last executing test programs:

22m42.317576923s ago: executing program 3 (id=5976):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000180)={0x1, 0x40000099, 0x0, 0x0})

22m42.117896535s ago: executing program 3 (id=5981):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNATTACHFILTER(r0, 0x400454d1, 0x0)

22m41.607347544s ago: executing program 3 (id=5991):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x101801, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x5400, 0x0)

22m41.4783028s ago: executing program 3 (id=5992):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x42)
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3c1e, 0x200020, 0xdc, 0x8, 0xb85, 0x4, 0x0, 0x0, 0x20, 0xffffff81}}, 0x50)

22m41.189104239s ago: executing program 3 (id=5996):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)

22m40.954946776s ago: executing program 3 (id=6000):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
ioctl$BLKRRPART(r1, 0x80041284, 0x300000000000000)

22m25.826782716s ago: executing program 32 (id=6000):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x0, 0x0)
r1 = dup(r0)
ioctl$BLKRRPART(r1, 0x80041284, 0x300000000000000)

22m6.221856743s ago: executing program 0 (id=6437):
syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
r0 = openat$drirender128(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc0106442, &(0x7f0000000000))

22m6.133946392s ago: executing program 0 (id=6438):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000a80)=0xff)

22m6.078903399s ago: executing program 0 (id=6439):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000003c0)={0x0, 0x40, 0x2, {0x2, @raw_data="3d924b8271394fa4ec01eb92492ff84715d1a004d08b012a7cafe27a5f313d31bbdae5b411ca5be6bfe92437ed0d21b5180e375be56b3b9306d7dbb26bf9f22de7ac7e81cca450055250217bdf4dd115bd5ba066ba06f2854cc96db9a98055cbde9fd084a1223ada91ed2e830900a01ab5ee65f997b623f73d1aa5a6dfc47acdc5e4380cbcc3314c94970349a3c1374ffec96177b67caa06561da457ef9744b0993c0300000000000000000100"}})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000004c0)={0x2, @vbi={0x500}})

22m6.019002802s ago: executing program 0 (id=6440):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000100)={0x3, 0x2, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0585609, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3})

22m5.906349655s ago: executing program 0 (id=6441):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r0, 0x6f000)

22m5.756484653s ago: executing program 0 (id=6444):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x23, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c)

21m50.607593663s ago: executing program 33 (id=6444):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x23, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}], 0x1c)

8m34.401710269s ago: executing program 5 (id=16046):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40, 0x33)
openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x44400, 0x0) (async)
r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x44400, 0x0)
mmap(&(0x7f000078a000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x30, r0, 0x7dffe000)

8m34.237467857s ago: executing program 5 (id=16047):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000022c0)={'\x00', 0xfffd, 0xeeac, 0x80, 0x31, 0x1000209})
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0xfffffffffffffffe, 0x4, 0x10000, 0x100, 0x1004, 0x0, 0x8, 0x5, 0x5, 0x9, 0x9, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x3, 0x2, 0x2, 0x6, 0x9, 0x96, 0xf0, 0xffffffff00000000, 0x4, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0xffffffff, 0x8, 0x6, 0x6, 0x3, 0x4, 0x20000000006, 0x8, 0x9, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xea, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x5, 0x1, 0x47bc, 0xd, 0x6, 0xbbdc, 0x80000000, 0xfffffffffffffc00, 0x2, 0xb, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0x2, 0x6, 0x0, 0x3403, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x61d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332f, 0x4, 0x5, 0x0, 0xd, 0x2, 0x80000001, 0x981, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x9, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x6, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0x8], 0x91000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000040))
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x581042, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0x9})

8m33.856611873s ago: executing program 5 (id=16049):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x101301)
ioctl$USBDEVFS_BULK(r2, 0xc0105502, &(0x7f0000000000)={{}, 0x2, 0x0, 0x0})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

8m32.67842061s ago: executing program 5 (id=16059):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f00000001c0)=@arm64={0x7f, 0x1, 0xf, '\x00', 0x3})
ioctl$KVM_GET_VCPU_EVENTS(r3, 0x8040ae9f, &(0x7f0000000280)) (async)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0)
read(r7, &(0x7f0000000080)=""/1, 0x1)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

8m32.070351529s ago: executing program 5 (id=16065):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000280)=0x10)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101740, 0x179)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0)
r3 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_ENCODER_CMD(r3, 0xc028564d, &(0x7f0000000140))
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x9, 0x4010010, r2, 0x5244a000)
ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f0000000040))
ioctl$VIDIOC_TRY_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x980913, 0x0, '\x00', @string=0x0}})
read$char_usb(r1, &(0x7f00000001c0)=""/4068, 0xfe4)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f00000011c0)={{0x8, 0x0, 0xb, 0x0, '\x00', 0xffffffc0}, 0x0, [0x100000000, 0x5, 0xfff, 0x8, 0xffffffffffffffff, 0x7, 0x65a4f82f, 0x5ea8, 0x0, 0x2, 0x9, 0xfd3, 0x958, 0x1, 0x3, 0x8cce, 0xd8, 0x3, 0xffffffffffffffff, 0x10000, 0x2, 0xd7c6, 0x9, 0x7f, 0xcc, 0xffffffffffff8000, 0x10, 0x4, 0x1, 0xb, 0xaad8, 0x3, 0xd, 0x6, 0x3, 0x6, 0x81, 0x5, 0x0, 0xfffffffffffffffd, 0x8, 0x8606, 0x10000, 0x25ae2f33, 0x1, 0x0, 0xa18, 0x6, 0x0, 0x1, 0x9, 0x6, 0x4, 0x3, 0x5, 0x2, 0x1, 0x8000, 0x1, 0x78, 0x6270c446, 0x7, 0x1, 0x3, 0x40, 0x2, 0x9, 0x40, 0x2, 0x400, 0x5, 0x5, 0x0, 0x7, 0x332, 0x7, 0x4, 0x5a6, 0xfffffffffffffff7, 0xa, 0xd11, 0xffffffff, 0x2, 0x0, 0x4, 0x7e0, 0x7, 0x7f, 0x4, 0xc, 0x5, 0x3ff, 0x5, 0xc4f7, 0x1, 0x60adabd2, 0x7, 0xb, 0x1, 0xfffffffffffffff7, 0x3ff, 0x2, 0xfffffffffffffff0, 0x8, 0x10001, 0x5, 0x6, 0x3dbe, 0xfffffffeffffffff, 0x1ff, 0x9, 0x0, 0x9, 0x61e8, 0xc9, 0x1ff, 0x1, 0xfffffffffffffe00, 0x1f, 0x100000000, 0x0, 0x1, 0x5, 0x1d9, 0x400, 0x8000000000000000, 0x6, 0xffffffffffffffff]})

8m31.95082604s ago: executing program 5 (id=16068):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x4b71, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/211, 0xd3}], 0x1, 0x1, 0x1009)

8m16.846166086s ago: executing program 34 (id=16068):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r0, 0x4b71, 0x0)
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
preadv(r1, &(0x7f0000000080)=[{&(0x7f00000000c0)=""/211, 0xd3}], 0x1, 0x1, 0x1009)

7m25.34410664s ago: executing program 1 (id=16496):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000380)={0xb, 0x10, 0xfa00, {0x0, r1}}, 0x18)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r4, 0x4008ae90, &(0x7f0000000240)={0x1, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x0, 0xffff}]})
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000000000091040000000000000200000000000000e3a3560c229057bd07a35aad276e80d8fe8d0cf2b021069a73c56c82818f8a244e248344f5771374d8b62c8911f77e62f91ed209207e97"])
openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
r6 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000000240)={0xf0f018, 0x1})
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f00000003c0)=0x4)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000040)=0x2)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000240))
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000100))

7m22.890480005s ago: executing program 1 (id=16516):
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000005c0)={0x5, @sliced={0x0, [0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}})

7m22.572646242s ago: executing program 1 (id=16518):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x123a00, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x0, 0x2000000002, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m21.294857506s ago: executing program 1 (id=16527):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r2, 0xc034564b, &(0x7f0000000040)={0x9c1, 0x50565559, 0x2, 0x4, 0x1, @stepwise={{0x4, 0x101}, {0x9, 0xe067}, {0x80, 0xff}}})
r3 = dup(r1)
write$UHID_INPUT(r3, &(0x7f0000001040)={0xe, {"a2e3ad21ed0d09f91b0b380987f70e06d038e7ff7fc6e5539b0d3d0e8b089b3f37096c060890e0878f0e1ac6e7049b094a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130f91850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153fae46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c343f7f140f319539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004c0400000000000000ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d984836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885e94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x88200, 0x0)
ioctl$TCXONC(r4, 0x540a, 0x2)
ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000040)={0x7, 0x80, 0x9, 0x110, 0x1b, "96010000000000000000000000000000000008"})
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xb, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0xa, 0x1, {0x6, 0x2, 0x100000001, 0x5, 0x6, 0x1, 0x101, 0x2007, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
write$uinput_user_dev(r3, &(0x7f00000003c0)={'syz0\x00', {0x669, 0x2, 0xdb18}, 0x2c, [0x9, 0x2, 0x81, 0x9, 0xd88, 0x15, 0x8, 0xd, 0x5, 0x9, 0x9, 0x707, 0x6, 0x8, 0x8000, 0xfffffff9, 0x9, 0x8001, 0x8001, 0x9, 0x3, 0x40, 0x2, 0x22a, 0xffffffff, 0x32b, 0x437be0ae, 0x7, 0xd6, 0x0, 0x7ba, 0x8000, 0x10000, 0x5, 0x6f, 0xd, 0x0, 0xfffffff7, 0x0, 0x80000001, 0x7, 0x1, 0x7, 0x3, 0x5, 0x9, 0x4, 0x2fa4, 0x70f, 0x0, 0x3, 0x10001, 0x1, 0x1, 0x0, 0x8, 0x8, 0x1ce, 0x3, 0x2, 0xc, 0x3, 0xa, 0x2], [0x6, 0x2d, 0xa, 0x5, 0x80000000, 0xd, 0x8, 0x3, 0x80000000, 0x12, 0x400, 0x5, 0x0, 0x40, 0x0, 0x10000, 0x7e4d, 0x1, 0x6, 0x7, 0xfffffeff, 0x9, 0x7, 0x3, 0x5, 0x93f, 0x10001, 0x9, 0xfff, 0x400, 0x0, 0x9, 0xc911, 0x0, 0x101, 0xbd0, 0x0, 0x3, 0x8, 0x14647fd5, 0x0, 0x8, 0x9, 0x1, 0x2, 0xefe, 0x65, 0x2a, 0x8, 0xffffffc0, 0x1, 0xf8ca, 0xb, 0x7, 0x0, 0x40, 0x3, 0xfffffffc, 0x9, 0x9, 0x9, 0x5, 0x1, 0x8], [0x9, 0x8, 0x2, 0x9, 0x7f, 0xe2, 0xff, 0x7878, 0x6, 0x8, 0x9, 0x7, 0x1, 0x8, 0x8, 0xad3, 0x3, 0x7, 0x3, 0x9, 0x6, 0x9, 0x100, 0x1, 0x7, 0x5, 0x100, 0x4, 0x9, 0x3800000, 0x5, 0x8, 0x5, 0xc, 0x3, 0x90, 0x81, 0xfffff8b3, 0x5c, 0x2012, 0x0, 0x0, 0x5, 0xffff, 0x9, 0xb, 0xc75, 0x7f2f, 0xffffcfea, 0x0, 0xc49, 0xd7, 0x936, 0x3, 0x76, 0xff, 0x7fff, 0x5, 0x3a, 0x5, 0xfff, 0x9, 0x7fff, 0x9], [0x8, 0xfffffff7, 0x2, 0x4, 0x5, 0x3, 0x401, 0xffff8001, 0x200, 0x81, 0xb3b9, 0x9, 0x4, 0x9a, 0x6, 0xffffffff, 0x10001, 0x6, 0x1, 0xe0, 0x6, 0x1000, 0xfff, 0xbc8, 0x7, 0x4, 0x5, 0x9, 0x1, 0xd97d, 0x7, 0x7fff, 0x7, 0xa, 0x7, 0x9, 0x7, 0xe8, 0x0, 0xffff, 0xf1c0, 0xcf, 0x5, 0x5, 0x2, 0x6, 0x7, 0x5, 0x10000, 0x2, 0x0, 0x9, 0x6, 0x8, 0x0, 0x800, 0x5, 0x8, 0xf85, 0x7, 0x2, 0x5, 0x7f, 0x81]}, 0x45c)
read$FUSE(r5, 0x0, 0x0)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x10010, r7, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

7m21.049612252s ago: executing program 1 (id=16528):
r0 = syz_open_dev$vbi(&(0x7f00000002c0), 0x1, 0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0xc008ae88, &(0x7f00000007c0)=ANY=[@ANYBLOB="3b00000000000000410101c0"])
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x20)
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000340), 0x8101, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_WAIT(r6, 0x942e, 0x0)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r1, 0x6f000)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1fa})
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000000)={0x7, 0x4})
r7 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x3ff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r7, 0xc02c564a, &(0x7f0000000200)={0x0, 0x33424752, 0x0, @stepwise})
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f00000005c0)={0x5, @sliced={0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}})

7m20.917481644s ago: executing program 1 (id=16529):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000022c0)={'\x00', 0xfffd, 0xeeac, 0x80, 0x31, 0x1000209})
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0xfffffffffffffffe, 0x4, 0x10000, 0x100, 0x1004, 0x0, 0x8, 0x5, 0x5, 0x9, 0x9, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x3, 0x2, 0x2, 0x6, 0x9, 0x96, 0xf0, 0xffffffff00000000, 0x4, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0xffffffff, 0x8, 0x6, 0x6, 0x3, 0x4, 0x20000000006, 0x8, 0x9, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xea, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x5, 0x1, 0x47bc, 0xd, 0x6, 0xbbdc, 0x80000000, 0xfffffffffffffc00, 0x2, 0xb, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0x2, 0x6, 0x0, 0x3403, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x61d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332f, 0x4, 0x5, 0x0, 0xd, 0x2, 0x80000001, 0x981, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x9, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x6, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0x8], 0x91000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000040))
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x581042, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0x9})

7m5.791232249s ago: executing program 35 (id=16529):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f00000022c0)={'\x00', 0xfffd, 0xeeac, 0x80, 0x31, 0x1000209})
ioctl$SG_BLKTRACETEARDOWN(r1, 0x1276, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r3 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x2, 0x0)
dup(r4)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(0xffffffffffffffff, 0xc018aec0, &(0x7f0000000140)={0x0, 0x1c0, 0x3c0, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0xfffffffffffffffe, 0x4, 0x10000, 0x100, 0x1004, 0x0, 0x8, 0x5, 0x5, 0x9, 0x9, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x3, 0x2, 0x2, 0x6, 0x9, 0x96, 0xf0, 0xffffffff00000000, 0x4, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0xffffffff, 0x8, 0x6, 0x6, 0x3, 0x4, 0x20000000006, 0x8, 0x9, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xea, 0x200000000000101, 0x5, 0x9, 0x66, 0x6, 0x7, 0x5, 0x1, 0x47bc, 0xd, 0x6, 0xbbdc, 0x80000000, 0xfffffffffffffc00, 0x2, 0xb, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0x2, 0x6, 0x0, 0x3403, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x61d, 0x3, 0x7, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332f, 0x4, 0x5, 0x0, 0xd, 0x2, 0x80000001, 0x981, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x9, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0xf, 0x6, 0x0, 0x0, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x7, 0x0, 0x8], 0x91000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$vim2m_VIDIOC_QUERYCAP(r0, 0x80685600, &(0x7f0000000040))
r6 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x581042, 0x0)
ioctl$SNDCTL_SEQ_OUTOFBAND(r6, 0x40085112, &(0x7f0000000080)=@s={0x5, @generic=0x9})

5m7.395316944s ago: executing program 2 (id=17489):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$INCFS_IOC_GET_FILLED_BLOCKS(r0, 0x80286722, &(0x7f00000001c0)={&(0x7f0000000080)=""/89, 0x59, 0x2, 0x4})
ioctl$BLKFINISHZONE(r0, 0x40101288, &(0x7f0000000000)={0xe92000, 0x5})
r1 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2)
ioctl$VIDIOC_G_AUDOUT(r1, 0x80345631, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

5m7.096956809s ago: executing program 2 (id=17493):
r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000200), 0xa2442, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
r4 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$dsp(r1, &(0x7f00000004c0)='\x00', 0x1)
ioctl$SNDRV_PCM_IOCTL_PREPARE(r4, 0x4140, 0x0)

5m6.262648848s ago: executing program 2 (id=17504):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xffffffffffffffda, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x6, {0x6, 0x2, 0x100000001, 0x7fff, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000080)={0x12, 0x1, 0x0, "c175f0b781eddc96e6d941c3a7f9582753f9ffff8cbae2850c67ea00"})
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

5m5.772134504s ago: executing program 2 (id=17506):
r0 = syz_open_dev$vim2m(&(0x7f0000000400), 0x8000, 0x2)
r1 = syz_open_dev$ttys(0xc, 0x2, 0x0)
close(r1)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000000)={0x3, 0x2, 0x2})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(0xffffffffffffffff, 0x3ba0, &(0x7f0000000280)={0x48, 0x15})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000500)=0x1)
ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af04, &(0x7f0000000200))
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0d05605, &(0x7f0000000440)={0x2, 0x0, 0x0, "5d4a03c0d6b1f7891dd5efb410ad15591a3741a6ba19dd2c2300"})

5m5.655237994s ago: executing program 2 (id=17507):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r3, 0x40086602, &(0x7f00000002c0)=0x20)
mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r3, 0x6f000)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

5m5.423212427s ago: executing program 2 (id=17511):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x103440, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100))
r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$CEC_ADAP_G_PHYS_ADDR(r1, 0x80026101, &(0x7f0000000040))
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000080)={0x28, 0x355a80ad4125c70b, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xfffffffffffffffb})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r4})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f00000001c0)={{0xf}, 0x1})
ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000300)={0xc, r4})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r2, 0x3b65, 0x4)
r6 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_ENUMINPUT(r6, 0xc050561a, &(0x7f0000000540)={0x3, "2a123b084c7f8324cc76356ea2c2ef76068115ecfb56b46998cd6a640317a26f", 0x2, 0x0, 0x0, 0x40004})

4m49.633996248s ago: executing program 36 (id=17511):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0), 0x103440, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000100))
r1 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$CEC_ADAP_G_PHYS_ADDR(r1, 0x80026101, &(0x7f0000000040))
r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000080)={0x28, 0x355a80ad4125c70b, 0x0, 0x0, &(0x7f0000ffd000/0x1000)=nil, 0x1000, 0xfffffffffffffffb})
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000200)={0xc, 0x0, <r4=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000140)={0x48, 0x2, r4})
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r5, 0xc058534f, &(0x7f00000001c0)={{0xf}, 0x1})
ioctl$IOMMU_VFIO_IOAS$SET(r2, 0x3b88, &(0x7f0000000300)={0xc, r4})
ioctl$IOMMU_VFIO_CHECK_EXTENSION(r2, 0x3b65, 0x4)
r6 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0)
ioctl$VIDIOC_ENUMINPUT(r6, 0xc050561a, &(0x7f0000000540)={0x3, "2a123b084c7f8324cc76356ea2c2ef76068115ecfb56b46998cd6a640317a26f", 0x2, 0x0, 0x0, 0x40004})

3.33545555s ago: executing program 6 (id=19650):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETA(r2, 0x4b6a, &(0x7f0000000340)={0x200f, 0x0, 0x2, 0xfeff, 0xe, "72710080ab003f00"})
ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f00000008c0)={0x5, @sdr={0x31435750, 0x9}})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r4 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix={0x0, 0x0, 0x34524742, 0x9, 0x0, 0x800}})
ioctl$TUNSETOWNER(r3, 0x400454cc, 0x0)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f00000001c0)={0x0, 0x1, 0x80006, 0xff})
read$FUSE(r1, 0x0, 0x0)
r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x426100, 0x0)
r6 = dup(r5)
mmap(&(0x7f0000727000/0x4000)=nil, 0x4000, 0x2000004, 0x12, r5, 0xf90a4000)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r7, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x28011, r0, 0x0)
r8 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r8, 0x4068aea3, &(0x7f0000000200)={0x79, 0x0, 0xab})
r9 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r9, 0x4038ae7a, &(0x7f00000002c0)={0x6, 0xad9, &(0x7f0000000280)="942da2", &(0x7f00000003c0)="4a1f4da44ae9a7503da4ec98e3c4bf79e11b132bc3a7c51f2ecde6a2f1f6e913fa9f5a73bd237cc98b227fb9135790f06145871dd6832f7e96adb4fe6f35a007a5f87b5ad8c31760c93533871d267dc1a7bf2121dd0fd55afde673f73a16b65ae424307343591855f1cf6fccf8954ae3962d45c88dedb7b89cda73c51ae15b69a97881e33b42ed4741cfb16fad70bc6290579089a1642eb0f266270894d3ffb2cf9b0cbc547fa289e197691bcb60d327e9dd98d103ca3145c328aee3dd99fc73bf91797fc63308ad6077fc0d10", 0x3, 0xcd})
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000500), 0x20000, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)
ioctl$KVM_SET_NESTED_STATE(r12, 0x4080aebf, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r6, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

2.827269207s ago: executing program 8 (id=19653):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/devices.allow\x00', 0x2, 0x0)
write$cgroup_devices(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB='b *:* 1'], 0x8)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r3, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})
ioctl$KVM_CLEAR_DIRTY_LOG(r3, 0xc018aec0, &(0x7f0000000140)={0x0, 0x240, 0x380, &(0x7f0000000180)=[0x6bd1a312, 0xec66, 0xff, 0x8, 0x98bd, 0x800000000000009, 0x0, 0x4, 0x10000, 0x100, 0x9004, 0x0, 0x8, 0x5, 0x5, 0x49, 0x3ff, 0x5, 0x2, 0x9, 0x8, 0x7, 0xc1, 0x3, 0x2, 0x2, 0x6, 0x9, 0x96, 0xffffffff, 0xffffffff00000000, 0x0, 0x4, 0x7, 0x23b, 0x3, 0x2, 0x888f, 0x4, 0x8, 0x6, 0x6, 0x3, 0xa3de, 0x20000000006, 0x8, 0x9, 0x400, 0x3, 0xfffffffffffffff7, 0xfffffffffffffffa, 0x2, 0xe, 0x6, 0x4, 0xe6, 0x200000000000301, 0x5, 0x9, 0x66, 0x6, 0x7, 0x40000005, 0xfffffffeffffffff, 0x9, 0xd, 0x9, 0xbbd9, 0x80000000, 0xfffffffffffffc00, 0x2, 0x7, 0x2, 0xcdc, 0x7, 0x2, 0x3, 0x2, 0x5, 0xfff, 0x6, 0x4, 0x1, 0xab6, 0x0, 0x4, 0x0, 0xffffffffffffff81, 0x9, 0xff, 0x6, 0x28000000, 0x5, 0x8061d, 0x3, 0x8, 0xf6, 0x4, 0x6, 0x200, 0x7, 0xe53e, 0x2b, 0x8, 0x2293332f, 0x6, 0x5, 0x0, 0xd, 0x2, 0x5, 0x981, 0x2, 0x7, 0xdfd4, 0xfffd, 0x10, 0x5, 0x8, 0x1, 0x53e0f0fe, 0xeb4, 0x3, 0xfffffffffffffffe, 0xb692, 0xcc, 0x8, 0x3]})
r4 = dup(r0)
write$UHID_INPUT(r4, &(0x7f0000004000)={0xf, {"a2e3ad21ed0d09f90750090987f70906d038e7ff7fc6e5539b0d3d0e8b089b39366d63060890e0878f0e1ac6e7049b334a959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070b07580936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383701d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b6080000007a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb06ffc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb15da202d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0xfffffffffffffe59}}, 0xfa)
r5 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r6 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002080), 0x0, 0x0)
preadv2(r6, 0x0, 0x0, 0x0, 0x0, 0x10)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x100010, r5, 0x7dfff000)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x88081, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f0000000040)={0xc, 0x0, <r8=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r7, 0x3ba0, &(0x7f00000000c0)={0x48, 0x5, r8, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_MAP(r7, 0x3b85, &(0x7f0000001140)={0x28, 0x2, r8, 0x0, &(0x7f00000010c0)='\x00', 0x1, 0xe5a1})
close(r6)

2.669476151s ago: executing program 6 (id=19655):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) (async)
mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000215000/0x1000)=nil, 0x1000, 0x0, 0x6011, r3, 0x0) (async)
mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x13, r3, 0xd1383000) (async)
r4 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r4, 0x0)
mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x9, 0x11, r4, 0x1000) (async)
mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0xfffff000)
mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r2, 0x0) (async)
mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r1, 0x0)
mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x2000000, 0x813, r2, 0x0) (async)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0)
mmap(&(0x7f000015b000/0x3000)=nil, 0x3000, 0x800001, 0x10012, r5, 0x0) (async)
mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r1, 0x2000) (async)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) (async)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r6, 0x3ba0, &(0x7f0000000280)={0x48, 0x2, 0x0, 0x0, 0x0, <r8=>0x0})
ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r7, 0x3b8b, &(0x7f0000000300)={0x10, 0x0, r8}) (async)
ioctl$IOMMU_IOAS_ALLOC(r7, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r9=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r7, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r9, 0x0, 0x0, 0x0, <r10=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r7, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r10, r9, <r11=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r7, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r10, r11, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
ioctl$IOMMU_TEST_OP_MD_CHECK_MAP(r7, 0x3ba0, &(0x7f00000001c0)={0x48, 0x3, r11, 0x0, 0x3, 0x5, &(0x7f0000000080)="d92ad1957d"}) (async)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

2.431167037s ago: executing program 6 (id=19658):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
r2 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f0000000400)=0xffffff63)
read$FUSE(r1, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_DEVICE(r5, 0xc00caee0, &(0x7f0000000240)={0x4, <r6=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r6, 0x4018aee1, 0x0)
r7 = dup(r3)
ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r7, 0x9, {0x0, 0x0, 0x0, 0x171b9bf6, 0x800, 0x0, 0x0, 0x19, 0x0, "e5d029c0fe0787e17bcb3ce7b6b5a5315785e5b0b74728b83f2f40d8a23077a04af682cf1280b013681997dff4a898942d34a4bf73459c3af8b79f2ec78eab49", "4f98a67c2c06bfcf92b12a8115661efc215609330587c41a08b0842bc48578c56775b7a810445bd6da3c3353b2e8b98a0d8b30dab92dd969e99cd101d0308138", "5ab7ab91e98549ed19f01791a8d4accf86d5ee5173d5dd91fb8fdfd906121574", [0x9, 0x5]}})
r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r8, &(0x7f0000000080)={0x0, 0x7, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
r9 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r9, 0xc0a85320, &(0x7f0000000340)={{0x80}, 'port0\x00', 0x5a, 0x140043})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

2.076277168s ago: executing program 8 (id=19659):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000200)={0xc, 0x8, 0xfa00, {&(0x7f00000003c0)}}, 0x10)
r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r2, 0x0, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r4 = dup(r3)
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r5, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKRRPART(r3, 0x125f, 0x0)
ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

1.573202561s ago: executing program 6 (id=19664):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
dup(0xffffffffffffffff)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000000)={0xc, 0x0, <r2=>0x0})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r5, 0x4018aee1, &(0x7f0000000100)=@attr_arm64={0x0, 0x0, 0x0, &(0x7f00000000c0)=0x81b})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r1, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r2, 0x0, 0x97, 0x8000000})
ioctl$IOMMU_IOAS_MAP$PAGES(r1, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

1.191306968s ago: executing program 7 (id=19669):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
syz_open_dev$sg(&(0x7f0000000280), 0x7, 0x400)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000400)={{0x9, 0x8}, 'port1\x00', 0x190, 0x10000, 0x2, 0xc4, 0x3, 0x2, 0x531, 0x0, 0x7, 0xd})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000080)={0x0, 0x6000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000100)={0x80a0000})
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x101601)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f00000005c0)=0x380)
ioctl$USBDEVFS_BULK(r0, 0x80045515, &(0x7f0000001200)={{{0x1, 0x1}}, 0x0, 0x2, 0x0})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006140)={0x2020}, 0x2020)

1.191159323s ago: executing program 4 (id=19670):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000400)={0xf0f016, 0x2})
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1.190172942s ago: executing program 6 (id=19671):
r0 = syz_open_dev$video4linux(&(0x7f0000000380), 0x0, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000040)={0x8000000, 0x204, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x8000000, 0x0, '\x00', @ptr}})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
r4 = dup(r3)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000d004"])
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', 0x480, 0x1ac)
read$FUSE(0xffffffffffffffff, &(0x7f00000030c0)={0x2020, 0x0, 0x0, <r6=>0x0}, 0x2020)
read$FUSE(0xffffffffffffffff, &(0x7f0000005100)={0x2020, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f0000000540)={{0x1, 0x1, 0x18, r5, {r6, r7}}, './file0\x00'})
r8 = syz_open_dev$video4linux(&(0x7f0000000340), 0x5, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x6, 0xffffffffffffffff, 0xf58a, 0x5, 0xce9, 0xfff, 0x6, 0x0, 0x80, 0x2, 0x5, 0xa, 0x0, 0x2d, 0xdd3, 0x2882], 0x10000, 0x48004})
r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r9, 0x40384708, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x0, 0x0, "3eccd8000200000500"})
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r8, 0xc040564a, &(0x7f0000000140)={0xfffffffe})
r10 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$TCXONC(r10, 0x540a, 0x3)
r11 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
r12 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r13 = dup(r12)
write$UHID_INPUT(r13, &(0x7f0000002080)={0x8, {"a2e3ad21ed0d09f91b5f090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f09006e090890e0878f0e1ac6e7049b336c959b6c9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3c2b802181acfc90c41bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e74130d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b12d94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14007693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0x4020ae46, &(0x7f0000000100)={0x2710, 0x3, 0x100000, 0x1000, &(0x7f0000ffd000/0x1000)=nil})
ioctl$SG_IO(r13, 0x2285, &(0x7f0000000480)={0x0, 0xfffffffffffffffd, 0xee, 0x81, @buffer={0x0, 0xd, &(0x7f0000000280)=""/13}, &(0x7f0000000380)="1eadade8b1bff894284b26a63fa7202ec93c61b352e8332d1f973b3ff7fd61f7711d73a8b6e21c07799bbfb06a7cf7b512fa29b2186b0a4d1c68d85b035cc1870d56d2f2af123d6d306636d791e661c54c3c92ff39ad776cfdf2ea09e54a5a5dc1bde25015120a4ea403164b71140bd80cf4144625a95dca8ff153f2dbf0c7af43edc159440b238d11bfea14ffec84e8d4ea3d594036a4c26bcd775982ce978537d32694e10bfb2c9d0c4aa392055ec59f4fcd1221af3c517a419aa312aa8998156a90116a07d122a05dc5da7be83758ed6afa611e5443c858faf2459473d13c7bbbe7d1e27b10d485c36735873a", &(0x7f00000002c0)=""/11, 0xa6, 0x4, 0x3, &(0x7f0000000300)})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r11, 0xc1105517, &(0x7f0000000140)={{0x0, 0x1, 0xfe, 0x0, 'syz0\x00', 0x20}, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})

1.1161892s ago: executing program 7 (id=19672):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000700)={{0x2}, 0x0, [0x2000000, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xba, 0xfffffffffffffffc, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5]})

975.372511ms ago: executing program 4 (id=19673):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000000c0)={0x2, 0x0, 0x0, {0x0, 0x0, 0xffffffff, 0xfffffff9}})
r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0xb, 0x1, 0x0, "f3f0b32aa4526bc424cc83055c5a8d21e6cb87d69b11022ef02d2b83dda571f8"})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r1, 0x7dfff000)

919.099419ms ago: executing program 7 (id=19674):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x32600, 0x0)
ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000280)={0x54, 0x220, 0x4, {0x1f72, 0x5}, {0xffc0, 0x8}, @cond=[{0xe, 0x9, 0x7, 0xe, 0x4, 0x9}, {0x8, 0x6, 0x3, 0x8, 0x6, 0x40}]}) (async)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r2, 0x40505330, &(0x7f00000000c0)={0x800080, 0x0, 0x0, 0x0, 0xa965, 0x2})
r3 = openat$vcsu(0xffffff9c, &(0x7f0000001700), 0x0, 0x0)
lseek(r3, 0x7b, 0x2)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x2000000000006bf, 0x8, 0x1, {0x6, 0x0, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r4, 0x0, 0x0)
r5 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05604, &(0x7f0000000180)={0xd, @vbi}) (async)
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r7 = dup(r6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0) (async)
ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})

907.149364ms ago: executing program 6 (id=19675):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000000000000000004000"])
r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"])
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0)
ioctl$BLKBSZSET(r7, 0x40081271, &(0x7f0000000000)=0x10000)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

858.305692ms ago: executing program 4 (id=19676):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@local})
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, &(0x7f0000000240)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r0, 0x7b1, &(0x7f0000000000)={{}, 0x1, 0x4})
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
write(r1, &(0x7f0000000080), 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x3, 0x2)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000002c0)={0x7, @sdr={0x3234564e}})

747.228533ms ago: executing program 8 (id=19677):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x33524742, 0x6, 0x0, [{0xb288}, {0x1, 0xc00000}, {}, {0x4000}]}})

688.718566ms ago: executing program 8 (id=19678):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x2}}, './file0\x00'})
ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) (async)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628) (async)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0)
ioctl$SNAPSHOT_FREE_SWAP_PAGES(r1, 0x3309) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x610402, 0x0) (async)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r0, 0xc05c5340, &(0x7f00000000c0)={0x7, 0x400, 0x8000, {0x9, 0x3}, 0x1000, 0x600}) (async)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, &(0x7f0000000180)={@host, 0x2})
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$VHOST_GET_FEATURES(r4, 0x8008af00, &(0x7f0000000200))
ioctl$KDGKBLED(r0, 0x4b64, &(0x7f0000000240)) (async)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280), 0x80000, 0x0)
ioctl$SNAPSHOT_S2RAM(r5, 0x330b) (async)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000002c0)={0x1, 0x2, 0x2, "c2a48589ff033799beb78f199b1201f08fc41da9ba57747d29fa1f50b7303e8f", 0x32314752}) (async)
r6 = syz_open_dev$evdev(&(0x7f0000000300), 0x6, 0x10000)
ioctl$PIO_SCRNMAP(r2, 0x4b41, &(0x7f0000000340)="08de8a1d4d97c68caeeb9b90d02610baea1ac074c9bf550f859bd7d808724f65e90f3f32f26a42af")
ioctl$SNDRV_TIMER_IOCTL_CREATE(r0, 0xc02054a5, &(0x7f0000000380)={0x8001, <r7=>r6, 'id1\x00'})
ioctl$VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000400))
ioctl$SNAPSHOT_UNFREEZE(r7, 0x3302)
r8 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000440)='/proc/asound/card1/oss_mixer\x00', 0x2, 0x0)
write$proc_mixer(r8, &(0x7f0000000480)=[{'SPEAKER', @val={' \'', 'Master'}}, {'RECLEV', @void}, {'DIGITAL1', @void}, {'TREBLE', @val={' \'', 'Master Playback Switch'}}, {'RECLEV', @void}, {'IGAIN', @val={' \'', 'Master'}}, {'LINE3', @void}, {'RECLEV', @void}, {'OGAIN', @val={' \'', 'Capture'}}], 0xc8) (async)
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000580)={0xffffffff}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION2(r0, 0x40a0ae49, &(0x7f00000005c0)={0x2, 0x5, 0x2000, 0x1000, &(0x7f0000ffe000/0x1000)=nil, 0x7, r0}) (async)
write$UHID_CREATE2(r0, &(0x7f0000000680)={0xb, {'syz1\x00', 'syz1\x00', 'syz0\x00', 0x5f, 0xf8, 0x159, 0x7, 0x80000001, 0xd, "25b650c542d10d0c85d4c2d1f220a0d7569aa644ee52dca9c9b5a6a70bd9a0f412239872135e9cac85b8a9a4e91e4cf11cbaa7f88b756fdacea5d8801947214be67c8675e80afe5245d35d936b2ebcd53197ba8d02fc02f097750237745fde"}}, 0x177) (async)
ioctl$USBDEVFS_IOCTL(r7, 0xc0105512, &(0x7f0000000800)=@usbdevfs_connect={0xc9b})
close(r4) (async)
ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(0xffffffffffffffff, 0xc0bc5310, &(0x7f0000000880))

685.182619ms ago: executing program 4 (id=19679):
r0 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0x0, 0x1, 0xfe, 0x0, 'syz0\x00', 0x20000000}, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})

563.294851ms ago: executing program 4 (id=19680):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(0xffffffffffffffff, 0xc00c6211, 0x0)
syz_open_dev$sg(&(0x7f0000000280), 0x7, 0x400)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(0xffffffffffffffff, 0xc0a85352, &(0x7f0000000400)={{0x9, 0x8}, 'port1\x00', 0x190, 0x10000, 0x2, 0xc4, 0x3, 0x2, 0x531, 0x0, 0x7, 0xd})
ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, &(0x7f0000000080)={0x0, 0x6000})
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000100)={0x80a0000})
syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x77, 0x101601)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f00000005c0)=0x380)
ioctl$USBDEVFS_BULK(r0, 0x80045515, &(0x7f0000001200)={{{0x1, 0x1}}, 0x0, 0x2, 0x0})
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001600)='/proc/slabinfo\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000006140)={0x2020}, 0x2020)

562.889138ms ago: executing program 7 (id=19681):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x5, 0x6576, 0x9})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x40010, r0, 0x100000000) (async)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x40010, r0, 0x100000000)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000080), 0x1, 0x201000)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000610500000000000090030000000000001dd083d9b6f8879e6b581e9cb98742542f09e235230c4a4d6173ca9e9dc138758b6d2e27a57deb38a09c603877da938cb27297308b10918c2be82298cda5c987f7632739766b34ebb476132e28b4c339f8372209c6"]) (async)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000000000000610500000000000090030000000000001dd083d9b6f8879e6b581e9cb98742542f09e235230c4a4d6173ca9e9dc138758b6d2e27a57deb38a09c603877da938cb27297308b10918c2be82298cda5c987f7632739766b34ebb476132e28b4c339f8372209c6"])
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) (async)
syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478e"])
r5 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r9 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000380)={{0x1, 0x1, 0x18, r2, {0x2}}, './file0\x00'})
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000440)=0x1000) (async)
ioctl$SNDCTL_DSP_SETFMT(r9, 0xc0045005, &(0x7f0000000440)=0x1000)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f0000000080)=0xa0000)
syz_open_dev$media(&(0x7f00000000c0), 0x0, 0x0)
ioctl$MEDIA_IOC_DEVICE_INFO(r1, 0xc1007c00, &(0x7f0000000280)) (async)
ioctl$MEDIA_IOC_DEVICE_INFO(r1, 0xc1007c00, &(0x7f0000000280))
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f00000000c0)={0x0, 0x0, 0xffffff90}) (async)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f00000000c0)={0x0, 0x0, 0xffffff90})
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r10 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r10, 0xc0305710, &(0x7f0000000040)={0x20002}) (async)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r10, 0xc0305710, &(0x7f0000000040)={0x20002})
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000001c0)={[0x5, 0x6, 0x0, 0x0, 0x10003, 0x0, 0x400200cc4, 0xffe, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000001c0)={[0x5, 0x6, 0x0, 0x0, 0x10003, 0x0, 0x400200cc4, 0xffe, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r7, 0xae80, 0x0)
r11 = syz_open_dev$loop(&(0x7f00000002c0), 0x7, 0x0)
ioctl$LOOP_GET_STATUS64(r11, 0x4c05, &(0x7f0000000300)) (async)
ioctl$LOOP_GET_STATUS64(r11, 0x4c05, &(0x7f0000000300))
ioctl$KVM_RUN(r7, 0xae80, 0x0)

520.561247ms ago: executing program 4 (id=19682):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
ioctl$BLKOPENZONE(r0, 0x40101286, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0)
read$FUSE(r1, 0x0, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r3 = dup(r2)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0)
write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0)
openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0)
write$cgroup_netprio_ifpriomap(r1, &(0x7f0000000200)={'veth0_to_batadv', 0x32, 0x39}, 0x12)
ioctl$KVM_SET_XSAVE(r3, 0x5000aea5, &(0x7f00000003c0)={[0x731, 0x9, 0x6, 0x6, 0x400, 0x101, 0xffffffff, 0x7b4de1ab, 0x2, 0x8, 0x1, 0x9, 0x5, 0x0, 0x6, 0xc48e, 0x1, 0x0, 0x9, 0x9, 0x2, 0x0, 0x80000001, 0x0, 0x2, 0xfffffff9, 0x61a, 0x3, 0x2, 0x5, 0xa1, 0x7, 0x1ff, 0x0, 0x2, 0x7aa, 0xa, 0x4, 0x80000001, 0x8, 0xfffffff7, 0xffff, 0x6, 0x8001, 0x9, 0xc33a, 0x6, 0xb, 0x8, 0x466, 0xa620, 0x3, 0x0, 0x8, 0x1838fbd5, 0x36f, 0x7, 0xf, 0x1acc, 0x8, 0x3ff, 0x7, 0xffff8000, 0x7f, 0x63, 0x0, 0xff, 0xffff8001, 0x6, 0xb, 0x856, 0x19, 0x0, 0x3, 0x3, 0x4, 0x8a, 0x0, 0x3, 0x8, 0x3, 0x8, 0x5, 0x8000, 0x6, 0x6, 0x9, 0x0, 0x81, 0x8, 0x8, 0x6, 0x80000000, 0x3, 0x18, 0x6a9, 0x0, 0x5, 0x7, 0x3, 0x5, 0x7ff, 0x1, 0xd273, 0x1000, 0x6c7c, 0x49, 0x7, 0xc, 0x8, 0x25e7, 0x7ff, 0xfff, 0xe, 0x8, 0x10001, 0xfff, 0x8001, 0x2, 0x7ff, 0x33, 0x4, 0x3, 0x8, 0x5, 0x9, 0x7ff, 0x7, 0x4, 0x2167, 0x8, 0x5, 0xb0a, 0xccb65760, 0x9, 0xc7, 0x1ff, 0x2b, 0xffff, 0x3, 0xffff, 0x5, 0x2, 0xffff7d5d, 0x0, 0x8, 0x8, 0x1, 0x6, 0x2, 0x4, 0x0, 0x2, 0x400, 0x3, 0xffffffc0, 0xac, 0x9, 0x0, 0x5, 0x5, 0x7fffffff, 0x5, 0xfb77, 0x1, 0x5, 0x8, 0x1, 0xac3e, 0x100, 0x7, 0x9, 0xf, 0xde3, 0xfffffffc, 0x6, 0x0, 0x7fff, 0xcc7, 0xfff, 0x8, 0xab6, 0x1, 0x6, 0x5, 0x9, 0x5, 0x9, 0x73, 0x9, 0x3, 0x0, 0x3, 0x2, 0x0, 0x1, 0xd, 0xfffff41f, 0x0, 0x4, 0x3, 0x1, 0x9, 0x10, 0x4, 0x5, 0x2bcd, 0x2, 0x7e9, 0x7, 0x8, 0x1, 0x7fff, 0x1, 0x4, 0x8ccda49, 0x7852, 0x4, 0x66ad, 0x3, 0x7ff, 0x7f, 0xc5b, 0xe3a, 0x8, 0x80, 0x3, 0x1c, 0x7, 0x0, 0xd5, 0x4e, 0x1ff, 0x7, 0x0, 0x4, 0xff, 0xd2e, 0x4, 0x3, 0xffff, 0x125d, 0x8, 0x6, 0x8, 0x8, 0x6, 0x0, 0x400, 0x6, 0x6, 0x3, 0x6, 0x4, 0x1, 0xffffffff, 0x6, 0x11e, 0x40, 0x9, 0x5, 0x10, 0xfffffff6, 0x5, 0x8, 0x2, 0x8, 0xfffff091, 0x8, 0x3, 0x7fff, 0xd9, 0xfffffff1, 0x81, 0x8, 0x1, 0x1, 0x8, 0x101, 0x81, 0x1e, 0xb, 0x0, 0xea51, 0x7, 0x42fe, 0xf, 0x6, 0x7fff, 0x200, 0x8, 0xcedf, 0xe9c, 0x6, 0x9, 0x400000, 0x8, 0x1, 0xc0000000, 0x4, 0x7, 0xce1, 0x692, 0xb48a, 0x80000001, 0xe22e, 0x4, 0x0, 0xc408, 0xa, 0x5, 0x8, 0x7f1, 0x707, 0x401, 0x6, 0xfffffff6, 0x77, 0x9, 0xd, 0x6, 0xfffffffd, 0x9, 0x1, 0x6, 0x10001, 0x5f53, 0x0, 0x24000000, 0x5, 0xe, 0xd2d, 0x3, 0x81, 0x1ff, 0x8001, 0x10000, 0x101, 0x2, 0x400, 0x0, 0x1, 0x2, 0x1ff, 0x1000, 0x8, 0x1, 0xaed30000, 0x9, 0x9, 0xe24d, 0x0, 0x5, 0x7, 0x1, 0x9, 0x7, 0x7c000000, 0x3, 0xff, 0x1, 0x5, 0x7, 0x2, 0x2, 0x71, 0x0, 0x3be9, 0x1, 0xffffff05, 0x7, 0x7fff, 0x6, 0x8, 0x3, 0x0, 0x9, 0x7, 0x2, 0x6, 0x400, 0x7, 0x5, 0x0, 0x40, 0x6, 0x6, 0x4ce7, 0x10000, 0xff, 0x80000000, 0xffffffff, 0x2, 0x3, 0x80000000, 0x8, 0x1, 0x2, 0x401, 0x9, 0x9, 0xffff, 0x2c9a5150, 0x8, 0x7, 0x8, 0xb, 0x5, 0xfffffbd3, 0x400, 0x6c, 0x0, 0xffff, 0x7, 0x3, 0x2, 0x16c, 0x0, 0x4, 0x7, 0xff, 0xfff, 0x8, 0x5, 0x3, 0xd8, 0x0, 0x6, 0x73d, 0x80, 0x2, 0x7, 0x0, 0x0, 0xfffffffa, 0x0, 0x6, 0x1f, 0xffffff52, 0x8, 0x4, 0x6, 0x5, 0xfff, 0x4, 0x9, 0x9, 0x5, 0x8479c2c, 0xf3f2e6e, 0xfff, 0xbf, 0x9, 0x5, 0xa2, 0x7, 0x1ffc0000, 0x8, 0x4, 0x5bfb, 0x1, 0xffff, 0x0, 0x7f, 0x3, 0x40, 0xf6d, 0x4b7, 0x6, 0x4, 0x1000, 0xfffffeff, 0x6, 0x8, 0x3, 0x400, 0x8, 0x2, 0x48f, 0x1, 0x8, 0x8, 0x1, 0x8, 0x7, 0x6, 0xfffffff9, 0x2, 0x6, 0x81, 0x2, 0x2, 0x4, 0xfffffff7, 0x8, 0x3, 0x3b2, 0x1, 0x71d, 0x0, 0x1000, 0x7, 0x18, 0xa9e, 0x3, 0x1ffe28a4, 0x1, 0x18, 0x4, 0x6, 0x9, 0x2, 0xb, 0x4, 0x3, 0x1, 0xd, 0xe, 0x1, 0x101, 0x7, 0x2a, 0x9, 0x5, 0x2657, 0x53f4, 0x9, 0x4, 0xc, 0x5, 0x0, 0x268, 0x9, 0x0, 0xfffffffc, 0x0, 0x1, 0x7, 0xba, 0x8, 0x9, 0x2, 0x7, 0x3, 0x100, 0x8, 0x4, 0xafc, 0x7, 0xd74a, 0xfffffffa, 0x1, 0x8, 0xf424, 0x800, 0xfffffbff, 0x7, 0x4, 0x8, 0xb, 0x800, 0x80000001, 0x4, 0xfffffffc, 0x3d3d, 0x3, 0x68c7d7dc, 0x8, 0x450, 0x5416, 0x7, 0x7, 0x80000001, 0x119cb7ab, 0x0, 0x2, 0x1a, 0x9, 0x4, 0xb, 0x6, 0x7d, 0x3, 0x1fa8, 0x8, 0x3, 0x6ff1f9ee, 0x8, 0x5, 0x4, 0xe, 0x10000, 0x953, 0x71, 0x10000, 0x8, 0xdcb2, 0x0, 0x0, 0x8001, 0x8, 0xa, 0x5432d29b, 0x2, 0x3, 0xb54f, 0x0, 0x9, 0x6, 0x6, 0x9, 0x3, 0x2, 0x7, 0x7f, 0x7, 0x1, 0xffffffff, 0x10, 0x3ff, 0x400, 0x5, 0x7fff, 0xf33, 0x2, 0x8, 0x7, 0xc, 0x9, 0x9, 0x8, 0x6, 0x800, 0x71, 0x5, 0x2, 0x2, 0xb02, 0x0, 0xb07, 0x600, 0x2, 0x2, 0x7, 0x5, 0x7, 0x200, 0x7fff, 0x9, 0x2, 0x1000, 0x6, 0x7, 0x5, 0x1ba, 0xffffffb8, 0x81, 0x5, 0x3, 0xc0b, 0x80, 0x28c7, 0x2, 0x54, 0x81e4, 0x31, 0x7, 0x7, 0x8000, 0x6, 0xf6, 0x0, 0x2, 0x3, 0x4, 0x4, 0x10000, 0x7, 0x9, 0x3, 0x2, 0x4, 0x10001, 0x9, 0x2, 0x5, 0x8, 0x5, 0x6, 0x8, 0x5, 0x8, 0xd, 0x3, 0xc37, 0x7, 0xf, 0x5, 0x80, 0xff, 0x7, 0x8, 0x9, 0xc0000000, 0x0, 0x9, 0x2, 0x400, 0xc, 0x1, 0x8, 0x2, 0x6e, 0xffffffa1, 0x6, 0x80000000, 0x0, 0x7f, 0x2, 0xb, 0x1, 0xffff, 0xd312, 0x6, 0x800, 0x69d, 0xf, 0x1, 0x3, 0x3, 0x6ff, 0xa, 0x5, 0xf, 0x9, 0x3, 0x3, 0xb3a, 0x400, 0x7, 0x8, 0x100, 0x7, 0xf, 0x4, 0x1000, 0x400, 0xfff, 0xff, 0x1, 0xe0, 0xa, 0x0, 0x9, 0x4, 0x6, 0x3, 0x7f, 0x4, 0x2, 0x6, 0xf, 0x6, 0x0, 0x9, 0x7, 0x6, 0x7fffffff, 0x6, 0x40, 0x3, 0x2, 0xd4, 0x5, 0x6, 0x401, 0x8, 0xfc95, 0x7, 0x6b82, 0x81, 0x2, 0xfffffff7, 0x8de, 0x5, 0x7de5, 0x3, 0x2b9608a8, 0x0, 0xffffffff, 0x2, 0x9, 0x1, 0xc5, 0x2eb9cb38, 0xf3cb, 0x9, 0x0, 0x200, 0x5, 0x2, 0x4, 0x4ecbfc0, 0x3ff, 0x10, 0x77f7, 0x0, 0x81, 0xc35, 0x8, 0x4, 0x0, 0x80000000, 0xffff, 0x1df99433, 0x8, 0x10001, 0x6, 0xc, 0x9, 0x7, 0x800, 0x7, 0x3, 0x1, 0x653c061f, 0x3, 0x8a, 0x4, 0xb, 0x2, 0x3, 0x2, 0x3d5, 0xdb3, 0x6, 0x3, 0x10001, 0x4, 0x9, 0x3, 0x1, 0x7, 0x8, 0x5, 0xb97, 0x1, 0x7, 0x9, 0x2a, 0x9, 0xfffffff7, 0x5, 0x81, 0x81, 0x3, 0x8, 0x8, 0x7, 0x400, 0x5, 0x9, 0xf1b, 0x57dcbca5, 0xb, 0x3, 0x3, 0x200, 0x8, 0x101, 0x0, 0x1ff, 0x6, 0xfd28, 0x7, 0x7fff, 0x3ff, 0x9, 0x3, 0x4, 0x4, 0x3, 0x8, 0x101, 0x5, 0x2, 0x4, 0x3a, 0x8, 0x2, 0x6, 0x2, 0x4, 0x3, 0x8, 0xe8, 0x0, 0xfffffffe, 0x4, 0x80, 0x10000, 0xe, 0xb056, 0x1, 0x9, 0x6, 0x3, 0x7, 0x1, 0xfffff24a, 0x1, 0x1, 0x200, 0x6, 0xa0, 0x80, 0x3, 0xd, 0x4, 0xffffff01, 0x3, 0x6, 0x7, 0x81, 0x5551, 0x2, 0x9, 0xf1, 0x1100, 0x8000, 0x4, 0x9, 0x2, 0x8, 0x1000, 0x2, 0x400, 0x8, 0xd, 0x40, 0x2, 0x100, 0x612d, 0x0, 0x6, 0x7, 0x7, 0x47, 0x1, 0xbf2b, 0x6, 0x6, 0x8000, 0x3, 0x9, 0x9, 0x10000, 0x3, 0x7c99e66e, 0x4, 0x200, 0x9, 0xac6, 0x100, 0xd, 0x64c, 0x0, 0x7, 0xa, 0x2, 0x5128f3f5, 0x5, 0x1, 0x4, 0xde3f, 0xba, 0x81, 0xec, 0x8, 0x2, 0x4, 0x80000000, 0x1ef, 0xff5a, 0xff, 0x7, 0x5, 0xf, 0x3ff, 0x3, 0x80000000, 0x7f, 0xf, 0x3, 0xfff, 0x38ff508b, 0x3, 0x2d, 0x7ff, 0xffff, 0x0, 0x620, 0x9, 0x10000, 0x24d, 0xff, 0x6, 0x5638, 0xfffff9d0, 0x5, 0x9, 0x8001, 0x3, 0x7dc, 0x3, 0x2, 0x7, 0x101, 0x4, 0x8c9, 0x9, 0x4, 0x3, 0x2]})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_DIRTY_LOG_RING(r6, 0x4068aea3, &(0x7f00000000c0)={0xc0, 0x0, 0x10000})
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0)
ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600})
ioctl$SNDCTL_DSP_SETFMT(r3, 0xc0045005, &(0x7f00000001c0)=0xac4d)

489.959124ms ago: executing program 8 (id=19683):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000700)={{0x2}, 0x0, [0x2000000, 0x0, 0x0, 0x0, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xba, 0xfffffffffffffffc, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5]})

355.093658ms ago: executing program 8 (id=19684):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f00000001c0)=ANY=[], 0x118)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x3, 0x13, r4, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000000c0)={[0x79, 0x0, 0x0, 0x5, 0x10001, 0x0, 0x7a6e, 0x4, 0xd, 0x4, 0x8, 0x9, 0x7, 0x2, 0x40000000, 0xd1b7], 0x2000, 0x8340})
ioctl$VIDIOC_G_FREQUENCY(0xffffffffffffffff, 0xc02c5638, &(0x7f0000000000)={0x5})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x106}}, 0x20)
r5 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x0, 0x4, 0xfffd, {0x0, 0x11}, {0x48, 0x2}, @ramp={0x0, 0x6, {0x6, 0x3ff, 0x1, 0xffd0}}})
r6 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01)
write$char_usb(r6, &(0x7f0000000040)="e2", 0x2250)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r9, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0xc0010141, 0x0, 0x3}]})
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r5, 0xc1105517, &(0x7f0000000140)={{0x0, 0x1, 0xfe, 0x0, 'syz0\x00', 0x20}, 0x1, 0x0, 0x3, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})

187.278115ms ago: executing program 7 (id=19685):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/reserved_size', 0x149a82, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x1f22, 0x12)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x400454ca, &(0x7f00000024c0)={'bridge_slave_0\x00', @link_local})
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0)
r3 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r3, &(0x7f0000000100)=""/159, 0xfffffe5a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

0s ago: executing program 7 (id=19686):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x7f, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x33524742, 0x6, 0x0, [{0xb288}, {0x1, 0x1000000}, {}, {0x4000}]}})

kernel console output (not intermixed with test programs):

.18652) did not claim interface 32 before use
[ 1489.661319][T22358] veth0_vlan: left promiscuous mode
[ 1489.801353][T22795] Attempt to restore checkpoint with obsolete wellknown handles
[ 1490.648003][T22788] slcan: can't register candev
[ 1490.653089][T22788] Falling back ldisc for ptm0.
[ 1491.790394][T22888] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1492.460998][T22358] team0 (unregistering): Port device team_slave_1 removed
[ 1492.553120][T22918] FAULT_INJECTION: forcing a failure.
[ 1492.553120][T22918] name failslab, interval 1, probability 0, space 0, times 0
[ 1492.569260][T22918] CPU: 1 UID: 0 PID: 22918 Comm: syz.4.18684 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1492.569285][T22918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1492.569296][T22918] Call Trace:
[ 1492.569304][T22918]  <TASK>
[ 1492.569312][T22918]  dump_stack_lvl+0x189/0x250
[ 1492.569336][T22918]  ? __pfx____ratelimit+0x10/0x10
[ 1492.569361][T22918]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1492.569380][T22918]  ? __pfx__printk+0x10/0x10
[ 1492.569406][T22918]  ? __pfx___might_resched+0x10/0x10
[ 1492.569430][T22918]  should_fail_ex+0x414/0x560
[ 1492.569458][T22918]  should_failslab+0xa8/0x100
[ 1492.569481][T22918]  __kmalloc_cache_node_noprof+0x73/0x3d0
[ 1492.569501][T22918]  ? __get_vm_area_node+0x13f/0x300
[ 1492.569520][T22918]  ? kasan_save_track+0x3e/0x80
[ 1492.569543][T22918]  __get_vm_area_node+0x13f/0x300
[ 1492.569569][T22918]  ? v4l2_read+0x199/0x2c0
[ 1492.569592][T22918]  __vmalloc_node_range_noprof+0x301/0x12f0
[ 1492.569614][T22918]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1492.569663][T22918]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1492.569685][T22918]  ? vb2_vmalloc_alloc+0xb2/0x340
[ 1492.569705][T22918]  ? __kasan_kmalloc+0x93/0xb0
[ 1492.569735][T22918]  vmalloc_user_noprof+0xad/0xf0
[ 1492.569757][T22918]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1492.569776][T22918]  vb2_vmalloc_alloc+0xef/0x340
[ 1492.569795][T22918]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1492.569815][T22918]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1492.569859][T22918]  vb2_core_reqbufs+0xc31/0x1420
[ 1492.569895][T22918]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1492.569922][T22918]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1492.569945][T22918]  __vb2_init_fileio+0x318/0xff0
[ 1492.569977][T22918]  ? __pfx___mutex_lock+0x10/0x10
[ 1492.569998][T22918]  __vb2_perform_fileio+0x284/0x1600
[ 1492.570034][T22918]  vb2_fop_read+0x273/0x360
[ 1492.570058][T22918]  v4l2_read+0x199/0x2c0
[ 1492.570076][T22918]  ? __pfx_v4l2_read+0x10/0x10
[ 1492.570096][T22918]  vfs_read+0x1fd/0x980
[ 1492.570126][T22918]  ? __pfx_vfs_read+0x10/0x10
[ 1492.570148][T22918]  ? __fget_files+0x2a/0x420
[ 1492.570174][T22918]  ? __fget_files+0x2a/0x420
[ 1492.570195][T22918]  ? __fget_files+0x3a0/0x420
[ 1492.570216][T22918]  ? __fget_files+0x2a/0x420
[ 1492.570247][T22918]  ksys_read+0x145/0x250
[ 1492.570270][T22918]  ? __pfx_ksys_read+0x10/0x10
[ 1492.570296][T22918]  ? do_syscall_64+0xbe/0x3b0
[ 1492.570318][T22918]  do_syscall_64+0xfa/0x3b0
[ 1492.570334][T22918]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1492.570357][T22918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.570374][T22918]  ? clear_bhb_loop+0x60/0xb0
[ 1492.570396][T22918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.570413][T22918] RIP: 0033:0x7f96d438e929
[ 1492.570430][T22918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1492.570445][T22918] RSP: 002b:00007f96d51a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1492.570465][T22918] RAX: ffffffffffffffda RBX: 00007f96d45b5fa0 RCX: 00007f96d438e929
[ 1492.570478][T22918] RDX: 0000000000000013 RSI: 0000200000000180 RDI: 0000000000000003
[ 1492.570490][T22918] RBP: 00007f96d51a4090 R08: 0000000000000000 R09: 0000000000000000
[ 1492.570502][T22918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1492.570513][T22918] R13: 0000000000000000 R14: 00007f96d45b5fa0 R15: 00007ffc71a86598
[ 1492.570543][T22918]  </TASK>
[ 1492.571158][T22918] syz.4.18684: vmalloc error: size 37748736, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1492.914236][T22918] CPU: 1 UID: 0 PID: 22918 Comm: syz.4.18684 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1492.914261][T22918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1492.914272][T22918] Call Trace:
[ 1492.914280][T22918]  <TASK>
[ 1492.914288][T22918]  dump_stack_lvl+0x189/0x250
[ 1492.914316][T22918]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1492.914335][T22918]  ? __pfx__printk+0x10/0x10
[ 1492.914355][T22918]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1492.914377][T22918]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1492.914400][T22918]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1492.914424][T22918]  warn_alloc+0x214/0x310
[ 1492.914452][T22918]  ? __pfx_warn_alloc+0x10/0x10
[ 1492.914475][T22918]  ? __get_vm_area_node+0x13f/0x300
[ 1492.914500][T22918]  ? __get_vm_area_node+0x2b5/0x300
[ 1492.914518][T22918]  ? v4l2_read+0x199/0x2c0
[ 1492.914544][T22918]  __vmalloc_node_range_noprof+0x326/0x12f0
[ 1492.914596][T22918]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1492.914617][T22918]  ? vb2_vmalloc_alloc+0xb2/0x340
[ 1492.914638][T22918]  ? __kasan_kmalloc+0x93/0xb0
[ 1492.914662][T22918]  vmalloc_user_noprof+0xad/0xf0
[ 1492.914684][T22918]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1492.914709][T22918]  vb2_vmalloc_alloc+0xef/0x340
[ 1492.914728][T22918]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1492.914748][T22918]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1492.914793][T22918]  vb2_core_reqbufs+0xc31/0x1420
[ 1492.914830][T22918]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1492.914858][T22918]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1492.914881][T22918]  __vb2_init_fileio+0x318/0xff0
[ 1492.914913][T22918]  ? __pfx___mutex_lock+0x10/0x10
[ 1492.914935][T22918]  __vb2_perform_fileio+0x284/0x1600
[ 1492.914972][T22918]  vb2_fop_read+0x273/0x360
[ 1492.914997][T22918]  v4l2_read+0x199/0x2c0
[ 1492.915016][T22918]  ? __pfx_v4l2_read+0x10/0x10
[ 1492.915035][T22918]  vfs_read+0x1fd/0x980
[ 1492.915065][T22918]  ? __pfx_vfs_read+0x10/0x10
[ 1492.915088][T22918]  ? __fget_files+0x2a/0x420
[ 1492.915113][T22918]  ? __fget_files+0x2a/0x420
[ 1492.915134][T22918]  ? __fget_files+0x3a0/0x420
[ 1492.915155][T22918]  ? __fget_files+0x2a/0x420
[ 1492.915184][T22918]  ksys_read+0x145/0x250
[ 1492.915209][T22918]  ? __pfx_ksys_read+0x10/0x10
[ 1492.915235][T22918]  ? do_syscall_64+0xbe/0x3b0
[ 1492.915257][T22918]  do_syscall_64+0xfa/0x3b0
[ 1492.915274][T22918]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1492.915296][T22918]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.915310][T22918]  ? clear_bhb_loop+0x60/0xb0
[ 1492.915327][T22918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1492.915341][T22918] RIP: 0033:0x7f96d438e929
[ 1492.915354][T22918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1492.915366][T22918] RSP: 002b:00007f96d51a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1492.915381][T22918] RAX: ffffffffffffffda RBX: 00007f96d45b5fa0 RCX: 00007f96d438e929
[ 1492.915392][T22918] RDX: 0000000000000013 RSI: 0000200000000180 RDI: 0000000000000003
[ 1492.915402][T22918] RBP: 00007f96d51a4090 R08: 0000000000000000 R09: 0000000000000000
[ 1492.915411][T22918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1492.915421][T22918] R13: 0000000000000000 R14: 00007f96d45b5fa0 R15: 00007ffc71a86598
[ 1492.915445][T22918]  </TASK>
[ 1492.915461][T22918] Mem-Info:
[ 1493.239483][T22918] active_anon:16278 inactive_anon:0 isolated_anon:0
[ 1493.239483][T22918]  active_file:1828 inactive_file:44941 isolated_file:0
[ 1493.239483][T22918]  unevictable:768 dirty:96 writeback:0
[ 1493.239483][T22918]  slab_reclaimable:12029 slab_unreclaimable:98644
[ 1493.239483][T22918]  mapped:24660 shmem:5518 pagetables:1757
[ 1493.239483][T22918]  sec_pagetables:0 bounce:0
[ 1493.239483][T22918]  kernel_misc_reclaimable:0
[ 1493.239483][T22918]  free:1308342 free_pcp:19975 free_cma:0
[ 1493.285101][T22918] Node 0 active_anon:65112kB inactive_anon:0kB active_file:7312kB inactive_file:179564kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98640kB dirty:384kB writeback:0kB shmem:20536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12912kB pagetables:6880kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1493.318739][T22918] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1493.354875][T22918] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1493.389282][T22918] lowmem_reserve[]: 0 2497 2498 2498 2498
[ 1493.395280][T22918] Node 0 DMA32 free:1321020kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:65068kB inactive_anon:0kB active_file:7312kB inactive_file:178228kB unevictable:1536kB writepending:384kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:57572kB local_pcp:14772kB free_cma:0kB
[ 1493.427606][T22918] lowmem_reserve[]: 0 0 1 1 1
[ 1493.432349][T22918] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB
[ 1493.464200][T22918] lowmem_reserve[]: 0 0 0 0 0
[ 1493.468989][T22918] Node 1 Normal free:3896604kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:23032kB local_pcp:13664kB free_cma:0kB
[ 1493.500259][T22918] lowmem_reserve[]: 0 0 0 0 0
[ 1493.504979][T22918] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1493.517813][T22918] Node 0 DMA32: 1465*4kB (UME) 1501*8kB (UME) 353*16kB (UME) 659*32kB (UME) 337*64kB (UME) 93*128kB (UME) 37*256kB (UME) 19*512kB (UM) 9*1024kB (UM) 5*2048kB (UM) 294*4096kB (UM) = 1320956kB
[ 1493.536870][T22918] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1493.548431][T22918] Node 1 Normal: 209*4kB (UE) 57*8kB (UME) 43*16kB (UME) 69*32kB (UME) 15*64kB (UME) 8*128kB (UME) 3*256kB (ME) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3896604kB
[ 1493.566487][T22918] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1493.576383][T22918] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1493.585800][T22918] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1493.590316][T22358] team0 (unregistering): Port device team_slave_0 removed
[ 1493.595438][T22918] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1493.595458][T22918] 52283 total pagecache pages
[ 1493.616689][T22918] 0 pages in swap cache
[ 1493.620846][T22918] Free swap  = 124996kB
[ 1493.625022][T22918] Total swap = 124996kB
[ 1493.629242][T22918] 2097051 pages RAM
[ 1493.633051][T22918] 0 pages HighMem/MovableOnly
[ 1493.637899][T22918] 425688 pages reserved
[ 1493.642050][T22918] 0 pages cma reserved
[ 1493.943522][T22927] loop8: detected capacity change from 0 to 7
[ 1493.957242][ T8946] Dev loop8: unable to read RDB block 7
[ 1493.962866][ T8946]  loop8: unable to read partition table
[ 1493.973490][ T8946] loop8: partition table beyond EOD, truncated
[ 1493.982627][T22927] Dev loop8: unable to read RDB block 7
[ 1493.989053][T22927]  loop8: unable to read partition table
[ 1493.995171][T22927] loop8: partition table beyond EOD, truncated
[ 1494.002483][T22927] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1496.034585][T22983] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1496.424472][T23005] FAULT_INJECTION: forcing a failure.
[ 1496.424472][T23005] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1496.450419][T23005] CPU: 0 UID: 0 PID: 23005 Comm: syz.8.18696 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1496.450446][T23005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1496.450457][T23005] Call Trace:
[ 1496.450464][T23005]  <TASK>
[ 1496.450472][T23005]  dump_stack_lvl+0x189/0x250
[ 1496.450498][T23005]  ? __pfx____ratelimit+0x10/0x10
[ 1496.450522][T23005]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1496.450542][T23005]  ? __pfx__printk+0x10/0x10
[ 1496.450561][T23005]  ? __might_fault+0xb0/0x130
[ 1496.450593][T23005]  should_fail_ex+0x414/0x560
[ 1496.450619][T23005]  _copy_from_user+0x2d/0xb0
[ 1496.450638][T23005]  proc_ioctl_default+0x8e/0x100
[ 1496.450661][T23005]  ? __pfx_proc_ioctl_default+0x10/0x10
[ 1496.450692][T23005]  usbdev_ioctl+0x1376/0x20c0
[ 1496.450721][T23005]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1496.450738][T23005]  ? __fget_files+0x2a/0x420
[ 1496.450761][T23005]  ? __fget_files+0x3a0/0x420
[ 1496.450782][T23005]  ? __fget_files+0x2a/0x420
[ 1496.450807][T23005]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1496.450824][T23005]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1496.450844][T23005]  __se_sys_ioctl+0xfc/0x170
[ 1496.450866][T23005]  do_syscall_64+0xfa/0x3b0
[ 1496.450882][T23005]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1496.450905][T23005]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.450922][T23005]  ? clear_bhb_loop+0x60/0xb0
[ 1496.450944][T23005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1496.450961][T23005] RIP: 0033:0x7f54edf8e929
[ 1496.450977][T23005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1496.450992][T23005] RSP: 002b:00007f54eee06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1496.451012][T23005] RAX: ffffffffffffffda RBX: 00007f54ee1b5fa0 RCX: 00007f54edf8e929
[ 1496.451025][T23005] RDX: 0000200000000000 RSI: 00000000c0105512 RDI: 0000000000000003
[ 1496.451037][T23005] RBP: 00007f54eee06090 R08: 0000000000000000 R09: 0000000000000000
[ 1496.451048][T23005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1496.451059][T23005] R13: 0000000000000000 R14: 00007f54ee1b5fa0 R15: 00007ffc3018cf98
[ 1496.451085][T23005]  </TASK>
[ 1496.793298][T23011] binder: 23010:23011 ioctl c0306201 200000000640 returned -22
[ 1497.015779][T22168] hsr_slave_0: entered promiscuous mode
[ 1497.038208][T22168] hsr_slave_1: entered promiscuous mode
[ 1497.323334][T23064] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1497.894575][T23131] FAULT_INJECTION: forcing a failure.
[ 1497.894575][T23131] name failslab, interval 1, probability 0, space 0, times 0
[ 1497.937320][T23131] CPU: 0 UID: 0 PID: 23131 Comm: syz.7.18704 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1497.937346][T23131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1497.937358][T23131] Call Trace:
[ 1497.937365][T23131]  <TASK>
[ 1497.937374][T23131]  dump_stack_lvl+0x189/0x250
[ 1497.937398][T23131]  ? __pfx____ratelimit+0x10/0x10
[ 1497.937423][T23131]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1497.937442][T23131]  ? __pfx__printk+0x10/0x10
[ 1497.937463][T23131]  ? __pfx___might_resched+0x10/0x10
[ 1497.937482][T23131]  ? fs_reclaim_acquire+0x7d/0x100
[ 1497.937509][T23131]  should_fail_ex+0x414/0x560
[ 1497.937535][T23131]  should_failslab+0xa8/0x100
[ 1497.937558][T23131]  __kmalloc_noprof+0xcb/0x4f0
[ 1497.937577][T23131]  ? proc_ioctl+0x113/0x690
[ 1497.937604][T23131]  proc_ioctl+0x113/0x690
[ 1497.937633][T23131]  proc_ioctl_default+0xbc/0x100
[ 1497.937655][T23131]  ? __pfx_proc_ioctl_default+0x10/0x10
[ 1497.937684][T23131]  usbdev_ioctl+0x1376/0x20c0
[ 1497.937713][T23131]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1497.937730][T23131]  ? __fget_files+0x2a/0x420
[ 1497.937752][T23131]  ? __fget_files+0x3a0/0x420
[ 1497.937773][T23131]  ? __fget_files+0x2a/0x420
[ 1497.937799][T23131]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1497.937816][T23131]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1497.937836][T23131]  __se_sys_ioctl+0xfc/0x170
[ 1497.937859][T23131]  do_syscall_64+0xfa/0x3b0
[ 1497.937875][T23131]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1497.937899][T23131]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.937915][T23131]  ? clear_bhb_loop+0x60/0xb0
[ 1497.937936][T23131]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1497.937953][T23131] RIP: 0033:0x7f8798b8e929
[ 1497.937969][T23131] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1497.937985][T23131] RSP: 002b:00007f8799a91038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1497.938004][T23131] RAX: ffffffffffffffda RBX: 00007f8798db5fa0 RCX: 00007f8798b8e929
[ 1497.938017][T23131] RDX: 0000200000000000 RSI: 00000000c0105512 RDI: 0000000000000003
[ 1497.938027][T23131] RBP: 00007f8799a91090 R08: 0000000000000000 R09: 0000000000000000
[ 1497.938039][T23131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1497.938050][T23131] R13: 0000000000000000 R14: 00007f8798db5fa0 R15: 00007fffc42714d8
[ 1497.938080][T23131]  </TASK>
[ 1498.177634][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1499.054220][T23201] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1500.035359][T22168] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1500.209360][T22168] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1500.288023][T22168] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1500.311952][T23257] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1500.385225][T22168] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1500.803294][   T30] kauditd_printk_skb: 2 callbacks suppressed
[ 1500.803312][   T30] audit: type=1800 audit(1750365741.607:152): pid=23276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.18717" name="dmabuf" dev="dmabuf" ino=70 res=0 errno=0
[ 1500.871856][T22168] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1500.906561][T22168] 8021q: adding VLAN 0 to HW filter on device team0
[ 1500.991577][   T60] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1500.998791][   T60] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1501.034499][   T60] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1501.041731][   T60] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1501.450297][T23299] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1501.693370][T22168] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1502.465019][T22168] veth0_vlan: entered promiscuous mode
[ 1502.505605][T22168] veth1_vlan: entered promiscuous mode
[ 1502.619730][T22168] veth0_macvtap: entered promiscuous mode
[ 1502.656176][T22168] veth1_macvtap: entered promiscuous mode
[ 1502.721022][T22168] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1502.765312][T22168] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1502.829456][T22168] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1502.856747][T22168] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1502.865522][T22168] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1502.916997][T22168] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1503.737637][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1503.745502][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1503.922064][  T539] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1503.930074][  T539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1504.125817][T23419] binder: 23418:23419 ioctl c0306201 200000000640 returned -22
[ 1504.479738][T23422] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1504.647780][T23449] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1505.513586][ T6420] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1505.525761][ T6420] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1505.545306][ T6420] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1505.555266][ T6420] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1505.567057][ T6420] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1506.270080][T23519] vivid-000: disconnect
[ 1506.373183][   T60] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1506.495737][T23541] FAULT_INJECTION: forcing a failure.
[ 1506.495737][T23541] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1506.509453][T23541] CPU: 1 UID: 0 PID: 23541 Comm: syz.8.18754 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1506.509476][T23541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1506.509487][T23541] Call Trace:
[ 1506.509494][T23541]  <TASK>
[ 1506.509502][T23541]  dump_stack_lvl+0x189/0x250
[ 1506.509525][T23541]  ? __pfx____ratelimit+0x10/0x10
[ 1506.509549][T23541]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1506.509568][T23541]  ? __pfx__printk+0x10/0x10
[ 1506.509587][T23541]  ? __might_fault+0xb0/0x130
[ 1506.509617][T23541]  should_fail_ex+0x414/0x560
[ 1506.509649][T23541]  _copy_from_user+0x2d/0xb0
[ 1506.509667][T23541]  proc_submiturb+0xb5/0x160
[ 1506.509690][T23541]  ? __pfx_proc_submiturb+0x10/0x10
[ 1506.509729][T23541]  usbdev_ioctl+0x10e7/0x20c0
[ 1506.509757][T23541]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1506.509774][T23541]  ? __fget_files+0x2a/0x420
[ 1506.509795][T23541]  ? __fget_files+0x3a0/0x420
[ 1506.509814][T23541]  ? __fget_files+0x2a/0x420
[ 1506.509839][T23541]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 1506.509856][T23541]  ? __pfx_usbdev_ioctl+0x10/0x10
[ 1506.509876][T23541]  __se_sys_ioctl+0xfc/0x170
[ 1506.509897][T23541]  do_syscall_64+0xfa/0x3b0
[ 1506.509913][T23541]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1506.509937][T23541]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1506.509954][T23541]  ? clear_bhb_loop+0x60/0xb0
[ 1506.509976][T23541]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1506.509992][T23541] RIP: 0033:0x7f54edf8e929
[ 1506.510008][T23541] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1506.510024][T23541] RSP: 002b:00007f54eee06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1506.510043][T23541] RAX: ffffffffffffffda RBX: 00007f54ee1b5fa0 RCX: 00007f54edf8e929
[ 1506.510056][T23541] RDX: 00002000000001c0 RSI: 000000008038550a RDI: 0000000000000003
[ 1506.510068][T23541] RBP: 00007f54eee06090 R08: 0000000000000000 R09: 0000000000000000
[ 1506.510078][T23541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1506.510089][T23541] R13: 0000000000000000 R14: 00007f54ee1b5fa0 R15: 00007ffc3018cf98
[ 1506.510116][T23541]  </TASK>
[ 1506.797697][T27143] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1506.800693][ T6420] Bluetooth: hci3: command 0x1003 tx timeout
[ 1506.828586][   T60] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1506.983605][T23518] vivid-000: reconnect
[ 1507.261847][   T60] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1507.585141][   T60] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1507.678132][T27143] Bluetooth: hci2: command tx timeout
[ 1507.974358][ T3454] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1508.025253][T23677] FAULT_INJECTION: forcing a failure.
[ 1508.025253][T23677] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1508.050668][T23677] CPU: 0 UID: 0 PID: 23677 Comm: syz.6.18762 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1508.050696][T23677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1508.050707][T23677] Call Trace:
[ 1508.050716][T23677]  <TASK>
[ 1508.050724][T23677]  dump_stack_lvl+0x189/0x250
[ 1508.050749][T23677]  ? __pfx____ratelimit+0x10/0x10
[ 1508.050774][T23677]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1508.050793][T23677]  ? __pfx__printk+0x10/0x10
[ 1508.050825][T23677]  should_fail_ex+0x414/0x560
[ 1508.050852][T23677]  _copy_to_user+0x31/0xb0
[ 1508.050873][T23677]  simple_read_from_buffer+0xe1/0x170
[ 1508.050901][T23677]  proc_fail_nth_read+0x1df/0x250
[ 1508.050921][T23677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1508.050941][T23677]  ? rw_verify_area+0x258/0x650
[ 1508.050962][T23677]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1508.050980][T23677]  vfs_read+0x1fd/0x980
[ 1508.051006][T23677]  ? __pfx___mutex_lock+0x10/0x10
[ 1508.051024][T23677]  ? __pfx_vfs_read+0x10/0x10
[ 1508.051046][T23677]  ? __fget_files+0x2a/0x420
[ 1508.051074][T23677]  ? __fget_files+0x3a0/0x420
[ 1508.051095][T23677]  ? __fget_files+0x2a/0x420
[ 1508.051127][T23677]  ksys_read+0x145/0x250
[ 1508.051146][T23677]  ? __fget_files+0x3a0/0x420
[ 1508.051169][T23677]  ? __pfx_ksys_read+0x10/0x10
[ 1508.051195][T23677]  ? do_syscall_64+0xbe/0x3b0
[ 1508.051217][T23677]  do_syscall_64+0xfa/0x3b0
[ 1508.051232][T23677]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1508.051256][T23677]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1508.051272][T23677]  ? clear_bhb_loop+0x60/0xb0
[ 1508.051293][T23677]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1508.051310][T23677] RIP: 0033:0x7f38b418d33c
[ 1508.051327][T23677] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1508.051342][T23677] RSP: 002b:00007f38b4f8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1508.051361][T23677] RAX: ffffffffffffffda RBX: 00007f38b43b5fa0 RCX: 00007f38b418d33c
[ 1508.051374][T23677] RDX: 000000000000000f RSI: 00007f38b4f8e0a0 RDI: 0000000000000004
[ 1508.051386][T23677] RBP: 00007f38b4f8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1508.051397][T23677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1508.051408][T23677] R13: 0000000000000000 R14: 00007f38b43b5fa0 R15: 00007ffcd2669ea8
[ 1508.051437][T23677]  </TASK>
[ 1508.115369][T23499] chnl_net:caif_netlink_parms(): no params data found
[ 1508.622184][   T60] bridge_slave_1: left allmulticast mode
[ 1508.629705][   T60] bridge_slave_1: left promiscuous mode
[ 1508.635508][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1508.659513][T23746] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1508.771753][   T60] bridge_slave_0: left allmulticast mode
[ 1508.771778][   T60] bridge_slave_0: left promiscuous mode
[ 1508.772000][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1508.816022][T23735] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1509.355235][T23788] CUSE: info not properly terminated
[ 1509.762792][ T6420] Bluetooth: hci2: command tx timeout
[ 1509.996851][T27143] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1510.070428][T23806] FAULT_INJECTION: forcing a failure.
[ 1510.070428][T23806] name failslab, interval 1, probability 0, space 0, times 0
[ 1510.130968][T23806] CPU: 0 UID: 0 PID: 23806 Comm: syz.6.18774 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1510.130995][T23806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1510.131004][T23806] Call Trace:
[ 1510.131012][T23806]  <TASK>
[ 1510.131020][T23806]  dump_stack_lvl+0x189/0x250
[ 1510.131045][T23806]  ? __pfx____ratelimit+0x10/0x10
[ 1510.131070][T23806]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1510.131089][T23806]  ? __pfx__printk+0x10/0x10
[ 1510.131147][T23806]  ? __pfx___might_resched+0x10/0x10
[ 1510.131165][T23806]  ? fs_reclaim_acquire+0x7d/0x100
[ 1510.131190][T23806]  should_fail_ex+0x414/0x560
[ 1510.131215][T23806]  should_failslab+0xa8/0x100
[ 1510.131237][T23806]  __kmalloc_noprof+0xcb/0x4f0
[ 1510.131255][T23806]  ? kfree+0x4d/0x440
[ 1510.131270][T23806]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1510.131292][T23806]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1510.131313][T23806]  ? tomoyo_domain+0xd9/0x130
[ 1510.131335][T23806]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1510.131358][T23806]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1510.131385][T23806]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1510.131423][T23806]  ? __lock_acquire+0xab9/0xd20
[ 1510.131460][T23806]  ? __fget_files+0x2a/0x420
[ 1510.131486][T23806]  ? __fget_files+0x2a/0x420
[ 1510.131505][T23806]  ? __fget_files+0x3a0/0x420
[ 1510.131525][T23806]  ? __fget_files+0x2a/0x420
[ 1510.131549][T23806]  security_file_ioctl+0xcb/0x2d0
[ 1510.131573][T23806]  __se_sys_ioctl+0x47/0x170
[ 1510.131595][T23806]  do_syscall_64+0xfa/0x3b0
[ 1510.131611][T23806]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1510.131635][T23806]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.131652][T23806]  ? clear_bhb_loop+0x60/0xb0
[ 1510.131671][T23806]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1510.131687][T23806] RIP: 0033:0x7f38b418e929
[ 1510.131702][T23806] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1510.131717][T23806] RSP: 002b:00007f38b4f6d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1510.131737][T23806] RAX: ffffffffffffffda RBX: 00007f38b43b6080 RCX: 00007f38b418e929
[ 1510.131749][T23806] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000005
[ 1510.131760][T23806] RBP: 00007f38b4f6d090 R08: 0000000000000000 R09: 0000000000000000
[ 1510.131769][T23806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1510.131779][T23806] R13: 0000000000000000 R14: 00007f38b43b6080 R15: 00007ffcd2669ea8
[ 1510.131805][T23806]  </TASK>
[ 1510.131813][T23806] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1510.410623][T23806] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[ 1511.012197][T23846] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1511.337887][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1511.428142][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1511.488731][   T60] bond0 (unregistering): Released all slaves
[ 1511.846977][ T6420] Bluetooth: hci2: command tx timeout
[ 1511.883547][T23499] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1511.901657][T23499] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1511.928039][T23499] bridge_slave_0: entered allmulticast mode
[ 1511.936191][T23499] bridge_slave_0: entered promiscuous mode
[ 1512.294243][T23499] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1512.308288][T23834] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1512.310692][T23499] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1512.324552][T23834] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[ 1512.325981][T23499] bridge_slave_1: entered allmulticast mode
[ 1512.356123][T23499] bridge_slave_1: entered promiscuous mode
[ 1512.881818][T23499] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1513.060555][T23499] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1513.308436][T23499] team0: Port device team_slave_0 added
[ 1513.392448][T23499] team0: Port device team_slave_1 added
[ 1513.560050][   T60] hsr_slave_0: left promiscuous mode
[ 1513.602423][   T60] hsr_slave_1: left promiscuous mode
[ 1513.608956][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1513.616423][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1513.705972][   T60] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1513.713675][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1513.852478][   T60] veth1_macvtap: left promiscuous mode
[ 1513.869134][   T60] veth0_macvtap: left promiscuous mode
[ 1513.886193][   T60] veth1_vlan: left promiscuous mode
[ 1513.900328][   T60] veth0_vlan: left promiscuous mode
[ 1514.556768][ T6420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1514.557867][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1516.637596][   T60] team0 (unregistering): Port device team_slave_1 removed
[ 1516.889142][   T60] team0 (unregistering): Port device team_slave_0 removed
[ 1519.601941][T23499] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1519.610363][T23499] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1519.636493][T23499] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1519.652822][T23499] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1519.660757][T23499] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1519.699584][T23499] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1519.941125][T23499] hsr_slave_0: entered promiscuous mode
[ 1519.949604][T23499] hsr_slave_1: entered promiscuous mode
[ 1519.955561][T23499] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1519.963317][T23499] Cannot create hsr debugfs directory
[ 1522.154871][T23499] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1522.193638][T23499] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1522.233162][T23499] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1522.291887][T23499] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1522.410852][T23499] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1522.441900][T23499] 8021q: adding VLAN 0 to HW filter on device team0
[ 1522.461230][ T3454] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1522.468457][ T3454] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1522.496217][ T5475] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1522.503438][ T5475] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1522.773681][T23499] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1523.125149][T23499] veth0_vlan: entered promiscuous mode
[ 1523.144998][T23499] veth1_vlan: entered promiscuous mode
[ 1523.194349][T23499] veth0_macvtap: entered promiscuous mode
[ 1523.211413][T23499] veth1_macvtap: entered promiscuous mode
[ 1523.241680][T23499] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1523.269045][T23499] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1523.288313][T23499] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1523.300545][T23499] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1523.311858][T23499] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1523.323801][T23499] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1523.533975][ T5475] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1523.549529][ T5475] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1523.584890][ T5475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1523.596226][ T5475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1526.771472][T24372] loop8: detected capacity change from 0 to 7
[ 1526.782992][T24372] Dev loop8: unable to read RDB block 7
[ 1526.793177][T24372]  loop8: unable to read partition table
[ 1526.810553][T24372] loop8: partition table beyond EOD, truncated
[ 1526.821999][T24372] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1527.013255][ T5475] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1527.020933][ T5207] Dev loop8: unable to read RDB block 7
[ 1527.036733][ T5207]  loop8: unable to read partition table
[ 1527.047085][ T5207] loop8: partition table beyond EOD, truncated
[ 1527.065853][T27143] Bluetooth: hci3: unexpected event 0x01 length: 0 < 1
[ 1527.697054][T24410] binder: 24401:24410 ioctl 400c620e 2000000014c0 returned -22
[ 1528.480880][T24445] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1529.036882][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1529.036996][ T6420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1530.922019][T24565] random: crng reseeded on system resumption
[ 1530.941732][T24577] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1531.821267][T24623] input: syz1 as /devices/virtual/input/input311
[ 1533.421251][   T60] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1533.455696][T27143] Bluetooth: hci3: Received unexpected HCI Event 0x00
[ 1534.509835][T24733] ALSA: mixer_oss: invalid OSS volume ''
[ 1534.844064][T24756] FAULT_INJECTION: forcing a failure.
[ 1534.844064][T24756] name failslab, interval 1, probability 0, space 0, times 0
[ 1534.857625][T24756] CPU: 0 UID: 0 PID: 24756 Comm: syz.8.18877 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1534.857651][T24756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1534.857663][T24756] Call Trace:
[ 1534.857671][T24756]  <TASK>
[ 1534.857679][T24756]  dump_stack_lvl+0x189/0x250
[ 1534.857703][T24756]  ? __pfx____ratelimit+0x10/0x10
[ 1534.857728][T24756]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1534.857747][T24756]  ? __pfx__printk+0x10/0x10
[ 1534.857771][T24756]  ? __pfx___might_resched+0x10/0x10
[ 1534.857789][T24756]  ? fs_reclaim_acquire+0x7d/0x100
[ 1534.857816][T24756]  should_fail_ex+0x414/0x560
[ 1534.857841][T24756]  should_failslab+0xa8/0x100
[ 1534.857864][T24756]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1534.857882][T24756]  ? alloc_empty_file+0x55/0x1d0
[ 1534.857905][T24756]  alloc_empty_file+0x55/0x1d0
[ 1534.857923][T24756]  path_openat+0x107/0x3830
[ 1534.857946][T24756]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1534.857977][T24756]  ? count_memcg_event_mm+0x21/0x260
[ 1534.858002][T24756]  ? count_memcg_event_mm+0x21/0x260
[ 1534.858023][T24756]  ? __up_read+0x280/0x680
[ 1534.858043][T24756]  ? __pfx_path_openat+0x10/0x10
[ 1534.858062][T24756]  ? __pfx___up_read+0x10/0x10
[ 1534.858083][T24756]  ? do_user_addr_fault+0xbc1/0x1390
[ 1534.858119][T24756]  do_filp_open+0x1fa/0x410
[ 1534.858136][T24756]  ? __lock_acquire+0xab9/0xd20
[ 1534.858155][T24756]  ? __pfx_do_filp_open+0x10/0x10
[ 1534.858197][T24756]  ? _raw_spin_unlock+0x28/0x50
[ 1534.858218][T24756]  ? alloc_fd+0x64c/0x6c0
[ 1534.858251][T24756]  do_sys_openat2+0x121/0x1c0
[ 1534.858271][T24756]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1534.858291][T24756]  ? ksys_write+0x22a/0x250
[ 1534.858313][T24756]  ? __pfx_ksys_write+0x10/0x10
[ 1534.858331][T24756]  ? rcu_is_watching+0x15/0xb0
[ 1534.858360][T24756]  __x64_sys_openat+0x138/0x170
[ 1534.858383][T24756]  do_syscall_64+0xfa/0x3b0
[ 1534.858399][T24756]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1534.858422][T24756]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.858439][T24756]  ? clear_bhb_loop+0x60/0xb0
[ 1534.858460][T24756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1534.858477][T24756] RIP: 0033:0x7f54edf8e929
[ 1534.858493][T24756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1534.858508][T24756] RSP: 002b:00007f54eee06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1534.858527][T24756] RAX: ffffffffffffffda RBX: 00007f54ee1b5fa0 RCX: 00007f54edf8e929
[ 1534.858540][T24756] RDX: 0000000000028200 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1534.858553][T24756] RBP: 00007f54eee06090 R08: 0000000000000000 R09: 0000000000000000
[ 1534.858565][T24756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1534.858576][T24756] R13: 0000000000000000 R14: 00007f54ee1b5fa0 R15: 00007ffc3018cf98
[ 1534.858602][T24756]  </TASK>
[ 1535.447511][ T6420] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1536.112751][T24809] can0: slcan on ttyS3.
[ 1536.750315][T24803] can0 (unregistered): slcan off ttyS3.
[ 1536.859840][ T6420] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1536.869727][ T6420] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1536.878668][ T6420] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1536.887979][ T6420] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1536.895814][ T6420] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1536.911428][T27143] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1536.921490][T27143] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1536.929064][T27143] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1536.937186][T27143] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1536.946560][T27143] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1538.203598][T24934] FAULT_INJECTION: forcing a failure.
[ 1538.203598][T24934] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1538.224453][T24934] CPU: 0 UID: 0 PID: 24934 Comm: syz.6.18895 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1538.224479][T24934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1538.224490][T24934] Call Trace:
[ 1538.224497][T24934]  <TASK>
[ 1538.224505][T24934]  dump_stack_lvl+0x189/0x250
[ 1538.224528][T24934]  ? __pfx____ratelimit+0x10/0x10
[ 1538.224551][T24934]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1538.224569][T24934]  ? __pfx__printk+0x10/0x10
[ 1538.224598][T24934]  should_fail_ex+0x414/0x560
[ 1538.224623][T24934]  _copy_to_user+0x31/0xb0
[ 1538.224642][T24934]  simple_read_from_buffer+0xe1/0x170
[ 1538.224668][T24934]  proc_fail_nth_read+0x1df/0x250
[ 1538.224687][T24934]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1538.224705][T24934]  ? rw_verify_area+0x258/0x650
[ 1538.224724][T24934]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1538.224740][T24934]  vfs_read+0x1fd/0x980
[ 1538.224764][T24934]  ? __pfx___mutex_lock+0x10/0x10
[ 1538.224780][T24934]  ? __pfx_vfs_read+0x10/0x10
[ 1538.224801][T24934]  ? __fget_files+0x2a/0x420
[ 1538.224826][T24934]  ? __fget_files+0x3a0/0x420
[ 1538.224845][T24934]  ? __fget_files+0x2a/0x420
[ 1538.224873][T24934]  ksys_read+0x145/0x250
[ 1538.224895][T24934]  ? __pfx_ksys_read+0x10/0x10
[ 1538.224910][T24934]  ? rcu_is_watching+0x15/0xb0
[ 1538.224933][T24934]  ? do_syscall_64+0xbe/0x3b0
[ 1538.224953][T24934]  do_syscall_64+0xfa/0x3b0
[ 1538.224967][T24934]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1538.224988][T24934]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.225003][T24934]  ? clear_bhb_loop+0x60/0xb0
[ 1538.225022][T24934]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1538.225038][T24934] RIP: 0033:0x7f38b418d33c
[ 1538.225053][T24934] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1538.225067][T24934] RSP: 002b:00007f38b4f8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1538.225085][T24934] RAX: ffffffffffffffda RBX: 00007f38b43b5fa0 RCX: 00007f38b418d33c
[ 1538.225096][T24934] RDX: 000000000000000f RSI: 00007f38b4f8e0a0 RDI: 0000000000000007
[ 1538.225107][T24934] RBP: 00007f38b4f8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1538.225118][T24934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1538.225127][T24934] R13: 0000000000000000 R14: 00007f38b43b5fa0 R15: 00007ffcd2669ea8
[ 1538.225155][T24934]  </TASK>
[ 1538.500847][ T5475] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1538.676482][T24944] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1538.871190][ T5475] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1539.037029][T27143] Bluetooth: hci3: command tx timeout
[ 1539.120113][ T5475] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1539.191296][T25010] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1539.605399][ T5475] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1539.886793][T24843] chnl_net:caif_netlink_parms(): no params data found
[ 1540.752295][T25178] ubi: mtd0 is already attached to ubi31
[ 1540.906063][T24843] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1540.935219][T24843] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1540.968788][T24843] bridge_slave_0: entered allmulticast mode
[ 1540.977373][   T30] audit: type=1804 audit(1750365781.777:153): pid=25187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.18916" name="/newroot/53/cgroup.controllers" dev="tmpfs" ino=294 res=1 errno=0
[ 1541.007862][T24843] bridge_slave_0: entered promiscuous mode
[ 1541.031891][T24843] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1541.059654][   T30] audit: type=1800 audit(1750365781.777:154): pid=25187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.18916" name="cgroup.controllers" dev="tmpfs" ino=294 res=0 errno=0
[ 1541.063046][T24843] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1541.126934][T27143] Bluetooth: hci3: command tx timeout
[ 1541.144572][   T30] audit: type=1804 audit(1750365781.797:155): pid=25187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.18916" name="/newroot/53/cgroup.controllers" dev="tmpfs" ino=294 res=1 errno=0
[ 1541.167062][T24843] bridge_slave_1: entered allmulticast mode
[ 1541.174729][T24843] bridge_slave_1: entered promiscuous mode
[ 1541.299130][ T5475] bridge_slave_1: left allmulticast mode
[ 1541.305744][ T5475] bridge_slave_1: left promiscuous mode
[ 1541.312781][ T5475] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1541.444842][ T5475] bridge_slave_0: left allmulticast mode
[ 1541.459848][ T5475] bridge_slave_0: left promiscuous mode
[ 1541.475536][ T5475] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1541.532807][T25240] serio: Serial port ttynull
[ 1542.117136][T25263] dlm: Unknown command passed to DLM device : 0
[ 1542.117136][T25263] 
[ 1542.418668][T25274] binder: 25272:25274 ioctl c00c6211 0 returned -14
[ 1542.681376][T25274] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[ 1543.206895][T27143] Bluetooth: hci3: command tx timeout
[ 1543.727896][ T5475] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1543.823057][ T5475] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1543.872397][ T5475] bond0 (unregistering): Released all slaves
[ 1543.922803][T25304] input: syz0 as /devices/virtual/input/input314
[ 1544.050656][T25206] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1544.078097][T25206] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[ 1544.250377][T24843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1544.480713][T24843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1544.926336][T24843] team0: Port device team_slave_0 added
[ 1545.145119][T24843] team0: Port device team_slave_1 added
[ 1545.546861][ T5475] hsr_slave_0: left promiscuous mode
[ 1545.592889][ T5475] hsr_slave_1: left promiscuous mode
[ 1545.605026][ T5475] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1545.613383][ T5475] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1545.652838][ T5475] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1545.664839][ T5475] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1545.761741][T25449] binder: 25448:25449 ioctl 40046205 0 returned -22
[ 1545.764920][ T5475] veth1_macvtap: left promiscuous mode
[ 1545.785886][ T5475] veth0_macvtap: left promiscuous mode
[ 1545.792735][ T5475] veth1_vlan: left promiscuous mode
[ 1545.801564][ T5475] veth0_vlan: left promiscuous mode
[ 1545.999505][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[ 1546.005903][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[ 1546.486757][T27143] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1546.499009][ T6420] Bluetooth: hci0: command 0x1003 tx timeout
[ 1547.129647][T25485] random: crng reseeded on system resumption
[ 1547.155496][T25485] Restarting kernel threads ...
[ 1547.161041][T25485] Done restarting kernel threads.
[ 1547.658887][T25496] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1548.248659][ T5475] team0 (unregistering): Port device team_slave_1 removed
[ 1548.469385][ T5475] team0 (unregistering): Port device team_slave_0 removed
[ 1551.121122][T24843] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1551.129894][T24843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1551.156000][T24843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1551.174577][T24843] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1551.182163][T24843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1551.208501][T24843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1551.454714][T25541] vim2m vim2m.0: Fourcc format (0x47425247) invalid.
[ 1552.045389][T24843] hsr_slave_0: entered promiscuous mode
[ 1552.067319][T24843] hsr_slave_1: entered promiscuous mode
[ 1552.074043][T24843] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1552.125566][T24843] Cannot create hsr debugfs directory
[ 1552.256379][T25619] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1553.496884][T25760] input: syz1 as /devices/virtual/input/input317
[ 1554.835284][T24843] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1554.902741][T24843] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1554.967649][T24843] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1555.044378][T24843] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1555.208959][T25861] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1555.385648][T24843] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1555.468903][T25872] input: syz1 as /devices/virtual/input/input318
[ 1555.541234][T24843] 8021q: adding VLAN 0 to HW filter on device team0
[ 1555.599816][ T5475] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1555.607064][ T5475] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1555.657005][  T539] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1555.664225][  T539] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1556.131490][ T3454] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1556.373608][T24843] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1557.184035][T24843] veth0_vlan: entered promiscuous mode
[ 1557.232378][T24843] veth1_vlan: entered promiscuous mode
[ 1557.330597][T24843] veth0_macvtap: entered promiscuous mode
[ 1557.357536][T24843] veth1_macvtap: entered promiscuous mode
[ 1557.383024][T24843] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1557.444499][T24843] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1557.475251][T24843] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1557.487709][T24843] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1557.496569][T24843] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1557.505669][T24843] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1557.768978][  T539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1557.808639][  T539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1557.881350][ T3454] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1557.904545][ T3454] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1558.125730][T25981] FAULT_INJECTION: forcing a failure.
[ 1558.125730][T25981] name failslab, interval 1, probability 0, space 0, times 0
[ 1558.154938][T25981] CPU: 1 UID: 0 PID: 25981 Comm: syz.7.18886 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1558.154965][T25981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1558.154977][T25981] Call Trace:
[ 1558.154985][T25981]  <TASK>
[ 1558.154993][T25981]  dump_stack_lvl+0x189/0x250
[ 1558.155017][T25981]  ? __pfx____ratelimit+0x10/0x10
[ 1558.155042][T25981]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1558.155062][T25981]  ? __pfx__printk+0x10/0x10
[ 1558.155083][T25981]  ? __pfx___might_resched+0x10/0x10
[ 1558.155102][T25981]  ? fs_reclaim_acquire+0x7d/0x100
[ 1558.155129][T25981]  should_fail_ex+0x414/0x560
[ 1558.155156][T25981]  should_failslab+0xa8/0x100
[ 1558.155179][T25981]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 1558.155197][T25981]  ? security_file_alloc+0x34/0x330
[ 1558.155224][T25981]  security_file_alloc+0x34/0x330
[ 1558.155249][T25981]  init_file+0x93/0x2f0
[ 1558.155270][T25981]  alloc_empty_file+0x6e/0x1d0
[ 1558.155288][T25981]  path_openat+0x107/0x3830
[ 1558.155311][T25981]  ? __pfx_css_rstat_updated+0x10/0x10
[ 1558.155342][T25981]  ? count_memcg_event_mm+0x21/0x260
[ 1558.155367][T25981]  ? count_memcg_event_mm+0x21/0x260
[ 1558.155389][T25981]  ? __up_read+0x280/0x680
[ 1558.155409][T25981]  ? __pfx_path_openat+0x10/0x10
[ 1558.155428][T25981]  ? __pfx___up_read+0x10/0x10
[ 1558.155449][T25981]  ? do_user_addr_fault+0xbc1/0x1390
[ 1558.155486][T25981]  do_filp_open+0x1fa/0x410
[ 1558.155504][T25981]  ? __lock_acquire+0xab9/0xd20
[ 1558.155523][T25981]  ? __pfx_do_filp_open+0x10/0x10
[ 1558.155562][T25981]  ? _raw_spin_unlock+0x28/0x50
[ 1558.155583][T25981]  ? alloc_fd+0x64c/0x6c0
[ 1558.155627][T25981]  do_sys_openat2+0x121/0x1c0
[ 1558.155649][T25981]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1558.155668][T25981]  ? ksys_write+0x22a/0x250
[ 1558.155692][T25981]  ? __pfx_ksys_write+0x10/0x10
[ 1558.155710][T25981]  ? rcu_is_watching+0x15/0xb0
[ 1558.155732][T25981]  __x64_sys_openat+0x138/0x170
[ 1558.155755][T25981]  do_syscall_64+0xfa/0x3b0
[ 1558.155770][T25981]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1558.155792][T25981]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1558.155808][T25981]  ? clear_bhb_loop+0x60/0xb0
[ 1558.155829][T25981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1558.155845][T25981] RIP: 0033:0x7fdc8fb8e929
[ 1558.155860][T25981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1558.155875][T25981] RSP: 002b:00007fdc90a0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1558.155895][T25981] RAX: ffffffffffffffda RBX: 00007fdc8fdb5fa0 RCX: 00007fdc8fb8e929
[ 1558.155908][T25981] RDX: 0000000000028200 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 1558.155921][T25981] RBP: 00007fdc90a0c090 R08: 0000000000000000 R09: 0000000000000000
[ 1558.155932][T25981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1558.155941][T25981] R13: 0000000000000000 R14: 00007fdc8fdb5fa0 R15: 00007fff8c100608
[ 1558.155968][T25981]  </TASK>
[ 1558.159988][ T6420] Bluetooth: hci0: command 0x1003 tx timeout
[ 1558.170557][T27143] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1559.266152][T26028] No buffer was provided with the request
[ 1559.296481][T26028] misc userio: Begin command sent, but we're already running
[ 1559.644259][T26060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1559.747513][T26069] binder: 26065:26069 unknown command 0
[ 1559.786508][T26069] binder: 26065:26069 ioctl c0306201 200000000540 returned -22
[ 1560.058209][T26092] FAULT_INJECTION: forcing a failure.
[ 1560.058209][T26092] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1560.138665][T26092] CPU: 1 UID: 0 PID: 26092 Comm: syz.6.19019 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1560.138692][T26092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1560.138709][T26092] Call Trace:
[ 1560.138716][T26092]  <TASK>
[ 1560.138725][T26092]  dump_stack_lvl+0x189/0x250
[ 1560.138750][T26092]  ? __pfx____ratelimit+0x10/0x10
[ 1560.138775][T26092]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1560.138794][T26092]  ? __pfx__printk+0x10/0x10
[ 1560.138826][T26092]  should_fail_ex+0x414/0x560
[ 1560.138852][T26092]  _copy_to_user+0x31/0xb0
[ 1560.138873][T26092]  simple_read_from_buffer+0xe1/0x170
[ 1560.138900][T26092]  proc_fail_nth_read+0x1df/0x250
[ 1560.138921][T26092]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1560.138942][T26092]  ? rw_verify_area+0x258/0x650
[ 1560.138961][T26092]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1560.138979][T26092]  vfs_read+0x1fd/0x980
[ 1560.139005][T26092]  ? __pfx___mutex_lock+0x10/0x10
[ 1560.139023][T26092]  ? __pfx_vfs_read+0x10/0x10
[ 1560.139046][T26092]  ? __fget_files+0x2a/0x420
[ 1560.139072][T26092]  ? __fget_files+0x3a0/0x420
[ 1560.139093][T26092]  ? __fget_files+0x2a/0x420
[ 1560.139124][T26092]  ksys_read+0x145/0x250
[ 1560.139147][T26092]  ? __pfx_ksys_read+0x10/0x10
[ 1560.139164][T26092]  ? rcu_is_watching+0x15/0xb0
[ 1560.139188][T26092]  ? do_syscall_64+0xbe/0x3b0
[ 1560.139209][T26092]  do_syscall_64+0xfa/0x3b0
[ 1560.139225][T26092]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1560.139247][T26092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1560.139264][T26092]  ? clear_bhb_loop+0x60/0xb0
[ 1560.139285][T26092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1560.139302][T26092] RIP: 0033:0x7f38b418d33c
[ 1560.139318][T26092] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1560.139332][T26092] RSP: 002b:00007f38b4f8e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1560.139350][T26092] RAX: ffffffffffffffda RBX: 00007f38b43b5fa0 RCX: 00007f38b418d33c
[ 1560.139363][T26092] RDX: 000000000000000f RSI: 00007f38b4f8e0a0 RDI: 0000000000000005
[ 1560.139373][T26092] RBP: 00007f38b4f8e090 R08: 0000000000000000 R09: 0000000000000000
[ 1560.139385][T26092] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1560.139395][T26092] R13: 0000000000000000 R14: 00007f38b43b5fa0 R15: 00007ffcd2669ea8
[ 1560.139422][T26092]  </TASK>
[ 1560.583309][   T30] audit: type=1400 audit(1750365801.397:156): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="/" pid=26108 comm="syz.7.19022"
[ 1561.124016][T26137] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1561.381854][T26152] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[ 1561.393243][T26152] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1561.888610][T26176] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present
[ 1562.003554][T26181] FAULT_INJECTION: forcing a failure.
[ 1562.003554][T26181] name failslab, interval 1, probability 0, space 0, times 0
[ 1562.027418][T26181] CPU: 0 UID: 0 PID: 26181 Comm: syz.7.19038 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1562.027446][T26181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1562.027457][T26181] Call Trace:
[ 1562.027465][T26181]  <TASK>
[ 1562.027473][T26181]  dump_stack_lvl+0x189/0x250
[ 1562.027497][T26181]  ? __pfx____ratelimit+0x10/0x10
[ 1562.027521][T26181]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1562.027539][T26181]  ? __pfx__printk+0x10/0x10
[ 1562.027563][T26181]  ? __pfx___might_resched+0x10/0x10
[ 1562.027582][T26181]  ? fs_reclaim_acquire+0x7d/0x100
[ 1562.027608][T26181]  should_fail_ex+0x414/0x560
[ 1562.027635][T26181]  should_failslab+0xa8/0x100
[ 1562.027658][T26181]  __kmalloc_noprof+0xcb/0x4f0
[ 1562.027675][T26181]  ? kfree+0x4d/0x440
[ 1562.027687][T26181]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1562.027711][T26181]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1562.027731][T26181]  ? tomoyo_domain+0xd9/0x130
[ 1562.027754][T26181]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1562.027774][T26181]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1562.027801][T26181]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1562.027840][T26181]  ? __lock_acquire+0xab9/0xd20
[ 1562.027883][T26181]  ? __fget_files+0x2a/0x420
[ 1562.027909][T26181]  ? __fget_files+0x2a/0x420
[ 1562.027929][T26181]  ? __fget_files+0x3a0/0x420
[ 1562.027950][T26181]  ? __fget_files+0x2a/0x420
[ 1562.027976][T26181]  security_file_ioctl+0xcb/0x2d0
[ 1562.028001][T26181]  __se_sys_ioctl+0x47/0x170
[ 1562.028024][T26181]  do_syscall_64+0xfa/0x3b0
[ 1562.028039][T26181]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1562.028062][T26181]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.028079][T26181]  ? clear_bhb_loop+0x60/0xb0
[ 1562.028099][T26181]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1562.028113][T26181] RIP: 0033:0x7fdc8fb8e929
[ 1562.028129][T26181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1562.028143][T26181] RSP: 002b:00007fdc90a0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1562.028162][T26181] RAX: ffffffffffffffda RBX: 00007fdc8fdb5fa0 RCX: 00007fdc8fb8e929
[ 1562.028174][T26181] RDX: 0000200000000140 RSI: 00000000c1105517 RDI: 0000000000000003
[ 1562.028186][T26181] RBP: 00007fdc90a0c090 R08: 0000000000000000 R09: 0000000000000000
[ 1562.028198][T26181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1562.028208][T26181] R13: 0000000000000000 R14: 00007fdc8fdb5fa0 R15: 00007fff8c100608
[ 1562.028236][T26181]  </TASK>
[ 1562.028245][T26181] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1562.286953][T26181] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present
[ 1563.697780][T26262] snd_dummy snd_dummy.0: control 1:254:-4:syz0:-2 is already present
[ 1564.581487][T26320] input: syz1 as /devices/virtual/input/input319
[ 1564.979784][T26352] ALSA: seq fatal error: cannot create timer (-22)
[ 1566.081226][T26423] vim2m vim2m.0: Fourcc format (0x56595559) invalid.
[ 1566.273147][T26434] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1566.485973][T26454] random: crng reseeded on system resumption
[ 1567.031289][T26483] autofs4:pid:26483:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.3), cmd(0xc0189377)
[ 1567.044728][T26483] autofs4:pid:26483:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189377)
[ 1567.113359][T26488] loop8: detected capacity change from 0 to 7
[ 1567.122490][T26488] Dev loop8: unable to read RDB block 7
[ 1567.134155][T26488]  loop8: unable to read partition table
[ 1567.143073][T26488] loop8: partition table beyond EOD, truncated
[ 1567.152993][T26488] loop_reread_partitions: partition scan of loop8 (þ被x ) failed (rc=-5)
[ 1567.493316][T22358] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1567.519935][T26516] program syz.8.19104 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1567.529967][T26516] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1567.536892][T26516] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1567.876053][T26537] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1568.306088][T26563] sd 0:0:1:0: device reset
[ 1568.998760][T26587] mkiss: ax0: crc mode is auto.
[ 1569.516765][T27143] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1569.516833][ T6420] Bluetooth: hci0: command 0x1003 tx timeout
[ 1569.737569][T26627] binder: 26625:26627 ioctl c00c6211 0 returned -14
[ 1569.891896][T26631] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1570.134368][T26652] QAT: failed to copy from user cfg_data.
[ 1570.542551][T26665] binder: 26664:26665 ioctl c00c6211 0 returned -14
[ 1570.749010][T26675] input: syz1 as /devices/virtual/input/input321
[ 1570.792977][T26677] Scaler: =================  START STATUS  =================
[ 1570.805364][T26677] Scaler: ==================  END STATUS  ==================
[ 1571.200535][T26697] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1571.652866][T26730] binder: 26729:26730 ioctl c00c6211 0 returned -14
[ 1572.501495][T26777] syz.8.19145: attempt to access beyond end of device
[ 1572.501495][T26777] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1572.965530][T26804] binder: 26803:26804 ioctl c00c6211 0 returned -14
[ 1574.531266][T26883] CUSE: DEVNAME unspecified
[ 1575.008426][T26907] binder: 26905:26907 ioctl c00c6211 0 returned -14
[ 1576.092348][T26971] binder: 26970:26971 ioctl c00c6211 0 returned -14
[ 1577.280216][T27137] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1577.967368][T27183] syz.8.19200: attempt to access beyond end of device
[ 1577.967368][T27183] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1578.029958][T27187] binder: 27186:27187 ioctl c00c6211 0 returned -14
[ 1579.440847][T27320] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1579.634745][   T30] audit: type=1804 audit(1750365820.447:157): pid=27345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.19215" name="/newroot/130/cgroup.controllers" dev="tmpfs" ino=688 res=1 errno=0
[ 1579.692336][   T30] audit: type=1800 audit(1750365820.447:158): pid=27345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.19215" name="cgroup.controllers" dev="tmpfs" ino=688 res=0 errno=0
[ 1579.724703][   T30] audit: type=1804 audit(1750365820.477:159): pid=27345 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.19215" name="/newroot/130/cgroup.controllers" dev="tmpfs" ino=688 res=1 errno=0
[ 1580.192417][T27421] binder: 27418:27421 ioctl c00c6211 0 returned -14
[ 1580.620057][T27438] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1580.881401][T27450] input: syz1 as /devices/virtual/input/input322
[ 1581.433617][T27484] sp0: Synchronizing with TNC
[ 1581.514425][T27490] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1581.678431][T27498] binder: 27497:27498 ioctl c018620b 200000000100 returned -14
[ 1581.752105][T27498] binder: 27497:27498 ioctl c0306201 200000000340 returned -14
[ 1582.279973][T27531] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present
[ 1583.012949][T27565] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1583.402833][T27587] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1584.475693][T27651] input: syz1 as /devices/virtual/input/input323
[ 1586.841287][T27769] FAULT_INJECTION: forcing a failure.
[ 1586.841287][T27769] name failslab, interval 1, probability 0, space 0, times 0
[ 1586.856115][T27769] CPU: 0 UID: 0 PID: 27769 Comm: syz.7.19287 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1586.856141][T27769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1586.856151][T27769] Call Trace:
[ 1586.856159][T27769]  <TASK>
[ 1586.856167][T27769]  dump_stack_lvl+0x189/0x250
[ 1586.856191][T27769]  ? __pfx____ratelimit+0x10/0x10
[ 1586.856216][T27769]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1586.856235][T27769]  ? __pfx__printk+0x10/0x10
[ 1586.856259][T27769]  ? __pfx___might_resched+0x10/0x10
[ 1586.856277][T27769]  ? fs_reclaim_acquire+0x7d/0x100
[ 1586.856304][T27769]  should_fail_ex+0x414/0x560
[ 1586.856330][T27769]  should_failslab+0xa8/0x100
[ 1586.856353][T27769]  __kmalloc_noprof+0xcb/0x4f0
[ 1586.856371][T27769]  ? kfree+0x4d/0x440
[ 1586.856387][T27769]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1586.856412][T27769]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1586.856434][T27769]  ? tomoyo_domain+0xd9/0x130
[ 1586.856459][T27769]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1586.856483][T27769]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1586.856517][T27769]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1586.856558][T27769]  ? __lock_acquire+0xab9/0xd20
[ 1586.856596][T27769]  ? __fget_files+0x2a/0x420
[ 1586.856625][T27769]  ? __fget_files+0x2a/0x420
[ 1586.856645][T27769]  ? __fget_files+0x3a0/0x420
[ 1586.856665][T27769]  ? __fget_files+0x2a/0x420
[ 1586.856688][T27769]  security_file_ioctl+0xcb/0x2d0
[ 1586.856713][T27769]  __se_sys_ioctl+0x47/0x170
[ 1586.856736][T27769]  do_syscall_64+0xfa/0x3b0
[ 1586.856752][T27769]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1586.856776][T27769]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1586.856793][T27769]  ? clear_bhb_loop+0x60/0xb0
[ 1586.856813][T27769]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1586.856829][T27769] RIP: 0033:0x7fdc8fb8e929
[ 1586.856845][T27769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1586.856859][T27769] RSP: 002b:00007fdc90a0c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1586.856878][T27769] RAX: ffffffffffffffda RBX: 00007fdc8fdb5fa0 RCX: 00007fdc8fb8e929
[ 1586.856890][T27769] RDX: 0000200000000080 RSI: 0000000000005403 RDI: 0000000000000004
[ 1586.856901][T27769] RBP: 00007fdc90a0c090 R08: 0000000000000000 R09: 0000000000000000
[ 1586.856910][T27769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1586.856921][T27769] R13: 0000000000000000 R14: 00007fdc8fdb5fa0 R15: 00007fff8c100608
[ 1586.856949][T27769]  </TASK>
[ 1587.099939][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1587.156934][T27769] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1587.197550][T27771] binder: 27770:27771 ioctl c00c6211 0 returned -14
[ 1588.030650][T27805] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1588.054956][ T5499] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1588.096076][T27805] iommufd_mock iommufd_mock1: Adding to iommu group 1
[ 1588.624166][T27838] mkiss: ax0: crc mode is auto.
[ 1588.806970][T27849] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1589.520892][T27885] binder: 27884:27885 ioctl 40489426 0 returned -22
[ 1589.915029][T27902] binder: 27901:27902 ioctl c00c6211 0 returned -14
[ 1590.076784][ T6420] Bluetooth: hci0: command 0x1003 tx timeout
[ 1590.084257][T27143] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1590.927395][T27952] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1591.791684][T27975] cgroup: fork rejected by pids controller in /syz7
[ 1592.131108][T28083] binder: 28082:28083 ioctl c00c6211 0 returned -14
[ 1592.957557][T27143] Bluetooth: hci0: Opcode 0x1003 failed: -110
[ 1593.138553][T28138] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1593.153055][T28138] random: crng reseeded on system resumption
[ 1593.670672][T28154] binder: 28153:28154 ioctl c00c6211 0 returned -14
[ 1593.690612][T22358] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1593.968288][T22358] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1594.029138][T27143] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1594.048712][T27143] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1594.057286][T27143] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1594.066128][T27143] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1594.074240][T27143] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1594.101242][ T6420] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1594.124191][ T6420] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1594.131742][ T6420] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1594.144311][ T6420] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1594.152127][ T6420] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1594.212929][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1594.289520][T22358] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1594.522548][T22358] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1595.021188][T28167] chnl_net:caif_netlink_parms(): no params data found
[ 1595.230876][T28351] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1595.659595][T22358] bridge_slave_1: left allmulticast mode
[ 1595.665845][T22358] bridge_slave_1: left promiscuous mode
[ 1595.687161][T22358] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1595.786000][T22358] bridge_slave_0: left allmulticast mode
[ 1595.805554][T22358] bridge_slave_0: left promiscuous mode
[ 1595.813008][T22358] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1596.246787][ T6420] Bluetooth: hci3: command 0x1003 tx timeout
[ 1596.247173][ T6225] Bluetooth: hci0: command tx timeout
[ 1596.259148][T27143] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1596.392714][T28424] binder: 28423:28424 ioctl c00c6211 0 returned -14
[ 1597.747717][T22358] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1597.827607][T22358] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1597.868209][T22358] bond0 (unregistering): Released all slaves
[ 1598.123590][T28167] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1598.131594][T28167] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1598.147167][T28167] bridge_slave_0: entered allmulticast mode
[ 1598.155066][T28167] bridge_slave_0: entered promiscuous mode
[ 1598.202894][T28167] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1598.210487][T28167] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1598.218393][T28167] bridge_slave_1: entered allmulticast mode
[ 1598.235346][T28167] bridge_slave_1: entered promiscuous mode
[ 1598.316762][ T6225] Bluetooth: hci0: command tx timeout
[ 1598.332365][T28457] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present
[ 1598.419332][T28462] blktrace: Concurrent blktraces are not allowed on sg0
[ 1598.429833][T28462] blktrace: Concurrent blktraces are not allowed on nullb0
[ 1599.055192][T28167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1599.100582][T28167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1599.103056][T28516] binder: 28515:28516 ioctl c00c6211 0 returned -14
[ 1599.563650][T28167] team0: Port device team_slave_0 added
[ 1599.817822][T22358] hsr_slave_0: left promiscuous mode
[ 1599.876897][T22358] hsr_slave_1: left promiscuous mode
[ 1599.886355][T22358] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1599.902357][T22358] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1599.958798][ T3488] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1599.965701][T27143] Bluetooth: hci3: Malformed Event: 0x02
[ 1599.972430][T22358] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1599.980643][T22358] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1600.063432][T28576] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1600.078943][T22358] veth1_macvtap: left promiscuous mode
[ 1600.084572][T22358] veth0_macvtap: left promiscuous mode
[ 1600.090509][T22358] veth1_vlan: left promiscuous mode
[ 1600.097029][T22358] veth0_vlan: left promiscuous mode
[ 1600.396916][T27143] Bluetooth: hci0: command tx timeout
[ 1601.523770][T28615] binder: 28614:28615 ioctl c00c6211 0 returned -14
[ 1601.996980][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1601.997000][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1602.476895][ T6225] Bluetooth: hci0: command tx timeout
[ 1602.593801][T28633] PM: Enabling pm_trace changes system date and time during resume.
[ 1602.593801][T28633] PM: Correct system time has to be restored manually after resume.
[ 1602.730340][T22358] team0 (unregistering): Port device team_slave_1 removed
[ 1602.971441][T22358] team0 (unregistering): Port device team_slave_0 removed
[ 1603.974469][T28655] binder: 28654:28655 ioctl c00c6211 0 returned -14
[ 1604.810171][ T3488] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1605.331880][T28167] team0: Port device team_slave_1 added
[ 1605.612191][T28167] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1605.621162][T28167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1605.649550][T28167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1605.740570][T28167] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1605.747790][T28167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1605.791063][T28167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1605.953577][T28725] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1606.114707][T28167] hsr_slave_0: entered promiscuous mode
[ 1606.158020][T28167] hsr_slave_1: entered promiscuous mode
[ 1606.164409][T28167] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1606.189915][T28167] Cannot create hsr debugfs directory
[ 1606.661167][T28796] syz.4.19401: attempt to access beyond end of device
[ 1606.661167][T28796] md0: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1606.877804][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1606.882159][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1607.070680][T28842] binder: 28839:28842 ioctl c00c6211 0 returned -14
[ 1607.477161][ T1306] ieee802154 phy0 wpan0: encryption failed: -22
[ 1607.483522][ T1306] ieee802154 phy1 wpan1: encryption failed: -22
[ 1608.501877][T28167] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1608.700913][T28167] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1608.771348][T28167] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1608.984467][T28167] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1609.202897][T28167] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1609.257834][T28167] 8021q: adding VLAN 0 to HW filter on device team0
[ 1609.263710][T28957] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1609.288432][T22358] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1609.295635][T22358] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1609.355925][T28242] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1609.363124][T28242] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1609.447984][T28926] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1609.454010][T28926] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[ 1609.720071][T28981] binder: 28979:28981 ioctl c00c6211 0 returned -14
[ 1609.881505][T28167] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1610.477132][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1610.480701][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1610.521820][T28167] veth0_vlan: entered promiscuous mode
[ 1610.551235][T29013] dlm: no locking on control device
[ 1610.571619][T28167] veth1_vlan: entered promiscuous mode
[ 1610.649923][T29017] loop8: detected capacity change from 0 to 7
[ 1610.672620][T29017] Dev loop8: unable to read RDB block 7
[ 1610.687172][T29017]  loop8: unable to read partition table
[ 1610.702439][T28167] veth0_macvtap: entered promiscuous mode
[ 1610.702643][T29017] loop8: partition table beyond EOD, truncated
[ 1610.738083][T28167] veth1_macvtap: entered promiscuous mode
[ 1610.746377][T29017] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1610.819978][T28167] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1610.881726][T28167] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1610.912062][T28167] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1610.930800][T28167] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1610.951436][T28167] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1610.979293][T28167] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1611.358143][  T539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1611.365988][  T539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1611.481015][ T5475] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1611.499850][ T5475] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1612.548417][T29133] binder: 29132:29133 ioctl c00c6211 0 returned -14
[ 1612.560957][   T12] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1612.706565][T29142] loop8: detected capacity change from 0 to 7
[ 1612.749200][T29142] Dev loop8: unable to read RDB block 7
[ 1612.754839][T29142]  loop8: unable to read partition table
[ 1612.777327][T29142] loop8: partition table beyond EOD, truncated
[ 1612.783561][T29142] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1613.698032][T29173] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1614.226505][T29192] snd_dummy snd_dummy.0: control 1:254:0:syz0:0 is already present
[ 1614.371246][T29199] loop8: detected capacity change from 0 to 7
[ 1614.378782][T29199] Dev loop8: unable to read RDB block 7
[ 1614.384375][T29199]  loop8: unable to read partition table
[ 1614.390858][T29199] loop8: partition table beyond EOD, truncated
[ 1614.400827][T29199] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1614.464030][T29204] binder: 29203:29204 ioctl c00c6211 0 returned -14
[ 1614.637063][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1614.752190][T29213] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1615.243440][T29239] loop8: detected capacity change from 0 to 7
[ 1615.262984][T29239] Dev loop8: unable to read RDB block 7
[ 1615.297053][T29239]  loop8: unable to read partition table
[ 1615.314223][T29239] loop8: partition table beyond EOD, truncated
[ 1615.333796][T29239] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1615.485852][   T60] Bluetooth: hci3: Frame reassembly failed (-84)
[ 1615.645703][T29262] binder: 29260:29262 ioctl c00c6211 0 returned -14
[ 1615.971138][T29277] usb usb8: usbfs: process 29277 (syz.7.19454) did not claim interface 0 before use
[ 1616.131204][T29285] input: syz1 as /devices/virtual/input/input328
[ 1616.190156][T29289] loop8: detected capacity change from 0 to 7
[ 1616.225969][T25516] Dev loop8: unable to read RDB block 7
[ 1616.244095][T25516]  loop8: unable to read partition table
[ 1616.251591][T25516] loop8: partition table beyond EOD, truncated
[ 1616.267003][T29289] Dev loop8: unable to read RDB block 7
[ 1616.273056][T29289]  loop8: unable to read partition table
[ 1616.282353][T29289] loop8: partition table beyond EOD, truncated
[ 1616.291763][T29289] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5)
[ 1616.643533][T29312] random: crng reseeded on system resumption
[ 1616.789278][T29319] Restarting kernel threads ...
[ 1616.794731][T29319] Done restarting kernel threads.
[ 1616.899526][T22358] Bluetooth: (null): Invalid header checksum
[ 1616.906060][T22358] Bluetooth: (null): Invalid header checksum
[ 1617.212148][T29339] binder: 29338:29339 ioctl c00c6211 0 returned -14
[ 1617.516807][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1617.518776][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1619.067951][T29396] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1619.931413][T29434] CUSE: info not properly terminated
[ 1620.134658][T29437] can0: slcan on ptm0.
[ 1620.152745][T29435] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1620.530920][T29436] can0 (unregistered): slcan off ptm0.
[ 1620.884878][T29471] syz.8.19488: vmalloc error: size 28311552, failed to allocated page array size 55296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[ 1620.936234][T29471] CPU: 0 UID: 0 PID: 29471 Comm: syz.8.19488 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1620.936266][T29471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1620.936278][T29471] Call Trace:
[ 1620.936294][T29471]  <TASK>
[ 1620.936303][T29471]  dump_stack_lvl+0x189/0x250
[ 1620.936334][T29471]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1620.936354][T29471]  ? __pfx__printk+0x10/0x10
[ 1620.936376][T29471]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1620.936401][T29471]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[ 1620.936424][T29471]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[ 1620.936448][T29471]  warn_alloc+0x214/0x310
[ 1620.936480][T29471]  ? __pfx_warn_alloc+0x10/0x10
[ 1620.936510][T29471]  ? __get_vm_area_node+0x28f/0x300
[ 1620.936530][T29471]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1620.936556][T29471]  __vmalloc_node_range_noprof+0x67e/0x12f0
[ 1620.936610][T29471]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[ 1620.936629][T29471]  ? vb2_vmalloc_alloc+0xb2/0x340
[ 1620.936650][T29471]  ? __kasan_kmalloc+0x93/0xb0
[ 1620.936675][T29471]  vmalloc_user_noprof+0xad/0xf0
[ 1620.936695][T29471]  ? vb2_vmalloc_alloc+0xef/0x340
[ 1620.936714][T29471]  vb2_vmalloc_alloc+0xef/0x340
[ 1620.936734][T29471]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[ 1620.936753][T29471]  __vb2_queue_alloc+0x9bf/0x15a0
[ 1620.936797][T29471]  vb2_core_reqbufs+0xc31/0x1420
[ 1620.936833][T29471]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[ 1620.936859][T29471]  ? __vb2_init_fileio+0x1e8/0xff0
[ 1620.936882][T29471]  __vb2_init_fileio+0x318/0xff0
[ 1620.936915][T29471]  ? __pfx___mutex_lock+0x10/0x10
[ 1620.936938][T29471]  __vb2_perform_fileio+0x284/0x1600
[ 1620.936975][T29471]  vb2_fop_read+0x273/0x360
[ 1620.937000][T29471]  v4l2_read+0x199/0x2c0
[ 1620.937020][T29471]  ? __pfx_v4l2_read+0x10/0x10
[ 1620.937038][T29471]  vfs_read+0x1fd/0x980
[ 1620.937068][T29471]  ? __pfx_vfs_read+0x10/0x10
[ 1620.937091][T29471]  ? __fget_files+0x2a/0x420
[ 1620.937117][T29471]  ? __fget_files+0x2a/0x420
[ 1620.937138][T29471]  ? __fget_files+0x3a0/0x420
[ 1620.937159][T29471]  ? __fget_files+0x2a/0x420
[ 1620.937191][T29471]  ksys_read+0x145/0x250
[ 1620.937214][T29471]  ? __pfx_ksys_read+0x10/0x10
[ 1620.937232][T29471]  ? rcu_is_watching+0x15/0xb0
[ 1620.937254][T29471]  ? do_syscall_64+0xbe/0x3b0
[ 1620.937275][T29471]  do_syscall_64+0xfa/0x3b0
[ 1620.937297][T29471]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1620.937321][T29471]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.937339][T29471]  ? clear_bhb_loop+0x60/0xb0
[ 1620.937361][T29471]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1620.937378][T29471] RIP: 0033:0x7f54edf8e929
[ 1620.937398][T29471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1620.937413][T29471] RSP: 002b:00007f54eede5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1620.937434][T29471] RAX: ffffffffffffffda RBX: 00007f54ee1b6080 RCX: 00007f54edf8e929
[ 1620.937448][T29471] RDX: 0000000000000013 RSI: 0000200000000180 RDI: 000000000000000c
[ 1620.937460][T29471] RBP: 00007f54ee010b39 R08: 0000000000000000 R09: 0000000000000000
[ 1620.937472][T29471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1620.937483][T29471] R13: 0000000000000000 R14: 00007f54ee1b6080 R15: 00007ffc3018cf98
[ 1620.937511][T29471]  </TASK>
[ 1621.286202][T29471] Mem-Info:
[ 1621.321064][T29471] active_anon:12829 inactive_anon:0 isolated_anon:0
[ 1621.321064][T29471]  active_file:2060 inactive_file:41477 isolated_file:0
[ 1621.321064][T29471]  unevictable:768 dirty:289 writeback:0
[ 1621.321064][T29471]  slab_reclaimable:12139 slab_unreclaimable:98969
[ 1621.321064][T29471]  mapped:24650 shmem:5514 pagetables:1813
[ 1621.321064][T29471]  sec_pagetables:0 bounce:0
[ 1621.321064][T29471]  kernel_misc_reclaimable:0
[ 1621.321064][T29471]  free:1302645 free_pcp:30995 free_cma:0
[ 1621.413558][T29471] Node 0 active_anon:51416kB inactive_anon:0kB active_file:8240kB inactive_file:165708kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:98700kB dirty:1156kB writeback:0kB shmem:20520kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12800kB pagetables:6904kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1621.446928][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1621.537811][T29471] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[ 1621.569255][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1621.696717][T29471] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[ 1621.762755][T29471] lowmem_reserve[]: 0 2497 2498 2498 2498
[ 1621.771228][T29471] Node 0 DMA32 free:1293396kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48272kB inactive_anon:0kB active_file:13200kB inactive_file:165640kB unevictable:1536kB writepending:2068kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:103060kB local_pcp:56356kB free_cma:0kB
[ 1621.803711][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1621.838061][T29471] lowmem_reserve[]: 0 0 1 1 1
[ 1621.859613][T29471] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1336kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:4kB free_cma:0kB
[ 1621.888503][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1621.933896][T29471] lowmem_reserve[]: 0 0 0 0 0
[ 1621.962214][T29471] Node 1 Normal free:3896604kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:23080kB local_pcp:13712kB free_cma:0kB
[ 1622.000856][T29471] lowmem_reserve[]: 0 0 0 0 0
[ 1622.005753][T29471] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[ 1622.022972][T29471] Node 0 DMA32: 1108*4kB (UME) 374*8kB (UME) 821*16kB (UME) 522*32kB (UME) 537*64kB (UE) 91*128kB (UME) 38*256kB (UME) 12*512kB (UM) 6*1024kB (U) 3*2048kB (U) 289*4096kB (UM) = 1295184kB
[ 1622.048305][T29471] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[ 1622.070881][T29471] Node 1 Normal: 209*4kB (UE) 57*8kB (UME) 43*16kB (UME) 69*32kB (UME) 15*64kB (UME) 8*128kB (UME) 3*256kB (ME) 3*512kB (UM) 3*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3896604kB
[ 1622.113745][T29471] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1622.135461][T29471] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1622.197112][T29471] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[ 1622.216879][T29471] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[ 1622.233934][T29471] 54401 total pagecache pages
[ 1622.245666][T29471] 0 pages in swap cache
[ 1622.254324][T29471] Free swap  = 124996kB
[ 1622.265166][T29471] Total swap = 124996kB
[ 1622.275984][T29471] 2097051 pages RAM
[ 1622.286679][T29471] 0 pages HighMem/MovableOnly
[ 1622.295803][T29471] 425688 pages reserved
[ 1622.306679][T29471] 0 pages cma reserved
[ 1623.073300][T29542] CUSE: info not properly terminated
[ 1623.843445][T29582] loop8: detected capacity change from 0 to 7
[ 1623.858660][T29582] Dev loop8: unable to read RDB block 7
[ 1623.864767][T29582]  loop8: unable to read partition table
[ 1623.871263][T29582] loop8: partition table beyond EOD, truncated
[ 1623.878811][T29582] loop_reread_partitions: partition scan of loop8 (þ被xÿ—¨ÿÿÿÿ) failed (rc=-5)
[ 1624.045642][T29595] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1624.451367][T29610] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1624.642788][T29622] sd 0:0:1:0: device reset
[ 1624.648116][T29615] [U] 																																	
[ 1625.051137][T29642] loop8: detected capacity change from 0 to 7
[ 1625.062576][T27055] Dev loop8: unable to read RDB block 7
[ 1625.070555][T27055]  loop8: unable to read partition table
[ 1625.076417][T27055] loop8: partition table beyond EOD, truncated
[ 1625.085053][T29642] Dev loop8: unable to read RDB block 7
[ 1625.093112][T29642]  loop8: unable to read partition table
[ 1625.099425][T29642] loop8: partition table beyond EOD, truncated
[ 1625.106294][T29642] loop_reread_partitions: partition scan of loop8 (þ被xÿä¨ÿÿÿÿ) failed (rc=-5)
[ 1625.511664][T29656] ALSA: seq fatal error: cannot create timer (-19)
[ 1626.076961][T27143] Bluetooth: hci3: command 0x1003 tx timeout
[ 1626.077052][ T6225] Bluetooth: hci3: Opcode 0x1003 failed: -110
[ 1626.339597][T29714] random: crng reseeded on system resumption
[ 1626.490206][T29726] loop8: detected capacity change from 0 to 7
[ 1626.498917][T27055] Dev loop8: unable to read RDB block 7
[ 1626.504656][T27055]  loop8: unable to read partition table
[ 1626.524913][T27055] loop8: partition table beyond EOD, truncated
[ 1626.548363][T29726] Dev loop8: unable to read RDB block 7
[ 1626.570129][T29726]  loop8: unable to read partition table
[ 1626.576073][T29726] loop8: partition table beyond EOD, truncated
[ 1626.602489][T29726] loop_reread_partitions: partition scan of loop8 (þ被xÿï¨ÿÿÿÿ) failed (rc=-5)
[ 1626.986951][T29754] binder: 29751:29754 ioctl c00c6211 0 returned -14
[ 1627.310186][   T30] audit: type=1800 audit(1750365868.127:160): pid=29773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.19541" name="dmabuf" dev="dmabuf" ino=79 res=0 errno=0
[ 1627.593057][T29781] loop8: detected capacity change from 0 to 7
[ 1627.606524][T29781] Dev loop8: unable to read RDB block 7
[ 1627.621408][T29781]  loop8: unable to read partition table
[ 1627.628551][T29781] loop8: partition table beyond EOD, truncated
[ 1627.634849][T29781] loop_reread_partitions: partition scan of loop8 (þ被xÿý¨ÿÿÿÿ) failed (rc=-5)
[ 1628.505366][T29830] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1628.545461][T29830] input: syz0 as /devices/virtual/input/input330
[ 1628.557737][T29825] snd_dummy snd_dummy.0: control 1:0:0:syz0:254 is already present
[ 1629.201688][T29855] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1629.690906][T29880] random: crng reseeded on system resumption
[ 1630.945352][T29938] usb usb8: usbfs: process 29938 (syz.7.19575) did not claim interface 0 before use
[ 1630.963683][T29938] QAT: Invalid ioctl 21531
[ 1631.007876][T29942] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1631.053655][T29946] binder: 29939:29946 ioctl c0306201 2000000003c0 returned -14
[ 1631.060206][T29942] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1631.107191][T29946] binder: 29939:29946 ioctl 8008f513 2000000002c0 returned -22
[ 1631.793367][T29972] [U] ^R
[ 1631.987429][T29977] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[ 1632.863627][T30019] loop8: detected capacity change from 0 to 7
[ 1632.882475][T15546] Dev loop8: unable to read RDB block 7
[ 1632.888354][T15546]  loop8: unable to read partition table
[ 1632.894316][T15546] loop8: partition table beyond EOD, truncated
[ 1632.908287][T30019] Dev loop8: unable to read RDB block 7
[ 1632.920587][T30019]  loop8: unable to read partition table
[ 1632.927127][T30019] loop8: partition table beyond EOD, truncated
[ 1632.944062][T30019] loop_reread_partitions: partition scan of loop8 (þ被xäÿ¨ÿÿÿÿ) failed (rc=-5)
[ 1633.011245][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.058020][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.065902][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.091233][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.099998][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.117993][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.125773][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.138927][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.165428][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.179264][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.187344][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.195108][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.214736][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.231374][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.239510][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.258330][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.266104][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.274775][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.296678][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.304497][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.314249][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.326958][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.338542][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.362066][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.381786][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.421650][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.445769][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1633.487602][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487637][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487663][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487689][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487714][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487740][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487766][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487791][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487817][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487842][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487867][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487891][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487916][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487941][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487966][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.487992][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488017][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488042][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488066][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488091][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488117][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488142][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488168][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488193][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488218][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488243][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488267][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488293][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488324][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488350][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488375][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488400][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488426][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488451][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488475][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488500][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488525][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488551][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488576][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488601][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488626][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488651][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488676][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488702][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488727][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488752][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488777][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488802][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488828][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488853][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488878][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488904][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488929][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488954][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.488980][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489005][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489031][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489056][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489077][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489097][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489116][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489141][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489166][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489190][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489216][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489241][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489265][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489290][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489320][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489345][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489370][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489396][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489421][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489446][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489471][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489497][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489522][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489547][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489573][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489598][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489623][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489648][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489674][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489700][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489725][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489751][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489775][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489798][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489822][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489846][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489870][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489895][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489919][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489944][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489968][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.489993][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490018][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490042][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490067][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490091][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490115][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490140][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490165][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490189][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490211][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490236][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490261][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490286][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490311][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490341][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490366][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490391][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490415][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490440][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490464][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490489][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490512][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490537][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490562][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490586][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490611][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490636][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490661][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490686][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490708][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490790][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.490816][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.491178][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.491306][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.491511][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.491589][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.491662][ T6155] hid-generic 0003:FFFFFB51:0005.0014: unknown main item tag 0x0
[ 1633.501193][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.001982][T30050] snd_dummy snd_dummy.0: control 1:0:0:syz0:0 is already present
[ 1634.036483][ T6155] hid-generic 0003:FFFFFB51:0005.0014: hidraw0: USB HID v0.01 Device [syz0] on syz0
[ 1634.668349][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.676112][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.676141][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.691758][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.699595][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.707407][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.715158][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.722985][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.730802][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.738627][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.746368][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.754172][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.762020][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.769834][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.778011][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.785763][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.794030][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.801870][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.810280][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.818122][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.825867][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.833675][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.841495][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.849312][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.857141][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.864888][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.872693][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.880565][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.885357][T30059] random: crng reseeded on system resumption
[ 1634.888584][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.888614][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.888639][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.888661][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.925695][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.933560][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.941421][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949208][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949235][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949259][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949284][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949307][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949329][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949353][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949377][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949400][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949423][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949447][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949469][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.949489][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.965499][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.965526][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.965549][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.989135][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.989161][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.989186][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1634.989209][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.016718][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.109233][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.122047][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.129850][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.137711][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.145479][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.153315][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.161128][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.168924][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.181924][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.189775][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.203974][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.211990][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.226567][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.236099][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.255445][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.265165][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.309093][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.327140][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.335064][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.356046][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.376301][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.386453][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.406740][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.414522][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.442803][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.468960][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.494966][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.512882][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.536781][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.565367][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.586776][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.609870][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.627225][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.643597][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.665238][T30076] kvm: user requested TSC rate below hardware speed
[ 1635.689148][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.720650][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.730728][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.738754][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.746596][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.803449][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.818012][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.828888][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.859183][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.871837][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.892728][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.908522][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.916298][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.930494][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.941216][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.954155][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.966030][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.976458][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1635.985369][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.003564][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.011473][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.019386][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.027275][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.035015][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.048700][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.056473][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.064499][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.072384][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.083309][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.091318][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.109683][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.129540][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.158158][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.165965][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.187328][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.215429][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.228860][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.246825][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.264805][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.283669][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.303273][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.345001][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.356726][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.377026][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.395137][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.404507][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.418204][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.509001][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.523440][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.540270][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.548139][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.557600][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.565434][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.573338][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.581158][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596703][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596731][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596755][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596780][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596803][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596827][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596877][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596901][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596925][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.596950][ T6906] hid-generic 0006:0005:FFFFFF01.0015: unknown main item tag 0x0
[ 1636.598906][ T6906] hid-generic 0006:0005:FFFFFF01.0015: hidraw1: VIRTUAL HID v88.cf Device [syz1] on syz1
[ 1636.736291][T30126] fido_id[30126]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1636.786544][T30134] loop8: detected capacity change from 0 to 7
[ 1636.800530][T30134] Dev loop8: unable to read RDB block 7
[ 1636.800574][T30134]  loop8: unable to read partition table
[ 1636.800761][T30134] loop8: partition table beyond EOD, truncated
[ 1636.800780][T30134] loop_reread_partitions: partition scan of loop8 (þ被xþÿ¨ÿÿÿÿ) failed (rc=-5)
[ 1637.572265][T30182] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1637.801799][T30199] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1638.190990][T30234] tun0: tun_chr_ioctl cmd 1074025675
[ 1638.196568][T30234] tun0: persist enabled
[ 1638.286002][T30239] tun0: tun_chr_ioctl cmd 1074025675
[ 1638.294070][T30241] binder: 30240:30241 ioctl c00c6211 0 returned -14
[ 1638.307061][T30239] tun0: persist enabled
[ 1638.933931][T30271] iommufd_mock iommufd_mock1: Adding to iommu group 0
[ 1638.967145][T30269] iommufd_mock iommufd_mock0: Adding to iommu group 1
[ 1638.994005][T30268] iommufd_mock iommufd_mock2: Adding to iommu group 2
[ 1639.233261][T30298] binder: 30297:30298 ioctl c00c6211 0 returned -14
[ 1639.902335][T30334] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1639.950527][T30341] binder: 30339:30341 ioctl c00c6211 0 returned -14
[ 1641.963157][T30419] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1642.362005][T30449] snd_dummy snd_dummy.0: control 1:254:0:syz0:32 is already present
[ 1642.913123][T30461] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888054f9e000 pfn:0x54f98
[ 1642.966129][T30461] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1643.020455][T30461] memcg:ffff88801d2eb400
[ 1643.024750][T30461] flags: 0xfff00000000041(locked|head|node=0|zone=1|lastcpupid=0x7ff)
[ 1643.096729][T30461] raw: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000
[ 1643.149489][T30461] raw: ffff888054f9e000 0000000000000000 00000001ffffffff ffff88801d2eb400
[ 1643.160043][T30461] head: 00fff00000000041 0000000000000000 dead000000000122 0000000000000000
[ 1643.169244][T30461] head: ffff888054f9e000 0000000000000000 00000001ffffffff ffff88801d2eb400
[ 1643.178423][T30461] head: 00fff00000000203 ffffea000153e601 00000000ffffffff 00000000ffffffff
[ 1643.187788][T30461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[ 1643.196582][T30461] page dumped because: VM_BUG_ON_FOLIO(folio_order(folio) < mapping_min_folio_order(mapping))
[ 1643.211031][T30461] page_owner tracks the page as allocated
[ 1643.218055][T30461] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 30461, tgid 30460 (syz.6.19675), ts 1642913086043, free_ts 1642887892610
[ 1643.245933][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1643.262136][T30461]  post_alloc_hook+0x240/0x2a0
[ 1643.267186][T30461]  get_page_from_freelist+0x21e4/0x22c0
[ 1643.273410][T30461]  __alloc_frozen_pages_noprof+0x181/0x370
[ 1643.286168][T30461]  alloc_pages_mpol+0x232/0x4a0
[ 1643.299049][T30461]  alloc_pages_noprof+0xa9/0x190
[ 1643.304107][T30461]  folio_alloc_noprof+0x1e/0x30
[ 1643.309829][T30461]  filemap_alloc_folio_noprof+0xdf/0x470
[ 1643.315556][T30461]  page_cache_ra_order+0x5e5/0xc70
[ 1643.322967][T30461]  filemap_fault+0x59e/0x1200
[ 1643.328514][T30461]  __do_fault+0x138/0x390
[ 1643.332930][T30461]  __handle_mm_fault+0x198b/0x5620
[ 1643.340292][T30461]  handle_mm_fault+0x40a/0x8e0
[ 1643.345164][T30461]  do_user_addr_fault+0x764/0x1390
[ 1643.351126][T30461]  exc_page_fault+0x76/0xf0
[ 1643.356068][T30461]  asm_exc_page_fault+0x26/0x30
[ 1643.363740][T30461] page last free pid 28167 tgid 28167 stack trace:
[ 1643.374519][T30461]  __free_frozen_pages+0xc71/0xe70
[ 1643.379919][T30461]  __put_partials+0x161/0x1c0
[ 1643.384685][T30461]  put_cpu_partial+0x17c/0x250
[ 1643.390093][T30461]  __slab_free+0x2f7/0x400
[ 1643.394604][T30461]  qlist_free_all+0x97/0x140
[ 1643.399642][T30461]  kasan_quarantine_reduce+0x148/0x160
[ 1643.405188][T30461]  __kasan_slab_alloc+0x22/0x80
[ 1643.410818][T30461]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[ 1643.416372][T30461]  vm_area_dup+0x2b/0x680
[ 1643.422058][T30461]  dup_mmap+0x90c/0x1ac0
[ 1643.426402][T30461]  copy_mm+0x13c/0x4b0
[ 1643.444831][T30461]  copy_process+0x1706/0x3c00
[ 1643.452085][T30461]  kernel_clone+0x21e/0x870
[ 1643.457501][T30461]  __x64_sys_clone+0x18b/0x1e0
[ 1643.462365][T30461]  do_syscall_64+0xfa/0x3b0
[ 1643.467240][T30461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1643.473752][T30461] ------------[ cut here ]------------
[ 1643.479990][T30461] kernel BUG at mm/filemap.c:868!
[ 1643.498494][T30461] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[ 1643.504762][T30461] CPU: 0 UID: 0 PID: 30461 Comm: syz.6.19675 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) 
[ 1643.516915][T30461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1643.526959][T30461] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0
[ 1643.533024][T30461] Code: 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cb a2 10 00 90 0f 0b e8 83 02 c9 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 b4 a2 10 00 90 <0f> 0b e8 6c 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 9d a2 10 00
[ 1643.552625][T30461] RSP: 0018:ffffc90002ef6f80 EFLAGS: 00010246
[ 1643.558683][T30461] RAX: 5ebcdf69b2971000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1643.566641][T30461] RDX: 0000000000000007 RSI: ffffffff8da4c121 RDI: 00000000ffffffff
[ 1643.574602][T30461] RBP: ffffc90002ef70e8 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e
[ 1643.582559][T30461] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffea000153e600
[ 1643.590519][T30461] R13: dffffc0000000000 R14: ffffea000153e608 R15: 0000000000000004
[ 1643.598477][T30461] FS:  00007f38b4f8e6c0(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
[ 1643.607391][T30461] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1643.613960][T30461] CR2: 00007fe6f23b7bac CR3: 000000006a6f2000 CR4: 00000000003526f0
[ 1643.621922][T30461] DR0: 0000000000000000 DR1: 0000000000010003 DR2: 0000000000000000
[ 1643.629879][T30461] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1643.637927][T30461] Call Trace:
[ 1643.641192][T30461]  <TASK>
[ 1643.644111][T30461]  ? percpu_ref_put+0x19/0x180
[ 1643.648871][T30461]  ? __pfx___filemap_add_folio+0x10/0x10
[ 1643.654495][T30461]  ? percpu_ref_put+0xf9/0x180
[ 1643.659251][T30461]  filemap_add_folio+0xd5/0x270
[ 1643.664094][T30461]  page_cache_ra_order+0x74c/0xc70
[ 1643.669200][T30461]  filemap_fault+0x59e/0x1200
[ 1643.673869][T30461]  ? __pfx_filemap_fault+0x10/0x10
[ 1643.678972][T30461]  __do_fault+0x138/0x390
[ 1643.683290][T30461]  __handle_mm_fault+0x198b/0x5620
[ 1643.688389][T30461]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1643.693837][T30461]  ? find_vma+0xe7/0x160
[ 1643.698064][T30461]  ? __pfx_find_vma+0x10/0x10
[ 1643.702727][T30461]  handle_mm_fault+0x40a/0x8e0
[ 1643.707480][T30461]  do_user_addr_fault+0x764/0x1390
[ 1643.712590][T30461]  exc_page_fault+0x76/0xf0
[ 1643.717087][T30461]  asm_exc_page_fault+0x26/0x30
[ 1643.721925][T30461] RIP: 0010:rep_movs_alternative+0x4a/0x90
[ 1643.727725][T30461] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 <f3> a4 e9 ff f6 03 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48
[ 1643.747318][T30461] RSP: 0018:ffffc90002ef77f8 EFLAGS: 00050206
[ 1643.753375][T30461] RAX: ffffffff84c5b201 RBX: ffff888062bb7000 RCX: 0000000000000100
[ 1643.761331][T30461] RDX: 0000000000000000 RSI: ffff888062bb7f00 RDI: 00002000004ec000
[ 1643.769288][T30461] RBP: ffffc90002ef7948 R08: ffff888062bb7fff R09: 1ffff1100c576fff
[ 1643.777246][T30461] R10: dffffc0000000000 R11: ffffed100c577000 R12: 1ffff920005defaf
[ 1643.785202][T30461] R13: 00002000004eb100 R14: ffffc90002ef7d88 R15: 0000000000001000
[ 1643.793160][T30461]  ? _copy_to_iter+0x161/0x16f0
[ 1643.798009][T30461]  _copy_to_iter+0x24c/0x16f0
[ 1643.802679][T30461]  ? __pfx_filemap_get_pages+0x10/0x10
[ 1643.808126][T30461]  ? __pfx__copy_to_iter+0x10/0x10
[ 1643.813225][T30461]  ? folio_mark_accessed+0x26f/0x8b0
[ 1643.818502][T30461]  ? page_copy_sane+0x16a/0x280
[ 1643.823344][T30461]  copy_page_to_iter+0x10c/0x1c0
[ 1643.828274][T30461]  filemap_read+0xa18/0x11a0
[ 1643.832869][T30461]  ? __pfx_filemap_read+0x10/0x10
[ 1643.837889][T30461]  ? end_current_label_crit_section+0x152/0x180
[ 1643.844121][T30461]  ? down_read+0x1ad/0x2e0
[ 1643.848528][T30461]  blkdev_read_iter+0x30a/0x440
[ 1643.853374][T30461]  vfs_read+0x4cd/0x980
[ 1643.857523][T30461]  ? __pfx_vfs_read+0x10/0x10
[ 1643.862191][T30461]  ? __fget_files+0x2a/0x420
[ 1643.866774][T30461]  ksys_read+0x145/0x250
[ 1643.871004][T30461]  ? __pfx_ksys_read+0x10/0x10
[ 1643.875752][T30461]  ? rcu_is_watching+0x15/0xb0
[ 1643.880501][T30461]  ? do_syscall_64+0xbe/0x3b0
[ 1643.885163][T30461]  do_syscall_64+0xfa/0x3b0
[ 1643.889741][T30461]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1643.894931][T30461]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1643.900980][T30461]  ? clear_bhb_loop+0x60/0xb0
[ 1643.905647][T30461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1643.911526][T30461] RIP: 0033:0x7f38b418e929
[ 1643.915926][T30461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1643.935518][T30461] RSP: 002b:00007f38b4f8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1643.943920][T30461] RAX: ffffffffffffffda RBX: 00007f38b43b5fa0 RCX: 00007f38b418e929
[ 1643.951878][T30461] RDX: 00000000fffffe5a RSI: 0000200000000100 RDI: 0000000000000003
[ 1643.959835][T30461] RBP: 00007f38b4210b39 R08: 0000000000000000 R09: 0000000000000000
[ 1643.967796][T30461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1643.975754][T30461] R13: 0000000000000000 R14: 00007f38b43b5fa0 R15: 00007ffcd2669ea8
[ 1643.983716][T30461]  </TASK>
[ 1643.986731][T30461] Modules linked in:
[ 1643.991426][T30461] ---[ end trace 0000000000000000 ]---
[ 1644.001278][T30461] RIP: 0010:__filemap_add_folio+0x11ad/0x12f0
[ 1644.017466][T30461] Code: 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 cb a2 10 00 90 0f 0b e8 83 02 c9 ff 4c 89 e7 48 c7 c6 40 2e 94 8b e8 b4 a2 10 00 90 <0f> 0b e8 6c 02 c9 ff 4c 89 e7 48 c7 c6 60 37 94 8b e8 9d a2 10 00
[ 1644.038661][T30461] RSP: 0018:ffffc90002ef6f80 EFLAGS: 00010246
[ 1644.045043][T30461] RAX: 5ebcdf69b2971000 RBX: 0000000000000003 RCX: 0000000000000000
[ 1644.058087][T30461] RDX: 0000000000000007 RSI: ffffffff8da4c121 RDI: 00000000ffffffff
[ 1644.066113][T30461] RBP: ffffc90002ef70e8 R08: ffffffff8fc232f7 R09: 1ffffffff1f8465e
[ 1644.075502][T30461] R10: dffffc0000000000 R11: fffffbfff1f8465f R12: ffffea000153e600
[ 1644.084227][T30461] R13: dffffc0000000000 R14: ffffea000153e608 R15: 0000000000000004
[ 1644.092750][T30461] FS:  00007f38b4f8e6c0(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
[ 1644.101787][T30461] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1644.109682][T30461] CR2: 00007fe6f23b7bac CR3: 000000006a6f2000 CR4: 00000000003526f0
[ 1644.117744][T30461] DR0: 0000000000000000 DR1: 0000000000010003 DR2: 0000000000000000
[ 1644.125717][T30461] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1644.133982][T30461] Kernel panic - not syncing: Fatal exception
[ 1644.140293][T30461] Kernel Offset: disabled
[ 1644.144605][T30461] Rebooting in 86400 seconds..