last executing test programs: 24m0.761315689s ago: executing program 3 (id=1055): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) dup(0xffffffffffffffff) r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mmap(&(0x7f0000f56000/0x4000)=nil, 0x4000, 0x200000b, 0x200000005c831, r4, 0x0) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x49a000, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000200)={0x7d05576ee1a1b055, 0x1, r3, 0x0, 0x8000000000096, 0x7fffffe}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r3, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r3}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 23m59.661331301s ago: executing program 3 (id=1063): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f00000001c0)={0x0, 0x14, [0x8, 0x9, 0x5, 0x101, 0xfd2a]}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 23m58.767236536s ago: executing program 3 (id=1071): r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x0, 0x16, 0x0, 0x8000, 0xffffffff}}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x43, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x10001, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000380)={0x1, @pix_mp={0x0, 0x0, 0x4f565559}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r3, 0xc100565c, &(0x7f00000001c0)={0xd6, 0x4da, 0x4, {0x3, @pix_mp={0x9, 0x3, 0x3234564e, 0x9, 0xb, [{0x7ff, 0x9}, {0x51}, {0x4, 0x16c4}, {0x8, 0x3}, {0x6, 0x1}, {0x5, 0x8}, {0x5, 0x100}, {0x2, 0xe10}], 0x5, 0x7, 0x2, 0x0, 0x1}}, 0x401}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) r4 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x800000001fe, 0x82) ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522) r5 = dup(r4) ioctl$USBDEVFS_CONTROL(r5, 0xc0185500, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r5, 0xc02064b2, &(0x7f0000000080)={0x0, 0x3, 0x2000}) 23m58.414430491s ago: executing program 3 (id=1074): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r3, 0x660c) 23m57.796516562s ago: executing program 3 (id=1078): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) read$FUSE(r2, &(0x7f0000000140)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_DIRENT(r2, &(0x7f00000025c0)={0x1e0, 0x0, r3, [{0x1400000000000007, 0x0, 0x8, 0x0, '@-/\\&\r\x80-'}, {0x0, 0x0, 0x197, 0x0, '->\x04\x01\x00\xf8/\xa6\xf5K/J\xa5\xaf\xabO MzP\x05\x8f\xb4\r\xc3{\x15U\xc0\a\xde\xd2\x97\xfdE\xdes\xaa\xb9\x02Z$cw#\xa4/\x85f\x83}\xd9\x94\xd0\x06b,Q\xab[\x14{\xe6\x1a\x95\xc6\xae$\n\xc74&I:#\x195o6\x9f3\x94\xd1\x8e.l%\xa4\x9ewC\n\x8e?\x10\x15=\n\x8d.\t\xfe\x86\x95*:M\nD\xbb\x82\xadoX\xbfm\x04L\x9bZ=\xa8\x8f\xe47\xdf@\xe8%~\x83L\x14\xd6\x01A\xbfR\x02#\x0f#!\xfe\x93\x8f\xb0.j\xc6\xe5\x8d \xc8@\xac\\\x85\xa4[\x9b\x1f\xc8X\xce;M\xe6\x1d\x8c\x9d\x9aUt\x1c\x88\xb3gN\xf4\x91\x9c\xb1\xe9\x9f\xa4X\"Q$\xe4\bI\x022\x02(\xde\xc9\xc3\xb7\x8fG\xba\xa4\x81\xfc\x9c\x12\xfc\xb2\x8e\xe0\fhA\xda\xd4\xd2{\x1c\x04\xf9\x82R\x1c\xcd- \x8d\xbaw\x19\x12q\xeaIza4\xdaSQv\xda\xea\x01PO?\x00v\x852\x89.7\x12\x92\xf5\xb8\xcb\x82\xfe\xa0\xae\xd1\x12*5\xae\xb8\xd3\xec\x95SEAy\xa0\xfb\x85\x13\t\xbf`?e`\x14\xfe\x15\x1a\x8al6\xdd\xa1\xd0\x12\xd9\xe9Q0V84\xdc\x8e\x17{c\"\xe1K\xfc\xfc^\xf7vaO\xd6\x90M \x1a\x8c\xd7\xd7\xca8\xe6f1\x0f\xa8\\\x11.\xc7\x866\x8f\a\xe1\x1e(3\xb4i\xcb\x1c\xbf\xad\x9b\x83f\xcf\x8911,\x1bkb\xad\x0f\xb0\xeez\x9b\xd6\x05\x89\"\x9dNXj\xaa}\x98\t\xdf~\x01\xefwu/\xbeK\xc89\xca.\xb2\xd0r\xf9\xaf\xd7\xa4\x06\xa9\x02'}]}, 0x1e0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r5, 0x4010ae68, &(0x7f00000002c0)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x77}]}) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000200)={0xa0, 0xfffffffffffffffe, r3, {{0x5, 0x2, 0x2, 0x6bf, 0x6c0000, 0x1, {0x7, 0x2, 0x100000001, 0x33d, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000001c0), 0x8000, 0x0) read$FUSE(r1, 0x0, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r7, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r7, 0x6f000) ioctl$IOMMU_IOAS_COPY(r6, 0x3b83, &(0x7f0000000500)={0x28, 0x0, 0x0, 0x0, 0x7, 0xffffffff, 0x5}) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r9 = dup(r8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r9, 0x0) ioctl$BLKZEROOUT(r9, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000000)) 23m56.820842541s ago: executing program 3 (id=1086): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x10010, r2, 0x4000) (async) write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000)={'bridge_slave_1', 0x32, 0x7}, 0x11) (async) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 23m41.576830805s ago: executing program 32 (id=1086): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x10010, r2, 0x4000) (async) write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000000)={'bridge_slave_1', 0x32, 0x7}, 0x11) (async) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 20m10.301787098s ago: executing program 1 (id=2552): ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(0xffffffffffffffff, 0xc0844123, &(0x7f0000002180)) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) dup(r1) write$UHID_INPUT(r0, &(0x7f00000021c0)={0xfc, {"a2e3ad0e090d07f91b5e1a1887f70706d038e7ff7fc6e5539b0d3c0a8b089b3f3b3668030890e0879b0af8c6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b5b31070d0773090acd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) (async) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x60a80, 0x21) (async) r3 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r3, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000", 0xffffffffffffffff}) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000000)={0x2, "fa02c80a3a1e9d4b9aaf000000008d674fe69b5b7638dd031dd7504fe5809639", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f0000000400)={"6739669f274d13b691ebe45b00e4f5b53e0ca34dd02acecdc67c5e3126628168", r4, 0xffffffffffffffff}) r8 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r8, 0xc008551c, &(0x7f00000020c0)={0x4}) (async) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'}) (async) r9 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x181) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r9, 0x40045731, &(0x7f0000000000)) ioctl$SYNC_IOC_MERGE(r7, 0xc0303e03, &(0x7f0000000080)={"000c00816800df00", r7}) (async) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r10, &(0x7f0000000000)=ANY=[], 0x32600) (async) ioctl$RTC_AIE_OFF(r10, 0x7002) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r10, 0x0) write$cgroup_int(r2, &(0x7f0000000000)=0x904, 0x12) 20m10.24571306s ago: executing program 1 (id=2553): r0 = syz_open_dev$cec(&(0x7f0000000400), 0x0, 0x80200) r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000200)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETENCODER(r2, 0xc01464a6, &(0x7f0000000280)={r3}) read$FUSE(0xffffffffffffffff, &(0x7f0000000d80)={0x2020, 0x0, 0x0}, 0x2020) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000008e"]) r8 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) ioctl$NS_GET_OWNER_UID(r8, 0xb704, &(0x7f0000000000)=0x0) r10 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_SUBDEV_G_EDID(r10, 0xc0285629, &(0x7f0000000180)={0x0, 0x0, 0x386a, '\x00', 0x0}) ioctl$KVM_SET_NR_MMU_PAGES(r2, 0xae44, 0x5) write$FUSE_CREATE_OPEN(r8, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x5, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000000, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, r9, 0x0, 0x0, 0x7}}, {0x0, 0x1c}}}, 0xa0) write$FUSE_ATTR(r2, &(0x7f0000000080)={0x78, 0x0, r4, {0x9, 0x1, 0x0, {0x4, 0x7, 0x100000001, 0xf5d, 0x5, 0xffff, 0x5, 0xfffffff8, 0xfffffbe0, 0x8000, 0x7f, r9, 0xffffffffffffffff, 0x43, 0xcbb6}}}, 0x78) r11 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0xa0880) ioctl$CEC_TRANSMIT(r11, 0xc0386105, &(0x7f0000000d40)={0x6, 0x3, 0x6, 0xfffffffa, 0x3, 0x4063, "57c1169b6664ea61326ac71ae7213059", 0x4, 0x0, 0x0, 0xfd, 0x1, 0x1}) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "00800000000000f51000", "00598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]}) r12 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r12, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$SIOCSIFHWADDR(r8, 0x8924, &(0x7f00000001c0)={'tunl0\x00', @remote}) r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r13, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 20m9.565589991s ago: executing program 1 (id=2558): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r1, 0xc0585605, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x3011, 0x0, 0x9, 0xd, 0x3}}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0xfe, 0x6, 0x1, 0xfd, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r2, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x10001, 0x4, 0x554422e7, 0xff, 0x29cf4c62, 0x4, 0xc02c84e, 0x6, 0x2, 0x5, 0x33d911, 0x41819272, 0xfff, 0x1, 0x59, 0x7], 0x80a0000}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) 20m8.581798957s ago: executing program 1 (id=2562): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[]) (async) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0x15, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f00000002c0)={0xc, r3}) ioctl$IOMMU_VFIO_SET_IOMMU(r2, 0x3b66, 0x1) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/reserved_size', 0x0, 0x83) read$FUSE(r4, &(0x7f0000001040)={0x2020}, 0x2020) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000000)=0x4) (async) ioctl$USBDEVFS_FORBID_SUSPEND(r0, 0x5521) ioctl$IOMMU_VFIO_SET_IOMMU(r2, 0x3b66, 0x1) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) 20m8.337756475s ago: executing program 1 (id=2564): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000358a0000000000005362ffffffffffff"]) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r4, 0x6f000) ioctl$VHOST_SET_OWNER(r4, 0xaf01, 0x0) mmap(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x3, 0x8032, 0xffffffffffffffff, 0x0) ioctl$VT_RESIZEX(r3, 0x560a, &(0x7f0000000240)={0x0, 0x0, 0x8, 0x4, 0x3, 0x3f00}) r5 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000080), 0x81100, 0x0) preadv(r5, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/205, 0xcd}], 0x1, 0xffeffffb, 0x1007) 20m7.945803911s ago: executing program 1 (id=2568): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x5000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, {0x5000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x2}, {}, {0xd000, 0x4000, 0xe, 0xfd}, {}, {}, {}, {}, {}, {0x4000}, 0xddf8ffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeeee8000}) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 19m52.60326942s ago: executing program 33 (id=2568): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r3, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x5000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, {0x5000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3e, 0x2}, {}, {0xd000, 0x4000, 0xe, 0xfd}, {}, {}, {}, {}, {}, {0x4000}, 0xddf8ffdb, 0x0, 0x0, 0x0, 0x0, 0x0, 0xeeee8000}) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 15m25.633833561s ago: executing program 5 (id=4739): r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0xa6d1, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x8, 0xd, 0x0, "0260b1d63609162599ce1265f53499b3834f0100"}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12) syz_open_dev$vim2m(&(0x7f0000000080), 0xa6d1, 0x2) (async) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x8, 0xd, 0x0, "0260b1d63609162599ce1265f53499b3834f0100"}) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0) (async) write$cgroup_int(r1, &(0x7f0000000040)=0x900, 0x12) (async) 15m25.452638646s ago: executing program 5 (id=4741): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f00000000c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000040)={@host}) (async) ioctl$IOCTL_VMCI_DATAGRAM_RECEIVE(r1, 0x7cb, &(0x7f0000000980)={&(0x7f0000000540)={{@hyper}, {}, 0x400, "1710194bd1372be65d5d1be456d243acca17147843aa07e4676b6e5e13d51fe3b442ddd575b7ea5ad5807b65f6ffac80b65547d4a62858f758a3c310e491a45dff1707cfb8288781aa397d3e28b552db90c3fd57f459b4e3da5126b8963a25e860e40c989341b47e8b95063656f91660d61ae86764cd5302c60b77fff946ee5d5b95a65deb8a11af66212c0a3802da8734cf65656145658ef881a33b771b9134fe2e1407a2ffeb9ae90b1cd06a1e2438c7cd1667c0d3dc53f15fd720ed9adc68ca0bf8cb3a5f3e8f2b48ec05a30d52182f3be35dc35ddad91cd4123051996b766cf7f2791773011420d79b507bba3f90ba48eb066b68d56570e96cdac68675271dc756c582705ced77c094ae8f12a4f268fd1c5ed18f1264e27fcc5d2cced8dc50569b03dffbb749caffa1748c5f7c5fc60a7264e04c53bef6c2cba5ed946d420a97a2fa74cb564f80206f75b408bb69c27ab96ae43936e5c497bc56409f13221e4736c3229193f32dfeae901c32027c5941b73beee853b0fcccfb97d02b8675ca92bfe97adcf83d49f8a405dc9be0cfbaa239a73b40b37ee1c03ae15bf08b05d594d3ae80c131b6a0f958a0b5e09653d5d541c29fa4203671c3e8d3898a5618d7d05e7742dad4a6696ae13deef6c402e2afea4acf40d2c14ed5092a438170f1681d4b97eab16fcbfa86d7a361c02f89069d58c2b32c58d5ef7babf62b97c7ac97e413f53bea59cdbf72fc1c14718b1fa6306da64c9700df190c356a9e972d9e63cc9b0383cc8cab28a02a4b3d4f8b96d485dedb3e6a3f4e40d110676dc8de884d3f915b04f220072d4d68697b106faa3577b5011f3144f235439f1aac9f59d37adcc58ba20f209442df6e2975fa5e9b5cc2653b15b7be37172df2d84329307831f2977cac3cca11676512d2d351e00d09889681f9e0e6c172f2d0c3c15eb75ffe6297aecc1cc9d3ebc80735a50b07c7b1eedadbc9f637e26dd4035322abcb77f93fcd9feb2c33bf37c34595dc9bb2e16ada83dc541f98880dd6d4e0ef38e27adf412d1e08a5c1ce83acdc4f40674d9dc14fbff2f42eb71ba5fac19fc742e00c4c15154fcf8f79ad4cd4c8183d4b2d9693eab7f0da562a9ffba7058b272b280611d877f0b05dda462a5e605ea5a8803ad17ce5a9c5f88ec6fef54f407f5f26dc218b21ac5899d03946fdc4d95791f09a272ef0f1388d718c3d38727b1fbbb2c9f22f2d5091c2d0963b971ab47402130e3ca8e201609c34d4379f75257240f9ff0fe921e29bdcc1319bf77a469739ebfc1d1f8605bfb6d46c0cdc31692254715082be9152eabb5a9f2c562c06a985f573b63f02aad0eb63ff970e5a9a28d209b657cd20dc572238ef1d5bbc57041f77c70fca6b5314b6bff2a9b1a03ed2269456e6467664ac0ec2d2304916885fd1f91d5c3b32b924de00"}, 0x418}) (async) close(0x3) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async, rerun: 32) read$FUSE(r2, 0x0, 0x0) (async, rerun: 32) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x270400, 0x0) (async) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) (async) r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_CREATEPROPBLOB(r6, 0xc01064bd, &(0x7f0000000280)={&(0x7f0000000200)="d2", 0x1}) (async, rerun: 64) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r6, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) (rerun: 64) ioctl$DRM_IOCTL_MODE_GET_LEASE(r6, 0xc01064c8, &(0x7f0000000340)={0x0, 0x0, 0x0}) (async, rerun: 64) ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={r7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (rerun: 64) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000040), 0x2, r8}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f0000000a00)={&(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000004c0)=[0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0, 0x0], 0x8, 0x1, 0x4, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000a80)={r7, r12, r9, 0x0, 0x0, 0x6, &(0x7f0000000a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async) ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r8], &(0x7f0000000040), &(0x7f0000000300)=[r11], &(0x7f0000000340)}) ioctl$EVIOCSCLOCKID(r5, 0x400445a0, &(0x7f00000001c0)=0x40) (async) ioctl$BLKOPENZONE(r5, 0x40101286, &(0x7f0000000200)={0xf8cd, 0x7f64d450}) (async) ioctl$BLKZEROOUT(r5, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async) ioctl$FS_IOC_SETVERSION(r3, 0x40087602, &(0x7f0000000400)=0x4) ioctl$DRM_IOCTL_MODE_OBJ_SETPROPERTY(r6, 0xc01864ba, &(0x7f00000003c0)={0x5, r10, r11, 0xe0e0e0e0}) 15m25.173632533s ago: executing program 5 (id=4743): r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x1f, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc0505510, &(0x7f0000000000)={0x0, 0x400000000000385, 0x0, 0x0, &(0x7f0000000c00)=[{}, {}, {}]}) (async) r1 = syz_open_dev$loop(&(0x7f00000005c0), 0x7, 0x22000) ioctl$BLKPG(r1, 0x1269, &(0x7f00000006c0)={0x3, 0x0, 0x98, &(0x7f0000000600)={0x0, 0x0, 0x4}}) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0) lseek(r3, 0x800, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x90002, 0x0) read$FUSE(r3, &(0x7f0000005840)={0x2020}, 0x2020) (async) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) 15m24.40182943s ago: executing program 5 (id=4750): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) (async) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) (async) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000000)) openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x7ac343, 0x0) (async) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000240)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000000)={0x2, 0x4, 0xd000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) (async) r4 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) ioctl$AUTOFS_IOC_FAIL(r4, 0x40187542, 0x200000000000) (async) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) (async) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000002800)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f0000002a80)="016b"}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000540)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0x0, 0x1000000, 0x0}) (async) r6 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) ioctl$DRM_IOCTL_SET_VERSION(r6, 0xc0106407, &(0x7f0000000140)={0x6, 0x80000001, 0x7, 0x2}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/custom0\x00', 0x803, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000) 15m24.333789024s ago: executing program 5 (id=4752): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xcc540, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) preadv2(r1, &(0x7f0000000080)=[{&(0x7f0000001200)=""/4096, 0xffe00}], 0x1, 0x0, 0x0, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x489}]}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r0, 0x7dfff000) 15m23.204014143s ago: executing program 5 (id=4759): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0285628, &(0x7f0000000040)={0x3, 0x2}) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}}) write$apparmor_current(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="6368616e6765686174203078303030303030303030a647c700003033da"], 0x1d) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r5, 0x4038ae7a, 0x0) r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xd3, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xc000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1e}}}, 0xfffffef9) read$FUSE(r6, 0x0, 0x0) r7 = syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205649, &(0x7f00000000c0)={0xa10000, 0xfffffffd, 0x0, r6, 0x0, &(0x7f00000001c0)={0x9e0901, 0x8, '\x00', @p_u32=0x0}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) (async) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0285628, &(0x7f0000000040)={0x3, 0x2}) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) (async) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}}) (async) write$apparmor_current(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="6368616e6765686174203078303030303030303030a647c700003033da"], 0x1d) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_SET_PIT2(r5, 0x4038ae7a, 0x0) (async) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xd3, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xc000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1e}}}, 0xfffffef9) (async) read$FUSE(r6, 0x0, 0x0) (async) syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2) (async) ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205649, &(0x7f00000000c0)={0xa10000, 0xfffffffd, 0x0, r6, 0x0, &(0x7f00000001c0)={0x9e0901, 0x8, '\x00', @p_u32=0x0}}) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0) (async) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async) 15m7.99879302s ago: executing program 34 (id=4759): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0285628, &(0x7f0000000040)={0x3, 0x2}) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}}) write$apparmor_current(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="6368616e6765686174203078303030303030303030a647c700003033da"], 0x1d) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r5, 0x4038ae7a, 0x0) r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xd3, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xc000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1e}}}, 0xfffffef9) read$FUSE(r6, 0x0, 0x0) r7 = syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205649, &(0x7f00000000c0)={0xa10000, 0xfffffffd, 0x0, r6, 0x0, &(0x7f00000001c0)={0x9e0901, 0x8, '\x00', @p_u32=0x0}}) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) syz_open_dev$vbi(&(0x7f00000000c0), 0x2, 0x2) (async) ioctl$VIDIOC_ENUM_FREQ_BANDS(r1, 0xc0285628, &(0x7f0000000040)={0x3, 0x2}) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) syz_open_dev$loop(&(0x7f0000000540), 0x80, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) (async) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f00000002c0)={r3, 0x1000, {0x2a00, 0x80010000, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d09000000000000008dd4992861ac00", "90be8b38559265406c09306003d8002000", [0x0, 0x2]}}) (async) write$apparmor_current(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="6368616e6765686174203078303030303030303030a647c700003033da"], 0x1d) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$KVM_SET_PIT2(r5, 0x4038ae7a, 0x0) (async) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xd3, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xc000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1e}}}, 0xfffffef9) (async) read$FUSE(r6, 0x0, 0x0) (async) syz_open_dev$vbi(&(0x7f0000000200), 0x1, 0x2) (async) ioctl$VIDIOC_G_EXT_CTRLS(r7, 0xc0205649, &(0x7f00000000c0)={0xa10000, 0xfffffffd, 0x0, r6, 0x0, &(0x7f00000001c0)={0x9e0901, 0x8, '\x00', @p_u32=0x0}}) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, 0xffffffffffffffff, 0x0) (async) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async) 9m15.080718302s ago: executing program 4 (id=7727): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000200), 0x1ff, 0xa401) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000001c0)={0x82, 0x0, 0x9, 0x300, 0x0, 0x1, 0x0}) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000), 0x1, 0x1) r3 = syz_open_dev$tty1(0xc, 0x4, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xc2, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f0000000380)={0x1, 0x0, [0x674ae210, 0x100000000, 0x2, 0x7, 0x0, 0x8, 0xff, 0x3]}) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x123280, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r9 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r10 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r10, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOC(r9, 0x3b81, &(0x7f0000000240)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r9, 0x3ba0, &(0x7f0000000500)={0x48, 0x2, r12}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r9, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r11, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r9, 0x3b85, &(0x7f0000000040)={0x28, 0x2, r11, 0x0, &(0x7f0000392000/0x3000)=nil, 0x3000, 0xab1a}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r10, 0x3ba0, &(0x7f0000000680)={0x48, 0x7, r13, 0x0, 0x10001, 0x0, 0x0, 0x2000, 0x749bc}) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_CAP_SPLIT_IRQCHIP(r8, 0x4068aea3, &(0x7f0000000040)) ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x1) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="04000000000000000a01"]) ioctl$VT_RELDISP(r3, 0x5605) write$UHID_INPUT(r2, &(0x7f0000000d00)={0x8, {"7894e6e62ce0f10fcdce74f21ad5b47c923d4dec90cefd599912070f341d59a8802e33af9869738f25b2f72093dd0ffa688e8e417c6e0e09b99649818d7caca39e142ef69d9101397854c3f51bde013686a626b2120c03d98c0ad981069188fbbddb88bf41a6b29ed43d1244e6025e1e4a2f40577619ccee39385bfc86461023a7906e5c07d16415140f4ab26db004362c885ef2c9ee82d3dd7e2ac42ca05d81ccea87dc0ec4a8f222013d6d4d0b0c828f3d2e3151dce87bfb335c1ad67bb3323564022ab23a6ba54ca117ca592c8d4227922347ea6f7c9d3dbdbc8d235f2d03e688d5ca7718d60e911534f964bf20359a0057847e7d7fd2cc463784aab2b06ba95512cfc427da44aa73634b0797b9baab391aa176d259c047ee9d346e63903860ab3c571d064509a715c5c4c6edffce9e1701e8291c2d937e3ff18691fe9a665b1a3b717a40205f8efa239b37e6b33f5c8ac28e616f788d0294c8d39ff4a63aaca7d4c578a935dd84850432201081bc1b00c5797847eaff8cecf8af8a60f075b5ff1c3dc9e62f9a3cfc4333a7501dd8badfdc691a9d35d3fc2c0e8f1b21a2c619201004a0d82bace1738ba9ca93e6fbf8ebaa78b5423efb19d3337ad050a7a1a634737a0169921911b277ab235f8b186efd60c3eff58e974a856ba460c5fbd91c1b5c999a7f6b4474560e0c5698085e1ff96381999bf7338dddab4499c6ae315245ecc98d3ca2ebc11214a4115e9205e7d1705591be4029a5e92ae06c02ba39ac70cf1ba082ccee070bf2feafa55ac6e863adb6f89a7475c2dc073058b0f8a52151d8c3ced025463656942bfd257ace6c54bd57985a44cef1c20777db47d12bd34371ef6f537e455b7787e3a853713877fa9465937602ceef8b9439507ab802ea4eaf5ee2ecd710b1840d8b8c995b5904434198abd8f0e830857ed1af53f3bcede9d57afb1cd7ad27bf222a6d1c58286c40d22211a3b2b7b7bbf5923a528fa4d781aaec1f67e013392b17197d2f6ff2d0e68bea94ce57cc516daffdf2348333a8dc596894540aa2a79437d95465fc27627b0e26871d5248c39e1a3badb319d449a7d67145418e1a35cb4bf950a5483d6e80763ea676b89d1f1e2cea20c590c76ae9fb228ffd638ccabdb3830cf944e1cccfb7ba8b1d1f0aabc498155ddda8404ebe2e25cfcfa9058af7d66bef79e592a579d556404ea3f28d6ddb3fdead9123247e23827f729eee41540d0f0e94027d65eee4e7c1c913c634f9abf546388cd2e4b351b16bd97faae3b54f5b2750495619ec36d97a1080564fa30a9f8a2700b77340b5bbd9cc377ee35420b5b762935047af7837e973a9da42ef93c11f145704d041054bcc4680363cbbee16a2bc0eaaa49cfa23330a666dff32daa17a6ea425f1ed2354d0c36893c895a0564e100d3e1385467405ca2706cfb62453faf72b1648727faeffb3c934bc4e48e4ce93af11bff3208cb3843da7ed68451b4af747ef72e2fb78a73990c95097c9504aacddffc5caadeb171e95ad113561144907d361fd28695239f6619360b9d0eead653cc83ab13fc7c0c60237e3363b6f319daa38d792426393e2396404a112ed9e70b378f494d4b540bf9b44d76b347a12c8cdaeed350a85698eb71bd126f75b9aa0ff7435926a4a4ce04e4187eae5a80b1ff56aa7f1b005a9a057b6ace4cf08c404f66c0b31974d151e9a2840ebcbfbfd898e6694b89fe78a68b90551c9d33c14914dceff64a699c1cf1570c2d1f53e905abef9f954fbdd100b1b18f10dbd673bd6c7a9693286cf2dc0ab9919466750aa42ccfa27e9ff4190dd784ec6f2e19270521f98561a959152b16a80f0b1e183375d3886936ae03ff4949777d30481c24bbae918d5fdcc8f46ff05e2370095bc85cde086dc1e32423f21c13c42490fb679462f35dd0c4ef06f8c3f24327af47ea2c73a856f112385094fe138022e308c157adb19b94ed0e8d94b805883318b33b22f371d62f0b764b2a44b65018bef417357aa997ea4ef95a2899963e06a3c553943e14d3364b73919f5e6d8395d56d522f1b19ae37d48f1534d92e4248824adb555281aea2fb317bfb30cdc7d4efada900006f45578a061b19e2eeefffdbf1974a1633182501611724079f926122c1c8fd9b1d8e6302d76ed90616abcfcac478e3b8d3be91eee5f9c653f8fed3afc1eb33d9314aaa021e8b53ab7ba3e59b301a6c757efd95c6661d7d3e8a73cdec7833f4608dc238d8e144a5b0196a9aea6fb30efdfdb05f9529c52af93cd78d857e3cc920bf30b2292380c662890f3679c09aea55c77a75dbb4da338c0fb737a5fc31252d9fa798f9dd70947f6cfa0474a7a835c694dfbb5c678216915d1f04c81d5df8f2efde80fdbce8248525d9b639f394847b9a8c2e7f7288b031df91db059eabb750c1bfe732b78001c2cca0f74cd8873cc2a892d26e1dbd48db297853775c21d68ce1daebee4f4d65bf8e448b1c80da35eaff3295ffe0aef68baff15f7585aba741699c3ed9a62f2c18200e40cbb383b844459ca9636d61645470d4f8b04704b84a7986d816c037d368d807ab936faa842a427cc4987ab506f3f08841195c893f39656547ff62730ec43aa78311d57defe4002301f6b9e1f6573f3a46715e2d1f899480e8bc97f5dfe48ad14df280126998d32dc0a63231584b5ee82d5f90d5ccd3eb3923cee0dfe0eb9b1ac54fd97214ad86c6459cf916ba0bfc9d4210a95346d753f4bc7440d78274c4cd1850907a2bf150a1c1b511bf0438494a6aa1a197f787c96b410d866b4cb284f74122ffbb2f5fa7c2c22f935c7e1542ff83f01e3024ee6e3d7fd0fba2754e635c8116a27f15586300d6522979822c1f97038f33c644ef82e9818f4a09388cb9a69514c929e9bc149fd7a26b458d89abb5e3ae1de29ed1f28d613878a24a9296c967339b9c6749f92c720982cb78a120bcf7593c6fbae36f9a06caa384a7e5d3f05442b0a69f72518a76a916968aae56abda54dac318fd726335e95592f80d030ef51aea41d5e348267fcea65e49d8e36e711fedb3fb9ad37d3fdf2185dcc3ff44736d6a0d4b4bd1810f89ec6e0e6b6f58f74d73ddd2a27fcfaf36d1aec6c3769787a1d3b8514487a399e6497bd0bf4c4242868d599aeb2202cae535e8118d478fc43b4c8bfdcf024f36f5d7c9f75c69bc9d4d5414e8bef740bcaf9027dbdb0f47643b984406c9ce1999d7631243c26d6824ae74ab71f536e40e934a5dfea7f5c5d10713c831df6ba168f4080a4b082e94bc23c0807aab7c0bc29f327d185a2a9302cc255aa54764c4eb8ef5b17d640afa30b36572294914d51ac146f87af6f5abd97823724aba25f589e769aa1047e72365e9ee67e7f90e80542cc842aebabc97679dd893075e8a1bd6934ac9e768e20bcf4c2fa29c5f7a103d3ff689c721e08ef1d0ca61ee3e07a815aa943879dd5c406dcff6a946b0a12980620cfb224912e27accbb63b1e2d571c65918c806060dcd08d5cef341e5c5705021ec19605b809a44d2a8f6f27e18f2b8fd268e23706564df5501096fd8f8261e27d5c8b582673f0c76bf78b27f754cddb5b64a33c87841681d8eef2b5abe8a8deabee587189f75b8b518909cd2a6f89910425e8647f25077829f1b400b3abcaeff6f54ccc00f6fb7abeeefe0226e4e2b55fba0925b49be8310fc5a490384e4a5e7216b0fd0c09c00e3327ada8c59eb37443ac9148a9df92b0d4e6851cd93b784d3e0a236d9fe7c483f03d813fc98e632cf6255dc4a70a0458570776509ebfb545f35956c7e32493f6ad886ec858bfc29bffb7f2ae7eed7d83e3075554dd81e72c93f4c2e4dcdb0832e76861b983b17c2a6f887a988e4fd47459fd45134560b5b1bec10c50914f2d7f327a4e68a0c453f067035f243ca01aa22969481d5fb48d1da82f35222c4e8d249625c454159f7b00a85d43414eb5e7c8044922b323f2473af648d1dba5ffff34bd5e023a2fe4860d7568fa4d35ad20c461eb38bced561edcef853dbcdd7b69bb40e9cda525a71a286c956a1268cacad0bc0c79ed7632aedbb8dc78ba1a2adea2b650314072d1ebc08f9753d6d38e53a758ea4700160588e819239711a506f004ec57037cd6efcbb9cee3bba556eaaa008bf8e8390085b85653c7aa006dd836c7ad025bed9dec77a4a00b309776862fca4dd01dff16aa6bd70a876662093b85ffbb07b2f8b4361f5dc635f940571239a71865e8f1a289f449ae9a74266205c8b1fe8a732db502c9ea5e5c379b704d43ef795b40450aa498535803767d2c2cbd2749474d2997e00f37612fcc0ae7322b8c8e2a90cf66ada69bd05b82d5707562b37e40674f0a3f58d9c776a931b8768d5c23f17c5f9135e7a4ce0c6eb356d9fb4a53d112194c19e6f045d2bd44132a70b9ccd7e65d2787899785f7ee9185589136c847347142440e0a405c18ff3f31acb791a805dd281aaf97aee708dcce2f1aa53161b7716fa0978c0d02871637ad7e1af5a158b727a1dfc2ae1aafbb9c516469ee89fa0f1de23a17115ded5e9c560a468c5192943be74aeaba51083ca0379563f1fa78e29eca1eaf849cd00f419ceb59e640248c332c845e68e9a398281b962ae59aa5b18006b6ea6e0c5f1b30665e1fb975da11ed6a47bd44b4241bbf0443f178e8249805cc3f980a4bb2f46baab0a12e9e9b2aaa7e0ca22b2314a9e5ef6412f4efe31381e3d716244af3112444eabbb0c353acafc0f1179ad4c63b81e5f5bfd771591d24e5254fa72e30aa53717c24b49cee71cdd9368e207af5e992a04f06de912cfcfca38732f5c8393d466d209680ebfa5764897f04531138beff3f65691593e334c2ae2825ffa9353e8aeef37b90691ea5c78d7c86124abf6491a068bf03c3467e5e42ca4b58192d17856722207568777141ccbef3f3891708897af9c196be92056527a8da820d28dccaf4dfed4d38fb8fe826b238d31bad751631a0d8b1eabdfa7bffe65241238ff982d21b2222cdd3a536385d0ab2180ccdf4672d0b21156377fe640ee8c8744b9ba1efce91c295e83a4271a34a1f70adbc2ff0aa6ba9e1965061cadcd3d824636bbc1f977c78dde1859d752c86b099705616edf6e94523f108af79ab5073d26f3788c4d56f1b17b764c1bc387e531dab5dd71198c56b02c68552dc1098beec85dc1bbe2dde316e6093a9a33f578d789da9b2a9209ed6e73a0597bc62467afc42f0348c9b885b92f37569a953f6316d5c8b188539474da3836abeae7ec259cf8fd28f02593597e9206e05e8da4f4346aab36f179deb68a9dab9b550d6fe4f0c88563935328a699b9cbb2015be57c28beaf60be499114f04a96a2f7fb3bf3b5b31e422954c96790aa1e49c5bc1946df0df2b4be63c0aac1ddcf187714f6e67a076a823feaeba5db4a99e5f494ec939d1b0ecd23752c08c3b788704612127e7f080ef581b4990accd6dca7ce52844bc7bbc8c8752497c171d8e628c53609a920fb5a1bc740cb05e2035de72f636ef0498ed2f3cccb64d5740afbc30015442ca0511160787b2c763072c70035f7f3bbbd3966bcc80d021ce1482e27681b963a28189c2ee9d64d0622a94eac689d3fc1a4137c4d62a4c73fab4b0175a8ff8fa256118affd94aaeee33b155043f53d9e3d4eb82173df0938c6c3e51c118c1acf187c84f12090ad1dd663013e433455290f87ca88959f9f481e4dd05e6a483abe00f7c974e5ff602a7a6eaa71f8ac06c50afac0c2858b554f59bf88002766a619ae9b0864926d07b273238e1ebd456543f77ea800231dbf4479f0b90fc607", 0x1000}}, 0x1006) r14 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r14, 0xae41, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0xa000, 0x0) 9m14.460707085s ago: executing program 4 (id=7735): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) r1 = dup(r0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001b80), 0x0, 0x0) ioctl$SOUND_PCM_READ_RATE(r2, 0x80045002, &(0x7f0000001bc0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r1, 0x800c5012, &(0x7f00000000c0)) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r4 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r4, 0xc02c564a, &(0x7f0000000200)={0x0, 0x31384142}) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r3, 0x7dfff000) 9m14.371283125s ago: executing program 4 (id=7737): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000280)={{0xffc0, 0x4, 0x0, 0x6}, 'syz1\x00', 0x50}) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x51) ioctl$UI_DEV_CREATE(r2, 0x5501) r3 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f00000000c0)={0x50, 0x3f, 0xe, {0x4, 0x1}, {0x8000, 0x7}, @cond=[{0xeeb, 0x405, 0x4, 0x3, 0xc}, {0x7, 0x2, 0x5, 0x6, 0x6, 0x3b7e}]}) r4 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r4, 0xc008561c, &(0x7f0000000400)={0xf0f000, 0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) syz_open_dev$media(&(0x7f0000000000), 0x10001, 0x422000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080), 0x105000, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="0100"/19]) mmap(&(0x7f000093e000/0x1000)=nil, 0x1000, 0x0, 0x20000000ec071, r1, 0x1000000000040000) 9m14.025826725s ago: executing program 4 (id=7739): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r1, 0x3b88, &(0x7f00000000c0)={0xc, r2}) ioctl$IOMMU_VFIO_IOAS$GET(r1, 0x3b88, &(0x7f0000000100)={0xc}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 9m13.221593291s ago: executing program 4 (id=7742): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'\x00', 0x52d35ce30131f272}) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000080)=0x80000000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r5, &(0x7f0000000100)=""/159, 0xfffffe5a) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r7 = openat$adsp1(0xffffff9c, &(0x7f0000001280), 0x0, 0x0) ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) ioctl$SNDCTL_DSP_STEREO(r4, 0xc0045003, &(0x7f00000000c0)) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) ioctl$TUNSETIFF(r1, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) (async) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'dvmrp1\x00', 0x1}) (async) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x103442, 0x0) (async) ioctl$TUNSETIFF(r2, 0x400454da, &(0x7f0000000140)={'batadv0\x00'}) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000100)={'pimreg0\x00', 0x1}) (async) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'\x00', 0x52d35ce30131f272}) (async) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000080)=0x80000000) (async) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r5, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async) openat$adsp1(0xffffff9c, &(0x7f0000001280), 0x0, 0x0) (async) ioctl$SNDCTL_DSP_NONBLOCK(r7, 0x500e, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r6, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async) ioctl$SNDCTL_DSP_STEREO(r4, 0xc0045003, &(0x7f00000000c0)) (async) 9m12.676049159s ago: executing program 4 (id=7749): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async, rerun: 32) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0x5000, 0x87, &(0x7f0000002400)=""/135}, {0xeeef0000, 0xd6, &(0x7f00000024c0)=""/214}]}) (async, rerun: 32) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) read$FUSE(r2, &(0x7f00000003c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0xa01, 0x1, 0x101, 0x7, 0xb, 0xb000, 0x7, 0x0, r3, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r2, 0x0, 0x0) (async) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000200)={0x2, 0x0, [{0x8000000, 0x5, &(0x7f0000000000)=""/5}, {0x5000, 0x2c, &(0x7f00000001c0)=""/44}]}) (async) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000002c0)={0x7, @sdr={0x3234564e}}) (async) r6 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x10010, r6, 0x0) (async) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 8m57.613355161s ago: executing program 35 (id=7749): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async, rerun: 32) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000280)={0x2, 0x0, [{0x5000, 0x87, &(0x7f0000002400)=""/135}, {0xeeef0000, 0xd6, &(0x7f00000024c0)=""/214}]}) (async, rerun: 32) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) read$FUSE(r2, &(0x7f00000003c0)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0xa01, 0x1, 0x101, 0x7, 0xb, 0xb000, 0x7, 0x0, r3, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r2, 0x0, 0x0) (async) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000200)={0x2, 0x0, [{0x8000000, 0x5, &(0x7f0000000000)=""/5}, {0x5000, 0x2c, &(0x7f00000001c0)=""/44}]}) (async) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f00000002c0)={0x7, @sdr={0x3234564e}}) (async) r6 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x10010, r6, 0x0) (async) ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 8m10.505760571s ago: executing program 6 (id=8274): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0xffffffff, 0x1, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$TIOCOUTQ(r5, 0x5411, &(0x7f0000000200)) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000002100)=0x1) ioctl$TCFLSH(r5, 0x89f3, 0x4000000000000) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 8m10.058144034s ago: executing program 6 (id=8279): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) read(r0, &(0x7f00000001c0)=""/157, 0x9d) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000040)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r1, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, 0xffffffffffffffff, 0x1}) r4 = openat$audio1(0xffffffffffffff9c, &(0x7f0000002280), 0x100, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r4, 0xc004500a, &(0x7f0000003300)=0x8) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r3, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x334e8b}) r5 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f00000022c0), 0x2, 0x0) preadv(r6, &(0x7f000001fb80)=[{&(0x7f00000002c0)=""/32, 0x20}, {&(0x7f0000002300)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/4096, 0x1000}], 0x3, 0x0, 0x0) write$dsp(r5, &(0x7f0000002000)='`', 0x88020) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, r3, 0x0, 0x10001, 0x0, 0x1, 0xd6fe2, 0x3d3b4e}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x7, r3, 0x0, 0x10001, 0x0, 0x6, 0xa9613, 0x17e5e9}) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/partitions\x00', 0x0, 0x0) read(r0, &(0x7f0000000080)=""/62, 0x3e) preadv(r7, &(0x7f0000001500)=[{&(0x7f00000002c0)=""/4084, 0xff4}], 0x1, 0x202, 0x0) write$UHID_INPUT(r7, &(0x7f0000000280)={0x8, {"9a7395a4476a7f7f59fb5e09e0bfdbac6a7bed2796100bade47f6621a67e6467dc23a89f5448ce0066765c5bb85a2675034eddb916721e41a8cf92c326128d4b25c3ef0ca735ee633c674b33f37698f14bb71a78e36b2fdca4aab097b80974e7dddc99724ad639b2b38053ff9a75098fa0a3fdb26831c58c20df6b16ac721587b59dfc8961ceb7b8aefaac7e20391c578e6d696dee5d0e7254522298ce58de436c180dacfd7a0ef4357564f6b32b6569d1cd3c94f7d0421012eba90b5a0a65977373f2bd019c589f4f13e6730336bded23a22fec667161fb248140a7fa559c7444612cb8ccf4448882fcbafbe50a6712a1245de64dea88aeaef549a46cc3196f7904ba2d77a6ace5502fd884fb8a20ca6c17a33b1decbc66a74c6058645c6c1aa6cd530a49fb1349f9e0282eceaece67786be89bdd1a7547a215da392ed07d61f79eb649c50dc29c915b5c703abb780976e5af255e816d07ddb2f1279a08ab320c8cbe3cd5aa387b1479635384e80b36d7bd25ec5786f647652dc96879d6d002ea80968475d964250ccbe719b1753b4ca89017571cdda62685b736c07e3908d851eba9519cff83fbb8e126f58d952beb302b3273731e6a4667e9e9d36b71fdeb1cdec4f4b7a9d4859f036d6ed85709f2fd205580b4502c7b6ce1f89dcb988a59baf957aade9b421f0e57fffd9344f6264d44d97efdfb76ee5f0f0b5de19b6e6ed8bbe8efd6cda5c8fcb49bd2a860f21aab35003b5bce4ff40c9df01adc4fdf31ea090d9c2e14cde32eab40fa79c6597ad07dff92042d3a684744f9947326a562a249a8430d5dbeaa3eba66b756396ef27a5c03a2196e25e165e2b394e560ac137c0b8af690de01c6023bbcd1e776b515adf9b4544ce1581cfa7a9b0ad1e94fe7597f5c7a3425875dbdc18982c3a04cd351c83aacf6931b0df49e8e0e2b3fc06010989cbe8d0b41e38dd0ea2936172a538f6b648dbdcbdb27a66878defe027d08c8ca9e7d49add11dc6bae9844875009e8f19902d257d36f5640b1a1ae1eedfbe8ffaa9b64f6b08db76185f19d7e8f018c724664607ed0d967231f0cd557288633e5af1d7f90cf0ab64c306be8847043f3c1450dfbf18ddb8b3a6bff5dd0df8668e9df201d8b46e9f07f210f4509a3c03d419f5740e8f10f1656e523a50163a9ddcfd35cc8749b6bc65013fde9fda394787ff2ff52e960b6ca0885ed37b6fa8e8f6348a7a48c55475113d66af1f062b192a1f47a8e24c45a8126393212d53905be20104fe4f602a51fd23a86ab8a051c853421b3995aa6d297398fab752400244720812ffbab930ad69510fc9c9a4483746bfbefb40fa121f957ff88432e14937e04da73938f546efa109bcfdc60a3954c5eeb6f60440f4364b9022635b1978eb1f259d05078aa342c04c24cb8f1c3b884ea651c694f5928d92acd9de52e0c14104717502458be8c57898267e62815eb88f71cd64f6635257954e9771308633201d00080888949d7dbb2114984de6fff686e31ea651042fdb800090dc8cdbf4f6fc2cc3d40f50af1f49646be57f473c87e1b67b33c7fd3816cc705f217a0d4911026fef06c2d45f08203c5b07346e8a541df66fe64998ba6013025742feff38152238bc75bdaf307354535d0de786ce61d9e294092b89c87295f6b71c915e03f311fc8629975355abe4d94f50f1c1327ca175aa2b6edf9b958f1de6f52975b7c542d0b64ed941c1155a5150dffbe7f7f73094a2f41b901241693d138ee716f192d42268eb1c8b9db2f7d412e603a7ecc9b459d29498229897e04f5a500b507d4c20eb65dfd1d6d8205e7cd50ff57c3450ac68ff33ce20b38e2ef1772580e08926832eef1711c78119127fd3e0e73124c23aae2d2e85be8a0288d53bf6872ca58ff0309a6d125ae0a5f4df1968c57cf4bc1a6372cbc11de721503931c15807ab7be2d28d7440b7a99cdad32fe7687f4d8525534faf1fa08c13aee03139142cd518f110f8489ab838c25323f6a8dc3b020c2f18acca05cda195e1a68dae232124aa5e0eae1b53e2462e74d5d557f7caa58af341f1b4bfa2c0f53442accabf99a928b02bf0f3f1c255acd2f5cc05fc548ee1e58a79999a1fead478ee737d338b43daf93592f25445e20f6512a8cc2e38de45d4f05cfd9589b5104af18c652605eb5ed1c7588c4dc8cf01e9f01823f45387c30bdee7a5d9e4f56d9f560108f13fb3149e54a2382815105498eaee3e2fba344f143925f35706fdcca935e32ef95f1d43e8d8b334b928004a4fada1cb13c2b4f43542f72e62a5e77252cdbe6b4886bef82d9065b756aae35fb977b79442b6c03aedb03784d8930f3feb71455f6d9ba06b852e5bd743bd1e4734c3797e2013235bfc0fb7494dca94b8c2e4008383d131fe39f3ecbb1bb4eceafa4d8c0cf560a90561d94276198bf8139fd3f64f6540dca8fae247b4881eabe132904ae0394aedc71f20123a8bac2368ae2a38cb05346ab11aa1ff3649cb923e27d6fb5a0401ec1cbc8d3fbe7c1db877061d2e392b312bef415a19f351ea3599e999417d2658818cd47bf2c66ce95e5e1fcfe54299ab19ca94c22cc1e79bf950bfef35fcefe837e4a94149bdc83a577992ab78d654214c09727d24417ef4b8f4a1bc1be7d5e628d19cba6c4b5651c0e199a9fdac1c900ed5df9b21c9043ac545ef28ddb4e87cd76b602dc334d709381150319d3874ccdd4369dcc7494b59ac21bfbe512c90925dda19b35de196cdbfa71d70b900abc5a3138c967cc9a32d708898dc4cc500778d4c61abbeaed903d53d232b0fe414a0db8cd8ee4e822ec327d2e6ceba5fceb2c502fc49916755153159c163c95e0d0e63dfd71768adf3c36f768ca5d2140607419ac9c66c0503ea6074e4b5841f7b28ac4b2b6aa992a1c24c2c4ddb742503d0bc1e31330fd89611e069dc96640117cf8132b8c46ee489c1953053ebd5e197288dfe540d5bc7e0d170713e326d698833c3301a3c339e03ab4abc8c3a78a70e326621f9ce7ab9cb330402e52d2141edc145fa98f547ba142653a9d1b2cdf100a3541ab4c741fbadf9a8659cf130cef39c9176c00265ec49e85ed0fc3f6fccf2a91cf27c8fd01e4f48265657a2ec4b8baed645b2cce7160997180e54be3ccdc260b9d85684c5df6f8ba0c2555647954cbe6fbbddc7621558bc638fb5dbc0529bd4dbc93c107226153d0212442b2e28fa6e1e4a305721d424735d661d3be2e97230695fef8f61b577877c315b8d2855e638067a8db68288b9f0d55ac271c2797f252e0e256de0c21e99d6ebff442ad965df79b60179e798f741f212fa26779d4b0597a052cafffa90ac2a445b8bb7da1601d9a7a05444a592720f98473a8d716b754f7fbd5afaafbcbb2250d9ba73a3d83a22a87c12c1cca301cdee9c27aa47996f4d19758bbbb3a372847279b7f4669d196ee8dce0882897a64a6855d2ee1fb72b813ab70ac02e26a161f07c7415c4ee3eb28e6fa0d14f13073dc8127289c231b47f72001f183e67ca79b2b8526b585dd0359974774ec91935d18fea330a30122329d0e8a1fc3a1f91ceb4c05213351e781745a50359be80c25fc1d19657bfbb584937fd8e39b8a2e41a7ad6d63b8eaf1544f6f56b5805e2e70f140da85228cc738567254c645b8b8e2ef986d156d71a5bb107fc73f00e86456cbcb9baa3f88c2ae1750092e03cad299ab476c38484abafe46eb8ba77f2beff23b7e92da0bde2579ba36e0c594890f3e7f44ecc59099a17c07ae966ed9b7208e7702b4de07674955954db8ceb57dd836ba9840128c1171aa105dee46f457539a3d85e4f998b8f2b18c2f638a868f90718889bc33b76537a5b9c76eaa8c3d9715dee2af41c24f75460ac5cea5a9c83170a22f534b3768376ae186747d92d64ba744a6485446bfcb2ebe960b573fbc3c29a6d811b01fecca499ead24e8d45227e61caf3301f05df3a6b94d47522a806a718b664bde1e36d919efb04e5a4424fbaf36f3812a3fdee68ee9a7bba4bc89183aa656b553d9fe63c2e622f8862bd18ee1ee3d44723f1abf524ee176f99064c8958b0e8e8e39e67ab7512cd216704b00a8fb7ef58adf7b5150ed3fd1a70ef7a3a317e44118387f6e8d22959f0951239654da9661045d92ec826e5e8ca290b3548f3e7b455274656ed4b5acdc224e298d09565cffc9f74c6aebbf3d0dede00f1a07dfe64152aaf8d69d3b8173bde3adb09a060c32834a6eba2fa19f67199657ffcc136a89d98f55f19fcdcbe1eb6fe9d5006a74aa07b4de5d09024a323fb7da0e92ded0258ece1856a9bc8cae8de0aa20d2af03f6f3ab9294ddf51f4937db4e6846ede3f09f40d4492c9da35a5c435b0446f2b28ee801397ed049e1b1d230c0dc86cabc1a36b01ce24026212c98464fd62129598768550c2100c17032bc2814ee6a2df36e77d426ac33acaf2702d1ac8ab4b294740a79ff7b0e373a006d909e9cb85668e2be75c0cf90c043f561f53d78a4e3f26973950fa7b50f875be4c20a1675ed47abce75f34e0cf2258d9d9b051a104ada2584eb47038634bedaeffd20c33850c2854804a23ab1d74ae47d09cff1457672c05d30c07290c41c570836e2ec2feee2c1d31cfbeac1de480e40d0b6d666dec8489140d8ab86ed768aa75948208f98ba87262936887d66f08136871b743c18b3d9be47b0d9d2d91007250d811bb96c5b37be58e3485ea563b9c565625447299d35b2eec61a43e25c59042484dba67655fdc64038a46056ce6f54b88c78113d131050f67b3ba0e621885c5482798d094b09a7452f45cfadf659171e400b0b0960f55ed5c7dd6580f40141834c1e061afe72923153095ace858454929c4dc3bbe793229d6c4fa9487bf8a1eb0d681f0ba956436208c29dd7f80d77b640fc04b331c9eae935559cee692f2df2639aa52ec9585f6b65fe64b306d54b3b0dd9beb7464d54b3660327f1b8e1f374ad730939c78af8cc9f4da5266315a83bcd37c6b64fe72f65f97e49106aeaaef4254614e2142accf6bfbd5133b9a8d8d0e64186ec98747e72941237ba64de7135a11354225a0674b71e5e05644ccdfad2be1b21b59ede821d1302e9fe0c7d502d553e77b1b376c508d055e81fd437b8ee0985461b105db2a4ad41a6aa98fe172eb71f46f162a1de794d14e82d84bf68f675651881003eb549ea0d3adee72e24558696e8eefa0046231ef46b08db4044ac879300c8a9d673cbb023433c7057c5156f13188fc61e433f7fac65da65143ef1c13e91789301ab4f9319940e1ab4359ca4bb29f811a99e019579023c057c00ca7d184d49a2d3d24ed66435aeb36465e9c7b6201799f4c3157306d36be71ae720ed52570b933b200864545d2c8257e7b25243250e621e6d22b406707eadf885a40e4580ef079916040a45e2100e99a609942e924961d08920bd45e982aee1d84136f699c6e2a7474529af1211bb5504ddbeee0a048761eb7e07d4e121fc4d5e16f3cc0d4ffa44b79da467336eaa7b90f10e991df0924676e92d2aa8972bdf852292e327facb10e99f432fee0834b9ccea123ec173b8be97988248a29e88bc9396a9cdb08624bcef0c4d62d6b751df74d9883e0966c67026bc60108a01abc500518d70502b902714be7b10929762b168c17b4e37dc823a56da9552b79a5721d28597afb49afd707f65defaf9f63d56ff5ce883334bbc350525583122bb230806f2279b7207aabc822f652c4f5f549905f488fc5e0051d6ad38caf23c553a0a1e28be56f656d84cf7a27840e4e99ddbeae93eb3745a4767048c027ef8f8e", 0x1000}}, 0x1006) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000021c0), 0x1, 0x0) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r8, 0x3ba0, &(0x7f0000002200)={0x48, 0x7, r7, 0x0, 0x0, 0x0, 0x5, 0xf80bf, 0x234b72}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 8m6.797798753s ago: executing program 6 (id=8306): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup/pids.max\x00', 0x2, 0x0) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000005c0), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@local}) (async) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, &(0x7f0000000000)={0x0}) write$cgroup_subtree(r1, &(0x7f0000000340)=ANY=[@ANYRES8=r0], 0x6) (async) write$cgroup_subtree(r1, &(0x7f0000000340)=ANY=[@ANYRES8=r0], 0x6) read(r1, &(0x7f0000000000)=""/36, 0x24) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) (async) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0) (async) mmap(&(0x7f0000496000/0x2000)=nil, 0x2000, 0x0, 0x12, r4, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d5000/0x3000)=nil, 0x3000, 0x0, 0x13, r5, 0x3000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f00005d4000/0x2000)=nil, 0x2000, 0x1000000, 0x12, r3, 0x80000000) (async) mmap(&(0x7f00005d4000/0x2000)=nil, 0x2000, 0x1000000, 0x12, r3, 0x80000000) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) (async) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$VT_GETMODE(r6, 0x5601, &(0x7f00000000c0)) (async) ioctl$VT_GETMODE(r6, 0x5601, &(0x7f00000000c0)) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r7, 0x0) mmap(&(0x7f0000692000/0x1000)=nil, 0x1000, 0x0, 0x12, r6, 0x0) (async) mmap(&(0x7f0000692000/0x1000)=nil, 0x1000, 0x0, 0x12, r6, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.idle_time\x00', 0x275a, 0x0) ioctl$FS_IOC_RESVSP(r8, 0x40305829, &(0x7f0000000540)={0x1100, 0x0, 0x52, 0x10000}) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000) 8m6.739631932s ago: executing program 6 (id=8308): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802) write(r3, 0x0, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$BLKPG(r4, 0x1269, &(0x7f00000000c0)={0x0, 0x0, 0x98, &(0x7f0000000000)={0x0, 0xd, 0x10}}) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r6 = dup(r5) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000008000094000040"]) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 8m6.318719961s ago: executing program 6 (id=8315): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b3a, 0x2) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000080)=0x2) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TIOCSSOFTCAR(r1, 0x5453, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x3f1080, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x14, 0x810, 0xffffffffffffffff, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, &(0x7f0000000440)) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000b00)=ANY=[], 0x10) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000280)=0x10) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r5, 0x401054d5, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x15, 0x0, 0x1, 0xfffffffd}, {0x1d, 0x0, 0x0, 0x58}, {0x6}]}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f0000000380)=""/150, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x1, 0x0, 0x0, &(0x7f00000000c0)=""/87, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000680)) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r6, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x3f}) ioctl$UI_SET_FFBIT(r6, 0x4004556b, 0x51) ioctl$UI_DEV_CREATE(r6, 0x5501) r7 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0) ioctl$EVIOCSFF(r7, 0x40304580, &(0x7f00000000c0)={0x51, 0x8009, 0xd, {0x2, 0x2}, {0x6, 0x8}, @cond=[{0xeeb, 0x405, 0x4, 0x3, 0x8, 0x2}, {0x2, 0x5, 0x5, 0x6, 0x6, 0x3b7e}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f0000000000)=0x20000) ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000340)={0x0, 0x1, 0x0, 0x0, 0x0, 0x200000000000000}) 8m6.078848498s ago: executing program 6 (id=8317): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8541) read(r1, &(0x7f00000000c0)=""/50, 0x32) ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0xabd7, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000080)={0x0}) close(0x3) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000) ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000080)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r3, 0x40086409, &(0x7f00000002c0)={r6}) lseek(r3, 0x0, 0x0) write$sndseq(r3, &(0x7f00000001c0)=[{0x71, 0xff, 0x80, 0xff, @time={0x8001, 0x6}, {0x1, 0xff}, {0x2, 0x5}, @raw32={[0x101, 0x9, 0x2]}}, {0xc3, 0x8, 0x1, 0xff, @time={0x400, 0x40}, {0x8, 0x9}, {0x9, 0x9}, @note={0x40, 0x5, 0x4, 0xfa}}, {0xc0, 0x1, 0x7, 0x9, @tick=0x2, {0x5, 0x10}, {0x6, 0x1}, @control={0x4, 0x3ff, 0x9}}, {0x2, 0x10, 0x3, 0x9, @tick=0x6, {0x1, 0x5}, {0x6, 0x3}, @quote={{0x7f, 0xfc}, 0x7, &(0x7f0000000000)={0x0, 0x5, 0x0, 0xfc, @time={0x1d, 0xe}, {0x6, 0x1}, {0x1, 0x6e}, @control={0xf8, 0xd40, 0x7ff}}}}, {0x4, 0xe, 0xe9, 0xfb, @tick=0xffffffff, {0x27, 0x3}, {0x2, 0xcd}, @raw32={[0x8, 0x8, 0x1]}}, {0xcd, 0x2, 0x2, 0x4, @time={0x7, 0x4}, {0xb, 0xdc}, {0x0, 0x6}, @raw8={"0f072c7e25a86d0c75b096f6"}}, {0x9, 0x7, 0xe, 0x7, @time={0x8, 0x80}, {0x6, 0xa}, {0x8, 0xef}, @time=@tick=0x3ff}, {0x4, 0xfc, 0x4, 0x1, @tick, {0x42, 0x8}, {0xc0, 0x3}, @control={0x3, 0x5, 0x8}}], 0xe0) mmap(&(0x7f0000f32000/0x3000)=nil, 0x3000, 0x1000006, 0x12, r0, 0x0) mmap(&(0x7f000050f000/0x2000)=nil, 0x2000, 0x5, 0x30, r1, 0xfd6a5000) 7m51.004581965s ago: executing program 36 (id=8317): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8541) read(r1, &(0x7f00000000c0)=""/50, 0x32) ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = syz_open_dev$dri(&(0x7f0000000000), 0xabd7, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r4, 0xc01864c6, &(0x7f0000000080)={0x0}) close(0x3) r5 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x109000) ioctl$DRM_IOCTL_GEM_OPEN(r5, 0xc010640b, &(0x7f0000000080)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r3, 0x40086409, &(0x7f00000002c0)={r6}) lseek(r3, 0x0, 0x0) write$sndseq(r3, &(0x7f00000001c0)=[{0x71, 0xff, 0x80, 0xff, @time={0x8001, 0x6}, {0x1, 0xff}, {0x2, 0x5}, @raw32={[0x101, 0x9, 0x2]}}, {0xc3, 0x8, 0x1, 0xff, @time={0x400, 0x40}, {0x8, 0x9}, {0x9, 0x9}, @note={0x40, 0x5, 0x4, 0xfa}}, {0xc0, 0x1, 0x7, 0x9, @tick=0x2, {0x5, 0x10}, {0x6, 0x1}, @control={0x4, 0x3ff, 0x9}}, {0x2, 0x10, 0x3, 0x9, @tick=0x6, {0x1, 0x5}, {0x6, 0x3}, @quote={{0x7f, 0xfc}, 0x7, &(0x7f0000000000)={0x0, 0x5, 0x0, 0xfc, @time={0x1d, 0xe}, {0x6, 0x1}, {0x1, 0x6e}, @control={0xf8, 0xd40, 0x7ff}}}}, {0x4, 0xe, 0xe9, 0xfb, @tick=0xffffffff, {0x27, 0x3}, {0x2, 0xcd}, @raw32={[0x8, 0x8, 0x1]}}, {0xcd, 0x2, 0x2, 0x4, @time={0x7, 0x4}, {0xb, 0xdc}, {0x0, 0x6}, @raw8={"0f072c7e25a86d0c75b096f6"}}, {0x9, 0x7, 0xe, 0x7, @time={0x8, 0x80}, {0x6, 0xa}, {0x8, 0xef}, @time=@tick=0x3ff}, {0x4, 0xfc, 0x4, 0x1, @tick, {0x42, 0x8}, {0xc0, 0x3}, @control={0x3, 0x5, 0x8}}], 0xe0) mmap(&(0x7f0000f32000/0x3000)=nil, 0x3000, 0x1000006, 0x12, r0, 0x0) mmap(&(0x7f000050f000/0x2000)=nil, 0x2000, 0x5, 0x30, r1, 0xfd6a5000) 3m11.125715693s ago: executing program 0 (id=10537): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = dup(r0) ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000480)=ANY=[@ANYBLOB="73000000000000008b"]) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f00000002c0)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x0, 0x0, {"402c9e3f4881400de52a28ea030e9999"}}}}, 0xa0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xcc) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) dup(0xffffffffffffffff) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r6, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x80000004}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6}) read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x628480) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async) dup(r0) (async) ioctl$KVM_SET_MSRS(r1, 0xc008ae88, &(0x7f0000000480)=ANY=[@ANYBLOB="73000000000000008b"]) (async) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) (async) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f00000002c0)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x30, 0x1, @ib={0x1b, 0x0, 0x0, {"402c9e3f4881400de52a28ea030e9999"}}}}, 0xa0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000008c0), 0x0, 0x0) (async) ioctl$KVM_CHECK_EXTENSION(r3, 0xae03, 0xcc) (async) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) dup(0xffffffffffffffff) (async) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) (async) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc}) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) (async) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r6, 0x0, 0x97, 0x8000000}) (async) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r6, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x80000004}) (async) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r6}) (async) read(r4, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x628480) (async) 3m10.749726073s ago: executing program 0 (id=10540): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000002480), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r2, 0x40044146, 0x0) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x3, 0x1, 0x1, 0x0, 0x2, 0x5, 0x0, 0x9, 0x800000002, 0x0, 0x2, 0x6], 0x2000, 0x98302}) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r6, 0x7dfff000) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 3m10.631236536s ago: executing program 0 (id=10542): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 3m10.377756887s ago: executing program 0 (id=10543): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r0, 0x0, 0xb0) write$proc_mixer(r0, 0x0, 0xf7) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r4, 0x4048aecb, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000000000000020000000000000000000000050000000000000000000000000000000000000000000000000000004ce526320500000000000000dd0c00000200000000000100000000000000000000000000000000c000000000040000000000000000000000010000000000000000000000dd0d00000003000000060000000c000000000000000a000000fe070000000000000000000000000000000000005d1b000006000000010000000700000005000000f9ffffff00"/208]) write$proc_mixer(r0, &(0x7f0000000500)=[{'DIGITAL2', @val={' \'', 'CD Capture Switch'}}, {'PCM', @void}, {'MONITOR', @val={' \'', 'Line Capture'}}, {'DIGITAL2', @val={' \'', 'Line'}}, {'VOLUME', @void}, {'MIC', @void}], 0x92) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) 3m9.918011859s ago: executing program 0 (id=10545): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r2, 0x6f000) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_GET_DIRTY_LOG(r4, 0x4010ae42, &(0x7f0000000100)={0x10200, 0x0, &(0x7f00001f9000/0x4000)=nil}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x74, 0x0, 0x0, 0x1}, {0x6}]}) dup(0xffffffffffffffff) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_COPY(r6, 0x3b83, &(0x7f00000003c0)={0x28, 0x7, 0x0, 0x0, 0x7, 0x3, 0x2}) ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r5, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r7, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r5, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r7, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) r8 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r8, 0x3b82, &(0x7f0000000180)={0x18, 0x0, 0x0, 0x4000, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r5, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r7}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 3m8.915864541s ago: executing program 0 (id=10553): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000340)={@host}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f00000003c0)={0x0, 0x1}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) 2m53.810159077s ago: executing program 37 (id=10553): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000002c0)=0xa0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000100)={@my=0x1}) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000340)={@host}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r0, 0x7b1, &(0x7f00000003c0)={0x0, 0x1}) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000) 4.095305821s ago: executing program 7 (id=11929): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) ioctl$TIOCL_SCROLLCONSOLE(r2, 0x541c, &(0x7f0000000000)) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f0000001180)=0x40) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 3.833583399s ago: executing program 7 (id=11932): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0205649, &(0x7f0000000100)={0xf010000}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_PRE_FAULT_MEMORY(r6, 0xc040aed5, &(0x7f0000000480)={0x0, 0x8000}) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000500)=ANY=[@ANYBLOB="0100000000000000"]) r7 = syz_open_dev$video4linux(&(0x7f0000001880), 0x5, 0x800) ioctl$VIDIOC_SUBDEV_G_EDID(r7, 0xc0285628, &(0x7f0000001900)={0x0, 0x0, 0x6, '\x00', 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x2ac400, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r8, 0x7dfff000) 3.557504585s ago: executing program 7 (id=11934): r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = syz_open_dev$video(&(0x7f0000000000), 0x0, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000000c0)={0x2, @raw_data="a374afea5daf2b8b584232345f30b8b8cfe14cb75f94a80d7afaca6df69d1fcfc1b9a7cadad1b62ecf7f74f64a623350c637bcc0214381118e692a69c3a8d1053c1fce6098c8927711f2faee5dc306aeab17c51fa73b786e62278fc82d3854f0e4035ca9cc708de67935343945e147762a79d8cfa741406e59a00e6e2c3cdfe2786455ee6c5654b677224d4efc1f1fb6034b18718456868d91e98a7e9b250c82e370e4dcae10176fda9a1f89559bb4f9aa1e480490f65704e7283829c380a6826f9501da00"}) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000200)={0x1, 0x100}) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) 3.075307064s ago: executing program 7 (id=11936): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040), 0x4, 0x60400) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000080)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(r1, 0x5000943f, &(0x7f0000000280)={{r2}, r5, 0x1c, @unused=[0x3, 0x9, 0x3, 0x6], @devid}) r6 = openat$rnullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r6, 0x82307201, &(0x7f00000012c0)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r7 = syz_open_dev$swradio(&(0x7f0000001580), 0x0, 0x2) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r7, 0xc034564b, &(0x7f00000015c0)={0x7f, 0x34343459, 0x2, 0x5, 0x1, @stepwise={{0x7, 0x4ec}, {0x843, 0xff}, {0xfffff5e4, 0x4}}}) r8 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001600), 0x40000) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r8, 0x40a85323, &(0x7f0000001640)={{0xff, 0x1}, 'port0\x00', 0x4e, 0x8, 0xe9c, 0x80, 0xbb, 0x7, 0x56, 0x0, 0x1, 0xc}) ioctl$BTRFS_IOC_TREE_SEARCH(r7, 0xd0009411, &(0x7f0000001700)={{r3, 0x1, 0x5, 0x3ff, 0x1, 0x9, 0x0, 0x9, 0x5, 0x7, 0x7, 0x9, 0x6, 0x5, 0x565}}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r2, 0xd000943e, &(0x7f0000002700)={r4, r9, "30f616cd07d160f6ec2c9bdf735e080a4416a382629aecc18a8151c5b1cfba9edd2b9c6deed2580366e421810e2c66f890470743e5e9de33a914e2bd22f47fb4cb4609719aba4e49d1d3f539f34ac0d3cd9df7991c1699bd06901f4ae96fa350aae6d5d368833021b91c839b1b219267a37cd2f0a98c334b1435928a19622be682c2869940db8e275f9d7bacd52bc0dffb1d9858080156e4d763321e58edc0ea22d7f66a7a1ff1b7c59103315f0b6feeec1c5f51748420381a95cf5a0d7db9887d224c31db06bf2af7fb5fd777ce25c204cf741546b92651342666c299658f03ab28e2630af7724840c027003250faebf4554d38394cfc03fc7b7f7fa612601a", "c4769cb645bbd4f9e1c2c2e87448ce0b559ec3524c29f9e4d6199f09e17ad6c1dfd87921f0d81796ad53fcced40426e92e987b5b024ac683af0f25ae62bdc14d7d53d10e4eeeb16cba01e7c3bf9a314a1d330b9303598d978c4722992092155117852086f10652bc28df072c90202d3fc3314feb2233e02b79770cf8452e00516866df43b37c69df2d6a2958d6bc74f079adba194ef99554311e422608c24b490c8836e24a3c4658a2a954c6eb138cf393568f886399f8ff526b5b051eca28dd55a3600bc289a2a95016b844c9046d335d1c2b089f0670ea83f0be1f01722ebc9fd1cc966a1f75d789e886c6e15bf3c87ddca225e8d205c48c283355e3aa96d137c48c7272b2bc2ba07bf4e568fd210b87be3d7bcd266270f634e9032d2603a23ea9d966656e9efd0482f409632f6489e513f69cb57d6c8b4e17072a2980e8c1d88ef9af8dcad5defb27938601439996914af4ff6a94a0678f637dfbf4b5b0ff52ef93017f2ff56c0bea4f2cde363597b3b272e2107357186ef79aa509bbbd9a2e958a525106546239a5de04898c364437524412edc75f270222eadd231dc6e68a33fb04eb22efce477bdf16f4a6b9e5662221f4e9da5c9041124ca571d2e8605c1787b042801c941a73fec2a89b9c1887e2d6ab1ff81b2dc3b2419fc78c8a067438ab52673c821cbfafb09e1a1f0a86c5a128b16ecd51942f76a871e8b8525e429dcd5aeb79d5362398982142ff09e845bbe5c48d078117391d347d628a4952e78e7e6873c9853ae8c559ac08fd9b18e9f8d02b9a8bd461976911f8b48c12c794dd863edc75a46dbd9f11f31e7fce20fb258bfcab094a54850e87ad0ed3b25d0c2d013aba3e8e812a524bf144c2c0069d1642e02b7914cb86abf431a7b4f715702dd363bb2809056b6ac56eaa2fa5eb33aaf08d9d178a04725f5440c24bdab397096093019e331928e9e5a9775568e41996c6ff5d78ba7b156a15ffa90af7d16b86a812fb3c978470493edcc59f12ab92ac02a9e422ab960c276c43f1a8ed047f6726892888d74997ec0b185b3c7c04b42e52f94bfd91b33b02d6b9606668160efc8472eeb426f43d843d948575ace6b4d12531f3e47827a27f9db7eb6add5f8ba6c6a74d30b0d22df261fe81d0bea66f12971d6ee3b3092aa7e45b1e36ba3aeab68e3a4a10635d4a1d2ff254a8548fa436036e10e13a3196f1f4f59eb55105e58798fdaf6735ead07af4efaa30df3a1c4aa8cf601daf84b5135679184765ffaf777ca74ec976184e7ab457600b3edd2966c988e028b3581c7395efee92f17e7a2c597e5873f6862b05e655845be16bfd8c08ca27a106c37ca5e5da5f2854bad4ad97462f52e5c5656597f336dea1ab83dd68b9865254057c0aef4898833940411cff54b03985e53bea2bf5d028ec2457c47a135187afd96b81ca2e3522220737b0323e1c3acbd92f1b18ca601a4bcf3830f06d4d4a4468078929ae676dd609fe3c8268b11079939ba0424552878365426252e59f695d74846e91298a0cd632df1a65ff5af10072b8db45fe7a29bc7fdc1267fc089ca593d4f38e18aba606972c7191efe7e6185ec92f1236f4a89e97c1ca4b2504317e6e0705f7567af482c7c99ab31c98e65798490fbf5e76b35f4ef77fa21733222b0e815f7269e373d3d2bbafa5a6fe849571f72e67b36ebdb3eca306290487a2c87b95b3b2f52936b9ee98ffc6c209b5223015c897299c202ef1d1168dc2bf431e6b705a963fa82ef312d8564123e28f57c070427899773d6e6cea32aa9c6c3a3df7448f2bee40aadb842db7577bb185a1d7c3512b41849d063b9dfeaf90b6d6b6e143441ac1d458ebb755e142ebaae5cfb4b14566ef4d791968b500e5668a5da785bb07e334ee3f8c02cd68ec7a6e77b3f5609087ed6507108a613214b0fceba43b758e95a665e33fca7b608555b02f90e2171187138e588dbb6952a384d3600dbadd66e6fea1d207293d88719955b503ac6169037926389bf1da60b821ff4bef813f2d6bde9431ee490586baed289680752bb052c61238037709be1db68838b62c62eb230569c0c298733c03d86cbc8c98f589a35c250871d63941ce27dfb83ad8436b41af71021fde694dbedb8c365b6ce625b2f74ae60b1c78a2df214b95e774340531672c68bbe99943b0020f62c069fc2be5af4a2215d91135827f1db8481d7da82b8a6ad958dae93544dee39b9b1c46db3751a076036e95be9bc83efeeb4bbfa08dfe7287b95b85b45595a01043e270e7fcb35cdb63e3c6477b3d021e511e762abebd0f870f483a937030ebc8c5d3568d59f5c0b1b278fa6cced3a0f597986c41c0ef8164618bf7ebbb54954df4a95a1fac388624384a8c906e1102b32a871af2928e85fd6b7a0c3f601212ffbea85d852ce50750b0ca5c6c82c389cd2a5468bac8fd6d18cf30e99aad059ca0977f5b752218ad07578463be610809eb2b939dede01d50a7d03a71ec5d660d375083e803c9b863d150175d0b65f2fdb744dccc598e966b1eb8c7cc1e48dda6e107dea29cb9a024e0545fefc34838a5d7de551dae200ee50310aed8d7f88c3440e85de614d2c8ab98cb29f176f7042202070c76dc1adf7f9488dcc5d6e27d5896bf5b8d373a053be1f4a48d2f51c1d0de0788729bd53d5e375f919b1ec32dc2a3f61470a26c435a15c3ac46ea242706a2a90817714f2e4dab68085a3d5778b86faa49ddd3300e689bcc178cdd5246b23cd2afb03e539a78132605b2780bdd88b6a88b18a1e0f7969688ccad20f05cfdb73b3336f32b91c9471b2c2be2c233f21aaf4166f0ce5756fbd438838c1f8166aa5b74e54174c3eab531950dd558b7be0d978cfda1660756eb99ab9a290e5db1fdb990b053e25ee9521a559d18f98d897d2d708d1e1fa0ce6e96c285e9d4d0165c0e69cac5a22360e779c89bf39cb5f53170d4dfc00b451756da49f0a6ffd8456f192cc927c443cacb773477af51843a7d6eed3128d465c68ab1017ea4f82e133f0af461bf9f676ef7ca8de83e326024914703b3584a1f5f741170c61e9de0e50bc173bd9c2cd71cb3f0ace28ac907c3a2bef0e44fc2f0a5511afdc7f5069677a3bb69e96bd1a39522f652cce273f256f51f4396adf2b075dcf6ed4c2eb50dfbd9d41fb5d65fef7fa5dec3601e50dc25c28a92c190e9eb427cc01698fab5622889b21c8326df50bbb786cc243ee1b5ce5a53b694927afae72300bd257be65a6be895b27f8f30ec04c166a5eafa3b215d70a51615dd39eaae9a1d77c220db835ab3d2952b561c8db99e9e7f5c33ef7171addc69dfeddd4f2ab86cdc87fdfba6a120c50ec1bfde5cede7914b364e0d0d0f96f2013093e027141be2d440dda24e3b7f5a3b46c0be3f837f517d1fc7829e101a1ead901b60c447c356b9513077d73803e765b2d46630237022ea48bfaad220ce69a7888f65d86fe7dde122d98feb09caaf34cdfe2e42842d2ddfd3aa735e2c37ff48a124710d8489c784821da443d05d7e92df6bea50e8d56d920b105b78b0f1ee45c1221ab905425225ae8445577ececba20410be3797aa851a54f0726dd2d3d390efb43448eb88cf13a9778494f1a10904f4e82df30d0e28b23530586e101373ad545f87c6828d8e14c6db5739d899a3dc0a416e0331cac648598453cd9e0af53885f9ad72898ed7210c7bb5551bcd22c2ab53b0c8055b4d79b1dfb4bab338adc2b027c6354887922b7444abbf0ac826a25513f1c97a2f7180ec396a2bcc68f0e85a66618dad1941d767f39899fb1e84e872323ec0abc18bf1acede66c09a8d7c626bd197d87fdba13904897f04139fa32ce4cd22fa3e71b5591735dca6978b8e05da163f4cc362fac84cbd9869e372b6008408bdf044f17afc3b47ec8d4186031ea298b4ac4f94634b1a8f041837265abe2eef9366df5ef34b0778c08fa3cbeb0f1c7016388b1a84d105b86ea118e3cbcfcc157c96be2da9bf51c69da8a11e4a0b1e798a2cf04fc75e1eb3e5448e5332984b34f066c6150ee3216b77dfc632b646df32cb07ff2e15e430fe77c575127785f6549692a0f5afb60ee3083af6f83b754264e98eb061972f4983a20a248eb2c52e013cbf7ae2d7d26b065092fb0df3c7f8efda06397a633a0c8bcc5de9ffe1b3f76f41b2b4c999d0b57650946d78863d650826879189d12eea894878dceb79885041907651849f0619e55a786333b2bc5af74e74b85bb5b3233c29949c4b4ffa11be1e7731eb44e73066aeaa0bce4bb7b6804d3a35b0868e03b8cb6cbbb7d1305515aaebae7e38ff35c7a110fec19ed3b47c6691e4ad7110e3f6296d3a9718baf20098691b6917bf783bab22110d7dee16dcfdc5332675cb899603a3808a4c40c9c3780783c9708853c64ef45372bf54c9e6d5549bf86fe73776e364cc80530752b2ac45b050c354eb67cba4f2ae1162c93ae34f1f9230373e4832225b973789f81195ba714b84fa34d074b3416f53f8cdaa7965885c3f3597ee93ea2d28de97dee912f6a29e000b8f3955ad0d3d88414ece97da9026ea619c0ac80d7699933b7861988c4c6914ff2a36247c03b9167bf4c3a618ef844be340d5d6070add6903eb678ee16bc05a8959d5e8f0239ac0e6502a98f01b5f61c420b9f660825a556eeb929b0942e4cb556c6a7955fa381a3d01fcee1ac74fa74d78b4cbc4b0a1fe83a0e766a50399f69856c09cc0f8c8ace2d1315d6bcc1621547d10958ea4c71df1e6c4dd32b6ae22a1136623452993a8eed97e6fc7abe7148b1767ee861abe30de445d5da4b38f33676ff8069730a78f7f7768fb27503521c90d4a08e488be7ded7845d1917cb951920dcbf0d340a59255f3824e860a48a9a3ae1a14f31673f79f3dce014f7a973f50911fbe6a1ce37fadcaa9f11214b88230fa070edabf74c37e95d55138d04fecf954a445cf05a20ee59051f048ede3886e82cc30490ab67e447d3173110bb766b6e9a168c104fe9561f3b56dc85bdf0a67051633d2f0154eb855a1ed4db9a530273a715e63e91897ba77022a2c832413b5dea4d3564163b07a8ea2734faf6655c122c32d2ef8635e597aef5c2ef0c95d29c48065390c38b2cea0efa89f57110d61cb2bbaa15ce08ec47233ff02f34d3c2659ded2ef0d0ac40df4846a1e35e4d64a42b878ed57a981e54abaff32522490275d9965413e496271801fd2169077f4a9f4b87c19f1f69c84ca660b14c7e274db28017f716d8ce66c197b99c25f8ac0fd69fd0e7875c5d8b18603129d37da8e66d784747aea7fead26076efa172d81d6d98c5abf188d0e78cb9892460db00871b3186d6a1564d3c06f7361c719472ddcd3ef77f71b85ebf4beef696fb6d3aecfea58d8b95f9e396744b16bc10665bea89a06ac3311078569d86ed7c8d74a416c"}) r10 = dup(r6) openat$kvm(0xffffffffffffff9c, &(0x7f0000003700), 0x600000, 0x0) ioctl$I2C_SMBUS(r10, 0x720, &(0x7f0000003780)={0x1, 0x7f, 0x2, &(0x7f0000003740)={0x1e, "ba25f6a671d4d41f7bea29880d334dd172747c60ae2af315ded324f0f1e7d298f4"}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f00000037c0)={0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_SET_VERSION(r10, 0xc0106407, &(0x7f0000003c00)={0x2, 0x1, 0x1, 0xf39c}) r11 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000003c40), 0x0, 0x0) ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000003c80)={0xf0c, 0xb, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) ioctl$VIDIOC_STREAMON(r10, 0x40045612, &(0x7f000001a5c0)=0xd258) ioctl$VIDIOC_STREAMON(r10, 0x40045612, &(0x7f000001a600)=0x84b) r12 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x80, 0x0) ioctl$VIDIOC_G_MODULATOR(r12, 0xc0445636, &(0x7f000001a680)={0x5, "be5347602c61f5a6094e4a94100504ec3c196f2cfc6ca6e0bcb2361f10431c4b", 0x860, 0x6, 0x3, 0x10, 0x4}) ioctl$FICLONERANGE(r11, 0x4020940d, &(0x7f000001a700)={{r7}, 0x0, 0x4, 0x7}) ioctl$VIDIOC_ENUM_DV_TIMINGS(r12, 0xc0945662, &(0x7f000001a740)={0x2, 0x0, '\x00', {0x0, @reserved}}) ioctl$BLKZEROOUT(r10, 0x127f, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f000001a840), 0x2, 0x0) 3.046030407s ago: executing program 2 (id=11937): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x3, 0x0) 2.652812921s ago: executing program 9 (id=11939): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) dup(0xffffffffffffffff) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) write$6lowpan_control(r4, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r5, 0x4068aea3, &(0x7f0000000140)={0xa4, 0x0, 0x1}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000}) ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 2.548764335s ago: executing program 9 (id=11940): r0 = syz_open_dev$audion(&(0x7f00000001c0), 0x1ff, 0xa0202) ioctl$SNDCTL_DSP_SETDUPLEX(r0, 0x5016, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x201, 0x0) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/softlockup_count', 0x0, 0x0) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180)) preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000600)=""/61, 0x3d}, {&(0x7f0000000300)=""/56, 0xfffffd29}, {&(0x7f0000000640)=""/67, 0x40}, {&(0x7f0000000380)=""/223, 0xdf}, {&(0x7f00000006c0)=""/202, 0xbf}], 0x5, 0x2, 0x5) r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000200), 0x100002, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, &(0x7f0000000240)={0x1, 0x80}, 0x2) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x0, {0x7}, {0x2}, @rumble={0x4000}}, {0x0, 0x0, 0x0, {}, {}, @rumble}}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1}) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000140)) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000000)={0x6000, 0x2000, 0x1}) ioctl$KVM_RUN(r6, 0xae80, 0x0) r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/resume', 0x5c942, 0x86) r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r8, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) r9 = syz_open_dev$video(&(0x7f0000000200), 0x81, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r9, 0xc0905664, &(0x7f0000000240)={0x0, 0x0, '\x00', @bt={0x0, 0x2, 0x0, 0x0, 0x100, 0x3ff}}) ioctl$vim2m_VIDIOC_STREAMOFF(r8, 0x40045612, &(0x7f0000000240)=0x1) ioctl$vim2m_VIDIOC_ENUM_FMT(r8, 0xc0405602, &(0x7f00000001c0)={0x8, 0x1, 0x0, "eee906000000d734fc70157dcb4f1891e20000000200003b00"}) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) ioctl$TUNGETVNETLE(r7, 0x800454dd, &(0x7f0000000140)) 2.461766276s ago: executing program 2 (id=11941): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0xee01, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) r5 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r6 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x80001, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r6, 0xc004500a, &(0x7f0000000000)) ioctl$SNDCTL_DSP_SPEED(r6, 0xc0045002, &(0x7f00000000c0)) ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000200)=0xc) ioctl$SNDCTL_DSP_SETFMT(r6, 0xc0045005, &(0x7f0000000640)=0x10) ioctl$RTC_WKALM_SET(r5, 0x40187013, &(0x7f0000000080)={0x1}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) ioctl$RTC_SET_TIME(r7, 0x4024700a, &(0x7f00000001c0)={0x33, 0x16, 0x8, 0xd, 0xa, 0xfffffffa, 0x0, 0x1c}) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 2.455480254s ago: executing program 7 (id=11942): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) r1 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0x80041285, 0xffffffffffffffff) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000000c0)={0x1, 0x0, [{0x400000f3}]}) (async) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 2.03137891s ago: executing program 7 (id=11945): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f0000000380)={0x8, {"30b020cfad9cca53c519d14d77ab4ecd77bd938b7c6c13ef74475d916c307dcf67515352dc4b2c558237dd2ece417600db69e3ab92a035030c79621f84d29ce1004256e59036529561f76d42bca2f085523705f6f9c3fd613a4a2d9b5eb4f37ac304a4eaefe1e92ca5900f129526d0797be97df0eed31eb6f7fcfe63a7b62e82599111ff844f9a9d7d70f7e98c018932e29622018c6be9f9da5c1bcae5421bd8268f3f88ffcf4696636c36deeaa1030cce95cdfdc0ce3a5f84f6d6090f4f33ce8bd3b542cbb9f7b41e1be8873c52b4dc4a4c82268a0368c276b7930c21bc3b14aef0e7ba1bf12967b96280786de53b0cbd0ac3081926ab552752fea0e8af1bcd542e2b0fe59cfe4d6b03e2aced084cc0652260c3503eabe676b9920013a15959d83785f0572c6294acf0315e845ab83ee167d5f68dbe8249fde00a6c57e136b0bf9478556b3c569eda40381d559cda6bce1f9e8b90daf5fda3a3ae3021dda4578ff695e26e47a436e689235199a56415b858789f757960c6fc5e91144fa0342cf1db2d7aca41e37cfe0eb27f1dcfb8a2ce05c1e6f2bfc9630176f4bfb921d3c7e45134902dba0e5452f3bb4f44b35455b47dbffd9aae76b2537a6cd6042b8759d11a0f152718ae6bb8c3cabf622a057e18dfc79d529751c6c26ce209525a229b656571dcb596b2b2be82b86ab5bd585ccf84cba97d27a5be1cccd23b9a806961fe01166b7bd27e89a8d95e1c6f2b10577b708c29ebf077202a3f6f02dac8635fbb19e05defc34aed4a195a4e987fab2314c0aed2a1b373a2c66509d4569bd9a49042626cd8f259f229ac24c7e9b89db806c8db0fa8b082248e1be3f93d032e0a1beeee4c275a2eba1675f126dc6fab1b142281124f8136197e431b90821675cb660baa54eba1cee3feda8d5f56c6a11096d486bf1aff44f0f5602e3651b9b1b9e524eb521d45542b5a6fb8b061a9a625ffea482d532a1c499f808f1a03372e185a5868afdf83db1b43628d01fcd5a402434f0bfee945cea568b626717591ac5f0f2ade4bedec35ce36ba556e0bdb8c04318767fd489e8f8d0ed94d9eadd1957fec0e0ccb79c4be082a53abbddd9d8c38f7cbffd639b632037f7fe26d6ca2fa9b2a30b257e2e2a5953b12c6ab558ea4adac3d406b605785c1a4dd267b0ad3945a13fb7bcac3cb1b2c0447dd76b991a896ae544b7b9384488045274d0d760486f2e632d8c1aca6feee2771c7d10289c3932d7bb23e8bd241a573a97504c736c883539913d93fb115e209b0a19fea3a5556333c0238126debccc30846e4418c7661a40e29f1fb719e1f312d7e83d32b257fd883b07b2c1242f8ce09a0da8d0500361b95ccb675f86102d3c2d128bf674de670d2f8dd283f49d77ad477dca2310195dd70c9d53fcdc1cdb41a3643402d347a64d110d10ab64f37442a790f90dfa37156661794b856f3e280ca289152022649fcac0ca77aef7712839729b0e864f75e5206e126efe821eac64a3e45987120127af1ce04ef33a868021e1c1905772a0a131d1af602130a43445d48db39633063dedfa5f8f1698937f9d78378f623f2a798c5c0c64e110ef159a444bc38875b0162735bc3b223c7282d9674a29965e97fad0ed9a102d5bf8bbecef80e847359dd43026cb58cb254dc471284f73bc3dfe59995a8db2b6c601478e8d02f9cdf457d29801ed1a27e952d3a1427bc870136416ec6d0d7d65bcc596dc02f7c4a392115599da81c37ab11df45ee53543f3433b3f21b27e47ff72247b10734cea24442986a6430e3d584bdb72de25187fdf1e6199f4f232d165fe2aaa6fddbdbb93604a25b9e946abfd4a0936210e42cc9801a80a2655ceb2a560bba75119926858c673aad5e05ca6bbd8d89a1edbbb4d645d0303c593cbbf12501df22578d27f4927c5b917b1b629592a0181d91fcf5accee31d72ebaa1ebcb072b48aa4946016835be973979bf97c81148e703c12b05f3222863215cb3ea558b9033af442c9303e1395bcee793af987966469e44a03e219cd6dd8becc2f80a7de582325893e88e45a8e3ae4113c5f73eda53cc6f5473422d12caf0242ca78a16cbc9f02e529454b9563bd20055baa17004003e2c5f7b212bc74ae6c76e7cd4d8d1b90e78e3d8f948b67eff5533a516ac3e650f8ec755b19a5e7a693562c5474a3efe5ac6624b32371bf9d4fcb503f5857b1b446d769e1ba6c20372854096320d674563439a49416678a539b43842b742d858eeded3b58872244ab763444972d8b42a4d730fce20ac035014c2a4772405c460a9c671d069703d3c1a810d3b9887421e246224ef7d318dfc97e92240e34c2f54bb3547dc50ee1aef054be8be29e6cdbd8af81aa2180449d77001aba724ec0bb21570d48415b4827b3d6e47b4d03cbdac1b1c08367127dab4c7db7be990aded830a79e7f617b8bf353faab604e6d65464a80822ece8f24349f0bc5f4ed40c99a5313a47f8f2fca437196c107306aa3bf0ffbf1496a0cf000771a220399212ad52d14dfca016e7a24fd98d07ea6b27e3ccf21288954a096cf67c565f8abeaa2dd030d69ed25ea64df856d27a1ab0cb1c571e4c321a202cfc5bddf448cb474001c63a98878d8c7c959a67a7fc27c4ebcdf8dc2bb907f9a1f8ca9dc5a09c955e4b825f55f2eeec9235f84257a40a754eb0343e57721540b395e715513cfa7591bd632c772ecce1153bb45256abd7a1aee3706e4d9da092c498e0cf51e29496f280dc8936457eff2b081f7b4bc0be0732de213af7f01dabeb6d9a2ce38790dee1be96cbea66c524a2ff097f79c746e0bbe697cc507b402bd65fe8beff428e163fbd6835c30e260f11556496a4a6a4ca744048e95ddd5bea2c58631ebd0ba8fc7ce0da459ffd3633879c8be434aa2ab787a4efab65268af5cfcb4080ed430f29357ba02c5695cac25cd46d1a98fde9a18a641dfe937ae38bb4d21ff8ac8d2b9ac4cb4a836db76345e777d3234c712da418f9003f1e6170c632eb94ef9b4d12c3f340dd8793816a92581c620ff08af7e6c44ca658b1913525f88c0af5075ba99ff069f491a4e58dbc02b7187c65e76f07ecd710b6b6b0602359ca75688aa9631a89f7c24f42032612c71f404403ab656d4b2cce5f9904661af27b2ce22fc2e4c3cba377e7bcc8698de917882b3a1f102820ffe2f8f0c9e406a2af96f291baba831010a1cd142cdc3e36b5553497ad6c74d3ed48504065262a58f8d576425bcb80d62665b9bdd1e3006c9785d15661ebd5ba290be64dc66e6e0e4c6467602e3ac8a50abf59936b4e33b4f4faeb46f229e57daa13b85f337ecd05a6c52969e7d1f63b2f9558469c6de02febfb8c192f93c5d6b5cb099804682245fee98543860340417bda5e2bce88686872c521f785a83ab7c042e01038cb640f4e98b85f8b499204947d7ce783ffdb63f0d2ed7f221c64bc477830d3cf15baa86e951cb5313ebf19a301a93e344cecc8f4221d54a26e4ee882c3fdf85a0cc80b91ad05f4a030b3b8dd7c245287e0f850facd74862a383373ffd1df69c2191d23d03ce9582494b1d5841c6a27bdbaf93256f1ed9e696c5966807eff6ab4cf90c72784b7273c346ef5b0668e95cf64413278642136f0630e6ef7615da9cb8dce7e06c46958f740cd9440e4e65d12fb016d17bbde3ea70ee6af3cc70fd4e3971483ada3fa3dc5085992d5dfe6b6754290226a3d79c01eb246368408f32592768a3892faa897c21c10a6a10b5b06ce37efbed1d32e2f7e3d8af521274f84b6b44823a903a264f6aeedb667ec9985eafb28387c6931a6492cc406229310f7db0fb4ad83f98f6a9accd13ff6dae5e837050d328b91e18dd2d557a819e2201abf0a8fd85de3cd6a6776619fc61a677f62fc54e47d919d90ec96f4f06f262dc587ade9746bffd4d03fca389d789186b4f77e1bd44c4c92d0c73c7198f64ad32a97d114c3a7cf7c870183f64138dfc0f280c786a0077b88628ca97f9bc41fff82fbea56cc5f5a83e42bc42ea1d6ef1e26135966e5f621fe88791f61cd8749d5b031199da0f40a5d98e92a1ef75109db2ca111ddd9e8d24b97aa39ec46db36204bdcafab88f7e07fd58baf887c9c3dc6d51892e321be64511a73a7d639a2974921652c462c2349434c6a36d285a47abaaac2ea793d2e945aa49edc2c87ca103bccf4b7f0cf0da5d319883f57f3ab8ad9ad55cb3f90a91002bf0e509396fb0062fa50595afc1c10e567812316c382781dfea31773029d8feb4302a23e21d2a63aa04ac6fba37d25f128da8e9b997dec1db1c55311ea57496ef6ec94768015a96545daa2268a7958f1c40f764624aaaf79177784aa18f5c5242ef5407c891536d81b0f58d3185d1d6038a330624d07f8627773f43b4199d3e0be2c6f382e73a658d03f207d3712ef8a231d3af4f5e9e171836b3a5bf4a2d1a8c6f53290af7640749fec41d8f55eaff977cc093f9cad69dbefa02dd213fd191770388a0e8fddf9e79252e710e9e627cd586b413c172e98e46c1c76995dd7f177ea5b40e61f5ca45f9e41e77e16e118d21fbcf87f0267a0c6b10f94da6b0c8765e1dbde65dc0c9ea06c23eff3c29b51a7d4db1f0734a25607312230183cdf4a3053a51c1847eac20cc4b2eb4b2c164fe4d1f1f058960e6c3c159b730f780cbedc3a45ae84ce3c9ed3f8c17a0095d3d6b409b3cdd47d5b0b919c5ad7d4a22c6ae6d4a9572e6006caca2811f75d080cb32f8ba556e032938cb63b07544d40a9faae5ccfa830c17335bdea256d6897316ea41078550ca0cffa6b404e5b04c983b5b0515f9ec3eb30bd0c0964800e03c42f68aa5afb83c98f4743055762f1d070e70286114b9503bcacecd7ca06fa317e710d4334673be57eec1ffaebc9cd071be4a04667dd0eb360f4492585ba278d58358a51147a48372937c0f0a02fb166f93cb07c59994f5a3887fca350ab1dd24b8c6cf181544b0219c373c90f0711b226fc7c2b7ca158b9dbeb777c6d785c3b761296aa9a8791bcc2a57cdfbf2c2869c060e483be1e7822b64a2920dd9c321d1ddfd85469ad922049063c29b3f10aa9a5e695b26a4764df7dcdf5e1f5b5d3f0c311d277f7c02aa0d814c96d4f84f9fa87e7f6322dd388b2e8ce3cf10202f7ba669b1388db6b31aead80f7733d3747bfd0a05590b4eed5225a254045e264e57e127589cfc795c36e9ab9c4738e0e98f3c8e84e6deac774a9005762425e3a8b4efdd11fa5b67388acfc1f2450cbf54894056f3f29a27c95af8bc7cc5f2b6900eff6a607cd716cd2e894d287b45fd1aeda6f00fc8f93a529ce879dc7bd3289251006e2a47c859935ecb41467acc132cf1aeb630c958b9fe4290c0155c6a01fe0f7d9f444e76ca8b87742b05783f2f6d6343cee0cf1fb70a6ee511243beb72d3319829270918c3d10dfc37cfb38b5a8074e9483b1a422df89aecef9726019a7b3a60b5dbb60d1618c072584ff28220de2a33b0365778400081562e4e97c488aa1004a7cc9e8227679971f14e3c864118af47942d5593750296e3d7189b8ed3dcd1b9684aa196e996c302dfbc19b1dc71701e9095a2316f5f5da3954e1e67aeb1695a6f873f3b4cafa0835b68279969b7b3539ac3def4de7450be2a9f949ce349c89f2b97fb78eaf2d55a9f7180aaa202284a5a6f7576c355803a5a0dbfc446de572f9c7ab477b277ea905ca932f20345996071968c5c82a9ce299a0ec21a3cb643d8bf8a6310cb77553052c0c41907d270cec8a3abcb47b6c197b9bd5dd3e2a743e79c74f116c43b7c0162212e3ee78942c463", 0x1000}}, 0x1006) r2 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_current(r2, &(0x7f0000000340)=ANY=[@ANYBLOB='permprofile &'], 0xff) (async) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x8, 0x30, r1, 0xc124d000) r3 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r3, 0x40345410, &(0x7f0000000040)={{0x1, 0x1, 0x7fffffff}}) ioctl$SNDRV_TIMER_IOCTL_INFO(r3, 0x80e85411, 0x0) (async) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x3f) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f00000000c0)={0x1ff, 0x2, 0x4, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) (async) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) (async, rerun: 64) r9 = syz_open_dev$tty20(0xc, 0x4, 0x0) (rerun: 64) ioctl$TCSETSF2(r9, 0x402c542d, &(0x7f0000000140)={0x0, 0x200, 0x0, 0x10002, 0x0, "4ae23ae1ba36c4095c911abad88f00"}) (async) ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000002840)) (async) ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000040)=0x37) r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000000300000000000000"]) (async) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000001000000500000000000000008000000000000000"]) (async) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) (async, rerun: 32) r11 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (rerun: 32) ioctl$KVM_PRE_FAULT_MEMORY(r10, 0xc040aed5, &(0x7f00000001c0)={0x808f800, 0x1000}) ioctl$EXT4_IOC_GETSTATE(r11, 0x40046629, 0x0) (async) openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000100), 0x200000, 0x0) (async) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) (async) r12 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r12, 0x7dfff000) 1.690382082s ago: executing program 8 (id=11946): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000000)={0x4}) ioctl$KVM_CREATE_DEVICE(r2, 0xc00caee0, &(0x7f0000000040)={0x4}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r5, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0xb, 0x0, 0x8, 0x0, 0x0, 0x2, 0xf7, 0x8, 0x9, 0x10}, {0x8080000, 0x0, 0xc, 0x0, 0x2, 0x0, 0x7, 0x0, 0x25, 0x7, 0x4, 0x4}, {0x2000, 0x5000, 0x7, 0x0, 0x7, 0x4, 0x0, 0x0, 0x2b, 0x0, 0x4, 0xfc}, {0x3000, 0xd000, 0x0, 0xff, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xd000, 0xeeef0000, 0x8, 0x0, 0xfc, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x5000, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xa, 0x2}, {0xeeee0000, 0x4000, 0xa, 0x5, 0x0, 0x0, 0x3, 0x0, 0x2, 0x4}, {0x1000, 0x0, 0x3, 0xfe, 0x0, 0xff, 0x0, 0x2b, 0x26}, {0x33328004}, {0xdddd1000, 0xfffc}, 0xddf8ffdb, 0x0, 0x0, 0x430, 0xfffffffffffffffc, 0x2501, 0x0, [0x100000, 0x0, 0x2]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000100)={0x30003, 0x0, [0x7fffffff, 0x1, 0x4, 0x3, 0x9, 0x2, 0x4]}) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r6 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r6, 0x0, 0x0) r7 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000000)=[0x0], &(0x7f0000000340)=[0x0], 0x0, 0x0, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r7, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r9, r8], 0x2, 0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r10, 0xc01064c8, &(0x7f0000000140)={0x1, 0x0, &(0x7f0000000100)=[0x0]}) ioctl$DRM_IOCTL_MODE_GETPLANE(r10, 0xc02064b6, &(0x7f0000000240)={r11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r12 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r13 = dup(r12) r14 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r14, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r13, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r13, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 1.557526974s ago: executing program 2 (id=11947): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) r5 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90b, 0x3}) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r1, 0x0, 0x0) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async) dup(r2) (async) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) (async) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async) syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) (async) ioctl$VIDIOC_SUBSCRIBE_EVENT(r5, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90b, 0x3}) (async) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async) 1.178547789s ago: executing program 9 (id=11948): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r1 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f00000005c0)={0x4, 0xffffffffffffffff}) ioctl$KVM_HAS_DEVICE_ATTR(r4, 0x4018aee3, &(0x7f0000000640)=@attr_other={0x0, 0x1, 0x0, 0x0}) ioctl$VIDIOC_G_SELECTION(r1, 0xc040565e, &(0x7f0000000200)={0x1, 0x100}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r6, 0xae64, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$VIDIOC_G_FMT(r7, 0xc0d05604, &(0x7f00000003c0)={0xb, @pix_mp={0x3ff, 0x0, 0x38414262, 0x7, 0x3, [{0x2, 0x4}, {0x0, 0x51}, {0x1e, 0x4}, {0x7, 0x800}, {0x0, 0x2}, {0x4, 0x3ff}, {0x8, 0x80000001}, {0x7f, 0x7b9}], 0x4, 0x7, 0x3, 0x0, 0x4}}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_START(r8, 0x54a0) write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000300)={0x5, 0x80000001, 0x1, 'queue1\x00', 0xffffffff}) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r9, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r9, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_ATOMIC(r9, 0xc03864bc, &(0x7f00000001c0)={0x0, 0x2, &(0x7f0000010140)=[r10, r10], &(0x7f0000010200), 0x0, 0x0, 0x0, 0x1000000000000}) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000004c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0], &(0x7f0000000280)=[0x0], 0x4, 0x3, 0x1, 0x1}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r7, 0xc01064c8, &(0x7f0000000540)={0x1, 0x0, &(0x7f0000000500)=[0x0]}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000740)={0x0, 0x0, r11, 0x0, 0x0, 0x0, &(0x7f0000000600)}) r15 = syz_open_dev$dri(&(0x7f00000005c0), 0x4a7, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r15, 0xc01064c8, &(0x7f00000002c0)={0x2, 0x0, &(0x7f0000000080)=[0x0, 0x0]}) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r15, 0xc04064aa, &(0x7f000001f880)={0x0, 0x0, r16}) ioctl$DRM_IOCTL_MODE_SETCRTC(r7, 0xc06864a2, &(0x7f00000006c0)={&(0x7f0000000580)=[r12, r13], 0x2, r14, r16, 0x0, 0x1000, 0x7, 0x2c22, {0x5, 0xa, 0x9, 0xef, 0x6, 0x7, 0x3, 0x0, 0x1, 0x40, 0xfff7, 0x3, 0x8001, 0xb, "903025bb85fba78e28fed6e65d799b2bbf9d3c906b17f53fa86e76025c4a0108"}}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r7, 0x0) 917.352259ms ago: executing program 2 (id=11949): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x1a1300, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f00000000c0)) preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) 849.803725ms ago: executing program 8 (id=11950): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x6, 0x81, 0x10000, 0x1000}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x541000, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r3 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000200)=0x800) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) ioctl$DRM_IOCTL_SET_VERSION(0xffffffffffffffff, 0xc0106407, &(0x7f00000000c0)={0x6, 0x81, 0x10000, 0x1000}) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x541000, 0x0) (async) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, &(0x7f0000000080)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) (async) openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000001c0), 0x4000, 0x0) (async) ioctl$BLKSECDISCARD(r3, 0x127d, &(0x7f0000000200)=0x800) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (async) 828.652902ms ago: executing program 9 (id=11951): r0 = syz_open_dev$usbmon(&(0x7f00000005c0), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1000001, 0x12, r0, 0x0) ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xccd1a) r1 = syz_open_dev$dri(&(0x7f00000008c0), 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(r2, 0x541b, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c643c, &(0x7f0000000300)) r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r3, 0x7dfff000) 707.915065ms ago: executing program 2 (id=11952): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$video(&(0x7f0000000040), 0xcd3, 0x0) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x52424752}}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) syz_open_dev$video(&(0x7f0000000040), 0xcd3, 0x0) (async) ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x52424752}}) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000}) (async) ioctl$KVM_RUN(r5, 0xae80, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) 703.471213ms ago: executing program 9 (id=11953): r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) ioctl$TIOCSWINSZ(r1, 0x5414, &(0x7f0000000000)) preadv(r0, &(0x7f0000000440)=[{&(0x7f0000000400)=""/55, 0x37}], 0x1, 0x3, 0x81) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 601.785119ms ago: executing program 8 (id=11954): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) preadv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/212, 0xfffffed3}], 0x1, 0xffeffffb, 0x1007) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000000)=0x8) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000003100), 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0xc06855c8, 0x4000000000003) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_PIT2(r3, 0x8010aebb, &(0x7f0000000280)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x240000000000}], 0x5}) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000080)={0x1, @pix={0x0, 0x0, 0x20303159}}) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x2, 0x202812, r4, 0x7dfff000) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) 444.671578ms ago: executing program 9 (id=11955): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000040)=0x7) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r4 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x22003, 0x0) close(r4) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r3, 0xc0884113, &(0x7f0000000080)={0x1, 0xfffffffa, 0x0, 0x8, 0x8000, 0x7, 0x1, 0xfffffffffffffe00, 0x0, 0x1, 0xfffffffe, 0x2}) ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000040)={0x4, 0x0, 0x1000003, 0x1d, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f18dafae3530db6dd493f2a3cc88721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef494c89092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003c7e6f3c82fbd8de6e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1aed6e850ecb3421143c5c4ded0f06affc524dcf3208272619b6a952db5bc96141b26c54d13c7a5416287a3b6f7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa0284abe90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695efbd649f42f310859122c0d2c1e558dc6586958a283762386ecf369274e43003a0fdff59ea515eb44504901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc5092548feaef7204a12cece59181fcb5bad8c24bd9f8f78d17ab82831325501e80d899e9252f99d3a2666343392fda11504800f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd333b30d3ce2f50dddeea3447aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b68986af3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9000400002f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d01000100df6f40a80ace2bb8a2aad3b0c66915927db4233181943d88c0c76d5969e2043db5bd77fd60ba0f013139929ccfec965c0c769785a4d23332ba1f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fd81bc31152538db50f47dc38ba908a0d808687e478a609fe0daa02d4e9c618b99266e7f2e98597e2813e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d472dd0e1338688ba782b41bde141f99c4894ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e87dde71929f918b98c4cbfcb11a90139264a9ee8081973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d2195ff9c6320c85bddc42915e4f3a5db642447bc2195a3d64e04c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e0e32b75ce814731c542091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00"}) r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) r6 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040), 0x400400, 0x0) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000000080)={0x1, 0x0, 0x6, 0xe, 0x61, &(0x7f00000004c0)}) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x1) preadv(r7, &(0x7f0000000940)=[{&(0x7f00000008c0)=""/122, 0x7a}], 0x1, 0x80, 0x3) dup(r6) read(r5, &(0x7f00000001c0)=""/157, 0x9d) 265.346251ms ago: executing program 8 (id=11956): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0) (async) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x30, 0x1, 0x1, "1c13ebdaf2f20d57185fd75a206d58e85b2197edb1479b0400", 0x35315258}) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) 153.989768ms ago: executing program 8 (id=11957): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$loop(&(0x7f0000000040), 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_merged\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x1, 0x2, 0x0, 0x0, 0x13, 0x14, "1271a2ab78fce00d9668dda1af1ea89d62b7080a01000000000300008a03000000000000000000ffffff7f00", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x0, 0x4]}}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 112.662197ms ago: executing program 2 (id=11958): openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) (async) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0x8000000, 0x104000}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000080)={0x0, 0x6000}) close(r1) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r2, &(0x7f0000000100)=""/159, 0xfffffe5a) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) r4 = syz_open_dev$mouse(&(0x7f00000000c0), 0x8000000000000000, 0xb0301) openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x80040, 0x0) write$rfkill(r4, &(0x7f00000001c0)={0x0, 0x8, 0x2, 0x1, 0x1}, 0x8) (async) write$rfkill(r4, &(0x7f00000001c0)={0x0, 0x8, 0x2, 0x1, 0x1}, 0x8) 0s ago: executing program 8 (id=11959): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) r2 = dup(r1) write$UHID_INPUT(r2, &(0x7f0000002180)={0x7, {"a2e3ad21ed0d52f91b48090687f70e06d038e7ff7fc6e5539b0d46078b089b3407336d090890e0878f0e1ac6e7049b334d959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e809ea88008000000000000027b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1dbdb230ae1fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b3804000000bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f6e56c71b1931870262f5e801119242ca020efc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f000800080000000000002420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b25361b665a8c97447a3c6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f304b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f39201889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8cf7d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad15a3a504767b6b45a45957f24d758ed024b3849c1137e2a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eb81f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39988b8658a20878b7c1dd7ba02fc42939dde7d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88d0466d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a028ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7bac7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068eb38067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c7280008f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3f0600faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000040)=0x2) (async, rerun: 64) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000240)=0x7) (rerun: 64) ioctl$TIOCVHANGUP(r4, 0x5437, 0x2) (async) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r6, 0x4068aea3, &(0x7f0000000680)) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r8 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000080)={0x0, 0x4, 0x0, 0x3, 0x1, "00000008000000fe630500000000000000001f"}) (async) ioctl$TIOCL_GETMOUSEREPORTING(r8, 0x5412, &(0x7f00000006c0)=0xd) ioctl$TIOCSTI(r8, 0x5412, &(0x7f0000000000)=0x8) (async) r9 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) r11 = syz_open_dev$tty1(0xc, 0x4, 0x1) r12 = dup(r11) write$UHID_INPUT(r12, &(0x7f0000000000)={0x1a, {"a2e3ad21ed6b52f99cfbf4c087f71e9b230963ff7fc6e5539b9b3b09719b711b5d52101b080d29308f0e1ac6e7049b3468959b189a242a9b45f3988f7ef319520100ffe8d178708c523c921b1b23380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00305d3f46635eb016d5b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ef06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8040000000000000033eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000064b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) (async) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000002080)=ANY=[@ANYBLOB="0109a30000000000004d0200000044c86ca69319eb940000fbb40eb107f60b250a24ad2d088ef0751a87a4899451c92ded"]) (async, rerun: 64) r13 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) (rerun: 64) ioctl$KVM_SET_MP_STATE(r13, 0x4004ae99, &(0x7f0000000000)=0x1) read(r0, &(0x7f00000020c0)=""/165, 0xa5) (async) r14 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r14, 0x0) (async) syz_open_dev$usbmon(&(0x7f0000000080), 0xc5, 0x400000) kernel console output (not intermixed with test programs): x0 [ 1276.152421][T26406] binder: 26405:26406 ioctl 227b 200000000900 returned -22 [ 1276.844339][ T1338] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1276.996561][ T1338] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1277.123235][ T1338] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1277.222976][ T1338] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1277.660765][ T1338] bridge_slave_1: left allmulticast mode [ 1277.660791][ T1338] bridge_slave_1: left promiscuous mode [ 1277.661002][ T1338] bridge0: port 2(bridge_slave_1) entered disabled state [ 1277.676052][ T1338] bridge_slave_0: left allmulticast mode [ 1277.676076][ T1338] bridge_slave_0: left promiscuous mode [ 1277.677803][ T1338] bridge0: port 1(bridge_slave_0) entered disabled state [ 1278.547114][ T1338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1278.564834][ T1338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1278.579394][ T1338] bond0 (unregistering): Released all slaves [ 1278.716447][T26001] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1278.725954][T26001] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1278.734252][T26001] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1278.752712][T26001] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1278.760539][T26001] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1278.806488][T15162] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1278.817321][T15162] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1278.826051][T15162] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1278.849253][T15162] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1278.859561][T15162] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1279.183370][ T1338] hsr_slave_0: left promiscuous mode [ 1279.205463][ T1338] hsr_slave_1: left promiscuous mode [ 1279.217036][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1279.259808][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1279.268587][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1279.293994][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1279.385324][ T1338] veth1_macvtap: left promiscuous mode [ 1279.396261][ T1338] veth0_macvtap: left promiscuous mode [ 1279.405486][ T1338] veth1_vlan: left promiscuous mode [ 1279.411257][ T1338] veth0_vlan: left promiscuous mode [ 1279.440344][T26600] syz.7.8932: attempt to access beyond end of device [ 1279.440344][T26600] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1280.059199][T26633] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1280.814447][T26655] loop2: detected capacity change from 0 to 7 [ 1280.839192][T26655] Dev loop2: unable to read RDB block 7 [ 1280.845508][T26655] loop2: unable to read partition table [ 1280.854765][T26655] loop2: partition table beyond EOD, truncated [ 1280.861384][T26655] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 1280.971591][T15162] Bluetooth: hci3: command tx timeout [ 1281.188262][ T1338] team0 (unregistering): Port device team_slave_1 removed [ 1281.242821][ T1338] team0 (unregistering): Port device team_slave_0 removed [ 1281.744880][T26664] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1281.758679][T26664] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 1282.251755][T26804] ALSA: seq fatal error: cannot create timer (-16) [ 1282.259183][T26495] chnl_net:caif_netlink_parms(): no params data found [ 1282.400633][T26821] input: syz1 as /devices/virtual/input/input305 [ 1282.689182][T26495] bridge0: port 1(bridge_slave_0) entered blocking state [ 1282.713076][T26495] bridge0: port 1(bridge_slave_0) entered disabled state [ 1282.738868][T26495] bridge_slave_0: entered allmulticast mode [ 1282.747931][T26495] bridge_slave_0: entered promiscuous mode [ 1282.787200][T26495] bridge0: port 2(bridge_slave_1) entered blocking state [ 1282.804489][T26495] bridge0: port 2(bridge_slave_1) entered disabled state [ 1282.829896][T26495] bridge_slave_1: entered allmulticast mode [ 1282.869375][T26495] bridge_slave_1: entered promiscuous mode [ 1283.086045][T26495] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1283.089649][T26495] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1283.245379][T26495] team0: Port device team_slave_0 added [ 1283.248257][T26495] team0: Port device team_slave_1 added [ 1283.387309][T26495] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1283.387327][T26495] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1283.387361][T26495] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1283.389302][T26495] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1283.389316][T26495] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1283.389348][T26495] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1283.648186][T26495] hsr_slave_0: entered promiscuous mode [ 1283.649207][T26495] hsr_slave_1: entered promiscuous mode [ 1283.649991][T26495] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1283.650014][T26495] Cannot create hsr debugfs directory [ 1283.914047][ C0] vkms_vblank_simulate: vblank timer overrun [ 1285.187574][T26495] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1285.234674][T26495] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1285.306365][T26495] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1285.348864][T26495] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1285.618481][T26495] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1285.692894][T26495] 8021q: adding VLAN 0 to HW filter on device team0 [ 1285.734392][ T1338] bridge0: port 1(bridge_slave_0) entered blocking state [ 1285.741689][ T1338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1285.793372][ T1338] bridge0: port 2(bridge_slave_1) entered blocking state [ 1285.800711][ T1338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1286.110773][T27235] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1286.633344][T26495] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1286.795822][T26495] veth0_vlan: entered promiscuous mode [ 1286.838372][T26495] veth1_vlan: entered promiscuous mode [ 1286.923042][T26495] veth0_macvtap: entered promiscuous mode [ 1286.953855][T26495] veth1_macvtap: entered promiscuous mode [ 1287.005929][T26495] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1287.022674][T26495] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1287.039561][T26495] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1287.062758][T26495] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1287.073693][T26495] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1287.085341][T26495] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1287.459928][T20385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1287.518236][T20385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1287.667897][T20385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1287.678295][T20385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1287.698629][T26001] Bluetooth: hci4: command 0x1003 tx timeout [ 1287.702138][T15162] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1287.935676][T27296] usb usb8: usbfs: process 27296 (syz.0.8978) did not claim interface 0 before use [ 1289.205492][T27338] usb usb1: check_ctrlrecip: process 27338 (syz.8.8981) requesting ep 01 but needs 81 [ 1289.228398][T27338] usb usb1: usbfs: process 27338 (syz.8.8981) did not claim interface 0 before use [ 1291.943620][T27479] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1293.278173][ T30] audit: type=1400 audit(1750411431.707:42): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=27521 comm="syz.0.9005" [ 1293.944452][T27567] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1294.047686][T27573] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1294.083009][T27579] random: crng reseeded on system resumption [ 1295.062761][T27627] input: syz0 as /devices/virtual/input/input308 [ 1295.437192][T27650] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1295.544305][T27661] input: syz0 as /devices/virtual/input/input309 [ 1295.748227][T27660] binder: 27659:27660 ioctl 400c620e 9999999999999999 returned -14 [ 1296.832484][T27724] usb usb8: usbfs: process 27724 (syz.8.9038) did not claim interface 0 before use [ 1298.252026][T27792] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1299.539930][ T30] audit: type=1800 audit(1750411437.947:43): pid=27826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.9055" name="memory.events" dev="tmpfs" ino=1000 res=0 errno=0 [ 1300.065721][T27866] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1300.119038][T27863] ALSA: mixer_oss: invalid OSS volume '' [ 1300.127545][T27871] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1300.214945][T27866] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1301.099046][T27990] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1301.474912][T28043] misc userio: Can't change port type on an already running userio instance [ 1302.350851][T28089] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1303.076207][T28136] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1304.467152][T28218] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1304.645927][T28231] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1304.711047][T28237] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1305.031104][T28264] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1305.041182][T28267] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1305.230651][T28282] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1305.542148][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.548529][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1306.207634][T28318] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1306.868004][T28349] random: crng reseeded on system resumption [ 1307.999516][T28410] mkiss: ax0: crc mode is auto. [ 1308.668510][T28440] mkiss: ax0: crc mode is auto. [ 1309.329602][T28491] binder: 28489:28491 unknown command 576 [ 1309.342543][T28491] binder: 28489:28491 ioctl c0306201 200000000480 returned -22 [ 1309.757639][T28515] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1310.124935][T28534] can0: slcan on ttyS3. [ 1310.309413][T28534] can0 (unregistered): slcan off ttyS3. [ 1310.542891][T28552] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1310.856600][T28576] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1311.253974][T28597] binder: 28595:28597 ioctl 40286608 200000000240 returned -22 [ 1311.969533][T28637] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1312.446746][T28658] loop8: detected capacity change from 0 to 7 [ 1312.455277][T28658] Dev loop8: unable to read RDB block 7 [ 1312.504343][T28666] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1312.529879][T28658] loop8: unable to read partition table [ 1312.535867][T28658] loop8: partition table beyond EOD, truncated [ 1312.547042][T28658] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 1312.559193][T28667] Dev loop8: unable to read RDB block 7 [ 1312.581132][T28667] loop8: unable to read partition table [ 1312.596211][T28667] loop8: partition table beyond EOD, truncated [ 1312.761502][T28681] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1314.233201][T28763] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1314.375185][T28762] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1315.372956][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1315.387290][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1315.420153][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1315.430734][ T24] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1315.438146][ T24] rtc rtc0: __rtc_set_alarm: err=-22 [ 1315.705948][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.705979][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706000][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706020][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706040][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706060][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706080][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706100][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706139][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706158][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706178][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706197][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706224][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706244][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706263][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706282][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706301][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706320][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706338][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706358][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706377][T28860] misc userio: Can't change port type on an already running userio instance [ 1315.706396][T28860] misc userio: Can't change port type on an already running userio instance [ 1316.234279][T28891] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1316.336088][T28862] tty tty25: ldisc open failed (-12), clearing slot 24 [ 1317.178562][T28934] CUSE: info not properly terminated [ 1318.055442][T28990] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer. [ 1318.196226][T29001] loop8: detected capacity change from 0 to 7 [ 1318.206116][ T7807] Dev loop8: unable to read RDB block 7 [ 1318.212024][ T7807] loop8: unable to read partition table [ 1318.218104][ T7807] loop8: partition table beyond EOD, truncated [ 1318.228928][T29001] Dev loop8: unable to read RDB block 7 [ 1318.234951][T29001] loop8: unable to read partition table [ 1318.241672][T29001] loop8: partition table beyond EOD, truncated [ 1318.250150][T29001] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 1319.742498][T29064] dlm: no local IP address has been set [ 1319.753363][T29064] dlm: cannot start dlm midcomms -107 [ 1320.284737][T29097] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1322.622455][T29198] binder: 29197:29198 ioctl c0046209 0 returned -22 [ 1322.801292][T29216] usb usb1: usbfs: process 29216 (syz.8.9289) did not claim interface 0 before use [ 1322.825292][T29216] usb usb1: selecting invalid altsetting 256 [ 1322.978020][T29222] random: crng reseeded on system resumption [ 1323.169083][T29236] sd 0:0:1:0: device reset [ 1323.383553][T29248] binder: 29247:29248 ioctl 40046205 0 returned -22 [ 1323.467044][T29254] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 1323.474091][T29254] pim6reg0: linktype set to 769 [ 1323.488908][T29246] kvm: vcpu 512: requested lapic timer restore with starting count register 0x390=1531215282 (3062430564 ns) > initial count (1473793136 ns). Using initial count to start timer. [ 1323.510797][T29246] kvm: apic: phys broadcast and lowest prio [ 1323.948342][T29288] binder: BINDER_SET_CONTEXT_MGR already set [ 1323.948375][T29288] binder: 29286:29288 ioctl 4018620d 200000000100 returned -16 [ 1324.101586][ T36] Bluetooth: hci4: Frame reassembly failed (-90) [ 1324.101660][ T36] Bluetooth: hci4: Frame reassembly failed (-84) [ 1324.101724][ T36] Bluetooth: hci4: Frame reassembly failed (-84) [ 1325.037078][T29331] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1325.482607][T29345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1325.707416][T29356] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1326.169829][T15162] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1326.506546][T29387] input: syz1 as /devices/virtual/input/input317 [ 1329.127343][T29527] hub 6-0:1.0: USB hub found [ 1329.150830][T29527] hub 6-0:1.0: 1 port detected [ 1329.876473][T29579] binder: 29578:29579 unknown command 0 [ 1329.892312][T29579] binder: 29578:29579 ioctl c0306201 200000000540 returned -22 [ 1330.758779][T29618] sp0: Synchronizing with TNC [ 1330.920633][T29617] [U] [ 1331.725490][T29678] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1331.771811][T15162] Bluetooth: hci4: command 0x1003 tx timeout [ 1331.779381][T26001] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1332.675647][T29720] misc userio: The device must be registered before sending interrupts [ 1332.696482][T29720] CUSE: info not properly terminated [ 1332.964842][T29738] usb usb8: usbfs: process 29738 (syz.0.9381) did not claim interface 0 before use [ 1333.861037][T29784] random: crng reseeded on system resumption [ 1334.057096][T29790] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1334.128835][T29791] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1334.610621][T29834] ubi31: attaching mtd0 [ 1334.617041][T29834] ubi31: scanning is finished [ 1334.722025][T29834] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1334.770132][T29834] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3002 bytes [ 1334.777491][T29834] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1334.840992][T29834] ubi31: VID header offset: 1030 (aligned 1030), data offset: 1094 [ 1334.848997][T29834] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1334.902698][T29834] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 17 [ 1334.930727][T29834] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 743701457 [ 1334.990005][T29834] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1335.037988][T29840] ubi31: background thread "ubi_bgt31d" started, PID 29840 [ 1336.641184][ T30] audit: type=1800 audit(1750411475.077:44): pid=29919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.9417" name="[kvm-gmem]" dev="anon_inodefs" ino=310215 res=0 errno=0 [ 1336.662166][ C0] vkms_vblank_simulate: vblank timer overrun [ 1336.670532][T29919] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1336.878778][T29940] input: syz1 as /devices/virtual/input/input319 [ 1336.923350][T29908] binder: 29891:29908 ioctl c0306201 200000002800 returned -14 [ 1337.229334][T29963] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1337.702654][T29996] CUSE: DEVNAME unspecified [ 1338.307811][T30035] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1339.006676][T30053] syz.2.9443: attempt to access beyond end of device [ 1339.006676][T30053] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1339.629690][ T30] audit: type=1400 audit(1750411478.047:45): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=30081 comm="syz.8.9452" [ 1339.660966][ C0] vkms_vblank_simulate: vblank timer overrun [ 1339.996274][T30086] syz.8.9453: attempt to access beyond end of device [ 1339.996274][T30086] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1340.489330][T30113] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1341.855148][T30188] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1342.728706][T30247] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1343.332001][T30264] ALSA: mixer_oss: invalid OSS volume '' [ 1343.519153][T30282] ubi: mtd0 is already attached to ubi31 [ 1343.929912][T26001] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1343.930759][T15162] Bluetooth: hci4: command 0x1003 tx timeout [ 1343.985001][T30316] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1344.501472][T30361] QAT: Device 253 not found [ 1345.002055][T30383] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1345.021915][T30385] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1346.525126][T30490] loop7: detected capacity change from 0 to 8388608 [ 1346.638811][T30490] block device autoloading is deprecated and will be removed. [ 1346.679301][T30490] syz.0.9529: attempt to access beyond end of device [ 1346.679301][T30490] loop0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1348.514319][T30583] loop6: detected capacity change from 0 to 524287999 [ 1348.522194][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.533440][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.542317][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.551479][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.563017][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.573792][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.590079][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.643657][T30589] Invalid logical block size (4) [ 1348.648757][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.667827][T30583] ldm_validate_partition_table(): Disk read failed. [ 1348.688042][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.697526][T30583] Buffer I/O error on dev loop6, logical block 0, async page read [ 1348.706147][T30583] Dev loop6: unable to read RDB block 0 [ 1348.712585][T30583] loop6: unable to read partition table [ 1348.725335][T30583] loop_reread_partitions: partition scan of loop6 (3 xC) failed (rc=-5) [ 1349.312057][T30631] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1350.128206][T30682] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1350.508162][T30721] loop6: detected capacity change from 0 to 524287487 [ 1350.524143][T30722] loop6: detected capacity change from 524287487 to 0 [ 1351.072944][T30767] input: syz0 as /devices/virtual/input/input325 [ 1351.096400][T30767] input: failed to attach handler leds to device input325, error: -6 [ 1351.853361][T30818] blktrace: Concurrent blktraces are not allowed on rnullb0 [ 1352.201208][T30835] ALSA: seq fatal error: cannot create timer (-22) [ 1352.991734][T30868] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1353.093927][ T1317] Bluetooth: (null): Invalid header checksum [ 1353.116859][ T1317] Bluetooth: (null): Invalid header checksum [ 1353.803361][T30913] usb usb1: usbfs: process 30913 (syz.0.9610) did not claim interface 0 before use [ 1353.987992][T30923] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1354.010528][T30923] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1354.302702][T30948] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1354.333535][T30953] blktrace: Concurrent blktraces are not allowed on rnullb0 [ 1354.894565][T30975] vim2m vim2m.0: Fourcc format (0x42474752) invalid. [ 1355.633230][ T1317] Bluetooth: hci4: Frame reassembly failed (-84) [ 1356.635079][T31055] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1357.395378][T31087] AppArmor: change_hat: Invalid input '' [ 1357.699843][T26001] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 1357.700233][T15162] Bluetooth: hci4: command 0xfc11 tx timeout [ 1358.381542][T31125] input: syz0 as /devices/virtual/input/input328 [ 1358.851627][T31146] input: syz0 as /devices/virtual/input/input329 [ 1359.009113][T31155] mkiss: ax0: crc mode is auto. [ 1359.246216][T31170] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1359.358156][T31180] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=io+mem:owns=io+mem [ 1359.479967][T31189] input: syz0 as /devices/virtual/input/input330 [ 1361.785384][T31296] input: syz0 as /devices/virtual/input/input331 [ 1362.538050][T31337] CUSE: info not properly terminated [ 1362.936184][T31341] input: syz1 as /devices/virtual/input/input333 [ 1363.065640][T31343] input: syz0 as /devices/virtual/input/input332 [ 1363.545641][T31361] Invalid logical block size (2) [ 1363.721275][T31367] i2c i2c-0: Invalid block write size 254 [ 1365.586107][T31416] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1366.322246][T31471] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1366.990439][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1366.996852][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1367.413419][T31529] kvm: kvm [31526]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x3 [ 1367.775797][ T5843] hid-generic 0000:0000:0000.001B: unknown main item tag 0x0 [ 1367.802675][ T5843] hid-generic 0000:0000:0000.001B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1369.031616][ T30] audit: type=1800 audit(1750411507.467:46): pid=31542 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.9733" name="dmabuf" dev="dmabuf" ino=56 res=0 errno=0 [ 1369.090342][T31542] sp0: Synchronizing with TNC [ 1369.780774][T31624] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1371.355674][T31793] input: syz1 as /devices/virtual/input/input335 [ 1371.579607][T31803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1372.273220][T31830] No memory to map [ 1374.865345][T15162] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1374.878201][T15162] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1374.886785][T15162] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1374.895355][T15162] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1374.904639][T15162] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1374.977956][T26001] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1374.989077][T26001] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1375.004925][T26001] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1375.025393][T26001] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1375.036783][T26001] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1375.264629][T20385] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1375.584975][T31968] input: syz0 as /devices/virtual/input/input337 [ 1375.865066][T20385] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1376.193195][T20385] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1376.501931][T20385] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1376.728332][T31940] chnl_net:caif_netlink_parms(): no params data found [ 1377.042414][T32004] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1377.049132][T32004] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1377.132773][T20385] bridge_slave_1: left allmulticast mode [ 1377.138501][T20385] bridge_slave_1: left promiscuous mode [ 1377.144442][T26001] Bluetooth: hci2: command tx timeout [ 1377.162023][T20385] bridge0: port 2(bridge_slave_1) entered disabled state [ 1377.241293][T20385] bridge_slave_0: left allmulticast mode [ 1377.248645][T20385] bridge_slave_0: left promiscuous mode [ 1377.254696][T20385] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.880781][T32220] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1377.902255][T32223] program syz.7.9799 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1377.971536][T32220] loop6: detected capacity change from 0 to 524287999 [ 1377.983327][ C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0 [ 1377.992835][ C1] buffer_io_error: 7 callbacks suppressed [ 1377.992853][ C1] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1378.007080][ C1] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1378.045705][ C0] I/O error, dev loop6, sector 16 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1378.055369][ C0] Buffer I/O error on dev loop6, logical block 2, lost async page write [ 1378.093777][T32220] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1378.377811][T32236] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1378.767448][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.793138][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.819114][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.839416][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.854113][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.861947][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.869720][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.877412][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.893374][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.901180][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.908869][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.916644][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.924520][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.932390][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.940368][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.948104][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.965103][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.973653][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.981672][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.989448][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1378.997317][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.005140][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.022257][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.030094][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.037818][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.045764][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.054870][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.063477][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.071798][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.079522][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.087299][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.095338][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.103125][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.111047][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.118759][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.126696][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.135295][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.143161][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.154475][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.162311][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.170574][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.178303][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.186149][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.194156][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.202041][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.209803][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.217533][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.225316][ T24] hid-generic 0000:0000:2000000.001C: unknown main item tag 0x0 [ 1379.237661][ T24] hid-generic 0000:0000:2000000.001C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1379.319827][T32264] fido_id[32264]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1379.550797][T20385] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1379.651021][T20385] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1379.692136][T20385] bond0 (unregistering): Released all slaves [ 1379.752680][T31940] bridge0: port 1(bridge_slave_0) entered blocking state [ 1379.760330][T31940] bridge0: port 1(bridge_slave_0) entered disabled state [ 1379.767729][T31940] bridge_slave_0: entered allmulticast mode [ 1379.776350][T31940] bridge_slave_0: entered promiscuous mode [ 1379.786052][T31940] bridge0: port 2(bridge_slave_1) entered blocking state [ 1379.793445][T31940] bridge0: port 2(bridge_slave_1) entered disabled state [ 1379.800892][T31940] bridge_slave_1: entered allmulticast mode [ 1379.808383][T31940] bridge_slave_1: entered promiscuous mode [ 1380.248024][T31940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1380.277272][T31940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1380.824050][T32366] syz.2.9814: attempt to access beyond end of device [ 1380.824050][T32366] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1380.845178][T31940] team0: Port device team_slave_0 added [ 1380.874734][T31940] team0: Port device team_slave_1 added [ 1381.209779][T20385] hsr_slave_0: left promiscuous mode [ 1381.262394][T20385] hsr_slave_1: left promiscuous mode [ 1381.280031][T20385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1381.287546][T20385] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1381.340883][T20385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1381.348403][T20385] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1381.490713][T20385] veth1_macvtap: left promiscuous mode [ 1381.496342][T20385] veth0_macvtap: left promiscuous mode [ 1381.523207][T20385] veth1_vlan: left promiscuous mode [ 1381.528684][T20385] veth0_vlan: left promiscuous mode [ 1382.393318][T32438] vivid-000: disconnect [ 1382.426007][T32437] vivid-000: reconnect [ 1384.278140][T32499] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1384.336062][T20385] team0 (unregistering): Port device team_slave_1 removed [ 1384.770817][T20385] team0 (unregistering): Port device team_slave_0 removed [ 1387.777020][T31940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1387.784296][T31940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.821381][T31940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1387.844808][T31940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1387.858363][T31940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1387.885118][T31940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1388.152849][T31940] hsr_slave_0: entered promiscuous mode [ 1388.181424][T31940] hsr_slave_1: entered promiscuous mode [ 1388.188052][T31940] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1388.206363][T31940] Cannot create hsr debugfs directory [ 1388.721165][ T12] Bluetooth: (null): Invalid header checksum [ 1388.728399][ T12] Bluetooth: (null): Invalid header checksum [ 1390.741921][T32757] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1390.808209][T32757] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1390.818298][T31940] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1390.838558][T32757] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1390.854670][T32757] iommufd_mock iommufd_mock3: Adding to iommu group 3 [ 1390.880603][T32757] iommufd_mock iommufd_mock4: Adding to iommu group 4 [ 1390.897069][T32757] iommufd_mock iommufd_mock5: Adding to iommu group 5 [ 1390.922055][T31940] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1390.947180][T32757] iommufd_mock iommufd_mock6: Adding to iommu group 6 [ 1390.963255][T32757] iommufd_mock iommufd_mock7: Adding to iommu group 7 [ 1390.983540][T31940] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1391.002678][T32757] iommufd_mock iommufd_mock8: Adding to iommu group 8 [ 1391.018809][T32757] iommufd_mock iommufd_mock9: Adding to iommu group 9 [ 1391.035526][T32757] iommufd_mock iommufd_mock10: Adding to iommu group 10 [ 1391.050779][T31940] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1391.082428][T32757] iommufd_mock iommufd_mock11: Adding to iommu group 11 [ 1391.097343][T32757] iommufd_mock iommufd_mock12: Adding to iommu group 12 [ 1391.117105][T32757] iommufd_mock iommufd_mock13: Adding to iommu group 13 [ 1391.145791][T32757] iommufd_mock iommufd_mock14: Adding to iommu group 14 [ 1391.192985][T32757] iommufd_mock iommufd_mock15: Adding to iommu group 15 [ 1391.217026][T32757] iommufd_mock iommufd_mock16: Adding to iommu group 16 [ 1391.257112][T32757] iommufd_mock iommufd_mock17: Adding to iommu group 17 [ 1391.282021][T32757] iommufd_mock iommufd_mock18: Adding to iommu group 18 [ 1391.316897][T32757] iommufd_mock iommufd_mock19: Adding to iommu group 19 [ 1391.336968][T31940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1391.350780][T32757] iommufd_mock iommufd_mock20: Adding to iommu group 20 [ 1391.387808][T31940] 8021q: adding VLAN 0 to HW filter on device team0 [ 1391.398447][T32757] iommufd_mock iommufd_mock21: Adding to iommu group 21 [ 1391.428143][T32757] iommufd_mock iommufd_mock22: Adding to iommu group 22 [ 1391.440925][ T1338] bridge0: port 1(bridge_slave_0) entered blocking state [ 1391.448408][ T1338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1391.453424][T32757] iommufd_mock iommufd_mock23: Adding to iommu group 23 [ 1391.478882][T32757] iommufd_mock iommufd_mock24: Adding to iommu group 24 [ 1391.505234][T32757] iommufd_mock iommufd_mock25: Adding to iommu group 25 [ 1391.520487][ T1338] bridge0: port 2(bridge_slave_1) entered blocking state [ 1391.527880][ T1338] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1391.547786][T32757] iommufd_mock iommufd_mock26: Adding to iommu group 26 [ 1392.346068][T31940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1392.435276][T31940] veth0_vlan: entered promiscuous mode [ 1392.483969][T31940] veth1_vlan: entered promiscuous mode [ 1392.612560][T31940] veth0_macvtap: entered promiscuous mode [ 1392.641761][T31940] veth1_macvtap: entered promiscuous mode [ 1392.704477][T31940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1392.733944][T31940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1392.775187][T31940] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.785467][T31940] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.797821][T31940] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1392.818493][T31940] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1393.085836][T13145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1393.112979][T13145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1393.172327][ T490] binder: 489:490 ioctl c018620b 200000000100 returned -14 [ 1393.183604][ T490] binder: BINDER_SET_CONTEXT_MGR already set [ 1393.202443][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1393.213872][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1393.357880][ T490] binder: 489:490 ioctl 4018620d 200000000200 returned -16 [ 1394.058953][ T547] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1394.439327][ T565] syz.7.9877: attempt to access beyond end of device [ 1394.439327][ T565] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1394.707553][ T575] mkiss: ax0: crc mode is auto. [ 1394.962404][ T607] usb usb1: usbfs: process 607 (syz.7.9885) did not claim interface 0 before use [ 1395.001606][ T607] usb usb1: selecting invalid altsetting 256 [ 1395.587153][ T651] blktrace: Concurrent blktraces are not allowed on sg0 [ 1397.302921][ T707] loop6: detected capacity change from 0 to 63 [ 1397.326572][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.352648][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.388234][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.406335][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.423006][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.435724][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.449180][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.461190][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.472584][ T7807] ldm_validate_partition_table(): Disk read failed. [ 1397.481109][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.491005][ T7807] Buffer I/O error on dev loop6, logical block 0, async page read [ 1397.502963][ T7807] Dev loop6: unable to read RDB block 0 [ 1397.509545][ T7807] loop6: unable to read partition table [ 1397.519586][ T707] ldm_validate_partition_table(): Disk read failed. [ 1397.535534][ T707] Dev loop6: unable to read RDB block 0 [ 1397.543513][ T707] loop6: unable to read partition table [ 1397.553531][ T707] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 1397.583903][ T5207] ldm_validate_partition_table(): Disk read failed. [ 1397.613858][ T5207] Dev loop6: unable to read RDB block 0 [ 1397.625333][ T5207] loop6: unable to read partition table [ 1398.087342][ T745] CUSE: info not properly terminated [ 1399.767133][ T832] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1401.681700][ T907] vivid-006: disconnect [ 1401.805788][ T918] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1402.682984][ T902] vivid-006: reconnect [ 1402.860535][ T959] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1403.565851][ T1008] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1404.418677][ T1046] input: syz1 as /devices/virtual/input/input344 [ 1404.562877][ T30] audit: type=1400 audit(1750411542.997:47): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 1404.949109][ T1085] can0: slcan on ptm0. [ 1405.051615][ C1] vkms_vblank_simulate: vblank timer overrun [ 1405.145652][ T1095] i2c i2c-0: Invalid block write size 34 [ 1405.440466][ T1084] can0 (unregistered): slcan off ptm0. [ 1405.986441][ T1140] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1406.255016][ T30] audit: type=1800 audit(1750411544.687:48): pid=1157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.9975" name="dmabuf" dev="dmabuf" ino=57 res=0 errno=0 [ 1406.291981][ T1157] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1406.347242][ T30] audit: type=1800 audit(1750411544.777:49): pid=1157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.9975" name="dmabuf" dev="dmabuf" ino=57 res=0 errno=0 [ 1406.373109][ T1160] input: syz1 as /devices/virtual/input/input346 [ 1406.471610][ T7807] udevd[7807]: setting mode of /dev/input/js0 to 020664 failed: No such file or directory [ 1406.496241][ T7807] udevd[7807]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory [ 1406.618021][ T1181] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1407.713903][ T1225] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1408.355753][ T1255] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1408.986695][ T1289] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1411.482693][ T1378] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1411.498356][ T1378] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1411.510242][ T1378] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1411.552268][ T1378] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1411.566106][ T1378] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1411.590237][T26001] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1411.622916][T26001] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1411.640024][T26001] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1411.652236][T26001] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1411.682691][T26001] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1412.382947][ T1415] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1412.576404][T20385] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1412.841989][T20385] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.142094][T20385] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.393842][T20385] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1413.667672][ T1444] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1413.688228][ T1444] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1413.779238][T26001] Bluetooth: hci0: command tx timeout [ 1413.925982][ T1374] chnl_net:caif_netlink_parms(): no params data found [ 1413.986128][T20385] bridge_slave_1: left allmulticast mode [ 1414.002976][T20385] bridge_slave_1: left promiscuous mode [ 1414.040367][T20385] bridge0: port 2(bridge_slave_1) entered disabled state [ 1414.128618][ T1591] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1414.321854][T20385] bridge_slave_0: left allmulticast mode [ 1414.329589][T20385] bridge_slave_0: left promiscuous mode [ 1414.336148][T20385] bridge0: port 1(bridge_slave_0) entered disabled state [ 1414.719232][ T1606] CUSE: info not properly terminated [ 1415.112190][ T1637] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1415.268289][ T1648] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1416.791885][T20385] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1416.871785][T20385] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1416.932358][T20385] bond0 (unregistering): Released all slaves [ 1417.283470][ T1716] kvm: user requested TSC rate below hardware speed [ 1417.296938][ T1716] kvm: user requested TSC rate below hardware speed [ 1417.319003][ T1716] kvm: user requested TSC rate below hardware speed [ 1418.221779][ T1374] bridge0: port 1(bridge_slave_0) entered blocking state [ 1418.238697][ T1374] bridge0: port 1(bridge_slave_0) entered disabled state [ 1418.247594][ T1374] bridge_slave_0: entered allmulticast mode [ 1418.275654][ T1374] bridge_slave_0: entered promiscuous mode [ 1418.412010][ T1374] bridge0: port 2(bridge_slave_1) entered blocking state [ 1418.447833][ T1374] bridge0: port 2(bridge_slave_1) entered disabled state [ 1418.466775][ T1374] bridge_slave_1: entered allmulticast mode [ 1418.486868][ T1374] bridge_slave_1: entered promiscuous mode [ 1418.630295][T20385] hsr_slave_0: left promiscuous mode [ 1418.698023][T20385] hsr_slave_1: left promiscuous mode [ 1418.706741][T20385] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1418.715758][T20385] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1418.771468][T20385] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1418.799946][T20385] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1418.892036][T20385] veth1_macvtap: left promiscuous mode [ 1418.898068][T20385] veth0_macvtap: left promiscuous mode [ 1418.904938][T20385] veth1_vlan: left promiscuous mode [ 1418.913094][T20385] veth0_vlan: left promiscuous mode [ 1419.717239][ T1866] program syz.2.10064 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1419.746621][ T1866] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1421.782188][T20385] team0 (unregistering): Port device team_slave_1 removed [ 1422.061316][T20385] team0 (unregistering): Port device team_slave_0 removed [ 1425.214760][ T1374] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1425.248937][ T1374] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1425.633209][ T1374] team0: Port device team_slave_0 added [ 1425.646052][ T1374] team0: Port device team_slave_1 added [ 1425.981820][ T1374] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1426.019522][ T1374] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1426.096832][ T1374] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1426.268338][ T1374] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1426.288179][ T1374] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1426.349740][ T1374] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1426.928629][ T1374] hsr_slave_0: entered promiscuous mode [ 1426.955865][ T1374] hsr_slave_1: entered promiscuous mode [ 1428.425862][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.436235][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1429.638709][ T2264] block nbd0: NBD_DISCONNECT [ 1429.737252][ T2275] input: syz0 as /devices/virtual/input/input353 [ 1430.145222][ T1374] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1430.200509][ T1374] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1430.298521][ T1374] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1430.364335][ T1374] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1430.726032][ T1374] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1430.786151][ T1374] 8021q: adding VLAN 0 to HW filter on device team0 [ 1430.832791][ T1338] bridge0: port 1(bridge_slave_0) entered blocking state [ 1430.842211][ T1338] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1430.931487][T13145] bridge0: port 2(bridge_slave_1) entered blocking state [ 1430.939881][T13145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1431.128982][ T1374] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1431.752438][ T1374] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1431.878760][ T2391] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1432.776172][ T1374] veth0_vlan: entered promiscuous mode [ 1432.819484][ T1374] veth1_vlan: entered promiscuous mode [ 1432.921682][ T1374] veth0_macvtap: entered promiscuous mode [ 1432.948459][ T1374] veth1_macvtap: entered promiscuous mode [ 1432.994078][ T1374] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1433.018209][ T1374] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1433.080232][ T1374] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1433.109845][ T1374] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1433.131637][ T1374] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1433.149749][ T1374] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1433.480826][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1433.489574][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1433.604611][T20385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1433.635446][T20385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1436.516594][ T2845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1437.771611][ T2914] Failed to get privilege flags for destination (handle=0x2:0x10) [ 1437.813149][ T2922] input: syz1 as /devices/virtual/input/input354 [ 1439.510505][ T3004] CUSE: info not properly terminated [ 1439.520179][ T3004] syz.0.10159: attempt to access beyond end of device [ 1439.520179][ T3004] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1441.497490][ T3095] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1441.535726][ T3100] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1441.959001][ T3115] input: syz0 as /devices/virtual/input/input356 [ 1442.464730][ T3136] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1444.212908][ T3209] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1444.539914][ T3225] usb usb1: usbfs: process 3225 (syz.8.10202) did not claim interface 0 before use [ 1444.566227][ T3225] usb usb1: selecting invalid altsetting 256 [ 1446.316022][ T3338] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1446.722331][ T3355] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1447.228008][ T3386] kvm: kvm [3385]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 1447.973539][ T3434] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1448.168463][ T3451] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1448.661459][ T3475] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1449.346294][ T3568] ubi: mtd0 is already attached to ubi31 [ 1449.608384][ T3611] input: syz0 as /devices/virtual/input/input360 [ 1449.620174][ T3611] input: failed to attach handler leds to device input360, error: -6 [ 1449.918695][ T3653] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1451.161012][ T3693] input: syz1 as /devices/virtual/input/input361 [ 1451.195659][ T3697] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1453.644622][ T3818] binder: 3814:3818 ioctl c0306201 200000000300 returned -22 [ 1454.056156][ T3836] Scaler: ================= START STATUS ================= [ 1454.067418][ T3836] Scaler: ================== END STATUS ================== [ 1454.162261][ T3841] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1454.547669][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.584613][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.605364][ T3860] input: syz1 as /devices/virtual/input/input363 [ 1454.638467][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.657739][ T3860] binder: BINDER_SET_CONTEXT_MGR already set [ 1454.680532][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.699806][ T3860] binder: 3855:3860 ioctl 40046207 0 returned -16 [ 1454.716721][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.759072][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.768864][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.778334][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.787674][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.797036][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.805955][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.822152][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.831109][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.870856][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.879773][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.890956][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.900269][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.909271][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.918559][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.928050][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.939442][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.949169][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.974569][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.984025][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1454.994676][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.004571][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.013674][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.023032][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.033188][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.043548][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.054335][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.063596][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.077558][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.090029][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.100961][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.110339][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.118756][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.128414][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.142813][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.152007][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.162130][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.171166][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.180652][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.189324][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.199088][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.208387][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.219488][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.229537][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.238549][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.247889][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.256573][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.265509][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.274259][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.283960][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.295113][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.304005][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.312474][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.322662][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.332803][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1455.367516][ T3862] binder: 3861:3862 ioctl 400c620e 9999999999999999 returned -14 [ 1457.184592][ T3903] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1457.242586][ T3909] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1459.217497][ T3987] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.491517][ T3985] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.752511][ T4004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1460.139275][ T3992] vivid-000: ================= START STATUS ================= [ 1460.149288][ T3992] vivid-000: Generate PTS: true [ 1460.158750][ T3992] vivid-000: Generate SCR: true [ 1460.166158][ T3992] tpg source WxH: 1280x720 (R'G'B) [ 1460.175367][ T3992] tpg field: 1 [ 1460.184858][ T3992] tpg crop: (0,0)/1280x720 [ 1460.190973][ T3992] tpg compose: (0,0)/1280x720 [ 1460.195980][ T3992] tpg colorspace: 3 [ 1460.223336][ T3992] tpg transfer function: 0/1 [ 1460.228621][ T3992] tpg quantization: 0/2 [ 1460.234034][ T3992] tpg RGB range: 2/1 [ 1460.238183][ T3992] vivid-000: ================== END STATUS ================== [ 1460.356271][T18136] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1460.365271][T18136] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1460.380298][T18136] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1460.388810][T18136] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1460.398690][T18136] rtc rtc0: __rtc_set_alarm: err=-22 [ 1461.690923][T26001] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1461.926209][ T4088] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1462.376712][ T4092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1462.819915][ T4126] sp0: Synchronizing with TNC [ 1463.579380][ T4167] Context (ID=0x10) not attached to queue pair (handle=0x0:0x2) [ 1463.827006][ T4184] syz.8.10358: attempt to access beyond end of device [ 1463.827006][ T4184] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1464.064785][ T4195] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1464.118920][ T4200] tap0: tun_chr_ioctl cmd 1074025672 [ 1464.124906][ T4200] tap0: ignored: set checksum enabled [ 1464.288061][ T4209] autofs4:pid:4209:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377) [ 1464.309864][ T4209] autofs4:pid:4209:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377) [ 1464.569466][ T4222] kvm: kvm [4221]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0xffffffffffff6253 [ 1465.134480][ T4268] sg_write: data in/out 989/10 bytes for SCSI command 0x3a-- guessing data in; [ 1465.134480][ T4268] program syz.0.10369 not setting count and/or reply_len properly [ 1465.278310][ T4268] usb usb1: usbfs: process 4268 (syz.0.10369) did not claim interface 0 before use [ 1465.830972][ T30] audit: type=1400 audit(1750411604.267:50): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=4309 comm="syz.2.10370" [ 1465.861252][ T4312] binder: 4311:4312 ioctl c018620c 200000000140 returned -1 [ 1467.111792][ T4374] input: syz0 as /devices/virtual/input/input364 [ 1468.677941][ T4437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1469.221092][ T4459] binder: 4458:4459 ioctl 40489426 0 returned -22 [ 1469.882542][ T4526] misc userio: The device must be registered before sending interrupts [ 1471.369875][ T1378] Bluetooth: hci4: command 0x1003 tx timeout [ 1471.372442][T26001] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1472.626388][ T4663] input: syz0 as /devices/virtual/input/input366 [ 1472.632459][ T4663] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1473.174052][ T4676] ALSA: mixer_oss: invalid OSS volume '' [ 1473.525656][ T4706] CUSE: info not properly terminated [ 1473.632234][ T4711] binder: 4709:4711 ioctl c0306201 0 returned -14 [ 1473.645219][ T4711] binder: 4709:4711 ioctl c0306201 0 returned -14 [ 1474.223534][ T4739] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 1474.233219][T20385] Bluetooth: hci4: Frame reassembly failed (-84) [ 1474.648937][ T4756] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1476.032462][ T4800] tty tty34: ldisc open failed (-12), clearing slot 33 [ 1476.250647][T26001] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 1476.251783][ T1378] Bluetooth: hci4: command 0x1003 tx timeout [ 1476.732774][ T4861] syz.0.10470: attempt to access beyond end of device [ 1476.732774][ T4861] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1476.749246][ T4859] input: syz0 as /devices/virtual/input/input367 [ 1478.492922][ T1378] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1478.505039][ T1378] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1478.514526][ T1378] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1478.524399][ T1378] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1478.540148][ T1378] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1478.561754][T26001] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1478.604636][T26001] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1478.616398][T26001] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1478.627810][T26001] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1478.636975][T26001] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1478.866007][ T4959] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 1479.101285][ T4975] syz.0.10485: attempt to access beyond end of device [ 1479.101285][ T4975] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1479.699073][T28636] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1480.023481][T28636] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1480.113690][ T5020] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1480.282254][T28636] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1480.704706][T28636] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1480.730026][T26001] Bluetooth: hci1: command tx timeout [ 1480.990369][ T4987] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1480.997269][ T4987] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1481.057946][ T4923] chnl_net:caif_netlink_parms(): no params data found [ 1481.722322][ T4923] bridge0: port 1(bridge_slave_0) entered blocking state [ 1481.735912][ T4923] bridge0: port 1(bridge_slave_0) entered disabled state [ 1481.744496][ T4923] bridge_slave_0: entered allmulticast mode [ 1481.754092][ T4923] bridge_slave_0: entered promiscuous mode [ 1481.785842][ T4923] bridge0: port 2(bridge_slave_1) entered blocking state [ 1481.797453][ T4923] bridge0: port 2(bridge_slave_1) entered disabled state [ 1481.806426][ T4923] bridge_slave_1: entered allmulticast mode [ 1481.816098][ T4923] bridge_slave_1: entered promiscuous mode [ 1482.042737][T28636] bridge_slave_1: left allmulticast mode [ 1482.050455][T28636] bridge_slave_1: left promiscuous mode [ 1482.057804][T28636] bridge0: port 2(bridge_slave_1) entered disabled state [ 1482.131391][ T5306] Falling back ldisc for ptm0. [ 1482.166909][T28636] bridge_slave_0: left allmulticast mode [ 1482.174008][T28636] bridge_slave_0: left promiscuous mode [ 1482.181514][T28636] bridge0: port 1(bridge_slave_0) entered disabled state [ 1482.467245][ T5324] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1482.493626][ T5324] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1484.433935][T28636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1484.536570][T28636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1484.592115][T28636] bond0 (unregistering): Released all slaves [ 1484.670902][ T4923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1484.703588][ T4923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1484.857328][ T5382] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1485.249400][ T4923] team0: Port device team_slave_0 added [ 1485.274433][ T4923] team0: Port device team_slave_1 added [ 1485.320278][ T5437] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1485.821737][ T4923] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1485.829889][ T4923] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.860202][ T4923] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1485.873963][ T4923] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1485.881487][ T4923] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1485.947888][ T4923] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1486.580470][ T30] audit: type=1400 audit(1750411624.967:51): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=5513 comm="syz.0.10523" [ 1486.900133][T28636] hsr_slave_0: left promiscuous mode [ 1486.966495][T28636] hsr_slave_1: left promiscuous mode [ 1486.988210][T28636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1487.013387][T28636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1487.028246][ T5551] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1487.088366][ T5556] usb usb8: usbfs: process 5556 (syz.0.10527) did not claim interface 0 before use [ 1487.092405][T28636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1487.133595][T28636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1487.261502][T28636] veth1_macvtap: left promiscuous mode [ 1487.272681][T28636] veth0_macvtap: left promiscuous mode [ 1487.295378][T28636] veth1_vlan: left promiscuous mode [ 1487.303995][T28636] veth0_vlan: left promiscuous mode [ 1487.422463][ C1] sd 0:0:1:0: [sda] tag#1119 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1487.433821][ C1] sd 0:0:1:0: [sda] tag#1119 CDB: Read(6) 08 00 00 00 85 f0 [ 1487.826581][ T5590] CUSE: info not properly terminated [ 1489.858735][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1489.866156][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1490.094455][T28636] team0 (unregistering): Port device team_slave_1 removed [ 1490.370805][T28636] team0 (unregistering): Port device team_slave_0 removed [ 1493.264530][ T4923] hsr_slave_0: entered promiscuous mode [ 1493.293979][ T4923] hsr_slave_1: entered promiscuous mode [ 1493.316030][ T4923] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1493.329729][ T4923] Cannot create hsr debugfs directory [ 1493.607568][ T5668] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1494.088181][ T5704] input: syz1 as /devices/virtual/input/input371 [ 1494.629378][ T5759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1494.939400][ T5784] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1496.776084][ T4923] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1496.831140][ T4923] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1496.890819][ T4923] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1497.258075][ T4923] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1497.776111][ T4923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1497.885202][ T4923] 8021q: adding VLAN 0 to HW filter on device team0 [ 1497.934493][ T73] bridge0: port 1(bridge_slave_0) entered blocking state [ 1497.943208][ T73] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1497.996023][ T73] bridge0: port 2(bridge_slave_1) entered blocking state [ 1498.004544][ T73] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1498.864501][ T4923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1499.516326][ T4923] veth0_vlan: entered promiscuous mode [ 1499.581863][ T4923] veth1_vlan: entered promiscuous mode [ 1499.729456][ T4923] veth0_macvtap: entered promiscuous mode [ 1499.776003][ T4923] veth1_macvtap: entered promiscuous mode [ 1499.834638][ T4923] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1499.902804][ T4923] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1499.927323][ T4923] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.957972][ T4923] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1499.989234][ T4923] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.009668][ T4923] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1500.374028][T28636] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1500.418447][T28636] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.505727][ T1317] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1500.529983][ T1317] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1500.937317][ T5994] loop6: detected capacity change from 0 to 7 [ 1500.949338][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1500.959198][ C1] buffer_io_error: 43 callbacks suppressed [ 1500.959220][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.000239][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.010556][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.052155][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.062053][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.071331][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.081701][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.090549][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.102843][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.112460][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.122545][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.158688][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.169052][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.184316][ T5994] ldm_validate_partition_table(): Disk read failed. [ 1501.224961][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.235775][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.259753][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.270158][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.286203][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1501.297102][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1501.316008][ T5994] Dev loop6: unable to read RDB block 0 [ 1501.334334][ T5994] loop6: unable to read partition table [ 1501.366387][ T5994] loop6: partition table beyond EOD, truncated [ 1501.385935][ T5994] loop_reread_partitions: partition scan of loop6 (被x() failed (rc=-5) [ 1501.416128][ T6007] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1501.460377][ T6004] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1501.508287][ T6004] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1505.898965][ T6128] loop8: detected capacity change from 0 to 524287999 [ 1505.965280][ T5627] buffer_io_error: 10 callbacks suppressed [ 1505.965301][ T5627] Buffer I/O error on dev loop8, logical block 65535999, async page read [ 1506.645264][ T6153] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1507.776488][ T6200] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1509.493913][ T4679] hid-generic 0000:0000:0000.001D: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1511.140027][ T6294] tap0: tun_chr_ioctl cmd 1074025678 [ 1511.171882][ T6294] tap0: group set to 0 [ 1511.576767][ T1378] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1511.592846][ T1378] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1511.604863][ T1378] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1511.615750][ T1378] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1511.630801][ T6323] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1511.686908][T26001] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1511.688090][T26001] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1511.692945][T26001] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1511.735025][T26001] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1511.756261][T26001] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1512.015370][ T6355] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1512.827619][ T1338] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1513.172346][ T1338] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1513.512778][ T1338] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1513.851907][ T6323] Bluetooth: hci4: command tx timeout [ 1513.902355][ T1338] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1514.347677][ T6312] chnl_net:caif_netlink_parms(): no params data found [ 1515.182259][ T6312] bridge0: port 1(bridge_slave_0) entered blocking state [ 1515.198788][ T6312] bridge0: port 1(bridge_slave_0) entered disabled state [ 1515.218061][ T6312] bridge_slave_0: entered allmulticast mode [ 1515.228261][ T6312] bridge_slave_0: entered promiscuous mode [ 1515.279932][ T1338] bridge_slave_1: left allmulticast mode [ 1515.286032][ T1338] bridge_slave_1: left promiscuous mode [ 1515.301295][ T1338] bridge0: port 2(bridge_slave_1) entered disabled state [ 1515.441580][ T1338] bridge_slave_0: left allmulticast mode [ 1515.447790][ T1338] bridge_slave_0: left promiscuous mode [ 1515.464710][ T1338] bridge0: port 1(bridge_slave_0) entered disabled state [ 1515.929991][ T6323] Bluetooth: hci4: command tx timeout [ 1516.204359][ T6689] ALSA: seq fatal error: cannot create timer (-22) [ 1517.751579][ T1338] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1517.840751][ T1338] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1517.902876][ T1338] bond0 (unregistering): Released all slaves [ 1517.963207][ T6312] bridge0: port 2(bridge_slave_1) entered blocking state [ 1517.976317][ T6312] bridge0: port 2(bridge_slave_1) entered disabled state [ 1517.994924][ T6312] bridge_slave_1: entered allmulticast mode [ 1518.005288][ T6312] bridge_slave_1: entered promiscuous mode [ 1518.013303][ T6323] Bluetooth: hci4: command tx timeout [ 1518.052273][ T6628] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1518.082265][ T6628] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1518.600699][ T6312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1518.648099][ T6312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1518.781348][ T6780] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1518.989952][ T6312] team0: Port device team_slave_0 added [ 1519.014311][ T6312] team0: Port device team_slave_1 added [ 1519.283915][ T6821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1519.683619][ T6312] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1519.694017][ T6312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1519.721556][ C0] vkms_vblank_simulate: vblank timer overrun [ 1519.731700][ T6312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1520.034872][ T1338] hsr_slave_0: left promiscuous mode [ 1520.079909][ T1338] hsr_slave_1: left promiscuous mode [ 1520.089534][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1520.097217][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1520.182786][ T1338] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1520.206385][ T1338] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1520.406036][ T1338] veth1_macvtap: left promiscuous mode [ 1520.412391][ T1338] veth0_macvtap: left promiscuous mode [ 1520.418456][ T1338] veth1_vlan: left promiscuous mode [ 1520.425203][ T1338] veth0_vlan: left promiscuous mode [ 1521.005118][ T6904] Falling back ldisc for ttyprintk. [ 1521.262982][ T6929] ptm ptm8: ldisc open failed (-12), clearing slot 8 [ 1521.463200][ T6937] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1521.573078][ T6940] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1522.690017][ T6960] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1523.183134][ T1338] team0 (unregistering): Port device team_slave_1 removed [ 1523.464158][ T1338] team0 (unregistering): Port device team_slave_0 removed [ 1526.414955][ T6312] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1526.423235][ T6312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1526.452867][ T6312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1527.188564][ T6312] hsr_slave_0: entered promiscuous mode [ 1527.218396][ T6312] hsr_slave_1: entered promiscuous mode [ 1527.226208][ T6312] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1527.237764][ T6312] Cannot create hsr debugfs directory [ 1528.474364][ T6312] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1528.518221][ T6312] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1528.592246][ T6312] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1528.686861][ T6312] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1529.072578][ T6312] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1529.164082][ T6312] 8021q: adding VLAN 0 to HW filter on device team0 [ 1529.203104][T28636] bridge0: port 1(bridge_slave_0) entered blocking state [ 1529.210703][T28636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1529.237936][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state [ 1529.245338][ T7162] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1529.245911][ T5166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1529.766293][ T6312] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1530.542008][ T6312] veth0_vlan: entered promiscuous mode [ 1530.563169][ T6312] veth1_vlan: entered promiscuous mode [ 1530.668903][ T6312] veth0_macvtap: entered promiscuous mode [ 1530.703401][ T6312] veth1_macvtap: entered promiscuous mode [ 1530.781055][ T6312] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1530.817401][ T6312] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1530.878720][ T6312] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.920739][ T6312] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.935915][ T7241] loop6: detected capacity change from 0 to 524287999 [ 1530.959906][ T6312] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1530.981108][ C0] blk_print_req_error: 10 callbacks suppressed [ 1530.981131][ C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 2 prio class 0 [ 1530.998672][ C0] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1531.008602][ C0] Buffer I/O error on dev loop6, logical block 1, lost async page write [ 1531.031042][ T6312] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1531.681447][T20385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1531.711956][T20385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1531.836961][T28636] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1531.882074][T28636] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1532.432387][ T7313] No buffer was provided with the request [ 1532.450652][ T7312] [U] [ 1532.677653][ T7323] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1536.158116][ T7483] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1537.734994][ T7569] input: syz1 as /devices/virtual/input/input377 [ 1538.462917][ T7614] random: crng reseeded on system resumption [ 1539.960256][ T7689] input: syz1 as /devices/virtual/input/input378 [ 1541.793230][ T7794] input: syz0 as /devices/virtual/input/input379 [ 1542.889885][ T7835] kvm: kvm [7834]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010001) = 0x200000000400 [ 1543.773343][ T7878] kvm: kvm [7876]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 1544.682165][ T7922] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1544.814487][ T7933] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1544.828894][ T7933] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1547.274173][ T1338] Bluetooth: hci2: Frame reassembly failed (-84) [ 1547.506011][ T8089] random: crng reseeded on system resumption [ 1549.289824][ T6323] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1549.768919][ T8179] binder: 8175:8179 ioctl 400c620e 2000000014c0 returned -22 [ 1550.425367][ T8201] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1551.310342][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1551.316945][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1552.636085][ T8316] binder: 8315:8316 ioctl c0306201 200000000540 returned -22 [ 1552.771823][ T8328] CUSE: DEVNAME unspecified [ 1555.211708][ T8434] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1557.423080][ T8554] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1557.426865][ T8547] tun0: tun_chr_ioctl cmd 1074025676 [ 1557.442020][ T8547] tun0: owner set to 0 [ 1558.125727][ T8586] binder: 8584:8586 ioctl c0306201 200000000640 returned -22 [ 1559.102383][ T8632] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1559.588154][ T8663] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1560.492581][ T8700] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1560.641916][ T8698] syz.7.10892: attempt to access beyond end of device [ 1560.641916][ T8698] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1561.585650][ T8731] ubi: mtd0 is already attached to ubi31 [ 1561.814449][ T8744] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1562.155764][ T8759] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1562.188166][ T8759] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1562.217794][ T8759] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1563.320675][ T8812] snd_dummy snd_dummy.0: control 1:254:0:syz0:32 is already present [ 1563.570721][ T8821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1563.611650][ T30] audit: type=1400 audit(1750411702.047:52): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#" pid=8826 comm="syz.9.10913" [ 1563.917163][ T8843] syz.9.10918: attempt to access beyond end of device [ 1563.917163][ T8843] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1564.162825][ T8864] kvm: kvm [8858]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 1564.169518][ T8864] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1564.563182][ T8880] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1565.248189][ T8920] sp0: Synchronizing with TNC [ 1567.322582][ T8985] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1568.378594][ T9067] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1572.478601][ T9377] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1572.513468][ T9377] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1573.057917][ T9402] QAT: failed to copy from user cfg_data. [ 1575.541396][ T9527] binder: 9524:9527 ioctl 400c620e 2000000000c0 returned -22 [ 1575.616243][ T9527] sp0: Synchronizing with TNC [ 1575.865043][ T9524] [U] [ 1576.057002][ T9557] vivid-000: ================= START STATUS ================= [ 1576.067891][ T9557] vivid-000: Enable Output Cropping: false [ 1576.080043][ T9557] vivid-000: Enable Output Composing: false [ 1576.086660][ T9557] vivid-000: Enable Output Scaler: false [ 1576.093753][ T9557] vivid-000: Tx RGB Quantization Range: Automatic [ 1576.103743][ T9557] vivid-000: Transmit Mode: HDMI [ 1576.108760][ T9557] vivid-000: Hotplug Present: 0x00000001 [ 1576.117453][ T9557] vivid-000: RxSense Present: 0x00000001 [ 1576.132002][ T9557] vivid-000: EDID Present: 0x00000001 [ 1576.137608][ T9557] vivid-000: ================== END STATUS ================== [ 1576.978587][ T9601] input: syz0 as /devices/virtual/input/input383 [ 1577.099291][ T9612] misc userio: The device must be registered before sending interrupts [ 1577.121667][ T9612] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1578.655823][ T9652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1578.743252][ T9664] loop6: detected capacity change from 0 to 4 [ 1578.766485][ C1] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1578.776085][ C1] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1578.790677][ C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1578.800208][ C0] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1579.864893][ T9719] input: syz1 as /devices/virtual/input/input384 [ 1580.907872][ T9770] blktrace: Concurrent blktraces are not allowed on rnullb0 [ 1581.472788][ T30] audit: type=1804 audit(1750411719.907:53): pid=9809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.11070" name="/newroot/330/cgroup.controllers" dev="tmpfs" ino=1714 res=1 errno=0 [ 1581.496888][ T30] audit: type=1800 audit(1750411719.927:54): pid=9809 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.11070" name="cgroup.controllers" dev="tmpfs" ino=1714 res=0 errno=0 [ 1581.524681][ T9809] program syz.2.11070 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1582.046533][ T9840] mkiss: ax0: crc mode is auto. [ 1582.803072][ T30] audit: type=1800 audit(1750411721.237:55): pid=9877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.11082" name="memory.events" dev="tmpfs" ino=523 res=0 errno=0 [ 1583.521570][ T9908] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1583.899424][ T9933] binder: 9916:9933 ioctl c0306201 200000000540 returned -14 [ 1583.916571][ T9933] input: syz1 as /devices/virtual/input/input386 [ 1584.685197][ T9982] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1585.143836][T10009] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1585.157515][T10019] loop6: detected capacity change from 0 to 524287999 [ 1585.770822][T10040] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1586.073034][T10056] program syz.9.11114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1586.137333][T10059] program syz.9.11114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1586.166375][T10059] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1586.426548][T10075] input: syz1 as /devices/virtual/input/input387 [ 1586.816511][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1586.845883][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1586.859093][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1586.865631][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1586.872956][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1586.879053][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1586.899269][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1586.917862][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1586.942789][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1586.959237][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1586.992044][T10110] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1587.021129][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021148][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021247][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021259][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021355][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021366][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021472][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021482][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021569][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021581][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021680][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021691][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021785][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021796][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021888][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.021900][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.021996][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022006][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022104][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022115][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022211][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022222][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022313][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022324][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022426][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022438][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022528][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022539][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022631][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022641][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022755][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022766][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022857][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022868][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.022958][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.022969][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023059][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023071][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023168][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023180][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023280][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023291][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023396][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023407][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023502][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023514][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023612][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023622][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023716][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023727][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.023820][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.023831][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1587.024372][T10102] binder: BINDER_SET_CONTEXT_MGR already set [ 1587.024392][T10102] binder: 10101:10102 ioctl 40046207 0 returned -16 [ 1588.653814][T10173] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1588.722260][T10173] vivid-000: disconnect [ 1588.731356][T10172] vivid-000: reconnect [ 1589.302585][T10212] mkiss: ax0: crc mode is auto. [ 1589.345771][T10218] binder: 10217:10218 ioctl c0306201 2000000003c0 returned -14 [ 1589.448811][T10224] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1590.210425][T10252] random: crng reseeded on system resumption [ 1590.997137][T10287] binder: 10286:10287 ioctl 4018620d 0 returned -22 [ 1590.997877][T10288] binder: 10286:10288 ioctl 4018620d 0 returned -22 [ 1591.048783][T10288] binder: 10286:10288 ioctl c018620c 0 returned -14 [ 1591.779796][T10319] input: syz1 as /devices/virtual/input/input388 [ 1592.181557][T10340] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1592.402844][T10361] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1592.498965][T10357] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1592.513560][T10356] syz.8.11173: attempt to access beyond end of device [ 1592.513560][T10356] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1593.042943][T10403] dlm: Unknown command passed to DLM device : 0 [ 1593.042943][T10403] [ 1593.078489][T10405] usb usb1: usbfs: process 10405 (syz.2.11180) did not claim interface 0 before use [ 1594.846239][T10493] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1596.128439][T10555] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1596.141754][T10564] program syz.8.11211 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1596.170392][T10564] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1597.314378][T10629] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1597.972842][T10666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1598.907248][T10711] QAT: Invalid ioctl 21531 [ 1599.827239][T10751] loop8: detected capacity change from 0 to 7 [ 1599.850053][ T9253] Dev loop8: unable to read RDB block 7 [ 1599.855726][ T9253] loop8: unable to read partition table [ 1599.875930][ T9253] loop8: partition table beyond EOD, truncated [ 1599.921613][T10751] Dev loop8: unable to read RDB block 7 [ 1599.930582][T10751] loop8: unable to read partition table [ 1599.949928][T10751] loop8: partition table beyond EOD, truncated [ 1599.987868][T10751] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 1600.041397][T10771] Dev loop8: unable to read RDB block 7 [ 1600.059729][T10771] loop8: unable to read partition table [ 1600.065709][T10771] loop8: partition table beyond EOD, truncated [ 1600.825677][T10811] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1601.325901][T10835] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1601.581135][T10857] input: syz1 as /devices/virtual/input/input391 [ 1604.014875][T10973] binder: 10972:10973 ioctl 400c620e 200000000100 returned -22 [ 1605.005003][T11007] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1605.708592][T11034] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1605.733999][T11034] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1606.014534][T11055] kvm: kvm [11049]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x882 [ 1607.263038][T11095] sp0: Synchronizing with TNC [ 1607.345342][T11095] binder: 11093:11095 unknown command 576 [ 1607.379599][T11095] binder: 11093:11095 ioctl c0306201 200000000480 returned -22 [ 1607.417775][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.449236][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.457492][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.476806][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.488507][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.493993][T11093] [U] [ 1607.502573][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.510890][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.518822][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.527040][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.536546][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.544877][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.559873][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.570110][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.579049][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.587182][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.604309][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.630426][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.642604][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.651750][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.684001][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.707578][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.732532][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.756596][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.782362][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.799290][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.808790][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.817187][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.825451][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.833742][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.841972][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.850280][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.858289][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.866539][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.904036][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.931300][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.942169][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.961896][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1607.989865][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.011042][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.055851][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.101972][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.123503][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.126526][T11143] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1608.157371][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1608.179772][T11107] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 1609.182114][T11193] input: syz1 as /devices/virtual/input/input395 [ 1609.217725][T11193] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1610.768882][T11296] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1610.794092][T11296] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1611.550231][T11311] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1611.842175][T11355] dlm: non-version read from control device 20 [ 1612.049131][T11364] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 1612.062633][T11357] loop6: detected capacity change from 0 to 524287999 [ 1612.087384][T11357] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1612.110589][T11357] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1612.160043][T11357] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1612.197869][T11357] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1612.751492][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1612.758257][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1612.762291][T11394] binder: 11391:11394 ioctl c0306201 200000000540 returned -14 [ 1612.805366][T11394] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1613.575244][T11432] input: syz1 as /devices/virtual/input/input396 [ 1614.050785][T11455] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1614.188679][T11468] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1614.451403][T11492] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1615.333541][ T30] audit: type=1800 audit(1750411753.767:56): pid=11537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.11387" name="dmabuf" dev="dmabuf" ino=66 res=0 errno=0 [ 1616.605364][T11611] binder: 11610:11611 ioctl c0306201 200000000100 returned -22 [ 1618.184007][T11774] dlm: plock device version mismatch: kernel (1.2.0), user (1986356271.1886416943.0) [ 1618.720522][T11803] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1618.768824][T11803] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1619.146060][T11834] mkiss: ax0: crc mode is auto. [ 1619.276472][T11845] sp0: Synchronizing with TNC [ 1619.290570][T11845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1619.535039][T11866] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1619.837161][T11894] can0: slcan on ptm1. [ 1620.091717][T11892] can0 (unregistered): slcan off ptm1. [ 1620.552405][T11940] usb usb1: usbfs: process 11940 (syz.9.11435) did not claim interface 0 before use [ 1621.059980][T11967] random: crng reseeded on system resumption [ 1621.984166][T12026] CUSE: info not properly terminated [ 1623.069398][T12077] vivid-004: disconnect [ 1623.332549][T12092] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1623.683413][T12075] vivid-004: reconnect [ 1624.357118][T12152] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1624.644590][T12173] vivid-004: ================= START STATUS ================= [ 1624.653191][T12173] vivid-004: Radio HW Seek Mode: Bounded [ 1624.660096][T12173] vivid-004: Radio Programmable HW Seek: false [ 1624.677605][T12173] vivid-004: RDS Rx I/O Mode: Block I/O [ 1624.694758][T12173] vivid-004: Generate RBDS Instead of RDS: false [ 1624.713426][T12173] vivid-004: RDS Reception: true [ 1624.727166][T12173] vivid-004: RDS Program Type: 0 inactive [ 1624.735105][T12173] vivid-004: RDS PS Name: inactive [ 1624.753700][T12173] vivid-004: RDS Radio Text: inactive [ 1624.762144][T12173] vivid-004: RDS Traffic Announcement: false inactive [ 1624.784793][T12178] sp0: Synchronizing with TNC [ 1624.785559][T12173] vivid-004: RDS Traffic Program: [ 1624.793578][T12179] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1624.819928][T12173] false inactive [ 1624.823682][T12173] vivid-004: RDS Music: false inactive [ 1624.829394][T12173] vivid-004: ================== END STATUS ================== [ 1624.884060][T12172] [U] [ 1625.251262][T12220] input: syz0 as /devices/virtual/input/input403 [ 1625.306399][ T4923] cgroup: fork rejected by pids controller in /syz8 [ 1626.063587][T12263] misc userio: Begin command sent, but we're already running [ 1626.380333][T28636] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1626.477223][T26001] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1626.491148][T26001] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1626.499498][T26001] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1626.512337][T26001] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1626.520554][T26001] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1626.580893][ T6323] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1626.596243][ T6323] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1626.603860][ T6323] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1626.617953][ T6323] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1626.628761][ T6323] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1626.732250][T28636] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1626.992391][T28636] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1627.226610][T12316] kvm: apic: phys broadcast and lowest prio [ 1627.251987][T28636] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1627.788844][T12452] binfmt_misc: register: failed to install interpreter file ./cgroup [ 1627.834151][T12279] chnl_net:caif_netlink_parms(): no params data found [ 1628.649768][T26001] Bluetooth: hci1: command tx timeout [ 1628.733840][T12279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1628.733939][T12279] bridge0: port 1(bridge_slave_0) entered disabled state [ 1628.734129][T12279] bridge_slave_0: entered allmulticast mode [ 1628.735664][T12279] bridge_slave_0: entered promiscuous mode [ 1628.738373][T12279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1628.738466][T12279] bridge0: port 2(bridge_slave_1) entered disabled state [ 1628.738622][T12279] bridge_slave_1: entered allmulticast mode [ 1628.742594][T12279] bridge_slave_1: entered promiscuous mode [ 1628.743627][T28636] bridge_slave_1: left allmulticast mode [ 1628.743648][T28636] bridge_slave_1: left promiscuous mode [ 1628.743863][T28636] bridge0: port 2(bridge_slave_1) entered disabled state [ 1628.820795][T28636] bridge_slave_0: left allmulticast mode [ 1628.820826][T28636] bridge_slave_0: left promiscuous mode [ 1628.821037][T28636] bridge0: port 1(bridge_slave_0) entered disabled state [ 1629.759726][ T5166] Bluetooth: hci2: Frame reassembly failed (-84) [ 1629.766718][ T5166] Bluetooth: hci2: Frame reassembly failed (-84) [ 1630.729747][ T6323] Bluetooth: hci1: command tx timeout [ 1630.850872][T28636] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1630.951502][T28636] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1631.012009][T28636] bond0 (unregistering): Released all slaves [ 1631.515629][T12279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1631.594331][T12639] blktrace: Concurrent blktraces are not allowed on rnullb0 [ 1631.738379][T12279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1631.769865][T26001] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1631.770748][ T6323] Bluetooth: hci2: command 0x1003 tx timeout [ 1632.393267][T12279] team0: Port device team_slave_0 added [ 1632.422956][T12279] team0: Port device team_slave_1 added [ 1632.810017][T26001] Bluetooth: hci1: command tx timeout [ 1632.819073][T12279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1632.831125][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.878030][T12279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1632.939187][T12279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1632.952408][T12279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1632.989294][T12279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1633.139721][T28636] hsr_slave_0: left promiscuous mode [ 1633.192472][T28636] hsr_slave_1: left promiscuous mode [ 1633.207708][T28636] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1633.216756][T28636] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1633.284191][T28636] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1633.293395][T28636] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1633.391337][T28636] veth1_macvtap: left promiscuous mode [ 1633.399727][T28636] veth0_macvtap: left promiscuous mode [ 1633.405646][T28636] veth1_vlan: left promiscuous mode [ 1633.411355][T28636] veth0_vlan: left promiscuous mode [ 1633.561175][T12719] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1633.568825][T12719] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1633.949331][T12777] syz.9.11533: attempt to access beyond end of device [ 1633.949331][T12777] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1634.233316][T12787] input: syz1 as /devices/virtual/input/input405 [ 1636.211322][T28636] team0 (unregistering): Port device team_slave_1 removed [ 1636.451025][T28636] team0 (unregistering): Port device team_slave_0 removed [ 1639.320763][T12279] hsr_slave_0: entered promiscuous mode [ 1639.340905][T12279] hsr_slave_1: entered promiscuous mode [ 1639.347409][T12279] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1639.374793][T12279] Cannot create hsr debugfs directory [ 1640.550875][T12955] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1641.064124][T13023] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1642.656526][T12279] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1642.704067][T12279] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1642.752162][T12279] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1642.839183][T12279] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1643.065725][T12279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1643.102792][T12279] 8021q: adding VLAN 0 to HW filter on device team0 [ 1643.119415][T11666] bridge0: port 1(bridge_slave_0) entered blocking state [ 1643.126685][T11666] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1643.161763][T11666] bridge0: port 2(bridge_slave_1) entered blocking state [ 1643.168998][T11666] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1643.392919][T13244] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1643.415338][T13244] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1643.434961][T13244] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1643.622334][T12279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1644.434821][T12279] veth0_vlan: entered promiscuous mode [ 1644.466481][T12279] veth1_vlan: entered promiscuous mode [ 1644.552304][T12279] veth0_macvtap: entered promiscuous mode [ 1644.571711][T12279] veth1_macvtap: entered promiscuous mode [ 1644.643908][T12279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1644.657486][T12279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1644.678488][T12279] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.690959][T12279] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.699983][T12279] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.708726][T12279] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1644.968916][ T5166] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1644.988870][ T5166] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1645.059971][T20385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1645.067899][T20385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1645.101742][T13333] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1645.863549][T13376] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1646.382933][T13408] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1646.399063][T13411] random: crng reseeded on system resumption [ 1647.317993][T13455] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1647.453764][T26001] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1647.454170][ T6323] Bluetooth: hci2: command 0x1003 tx timeout [ 1648.605014][T13528] binder: 13525:13528 ioctl c0306201 0 returned -14 [ 1648.612188][T13528] binder: 13525:13528 ioctl c0306201 2000000000c0 returned -11 [ 1648.622689][T13145] Bluetooth: hci2: Frame reassembly failed (-90) [ 1648.702441][T13548] binder: 13525:13548 ioctl 4058534c 200000000240 returned -22 [ 1648.807327][T13548] binder: 13525:13548 ioctl 127f 2000000000c0 returned -22 [ 1649.605968][T13583] [U]  [ 1649.608828][T13583] [U] K{ [ 1649.610879][T13586] binder: 13585:13586 unknown command 72 [ 1649.611875][T13583] [U] t 1ŠFfˊ`GJgo/mC [ 1649.617515][T13586] binder: 13585:13586 ioctl c0306201 200000000540 returned -22 [ 1649.624474][T13583] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 1649.624497][T13583] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 1649.624528][T13583] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 1649.624584][T13583] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 1649.717277][T13583] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 1649.728430][T13583] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 1649.740027][T13583] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 1649.838543][T13583] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 1649.847089][T13583] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 1649.848783][T13584] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1649.860656][T13583] [U] 22Ʃx?0;3u [ 1649.860681][T13583] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 1649.860707][T13583] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 1649.860721][T13583] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 1649.860734][T13583] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 1649.860750][T13583] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 1649.932979][T13583] [U] ec [ 1649.936106][T13583] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 1649.948476][ C0] vkms_vblank_simulate: vblank timer overrun [ 1650.061351][T13582] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 1650.650412][T26001] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1651.512891][T13665] loop6: detected capacity change from 0 to 524287999 [ 1652.409464][T13715] syz.7.11635: attempt to access beyond end of device [ 1652.409464][T13715] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1652.546995][T13723] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1652.593589][T13723] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1653.246571][T13769] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1654.952133][T13845] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1654.976780][T13849] binder: 13847:13849 ioctl c018620c 200000000140 returned -22 [ 1655.011219][T13853] input: syz1 as /devices/virtual/input/input407 [ 1655.663305][T13898] binder: 13897:13898 ioctl c0306201 200000000540 returned -22 [ 1656.778930][T14058] CUSE: DEVNAME unspecified [ 1656.819301][T14060] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1656.969990][ T43] hid-generic 0000:0000:0000.001E: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1657.898664][T14109] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1658.330920][T14145] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1658.349093][T14145] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1658.885030][T14170] mkiss: ax0: crc mode is auto. [ 1659.498511][T14218] binfmt_misc: register: failed to install interpreter file ./file0 [ 1660.055487][T14248] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1660.336263][ T43] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1660.344633][ T43] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1660.360911][ T43] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1660.382780][ T43] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1660.404670][ T43] rtc rtc0: __rtc_set_alarm: err=-22 [ 1661.430804][T14325] program syz.8.11731 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1662.013052][T14351] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1662.448712][T14377] random: crng reseeded on system resumption [ 1662.756614][T14393] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1662.830542][T14398] vivid-000: disconnect [ 1662.999122][T14406] input: syz1 as /devices/virtual/input/input409 [ 1663.027021][T14406] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1663.064513][T14406] dlm: Unknown command passed to DLM device : 0 [ 1663.064513][T14406] [ 1663.170328][T14387] vivid-000: reconnect [ 1664.029209][T14441] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1664.711244][T14490] blktrace: Concurrent blktraces are not allowed on sg0 [ 1669.166684][T14709] binder: 14705:14709 ioctl c0306201 200000000540 returned -14 [ 1669.183258][T14709] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1670.030761][T14758] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1670.632442][T14783] kvm: kvm [14781]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc2) = 0x1 [ 1671.765478][T14853] ALSA: seq fatal error: cannot create timer (-22) [ 1672.494651][T14903] CUSE: unknown device info "MzP{UҗEsZ$cw#/f}ٔb,Q[{Ʈ$ [ 1672.494651][T14903] 4&I:#5o63ю.l%wC [ 1672.494651][T14903] ?" [ 1672.536717][T14903] CUSE: unknown device info "v2.7˂*5SEAy `?e`l6ݡQ0V84܎{c"K^vaO֐M 8f1\.dž6(3ifω11,kbz"NXj} ~wu/K9.rפ" [ 1672.585607][T14903] CUSE: DEVNAME unspecified [ 1673.083521][T14932] block nbd7: NBD_DISCONNECT [ 1673.230871][T14941] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1673.569878][T14962] loop8: detected capacity change from 0 to 7 [ 1673.586259][T14962] Dev loop8: unable to read RDB block 7 [ 1673.640819][T14962] loop8: unable to read partition table [ 1673.646857][T14962] loop8: partition table beyond EOD, truncated [ 1673.659748][T14962] loop_reread_partitions: partition scan of loop8 (被x) failed (rc=-5) [ 1673.789094][ T5207] Dev loop8: unable to read RDB block 7 [ 1673.802124][ T5207] loop8: unable to read partition table [ 1673.808082][ T5207] loop8: partition table beyond EOD, truncated [ 1674.012630][ T30] audit: type=1800 audit(1750411812.447:57): pid=14983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.11852" name="dmabuf" dev="dmabuf" ino=71 res=0 errno=0 [ 1674.178223][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1674.184798][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1675.765925][T15077] misc userio: No port type given on /dev/userio [ 1675.927424][T15092] input input413: cannot allocate more than FF_MAX_EFFECTS effects [ 1676.306190][T15126] usb usb8: usbfs: process 15126 (syz.9.11885) did not claim interface 0 before use [ 1676.489452][T15133] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1677.463350][T15187] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1677.814325][T15207] binder: 15205:15207 ioctl 400c620e 2000000014c0 returned -22 [ 1679.693723][T15263] [U] ^C^C [ 1682.686633][ T30] audit: type=1400 audit(1750411821.117:58): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=15404 comm="syz.7.11945" [ 1683.096253][T15433] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1684.742740][T15532] sp0: Synchronizing with TNC [ 1684.744683][ T1317] [ 1684.744694][ T1317] ===================================================== [ 1684.744702][ T1317] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 1684.744717][ T1317] 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 Not tainted [ 1684.744727][ T1317] ----------------------------------------------------- [ 1684.744735][ T1317] kworker/u8:5/1317 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1684.744753][ T1317] ffffffff8ef04e38 (disc_data_lock#4){.+.+}-{3:3}, at: sixpack_write_wakeup+0x30/0x480 [ 1684.744806][ T1317] [ 1684.744806][ T1317] and this task is already holding: [ 1684.744812][ T1317] ffffffff99ffe3b8 (&port_lock_key){-.-.}-{3:3}, at: uart_port_ref_lock+0xc4/0x3b0 [ 1684.744849][ T1317] which would create a new lock dependency: [ 1684.744856][ T1317] (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock#4){.+.+}-{3:3} [ 1684.744900][ T1317] [ 1684.744900][ T1317] but this new dependency connects a HARDIRQ-irq-safe lock: [ 1684.744909][ T1317] (&port_lock_key){-.-.}-{3:3} [ 1684.744924][ T1317] [ 1684.744924][ T1317] ... which became HARDIRQ-irq-safe at: [ 1684.744933][ T1317] lock_acquire+0x120/0x360 [ 1684.744949][ T1317] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1684.744973][ T1317] serial8250_handle_irq+0x6b/0xbb0 [ 1684.744988][ T1317] serial8250_default_handle_irq+0xbf/0x1b0 [ 1684.745009][ T1317] serial8250_interrupt+0xa5/0x1d0 [ 1684.745032][ T1317] __handle_irq_event_percpu+0x28c/0x980 [ 1684.745054][ T1317] handle_irq_event+0x8b/0x1e0 [ 1684.745075][ T1317] handle_edge_irq+0x267/0x9c0 [ 1684.745094][ T1317] __common_interrupt+0x143/0x250 [ 1684.745118][ T1317] common_interrupt+0xb6/0xe0 [ 1684.745137][ T1317] asm_common_interrupt+0x26/0x40 [ 1684.745152][ T1317] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1684.745175][ T1317] uart_port_unlock_deref+0x111/0x2f0 [ 1684.745190][ T1317] uart_write+0xe8/0x130 [ 1684.745203][ T1317] n_tty_write+0xd35/0x11d0 [ 1684.745222][ T1317] file_tty_write+0x500/0x990 [ 1684.745235][ T1317] vfs_write+0x548/0xa90 [ 1684.745255][ T1317] ksys_write+0x145/0x250 [ 1684.745274][ T1317] do_syscall_64+0xfa/0x3b0 [ 1684.745289][ T1317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.745304][ T1317] [ 1684.745304][ T1317] to a HARDIRQ-irq-unsafe lock: [ 1684.745311][ T1317] (disc_data_lock#4){.+.+}-{3:3} [ 1684.745332][ T1317] [ 1684.745332][ T1317] ... which became HARDIRQ-irq-unsafe at: [ 1684.745340][ T1317] ... [ 1684.745344][ T1317] lock_acquire+0x120/0x360 [ 1684.745359][ T1317] _raw_read_lock+0x36/0x50 [ 1684.745381][ T1317] sixpack_receive_buf+0x5c/0x1450 [ 1684.745398][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.745422][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.745439][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.745456][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.745473][ T1317] worker_thread+0x8a0/0xda0 [ 1684.745490][ T1317] kthread+0x70e/0x8a0 [ 1684.745510][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.745525][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.745547][ T1317] [ 1684.745547][ T1317] other info that might help us debug this: [ 1684.745547][ T1317] [ 1684.745554][ T1317] Possible interrupt unsafe locking scenario: [ 1684.745554][ T1317] [ 1684.745560][ T1317] CPU0 CPU1 [ 1684.745566][ T1317] ---- ---- [ 1684.745573][ T1317] lock(disc_data_lock#4); [ 1684.745591][ T1317] local_irq_disable(); [ 1684.745597][ T1317] lock(&port_lock_key); [ 1684.745611][ T1317] lock(disc_data_lock#4); [ 1684.745629][ T1317] [ 1684.745635][ T1317] lock(&port_lock_key); [ 1684.745647][ T1317] [ 1684.745647][ T1317] *** DEADLOCK *** [ 1684.745647][ T1317] [ 1684.745653][ T1317] 6 locks held by kworker/u8:5/1317: [ 1684.745663][ T1317] #0: ffff88801a889148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1684.745709][ T1317] #1: ffffc90004467bc0 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1684.745752][ T1317] #2: ffff888024c18ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x38/0x720 [ 1684.745794][ T1317] #3: ffff88807d7bb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1684.745833][ T1317] #4: ffffffff99ffe3b8 (&port_lock_key){-.-.}-{3:3}, at: uart_port_ref_lock+0xc4/0x3b0 [ 1684.745872][ T1317] #5: ffff88807d7bb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90 [ 1684.745910][ T1317] [ 1684.745910][ T1317] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 1684.745919][ T1317] -> (&port_lock_key){-.-.}-{3:3} { [ 1684.745942][ T1317] IN-HARDIRQ-W at: [ 1684.745953][ T1317] lock_acquire+0x120/0x360 [ 1684.745968][ T1317] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1684.745991][ T1317] serial8250_handle_irq+0x6b/0xbb0 [ 1684.746006][ T1317] serial8250_default_handle_irq+0xbf/0x1b0 [ 1684.746026][ T1317] serial8250_interrupt+0xa5/0x1d0 [ 1684.746049][ T1317] __handle_irq_event_percpu+0x28c/0x980 [ 1684.746072][ T1317] handle_irq_event+0x8b/0x1e0 [ 1684.746094][ T1317] handle_edge_irq+0x267/0x9c0 [ 1684.746113][ T1317] __common_interrupt+0x143/0x250 [ 1684.746138][ T1317] common_interrupt+0xb6/0xe0 [ 1684.746157][ T1317] asm_common_interrupt+0x26/0x40 [ 1684.746172][ T1317] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1684.746196][ T1317] uart_port_unlock_deref+0x111/0x2f0 [ 1684.746211][ T1317] uart_write+0xe8/0x130 [ 1684.746225][ T1317] n_tty_write+0xd35/0x11d0 [ 1684.746244][ T1317] file_tty_write+0x500/0x990 [ 1684.746258][ T1317] vfs_write+0x548/0xa90 [ 1684.746277][ T1317] ksys_write+0x145/0x250 [ 1684.746297][ T1317] do_syscall_64+0xfa/0x3b0 [ 1684.746312][ T1317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.746328][ T1317] IN-SOFTIRQ-W at: [ 1684.746338][ T1317] lock_acquire+0x120/0x360 [ 1684.746353][ T1317] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1684.746376][ T1317] serial8250_handle_irq+0x6b/0xbb0 [ 1684.746391][ T1317] serial8250_default_handle_irq+0xbf/0x1b0 [ 1684.746418][ T1317] serial8250_interrupt+0xa5/0x1d0 [ 1684.746442][ T1317] __handle_irq_event_percpu+0x28c/0x980 [ 1684.746464][ T1317] handle_irq_event+0x8b/0x1e0 [ 1684.746486][ T1317] handle_edge_irq+0x267/0x9c0 [ 1684.746505][ T1317] __common_interrupt+0x143/0x250 [ 1684.746530][ T1317] common_interrupt+0x5e/0xe0 [ 1684.746550][ T1317] asm_common_interrupt+0x26/0x40 [ 1684.746570][ T1317] __rcu_read_unlock+0x71/0xe0 [ 1684.746592][ T1317] unwind_next_frame+0x19ae/0x2390 [ 1684.746608][ T1317] arch_stack_walk+0x11c/0x150 [ 1684.746625][ T1317] stack_trace_save+0x9c/0xe0 [ 1684.746649][ T1317] kasan_save_track+0x3e/0x80 [ 1684.746665][ T1317] kasan_save_free_info+0x46/0x50 [ 1684.746687][ T1317] __kasan_slab_free+0x62/0x70 [ 1684.746703][ T1317] kmem_cache_free+0x18f/0x400 [ 1684.746720][ T1317] rcu_core+0xca5/0x1710 [ 1684.746734][ T1317] handle_softirqs+0x286/0x870 [ 1684.746753][ T1317] __irq_exit_rcu+0xca/0x1f0 [ 1684.746768][ T1317] irq_exit_rcu+0x9/0x30 [ 1684.746783][ T1317] common_interrupt+0xbb/0xe0 [ 1684.746800][ T1317] asm_common_interrupt+0x26/0x40 [ 1684.746814][ T1317] _raw_spin_unlock_irqrestore+0xa8/0x110 [ 1684.746835][ T1317] uart_port_unlock_deref+0x111/0x2f0 [ 1684.746849][ T1317] uart_write+0xe8/0x130 [ 1684.746861][ T1317] n_tty_write+0xd35/0x11d0 [ 1684.746879][ T1317] file_tty_write+0x500/0x990 [ 1684.746891][ T1317] vfs_write+0x548/0xa90 [ 1684.746908][ T1317] ksys_write+0x145/0x250 [ 1684.746926][ T1317] do_syscall_64+0xfa/0x3b0 [ 1684.746940][ T1317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.746954][ T1317] INITIAL USE at: [ 1684.746963][ T1317] lock_acquire+0x120/0x360 [ 1684.746977][ T1317] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1684.746997][ T1317] serial8250_do_set_termios+0x4bb/0x1c20 [ 1684.747013][ T1317] uart_set_options+0x3c2/0x5b0 [ 1684.747034][ T1317] serial8250_console_setup+0x2f4/0x3c0 [ 1684.747050][ T1317] univ8250_console_setup+0x43a/0x540 [ 1684.747072][ T1317] try_enable_preferred_console+0x4e4/0x650 [ 1684.747093][ T1317] register_console+0x551/0xf90 [ 1684.747113][ T1317] univ8250_console_init+0x52/0x90 [ 1684.747133][ T1317] console_init+0x1a1/0x670 [ 1684.747151][ T1317] start_kernel+0x2cc/0x500 [ 1684.747166][ T1317] x86_64_start_reservations+0x24/0x30 [ 1684.747187][ T1317] x86_64_start_kernel+0x143/0x1c0 [ 1684.747207][ T1317] common_startup_64+0x13e/0x147 [ 1684.747227][ T1317] } [ 1684.747231][ T1317] ... key at: [] port_lock_key+0x0/0x20 [ 1684.747248][ T1317] [ 1684.747248][ T1317] the dependencies between the lock to be acquired [ 1684.747253][ T1317] and HARDIRQ-irq-unsafe lock: [ 1684.747272][ T1317] -> (disc_data_lock#4){.+.+}-{3:3} { [ 1684.747297][ T1317] HARDIRQ-ON-R at: [ 1684.747306][ T1317] lock_acquire+0x120/0x360 [ 1684.747319][ T1317] _raw_read_lock+0x36/0x50 [ 1684.747339][ T1317] sixpack_receive_buf+0x5c/0x1450 [ 1684.747355][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.747372][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.747389][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.747404][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.747424][ T1317] worker_thread+0x8a0/0xda0 [ 1684.747440][ T1317] kthread+0x70e/0x8a0 [ 1684.747459][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.747472][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.747491][ T1317] SOFTIRQ-ON-R at: [ 1684.747500][ T1317] lock_acquire+0x120/0x360 [ 1684.747513][ T1317] _raw_read_lock+0x36/0x50 [ 1684.747533][ T1317] sixpack_receive_buf+0x5c/0x1450 [ 1684.747548][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.747564][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.747581][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.747596][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.747612][ T1317] worker_thread+0x8a0/0xda0 [ 1684.747627][ T1317] kthread+0x70e/0x8a0 [ 1684.747646][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.747659][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.747678][ T1317] INITIAL USE at: [ 1684.747687][ T1317] lock_acquire+0x120/0x360 [ 1684.747700][ T1317] _raw_write_lock_irq+0xa2/0xf0 [ 1684.747722][ T1317] sixpack_close+0x2c/0x280 [ 1684.747737][ T1317] tty_ldisc_kill+0xa3/0x1a0 [ 1684.747750][ T1317] tty_ldisc_release+0x1a4/0x200 [ 1684.747764][ T1317] tty_release_struct+0x2a/0xd0 [ 1684.747777][ T1317] tty_release+0xcb0/0x1640 [ 1684.747790][ T1317] __fput+0x44c/0xa70 [ 1684.747804][ T1317] task_work_run+0x1d1/0x260 [ 1684.747825][ T1317] exit_to_user_mode_loop+0xec/0x110 [ 1684.747839][ T1317] do_syscall_64+0x2bd/0x3b0 [ 1684.747853][ T1317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.747867][ T1317] INITIAL READ USE at: [ 1684.747876][ T1317] lock_acquire+0x120/0x360 [ 1684.747890][ T1317] _raw_read_lock+0x36/0x50 [ 1684.747910][ T1317] sixpack_receive_buf+0x5c/0x1450 [ 1684.747926][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.747941][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.747958][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.747974][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.747989][ T1317] worker_thread+0x8a0/0xda0 [ 1684.748005][ T1317] kthread+0x70e/0x8a0 [ 1684.748024][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.748038][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.748057][ T1317] } [ 1684.748061][ T1317] ... key at: [] disc_data_lock+0x18/0x100 [ 1684.748079][ T1317] ... acquired at: [ 1684.748084][ T1317] lock_acquire+0x120/0x360 [ 1684.748097][ T1317] _raw_read_lock+0x36/0x50 [ 1684.748117][ T1317] sixpack_write_wakeup+0x30/0x480 [ 1684.748132][ T1317] tty_wakeup+0xbb/0x100 [ 1684.748152][ T1317] tty_port_default_wakeup+0xa2/0xf0 [ 1684.748167][ T1317] serial8250_tx_chars+0x72e/0x970 [ 1684.748181][ T1317] __start_tx+0x33b/0x480 [ 1684.748195][ T1317] __uart_start+0x23c/0x440 [ 1684.748207][ T1317] uart_write+0xdc/0x130 [ 1684.748219][ T1317] sixpack_receive_buf+0x444/0x1450 [ 1684.748234][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.748249][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.748265][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.748280][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.748295][ T1317] worker_thread+0x8a0/0xda0 [ 1684.748310][ T1317] kthread+0x70e/0x8a0 [ 1684.748328][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.748341][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.748360][ T1317] [ 1684.748364][ T1317] [ 1684.748364][ T1317] stack backtrace: [ 1684.748373][ T1317] CPU: 1 UID: 0 PID: 1317 Comm: kworker/u8:5 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 1684.748391][ T1317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1684.748401][ T1317] Workqueue: events_unbound flush_to_ldisc [ 1684.748423][ T1317] Call Trace: [ 1684.748429][ T1317] [ 1684.748436][ T1317] dump_stack_lvl+0x189/0x250 [ 1684.748454][ T1317] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1684.748470][ T1317] ? __pfx__printk+0x10/0x10 [ 1684.748491][ T1317] validate_chain+0x1f05/0x2140 [ 1684.748516][ T1317] __lock_acquire+0xab9/0xd20 [ 1684.748532][ T1317] ? sixpack_write_wakeup+0x30/0x480 [ 1684.748548][ T1317] lock_acquire+0x120/0x360 [ 1684.748561][ T1317] ? sixpack_write_wakeup+0x30/0x480 [ 1684.748579][ T1317] ? ldsem_down_read_trylock+0x137/0x1a0 [ 1684.748597][ T1317] ? tty_ldisc_ref+0x1c/0x90 [ 1684.748611][ T1317] _raw_read_lock+0x36/0x50 [ 1684.748631][ T1317] ? sixpack_write_wakeup+0x30/0x480 [ 1684.748646][ T1317] sixpack_write_wakeup+0x30/0x480 [ 1684.748663][ T1317] ? __pfx_sixpack_write_wakeup+0x10/0x10 [ 1684.748679][ T1317] tty_wakeup+0xbb/0x100 [ 1684.748700][ T1317] tty_port_default_wakeup+0xa2/0xf0 [ 1684.748716][ T1317] serial8250_tx_chars+0x72e/0x970 [ 1684.748736][ T1317] __start_tx+0x33b/0x480 [ 1684.748752][ T1317] __uart_start+0x23c/0x440 [ 1684.748766][ T1317] uart_write+0xdc/0x130 [ 1684.748780][ T1317] sixpack_receive_buf+0x444/0x1450 [ 1684.748804][ T1317] ? __pfx_sixpack_receive_buf+0x10/0x10 [ 1684.748819][ T1317] tty_ldisc_receive_buf+0x116/0x160 [ 1684.748837][ T1317] tty_port_default_receive_buf+0x6e/0xa0 [ 1684.748854][ T1317] flush_to_ldisc+0x24a/0x720 [ 1684.748871][ T1317] ? process_scheduled_works+0x9ef/0x17b0 [ 1684.748888][ T1317] process_scheduled_works+0xae1/0x17b0 [ 1684.748913][ T1317] ? __pfx_process_scheduled_works+0x10/0x10 [ 1684.748935][ T1317] worker_thread+0x8a0/0xda0 [ 1684.748959][ T1317] kthread+0x70e/0x8a0 [ 1684.748979][ T1317] ? __pfx_worker_thread+0x10/0x10 [ 1684.748995][ T1317] ? __pfx_kthread+0x10/0x10 [ 1684.749015][ T1317] ? _raw_spin_unlock_irq+0x23/0x50 [ 1684.749035][ T1317] ? lockdep_hardirqs_on+0x9c/0x150 [ 1684.749056][ T1317] ? __pfx_kthread+0x10/0x10 [ 1684.749076][ T1317] ret_from_fork+0x3f9/0x770 [ 1684.749090][ T1317] ? __pfx_ret_from_fork+0x10/0x10 [ 1684.749107][ T1317] ? __switch_to_asm+0x39/0x70 [ 1684.749124][ T1317] ? __switch_to_asm+0x33/0x70 [ 1684.749142][ T1317] ? __pfx_kthread+0x10/0x10 [ 1684.749161][ T1317] ret_from_fork_asm+0x1a/0x30 [ 1684.749184][ T1317] [ 1686.578152][T15546] tty tty25: ldisc open failed (-12), clearing slot 24