b89, &(0x7f00000000c0)={0x28, 0x4, r6, r5, 0x0, 0x0, 0x0, 0x0, 0x0})
r8 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0)
ioctl$BLKZEROOUT(r8, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1.575658302s ago: executing program 2 (id=3904):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
read$FUSE(r1, &(0x7f00000003c0)={0x2020}, 0x2020)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1.41018387s ago: executing program 4 (id=3905):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
r2 = dup(r1)
write$UHID_INPUT(r2, &(0x7f0000001c00)={0x8, {"b0476b76ba5d044f65271519727e4ff1ff0d12c0e6bdf3ea1f52e24f60ca698457b32832b83d7e96694c1feb5809bd67002f71e0b97c0d5270c04ffa64f63b2e18ee4b7b572fe2f4d03cad38bcd106ff12f53b443ac6fc81da518f54b9004a44859529c07a2b1b8feddc0180a0f37b13babba1dd0813b7ea56dac4b7ffe9a2ef54221439ecc55223ef2d40f4ba8108c10387ddffbaed25d41e7692bf26ddfa747a666caff49843e38c86cac7323f784a17df6beaa49c3f4a98fb4013f4e573e2ef77b0965d4bfbdf7d5eada69406ca93f422495e00addfca1518085a40f10284ff59388ecf476a12ef1a540163922098d600519ae8cf3ef544344e9d968f341af618503b455f3976b76975270e94d714302382c63de5b7c1fad1fa373b369916cb3b4d583a9ebbaeb262884d25a0e1d9fb141de60df7e64cb38b6f7167991f8fba06bffe2d49133bbb462cd8a9493177eee5f03875b15c7a92c3cd6a3fdfc64f236e14fa05a0e8d3c45f13eecd22e13528c74186dc50e0e2af44177e26bded1161e5533375508dadb83db5126cc810f4e30d4e24ec12c3b99e5220aacf42c58f2960bd43c337dbd318aeeb5c9a6cd5ffd3bf1497bb48ab7bcb32c9c33c9f5b9bc4645b96f23f9e0d826b780030444ffb925f55df587ef5ca5ea74ccd66afc7981da496d6f037efbb0b08f3f5078c60ffb4db18d1b59996bd9b1513442785bf4ece8587b39d8176dc9c735d5ea25133b2053bba227b81faab7220326f8814a9df4eba4ecc6acdd82f70b653b56a18cc9dfa4deb0a112c797ab89a51a103c3a9085d828523370c4d79d9484f4dc910735a2c9b5b85197cd9c073df7a54b40df8e1bf595bab957900c2a1a7dc40e88ed0c55c362ffbb7f88a0725a6ae73b936a639e951faf9c45ae74a2ece2f6f88e425ee41d2c60cb083a2fd6d07381908a7f629e32f89a553cf0794f54b8bdc7bd541d88464a4f80ac0b8b625a803a55de4b05a95fc7f8fc3d6d79858ccb269b7b8b21657654164a9aa29f4e8462377e9d234a41ea69841a4aaa1e5f89f9b074f6f71cb1ffaa450c3160b0e319ec81ad30101db66218b0c69f97c234465dc45849fcfd62d396f2b50ddcc0ed7dd8651431534232ab6d1186d7760770a1fc6c77553a79d0297194f794997ee47781094a76d9dccf632dcbb527b3e68950d9bb534245c7f08ae1d6ef2750292ae28e5e6dcfe2a69737dd7a1e453f3902ae90789e98c212905422099904d3bfb949bde187682a59c01aa8e6a9972a63d6aaef4d4139b10a24e063707f1aba79bd59e3f9709a873dff401d1f356c4be5e449ae0e2633a1fe50ed367fe56b0499957c3b6cabb42256547995ea998f3937d153897d1c83f1ad922d6835bdfa3b986dc6f4bd927a4ca13fbaa99b7b43758e2329d588f40fac718b16cca855468643f3818496b4915fe9a2bdd3e68889fea24bc1dfa6287a801d49a7bb84654147448550d2919e4df3a943a88cf616befea4e7a4fddb7969311c6837f9529966241be1e57ed2d773debc542986d09866905a3f63b6e1820086d52a70f039154e839da7ea852c33bf3722a048f61bbf068519e050b8788370fb130a42e9f5322dfff65b15d588f9e926b70e4530e8b66697cabb1e8514831431fa0eaecb49f9613ed5fd7bc50f897bda36d24d4296e143e2480e325ec09a77c03a07b4f86eb703085313ebeee94ef5b1cde3f6a7efd785772eb4034039f598c07819b769416a223fab824c4ac50086e78042a1ccf47b6c7ede8540cded4bd4c920ce6c2b7493a5634c5e96bb761373623ab473b121d555bfd5a8bc3f5c5418bed83ffd0d6492840550fccc0c35746370396d0190b7b1d2cadcc150877e0d197f692f97cec790c95e3d3959dc7c68aca37306c1bc13ad33848395dba5e3c9ce8090bc0e7e8312091773641be56411921e3d473321c6d8bd10b7d3f5aedd6620bcaa06474bbb298bc77297b8b5dcb9e6b33dbe676460cca825609857724cee245306d07fda287d5fe57c424c27cf9b6cf0f16d2c6a8071bd57c826d7371841cf43dab1b42421ce416d0d3a9c80bc807d2e6761e53f06b3e63c0af1b4548d820118421205f040f4ab35307871e4c7a21ff28082c29e02e89486064661898c0eb1811c70a6124c1f25d62c38794a3e87c312c870db7b60d0df8b57860c94d1a9c561b327fae3a68ce9ff4551e418eb00766f0341c5e796e3cbbbe6b4864928b966110256d5475eb1fd7b2893b60e19e859baaf23c9233a1b064771671ee2d07c151e2e99c37a116a338788052a726a8519b8335e9ff4f71d00ab634543c20ddea1bf57d4f2b797182ff19618b6974d2b69d9f052934d527a1830bf2785842f35eaf32b65b7c9fdd6f0c41756072a59c0cce0b7305740729f1daa14e0092da9d022321b726d658fcef55affa2bbf36ad788f1f423b7dfd328435b4d5df315143d8b8028ba4bea6134a3dc9720c73d5e66b8b8168752eea6b78c75f04efd9677dbe419f13f5e1c9764276a83821b710307d8f85359b34d038ff17de45e8739d4b647fd1a8d794a3273d922af3374f5d3c75b8345b9dfdabb2c0418a358921e0e73d0fe88caab1741b913673e22ff4b59afa0f653a423d9b2bb20cbf07951a349eea18a891b4f4dc6df8e42a6181284f643de5fd2924ae54f672a1920343476c67333e1e8205bf4877b1251a83f417936714edb1c6975ba7969d2fcc2e69024a4669ac2f998116ade1bd84568b8f3f1fccbe95df9ed21db77315b7469f30bfae418415d9cb5aeea627ba6811e30d56d4f4bfe5f794ea4243e3cdfad3ef55199699b8433083b6f72f95effc5f2f613cfcefaf0b94e801ebcb7095a1474ee93142b82c9bf9886617b6bf69d08c83c76cd21d4cce5872d99de8e54bbff915ab923b2d24bb3aa178dd50b44fd0eb880ef33ca51d4bf5f0fbc8ffe18afe4245397f277e4efad955baa10cf56613481253d69c02e7661714b68be0fd64f29bdafbc8b4a0b30bd6709c67fe8e8915d0479b3902b1d0169fb5486b02e966ad5d8a2bcf42ecba59177cd85e17239667f6b045d1f873ce24733ae17e2d8432709062e786a32ac925121f1b0d46c66d4fb9088f4aa0cfe2149f6c2cb5b75d45349bc88fbd47e01ea07e7cd573335aab8d389846566800dd084bc3caa95f7632719c651f2d33be0fb56347c063b3c6e3e75c5e58caeb4c37574859b78c1ed018fbeed788a4305a9ee1c1ef65a0c83a7cd717a8c08ecd4e86370ffffd6d40a89a0b1e8c15a10ad5406e867e49319ad83bfbb925d5e240b4bd44fd751e7510d5ea03a6cab95f37155d1fd69aaea1db4a1f53714eb90e669209cf634f84a50c85bdc51838ebbb545b4387790df67f0122740c2abc910cf83230394172a56c9ffda6675bb8bb39846730a1bf764aeb92407c90a194da880cb8a4efb5b57a8311d864209c7fd226b93582b6b11eec559abfbba653c0569c219d3a2e60555cb739f9d32d564f23c4e98be78aa553610822af426f961df0df2185c61ccaa22b2a6aa6fb3e917bdfb2be9c3ffb8a50821321119c4cf4917db39548abc17bfba267fa50f6af15c560a21055f967f1ca6f656ddb556f9c7e17a771eeef7e80940d1c14ddf2c27647686fd0526460036aeea395fb10abef2be2ea96c9bb380370c08d1568d30eea0f3e6b7cf8f7edc7b36d4d0affd249330707b54ee620f208d885791171eb67a25a80fcc6922e0258c9673b6576564949dfa5bed9a0299bf952aade654de16e22d54fcd391ded6adab94ff621efcd91ef69acf8dfa1b22692ba3e49cd1d3fbed6db1402065ab37e457056877977ebac33ef566f28a19b9acb67a9cc53feb156814e880b3dd5a9119ffdbc5a45c20ea375f2882575b9a28740eebf63f2895d9ffac1ec33cbdcdede98a201424d000df1efd64dd7268cc1b2366ccfb09754822dafdb1821de5e6ebee09608e82e679fafb7a5100172f26998d31d7f27c2b310f0372c3b5e888f8e6efb56074177bf6a2a5bbd9ed070ad5aaf23ce144d1ac86cad110e5916a8a57e1e7fc3d37353f84f2f6d43d92ab8b35040467f3f8b1d23fac021bbac3710edc8e2e26d794db38e48020f63e94d4b4dca3e015537a8e3008274d55f81af931a0faf1a438444b6a0489b93f7b88f81f761eae0f82e60cb0cf2745ca8c9e30d3cc189c1405b1994ed71b00d90ea7a94102916cdc915620c363d04e51eabaaca6c2814a7c1e7aaeec80bdc13135b813e6d0eea83446a5c57ec29695c302c0d8da65b61fe8ada51a36e1aff34d449f9eb70cb94931226121ab121a971c2fc070ca84272d122c1696f52fbd5ed06783abe188dcf133c4d41e10295f6ffda69fa8c5a7c0fec3425a2d60523a60d280b5ce34eac5911268172e772fefba63a6f5c6dafa9e500a5e1355fb614613f8fc1ef5e5466fa19212bcdc349a865f4cee6ea80b11a410bb6e4ad677393973e38621d25ff6c4876ef8a8d2ba651be4a78d2ba9fafadcea8eff9cca3f4ab71a0b84917794e521220dad099ac8aaf32abd162348879e4299e4d46395f9d55267b635e18ca2e2fc96146b96c8a8055130b8d8cb10cc31382df34057bd8637f86e48adc854af408226752a04df8d0362db263e0959f2bd7e8a4d33a8c4b257e19d308280baf40cced1b3cd3a86ee22df0da49d750539eee1104e99a9f8a065e5499c73125a8a8430eda7aee156821a97c237611b50f682a2cccd0969304f0a50ae98800dfb32ee1bcfeab98182c34a51e67fa5bd738c22c44fc1269ce73f464edd2f31296e92e62df51cf55798ae2e3c33c57b09f4ecd13469122095a3563f95f0a04cf58dcea4aed5e8bdda7617863cbc37a97ebadb46d679f7e30014d96d0ac7ce9484368fa5fd19cbc3d139410a2bd7ffacef1bdf76dd1d5f34d2392fcb91c7585fc1ae7d8ba2aa8ded9645d5a5e76e2279b6e0692101137da946dfbd3836476f5dad7fed70115d716dce87b5ad755e5653a709f5aa42265ec9657ed406cc9256af3628c0116b8e1d23306983e9adbc19dec354870c98e2e76566895df933a80c4c36b617db4bbda1a4ca7d6c80a43734471fc92d0bdeacfc125dddd73febd8f7ef84f221d52ae71372cee802d59013a15958e850f8fdf46d8fd3b874633daf3b1f346470456c05722258480959dd6afcffa1f3f2ca033011339c5cb85b7d1c9b5916fb8dc9c2783df64eb5cca5af83a74fe5bb259f93722842eb4ac851e71f3cfd67a39590e7f8e20f018744b9277e6eb46b5f211df5f767ef29dc9a972e14c40ea2d4624f187f301c1116d3a61adeb5c6f7ccc021ac5e18d8b40d7f1f19daf4445c06e72db8701c267c0144c92cddd49af7a87aca5aa05d0e380dd27cc780d2f7db3bef26cc4fd358543e19d73179b879f7bdc702ab405270c93a3ed64153e20b5b663773a2ad4e8e3e1e8eaf39ec80d75d02f74ff94f0e095240a564eeece4fc9bcf19bf2243c700e1dae14a1b0217013977bfa05f681abc37714fe462d0a632044ce52fdaa1c1a806b1eb4370e23ca0247e536165aa9f1c2af8adfea369ee1f4a2c7823a7baef028a1e77501db48db6aa0d7e30969f7197368db02d443803b53b2899315f7e2ba9c5ae952a3866b4ea60f3d669e0a91f7ef640cd938646bf8822fe455f0302fccf87c7fad6daf38fde038fa596b83a9fd5bf675669a6cb2bab44c6617f07950bf34edb93bbcb4174630f275dbda7a0631c4b456e5f80eb6258c1874e77d426743e478917fe44b73dc203baa2cc442b84b5818409abae99d97a28754969bd393df", 0x1000}}, 0xfffffe38)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x204840, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x8280, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r4, 0x40085112, &(0x7f0000000180)=@t={0x81, 0x6, 0x8, 0x4, @generic=0x1226})
ioctl$BLKOPENZONE(r3, 0x40101286, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008102"])
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r5, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r11, 0x4048aecb, &(0x7f0000000200)=ANY=[@ANYBLOB="0400000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000006000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff000000000900000001000000010000800800000000000000000000000000000000542f8210f01870a300000008000000ff070000090000000500"/168])
r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r13 = dup(r12)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r13, 0x0)
ioctl$BLKZEROOUT(r13, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
ioctl$KVM_SET_CPUID(r11, 0x4008ae8a, &(0x7f0000000400)=ANY=[@ANYBLOB="060000000a0000000600000002000000080000000600000051930000000000000200000000feffffdbaa000000000808020000000000000000000080008000000000000001000100080000000000000018000080f9ffffffd0d17037a2d1d10c0100d589000000000b00000008000000400000000000000000000200000000000b0000000000010064000000f9ffffff0200000000000000"])

1.329536257s ago: executing program 3 (id=3906):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000440), 0x28600, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
r2 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000), 0x20020, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r3, 0x3ba0, &(0x7f0000000440)={0x48, 0x2, r4}) (async)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000100)={0x28, 0x6, r4, 0x0, &(0x7f0000c00000/0x400000)=nil, 0x400000, 0x51e})
ioctl$IOMMU_IOAS_UNMAP$ALL(r3, 0x3b86, &(0x7f0000000080)={0x18, r4})
ioctl$IMADDTIMER(r2, 0x80044940, &(0x7f00000000c0)=0x32) (async)
read(r2, &(0x7f00000019c0)=""/4107, 0x100b) (async)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x147c40, 0x0)
preadv2(r5, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x5, 0xf2ef7f, 0x0, 0x1f)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001940), 0x800, 0x0) (async, rerun: 64)
r7 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280), 0x202, 0x0) (rerun: 64)
write$sysctl(r7, &(0x7f00000004c0)='0\x00', 0x2) (async)
ioctl$IOMMU_TEST_OP_ACCESS_REPLACE_IOAS(r6, 0x3ba0, &(0x7f00000019c0)={0x48}) (async)
r8 = openat$khugepaged_scan(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$khugepaged_scan(r8, &(0x7f0000000140), 0x8) (async, rerun: 64)
r9 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) (rerun: 64)
r10 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x82002)
ioctl$CEC_S_MODE(r10, 0x40046109, &(0x7f0000000140)=0x12) (async)
close(r10) (async)
ioctl$vim2m_VIDIOC_S_CTRL(r9, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) (async, rerun: 32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async, rerun: 32)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
preadv(r0, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/144, 0x90}, {&(0x7f0000000300)=""/198, 0xc6}], 0x2, 0x800, 0x10000)

1.216374014s ago: executing program 1 (id=3907):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000340)=""/159, 0x9f)
r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_BLKSIZE(r1, 0x125d, 0x0)
ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000080)=0x6)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
r2 = syz_open_dev$vim2m(&(0x7f0000000200), 0x401, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000240)={0x1, @raw_data="a425e2f1a54d24f14247313060608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa194c092730319"})
ioctl$NBD_DISCONNECT(r1, 0xab08)
r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x1)
write$UHID_CREATE2(r3, &(0x7f00000001c0)={0xb, {'syz0\x00', 'syz1\x00', 'syz1\x00', 0x5d, 0xb630, 0x1ff, 0x577d, 0xffffffff, 0xfffffffd, "a48ba149a9972592e56c4545d4b48f5a73de3cf5c3fb699adbeed9b83ef7d12c692f7ae5bb0a56d98e53dd75fa129d7c59f7099118160a983e5b490afe4e942339aff22f4fdb2a86ae338539a171e97c0243dcfdb3d63c1f86624dd989"}}, 0x175)
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x100000000000)

1.214564966s ago: executing program 2 (id=3908):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000580)={&(0x7f0000000540)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, <r3=>0x0, 0x0, <r4=>0x0], &(0x7f0000000200), 0x4, r2})
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000000c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000040)={{0x0, 0x2, 0x0, 0x2}})
ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, &(0x7f0000000180)={0x1})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000840)={0x0, 0x1, &(0x7f00000005c0)=[r1], &(0x7f0000000180), &(0x7f0000000280)=[r4], &(0x7f0000000040)})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r6, 0x40485404, &(0x7f0000000040)={{0x1}})
r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x1014c0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000300)={&(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x0, <r8=>0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000480)={&(0x7f0000000400)=[0x0, 0x0, 0x0, <r9=>0x0, 0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0], 0x7, r2, 0xbbbbbbbb})
ioctl$DRM_IOCTL_MODE_ATOMIC(r7, 0xc03864bc, &(0x7f0000000600)={0x201, 0x5, &(0x7f0000000380)=[r1, r2, r8, r1, r2], &(0x7f00000003c0)=[0x7, 0x39e4, 0x2, 0xffffffff], &(0x7f00000004c0)=[r3, r9], &(0x7f0000000500)=[0xfc86, 0x8, 0x8], 0x0, 0x8})
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r10, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x900, 0x12)
r11 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
r12 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000003, 0x12, r12, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r11, 0x4010640d, &(0x7f0000000040)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r11, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r13=>0x0], 0x1})
r14 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r14, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000240)=[0x0, 0x0, <r15=>0x0], &(0x7f00000000c0), 0x3, r13})
ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r11, 0xc01864ba, &(0x7f0000000300)={0x21, r15, r13})

898.211501ms ago: executing program 3 (id=3909):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x26e8, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CREATE_DEVICE(r1, 0xc018aec0, &(0x7f0000000040)={0x1})
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x141000, 0x0)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a15, 0x4010, 0xffffffffffffffff, 0xfffae000)

837.511098ms ago: executing program 2 (id=3910):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0xf)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000100)=0x1000)
write$cgroup_subtree(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="2d696f202d6e65745f7072696f202b706572665f6576656e74202d696f202b72646d61202d667265657a657220ad68756765746c6220e9705dba687b255c1e474da4f11d79670dd37d4a1407a5d6034fbc779f0b244b728cccad2cb5c3631e9fb1d08111549c1de6d28f020d45f3cb0de7afe1d304c2982862f9f17a9d748b5cd2a6bcd1dbfc6e559f85e9abe9228ac31480464306564a2632185e4b16a3fc5fd0a3bea36d1fe14f4a749af5e08f33a1e27cad304b04edccea6b8e8c705865207b1c80b1ff6b281963365def0cab44232248b99c90620baf5de9ff44e9e233d6129a5a3416620ae168cfc7926057e50a9cc5941deae4ad6f26f6c687209bb79d70810eddc7b4ff63"], 0x36)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x3)
r5 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0)
ioctl$MEDIA_IOC_ENUM_LINKS(r5, 0xc0287c02, &(0x7f0000000000)={0x80000000, 0x0, 0xfffffffffffffffe})
ioctl$TIOCSTI(r4, 0x5412, &(0x7f00000000c0)=0xfd)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x149041, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"])
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_RUN(r9, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r8, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1})
ioctl$KVM_RUN(r9, 0xae80, 0x0)
write$rfkill(r6, &(0x7f00000039c0)={0x0, 0x3, 0x2}, 0x8)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x7e)
mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000)

747.13439ms ago: executing program 1 (id=3911):
r0 = syz_open_dev$swradio(&(0x7f0000000000), 0x0, 0x2)
r1 = dup(r0)
ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x7, 0x2, 0xfffffffb, 0x80000001, 0x0, "8d7eca4c4d35be64ffc06f3a49face920c8b94"})
ioctl$TIOCMSET(r1, 0x5418, &(0x7f0000000080)=0x6) (async)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20801, 0x0) (async)
r3 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000100), 0x262402, 0x0)
ioctl$TCSETS(r3, 0x5402, &(0x7f0000000140)={0x3, 0x2, 0xbea, 0x2, 0x16, "523505403b8e3650e6c1d5746deeba99a3f120"})
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl(r4, 0x5, &(0x7f00000001c0)="d58e3a9af5ce43bdef11caf8de2e916374060fc1ee4a933987398bdf128e3b0202d91eb5151eb9bb0661d523cd831127b4d2a82e7a90cada73cb4e7b2d19780a4f29014872579cb4aa14b65526bd9812fbf2cd3c74532017692d3b345c19ece30f448ba9507620f1147cb4fa7a21b3d33d47d6b48a35bd3c8af674008aa5964b1acd7e98c5052fb523e85df7fd850c872b91b6e7bf3a289124002fd1ac6e531c5aba917ebea4f81300c6924cc4f09b68c64d87c703ca6cee3136030351fb488be5630caa8257286cc5690b5fff729b60b7d2a5b059d2626f64ea93d9e30b5c6b47b0ac42123ffed22d522dc93014aa486587323dad80c475344dfa5d5d01366942f787989783988e98b0c9cef0387fb9603c04f01a99eb82271395b362d4da858423d8540aacd87a10680ac3afbb0063c43b59a9e0089a509b85be305f11a9d37ecdfedd41925be519e8a414a9f17d7cc68a1538f544c3b7ed996c4bdd77277e51c1c39a8491c49fa32f3e67de0ff3a4aed63dc26522a56c00232f859bcbd5794d73a18ca10f733fff258d258fd6e8fb0ba451cdc4a66669fe24bf0f29309a763f693a8b14d5df6c81b76e9070c1ed24c245cd844cd93b7f844f0f1cf5516f65b41482462c028adb297b30d1955e87dd7f9551e337bd016ee5c7850ea09ef14a50ea9a6158e906daffe4faa7c46cc5c6120d817d81e88b20bc09d0a55cc9bf3998173b81bb4b17ce241d6cd58e2413de8a023d2b19f787f03701e52a32a247ada6eef1063dfd857d0ed977fe892845eff4f956830cbfc27b6e639d1004ea4a37b4aafc2e1e4df654e93e76deb7f6e6a2988ae74c7e1fcdd1599b226928e410530b01250b073902b2c8b7914b7a6fda9b856182b1e418ca4cd82f0e50f51912f67dcd8b53e11fddaccdd647fd09acf38a4cf5a21c1c6beae70b4da0ba3e07e138250dedc324615a107db579e5ccc24296690ca5afdf34ec489abdebcaaa5da4fd684def1efb6dcb4ffc384a893ea924acac8bc80c7bea3e15d29d7cbb762ba9a1aafe2e16e96673255742be8394ac251ddb06d25a9b817a2bda2fb5a71617891f80a48c402179fc8ce74e559496f831858620de3e4b283a49052720bed0d7aff94196adbf8341634c5a4361e59dcd02fe804c9e4bd9a06de968a2b25a09e5938c9fa13c69c20a92f0cd9b2dcd24ae33afbee7e8aaaee2c32ba2e49cd4e0ee60299920237ecf16ad6681236a12a1a89d70900ff23fa5f3bb29c55e6bf41f54f45fbf5eb58d5dbd93dbb5e2f3be0bf57dd631d6766c5b7b6f78318b06a60eb28071574bd3e3ae775103cfaf624aacbc84a8c33b45e208e81848aaea00575df44194572da72a40a3d38f78d824c9da9e0153d3a5105440a0d9cb732bbde555132271204d176a1cee293e3a5fc20b915f27b446fbcbf3bc4fd072491651e8b32f2365861691e62f7beefce248bf2668033c4b644e28d8195cf980dcf66b4ae5055de69908660b41d60463c435f9b61c58b42f8e937ae47d85b04913df5201838e1852e81badf734df7b6dce624977c7cfaca59a211ebd514e2b4ef99e418a97e4e8ccc6f968a4f6c5b1e8480eb92af9f3ccea2bd64b3c765707e567664d9cb5e855445e8116303d2a71ca033c5cf41c6543e95816e2c24d2038023f53f3f7a9552c32812e0595ba51cf59b6a86abe9cf55518fb3e9751027c49ab9ff2188a2ebc0f8fa9e8464d1b0a9ae1003b367ac63890c6f5dade8c430bf0abbe872819e3ec957f205ff8f1741e4ca6a1ba28c792489d6f67c26934d606d5348cdb1a011372984cc133bff05517604e27c3fc1eaaf6c58c712cc5701b1bc388b9ce1369840d01a499546d2445e4acf5b82680a9f30ab20a716215e1f57febd60140f070e2c6f95f2dbda9644bf1ab078bd262e7aea9abf458bb754978af0a559c840a5f8f50ee2d49266140364eda139d4e32d782c8696feca537b4cc300eb61068cd8a01a9ec0e80d896cf7edaa36129c84bea6ab7e7d590fdccefd0ab13d96cb69766d9aff2e38a947fa4ccdf11069d6c2117a6dd05ea1969d8b4787e7c723d527c4aacfc1fee381fbd6768b0e2cace0905ba32cc2c9f9f9c28eb40d634603f6b3056ceba974f25ab673c49d6e7a68eb245340f60c3c75696cc546de3967d32a860377912baf4ba3ba518ac270aa5e4ee25c7bd971a5b870715c8d86d5f0a39271a5912eb8b1cb919560614eeab3c61dd98ee088660d44aa9a8adc41eb01f20760cd5bd167bd25889cd31d01ebe2536c44c82cf097a405bf8b165b31b64f41eddbb1616d10e320aeaa1a4c466aced9e5cab7263cc9b537c72ff7b9d30cfb609089918dddfaf037853b0788ad094d3ec091fe9e2b6d87ba1fbbd14552f23b7417bcacf79820ad0f13df401cf4b18e23cb62e5e3585558c04a952d1f3f82e0ba4dff6b8fb8ea9cbe4810ece792966c580f67d763d78e74ac5845b34be6f9549311ba5baa388108b21b5cc6516b2a0389d9b5f4cbb12a4f065076db55c82d826f981a9ef8a3c9344f55c2c86a63d3d4d259c66fd2dce2bb633528da894f5d2a998fd785383cd27c444cd5530d3734e60466fa2e092a2b280f698a59912049a6ac38af77bdb9d058034439b1dcb10c551da493d9e1e5a85e394c2bea338a6534a0051c55ff568553c731be9067d146a8bb71afc650ddb5e7f5ed05abcbf88ef66bbb1c62f80647135a7e9974560492588dc8ab28d228fea20668d35a5f876a79514dd7901afdc1506394b5f08060037af8aa36278782577638b66866db1daa1b5664616beaf23b39fb366e9891fcd0bcb5ad7b7788165fe96701c36daff88e0762e4d817f1f2a8768235c54da0e62d0be127d0610728a5ea089eea59c10298b0def350139fcadf62f85e5ac3a956e8876921a994fcc8f26acaecd10a40523af7aa0a2e712fa4cbd64d5f1b9f55877c0a0b39db8ab1fb06cc6606cb9960708d48dcb76c5719b29f2d72c5ed4ee6ff9aa291c08bf06dc9e645c1700970800628ef8f93b80b7b1d84f401e3adb6acb424b3838251883f70fc4dd4489e3c174dd1ea3b3d2740e5198f81899b5d76fab6ac4514454a0ceb5e039bbde50965b64106946ffe9606fa39e6242aa33bf05c4b79bdd596060490a2a1c71ffebb113246af4558d45ba794a8657814d2c0a4ad45dc73f1111b87a8a4b772f12b3e286b9ef8315d4f3ef9458306976e92195c0ab935bcd804d376335f8a52863e071a9093219113adc4c7f937c5b4fdd7def74e8290cc7c31e9336bf5139fbd8d7b69f33c3792d5588d394de765a0b2ebc9c89cd6be82f711d18258be29783e930257765eec0f2bc58585b332f3c8e7c2cd2cf48a84071292bc380843f1a58df99133171481fa4aac5f849436fe35ab843873e453eafb4955f38ae86dd8e8292ace370609debe435b1799c501ed408ab9abab634c33d651255b206b10419efb13e4ee97446d487dc3bd07b6cbb616eff7a6d626c2a61438f3d887ec92982f70468d6f8ac18019c2f1fc055b26067908ce8f22e278ef6ac7089abc755a906b652a8e9cad3c3c383f1d84039dffc801e18a9f842cfde77609f868012244251cf041ec68d36522970aafa4ee73f4bffdf73c3e978a940e2a4b59d55c4a40ae0e6b563eba04f89df720ddadc435a72f0ed62c160d66c3e8fd3050c0155fadc0ccb2764969b12aee2167df39c384f124abae03d0a33d935add36fc269cae691cfc57c21c9e3f9d3b52fa62b64bf2d7a6e9f3d8bd3a89ff9beb2bf4415c4d8691b9128c8e78c61f4b84f577c7233fa444163734ba13be7213e9e81ee5d984cbde534756430c1be085108dbd7c74d30a3dc454e852dbee21e6ff0909b42ac1ad018786e97836ec5fa225b7e10f43956186aa131dfd3a13af8503ac247a2b765763dac196faa660b4631aa7ee598fd604dc19f6b29179534971508d891a6f61918b75f6faf045d5239247649fff524b08785fc03c3248b45d23083d00b4458115cbcfeca24d60de39e956fe970169f4bfc8c2e13bfaebffe16c9f083c654678ed1a103a044471ac5f05463c6f4a159866353f6ecbc24422f6e7b6264b456d231f53bae9b52e61466f347e8afbc42fc4741e0ad436b96b20d059b794e3a62231167754676f42a076c1827143a92d8f43b3375494dc452b5f849242a6d70a1fe1591c82a9499c3062aa813faf7d94990c8894b61614834796aff7a7a349f584b8c4afbbbde61b79e0602c31ab688e4851cfd2bd1bcf6d5c8ac75afb7bbb7be7b17e59bfd4d144f343f26dc86ec3be3f2d6397fe847d426de2a49ac44ff31ec4901793d72deb9128bdb091ff143a80d12b27b87b7d9dc127087b47db4b4d17ebe4e327e8a65d9bbd0a3476e5fa29160f6b979ec49e7bc53fe9bda4a06f995386b4851b2ded6fd898283c29abac8c4ff33630ef0b9ac998617f83d50f4e94707c59cd8335715b34a5b9558de265db29b961e30d5ae7184cb8f544897fd850481e706282796102e0ce53bec77a8532a7dbc950255d808d7ca9745fbeb2c203ce8d3d148ff9caee4606464da60a11d0aa8f110604ca9679fcc9d3cd87b83bd61a42f22974ec7832a2b2e4d202f21a5985f86c5fbea3946b20a5698c5b4825ecb4dbdef388f5399a48236bd65c506332debb9c058490f48ee5037567ec55e7449d430b0bc6ef44d7896e4e77b52871cc77e1cecdebe8bf80c78f5aa4bfaaf8c865528e3caf3f64e5c4ad76ba90ffbc4a90bd5d7b8d3b069397bf6c9f38131a74449c56cf62606b991235f45cd84c9eb919298b90af01d08ee92be1998ca724c6fba194c1b6e5f68b0f7d8511db49af4de6bb74d21d4361b393f8f2dc6dbaf31a10badf3db2f9fd34891af2eeab7816e9ba4cce392563b55bfee0bfc05dcfb6fa7920c8e3605f61c50f190879a5fb221c2956e36243eec59d2278fd2e03dc45674dcdae74b0ee7fc4eb3329084c02a3f005dec710344923319dc3833e8997d5b07bb71ee3b42602d71b9766fc0d9ef1537bf89f06582dc17ec5a7b80e2903277d52b014b8883dda80cf57bdf6978bd37beda9cb9fb1dcf3d81f100e361f6862774120b67e8999dedb0aa7ef86d65b038710c71260e9bb0ec2425f64c1b61cab3822422ba73b520c5b96ebb1ca57a6e6c8a371ffeecde6ddadf704da8f11184fad7da9411f67dcfd71b7a6ec739890e1b5a826d94d3d3483c7a217f8cced1686b729db9eacbab3a10d70ae2d69c257d409298c427df24165b26462d8978f0b117a607ec1e96712d38df4171ce97bfa5bf6edbf61b7ff0b190a267eaced78e48f9288832466a7c549fa42ebce7b1069a77f20bfa0abcfa7f6cc7de077b2882452fc1e86314999955c140fe1824ab91eda7d9c4517343134a38f708ff725becfa2bfd0a90d1ef0130c17750be55e084ad3c20c73c619732eb7c75a931535aed361edceefd3308c3a1fa68af3f2013839b1e86fbd8065121e04ff7064344acf0c47c862efcaab56135546f5ae35c122295f89f3ce57b0383fe0f16f0c439e203eeb841bbe7db6ce12be570c357c8fa792d4b79f4c772d08275db4f1125b9c2e816957082653888c921a586528d289cca951176477572be7c15738ccdd3d658cdccc2895704bb4de6dda77e858cfa0d42dc42aa3fc1f60fb4791bcb9d5b0998090c157a87271189df5962877bb8088271822765e0d5541ba0978edf335b82c360383c83a0fed5395bcec7fd770cf133aaf0e1d38eccf66ad4ef15af4cfb1e01a700943ae65387793a309a2a888f99d10e0ebcc16b41b510db5b") (async)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000011c0), 0x406000, 0x0) (async)
ioctl$TCSETS(r2, 0x5402, &(0x7f0000001200)={0x9a1d, 0x400, 0xfff, 0xb7, 0x3, "927921aeeadac5ec44996a23a0876efee12b0b"})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000001240)={0x48, 0x5, 0x0, 0x0, <r6=>0xffffffffffffffff})
close(r6)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f00000012c0)={0x3, 0x3})
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000001300)=0x7) (async)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000001340)=0xb0000) (async)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000001380)=0x5) (async)
write$cgroup_subtree(r1, &(0x7f00000013c0)={[{0x2d, 'pids'}, {0x2d, 'cpuset'}, {0x2d, 'cpuset'}, {0x2d, 'rlimit'}, {0x0, 'devices'}]}, 0x27)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000001400)={0xc, @raw_data="c297e9c0ac6268980dce57201a92dea7676f703001d2782acad202145667271a083745f3b2ac31647bff31a4eed4a52e1ccd2d14046b82efebf618372363385ab5ee1fdfddf899ce5c37b9f0c68fb9a738b8682b6b2d2793eb465908e0d1f018c60206cde00f635d54f1726c40bb499a81b93260011fa0ea5ea1b436e52a1be9bd189b90117da69a37875d1691ba3c5a9f279d358cadd2ecbc672dc912b583e3efa8b79e8c5fd6098d25a0aed9b1ca1f5e1d541b14066c27ef57c0a581cc7c3f7f7b12e185c2d1c5"}) (async)
read$msr(r1, &(0x7f0000001500)=""/229, 0xe5)
ioctl$PTP_EXTTS_REQUEST2(r1, 0x40103d0b, &(0x7f0000001600)={0xb9, 0xc})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000001640)={0x5, 0x5, 0xdddd0000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async)
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000001680)) (async)
ioctl$TIOCL_BLANKSCREEN(r3, 0x541c, &(0x7f00000016c0)) (async)
ioctl$TCFLSH(r2, 0x540b, 0x0) (async)
ioctl$IOMMU_TEST_OP_ACCESS_RW(r1, 0x3ba0, &(0x7f0000001740)={0x48, 0x8, r1, 0x0, 0x7fffffffffffffff, 0x29, &(0x7f0000001700)="560d283b887cebd648cd88e30b83b40ec836ba3b729ebbb3e467572e15cfe9a2b2e0ffd5876e4882f1", 0x5})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000018c0)={&(0x7f00000017c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000001800)=[0x0], &(0x7f0000001840)=[0x0, 0x0], &(0x7f0000001880)=[0x0, 0x0, 0x0, 0x0], 0x4, 0x1, 0x2, 0x4}) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f0000001900)={0x0, <r7=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000001940)={r7}) (async)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

625.989183ms ago: executing program 2 (id=3912):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x3, 0x2)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x2)
r4 = dup(r3)
write$UHID_INPUT(r4, &(0x7f0000001980)={0xb, {"a2e3ad214fc752f9182909094bf70e0dd038e7ff7fc6e5539b324c078b089b32353b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5d50300d074c0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$UI_SET_RELBIT(r5, 0x40005504, 0x100000000000000)
r6 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r6, 0x8048ae66, 0x0)
r7 = syz_open_dev$sg(&(0x7f0000000140), 0x7, 0x480801)
ioctl$SG_IO(r7, 0x2285, &(0x7f00000033c0)={0x53, 0xffffffffffffffff, 0x6, 0x6b, @buffer={0x0, 0x27, &(0x7f0000001200)=""/39}, &(0x7f0000000000)="7be9959f8d32", 0x0, 0xc5, 0x0, 0x0, 0x0})
mmap$KVM_VCPU(&(0x7f0000ffb000/0x4000)=nil, 0x0, 0x1000008, 0x6032, 0xffffffffffffffff, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x1, @raw_data="a425e2f1a54d24f15247474260608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa1810000000319"})
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000180))
r8 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x282a2, 0x0)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x1a0682)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r9, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r9, 0x40bc5311, &(0x7f00000001c0)={0x80, 0x1, 'client1\x00', 0xffffffff80000006, "d62e980da99179cf", "20e48560999fd132b6a5426180a8c27a00fcfffff0003336f794d20352346f8f"})
write$sndseq(r9, &(0x7f00000000c0)=[{0x5, 0x0, 0x0, 0x0, @time, {}, {0x2, 0x1}, @result}], 0x1c)
ioctl$SNDCTL_DSP_SETFRAGMENT(r8, 0xc004500a, &(0x7f0000000200)=0x12)
r10 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_GETMODE(r10, 0x5601, &(0x7f00000006c0))
close(r8)
r11 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
close(r11)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r11, 0x7dfff000)

577.713354ms ago: executing program 3 (id=3913):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc018aec0, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0x1000, &(0x7f0000001000/0x1000)=nil})
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

567.901749ms ago: executing program 1 (id=3914):
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000c00)='./binderfs/binder-control\x00', 0x800, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r3, 0x4048ae9b, &(0x7f0000000080)={0x1e0003, 0x0, [0x8, 0xff, 0xfffffffffffffffb, 0x3e00000000000000, 0x7fffffff, 0x7, 0x9, 0xa]})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000340)={[0x1, 0x80000000, 0x3, 0x1, 0x2000000001000, 0x2, 0x6, 0x3, 0x7dfffc, 0x800, 0x8000000000095a, 0xb81f, 0xa, 0x47fffffff, 0x4, 0x2], 0x5000, 0x8f842})
ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000140), 0xcf2c8cf9351521eb, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
read(r4, &(0x7f00000001c0)=""/147, 0x93)
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f000033a000/0x4000)=nil, 0x4000, 0x3, 0x20000000ec071, r5, 0xffffd000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_AIE_ON(r3, 0x7001)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xce}]})
r9 = openat$bsg(0xffffffffffffff9c, &(0x7f0000003300), 0x0, 0x0)
preadv2(r9, &(0x7f0000001840)=[{&(0x7f0000000080)=""/52, 0x34}], 0x1, 0x1, 0x6, 0x9)
ioctl$SG_SET_RESERVED_SIZE(r9, 0x2275, &(0x7f0000000180)=0xfa2)

389.043631ms ago: executing program 4 (id=3915):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000040)={[{0xe, 0xd87, 0x1, 0xfe, 0x5, 0x80, 0x6, 0x8, 0x7, 0x10, 0x1, 0x3, 0x9}, {0x7, 0x9, 0xf9, 0xf9, 0xa0, 0x1, 0x5, 0xb, 0x81, 0x11, 0xf8, 0xc, 0x100000001}, {0x29c81131, 0x1, 0x2, 0x0, 0x7d, 0x9, 0x9, 0x5, 0x0, 0x8, 0x2, 0x1, 0x1}], 0x7c1bbae7})
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f00000000c0)={0xdddd0000, 0x100000, 0x1})
ioctl$SNDCTL_TMR_METRONOME(r0, 0x40045407)
ioctl$KVM_REGISTER_COALESCED_MMIO(r0, 0x4010ae67, &(0x7f0000000100)={0x100000})
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r0, 0xc0045520, &(0x7f0000000140)=0x2822)
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000000180)={0x0, 0x4})
ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x75, 0x5, 0x1d, 0x7, 0x6, 0x6, 0x4, 0x400, 0x100000000, 0x16, 0x6cf, 0x5, 0x3ff, 0xffffffffffffc7a8, 0x7fff], 0xd000, 0x200c0})
ioctl$KVM_RUN(r0, 0xae80, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f00000002c0)=@attr_other={0x0, 0xa, 0x8, &(0x7f0000000280)=0x8e})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$VIDIOC_OVERLAY(r0, 0x4004560e, &(0x7f0000000300)=0x3)
close(r0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000340)={0xfb, 0x4, 0x0, 0x4, 0x8d65})
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f00000003c0)={0x2, 0x30, [0xbf2, 0x9b67, 0x2, 0x5], &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$KVM_SET_FPU(r0, 0x41a0ae8d, &(0x7f0000000400)={'\x00', 0x5, 0x8, 0x5, 0x0, 0x0, 0x1000, 0xffff1000, '\x00', 0x6})
ioctl$VIDIOC_DQEVENT(r0, 0x80885659, &(0x7f00000005c0)={0x0, @data})
syz_open_dev$sndctrl(&(0x7f0000000680), 0x2, 0x3)
ioctl$BLKALIGNOFF(r0, 0x127a, &(0x7f00000006c0))
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_SIGNAL_MASK(r1, 0x4004ae8b, &(0x7f0000000700)={0xf0, "fde72357f5b62ce079b994b664abd25e6cf53c94c4a15b806875197d028dbafbbb16fc47f45b36ac4900b9cd6362dc1469d3811102802e6e1bf8dfc2eb5df8dc37f923e501da9d40320c62371b6c8183af15e9508808f2011fb8372cc87c4524e0aea7d7b5a635f8fd67b18fc6556c6c81d91ca788bc0078c76fbc9fd58b85e6bfa68d6b7690b01e1a8852e5039519ac897bfee66ba9ba4db1f2a691c0df99ffba817357b16c07bd5e578734e6c1039e871a2daafe89c8a467061afcf8d74543badbff685fe7243eaa1e567aa49f4aa32b0bd339c5daca85b5e998ced0fb0bbc4eb8460b172ade4dc8af302f5214c87a"})
ioctl$DRM_IOCTL_RM_MAP(r0, 0x4028641b, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, &(0x7f0000fff000/0x1000)=nil})
ioctl$HIDIOCGREPORT(r0, 0x400c4807, &(0x7f0000000840)={0x3, 0x2, 0x4})
r2 = syz_open_dev$mouse(&(0x7f0000000880), 0x9, 0x20002)
ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f00000008c0))
ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000900)={0xcd6e, 0x1, [{0xf}]})
ioctl$BLKCLOSEZONE(r0, 0x40101287, &(0x7f0000000940)={0xf9ea, 0x6})
ioctl$KVM_REINJECT_CONTROL(0xffffffffffffffff, 0xae71, &(0x7f0000000980)={0x16})
openat$kvm(0xffffffffffffff9c, &(0x7f00000009c0), 0x2400, 0x0)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000a40)={0xed, 0x0, 0x1})

229.731332ms ago: executing program 2 (id=3916):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000240)=0x7)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2) (async)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000240)=0x7) (async)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2) (async)
syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) (async)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async)

173.451172ms ago: executing program 4 (id=3917):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x628283, 0x0)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x80203, 0x0)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3b)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000140)=0x1)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000))
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)
syz_open_dev$MSR(&(0x7f0000000000), 0x6, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x628283, 0x0) (async)
openat$kvm(0x0, &(0x7f0000000040), 0x80203, 0x0) (async)
ioctl$KVM_CHECK_EXTENSION(r1, 0xae03, 0x3b) (async)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) (async)
ioctl$SNDCTL_DSP_SUBDIVIDE(r2, 0xc0045009, &(0x7f0000000140)=0x1) (async)
ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)) (async)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000) (async)
syz_open_dev$MSR(&(0x7f0000000000), 0x6, 0x0) (async)

96.439774ms ago: executing program 1 (id=3918):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0xfffffffffffffea2)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r2, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000240)={0xb0, 0x0, 0x3, [{{}, {0x0, 0x0, 0x1, 0x0, '('}}]}, 0xb0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r6, 0x4048aecb, &(0x7f0000000100)=ANY=[@ANYBLOB="050000000005009803"])
r7 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

0s ago: executing program 3 (id=3919):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000140)={0x4, <r2=>0xffffffffffffffff, 0x1})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x5761, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_IRQCHIP(r4, 0x4048aec9, &(0x7f0000000380)={0x3, 0x0, @ioapic={0x2, 0x2, 0x101, 0x5, 0x0, [{0xd, 0x9, 0x6, '\x00', 0x1}, {0x6, 0x2, 0x26, '\x00', 0xfc}, {0x2, 0xef, 0xd, '\x00', 0xee}, {0xfb, 0x7, 0xd}, {0x13, 0x9, 0x2, '\x00', 0x62}, {0x0, 0x3, 0x2, '\x00', 0xd3}, {0xf, 0x0, 0x8, '\x00', 0x4}, {0x9, 0xdb, 0x1}, {0x81, 0x23, 0x5, '\x00', 0x2}, {0xde, 0x20, 0x3}, {0x40, 0x4, 0xf8, '\x00', 0x1}, {0xf5, 0x45, 0x4, '\x00', 0xb5}, {0x7, 0x3, 0x2b, '\x00', 0x6}, {0x4, 0x0, 0x0, '\x00', 0xe9}, {0x10, 0x39, 0x40, '\x00', 0xcf}, {0x6c, 0x3f, 0x0, '\x00', 0x72}, {0x6e, 0x4, 0x4, '\x00', 0xe}, {0x7, 0x2, 0x8, '\x00', 0x7}, {0xf, 0x7, 0x5}, {0x1, 0x6, 0x9}, {0x4, 0x6, 0x1, '\x00', 0x49}, {0xee, 0x2, 0x91, '\x00', 0xba}, {0x2, 0x8, 0x2, '\x00', 0xc3}, {0x8, 0x9, 0x54, '\x00', 0x9}]}})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x8500, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
ioctl$KVM_SET_GUEST_DEBUG(r7, 0x4048ae9b, &(0x7f0000000200)={0xf0003, 0x0, [0xfffffffffffffff8, 0x6, 0x200000000000000, 0x5, 0x3, 0x0, 0x10000, 0xa3f]})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r8 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r9, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r9, 0x0)
write$cgroup_int(r8, &(0x7f0000000040)=0x900, 0x12)

kernel console output (not intermixed with test programs):

red disabled state
[  395.923270][T16660] bridge_slave_1: entered allmulticast mode
[  395.934553][T16660] bridge_slave_1: entered promiscuous mode
[  396.152965][T16660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  396.170408][T16660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  396.398221][T16660] team0: Port device team_slave_0 added
[  396.459938][T16660] team0: Port device team_slave_1 added
[  396.529317][T14935] bridge_slave_1: left allmulticast mode
[  396.542333][T14935] bridge_slave_1: left promiscuous mode
[  396.558557][T14935] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.740451][T14935] bridge_slave_0: left allmulticast mode
[  396.797821][T14935] bridge_slave_0: left promiscuous mode
[  396.822446][T14935] bridge0: port 1(bridge_slave_0) entered disabled state
[  397.601158][ T5851] Bluetooth: hci4: command tx timeout
[  398.335887][T17043] binder: 17042:17043 ioctl c018620c 200000000100 returned -22
[  398.353063][T17044] loop8: detected capacity change from 0 to 7
[  398.365776][T13349] Dev loop8: unable to read RDB block 7
[  398.373653][T13349]  loop8: unable to read partition table
[  398.379591][T13349] loop8: partition table beyond EOD, truncated
[  398.627987][T17053] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  398.872729][T14935] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  398.947977][T14935] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  398.956225][T17056] loop8: detected capacity change from 0 to 7
[  398.972646][T17056] Dev loop8: unable to read RDB block 7
[  398.978527][T17056]  loop8: unable to read partition table
[  398.989321][T17056] loop8: partition table beyond EOD, truncated
[  398.997019][T17056] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  399.013021][T14935] bond0 (unregistering): Released all slaves
[  399.204309][T16660] batman_adv: batadv0: Adding interface: batadv_slave_0
[  399.220236][T16660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.246258][    C1] vkms_vblank_simulate: vblank timer overrun
[  399.253333][T16660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  399.298399][T16660] batman_adv: batadv0: Adding interface: batadv_slave_1
[  399.309681][T16660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  399.335904][    C1] vkms_vblank_simulate: vblank timer overrun
[  399.354591][T16660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  399.681325][ T5850] Bluetooth: hci4: command tx timeout
[  400.105284][T16660] hsr_slave_0: entered promiscuous mode
[  400.123193][T16660] hsr_slave_1: entered promiscuous mode
[  400.129638][T16660] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  400.159019][T16660] Cannot create hsr debugfs directory
[  400.413306][T17171] syz.2.2238: attempt to access beyond end of device
[  400.413306][T17171] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  400.586387][T14935] hsr_slave_0: left promiscuous mode
[  400.636257][T14935] hsr_slave_1: left promiscuous mode
[  400.648363][T14935] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  400.668308][T14935] batman_adv: batadv0: Removing interface: batadv_slave_0
[  400.682433][T14935] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  400.700480][T14935] batman_adv: batadv0: Removing interface: batadv_slave_1
[  400.788235][T14935] veth1_macvtap: left promiscuous mode
[  400.806550][T14935] veth0_macvtap: left promiscuous mode
[  400.815615][T14935] veth1_vlan: left promiscuous mode
[  400.824183][T14935] veth0_vlan: left promiscuous mode
[  400.976149][T17219] loop8: detected capacity change from 0 to 7
[  400.989846][T17215] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  401.004027][T17219] Dev loop8: unable to read RDB block 7
[  401.012437][T17219]  loop8: unable to read partition table
[  401.020740][T17219] loop8: partition table beyond EOD, truncated
[  401.051166][T17219] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  401.363625][ T5850] Bluetooth: hci1: command 0x0406 tx timeout
[  401.695265][T17247] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  401.765115][ T5851] Bluetooth: hci4: command tx timeout
[  402.016044][T17269] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  402.536266][T17285] loop8: detected capacity change from 0 to 7
[  402.549937][T13349] Dev loop8: unable to read RDB block 7
[  402.558894][T13349]  loop8: unable to read partition table
[  402.568535][T13349] loop8: partition table beyond EOD, truncated
[  402.579760][T17285] Dev loop8: unable to read RDB block 7
[  402.593821][T17285]  loop8: unable to read partition table
[  402.600752][T17285] loop8: partition table beyond EOD, truncated
[  402.610499][T17285] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  402.837494][T17292] input: syz1 as /devices/virtual/input/input80
[  403.799203][T14935] team0 (unregistering): Port device team_slave_1 removed
[  404.046128][T14935] team0 (unregistering): Port device team_slave_0 removed
[  404.287822][T17347] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  404.305530][T17348] ALSA: mixer_oss: invalid OSS volume ''
[  404.801824][T17377] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  406.049431][T17428] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  406.421719][T17444] vivid-006: =================  START STATUS  =================
[  406.441460][T17444] vivid-006: FM Deviation: 75000
[  406.450056][T17444] vivid-006: ==================  END STATUS  ==================
[  408.785587][T16660] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  408.900447][T16660] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  408.954637][T16660] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  408.995791][T16660] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  409.250660][T16660] 8021q: adding VLAN 0 to HW filter on device bond0
[  409.317227][T16660] 8021q: adding VLAN 0 to HW filter on device team0
[  409.330842][ T1058] bridge0: port 1(bridge_slave_0) entered blocking state
[  409.331052][ T1058] bridge0: port 1(bridge_slave_0) entered forwarding state
[  409.358774][ T1058] bridge0: port 2(bridge_slave_1) entered blocking state
[  409.358903][ T1058] bridge0: port 2(bridge_slave_1) entered forwarding state
[  409.530355][T17616] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  409.612956][T17637] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  410.106157][T16660] 8021q: adding VLAN 0 to HW filter on device batadv0
[  410.182943][T17658] vivid-000: disconnect
[  410.282859][T16660] veth0_vlan: entered promiscuous mode
[  410.330091][T16660] veth1_vlan: entered promiscuous mode
[  410.512944][T16660] veth0_macvtap: entered promiscuous mode
[  410.544456][T16660] veth1_macvtap: entered promiscuous mode
[  410.553133][T17656] vivid-000: reconnect
[  410.652655][T16660] batman_adv: batadv0: Interface activated: batadv_slave_0
[  410.696999][T16660] batman_adv: batadv0: Interface activated: batadv_slave_1
[  410.734662][T16660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  410.764829][T16660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  410.812778][T16660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  410.837291][T16660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  411.055588][T17679] tap0: tun_chr_ioctl cmd 1074025680
[  411.119707][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.138199][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.242001][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.268799][T17697] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  411.284731][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.656856][T17717] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  411.846248][T17729] loop8: detected capacity change from 0 to 7
[  411.868829][T17729] Dev loop8: unable to read RDB block 7
[  411.880382][T17729]  loop8: unable to read partition table
[  411.893227][T17729] loop8: partition table beyond EOD, truncated
[  411.914071][T17729] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  412.542278][T17756] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  413.300315][T17797] loop8: detected capacity change from 0 to 7
[  413.319248][T17797] Dev loop8: unable to read RDB block 7
[  413.337396][T17797]  loop8: unable to read partition table
[  413.353675][T17797] loop8: partition table beyond EOD, truncated
[  413.375435][T17797] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  414.271878][T17847] loop8: detected capacity change from 0 to 7
[  414.296320][T17847] Dev loop8: unable to read RDB block 7
[  414.311250][T17847]  loop8: unable to read partition table
[  414.317219][T17847] loop8: partition table beyond EOD, truncated
[  414.348723][T17847] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  415.833166][T17917] program syz.3.2344 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  415.872815][T17917] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.192995][T17929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  416.275649][T17940] syz.3.2347: attempt to access beyond end of device
[  416.275649][T17940] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  416.661594][T17910] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  417.155310][T17976] Bluetooth: hci3: Frame reassembly failed (-84)
[  417.155336][ T5850] Bluetooth: hci3: unexpected event 0x02 length: 0 < 1
[  417.204298][   T59] Bluetooth: hci3: Frame reassembly failed (-84)
[  417.388184][T17987] ALSA: seq fatal error: cannot create timer (-22)
[  417.424051][T17987] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  417.876802][T18031] CUSE: info not properly terminated
[  418.921067][T18155] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  419.208439][ T5851] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  419.511567][T18173] program syz.1.2369 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  419.540703][T18173] loop8: detected capacity change from 0 to 7
[  419.554389][T18178] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  419.565413][T18173] Dev loop8: unable to read RDB block 7
[  419.585304][T18173]  loop8: unable to read partition table
[  419.612147][T18173] loop8: partition table beyond EOD, truncated
[  419.643774][T18173] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[  419.731635][T18185] Dev loop8: unable to read RDB block 7
[  419.742758][T18185]  loop8: unable to read partition table
[  419.749806][T18185] loop8: partition table beyond EOD, truncated
[  420.112931][T18200] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  420.839407][T18222] FAULT_INJECTION: forcing a failure.
[  420.839407][T18222] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  420.873097][T18222] CPU: 0 UID: 0 PID: 18222 Comm: syz.3.2380 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  420.873128][T18222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  420.873140][T18222] Call Trace:
[  420.873148][T18222]  <TASK>
[  420.873157][T18222]  dump_stack_lvl+0x189/0x250
[  420.873186][T18222]  ? __pfx____ratelimit+0x10/0x10
[  420.873215][T18222]  ? __pfx_dump_stack_lvl+0x10/0x10
[  420.873236][T18222]  ? __pfx__printk+0x10/0x10
[  420.873258][T18222]  ? fs_reclaim_acquire+0x7d/0x100
[  420.873294][T18222]  should_fail_ex+0x414/0x560
[  420.873326][T18222]  prepare_alloc_pages+0x213/0x610
[  420.873362][T18222]  __alloc_frozen_pages_noprof+0x123/0x370
[  420.873395][T18222]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  420.873434][T18222]  ? policy_nodemask+0x27c/0x720
[  420.873455][T18222]  ? __lock_acquire+0xab9/0xd20
[  420.873481][T18222]  alloc_pages_mpol+0x232/0x4a0
[  420.873512][T18222]  vma_alloc_folio_noprof+0xe4/0x200
[  420.873541][T18222]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  420.873579][T18222]  folio_prealloc+0x30/0x180
[  420.873606][T18222]  __handle_mm_fault+0x2c88/0x5620
[  420.873648][T18222]  ? __pfx___handle_mm_fault+0x10/0x10
[  420.873695][T18222]  ? find_vma+0xe7/0x160
[  420.873716][T18222]  ? __pfx_find_vma+0x10/0x10
[  420.873741][T18222]  handle_mm_fault+0x40a/0x8e0
[  420.873774][T18222]  do_user_addr_fault+0x764/0x1390
[  420.873822][T18222]  exc_page_fault+0x76/0xf0
[  420.873849][T18222]  ? __might_fault+0xb0/0x130
[  420.873883][T18222]  asm_exc_page_fault+0x26/0x30
[  420.873901][T18222] RIP: 0010:rep_movs_alternative+0x4a/0x90
[  420.873927][T18222] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 ff f6 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[  420.873944][T18222] RSP: 0018:ffffc9000bc9fb70 EFLAGS: 00050206
[  420.873964][T18222] RAX: ffffffff84c82901 RBX: 0000000000001000 RCX: 0000000000000080
[  420.873979][T18222] RDX: 0000000000000000 RSI: ffff88807576cf80 RDI: 0000200000001000
[  420.873992][T18222] RBP: 0000000000001000 R08: ffff88807576cfff R09: 1ffff1100eaed9ff
[  420.874006][T18222] R10: dffffc0000000000 R11: ffffed100eaeda00 R12: 0000200000001080
[  420.874020][T18222] R13: 00007ffffffff000 R14: ffff88807576c000 R15: 0000200000000080
[  420.874043][T18222]  ? _copy_to_user+0x11/0xb0
[  420.874071][T18222]  _copy_to_user+0x8a/0xb0
[  420.874093][T18222]  vcs_read+0xa62/0xdb0
[  420.874142][T18222]  ? __pfx_vcs_read+0x10/0x10
[  420.874172][T18222]  vfs_read+0x1fd/0x980
[  420.874206][T18222]  ? __pfx_vfs_read+0x10/0x10
[  420.874232][T18222]  ? __fget_files+0x2a/0x420
[  420.874263][T18222]  ? __fget_files+0x2a/0x420
[  420.874289][T18222]  ? __fget_files+0x3a0/0x420
[  420.874312][T18222]  ? __fget_files+0x2a/0x420
[  420.874346][T18222]  ksys_read+0x145/0x250
[  420.874373][T18222]  ? __pfx_ksys_read+0x10/0x10
[  420.874393][T18222]  ? rcu_is_watching+0x15/0xb0
[  420.874422][T18222]  ? do_syscall_64+0xbe/0x3b0
[  420.874445][T18222]  do_syscall_64+0xfa/0x3b0
[  420.874463][T18222]  ? lockdep_hardirqs_on+0x9c/0x150
[  420.874489][T18222]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.874508][T18222]  ? clear_bhb_loop+0x60/0xb0
[  420.874531][T18222]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  420.874549][T18222] RIP: 0033:0x7f754958e929
[  420.874566][T18222] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  420.874582][T18222] RSP: 002b:00007f75473f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  420.874602][T18222] RAX: ffffffffffffffda RBX: 00007f75497b5fa0 RCX: 00007f754958e929
[  420.874614][T18222] RDX: 0000000000001000 RSI: 0000200000000080 RDI: 0000000000000003
[  420.874625][T18222] RBP: 00007f75473f6090 R08: 0000000000000000 R09: 0000000000000000
[  420.874638][T18222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  420.874649][T18222] R13: 0000000000000000 R14: 00007f75497b5fa0 R15: 00007ffe148c9088
[  420.874681][T18222]  </TASK>
[  420.918472][T18217] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  422.705797][T18301] loop8: detected capacity change from 0 to 7
[  422.726221][T13349] Dev loop8: unable to read RDB block 7
[  422.732137][T13349]  loop8: unable to read partition table
[  422.755722][T13349] loop8: partition table beyond EOD, truncated
[  422.765999][T18301] Dev loop8: unable to read RDB block 7
[  422.774130][T18301]  loop8: unable to read partition table
[  422.780704][T18301] loop8: partition table beyond EOD, truncated
[  422.794178][T18301] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  423.049792][T18315] random: crng reseeded on system resumption
[  423.099399][T18315] Restarting kernel threads ...
[  423.106425][T18315] Done restarting kernel threads.
[  423.906406][ T5851] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  423.954218][ T5851] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  423.964554][ T5851] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  423.992048][ T5851] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  424.000885][ T5851] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  424.397663][T18387] loop8: detected capacity change from 0 to 7
[  424.417166][T13349] Dev loop8: unable to read RDB block 7
[  424.428838][T13349]  loop8: unable to read partition table
[  424.435062][T13349] loop8: partition table beyond EOD, truncated
[  424.443907][T18387] Dev loop8: unable to read RDB block 7
[  424.452356][T18387]  loop8: unable to read partition table
[  424.469528][T18387] loop8: partition table beyond EOD, truncated
[  424.479414][T18387] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  424.777736][   T59] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  424.896191][T18437] binder: 18434:18437 ioctl c0306201 2000000001c0 returned -22
[  425.069453][T18430] mkiss: ax0: crc mode is auto.
[  425.213803][   T59] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.246740][T18498] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present!
[  425.358838][T18342] chnl_net:caif_netlink_parms(): no params data found
[  425.460133][   T59] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.524200][T18513] loop8: detected capacity change from 0 to 7
[  425.556090][T18513] Dev loop8: unable to read RDB block 7
[  425.566649][T18513]  loop8: unable to read partition table
[  425.587987][T18513] loop8: partition table beyond EOD, truncated
[  425.614711][T18513] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  425.639192][   T59] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.065176][   T30] audit: type=1400 audit(1750419889.934:10): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=18570 comm="syz.0.2418"
[  426.099267][ T5850] Bluetooth: hci0: command tx timeout
[  426.263247][T18342] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.270570][T18342] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.285568][T18342] bridge_slave_0: entered allmulticast mode
[  426.294066][T18342] bridge_slave_0: entered promiscuous mode
[  426.307365][T18342] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.315219][T18342] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.330210][T18342] bridge_slave_1: entered allmulticast mode
[  426.338875][T18342] bridge_slave_1: entered promiscuous mode
[  426.419009][T18611] loop8: detected capacity change from 0 to 7
[  426.443434][T18611] Dev loop8: unable to read RDB block 7
[  426.449181][T18611]  loop8: unable to read partition table
[  426.460548][T18611] loop8: partition table beyond EOD, truncated
[  426.470442][T18611] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  426.530838][T18342] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  426.594504][T18342] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  426.799973][T18342] team0: Port device team_slave_0 added
[  426.871462][T18342] team0: Port device team_slave_1 added
[  426.888291][   T59] bridge_slave_1: left allmulticast mode
[  426.906343][   T59] bridge_slave_1: left promiscuous mode
[  426.923518][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.999581][   T59] bridge_slave_0: left allmulticast mode
[  427.015771][   T59] bridge_slave_0: left promiscuous mode
[  427.036313][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.535740][T18708] loop8: detected capacity change from 0 to 7
[  427.544330][T18708] Dev loop8: unable to read RDB block 7
[  427.550047][T18708]  loop8: unable to read partition table
[  427.556585][T18708] loop8: partition table beyond EOD, truncated
[  427.564685][T18708] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  427.741575][T18717] random: crng reseeded on system resumption
[  428.096015][T18731] loop8: detected capacity change from 0 to 7
[  428.105622][T13349] Dev loop8: unable to read RDB block 7
[  428.112934][T13349]  loop8: unable to read partition table
[  428.119047][T13349] loop8: partition table beyond EOD, truncated
[  428.134308][T18731] Dev loop8: unable to read RDB block 7
[  428.139911][T18731]  loop8: unable to read partition table
[  428.148008][T18731] loop8: partition table beyond EOD, truncated
[  428.168455][T18731] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  428.176927][ T5850] Bluetooth: hci0: command tx timeout
[  428.537522][T18743] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  428.749456][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  428.795076][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  428.843755][   T59] bond0 (unregistering): Released all slaves
[  429.009085][T18342] batman_adv: batadv0: Adding interface: batadv_slave_0
[  429.028130][T18342] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  429.059972][T18342] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  429.137814][T18342] batman_adv: batadv0: Adding interface: batadv_slave_1
[  429.155212][T18342] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  429.184256][T18342] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  429.554937][T18806] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  429.656049][T18342] hsr_slave_0: entered promiscuous mode
[  429.668511][T18342] hsr_slave_1: entered promiscuous mode
[  429.696969][T18342] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  429.721092][T18342] Cannot create hsr debugfs directory
[  429.949960][T18849] random: crng reseeded on system resumption
[  429.994293][T18849] Restarting kernel threads ...
[  430.013991][T18849] Done restarting kernel threads.
[  430.199340][   T59] hsr_slave_0: left promiscuous mode
[  430.209447][   T59] hsr_slave_1: left promiscuous mode
[  430.230595][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  430.241319][ T5850] Bluetooth: hci0: command tx timeout
[  430.249509][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  430.268757][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  430.288471][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  430.426008][   T59] veth1_macvtap: left promiscuous mode
[  430.435637][   T59] veth0_macvtap: left promiscuous mode
[  430.446878][   T59] veth1_vlan: left promiscuous mode
[  430.482581][   T59] veth0_vlan: left promiscuous mode
[  431.195087][T18910] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  432.321137][ T5850] Bluetooth: hci0: command tx timeout
[  432.575303][   T59] team0 (unregistering): Port device team_slave_1 removed
[  432.791984][   T59] team0 (unregistering): Port device team_slave_0 removed
[  436.895116][T18342] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  436.926153][T18342] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  436.978501][T18342] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  437.017880][T18342] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  437.339068][T18342] 8021q: adding VLAN 0 to HW filter on device bond0
[  437.392178][T18342] 8021q: adding VLAN 0 to HW filter on device team0
[  437.406834][T19116] loop8: detected capacity change from 0 to 7
[  437.422346][T19116] Dev loop8: unable to read RDB block 7
[  437.431463][T19116]  loop8: unable to read partition table
[  437.445440][T19116] loop8: partition table beyond EOD, truncated
[  437.450096][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  437.458887][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  437.477166][T19116] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  437.682670][T19122] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  437.708140][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state
[  437.715605][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  438.608557][T18342] 8021q: adding VLAN 0 to HW filter on device batadv0
[  438.750770][T18342] veth0_vlan: entered promiscuous mode
[  438.789930][T18342] veth1_vlan: entered promiscuous mode
[  438.810835][T19177] loop8: detected capacity change from 0 to 7
[  438.848504][T19177] Dev loop8: unable to read RDB block 7
[  438.868042][T19177]  loop8: unable to read partition table
[  438.899868][T18342] veth0_macvtap: entered promiscuous mode
[  438.914797][T19177] loop8: partition table beyond EOD, truncated
[  438.927986][T19177] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  438.942941][T18342] veth1_macvtap: entered promiscuous mode
[  438.986432][T18342] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.035288][T18342] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.100249][T18342] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.141151][T18342] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.160566][T18342] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.180888][T18342] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  439.578146][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  439.634861][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  439.711294][T19266] ubi: mtd0 is already attached to ubi31
[  439.820093][T19266] vim2m vim2m.0: vidioc_s_fmt queue busy
[  439.980185][ T1171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.034289][ T1171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.248654][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  440.255155][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  440.526985][T19341] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  441.288290][T19399] loop8: detected capacity change from 0 to 7
[  441.326344][T13349] Dev loop8: unable to read RDB block 7
[  441.335538][T13349]  loop8: unable to read partition table
[  441.342902][T13349] loop8: partition table beyond EOD, truncated
[  441.350395][T19399] Dev loop8: unable to read RDB block 7
[  441.378526][T19399]  loop8: unable to read partition table
[  441.390626][T19399] loop8: partition table beyond EOD, truncated
[  441.398738][T19399] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  442.705212][T19435] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  442.712900][T19435] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  442.727285][T19435] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  442.733431][T19435] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  442.745302][T19435] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  442.751509][T19435] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  442.760329][T19435] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  442.770230][T19435] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  442.778993][T19435] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  442.791833][T19435] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  443.019490][T19468] loop8: detected capacity change from 0 to 7
[  443.033844][T19468] Dev loop8: unable to read RDB block 7
[  443.042630][T19468]  loop8: unable to read partition table
[  443.053098][T19468] loop8: partition table beyond EOD, truncated
[  443.067637][T19468] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  443.389691][T19490] CUSE: info not properly terminated
[  443.654916][T19501] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  443.668738][T19501] nvme_fabrics: unknown parameter or missing value 'b øŒh*:* ' in ctrl creation request
[  444.001819][ T5850] Bluetooth: hci2: command 0x0405 tx timeout
[  444.124280][T19518] ALSA: seq fatal error: cannot create timer (-22)
[  444.148261][T19518] ALSA: seq fatal error: cannot create timer (-22)
[  444.178271][T19518] ALSA: seq fatal error: cannot create timer (-22)
[  444.185223][T19518] ALSA: seq fatal error: cannot create timer (-22)
[  444.192082][T19518] ALSA: seq fatal error: cannot create timer (-22)
[  444.752407][   T36] Bluetooth: hci3: Frame reassembly failed (-84)
[  444.811116][ T5851] Bluetooth: hci0: command 0x0c1a tx timeout
[  444.814005][ T5846] Bluetooth: hci4: command 0x0c1a tx timeout
[  444.817288][ T5851] Bluetooth: hci1: command 0x0406 tx timeout
[  446.081208][ T5851] Bluetooth: hci2: command 0x0405 tx timeout
[  446.801406][ T5840] Bluetooth: hci3: command 0x1003 tx timeout
[  446.807946][ T5850] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  446.881803][ T5850] Bluetooth: hci1: command 0x0406 tx timeout
[  446.888377][ T5846] Bluetooth: hci0: command 0x0c1a tx timeout
[  446.888491][ T5840] Bluetooth: hci4: command 0x0c1a tx timeout
[  446.933668][T19636] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  447.393362][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.431408][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.438966][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.461139][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.468620][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.513411][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.520904][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.535927][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.547070][T19667] vim2m vim2m.0: Fourcc format (0x47524247) invalid.
[  447.551054][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.571174][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.588975][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.601050][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.620014][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.631062][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.661157][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.668639][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.701041][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.709388][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.727743][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.740733][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.750530][T19671] binder: 19668:19671 ioctl 4018620d 0 returned -22
[  447.758985][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.781058][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.788544][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.811055][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.828757][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.830437][T19675] binder: 19668:19675 ioctl c018620c 0 returned -14
[  447.841027][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.861257][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.868727][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.884365][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.911051][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.928817][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.941046][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  447.948528][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.019332][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.027339][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.041035][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.048521][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.081120][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.088605][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.096521][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.116624][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.132009][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.139526][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.149389][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.160229][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.161176][ T5851] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  448.173988][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.174566][ T5850] Bluetooth: hci5: command 0x1003 tx timeout
[  448.206691][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.237676][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.250406][ T5907] hid-generic 009C:0006:0003.0006: unknown main item tag 0x0
[  448.280134][ T5907] hid-generic 009C:0006:0003.0006: hidraw0: <UNKNOWN> HID v0.07 Device [syz1] on syz0
[  448.434246][T19690] fido_id[19690]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  448.941308][T19724] loop8: detected capacity change from 0 to 7
[  448.950663][T13349] Dev loop8: unable to read RDB block 7
[  448.957365][T13349]  loop8: unable to read partition table
[  448.963819][T13349] loop8: partition table beyond EOD, truncated
[  448.971389][ T5851] Bluetooth: hci4: command 0x0c1a tx timeout
[  448.971402][ T5850] Bluetooth: hci0: command 0x0c1a tx timeout
[  448.984451][T19724] Dev loop8: unable to read RDB block 7
[  448.990074][T19724]  loop8: unable to read partition table
[  449.014810][T19724] loop8: partition table beyond EOD, truncated
[  449.021902][T19724] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  449.275672][T19740] CUSE: unknown device info "MzP�´Ã{UÀÞÒ—ýEÞsª¹Z$cw#¤/…fƒ}Ù”Ðb,Q«[{æ•Æ®$
[  449.275672][T19740] Ç4&I:#5o6Ÿ3”ÑŽ.l%¤žwC
[  449.275672][T19740] Ž?"
[  449.307710][T19740] CUSE: unknown device info "v…2‰.7’õ¸Ë‚þ ®Ñ*5®¸Óì•SEAy û…	¿`?e`þŠl6Ý¡ÐÙéQ0V84ÜŽ{c"áKüü^÷vaOÖ�M Œ××Ê8æf1¨\.dž6�á(3´iË¿­›ƒfω11,kb­°îz›Ö‰"�NXjª}˜	ß~
ïwu/¾KÈ9Ê.²Ðrù¯×¤©"
[  449.326123][    C1] vkms_vblank_simulate: vblank timer overrun
[  449.334224][T19740] CUSE: DEVNAME unspecified
[  449.369333][T19743] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  449.659635][T19755] blktrace: Concurrent blktraces are not allowed on sg0
[  449.719751][T19762] loop8: detected capacity change from 0 to 7
[  449.746345][T19762] Dev loop8: unable to read RDB block 7
[  449.760736][T19762]  loop8: unable to read partition table
[  449.775279][T19762] loop8: partition table beyond EOD, truncated
[  449.781793][T19762] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  450.524779][T19793] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  450.540739][T19795] program syz.2.2566 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  450.578458][T19799] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  450.602727][T19799] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  450.634925][T19795] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  451.461935][T19842] program syz.2.2576 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  451.578058][T19842] syz.2.2576: attempt to access beyond end of device
[  451.578058][T19842] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  453.259912][T20020] program syz.1.2587 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  453.280799][   T30] audit: type=1800 audit(1750419917.144:11): pid=20020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2587" name="dmabuf" dev="dmabuf" ino=10 res=0 errno=0
[  453.532641][T20035] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  453.682042][ T5851] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  453.688955][ T5850] Bluetooth: hci3: command 0x1003 tx timeout
[  454.002617][T20004] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  454.010416][T20004] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  454.025113][T20004] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  454.035799][T20004] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  454.062201][T20004] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  454.073571][T20004] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  454.094274][T20004] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  454.100703][T20004] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  454.717025][T20084] input: syz1 as /devices/virtual/input/input85
[  455.962125][T20149] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  456.147487][T20157] loop8: detected capacity change from 0 to 7
[  456.182517][T13349] Dev loop8: unable to read RDB block 7
[  456.188247][T13349]  loop8: unable to read partition table
[  456.221293][T13349] loop8: partition table beyond EOD, truncated
[  456.242916][T20157] Dev loop8: unable to read RDB block 7
[  456.251260][T20157]  loop8: unable to read partition table
[  456.271935][T20157] loop8: partition table beyond EOD, truncated
[  456.281087][T20157] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  457.202865][T20206] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.455136][T20224] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  457.818914][T20240] input: syz1 as /devices/virtual/input/input88
[  458.015390][T20260] kernel profiling enabled (shift: 6)
[  458.975512][T20300] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  459.249120][T20317] random: crng reseeded on system resumption
[  459.545632][T20335] [U] ^G
[  459.886189][T20345] input: syz1 as /devices/virtual/input/input89
[  460.484627][T20374] sp0: Synchronizing with TNC
[  460.501656][T20374] sp0: Found TNC
[  460.615126][T20384] No buffer was provided with the request
[  460.685126][T20372] [U] è`
[  461.216676][T20410] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  461.361498][ T5850] Bluetooth: hci3: command 0x1003 tx timeout
[  461.362048][ T5851] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  461.696592][T20431] input input92: cannot allocate more than FF_MAX_EFFECTS effects
[  462.015239][T20440] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  462.474919][T20470] CUSE: zero length info key specified
[  462.941262][T20498] binfmt_misc: register: failed to install interpreter file ./cgroup/pids.max
[  462.962924][T20500] binder: 20496:20500 ioctl c00c620f 200000000180 returned -22
[  463.556651][T20531] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.2698' sets config #-3
[  464.025400][T20562] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  464.253625][T20575] loop8: detected capacity change from 0 to 7
[  464.268383][T20575] Dev loop8: unable to read RDB block 7
[  464.274712][T20575]  loop8: unable to read partition table
[  464.276774][T20576] input: syz0 as /devices/virtual/input/input93
[  464.286823][T20575] loop8: partition table beyond EOD, truncated
[  464.288081][T20575] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  464.606976][T20596] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  466.205448][T20836] syz.3.2729: attempt to access beyond end of device
[  466.205448][T20836] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  466.476488][ T1171] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.656942][ T1171] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.845039][ T1171] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  466.926337][T20852] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  467.066862][ T1171] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  467.169251][ T5850] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  467.181121][ T5850] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  467.189866][ T5850] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  467.199644][ T5850] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  467.211207][ T5850] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  467.250399][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  467.259144][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  467.269866][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  467.288572][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  467.297599][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  467.506820][ T1171] bridge_slave_1: left allmulticast mode
[  467.514019][ T1171] bridge_slave_1: left promiscuous mode
[  467.519850][ T1171] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.550370][ T1171] bridge_slave_0: left allmulticast mode
[  467.556853][ T1171] bridge_slave_0: left promiscuous mode
[  467.563606][ T1171] bridge0: port 1(bridge_slave_0) entered disabled state
[  467.740458][T20907] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  469.361147][ T5851] Bluetooth: hci1: command tx timeout
[  469.398208][ T1171] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  469.461603][ T1171] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  469.502550][ T1171] bond0 (unregistering): Released all slaves
[  469.570935][T20950] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  470.639040][ T1171] hsr_slave_0: left promiscuous mode
[  470.658313][ T1171] hsr_slave_1: left promiscuous mode
[  470.696962][ T1171] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  470.711204][ T1171] batman_adv: batadv0: Removing interface: batadv_slave_0
[  470.733697][ T1171] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  470.741646][ T1171] batman_adv: batadv0: Removing interface: batadv_slave_1
[  470.769790][T21037] vivid-001: =================  START STATUS  =================
[  470.782890][T21037] vivid-001: RDS Tx I/O Mode: Controls
[  470.785291][ T1171] veth1_macvtap: left promiscuous mode
[  470.789537][T21037] vivid-001: RDS Program ID: 32904
[  470.801782][ T1171] veth0_macvtap: left promiscuous mode
[  470.801997][ T1171] veth1_vlan: left promiscuous mode
[  470.818028][T21037] vivid-001: RDS Program Type: 3
[  470.823430][T21037] vivid-001: RDS PS Name: VIVID-TX
[  470.824003][ T1171] veth0_vlan: left promiscuous mode
[  470.828727][T21037] vivid-001: RDS Radio Text: This is a VIVID default Radio Text template text, change at will
[  470.854504][T21037] vivid-001: RDS Stereo: true
[  470.860526][T21037] vivid-001: RDS Artificial Head: false
[  470.866542][T21037] vivid-001: RDS Compressed: false
[  470.875370][T21037] vivid-001: RDS Dynamic PTY: false
[  470.884033][T21037] vivid-001: RDS Traffic Announcement: false
[  470.895518][T21037] vivid-001: RDS Traffic Program: true
[  470.901582][T21037] vivid-001: RDS Music: true
[  470.906397][T21037] vivid-001: ==================  END STATUS  ==================
[  471.015685][T21042] syz.1.2754: attempt to access beyond end of device
[  471.015685][T21042] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  471.451279][ T5851] Bluetooth: hci1: command tx timeout
[  472.430816][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.448040][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.458959][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.467412][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.476499][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.484230][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.491821][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.499343][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.506917][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.515701][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.524179][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.534685][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.543826][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.557285][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.569243][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.578171][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.589985][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.597787][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.610357][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.619016][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.631277][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.638940][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.650770][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.658568][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.670305][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.678088][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.690537][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.699832][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.711103][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.718845][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.733553][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.743364][   T24] hid-generic 0000:0000:0000.0007: unknown main item tag 0x0
[  472.759364][   T24] hid-generic 0000:0000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  473.028208][ T1171] team0 (unregistering): Port device team_slave_1 removed
[  473.346901][ T1171] team0 (unregistering): Port device team_slave_0 removed
[  473.521433][ T5851] Bluetooth: hci1: command tx timeout
[  473.568293][T21099] ubi: mtd0 is already attached to ubi31
[  474.608287][T21135] loop8: detected capacity change from 0 to 7
[  474.617056][T21135] Dev loop8: unable to read RDB block 7
[  474.623432][T21135]  loop8: unable to read partition table
[  474.629263][T21135] loop8: partition table beyond EOD, truncated
[  474.649206][T21135] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  475.601244][ T5851] Bluetooth: hci1: command tx timeout
[  476.359204][T20863] chnl_net:caif_netlink_parms(): no params data found
[  476.799937][T21304] loop8: detected capacity change from 0 to 7
[  476.840324][T21304] Dev loop8: unable to read RDB block 7
[  476.867038][T21304]  loop8: unable to read partition table
[  476.917494][T21304] loop8: partition table beyond EOD, truncated
[  476.941296][T21304] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  477.048981][T20863] bridge0: port 1(bridge_slave_0) entered blocking state
[  477.075108][T20863] bridge0: port 1(bridge_slave_0) entered disabled state
[  477.088557][T20863] bridge_slave_0: entered allmulticast mode
[  477.141183][T20863] bridge_slave_0: entered promiscuous mode
[  477.169970][T20863] bridge0: port 2(bridge_slave_1) entered blocking state
[  477.186606][T20863] bridge0: port 2(bridge_slave_1) entered disabled state
[  477.210307][T20863] bridge_slave_1: entered allmulticast mode
[  477.233413][T20863] bridge_slave_1: entered promiscuous mode
[  477.418899][T20863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  477.439143][T20863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  477.624208][T20863] team0: Port device team_slave_0 added
[  477.718454][T20863] team0: Port device team_slave_1 added
[  477.904654][T20863] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.916420][T20863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.962689][T20863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  478.005036][T20863] batman_adv: batadv0: Adding interface: batadv_slave_1
[  478.014970][T20863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  478.064575][T20863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  478.326182][T20863] hsr_slave_0: entered promiscuous mode
[  478.343803][T20863] hsr_slave_1: entered promiscuous mode
[  479.757160][T21601] loop8: detected capacity change from 0 to 7
[  479.796770][T21601] Dev loop8: unable to read RDB block 7
[  479.816835][T21601]  loop8: unable to read partition table
[  479.846021][T21601] loop8: partition table beyond EOD, truncated
[  479.866506][T21601] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  480.126588][T21624] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  480.847503][T20863] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  480.909003][T20863] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  480.922107][T20863] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  480.939829][T20863] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  480.964191][T21683] loop8: detected capacity change from 0 to 7
[  480.972831][T21683] Dev loop8: unable to read RDB block 7
[  480.972881][T21683]  loop8: unable to read partition table
[  480.973112][T21683] loop8: partition table beyond EOD, truncated
[  480.973147][T21683] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  481.308922][T20863] 8021q: adding VLAN 0 to HW filter on device bond0
[  481.360587][T20863] 8021q: adding VLAN 0 to HW filter on device team0
[  481.400070][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  481.400202][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  481.434070][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state
[  481.434195][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  481.758429][T21717] loop8: detected capacity change from 0 to 7
[  481.803018][T21717] Dev loop8: unable to read RDB block 7
[  481.821211][T21717]  loop8: unable to read partition table
[  481.835112][T21717] loop8: partition table beyond EOD, truncated
[  481.859078][T21717] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  482.229880][T20863] 8021q: adding VLAN 0 to HW filter on device batadv0
[  482.425160][T20863] veth0_vlan: entered promiscuous mode
[  482.455895][T20863] veth1_vlan: entered promiscuous mode
[  482.551683][T21756] loop8: detected capacity change from 0 to 7
[  482.578039][T20863] veth0_macvtap: entered promiscuous mode
[  482.580546][T21756] Dev loop8: unable to read RDB block 7
[  482.598390][T21756]  loop8: unable to read partition table
[  482.620293][T20863] veth1_macvtap: entered promiscuous mode
[  482.631375][T21756] loop8: partition table beyond EOD, truncated
[  482.637635][T21756] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  482.716051][T20863] batman_adv: batadv0: Interface activated: batadv_slave_0
[  482.774861][T20863] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.825398][T20863] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.853356][T20863] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.863167][T20863] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.873796][T20863] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  483.148777][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.185508][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.289493][ T1058] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  483.309408][ T1058] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.941127][T21814] loop8: detected capacity change from 0 to 7
[  484.022153][T21814] Dev loop8: unable to read RDB block 7
[  484.030716][T21814]  loop8: unable to read partition table
[  484.061324][T21814] loop8: partition table beyond EOD, truncated
[  484.078097][T21814] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  484.319129][T21831] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  484.716003][T21861] input: syz1 as /devices/virtual/input/input95
[  484.842694][T21870] tun0: tun_chr_ioctl cmd 1074025675
[  484.848064][T21870] tun0: persist disabled
[  485.038740][T21886] loop8: detected capacity change from 0 to 7
[  485.054427][T13349] Dev loop8: unable to read RDB block 7
[  485.060084][T13349]  loop8: unable to read partition table
[  485.068775][T13349] loop8: partition table beyond EOD, truncated
[  485.092293][T21886] Dev loop8: unable to read RDB block 7
[  485.104697][T21886]  loop8: unable to read partition table
[  485.116607][T21886] loop8: partition table beyond EOD, truncated
[  485.124987][T21889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  485.132941][T21886] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  485.177912][T21889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  485.405878][T21908] loop6: detected capacity change from 0 to 4
[  485.503960][    C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  485.513490][    C0] buffer_io_error: 11 callbacks suppressed
[  485.513507][    C0] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  485.981194][    C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  485.990718][    C0] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  486.302693][T21938] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  487.210596][T21982] loop8: detected capacity change from 0 to 7
[  487.261637][T21982] Dev loop8: unable to read RDB block 7
[  487.274513][T21982]  loop8: unable to read partition table
[  487.291492][T21982] loop8: partition table beyond EOD, truncated
[  487.431716][T21982] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  488.528312][T22030] autofs4:pid:22030:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[  489.039817][ T5850] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  489.042813][ T5850] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  489.043456][ T5850] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  489.044682][ T5850] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  489.045482][ T5850] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  489.455596][T18420] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.614734][T18420] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.746369][T18420] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  489.916684][T18420] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  490.158871][T22052] chnl_net:caif_netlink_parms(): no params data found
[  490.713931][T18420] bridge_slave_1: left allmulticast mode
[  490.719660][T18420] bridge_slave_1: left promiscuous mode
[  490.727960][T18420] bridge0: port 2(bridge_slave_1) entered disabled state
[  490.777724][T18420] bridge_slave_0: left allmulticast mode
[  490.790672][T18420] bridge_slave_0: left promiscuous mode
[  490.798563][T18420] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.121405][ T5851] Bluetooth: hci2: command tx timeout
[  491.773481][T22318] kvm: user requested TSC rate below hardware speed
[  491.854239][T22337] CUSE: info not properly terminated
[  492.376298][T22396] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x30314247, 8, 0, 0, 0)
[  492.399770][T22396] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x30314247, 8, 0, 0, 0)
[  492.463221][T22396] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x30314247, 8, 0, 0, 0)
[  492.522675][T22396] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:16x16 (0x30314247, 8, 0, 0, 0)
[  492.783055][T22437] loop8: detected capacity change from 0 to 7
[  492.796436][T22437] Dev loop8: unable to read RDB block 7
[  492.802223][T22437]  loop8: unable to read partition table
[  492.808133][T22437] loop8: partition table beyond EOD, truncated
[  492.831097][T22437] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  493.119707][T22449] binder: 22448:22449 ioctl c0046209 0 returned -22
[  493.201213][ T5851] Bluetooth: hci2: command tx timeout
[  493.336530][T18420] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  493.399616][T18420] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  493.454031][T18420] bond0 (unregistering): Released all slaves
[  493.643945][T22052] bridge0: port 1(bridge_slave_0) entered blocking state
[  493.654926][T22052] bridge0: port 1(bridge_slave_0) entered disabled state
[  493.676313][T22052] bridge_slave_0: entered allmulticast mode
[  493.697052][T22052] bridge_slave_0: entered promiscuous mode
[  493.732561][T22052] bridge0: port 2(bridge_slave_1) entered blocking state
[  493.739773][T22052] bridge0: port 2(bridge_slave_1) entered disabled state
[  493.758925][T22052] bridge_slave_1: entered allmulticast mode
[  493.767715][T22052] bridge_slave_1: entered promiscuous mode
[  494.535708][T22052] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  494.576607][T22052] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  495.278671][T22052] team0: Port device team_slave_0 added
[  495.305143][ T5851] Bluetooth: hci2: command tx timeout
[  495.341217][T18420] hsr_slave_0: left promiscuous mode
[  495.394797][T18420] hsr_slave_1: left promiscuous mode
[  495.413218][T18420] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  495.420701][T18420] batman_adv: batadv0: Removing interface: batadv_slave_0
[  495.477039][T18420] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  495.484894][T18420] batman_adv: batadv0: Removing interface: batadv_slave_1
[  495.551387][T18420] veth1_macvtap: left promiscuous mode
[  495.557243][T18420] veth0_macvtap: left promiscuous mode
[  495.565407][T22608] loop8: detected capacity change from 0 to 7
[  495.570225][T18420] veth1_vlan: left promiscuous mode
[  495.583734][T18420] veth0_vlan: left promiscuous mode
[  495.586649][T13349] Dev loop8: unable to read RDB block 7
[  495.602689][T13349]  loop8: unable to read partition table
[  495.616207][T13349] loop8: partition table beyond EOD, truncated
[  495.639827][T22608] Dev loop8: unable to read RDB block 7
[  495.649174][T22608]  loop8: unable to read partition table
[  495.659317][T22608] loop8: partition table beyond EOD, truncated
[  495.672082][T22608] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  495.877906][T22613] input: syz0 as /devices/virtual/input/input96
[  496.253499][T22630] loop8: detected capacity change from 0 to 7
[  496.265458][T13349] Dev loop8: unable to read RDB block 7
[  496.290317][T13349]  loop8: unable to read partition table
[  496.297277][T13349] loop8: partition table beyond EOD, truncated
[  496.307963][T22630] Dev loop8: unable to read RDB block 7
[  496.331758][T22630]  loop8: unable to read partition table
[  496.349552][T22630] loop8: partition table beyond EOD, truncated
[  496.378782][T22630] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  496.820425][T22656] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[  497.023088][T22666] loop8: detected capacity change from 0 to 7
[  497.053901][T22666] Dev loop8: unable to read RDB block 7
[  497.066902][T22666]  loop8: unable to read partition table
[  497.096855][T22666] loop8: partition table beyond EOD, truncated
[  497.103605][T22666] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  497.361251][ T5851] Bluetooth: hci2: command tx timeout
[  497.594866][T22681] input: syz1 as /devices/virtual/input/input98
[  497.693868][T22685] binder: 22678:22685 ioctl c018620c 200000000500 returned -1
[  498.479931][T18420] team0 (unregistering): Port device team_slave_1 removed
[  498.650307][T22711] loop8: detected capacity change from 0 to 7
[  498.675906][T13349] Dev loop8: unable to read RDB block 7
[  498.682433][T13349]  loop8: unable to read partition table
[  498.688462][T13349] loop8: partition table beyond EOD, truncated
[  498.702470][T22711] Dev loop8: unable to read RDB block 7
[  498.708121][T22711]  loop8: unable to read partition table
[  498.714564][T22711] loop8: partition table beyond EOD, truncated
[  498.720797][T22711] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  498.747904][T18420] team0 (unregistering): Port device team_slave_0 removed
[  498.909605][T22725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  499.131291][T22735] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  500.106181][T22746] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  500.517617][T22759] block nbd2: NBD_DISCONNECT
[  501.386163][T22052] team0: Port device team_slave_1 added
[  501.692658][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  501.692756][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  501.791749][T22052] batman_adv: batadv0: Adding interface: batadv_slave_0
[  501.798769][T22052] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.842466][T22052] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  501.859665][T22052] batman_adv: batadv0: Adding interface: batadv_slave_1
[  501.868768][T22052] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  501.960067][T22052] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  502.533729][T22853] loop9: detected capacity change from 0 to 8388608
[  502.963292][T22052] hsr_slave_0: entered promiscuous mode
[  502.964562][T22052] hsr_slave_1: entered promiscuous mode
[  502.965374][T22052] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  502.965438][T22052] Cannot create hsr debugfs directory
[  503.044787][T22881] binder: 22878:22881 ioctl c0306201 0 returned -14
[  503.550213][T22958] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  504.561831][T22052] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  504.595337][T22052] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  504.606571][T22052] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  504.629770][T22052] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  504.927269][T22052] 8021q: adding VLAN 0 to HW filter on device bond0
[  504.962466][ T5851] Bluetooth: hci1: command 0x0c1a tx timeout
[  504.974059][T21665] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  504.974110][T21665] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  504.976819][T22052] 8021q: adding VLAN 0 to HW filter on device team0
[  505.004991][T18420] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.005117][T18420] bridge0: port 1(bridge_slave_0) entered forwarding state
[  505.023972][T18420] bridge0: port 2(bridge_slave_1) entered blocking state
[  505.024114][T18420] bridge0: port 2(bridge_slave_1) entered forwarding state
[  505.503446][T23043] mkiss: ax0: crc mode is auto.
[  505.756994][T23049] mkiss: ax0: crc mode is auto.
[  505.963149][T22052] 8021q: adding VLAN 0 to HW filter on device batadv0
[  506.131828][T22052] veth0_vlan: entered promiscuous mode
[  506.230565][T22052] veth1_vlan: entered promiscuous mode
[  506.485209][T22052] veth0_macvtap: entered promiscuous mode
[  506.584470][T22052] veth1_macvtap: entered promiscuous mode
[  506.719858][T22052] batman_adv: batadv0: Interface activated: batadv_slave_0
[  506.827080][T22052] batman_adv: batadv0: Interface activated: batadv_slave_1
[  506.964762][T22052] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  506.992842][T22052] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  507.031316][T22052] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  507.040373][T22052] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  507.441799][ T5851] Bluetooth: hci2: command 0x0c1a tx timeout
[  507.447938][T21665] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  507.474934][T21665] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  507.906840][ T1171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  507.959524][ T1171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.084730][T18417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  508.231941][T18417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  508.673305][T23195] input: syz0 as /devices/virtual/input/input100
[  508.695090][T23195] input: failed to attach handler leds to device input100, error: -6
[  508.760639][T23200] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  509.315332][T23230] vivid-003: disconnect
[  509.845587][T23255] syz.0.2968: vmalloc error: size 16105472, failed to allocated page array size 31456, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  509.899851][T23255] CPU: 1 UID: 0 PID: 23255 Comm: syz.0.2968 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  509.899882][T23255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  509.899893][T23255] Call Trace:
[  509.899901][T23255]  <TASK>
[  509.899910][T23255]  dump_stack_lvl+0x189/0x250
[  509.899944][T23255]  ? __pfx_dump_stack_lvl+0x10/0x10
[  509.899967][T23255]  ? __pfx__printk+0x10/0x10
[  509.899990][T23255]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  509.900016][T23255]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  509.900044][T23255]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  509.900073][T23255]  warn_alloc+0x214/0x310
[  509.900108][T23255]  ? __pfx_warn_alloc+0x10/0x10
[  509.900145][T23255]  ? __get_vm_area_node+0x28f/0x300
[  509.900170][T23255]  ? kvm_set_memslot+0x4e2/0x1310
[  509.900195][T23255]  __vmalloc_node_range_noprof+0x67e/0x12f0
[  509.900249][T23255]  ? kvm_set_memslot+0x3e/0x1310
[  509.900272][T23255]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  509.900310][T23255]  ? kvm_set_memslot+0x4e2/0x1310
[  509.900327][T23255]  __vmalloc_noprof+0xb1/0xf0
[  509.900352][T23255]  ? kvm_set_memslot+0x4e2/0x1310
[  509.900374][T23255]  kvm_set_memslot+0x4e2/0x1310
[  509.900399][T23255]  ? kvm_set_memory_region+0x775/0xc00
[  509.900426][T23255]  kvm_set_memory_region+0x9bb/0xc00
[  509.900464][T23255]  kvm_vm_ioctl_set_memory_region+0x6f/0xa0
[  509.900488][T23255]  kvm_vm_ioctl+0x957/0xc60
[  509.900512][T23255]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  509.900537][T23255]  ? do_vfs_ioctl+0x12ba/0x1990
[  509.900564][T23255]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  509.900610][T23255]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  509.900652][T23255]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  509.900681][T23255]  ? tomoyo_path_number_perm+0x4e2/0x5a0
[  509.900708][T23255]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  509.900738][T23255]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  509.900788][T23255]  ? __lock_acquire+0xab9/0xd20
[  509.900833][T23255]  ? __fget_files+0x2a/0x420
[  509.900863][T23255]  ? __fget_files+0x2a/0x420
[  509.900888][T23255]  ? __fget_files+0x3a0/0x420
[  509.900914][T23255]  ? __fget_files+0x2a/0x420
[  509.900947][T23255]  ? bpf_lsm_file_ioctl+0x9/0x20
[  509.900966][T23255]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  509.900985][T23255]  __se_sys_ioctl+0xfc/0x170
[  509.901010][T23255]  do_syscall_64+0xfa/0x3b0
[  509.901029][T23255]  ? lockdep_hardirqs_on+0x9c/0x150
[  509.901054][T23255]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.901071][T23255]  ? clear_bhb_loop+0x60/0xb0
[  509.901094][T23255]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  509.901111][T23255] RIP: 0033:0x7f5bdad8e929
[  509.901130][T23255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  509.901145][T23255] RSP: 002b:00007f5bdbc4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  509.901166][T23255] RAX: ffffffffffffffda RBX: 00007f5bdafb5fa0 RCX: 00007f5bdad8e929
[  509.901178][T23255] RDX: 0000200000000080 RSI: 000000004020ae46 RDI: 0000000000000004
[  509.901190][T23255] RBP: 00007f5bdae10b39 R08: 0000000000000000 R09: 0000000000000000
[  509.901201][T23255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  509.901212][T23255] R13: 0000000000000000 R14: 00007f5bdafb5fa0 R15: 00007fffaed4d028
[  509.901243][T23255]  </TASK>
[  510.253761][T23255] Mem-Info:
[  510.258946][T23255] active_anon:15696 inactive_anon:0 isolated_anon:0
[  510.258946][T23255]  active_file:1494 inactive_file:44123 isolated_file:0
[  510.258946][T23255]  unevictable:768 dirty:23 writeback:0
[  510.258946][T23255]  slab_reclaimable:11016 slab_unreclaimable:93539
[  510.258946][T23255]  mapped:27196 shmem:8325 pagetables:1312
[  510.258946][T23255]  sec_pagetables:0 bounce:0
[  510.258946][T23255]  kernel_misc_reclaimable:0
[  510.258946][T23255]  free:1324725 free_pcp:16963 free_cma:0
[  510.304318][    C0] vkms_vblank_simulate: vblank timer overrun
[  510.374092][T23255] Node 0 active_anon:67784kB inactive_anon:0kB active_file:5976kB inactive_file:176288kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108784kB dirty:92kB writeback:0kB shmem:31764kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11408kB pagetables:5208kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  510.409063][T23255] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  510.418056][T23229] vivid-003: reconnect
[  510.440614][    C0] vkms_vblank_simulate: vblank timer overrun
[  510.440630][T23255] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  510.440704][T23255] lowmem_reserve[]: 0 2497 2498 2498 2498
[  510.440754][T23255] Node 0 DMA32 free:1373752kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:67940kB inactive_anon:0kB active_file:5976kB inactive_file:174960kB unevictable:1536kB writepending:92kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:50092kB local_pcp:24484kB free_cma:0kB
[  510.440811][T23255] lowmem_reserve[]: 0 0 1 1 1
[  510.524090][T23255] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  510.553402][T23255] lowmem_reserve[]: 0 0 0 0 0
[  510.558482][T23255] Node 1 Normal free:3902280kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:20108kB local_pcp:9472kB free_cma:0kB
[  510.591157][T23255] lowmem_reserve[]: 0 0 0 0 0
[  510.595954][T23255] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  510.704471][T23255] Node 0 DMA32: 284*4kB (UME) 117*8kB (UE) 169*16kB (UME) 496*32kB (UE) 241*64kB (UME) 77*128kB (UME) 110*256kB (UM) 64*512kB (UME) 19*1024kB (UME) 3*2048kB (M) 303*4096kB (UM) = 1373544kB
[  510.765011][T23255] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  510.811023][T23255] Node 1 Normal: 220*4kB (UE) 51*8kB (UME) 50*16kB (UME) 67*32kB (UME) 27*64kB (UME) 4*128kB (ME) 4*256kB (UME) 3*512kB (UM) 2*1024kB (ME) 2*2048kB (UE) 949*4096kB (M) = 3902280kB
[  510.870194][T23255] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  510.917822][T23255] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[  510.941182][T23255] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  510.962771][T23255] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  510.984483][T23255] 51088 total pagecache pages
[  510.994631][T23255] 0 pages in swap cache
[  511.004397][T23255] Free swap  = 124996kB
[  511.015138][T23255] Total swap = 124996kB
[  511.022809][T23255] 2097051 pages RAM
[  511.045045][T23255] 0 pages HighMem/MovableOnly
[  511.061489][T23255] 425688 pages reserved
[  511.065719][T23255] 0 pages cma reserved
[  511.193501][T23300] binder: 23298:23300 ioctl c018620c 200000001180 returned -22
[  511.484851][T23307] syz.3.2977: attempt to access beyond end of device
[  511.484851][T23307] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  511.954591][T23345] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  513.324803][T23415] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem
[  516.226389][T23507] tty tty3: ldisc open failed (-12), clearing slot 2
[  516.607913][T23653] syz.1.3011: attempt to access beyond end of device
[  516.607913][T23653] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  516.853549][T23665] loop8: detected capacity change from 0 to 7
[  516.916129][T13349] Dev loop8: unable to read RDB block 7
[  516.935920][T13349]  loop8: unable to read partition table
[  516.969508][T13349] loop8: partition table beyond EOD, truncated
[  516.988238][T23665] Dev loop8: unable to read RDB block 7
[  516.996847][T23665]  loop8: unable to read partition table
[  517.003856][T23665] loop8: partition table beyond EOD, truncated
[  517.010217][T23665] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  517.103443][T23683] vivid-000: disconnect
[  517.591306][T23683] vivid-000: reconnect
[  517.611095][T23701] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  517.996032][T23716] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  518.169178][T23734] loop8: detected capacity change from 0 to 7
[  518.182275][T13349] Dev loop8: unable to read RDB block 7
[  518.188139][T13349]  loop8: unable to read partition table
[  518.194688][T13349] loop8: partition table beyond EOD, truncated
[  518.204148][T23734] Dev loop8: unable to read RDB block 7
[  518.209861][T23734]  loop8: unable to read partition table
[  518.215879][T23734] loop8: partition table beyond EOD, truncated
[  518.237345][T23734] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  518.448192][T23745] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  518.537892][T23760] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  518.730014][T23768] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  518.952667][T23771] input: syz0 as /devices/virtual/input/input101
[  519.473909][T23799] syz.1.3036: attempt to access beyond end of device
[  519.473909][T23799] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  519.674991][T23807] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  519.870550][T23817] mkiss: ax0: crc mode is auto.
[  520.569105][T23850] can0: slcan on ptm0.
[  520.841323][T23848] can0 (unregistered): slcan off ptm0.
[  521.059315][T23876] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  521.159019][T23871] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  521.286068][T23894] loop8: detected capacity change from 0 to 7
[  521.313546][T23894] Dev loop8: unable to read RDB block 7
[  521.319405][T23894]  loop8: unable to read partition table
[  521.341345][T23894] loop8: partition table beyond EOD, truncated
[  521.367159][T23894] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  521.898785][T23926] input: syz0 as /devices/virtual/input/input103
[  522.035857][T23933] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  522.251697][T23950] random: crng reseeded on system resumption
[  522.297999][T23950] Restarting kernel threads ...
[  522.317170][T23950] Done restarting kernel threads.
[  522.793522][T23973] program syz.2.3066 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  522.825470][T23973] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  522.902668][T23973] input: syz1 as /devices/virtual/input/input104
[  523.299318][T23995] syz.1.3067: attempt to access beyond end of device
[  523.299318][T23995] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  523.572614][T24015] loop8: detected capacity change from 0 to 7
[  523.587949][T13349] Dev loop8: unable to read RDB block 7
[  523.594266][T13349]  loop8: unable to read partition table
[  523.600255][T13349] loop8: partition table beyond EOD, truncated
[  523.605178][T24017] input: syz1 as /devices/virtual/input/input105
[  523.615383][T24015] Dev loop8: unable to read RDB block 7
[  523.648668][T24015]  loop8: unable to read partition table
[  523.661229][T24015] loop8: partition table beyond EOD, truncated
[  523.670865][T24015] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  524.238836][T24049] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  524.242021][T24059] loop8: detected capacity change from 0 to 7
[  524.271959][T24059] Dev loop8: unable to read RDB block 7
[  524.277711][T24059]  loop8: unable to read partition table
[  524.286611][T24059] loop8: partition table beyond EOD, truncated
[  524.301874][T24059] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[  524.496741][T24071] loop8: detected capacity change from 0 to 7
[  524.516057][T24071] Dev loop8: unable to read RDB block 7
[  524.540085][T24071]  loop8: unable to read partition table
[  524.560271][T24071] loop8: partition table beyond EOD, truncated
[  524.585791][T24071] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  525.704855][T24131] loop8: detected capacity change from 0 to 7
[  525.706359][T24131] Dev loop8: unable to read RDB block 7
[  525.706407][T24131]  loop8: unable to read partition table
[  525.706681][T24131] loop8: partition table beyond EOD, truncated
[  525.706713][T24131] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  526.788942][T24178] loop8: detected capacity change from 0 to 7
[  526.790800][T24178] Dev loop8: unable to read RDB block 7
[  526.790850][T24178]  loop8: unable to read partition table
[  526.794970][T24178] loop8: partition table beyond EOD, truncated
[  526.794998][T24178] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  527.005864][T21665] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  527.005902][T21665] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  527.005927][T21665] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  527.005952][T21665] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  527.005977][T21665] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  527.018453][T21665] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  527.210172][T24195] fido_id[24195]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  528.294271][T24243] random: crng reseeded on system resumption
[  528.695302][T24260] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  528.943189][T24270] loop6: detected capacity change from 0 to 524287999
[  529.830739][T24286] nvme_fabrics: unknown parameter or missing value 'W' in ctrl creation request
[  529.974845][T24296] random: crng reseeded on system resumption
[  530.962427][T24345] input: syz0 as /devices/virtual/input/input107
[  533.770500][T19213] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  533.786513][T19213] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  533.794830][T19213] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  533.804307][T19213] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  533.812193][T19213] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  533.817284][T24426] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  533.829128][T19213] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  533.919495][T24428] fido_id[24428]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  534.429494][T24460] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  537.188472][T24556] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  537.373773][T24566] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  538.279738][T24614] syz.2.3206: attempt to access beyond end of device
[  538.279738][T24614] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  538.903825][T24642] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  539.747236][T24664] sd 0:0:1:0: device reset
[  540.152746][T24683] i2c i2c-0: Invalid block write size 34
[  540.280719][ T5850] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  540.294044][ T5850] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  540.302746][ T5850] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  540.312894][ T5850] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  540.326975][ T5850] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  540.709152][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  540.913196][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  541.043684][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  541.248435][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  541.251538][T24750] dlm: plock device version mismatch: kernel (1.2.0), user (1.6.16)
[  541.270483][T24750] random: crng reseeded on system resumption
[  541.489677][T24686] chnl_net:caif_netlink_parms(): no params data found
[  541.577363][T24842] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  541.985749][T24686] bridge0: port 1(bridge_slave_0) entered blocking state
[  542.004834][T24686] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.014061][T24686] bridge_slave_0: entered allmulticast mode
[  542.022608][T24686] bridge_slave_0: entered promiscuous mode
[  542.037994][   T12] bridge_slave_1: left allmulticast mode
[  542.048505][   T12] bridge_slave_1: left promiscuous mode
[  542.065402][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  542.113456][   T12] bridge_slave_0: left allmulticast mode
[  542.125765][   T12] bridge_slave_0: left promiscuous mode
[  542.140857][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  542.384324][T24943] ALSA: seq fatal error: cannot create timer (-22)
[  542.401502][ T5850] Bluetooth: hci3: command tx timeout
[  543.079563][T24973] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  544.262586][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  544.321456][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  544.382981][   T12] bond0 (unregistering): Released all slaves
[  544.397990][T24686] bridge0: port 2(bridge_slave_1) entered blocking state
[  544.405461][T24686] bridge0: port 2(bridge_slave_1) entered disabled state
[  544.413462][T24686] bridge_slave_1: entered allmulticast mode
[  544.420886][T24686] bridge_slave_1: entered promiscuous mode
[  544.481520][ T5850] Bluetooth: hci3: command tx timeout
[  544.586942][T24686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  544.714839][T24686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  544.977957][T24686] team0: Port device team_slave_0 added
[  545.092795][T24686] team0: Port device team_slave_1 added
[  545.438185][T24686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  545.472483][T24686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.498695][    C1] vkms_vblank_simulate: vblank timer overrun
[  545.537493][T24686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  545.796268][T24686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  545.835478][T24686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.861434][    C1] vkms_vblank_simulate: vblank timer overrun
[  545.895404][T24686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  546.017974][   T12] hsr_slave_0: left promiscuous mode
[  546.029593][   T12] hsr_slave_1: left promiscuous mode
[  546.046548][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  546.060619][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  546.089918][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  546.098303][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  546.129373][   T12] veth1_macvtap: left promiscuous mode
[  546.145847][   T12] veth0_macvtap: left promiscuous mode
[  546.152291][   T12] veth1_vlan: left promiscuous mode
[  546.157919][   T12] veth0_vlan: left promiscuous mode
[  546.571537][ T5850] Bluetooth: hci3: command tx timeout
[  546.579365][T25215] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  547.011504][T25235] syz.3.3277: attempt to access beyond end of device
[  547.011504][T25235] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  547.446571][T25264] ttyS ttyS3: ldisc open failed (-12), clearing slot 3
[  548.436644][   T12] team0 (unregistering): Port device team_slave_1 removed
[  548.641406][ T5850] Bluetooth: hci3: command tx timeout
[  548.647741][   T12] team0 (unregistering): Port device team_slave_0 removed
[  551.226864][T24686] hsr_slave_0: entered promiscuous mode
[  551.234345][T24686] hsr_slave_1: entered promiscuous mode
[  551.250681][T24686] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  551.262102][T24686] Cannot create hsr debugfs directory
[  551.660302][T25368] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  552.200192][T25426] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  552.260217][T24686] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  552.295390][T24686] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  552.335263][T24686] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  552.383300][T24686] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  552.667219][T25453] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  552.769897][T24686] 8021q: adding VLAN 0 to HW filter on device bond0
[  552.967995][T24686] 8021q: adding VLAN 0 to HW filter on device team0
[  552.988826][ T3560] bridge0: port 1(bridge_slave_0) entered blocking state
[  552.996098][ T3560] bridge0: port 1(bridge_slave_0) entered forwarding state
[  553.111003][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state
[  553.118271][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  553.654668][T25504] loop8: detected capacity change from 0 to 7
[  553.679066][T25504] Dev loop8: unable to read RDB block 7
[  553.716031][T25504]  loop8: unable to read partition table
[  553.739276][T25504] loop8: partition table beyond EOD, truncated
[  553.752014][T25504] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  553.954559][T24686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  555.026348][T24686] veth0_vlan: entered promiscuous mode
[  555.060881][T24686] veth1_vlan: entered promiscuous mode
[  555.234268][T24686] veth0_macvtap: entered promiscuous mode
[  555.275387][T24686] veth1_macvtap: entered promiscuous mode
[  555.331715][T25571] loop8: detected capacity change from 0 to 7
[  555.338167][T24686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  555.350642][T25571] Dev loop8: unable to read RDB block 7
[  555.361852][T25571]  loop8: unable to read partition table
[  555.370673][T24686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  555.378620][T25571] loop8: partition table beyond EOD, truncated
[  555.388391][T25571] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  555.404730][T24686] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  555.437217][T24686] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  555.474858][T24686] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  555.493158][T24686] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  555.559676][T25578] input: syz0 as /devices/virtual/input/input114
[  555.846522][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.846549][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  555.977491][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  555.977518][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  557.452647][T25704] binder: 25701:25704 ioctl c018620c 200000000080 returned -22
[  557.557432][T25704] binder: 25701:25704 ioctl c018620c 200000000080 returned -14
[  558.617556][T25696] tty tty27: ldisc open failed (-12), clearing slot 26
[  558.661683][T25702] tty tty2: ldisc open failed (-12), clearing slot 1
[  558.702387][T25704] tty tty2: ldisc open failed (-12), clearing slot 1
[  559.135402][   T30] audit: type=1400 audit(1750420022.994:12): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2221D01A0B978D2F2F962D2A83D1 pid=25748 comm="syz.3.3337"
[  559.156740][    C1] vkms_vblank_simulate: vblank timer overrun
[  559.374159][T25770] loop8: detected capacity change from 0 to 7
[  559.406774][T25770] Dev loop8: unable to read RDB block 7
[  559.421587][T25770]  loop8: unable to read partition table
[  559.427536][T25770] loop8: partition table beyond EOD, truncated
[  559.472471][T25770] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  560.754718][T25833] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  561.389383][T25873] usb usb1: usbfs: process 25873 (syz.4.3361) did not claim interface 0 before use
[  561.766516][T25884] program syz.2.3363 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  561.799404][T25884] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  561.829303][T25884] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  561.851629][T25884] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  562.393931][T25901] mkiss: ax0: crc mode is auto.
[  562.860671][T25930] loop8: detected capacity change from 0 to 7
[  562.870232][T25303] Dev loop8: unable to read RDB block 7
[  562.880375][T25303]  loop8: unable to read partition table
[  562.886869][T25303] loop8: partition table beyond EOD, truncated
[  562.916401][T25930] Dev loop8: unable to read RDB block 7
[  562.931165][T25930]  loop8: unable to read partition table
[  562.948076][T25930] loop8: partition table beyond EOD, truncated
[  562.972914][T25930] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  563.079730][T25934] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  563.130394][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  563.136972][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  563.454647][T25968] binder: 25967:25968 ioctl c0306201 200000000540 returned -14
[  563.980619][T25995] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  564.686035][T26034] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  566.718295][T26122] loop8: detected capacity change from 0 to 7
[  566.744691][T26122] Dev loop8: unable to read RDB block 7
[  566.756076][T26122]  loop8: unable to read partition table
[  566.764550][T26122] loop8: partition table beyond EOD, truncated
[  566.771730][T26122] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  567.145303][T26140] input: syz1 as /devices/virtual/input/input116
[  567.198765][T26140] sp0: Synchronizing with TNC
[  568.410237][T26203] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=64875003 (129750006 ns) > initial count (53591314 ns). Using initial count to start timer.
[  568.864323][T26229] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  569.384219][T26264] syz.2.3431: attempt to access beyond end of device
[  569.384219][T26264] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  569.754493][ T1058] Bluetooth: hci5: Frame reassembly failed (-84)
[  569.764722][T26281] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  570.564260][ T5850] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  571.773251][ T5840] Bluetooth: hci5: command 0x1003 tx timeout
[  571.780103][ T5851] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  572.249083][T26435] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  572.259154][T26435] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  572.278929][T26435] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  573.238266][T26491] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  573.602656][T26506] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  574.241276][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  575.170294][T26585] cgroup: fork rejected by pids controller in /syz1
[  576.321982][ T5851] Bluetooth: hci3: command 0x0c1a tx timeout
[  576.593414][ T3560] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.656397][T26735] sp0: Synchronizing with TNC
[  576.796045][ T3560] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  576.967748][ T3560] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.223783][ T3560] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  577.541901][ T5840] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  577.552782][ T5840] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  577.567571][ T5840] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  577.596280][ T5840] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  577.624596][ T5840] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  577.827026][ T3560] bridge_slave_1: left allmulticast mode
[  577.876986][ T3560] bridge_slave_1: left promiscuous mode
[  577.934279][ T3560] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.133254][ T3560] bridge_slave_0: left allmulticast mode
[  578.169488][ T3560] bridge_slave_0: left promiscuous mode
[  578.182368][T26842] input: syz0 as /devices/virtual/input/input118
[  578.192608][ T3560] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.401433][ T5840] Bluetooth: hci3: command 0x0c1a tx timeout
[  578.783493][T26905] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  579.681740][ T5840] Bluetooth: hci0: command tx timeout
[  579.857548][T27002] loop8: detected capacity change from 0 to 7
[  579.869981][T27002] Dev loop8: unable to read RDB block 7
[  579.875832][T27002]  loop8: unable to read partition table
[  579.885330][T27002] loop8: partition table beyond EOD, truncated
[  579.892297][T27002] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  580.818578][ T3560] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  580.899556][ T3560] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  580.926979][T27048] syz.4.3520: attempt to access beyond end of device
[  580.926979][T27048] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  580.944810][ T3560] bond0 (unregistering): Released all slaves
[  581.194669][T27067] loop8: detected capacity change from 0 to 7
[  581.227131][T27067] Dev loop8: unable to read RDB block 7
[  581.248941][T27067]  loop8: unable to read partition table
[  581.277780][T27067] loop8: partition table beyond EOD, truncated
[  581.314328][T27067] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  581.564918][T27106] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request
[  581.765876][ T5840] Bluetooth: hci0: command tx timeout
[  581.923465][ T3560] hsr_slave_0: left promiscuous mode
[  581.953333][ T3560] hsr_slave_1: left promiscuous mode
[  581.959739][ T3560] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  581.976664][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.012851][ T3560] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  582.040759][ T3560] batman_adv: batadv0: Removing interface: batadv_slave_1
[  582.114747][ T3560] veth1_macvtap: left promiscuous mode
[  582.120393][ T3560] veth0_macvtap: left promiscuous mode
[  582.172628][ T3560] veth1_vlan: left promiscuous mode
[  582.178072][ T3560] veth0_vlan: left promiscuous mode
[  583.007214][T27160] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  583.138392][T27171] loop8: detected capacity change from 0 to 7
[  583.149881][T27171] Dev loop8: unable to read RDB block 7
[  583.149934][T27171]  loop8: unable to read partition table
[  583.150188][T27171] loop8: partition table beyond EOD, truncated
[  583.150223][T27171] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  583.841166][ T5851] Bluetooth: hci0: command tx timeout
[  584.089335][   T30] audit: type=1804 audit(1750420047.954:13): pid=27189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3538" name="/newroot/188/cgroup.controllers" dev="tmpfs" ino=986 res=1 errno=0
[  584.089631][   T30] audit: type=1800 audit(1750420047.954:14): pid=27189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3538" name="cgroup.controllers" dev="tmpfs" ino=986 res=0 errno=0
[  584.798812][ T3560] team0 (unregistering): Port device team_slave_1 removed
[  584.972948][ T3560] team0 (unregistering): Port device team_slave_0 removed
[  585.931168][ T5851] Bluetooth: hci0: command 0x0419 tx timeout
[  586.297780][T27220] dlm: no local IP address has been set
[  586.303901][T27220] dlm: cannot start dlm midcomms -107
[  586.988571][T27234] input: syz0 as /devices/virtual/input/input119
[  587.712128][T26783] chnl_net:caif_netlink_parms(): no params data found
[  588.001109][ T5851] Bluetooth: hci0: command 0x0419 tx timeout
[  588.160708][T27392] binder: 27351:27392 unknown command 0
[  588.193108][T26783] bridge0: port 1(bridge_slave_0) entered blocking state
[  588.198277][T26783] bridge0: port 1(bridge_slave_0) entered disabled state
[  588.198496][T26783] bridge_slave_0: entered allmulticast mode
[  588.200542][T26783] bridge_slave_0: entered promiscuous mode
[  588.225403][T26783] bridge0: port 2(bridge_slave_1) entered blocking state
[  588.225536][T26783] bridge0: port 2(bridge_slave_1) entered disabled state
[  588.225714][T26783] bridge_slave_1: entered allmulticast mode
[  588.227809][T26783] bridge_slave_1: entered promiscuous mode
[  588.249419][T27392] binder: 27351:27392 ioctl c0306201 200000000540 returned -22
[  588.500869][T26783] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  588.535334][T26783] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  588.737428][T26783] team0: Port device team_slave_0 added
[  588.759359][T26783] team0: Port device team_slave_1 added
[  588.787807][T27450] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  588.887050][T26783] batman_adv: batadv0: Adding interface: batadv_slave_0
[  588.895359][T26783] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.923577][T26783] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  588.948464][T26783] batman_adv: batadv0: Adding interface: batadv_slave_1
[  588.968978][T26783] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  588.995267][    C1] vkms_vblank_simulate: vblank timer overrun
[  589.038782][T26783] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  589.216444][T27515] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  589.369625][T26783] hsr_slave_0: entered promiscuous mode
[  589.384436][T26783] hsr_slave_1: entered promiscuous mode
[  589.385225][T26783] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  589.385248][T26783] Cannot create hsr debugfs directory
[  589.707807][T27589] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  591.013691][T26783] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  591.032636][T26783] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  591.062171][T26783] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  591.072744][T26783] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  591.289422][T26783] 8021q: adding VLAN 0 to HW filter on device bond0
[  591.335669][T26783] 8021q: adding VLAN 0 to HW filter on device team0
[  591.346113][ T3560] bridge0: port 1(bridge_slave_0) entered blocking state
[  591.346217][ T3560] bridge0: port 1(bridge_slave_0) entered forwarding state
[  591.363066][ T3560] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.363184][ T3560] bridge0: port 2(bridge_slave_1) entered forwarding state
[  591.489067][T26783] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  591.489093][T26783] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  591.539576][T27710] input: syz0 as /devices/virtual/input/input122
[  591.990492][T26783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  592.125898][T27732] misc userio: Begin command sent, but we're already running
[  592.130382][T26783] veth0_vlan: entered promiscuous mode
[  592.154598][T26783] veth1_vlan: entered promiscuous mode
[  592.280135][T26783] veth0_macvtap: entered promiscuous mode
[  592.294005][T26783] veth1_macvtap: entered promiscuous mode
[  592.318577][T26783] batman_adv: batadv0: Interface activated: batadv_slave_0
[  592.331025][T21665] psmouse serio8: Failed to reset mouse on : -5
[  592.335271][T26783] batman_adv: batadv0: Interface activated: batadv_slave_1
[  592.347034][T26783] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  592.347100][T26783] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  592.347127][T26783] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  592.347153][T26783] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  592.502121][T18420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.502147][T18420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.603047][T18417] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  592.603074][T18417] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  593.283734][T27700] tty tty4: ldisc open failed (-12), clearing slot 3
[  593.311700][T27730] tty tty2: ldisc open failed (-12), clearing slot 1
[  593.331677][T27733] tty tty2: ldisc open failed (-12), clearing slot 1
[  593.690753][T27789] loop8: detected capacity change from 0 to 7
[  593.742322][T27789] Dev loop8: unable to read RDB block 7
[  593.748018][T27789]  loop8: unable to read partition table
[  593.782008][T27789] loop8: partition table beyond EOD, truncated
[  593.788358][T27789] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  594.086985][T27805] input: syz1 as /devices/virtual/input/input125
[  594.722845][T27842] syz.1.3591: attempt to access beyond end of device
[  594.722845][T27842] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  594.886612][T27834] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  594.918111][T27853] loop8: detected capacity change from 0 to 7
[  594.935174][T27853] Dev loop8: unable to read RDB block 7
[  594.949784][T27853]  loop8: unable to read partition table
[  594.961976][T27853] loop8: partition table beyond EOD, truncated
[  594.991025][T27853] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  595.856281][T27883] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  596.123056][T21665] misc userio: Buffer overflowed, userio client isn't keeping up
[  596.188246][T27894] loop8: detected capacity change from 0 to 7
[  596.197679][T27894] Dev loop8: unable to read RDB block 7
[  596.208502][T27894]  loop8: unable to read partition table
[  596.223826][T27894] loop8: partition table beyond EOD, truncated
[  596.237145][T27894] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  596.378731][T27910] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.115786][T27943] loop8: detected capacity change from 0 to 7
[  597.133956][T27943] Dev loop8: unable to read RDB block 7
[  597.139708][T27943]  loop8: unable to read partition table
[  597.148474][T27943] loop8: partition table beyond EOD, truncated
[  597.156399][T27943] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  597.232178][T21665] input: PS/2 Generic Mouse as /devices/serio8/input/input123
[  597.282838][T27950] usb usb1: check_ctrlrecip: process 27950 (syz.3.3614) requesting ep 01 but needs 81
[  597.301028][T27950] usb usb1: usbfs: process 27950 (syz.3.3614) did not claim interface 0 before use
[  597.415566][T27965] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  597.508407][T21665] psmouse serio8: Failed to enable mouse on 
[  597.820005][T27998] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  598.105527][T28016] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  598.119410][T28021] binder: 28017:28021 ioctl 40489426 0 returned -22
[  598.728691][T28028] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  598.749372][T28028] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  599.042566][T28028] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  599.060697][T28028] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  599.103110][T28070] syz.4.3635: attempt to access beyond end of device
[  599.103110][T28070] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[  600.210716][T28121] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  600.470847][T28142] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  602.047447][T28225] dlm: plock device version mismatch: kernel (1.2.0), user (3.0.2)
[  602.600625][T28251] binder: 28248:28251 ioctl 40046205 0 returned -22
[  603.585915][T28303] blktrace: Concurrent blktraces are not allowed on loop8
[  604.590283][T28375] binder: 28374:28375 ioctl c00c620f 200000000180 returned -22
[  604.637970][T28375] can0: slcan on ptm0.
[  604.751779][T28374] can0 (unregistered): slcan off ptm0.
[  604.774527][   T30] audit: type=1804 audit(1750420068.644:15): pid=28385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3711" name="/newroot/36/cgroup.controllers" dev="tmpfs" ino=204 res=1 errno=0
[  604.797000][    C1] vkms_vblank_simulate: vblank timer overrun
[  604.876472][   T30] audit: type=1800 audit(1750420068.644:16): pid=28385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3711" name="cgroup.controllers" dev="tmpfs" ino=204 res=0 errno=0
[  604.898440][    C1] vkms_vblank_simulate: vblank timer overrun
[  605.083153][T28401] pim6reg0: tun_chr_ioctl cmd 1074025677
[  605.089077][T28401] pim6reg0: linktype set to 769
[  605.132058][T28406] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  605.494655][T28435] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  605.544903][T28435] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  606.046096][T28481] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  606.443008][T28514] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  607.137827][T28600] program syz.4.3729 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  607.767823][T28652] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  609.134757][T28731] cgroup: fork rejected by pids controller in /syz4
[  609.145481][T28731] autofs4:pid:28731:validate_dev_ioctl: path string terminator missing for cmd(0xc0189371)
[  609.879747][T18420] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.106104][T18420] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.293370][T18420] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.448399][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  610.457682][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  610.463476][T18420] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  610.475717][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  610.487475][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  610.501187][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  610.574246][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  610.578557][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  610.582720][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  610.592043][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  610.613171][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  610.792795][T28823] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  610.800244][T28829] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  611.160151][T18420] bridge_slave_1: left allmulticast mode
[  611.160181][T18420] bridge_slave_1: left promiscuous mode
[  611.160399][T18420] bridge0: port 2(bridge_slave_1) entered disabled state
[  611.188914][T28879] loop8: detected capacity change from 0 to 7
[  611.197874][T26824] Dev loop8: unable to read RDB block 7
[  611.197924][T26824]  loop8: unable to read partition table
[  611.198197][T26824] loop8: partition table beyond EOD, truncated
[  611.205908][T18420] bridge_slave_0: left allmulticast mode
[  611.205938][T18420] bridge_slave_0: left promiscuous mode
[  611.206208][T18420] bridge0: port 1(bridge_slave_0) entered disabled state
[  611.210689][T28879] Dev loop8: unable to read RDB block 7
[  611.210755][T28879]  loop8: unable to read partition table
[  611.211342][T28879] loop8: partition table beyond EOD, truncated
[  611.211378][T28879] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  612.193676][T28904] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[  612.652905][ T5851] Bluetooth: hci3: command tx timeout
[  613.742376][T18420] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  613.797415][T18420] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  613.845562][T18420] bond0 (unregistering): Released all slaves
[  613.884679][T28941] loop8: detected capacity change from 0 to 7
[  613.908890][T28941] Dev loop8: unable to read RDB block 7
[  613.932249][T28941]  loop8: unable to read partition table
[  613.956707][T28941] loop8: partition table beyond EOD, truncated
[  613.979786][T28941] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  614.177542][T28996] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  614.473520][T28792] chnl_net:caif_netlink_parms(): no params data found
[  614.657575][T18420] hsr_slave_0: left promiscuous mode
[  614.706121][T18420] hsr_slave_1: left promiscuous mode
[  614.721053][ T5851] Bluetooth: hci3: command tx timeout
[  614.729625][T18420] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  614.749821][T18420] batman_adv: batadv0: Removing interface: batadv_slave_0
[  614.793222][T18420] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  614.802658][T18420] batman_adv: batadv0: Removing interface: batadv_slave_1
[  614.911039][T18420] veth1_macvtap: left promiscuous mode
[  614.916657][T18420] veth0_macvtap: left promiscuous mode
[  614.939932][T18420] veth1_vlan: left promiscuous mode
[  614.952178][T18420] veth0_vlan: left promiscuous mode
[  615.554267][T29102] usb usb8: usbfs: process 29102 (syz.2.3793) did not claim interface 0 before use
[  615.795636][T29108] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  616.296380][T29140] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  616.801032][ T5851] Bluetooth: hci3: command tx timeout
[  617.420276][T18420] team0 (unregistering): Port device team_slave_1 removed
[  617.421178][T29189] vivid-000: =================  START STATUS  =================
[  617.441071][T29189] vivid-000: Generate PTS: true
[  617.454293][T29189] vivid-000: Generate SCR: true
[  617.459186][T29189] tpg source WxH: 720x576 (Y'CbCr)
[  617.464449][T29189] tpg field: 4
[  617.467834][T29189] tpg crop: (0,0)/720x576
[  617.472511][T29189] tpg compose: (0,0)/720x576
[  617.477128][T29189] tpg colorspace: 8
[  617.481053][T29189] tpg transfer function: 0/2
[  617.485757][T29189] tpg Y'CbCr encoding: 1/1
[  617.490193][T29189] tpg quantization: 2/2
[  617.494925][T29189] tpg RGB range: 0/2
[  617.498988][T29189] vivid-000: ==================  END STATUS  ==================
[  617.705392][T18420] team0 (unregistering): Port device team_slave_0 removed
[  617.712793][T29198] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  617.805265][T29208] random: crng reseeded on system resumption
[  617.957501][T29214] loop8: detected capacity change from 0 to 7
[  617.966103][T26824] Dev loop8: unable to read RDB block 7
[  617.972403][T26824]  loop8: unable to read partition table
[  617.978476][T26824] loop8: partition table beyond EOD, truncated
[  617.991162][T29214] Dev loop8: unable to read RDB block 7
[  617.996887][T29214]  loop8: unable to read partition table
[  618.006532][T29214] loop8: partition table beyond EOD, truncated
[  618.015154][T29214] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  618.230374][T29228] loop8: detected capacity change from 0 to 7
[  618.242240][T29228] Dev loop8: unable to read RDB block 7
[  618.248252][T29228]  loop8: unable to read partition table
[  618.254464][T29228] loop8: partition table beyond EOD, truncated
[  618.260849][T29228] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  618.882555][ T5851] Bluetooth: hci3: command tx timeout
[  619.295872][T29263] input: syz1 as /devices/virtual/input/input128
[  619.527573][T29271] loop8: detected capacity change from 0 to 7
[  619.537294][T29271] Dev loop8: unable to read RDB block 7
[  619.545286][T29271]  loop8: unable to read partition table
[  619.552888][T29271] loop8: partition table beyond EOD, truncated
[  619.559126][T29271] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  619.779418][T29279] loop8: detected capacity change from 0 to 7
[  619.787907][T26824] Dev loop8: unable to read RDB block 7
[  619.793629][T26824]  loop8: unable to read partition table
[  619.799549][T26824] loop8: partition table beyond EOD, truncated
[  619.815577][T29279] Dev loop8: unable to read RDB block 7
[  619.821639][T29279]  loop8: unable to read partition table
[  619.827642][T29279] loop8: partition table beyond EOD, truncated
[  619.834733][T29279] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  619.911452][T29284] sg_write: data in/out 989/10 bytes for SCSI command 0x3a-- guessing data in;
[  619.911452][T29284]    program syz.3.3830 not setting count and/or reply_len properly
[  620.518109][T28792] bridge0: port 1(bridge_slave_0) entered blocking state
[  620.532203][T28792] bridge0: port 1(bridge_slave_0) entered disabled state
[  620.539517][T28792] bridge_slave_0: entered allmulticast mode
[  620.553888][T28792] bridge_slave_0: entered promiscuous mode
[  620.577218][T28792] bridge0: port 2(bridge_slave_1) entered blocking state
[  620.584753][T28792] bridge0: port 2(bridge_slave_1) entered disabled state
[  620.592406][T28792] bridge_slave_1: entered allmulticast mode
[  620.601117][T28792] bridge_slave_1: entered promiscuous mode
[  620.825919][T28792] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  620.836055][T29395] loop8: detected capacity change from 0 to 7
[  620.850139][T26824] Dev loop8: unable to read RDB block 7
[  620.871360][T26824]  loop8: unable to read partition table
[  620.892090][T26824] loop8: partition table beyond EOD, truncated
[  620.908384][T29395] Dev loop8: unable to read RDB block 7
[  620.909815][T28792] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  620.928937][T29395]  loop8: unable to read partition table
[  620.949438][T29395] loop8: partition table beyond EOD, truncated
[  620.970152][T29395] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  621.119716][T28792] team0: Port device team_slave_0 added
[  621.161053][T28792] team0: Port device team_slave_1 added
[  621.256899][T29444] loop8: detected capacity change from 0 to 7
[  621.275662][T29444] Dev loop8: unable to read RDB block 7
[  621.282009][T29444]  loop8: unable to read partition table
[  621.310411][T29444] loop8: partition table beyond EOD, truncated
[  621.336243][T29444] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  621.463290][T28792] batman_adv: batadv0: Adding interface: batadv_slave_0
[  621.490940][T28792] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.575913][T28792] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  621.631739][T28792] batman_adv: batadv0: Adding interface: batadv_slave_1
[  621.640434][T28792] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  621.731029][T28792] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  621.940311][T28792] hsr_slave_0: entered promiscuous mode
[  621.962638][T28792] hsr_slave_1: entered promiscuous mode
[  621.970610][T28792] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  622.004344][T28792] Cannot create hsr debugfs directory
[  622.152828][T29540] loop8: detected capacity change from 0 to 7
[  622.167315][T26824] Dev loop8: unable to read RDB block 7
[  622.188228][T26824]  loop8: unable to read partition table
[  622.201893][T26824] loop8: partition table beyond EOD, truncated
[  622.216151][T29540] Dev loop8: unable to read RDB block 7
[  622.232113][T29540]  loop8: unable to read partition table
[  622.263400][T29540] loop8: partition table beyond EOD, truncated
[  622.282068][T29540] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  622.587764][T29603] loop8: detected capacity change from 0 to 7
[  622.604828][T29603] Dev loop8: unable to read RDB block 7
[  622.620737][T29603]  loop8: unable to read partition table
[  622.637186][T29603] loop8: partition table beyond EOD, truncated
[  622.648765][T29603] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  622.898966][T29628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.295023][T29667] usb usb8: usbfs: process 29667 (syz.3.3856) did not claim interface 0 before use
[  623.760156][T29688] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  623.827279][T29702] loop8: detected capacity change from 0 to 7
[  623.862662][T26824] Dev loop8: unable to read RDB block 7
[  623.869599][T26824]  loop8: unable to read partition table
[  623.883753][T26824] loop8: partition table beyond EOD, truncated
[  623.905839][T29702] Dev loop8: unable to read RDB block 7
[  623.923867][T29702]  loop8: unable to read partition table
[  623.971337][T29702] loop8: partition table beyond EOD, truncated
[  623.993490][T29702] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  624.182902][T28792] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  624.208151][T28792] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  624.237109][T28792] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  624.253520][T28792] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  624.322318][T29729] program syz.3.3862 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  624.345250][T29729] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  624.547081][T28792] 8021q: adding VLAN 0 to HW filter on device bond0
[  624.571138][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  624.577542][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  624.619843][T28792] 8021q: adding VLAN 0 to HW filter on device team0
[  624.630809][T29749] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  624.687685][ T3560] bridge0: port 1(bridge_slave_0) entered blocking state
[  624.695075][ T3560] bridge0: port 1(bridge_slave_0) entered forwarding state
[  624.738634][ T1058] bridge0: port 2(bridge_slave_1) entered blocking state
[  624.746053][ T1058] bridge0: port 2(bridge_slave_1) entered forwarding state
[  625.164364][T29776] input: syz1 as /devices/virtual/input/input129
[  625.515928][T28792] 8021q: adding VLAN 0 to HW filter on device batadv0
[  626.248615][T28792] veth0_vlan: entered promiscuous mode
[  626.314000][T28792] veth1_vlan: entered promiscuous mode
[  626.475093][T28792] veth0_macvtap: entered promiscuous mode
[  626.540588][T28792] veth1_macvtap: entered promiscuous mode
[  626.614329][T28792] batman_adv: batadv0: Interface activated: batadv_slave_0
[  626.640344][T28792] batman_adv: batadv0: Interface activated: batadv_slave_1
[  626.678120][T29854] loop8: detected capacity change from 0 to 7
[  626.699402][T28792] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  626.708383][T29854] Dev loop8: unable to read RDB block 7
[  626.730434][T29854]  loop8: unable to read partition table
[  626.741050][T28792] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  626.749832][T28792] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  626.750619][T29854] loop8: partition table beyond EOD, truncated
[  626.783963][T29854] loop_reread_partitions: partition scan of loop8 (ÿÿÿÿ) failed (rc=-5)
[  626.786098][T28792] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  627.086071][ T1058] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  627.122201][ T1058] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  627.198495][T14935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  627.231163][T14935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  627.401100][T29889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  628.171353][T29931] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  628.228741][T29944] Attempt to restore checkpoint with obsolete wellknown handles
[  628.532257][T29964] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  628.561011][T29969] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  629.423606][T30010] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  629.722502][T30024] loop6: detected capacity change from 0 to 524287999
[  629.787653][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.797589][    C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.827585][    C1] I/O error, dev loop6, sector 1018 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  629.837648][    C1] I/O error, dev loop6, sector 1018 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  629.847770][    C1] I/O error, dev loop6, sector 2042 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.857883][    C1] I/O error, dev loop6, sector 2042 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.867966][    C1] I/O error, dev loop6, sector 3066 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  629.878058][    C1] I/O error, dev loop6, sector 3066 op 0x1:(WRITE) flags 0x8800 phys_seg 128 prio class 0
[  629.890470][    C1] I/O error, dev loop6, sector 4090 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.900597][    C1] I/O error, dev loop6, sector 4090 op 0x1:(WRITE) flags 0xc800 phys_seg 128 prio class 0
[  629.903616][T30030] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  630.042982][T30036] block nbd1: NBD_DISCONNECT
[  631.049142][T30095] sp0: Synchronizing with TNC
[  631.085426][T14935] 
[  631.087780][T14935] =====================================================
[  631.094708][T14935] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  631.102150][T14935] 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 Not tainted
[  631.109505][T14935] -----------------------------------------------------
[  631.116434][T14935] kworker/u8:3/14935 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  631.124312][T14935] ffffffff8ef04d78 (disc_data_lock){.+.+}-{3:3}, at: sixpack_write_wakeup+0x30/0x480
[  631.133876][T14935] 
[  631.133876][T14935] and this task is already holding:
[  631.141314][T14935] ffffffff99ffe398 (&port_lock_key){-.-.}-{3:3}, at: uart_port_ref_lock+0xc4/0x3b0
[  631.150625][T14935] which would create a new lock dependency:
[  631.156632][T14935]  (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock){.+.+}-{3:3}
[  631.164313][T14935] 
[  631.164313][T14935] but this new dependency connects a HARDIRQ-irq-safe lock:
[  631.173860][T14935]  (&port_lock_key){-.-.}-{3:3}
[  631.173882][T14935] 
[  631.173882][T14935] ... which became HARDIRQ-irq-safe at:
[  631.186434][T14935]   lock_acquire+0x120/0x360
[  631.191029][T14935]   _raw_spin_lock_irqsave+0xa7/0xf0
[  631.196328][T14935]   serial8250_handle_irq+0x6b/0xbb0
[  631.201616][T14935]   serial8250_default_handle_irq+0xbf/0x1b0
[  631.207585][T14935]   serial8250_interrupt+0xa5/0x1d0
[  631.212791][T14935]   __handle_irq_event_percpu+0x28c/0x980
[  631.218535][T14935]   handle_irq_event+0x8b/0x1e0
[  631.223374][T14935]   handle_edge_irq+0x267/0x9c0
[  631.228213][T14935]   __common_interrupt+0x143/0x250
[  631.233349][T14935]   common_interrupt+0xb6/0xe0
[  631.238125][T14935]   asm_common_interrupt+0x26/0x40
[  631.243226][T14935]   pv_native_safe_halt+0x13/0x20
[  631.248252][T14935]   default_idle+0x13/0x20
[  631.252656][T14935]   default_idle_call+0x74/0xb0
[  631.257497][T14935]   do_idle+0x1e8/0x510
[  631.261654][T14935]   cpu_startup_entry+0x44/0x60
[  631.266494][T14935]   rest_init+0x2de/0x300
[  631.270811][T14935]   start_kernel+0x47d/0x500
[  631.275407][T14935]   x86_64_start_reservations+0x24/0x30
[  631.281120][T14935]   x86_64_start_kernel+0x143/0x1c0
[  631.286338][T14935]   common_startup_64+0x13e/0x147
[  631.291377][T14935] 
[  631.291377][T14935] to a HARDIRQ-irq-unsafe lock:
[  631.298402][T14935]  (disc_data_lock){.+.+}-{3:3}
[  631.298426][T14935] 
[  631.298426][T14935] ... which became HARDIRQ-irq-unsafe at:
[  631.311334][T14935] ...
[  631.311345][T14935]   lock_acquire+0x120/0x360
[  631.318611][T14935]   _raw_read_lock+0x36/0x50
[  631.323206][T14935]   sixpack_receive_buf+0x5c/0x1450
[  631.328403][T14935]   tty_ldisc_receive_buf+0x116/0x160
[  631.333773][T14935]   tty_port_default_receive_buf+0x6e/0xa0
[  631.339667][T14935]   flush_to_ldisc+0x24a/0x720
[  631.344526][T14935]   process_scheduled_works+0xae1/0x17b0
[  631.350351][T14935]   worker_thread+0x8a0/0xda0
[  631.355016][T14935]   kthread+0x70e/0x8a0
[  631.359599][T14935]   ret_from_fork+0x3f9/0x770
[  631.364265][T14935]   ret_from_fork_asm+0x1a/0x30
[  631.369108][T14935] 
[  631.369108][T14935] other info that might help us debug this:
[  631.369108][T14935] 
[  631.379344][T14935]  Possible interrupt unsafe locking scenario:
[  631.379344][T14935] 
[  631.387650][T14935]        CPU0                    CPU1
[  631.393008][T14935]        ----                    ----
[  631.398535][T14935]   lock(disc_data_lock);
[  631.402875][T14935]                                local_irq_disable();
[  631.409627][T14935]                                lock(&port_lock_key);
[  631.416481][T14935]                                lock(disc_data_lock);
[  631.423681][T14935]   <Interrupt>
[  631.427125][T14935]     lock(&port_lock_key);
[  631.431644][T14935] 
[  631.431644][T14935]  *** DEADLOCK ***
[  631.431644][T14935] 
[  631.439865][T14935] 6 locks held by kworker/u8:3/14935:
[  631.445336][T14935]  #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  631.456982][T14935]  #1: ffffc90010ff7bc0 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  631.468640][T14935]  #2: ffff888025178ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x38/0x720
[  631.477679][T14935]  #3: ffff88805aff60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90
[  631.486979][T14935]  #4: ffffffff99ffe398 (&port_lock_key){-.-.}-{3:3}, at: uart_port_ref_lock+0xc4/0x3b0
[  631.496725][T14935]  #5: ffff88805aff60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90
[  631.506023][T14935] 
[  631.506023][T14935] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  631.516426][T14935] -> (&port_lock_key){-.-.}-{3:3} {
[  631.522069][T14935]    IN-HARDIRQ-W at:
[  631.526062][T14935]                     lock_acquire+0x120/0x360
[  631.532205][T14935]                     _raw_spin_lock_irqsave+0xa7/0xf0
[  631.539053][T14935]                     serial8250_handle_irq+0x6b/0xbb0
[  631.545891][T14935]                     serial8250_default_handle_irq+0xbf/0x1b0
[  631.553552][T14935]                     serial8250_interrupt+0xa5/0x1d0
[  631.560355][T14935]                     __handle_irq_event_percpu+0x28c/0x980
[  631.567727][T14935]                     handle_irq_event+0x8b/0x1e0
[  631.574212][T14935]                     handle_edge_irq+0x267/0x9c0
[  631.580625][T14935]                     __common_interrupt+0x143/0x250
[  631.587476][T14935]                     common_interrupt+0xb6/0xe0
[  631.593817][T14935]                     asm_common_interrupt+0x26/0x40
[  631.600479][T14935]                     pv_native_safe_halt+0x13/0x20
[  631.607062][T14935]                     default_idle+0x13/0x20
[  631.613032][T14935]                     default_idle_call+0x74/0xb0
[  631.619533][T14935]                     do_idle+0x1e8/0x510
[  631.625350][T14935]                     cpu_startup_entry+0x44/0x60
[  631.631753][T14935]                     rest_init+0x2de/0x300
[  631.637639][T14935]                     start_kernel+0x47d/0x500
[  631.643798][T14935]                     x86_64_start_reservations+0x24/0x30
[  631.650990][T14935]                     x86_64_start_kernel+0x143/0x1c0
[  631.657747][T14935]                     common_startup_64+0x13e/0x147
[  631.664342][T14935]    IN-SOFTIRQ-W at:
[  631.668319][T14935]                     lock_acquire+0x120/0x360
[  631.674559][T14935]                     _raw_spin_lock_irqsave+0xa7/0xf0
[  631.681410][T14935]                     serial8250_handle_irq+0x6b/0xbb0
[  631.688274][T14935]                     serial8250_default_handle_irq+0xbf/0x1b0
[  631.695828][T14935]                     serial8250_interrupt+0xa5/0x1d0
[  631.702587][T14935]                     __handle_irq_event_percpu+0x28c/0x980
[  631.709881][T14935]                     handle_irq_event+0x8b/0x1e0
[  631.716287][T14935]                     handle_edge_irq+0x267/0x9c0
[  631.722692][T14935]                     __common_interrupt+0x143/0x250
[  631.729448][T14935]                     common_interrupt+0x5e/0xe0
[  631.735766][T14935]                     asm_common_interrupt+0x26/0x40
[  631.742616][T14935]                     unwind_next_frame+0xbbc/0x2390
[  631.749280][T14935]                     arch_stack_walk+0x11c/0x150
[  631.755854][T14935]                     stack_trace_save+0x9c/0xe0
[  631.762335][T14935]                     kasan_save_track+0x3e/0x80
[  631.768787][T14935]                     kasan_save_free_info+0x46/0x50
[  631.775471][T14935]                     __kasan_slab_free+0x62/0x70
[  631.781895][T14935]                     kmem_cache_free+0x18f/0x400
[  631.788322][T14935]                     rcu_core+0xca5/0x1710
[  631.794215][T14935]                     handle_softirqs+0x286/0x870
[  631.800648][T14935]                     __irq_exit_rcu+0xca/0x1f0
[  631.806914][T14935]                     irq_exit_rcu+0x9/0x30
[  631.812825][T14935]                     sysvec_apic_timer_interrupt+0xa6/0xc0
[  631.820152][T14935]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  631.827770][T14935]                     rcu_is_watching+0x5e/0xb0
[  631.834001][T14935]                     unwind_next_frame+0xd4/0x2390
[  631.840579][T14935]                     arch_stack_walk+0x11c/0x150
[  631.847086][T14935]                     stack_trace_save+0x9c/0xe0
[  631.853403][T14935]                     kasan_save_track+0x3e/0x80
[  631.859722][T14935]                     __kasan_kmalloc+0x93/0xb0
[  631.865952][T14935]                     __kmalloc_noprof+0x27a/0x4f0
[  631.872445][T14935]                     tomoyo_get_name+0x20c/0x590
[  631.878850][T14935]                     tomoyo_parse_name_union+0xd9/0x130
[  631.885885][T14935]                     tomoyo_update_mount_acl+0x9c/0x280
[  631.892998][T14935]                     tomoyo_write_file+0xa32/0xbb0
[  631.899593][T14935]                     tomoyo_supervisor+0x116a/0x1480
[  631.906458][T14935]                     tomoyo_mount_permission+0x5f0/0x970
[  631.913658][T14935]                     security_sb_mount+0xec/0x350
[  631.920152][T14935]                     path_mount+0xbc/0xfe0
[  631.926225][T14935]                     __se_sys_mount+0x317/0x410
[  631.932575][T14935]                     do_syscall_64+0xfa/0x3b0
[  631.939017][T14935]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  631.946583][T14935]    INITIAL USE at:
[  631.950571][T14935]                    lock_acquire+0x120/0x360
[  631.956630][T14935]                    _raw_spin_lock_irqsave+0xa7/0xf0
[  631.963384][T14935]                    serial8250_do_set_termios+0x4bb/0x1c20
[  631.970667][T14935]                    uart_set_options+0x3c2/0x5b0
[  631.977075][T14935]                    serial8250_console_setup+0x2f4/0x3c0
[  631.984173][T14935]                    univ8250_console_setup+0x43a/0x540
[  631.991108][T14935]                    try_enable_preferred_console+0x4e4/0x650
[  631.998560][T14935]                    register_console+0x551/0xf90
[  632.004990][T14935]                    univ8250_console_init+0x52/0x90
[  632.011697][T14935]                    console_init+0x1a1/0x670
[  632.017786][T14935]                    start_kernel+0x2cc/0x500
[  632.023871][T14935]                    x86_64_start_reservations+0x24/0x30
[  632.030994][T14935]                    x86_64_start_kernel+0x143/0x1c0
[  632.037687][T14935]                    common_startup_64+0x13e/0x147
[  632.044208][T14935]  }
[  632.046729][T14935]  ... key      at: [<ffffffff99ffd760>] port_lock_key+0x0/0x20
[  632.054380][T14935] 
[  632.054380][T14935] the dependencies between the lock to be acquired
[  632.054388][T14935]  and HARDIRQ-irq-unsafe lock:
[  632.068072][T14935] -> (disc_data_lock){.+.+}-{3:3} {
[  632.073363][T14935]    HARDIRQ-ON-R at:
[  632.077440][T14935]                     lock_acquire+0x120/0x360
[  632.083773][T14935]                     _raw_read_lock+0x36/0x50
[  632.089934][T14935]                     sixpack_receive_buf+0x5c/0x1450
[  632.096687][T14935]                     tty_ldisc_receive_buf+0x116/0x160
[  632.103610][T14935]                     tty_port_default_receive_buf+0x6e/0xa0
[  632.110973][T14935]                     flush_to_ldisc+0x24a/0x720
[  632.117901][T14935]                     process_scheduled_works+0xae1/0x17b0
[  632.125128][T14935]                     worker_thread+0x8a0/0xda0
[  632.131565][T14935]                     kthread+0x70e/0x8a0
[  632.137314][T14935]                     ret_from_fork+0x3f9/0x770
[  632.143553][T14935]                     ret_from_fork_asm+0x1a/0x30
[  632.149964][T14935]    SOFTIRQ-ON-R at:
[  632.153939][T14935]                     lock_acquire+0x120/0x360
[  632.160089][T14935]                     _raw_read_lock+0x36/0x50
[  632.166383][T14935]                     sixpack_receive_buf+0x5c/0x1450
[  632.173245][T14935]                     tty_ldisc_receive_buf+0x116/0x160
[  632.180187][T14935]                     tty_port_default_receive_buf+0x6e/0xa0
[  632.187553][T14935]                     flush_to_ldisc+0x24a/0x720
[  632.193889][T14935]                     process_scheduled_works+0xae1/0x17b0
[  632.201115][T14935]                     worker_thread+0x8a0/0xda0
[  632.207378][T14935]                     kthread+0x70e/0x8a0
[  632.213115][T14935]                     ret_from_fork+0x3f9/0x770
[  632.219356][T14935]                     ret_from_fork_asm+0x1a/0x30
[  632.225851][T14935]    INITIAL USE at:
[  632.229737][T14935]                    lock_acquire+0x120/0x360
[  632.235795][T14935]                    _raw_write_lock_irq+0xa2/0xf0
[  632.242348][T14935]                    sixpack_close+0x2c/0x280
[  632.248450][T14935]                    tty_ldisc_kill+0xa3/0x1a0
[  632.254615][T14935]                    tty_ldisc_release+0x174/0x200
[  632.261129][T14935]                    tty_release_struct+0x2a/0xd0
[  632.267649][T14935]                    tty_release+0xcb0/0x1640
[  632.274327][T14935]                    __fput+0x44c/0xa70
[  632.279880][T14935]                    task_work_run+0x1d1/0x260
[  632.286059][T14935]                    do_exit+0x6ad/0x22e0
[  632.291772][T14935]                    do_group_exit+0x21c/0x2d0
[  632.297938][T14935]                    get_signal+0x1286/0x1340
[  632.304011][T14935]                    arch_do_signal_or_restart+0x9a/0x750
[  632.311141][T14935]                    exit_to_user_mode_loop+0x75/0x110
[  632.318088][T14935]                    do_syscall_64+0x2bd/0x3b0
[  632.324233][T14935]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  632.331791][T14935]    INITIAL READ USE at:
[  632.336130][T14935]                         lock_acquire+0x120/0x360
[  632.342619][T14935]                         _raw_read_lock+0x36/0x50
[  632.349115][T14935]                         sixpack_receive_buf+0x5c/0x1450
[  632.356214][T14935]                         tty_ldisc_receive_buf+0x116/0x160
[  632.363487][T14935]                         tty_port_default_receive_buf+0x6e/0xa0
[  632.371197][T14935]                         flush_to_ldisc+0x24a/0x720
[  632.377897][T14935]                         process_scheduled_works+0xae1/0x17b0
[  632.385430][T14935]                         worker_thread+0x8a0/0xda0
[  632.392006][T14935]                         kthread+0x70e/0x8a0
[  632.398064][T14935]                         ret_from_fork+0x3f9/0x770
[  632.404666][T14935]                         ret_from_fork_asm+0x1a/0x30
[  632.411698][T14935]  }
[  632.414212][T14935]  ... key      at: [<ffffffff8ef04d78>] disc_data_lock+0x18/0x100
[  632.422207][T14935]  ... acquired at:
[  632.426019][T14935]    lock_acquire+0x120/0x360
[  632.430778][T14935]    _raw_read_lock+0x36/0x50
[  632.435469][T14935]    sixpack_write_wakeup+0x30/0x480
[  632.440815][T14935]    tty_wakeup+0xbb/0x100
[  632.445342][T14935]    tty_port_default_wakeup+0xa2/0xf0
[  632.450835][T14935]    serial8250_tx_chars+0x72e/0x970
[  632.456310][T14935]    __start_tx+0x33b/0x480
[  632.460810][T14935]    __uart_start+0x23c/0x440
[  632.465477][T14935]    uart_write+0xdc/0x130
[  632.469882][T14935]    sixpack_receive_buf+0x447/0x1450
[  632.475247][T14935]    tty_ldisc_receive_buf+0x116/0x160
[  632.480703][T14935]    tty_port_default_receive_buf+0x6e/0xa0
[  632.486585][T14935]    flush_to_ldisc+0x24a/0x720
[  632.491444][T14935]    process_scheduled_works+0xae1/0x17b0
[  632.497181][T14935]    worker_thread+0x8a0/0xda0
[  632.501946][T14935]    kthread+0x70e/0x8a0
[  632.506181][T14935]    ret_from_fork+0x3f9/0x770
[  632.510936][T14935]    ret_from_fork_asm+0x1a/0x30
[  632.515867][T14935] 
[  632.518184][T14935] 
[  632.518184][T14935] stack backtrace:
[  632.524113][T14935] CPU: 1 UID: 0 PID: 14935 Comm: kworker/u8:3 Not tainted 6.16.0-rc2-syzkaller-00231-g75f5f23f8787 #0 PREEMPT(full) 
[  632.524128][T14935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  632.524138][T14935] Workqueue: events_unbound flush_to_ldisc
[  632.524154][T14935] Call Trace:
[  632.524161][T14935]  <TASK>
[  632.524167][T14935]  dump_stack_lvl+0x189/0x250
[  632.524181][T14935]  ? __pfx_dump_stack_lvl+0x10/0x10
[  632.524194][T14935]  ? __pfx__printk+0x10/0x10
[  632.524208][T14935]  validate_chain+0x1f05/0x2140
[  632.524226][T14935]  __lock_acquire+0xab9/0xd20
[  632.524238][T14935]  ? sixpack_write_wakeup+0x30/0x480
[  632.524250][T14935]  lock_acquire+0x120/0x360
[  632.524261][T14935]  ? sixpack_write_wakeup+0x30/0x480
[  632.524273][T14935]  ? ldsem_down_read_trylock+0x137/0x1a0
[  632.524287][T14935]  ? tty_ldisc_ref+0x1c/0x90
[  632.524297][T14935]  _raw_read_lock+0x36/0x50
[  632.524320][T14935]  ? sixpack_write_wakeup+0x30/0x480
[  632.524331][T14935]  sixpack_write_wakeup+0x30/0x480
[  632.524344][T14935]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[  632.524355][T14935]  tty_wakeup+0xbb/0x100
[  632.524370][T14935]  tty_port_default_wakeup+0xa2/0xf0
[  632.524383][T14935]  serial8250_tx_chars+0x72e/0x970
[  632.524397][T14935]  __start_tx+0x33b/0x480
[  632.524409][T14935]  __uart_start+0x23c/0x440
[  632.524420][T14935]  uart_write+0xdc/0x130
[  632.524431][T14935]  sixpack_receive_buf+0x447/0x1450
[  632.524447][T14935]  ? __pfx_sixpack_receive_buf+0x10/0x10
[  632.524459][T14935]  tty_ldisc_receive_buf+0x116/0x160
[  632.524471][T14935]  tty_port_default_receive_buf+0x6e/0xa0
[  632.524484][T14935]  flush_to_ldisc+0x24a/0x720
[  632.524497][T14935]  ? process_scheduled_works+0x9ef/0x17b0
[  632.524509][T14935]  process_scheduled_works+0xae1/0x17b0
[  632.524526][T14935]  ? __pfx_process_scheduled_works+0x10/0x10
[  632.524542][T14935]  worker_thread+0x8a0/0xda0
[  632.524554][T14935]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  632.524571][T14935]  ? __kthread_parkme+0x7b/0x200
[  632.524585][T14935]  kthread+0x70e/0x8a0
[  632.524600][T14935]  ? __pfx_worker_thread+0x10/0x10
[  632.524611][T14935]  ? __pfx_kthread+0x10/0x10
[  632.524625][T14935]  ? _raw_spin_unlock_irq+0x23/0x50
[  632.524640][T14935]  ? lockdep_hardirqs_on+0x9c/0x150
[  632.524655][T14935]  ? __pfx_kthread+0x10/0x10
[  632.524669][T14935]  ret_from_fork+0x3f9/0x770
[  632.524680][T14935]  ? __pfx_ret_from_fork+0x10/0x10
[  632.524691][T14935]  ? __switch_to_asm+0x39/0x70
[  632.524705][T14935]  ? __switch_to_asm+0x33/0x70
[  632.524717][T14935]  ? __pfx_kthread+0x10/0x10
[  632.524731][T14935]  ret_from_fork_asm+0x1a/0x30
[  632.524748][T14935]  </TASK>
[  632.524802][    C1] vkms_vblank_simulate: vblank timer overrun
[  632.782928][    C1] vkms_vblank_simulate: vblank timer overrun
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  632.942560][T30111] PM: Image not found (code -22)
[  633.842493][ T1058] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.012919][ T1058] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.173550][ T1058] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.312501][ T1058] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  634.487362][ T1058] bridge_slave_1: left allmulticast mode
[  634.493406][ T1058] bridge_slave_1: left promiscuous mode
[  634.499104][ T1058] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.508494][ T1058] bridge_slave_0: left allmulticast mode
[  634.514579][ T1058] bridge_slave_0: left promiscuous mode
[  634.520225][ T1058] bridge0: port 1(bridge_slave_0) entered disabled state
[  636.154123][ T1058] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  636.202415][ T1058] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  636.272562][ T1058] bond0 (unregistering): Released all slaves
[  636.930462][ T1058] hsr_slave_0: left promiscuous mode
[  636.936678][ T1058] hsr_slave_1: left promiscuous mode
[  636.944616][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  636.953494][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_0
[  636.962713][ T1058] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  636.970161][ T1058] batman_adv: batadv0: Removing interface: batadv_slave_1
[  636.983582][ T1058] veth1_macvtap: left promiscuous mode
[  636.989157][ T1058] veth0_macvtap: left promiscuous mode
[  636.997723][ T1058] veth1_vlan: left promiscuous mode
[  637.004492][ T1058] veth0_vlan: left promiscuous mode
[  638.892327][ T1058] team0 (unregistering): Port device team_slave_1 removed
[  639.102019][ T1058] team0 (unregistering): Port device team_slave_0 removed