last executing test programs: 15m21.186311047s ago: executing program 0 (id=1696): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000180)={0x0, 0x0, 0x0, 'queue0\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r1, 0xc0bc5310, &(0x7f0000000080)) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0) close(r2) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1, 0x42072, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x4ca31, 0xffffffffffffffff, 0x0) write$sndseq(r1, &(0x7f0000000000)=[{0x22, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32={[0x0, 0x0, 0x95ffffff]}}], 0xffc8) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) r4 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_FREQUENCY(r4, 0x402c5639, &(0x7f0000000040)={0x3, 0x5}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_GET_DIRTY_BITMAP(r0, 0x3b8c, &(0x7f00000002c0)={0x30, r5, 0x1, 0x0, 0x5, 0x0, 0x1, 0x0}) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0xb, 0x202812, r6, 0x7dfff000) 15m21.042834621s ago: executing program 0 (id=1697): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0xd5c4dab14246e9b8, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r2, &(0x7f0000000680)={0x13, 0x10, 0x10f, {0x0, r3, 0x2}}, 0x18) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0xa2280, 0x0) ioctl$FS_IOC_GETFLAGS(r4, 0x5437, 0x0) close(r4) r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r5, 0xc018aec0, &(0x7f00000000c0)={0x10006, 0x2c0, 0x340, &(0x7f00000006c0)=[0x941, 0x1, 0x79e7235, 0x0, 0x5, 0x101, 0x8, 0x4, 0xffffffffffffffff, 0xe7, 0x3, 0x3, 0xee1, 0x1aa8, 0x7d7, 0x1000, 0x3, 0x7f0, 0x10000, 0x0, 0x8, 0x7, 0xc, 0x100, 0x221a, 0x2, 0xaa, 0xd11, 0x1, 0x8000000000000000, 0x1, 0x6, 0x401, 0xd, 0x2, 0x5, 0x9, 0x2, 0x6, 0x2, 0x0, 0xb7, 0x7, 0x9658, 0x20000000400000, 0xf1f2, 0x8, 0xfffffffffffffffb, 0x9c, 0x1, 0x9, 0x6, 0x7fff, 0xb06, 0x3, 0x1, 0x7f, 0xf2, 0x3e, 0xa000000000000000, 0x3, 0xe4, 0x0, 0x24000, 0x5, 0x7, 0x2, 0x6, 0x7fffffff, 0x40, 0x394, 0x2, 0x6914, 0x3, 0x1ff, 0x1, 0x10, 0x10, 0x9, 0xb, 0x3, 0x7, 0x100000001, 0x27a, 0x400, 0x6, 0x800000000000000, 0x2, 0x7, 0x7fffffff, 0x1ff, 0x40, 0x9, 0x5, 0x8, 0x7fff, 0x8000000000000000, 0x7, 0x1, 0x2, 0xec, 0x9, 0x7, 0x3, 0x5, 0x8000, 0xfffffffffffffff7, 0xffff, 0x52, 0x8, 0x4, 0x6, 0x2, 0x7, 0x3, 0x80, 0xffffffffffffff74, 0x0, 0x7ffffffffffffffb, 0x49fb51ca, 0x80, 0x0, 0x0, 0x8, 0x1, 0x57, 0x9, 0xfffffffffffffffb]}) r6 = syz_open_dev$sndctrl(&(0x7f0000000200), 0xfffffffffffffffe, 0x100) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r6, 0xc008551c, &(0x7f00000020c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x0, 0x4000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) ioctl$BLKCLOSEZONE(r7, 0x40101287, &(0x7f0000000000)={0x6}) r8 = openat$kvm(0x0, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x0) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r10 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x1, 0x0) r11 = openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$proc_mixer(r10, &(0x7f00000000c0)=ANY=[@ANYRES8=r11], 0x39) close(r10) read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r12 = syz_open_dev$ndb(&(0x7f0000001f40), 0x0, 0x41) openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$BLKSECDISCARD(r12, 0x127d, 0x0) 15m20.195807814s ago: executing program 0 (id=1707): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bc, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x43}}, {0x0, 0x1e}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f00000000c0)=0x10000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@hyper}) ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r4, 0x7b1, &(0x7f0000000280)={0x0, 0x3, 0x0, 0xffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 15m19.774950807s ago: executing program 0 (id=1711): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f00000001c0)=""/160, 0x18) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = dup(r1) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000000)={0x2f, {0x0, 0x0, 0x2}}) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000080)={{0x0, 0x2}, 'syz0\x00', 0xfffffffe}) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 15m19.63112981s ago: executing program 0 (id=1712): ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000040)={{0x7, 0x2}, 'port1\x00', 0x10, 0x400, 0x10, 0x80, 0x63c69776, 0xf, 0x5, 0x0, 0x3, 0xc}) (async) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) read(r0, &(0x7f00000001c0)=""/157, 0x9d) 15m19.464497998s ago: executing program 0 (id=1715): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000040)={0xb, 0x10, 0x8f, {0x0}}, 0x18) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f0000001380)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000014c0)=""/4096, 0x1000, 0x94, 0x9, 0x200, 0x7, 0x5}}, 0x120) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000240)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000f1ffffff210000400000000009"]) r9 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r9, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0}) ioctl$KVM_RUN(r5, 0xae80, 0x0) read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000500)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x4000000000000) 15m4.351776217s ago: executing program 32 (id=1715): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000040)={0xb, 0x10, 0x8f, {0x0}}, 0x18) r1 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f0000001380)={0x0, {'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000014c0)=""/4096, 0x1000, 0x94, 0x9, 0x200, 0x7, 0x5}}, 0x120) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r7, 0xc00caee0, &(0x7f0000000240)={0x4, 0xffffffffffffffff}) ioctl$KVM_SET_DEVICE_ATTR(r8, 0x4018aee1, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="01000000f1ffffff210000400000000009"]) r9 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r9, 0x2285, &(0x7f0000000440)={0x53, 0xfffffffe, 0x6, 0x0, @buffer={0x0, 0x20020, &(0x7f0000000140)=""/24}, &(0x7f0000000380)="851666ce20db", 0x0, 0xfffffffb, 0x39, 0x0, 0x0}) ioctl$KVM_RUN(r5, 0xae80, 0x0) read(r1, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000140)=0x15) ioctl$TIOCSTI(r10, 0x5412, &(0x7f00000002c0)=0x7e) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000540)=0x9) ioctl$TIOCSTI(r10, 0x5412, &(0x7f0000000500)) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x4000000000000) 6m53.735946512s ago: executing program 3 (id=5635): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28b00, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000200)={'bond_slave_0\x00', @local}) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r3 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r3, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r3, &(0x7f0000002f80)={0xa0, 0x0, r4, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r5, r6, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) read$FUSE(r2, &(0x7f0000003040)={0x2020}, 0x2020) write$FUSE_CREATE_OPEN(r2, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, r4, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x400000000006, 0x1, 0x80000000, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0xfffffffb}}, {0x0, 0x1c}}}, 0xa0) syz_open_dev$media(&(0x7f0000000000), 0x2, 0x20000) read$FUSE(r2, 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r8, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f00000000c0)={0x6000, 0x805fe}) mmap(&(0x7f0000ad4000/0x1000)=nil, 0x1000, 0x2, 0x10, r3, 0x5e817000) 6m52.794566304s ago: executing program 3 (id=5643): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000940), 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05640, &(0x7f0000000a80)={0xb, @win={{0x38305343, 0x9, 0xfff, 0x2}, 0x1, 0x2, 0x0, 0x5, 0x0, 0x8f}}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r2, 0x4b45, 0x3) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {r2}}, './file0\x00'}) ioctl$SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f0000000180)=0x410004) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0x9) r5 = syz_open_dev$ptys(0xc, 0x3, 0x1) read(r5, &(0x7f00000000c0)=""/155, 0x32) 6m52.628300794s ago: executing program 3 (id=5646): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) (async) ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000000)=0xb462) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0) (async) ioctl$IOMMU_IOAS_MAP$PAGES(0xffffffffffffffff, 0x3b85, 0x0) r2 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x52bec0, 0x0) mmap(&(0x7f0000787000/0x1000)=nil, 0x1000, 0x5a051feb1f984a1d, 0x202812, r2, 0x7dfff000) 6m52.552642633s ago: executing program 3 (id=5648): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x50, r1, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000006, 0x50, r1, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) (async) 6m52.267407148s ago: executing program 3 (id=5651): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x80000, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x511c02, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc) write$cgroup_int(r2, &(0x7f0000000040)=0x900, 0x12) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r3, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYRES64=0x0, @ANYRES64=r3], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/address_bits', 0x80000, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x511c02, 0x0) (async) openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xc) (async) write$cgroup_int(r2, &(0x7f0000000040)=0x900, 0x12) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.self_freezing\x00', 0x275a, 0x0) (async) mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r3, 0x0) (async) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYRES64=0x0, @ANYRES64=r3], 0x32600) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) (async) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) (async) 6m51.999681031s ago: executing program 3 (id=5655): r0 = syz_open_dev$media(&(0x7f00000000c0), 0x1, 0x20000) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)=0xffffffffffffffff) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r2, &(0x7f00000000c0)=""/108, 0x6c) (async) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) write$dsp(r3, &(0x7f0000002000)='`', 0x88020) ioctl$MEDIA_REQUEST_IOC_REINIT(r1, 0x541b, 0x0) (async) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000014c0)={&(0x7f00000013c0)=[0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001480)=[0x0], 0x1, 0x9, 0x6, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8}) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000001500)={0x2, 0x75, "91a983103f480cd0e7b2363c9b4828f09f4f24d4c390fe86176a1ed46e55710933151a8f0fbb082096283cf6fdee841e2b141540c0ece727cc6446595f5cb9397f60d9c4496d94de7a6cf891b5cf4aade2cbc92a366a81bf29ee8c86a010e42f7f39de6218eb56ac61f72efab09cc7525089c4bff4"}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000001180)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001140)=[0x0], 0xb}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000001200)={&(0x7f00000011c0)=[0x0, 0x0], 0x2}) (async) r11 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r11, 0xc0285700, &(0x7f0000000040)={0xa1b, "c7080000000000000009a0721972dd40cb00000000000800"}) (async) r12 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async, rerun: 64) close(r11) (async, rerun: 64) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) write$cgroup_devices(r13, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad888a8"], 0xffdd) (async) read$ptp(r12, &(0x7f00000000c0)=""/8, 0x8) (async) ioctl$DRM_IOCTL_MODE_GET_LEASE(r12, 0xc01064c8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)}) r14 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r14, 0xc0505405, &(0x7f0000000000)={{0x3}, 0x0, 0x0, 'id0\x00', 'timer0\x00'}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000001300)={&(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0], 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000001380)={&(0x7f0000001340)=[r7, r9, r10, 0x0, r15], 0x5}) 6m42.961770172s ago: executing program 2 (id=5743): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0x81) ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f00000001c0)=0x2) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (async) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x5, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0x81) (async) ioctl$SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f00000001c0)=0x2) (async) read$FUSE(r1, 0x0, 0x0) (async) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async) dup(r2) (async) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) (async) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) (async) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) (async) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (async) 6m42.726723808s ago: executing program 2 (id=5746): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) r1 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x6, 0x40103) ioctl$VIDIOC_SUBDEV_G_CROP(r1, 0xc038563b, &(0x7f0000000140)={0x0, 0x0, {0x0, 0x5, 0x8001, 0x1}}) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xaece, 0x0) preadv(r5, &(0x7f0000000080)=[{&(0x7f0000000600)=""/76, 0x4c}], 0x1, 0x1040, 0x0) r6 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r6, &(0x7f0000000100)=""/159, 0xfffffe5a) 6m42.113379299s ago: executing program 2 (id=5750): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) ioctl$TIOCMIWAIT(r1, 0x545c, 0x0) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 6m41.816775594s ago: executing program 2 (id=5753): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x1, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x6, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x1012c0, 0x0) read$FUSE(r1, &(0x7f0000004a00)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd67) read$FUSE(r1, 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r1, 0x80044dfe, &(0x7f00000001c0)) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, &(0x7f0000000000)={0x0, 0x0, {r3}, {r2}, 0x0, 0x1000}) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r6 = dup(r5) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) write$UHID_INPUT(r8, &(0x7f0000001980)={0x9, {"a2e3ad214fc752f91b2909094bf70e0dd038e7ff7fc6e5539b324c078b089b32333b6d1a0890e0878f0e1ac6e7049b076d959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31300d076d0936cd3b78130daa61d8e809ea889b5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae19397d696d0d758f2dc7d1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000000008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc94681359bad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f347cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea56777e001cd34e5cb2f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4ceb360c7e658828563e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b4bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf054135bbafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd731a0bfc1cb1a4c78f9ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b01979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6ea94f88a4facfd4c735a20307c737afae5136651b1b9bd522dcb399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab83c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a602000000000000007007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00303000000000000007fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e49336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57fa9c0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d3679507000000000000934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba80900000000000000d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb903729a7db6ff957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006) r9 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000440)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r9, 0x0) r10 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0xc0280, 0x0) ioctl$PPPIOCNEWUNIT(r10, 0xc004743e, &(0x7f0000000100)=0x3) r11 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400), 0x61500, 0x0) ioctl$PPPIOCATTACH(r11, 0x4004743d, &(0x7f0000000040)=0x3) r12 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) ioctl$DRM_IOCTL_GET_STATS(r12, 0x80f86406, &(0x7f0000000880)=""/208) close(r10) read$qrtrtun(r11, 0x0, 0x0) r13 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000840)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0) read(r13, &(0x7f0000000580)=""/119, 0x77) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r6, 0x0) ioctl$BLKZEROOUT(r13, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 6m40.257796902s ago: executing program 2 (id=5760): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async, rerun: 32) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) (async, rerun: 64) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) (rerun: 64) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f00000002c0)=0x20) mmap$fb(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000004, 0x11, r5, 0x6f000) (async) ioctl$KVM_SET_XSAVE(r4, 0x5000aea5, &(0x7f00000012c0)={[0x7, 0xffffff7f, 0x5, 0x5, 0xa, 0x800, 0x9, 0x5, 0x920, 0xfffffff0, 0x9a2, 0x6, 0x8, 0x1ca, 0x6, 0x3, 0x4, 0x4, 0x200, 0x8001, 0x4, 0x10000, 0x7, 0xfffffffb, 0xcf45, 0x48, 0x0, 0x10, 0x6, 0x3, 0x7, 0x7, 0xb959, 0x7, 0x2, 0x2, 0x0, 0x5, 0x5, 0x1, 0x4, 0x101, 0x3, 0x80, 0x35a, 0x5, 0x1d0, 0xfffffffd, 0x4, 0xb7, 0x8001, 0x19, 0x3, 0xfffffffe, 0x4, 0x9, 0x3, 0x5, 0xee, 0x9, 0xfffffffb, 0x10, 0x8, 0x5, 0x7f, 0x7af, 0x2749, 0x3, 0xbd3, 0xffffff00, 0x7, 0x4af2, 0x9a2, 0x7, 0x4, 0xdb, 0x5, 0x2, 0xfffffffb, 0xab8f, 0x2, 0xe634, 0x6, 0x5, 0x0, 0x2, 0x8, 0x200, 0x84, 0x1, 0x4, 0xa, 0xe, 0x400, 0x800, 0x1ef9, 0x4, 0xffffffc0, 0x3, 0x7700edf1, 0x5, 0x9, 0x7796, 0xf, 0xb, 0x5, 0x8001, 0x8, 0x9, 0x6, 0x7, 0x6, 0x3f69, 0x641, 0xb21, 0x8, 0x4, 0x7, 0x7, 0x1, 0x7, 0x9, 0x97, 0x6, 0x2, 0x3000000, 0x0, 0x2, 0x5, 0x0, 0x7, 0x7ff, 0x3, 0xfffffc01, 0x3, 0xfffffff5, 0x1, 0x3, 0x101, 0x1, 0x81, 0x800, 0x8d, 0x4, 0xf14b, 0x1, 0x9, 0x6, 0x6, 0xa, 0x62, 0x4, 0x9, 0x1c, 0x3, 0x100, 0x2, 0x1, 0xffff7fff, 0x10001, 0x5, 0x0, 0x8, 0xfff, 0x8001, 0xfffffff9, 0xe8d5, 0x8, 0x9, 0x3, 0xf88, 0x7, 0x0, 0x3, 0x3, 0x6, 0x6, 0xffff, 0x89be, 0xffffff6e, 0x1256, 0xfcdc, 0x1, 0x3ff, 0xee, 0xd, 0xfffffff9, 0x0, 0xc, 0xfffffffa, 0x80000000, 0xe, 0xfffffffb, 0x5, 0x7, 0x81, 0x40, 0x3, 0x6, 0xa4a5, 0xfffffff7, 0x6, 0x4026, 0x8, 0x5e39d163, 0xfa5c, 0xb, 0x4, 0x1, 0x6, 0x1ff, 0xcf1b, 0x5, 0x80000001, 0x6, 0x2, 0x4, 0x9, 0x5, 0x6, 0xd0, 0x7, 0xfffffffa, 0x3, 0x2, 0x22, 0x20, 0xa, 0xdad, 0x10000, 0x3, 0x7, 0x10001, 0x6, 0x2, 0x80000001, 0x9, 0x3, 0x2, 0x4, 0x1279, 0x1, 0x401, 0x3, 0x7, 0x2, 0x3, 0xaa, 0xfffffffe, 0x2, 0x4, 0x0, 0x0, 0x4, 0xffffffff, 0x800, 0xfff, 0x100, 0x10, 0x7c, 0x6, 0x1e19, 0x512a, 0x3ee2, 0x80, 0x2000000, 0x5, 0xa, 0xffffb055, 0xdd, 0x200, 0x8, 0x8, 0x0, 0x7, 0x5, 0xfffffff8, 0x7fff, 0x9, 0x2, 0x5, 0x7, 0x6, 0xad, 0x81, 0x5, 0x1, 0x8, 0x4, 0xf29a, 0xfffffffc, 0x8, 0x192, 0xb, 0x1ff, 0x101, 0x8, 0x4, 0x9, 0x2, 0xb, 0x1, 0x3, 0x2, 0x7, 0x8, 0x90, 0x2, 0x4, 0x0, 0x2, 0x7ab3b937, 0xd, 0xad09, 0x3, 0xb, 0x7, 0x9, 0xfffffffd, 0x4d, 0x3, 0x5, 0x4, 0x8, 0x8000, 0x2, 0x1, 0x4, 0x6, 0x7ff, 0x9, 0x4, 0x3, 0x401, 0x7f, 0x5, 0x2, 0xffffffcf, 0x80000001, 0x100, 0x6, 0x80000000, 0x5, 0x5, 0x7, 0x5, 0x1, 0xe1e, 0x0, 0x3, 0x55, 0x10000, 0x0, 0x7, 0xa, 0x100, 0x2, 0x8001, 0x1, 0x7, 0xaa5e, 0x5, 0x3, 0x1000, 0x80, 0x5, 0x2, 0x7, 0x7, 0x1, 0x7, 0xfff, 0x7, 0x5, 0x2, 0x4, 0x9, 0x7, 0x10000, 0x80, 0xc4, 0x9, 0x9, 0x1, 0x3, 0x7ff, 0x2, 0x8, 0x3, 0x0, 0x101, 0x200, 0x10000, 0x3, 0x4, 0x3, 0x1, 0x80, 0x6, 0x200, 0x0, 0x0, 0x5da2, 0x5, 0xff, 0x841, 0x3, 0x2, 0x5, 0x10001, 0x32, 0x60c9b4, 0xa5, 0x9, 0x2, 0x3, 0x2464, 0xdd, 0x2, 0x4, 0x8, 0x9, 0x4b6, 0x4, 0x8, 0x3, 0x0, 0x9, 0x100, 0x9, 0x8, 0x7, 0x0, 0x7ff, 0x2e23, 0x74, 0x19, 0x8, 0x0, 0x2b4b, 0x5, 0x2, 0x4, 0x10000, 0x0, 0xa, 0xe9f9, 0xedc, 0x400, 0x400, 0x7, 0x3, 0x1, 0x9, 0xd5de, 0x1ff, 0x7f, 0x65, 0x400, 0x1, 0xb21, 0x8001, 0x6, 0x2, 0xc, 0x2, 0x0, 0x1, 0x5, 0x3, 0x3, 0x3, 0xa, 0x8, 0x2, 0xe336, 0x5, 0x8000, 0x0, 0x81, 0x101, 0x2, 0x9a4e, 0x7, 0x6, 0x401, 0x7ff, 0x3b3d, 0x2, 0x40, 0x0, 0xffffffff, 0x6, 0xffffffff, 0x6, 0x3, 0x7e8a, 0xbd, 0x4, 0x0, 0x115, 0x44e, 0x0, 0x101, 0xd, 0xffffffff, 0x6, 0xe9e, 0x7, 0x9, 0x800, 0xfffffbc0, 0x8, 0x7, 0x8, 0x8b0, 0x400, 0x1, 0x0, 0x7, 0xae4, 0x200000, 0x368, 0x80, 0xf, 0x5, 0x9c3, 0x9, 0xfffffff7, 0x5000000, 0x81, 0x8, 0x0, 0x1, 0x1155416d, 0x100, 0x7f, 0x47b, 0x4, 0x9, 0xf, 0x9, 0x10001, 0xffffffff, 0x5, 0x389, 0x8001, 0x9, 0xfffffffb, 0x90, 0x4, 0x8, 0x380000, 0x0, 0xd0, 0x6bd, 0xff, 0x400, 0x80000001, 0x4, 0xc0de, 0x9, 0x9d94, 0x0, 0x8, 0x6, 0x68, 0x80000000, 0x400, 0x2, 0x80000001, 0xa, 0x2, 0x1, 0xfffffff7, 0x1ff, 0x48, 0x8, 0x80000000, 0xfffffff0, 0x1, 0xe, 0x1, 0xdd, 0x55, 0x0, 0x8, 0x3, 0x200020, 0x9, 0xb, 0x800, 0x10000, 0x101, 0x7ebf, 0x8, 0x0, 0x7, 0x80, 0x2, 0x40e, 0x7ff, 0x8, 0xfffffff1, 0x8, 0xaa, 0x10, 0x6dd9, 0x5, 0x6, 0x0, 0x9e1, 0x1, 0x4cf9, 0x0, 0xf4000000, 0xaa3, 0x8, 0x4, 0x835c, 0xff, 0xfffffffb, 0x7, 0x1, 0x7, 0xfffffff9, 0x8, 0x2, 0x3, 0x2, 0x80000001, 0x7, 0x8, 0xfffffffc, 0x7f, 0x4938, 0x3d8, 0x1ff, 0x3, 0xf, 0x1, 0xc1, 0x5, 0x8000, 0x5, 0x8, 0x9, 0x16dd, 0x7, 0xfffffff7, 0xc, 0xe, 0xfffffffe, 0x0, 0x1, 0x7fffffff, 0x101, 0xc15, 0x0, 0x9b, 0x9, 0x4, 0x7, 0x401, 0x4, 0x9789, 0x9, 0x3ff, 0x5, 0x7, 0xfffffffc, 0x69e, 0x10000, 0xd, 0x6, 0x1, 0x6, 0x3, 0x388, 0x6, 0x5, 0x0, 0x8, 0x401, 0x7, 0x0, 0x3, 0x6, 0x80, 0x6, 0x9, 0x7, 0x5, 0x0, 0x0, 0xffffffff, 0x4, 0x34c4, 0x3, 0xebc, 0x7, 0x6, 0x6, 0xf7, 0x4, 0x10001, 0x4, 0xa, 0x80000001, 0x7, 0x81, 0x1, 0xffff5fe3, 0x4, 0x1, 0xf, 0x8, 0x0, 0x2, 0x4, 0xf, 0x5, 0xf6aa, 0x1000, 0x2, 0xa, 0x7, 0xfff, 0xafb3, 0xd1da, 0x9, 0x80000001, 0x7, 0xa, 0x2, 0x6, 0x10000, 0xffffffff, 0x2, 0x2, 0x1, 0x9, 0xffff, 0x8, 0x4, 0x1, 0x48000, 0x9, 0x8, 0x3e5, 0x5, 0x5, 0x6, 0x5, 0xf, 0x1, 0x6, 0x5, 0x10001, 0x8, 0x4, 0x80, 0x536a, 0x0, 0x8, 0x7, 0x400005, 0x2, 0x0, 0x7, 0x81, 0x3, 0x0, 0x3, 0xfa, 0x7, 0x5, 0x8, 0x7, 0x1, 0x1, 0x8b8, 0x1, 0x7, 0xffff, 0x0, 0x7, 0x2, 0xffffff3c, 0x8, 0x71, 0x10001, 0xc6, 0x6, 0x0, 0x8, 0x6, 0xb47, 0xbf, 0x7f, 0xff, 0x3, 0xffff, 0x6, 0x7, 0x4, 0x2, 0x8, 0x2, 0x2, 0x7f24, 0x8, 0x7fffffff, 0x230a, 0x9, 0x2, 0x401, 0x1, 0x40, 0x96b, 0x8, 0x4, 0x8001, 0x7fffffff, 0x7f, 0x4b7, 0x400, 0xfffffffa, 0x4, 0x5, 0x3, 0x6, 0x6, 0x401, 0x4, 0x3, 0x0, 0x10001, 0x7fffffff, 0x6b1, 0x1, 0x3, 0x6, 0xf7, 0xffffffff, 0x0, 0x80, 0xfb9, 0x8, 0x4, 0x16, 0xff, 0x0, 0xfffffffe, 0x1c0, 0x8000, 0x3, 0xfff, 0x2, 0x9, 0x1, 0x8, 0x7, 0x10, 0x542, 0x7ff, 0x88, 0x0, 0x57, 0x4, 0x3ff, 0x2, 0x1, 0x800, 0x0, 0x23f, 0x3, 0x10, 0x28400, 0x6, 0x7, 0x2, 0x7fff, 0x100, 0x1ff, 0x34ff, 0x7, 0x5, 0x5, 0x1ff, 0xfffffeff, 0x240, 0x1000, 0x5, 0xfffffffa, 0x0, 0x8, 0xfffffff9, 0x9, 0x24000, 0x401, 0x9be, 0x1, 0x10000, 0x9, 0xda, 0x10000, 0x50000000, 0xc, 0x8, 0xfffffffd, 0x72a4, 0x10000, 0x350, 0x1000, 0x0, 0x9, 0x0, 0x9, 0x9, 0x6, 0x4, 0x2, 0x800, 0x80000000, 0x0, 0x3318, 0x7ff, 0x5, 0x2, 0x2, 0xf, 0x3ff, 0x10000, 0x10000, 0x2, 0x1, 0x3, 0x80, 0x800, 0xffffc909, 0xee5, 0x4, 0x80, 0x1ff, 0xca6a, 0x6a1cfe8e, 0x7fff, 0x5, 0x5, 0x5, 0xc28, 0x7, 0x7fff, 0x5, 0x5, 0x100, 0xc, 0x6, 0xc418, 0x80000001, 0x7, 0x2, 0x3, 0x333f, 0x7f, 0xfff, 0x5, 0x8, 0x3, 0x8, 0xffff, 0x7, 0x8, 0x0, 0xe, 0x295d7baa, 0x8, 0x7, 0xffffffff, 0x1, 0x3, 0x8, 0xfffffffb, 0x23d3, 0xfffffbff, 0x6, 0x101, 0x8, 0x7, 0xfff, 0x200, 0x8000, 0xee4, 0x0, 0xffff1622, 0x0, 0xffffffff, 0x8, 0xe55, 0x4, 0x1ff, 0x8, 0x4, 0x6, 0x2, 0x9, 0x6a8, 0x2, 0x4, 0x6, 0x88, 0x9, 0x7ff, 0x40000, 0x6, 0x101, 0xd, 0x2, 0x11, 0x3f, 0x40, 0xc, 0x10]}) read$FUSE(r1, 0x0, 0x0) (async) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r7 = dup(r6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r7, 0x0) (async, rerun: 32) ioctl$BLKZEROOUT(r7, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) (rerun: 32) 6m39.771828667s ago: executing program 2 (id=5765): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r3, 0x4080aea2, &(0x7f0000000180)={[0x1000, 0x6000, 0x0, 0xffff1000], 0x3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x4b564d07, 0x0, 0x5}]}) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) r10 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$int_out(r11, 0x2a32, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r10, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r12, 0x0}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) dup(0xffffffffffffffff) r14 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r14, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x5, 0x1000, 0x4, 0x2}}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r7, 0xc01864b0, &(0x7f0000000080)={r9, r13}) r15 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x9, 0x2) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r15, 0xc1004111, &(0x7f0000000080)={0x39f2, [0x6, 0x8, 0x7], [{0xb, 0x2, 0x1, 0x0, 0x1, 0x1}, {0x80000001, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x8, 0x7f, 0x1, 0x1}, {0x9, 0x1, 0x1, 0x1, 0x1}, {0x8, 0x3, 0x0, 0x1, 0x0, 0x1}, {0xc, 0x3, 0x0, 0x0, 0x1}, {0x3, 0x581d, 0x0, 0x0, 0x1, 0x1}, {0x1, 0x7, 0x1, 0x1}, {0x5, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x7, 0x0, 0x1, 0x0, 0x1}, {0x7, 0x3, 0x1, 0x1, 0x1}, {0x5, 0x3, 0x1, 0x0, 0x1}], 0xb926}) read(r0, &(0x7f00000001c0)=""/157, 0x9d) 6m36.956070108s ago: executing program 33 (id=5655): r0 = syz_open_dev$media(&(0x7f00000000c0), 0x1, 0x20000) ioctl$MEDIA_IOC_REQUEST_ALLOC(r0, 0x80047c05, &(0x7f0000000040)=0xffffffffffffffff) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) read$dsp(r2, &(0x7f00000000c0)=""/108, 0x6c) (async) r3 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x109801, 0x0) write$dsp(r3, &(0x7f0000002000)='`', 0x88020) ioctl$MEDIA_REQUEST_IOC_REINIT(r1, 0x541b, 0x0) (async) r4 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r4, 0x7dfff000) r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380)=[0x0], 0x0, 0x0, 0x0, 0x1}) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f00000014c0)={&(0x7f00000013c0)=[0x0], &(0x7f0000001400)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001440)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001480)=[0x0], 0x1, 0x9, 0x6, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r6, 0xc05064a7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8}) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000001500)={0x2, 0x75, "91a983103f480cd0e7b2363c9b4828f09f4f24d4c390fe86176a1ed46e55710933151a8f0fbb082096283cf6fdee841e2b141540c0ece727cc6446595f5cb9397f60d9c4496d94de7a6cf891b5cf4aade2cbc92a366a81bf29ee8c86a010e42f7f39de6218eb56ac61f72efab09cc7525089c4bff4"}) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(0xffffffffffffffff, 0xc02064b9, &(0x7f0000001180)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001140)=[0x0], 0xb}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f0000001200)={&(0x7f00000011c0)=[0x0, 0x0], 0x2}) (async) r11 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001700), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r11, 0xc0285700, &(0x7f0000000040)={0xa1b, "c7080000000000000009a0721972dd40cb00000000000800"}) (async) r12 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async, rerun: 64) close(r11) (async, rerun: 64) r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) write$cgroup_devices(r13, &(0x7f0000000200)=ANY=[@ANYBLOB="1e0308003c5c980128876360864668f82ffdd569d2f630b5e033ff11edf1c5ffc733d2acb165fe588cd568cd1f31b87b68b00ad888a8"], 0xffdd) (async) read$ptp(r12, &(0x7f00000000c0)=""/8, 0x8) (async) ioctl$DRM_IOCTL_MODE_GET_LEASE(r12, 0xc01064c8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)}) r14 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(r14, 0xc0505405, &(0x7f0000000000)={{0x3}, 0x0, 0x0, 'id0\x00', 'timer0\x00'}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000001300)={&(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0], 0x4}) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r5, 0xc01864c6, &(0x7f0000001380)={&(0x7f0000001340)=[r7, r9, r10, 0x0, r15], 0x5}) 6m24.671980827s ago: executing program 34 (id=5765): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8600, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_DEBUGREGS(r3, 0x4080aea2, &(0x7f0000000180)={[0x1000, 0x6000, 0x0, 0xffff1000], 0x3}) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r6, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000280)={0x1, 0x0, [{0x4b564d07, 0x0, 0x5}]}) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000700)={0x0, &(0x7f0000000640)=[0x0], 0x0, 0x0, 0x0, 0x1}) r10 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) r11 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$int_out(r11, 0x2a32, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r10, 0xc06864a1, &(0x7f0000000440)={0x0, 0x0, r12, 0x0}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) dup(0xffffffffffffffff) r14 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0) ioctl$VIDIOC_S_SELECTION(r14, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x5, 0x1000, 0x4, 0x2}}) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r7, 0xc01864b0, &(0x7f0000000080)={r9, r13}) r15 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x9, 0x2) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r15, 0xc1004111, &(0x7f0000000080)={0x39f2, [0x6, 0x8, 0x7], [{0xb, 0x2, 0x1, 0x0, 0x1, 0x1}, {0x80000001, 0x9, 0x0, 0x0, 0x1, 0x1}, {0x8, 0x7f, 0x1, 0x1}, {0x9, 0x1, 0x1, 0x1, 0x1}, {0x8, 0x3, 0x0, 0x1, 0x0, 0x1}, {0xc, 0x3, 0x0, 0x0, 0x1}, {0x3, 0x581d, 0x0, 0x0, 0x1, 0x1}, {0x1, 0x7, 0x1, 0x1}, {0x5, 0x3, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x7, 0x0, 0x1, 0x0, 0x1}, {0x7, 0x3, 0x1, 0x1, 0x1}, {0x5, 0x3, 0x1, 0x0, 0x1}], 0xb926}) read(r0, &(0x7f00000001c0)=""/157, 0x9d) 38.549195035s ago: executing program 6 (id=8347): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, &(0x7f0000000200)={'\x00', 0x1}) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r4, &(0x7f0000002f80)={0xa0, 0x0, r5, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r6, r7, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2000000002, 0x2, 0x6, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x9, 0xe, 0xb000, 0x7, r6, 0x0, 0x1, 0x3ffffff}}, {0x0, 0x1c}}}, 0xa0) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0) ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000280)=0x4) ioctl$PPPIOCSMRU1(r8, 0x40047452, 0x0) r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x1) ioctl$TIOCVHANGUP(r9, 0x5437, 0x0) read$FUSE(r3, 0x0, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r11 = dup(r10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0) ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 22.889168819s ago: executing program 4 (id=8416): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_GUEST_MEMFD(r1, 0xc040aed4, &(0x7f00000001c0)={0x1fe0000, 0x7}) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async, rerun: 32) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) (rerun: 32) r4 = dup(r3) write$UHID_INPUT(r4, &(0x7f0000001040)={0x18, {"a2e3ad21ed6b52f99cfbf4c087f74f9b36096eff7fc6e5539b9b18098b9b4a1b2552091b080d29428f0e1ac6e7049b3468959b189a242a9b3ff3988f7ef319520100ffe8d178708c523c921b1b25380a169b63d336cd3b78130daa61d8e81aea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f309f4cff7738596ecae8707ce065cd5b91cd0ae193973735b36d5b1b63e91c00300300000000000000b1dda98e2d749be7bd1d020000000000000075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecd03aded6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801000000005b6bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27afc953854a642c57519544ae15a7e454dea05918b412435111c8f11baa500a3621c56cea8d20ff911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269caf12c31357c8219793e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a687974e7b4ab01b7f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a60560a22f1fca567e65d5e880572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5120000008213b704c7fb082ff27590678ef9f190bae979babc7041d860420c5664ba7921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da3710ac000000001a527777a5371f87d0d4aa202fd28f28381aab144a5d429a04a689b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2f05dd3318271a1f5f8528f227e79c1388dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eefc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f103000000416d59fdee5325928974d12dad99dac44c3f0008047096a44060bebc2420aed92fa9b6578b4779415d97b9a6d601005c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac292d9e53803ed000000009737d214060005ea6f1783e287b3bee96e3a7288afe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f48fe4eae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df34959eaef6572e1e007fa55a2999f596d0673f586749b25f5a448427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf02b98a269b891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efedfd71af9444e197f47e866101496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441984cb51682a8ae4d24ad0465f3927f889b09114edb8e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615f7084a607a7eceb6243378e0610060f02cca4051c2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c4e15a7b6eb65ca8104e1b4da1fbb67ab2fc043aead87c32ab875ee7c2e7b7019c902cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe529003d1802d5676d95f160ec97b1ad948741b2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd73643de50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c1023bf70cc77737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f236c6b9990ae71806f2c00b4025c48b75c0f73c497579773767075428067e7f16f4dde374f8211fef42cb468e623daf60b3569d462f4f19eacdb3ed70eeebb4483f070077d443e8b40426db6fe29068c0ca3d3414442e863a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae44369ddb4581c55925d0f6f1ba471eba281f259152f85e654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b405177548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd84e935e00785ec27e923911fab964c271556527697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9ddbfb96d6144345f48843dd014e5c5ad8fe995754bd9cf32fce1e7027132f2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5336651b1b9bd522d60399473296b831dbd933d93994ba30b4279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee29165895ac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463181f4b87c10772d2b13f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76d57227edff2de20a4b8e3737fbb42913777c06376f799ecb767d6f84fad6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b30f0b932a4d02da711b757fe43c06d21e759595e4e98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d0000010000000000fcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a10010549820a73c8839475f732ae00398e4bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cb0b3e35cb80dd349e891aef595dc4d080e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c60edddab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec014508e5247d33ae6c962d35603ff8454c16f8342856935125102bb784ed704887071f3d998efdd9923c954ab6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6ff7ffb1d62458d0741a12830052fcc460db043afe525629b40d7cee65802cb5e930ed624806c43a006dc9336d07c2b8081c188d26558f48261f7897084c2a1a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da3932ba5c04c24a560ad80a3ce654578376e599aff3565b1d531f30912b99e6619ebe93cc0b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c0ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e6491953264c7b34252600c9654e502dcea39cb0800eb69992e234b4ca7db2f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc640df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c6000204b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff9576abc9ede7885d94ff1aa7082ead01a9b03c37b0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058093fef86faec216eb6992162f8dcbf6c9c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x20200, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_CREATE_PIT2(r6, 0x4188aec6, &(0x7f0000000040)) (async) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$TCFLSH(r2, 0x4b63, 0x3) (async) r8 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r8, &(0x7f0000000100)=""/159, 0xfffffe5a) (async, rerun: 32) r9 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (rerun: 32) read$FUSE(r9, &(0x7f00000045c0)={0x2020}, 0x2020) (async) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r10, 0x0) (async) mmap(&(0x7f00002d8000/0x3000)=nil, 0x3000, 0x0, 0x10, r9, 0x661ee000) (async, rerun: 32) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000040000) (rerun: 32) 20.747987067s ago: executing program 4 (id=8421): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0x345}]}) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3, 0x12, r1, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 19.887709986s ago: executing program 4 (id=8426): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x13, r1, 0x20aab000) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 19.821575893s ago: executing program 6 (id=8347): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r2, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125b2ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb03bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2033aae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b85b7b26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1111c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c669bb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b2967cbfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d6748c2ce5bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4658098549646bd63175adf77b5cdcf102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4baea02fa76fb4830aebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f8426a9049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21abfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e0068607000000fb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9fb4000000f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002afea6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b46e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae66444a8f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0xdd52d6c}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r2, 0x0) ioctl$PTP_PIN_SETFUNC2(r1, 0x40603d10, &(0x7f0000000200)={'\x00', 0x1}) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) r4 = openat$cuse(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000400)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_CREATE_OPEN(r4, &(0x7f0000002f80)={0xa0, 0x0, r5, {{0x2, 0x2, 0x6, 0x4, 0x7, 0x7, {0x1, 0xe, 0x100, 0x7b, 0xf, 0x400, 0x3, 0x6, 0x8, 0x8000, 0x10001, r6, r7, 0x9, 0x8}}, {0x0, 0x1d}}}, 0xa0) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2000000002, 0x2, 0x6, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x9, 0xe, 0xb000, 0x7, r6, 0x0, 0x1, 0x3ffffff}}, {0x0, 0x1c}}}, 0xa0) r8 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x80200, 0x0) ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000280)=0x4) ioctl$PPPIOCSMRU1(r8, 0x40047452, 0x0) r9 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r9, 0x5423, &(0x7f0000000040)=0x1) ioctl$TIOCVHANGUP(r9, 0x5437, 0x0) read$FUSE(r3, 0x0, 0x0) r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r11 = dup(r10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r11, 0x0) ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 19.590956627s ago: executing program 1 (id=8427): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x111480, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000000)={0xf7, "e791d0e295e967cc36ac6d75ba0eea0c11d1bfbb1ce8078af56f6086f7abeb462b0c71da08bc33eb6d1700d483eaf44646ddf39ae666d0b61f3bff3a224eda9e393007d691963ec217a236d550d6b4b2f9ff6ff1eb2aa2b4836c5ee0d079f52d32aa6f358cfaa916f68f10e6243c36c7d136a55f185910707177ac9f30213da59225d6c2faa616b890506189debee7d8fc6a1ce9e3fa251c99926fcbfab5e18656b0f957c7f2d9152eb4a557cfeb259063a482f629c0cdc00f2947c1471f2d97c3e11b9954b56c6d8c1bc8d7f99a9d8bb7f3d96414783bad5a0af3988407e4830e165894ba178f96a9396bbf92557a69b5ec2be01f92efeecf1ee3e1928fbf44dc257c47f497c4a55880d6d99234e60bf865a8f870a5c139856e502e2d374c3d3a911fb569580a31896a182bd9feeb8e3603b2cda727b390e04c62ae8fb74cfb10b53b765b826529749567fb11f64d2fe6474e6d7b3784058f858e9edc307cc5b0514e50e3d3435bd46594ca45daffae1a5eddf7f7810e5f647d4cf95ff8dbe9a1bf82f42fea28a1d5be78c2f9fc8d1bc8045c4c9556ff2f043028a24181fb2fedf2066ba255c5fca3dfe957f6163e8f99c9259a4d454fb5858d564e809844ed3699b7d46a464fcd5d0d252ce660496f0787b5d297afcc24e30d7ba1e73eb2366732f3576c9df51d82d0aab202235c3c823c8f875fff3f437836251066b1f911"}) r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f00000001c0)) read$dsp(r2, &(0x7f0000000200)=""/168, 0xa8) read$dsp(r2, &(0x7f0000000080)=""/12, 0xc) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r3, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 19.349247924s ago: executing program 4 (id=8428): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$IOMMU_HWPT_INVALIDATE$TEST(r4, 0x3b8d, &(0x7f0000000200)={0x20, 0x0, 0x0}) ioctl$KVM_SET_MSRS(r3, 0xc008aeba, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) 19.303166506s ago: executing program 6 (id=8429): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000011c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r1, 0x3b82, &(0x7f00000000c0)={0x18, r2, 0x2, 0x0, &(0x7f0000000080)=[{0x1000000010001, 0x8000000000dbb}, {0x5, 0x9}]}) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r3 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r3, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0xfffffffffffffffb, 0x2, 0x0, 0x5, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0x2000, 0x7, 0x0, 0x0, 0x1, 0x7}}, {0x0, 0x1c}}}, 0xa0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = syz_open_dev$video(0x0, 0x75, 0x0) ioctl$VIDIOC_S_AUDIO(r7, 0x40345622, &(0x7f0000000200)={0x0, "984847ff53bf9afe00000000000000e2b271edcb346b6d805821fe2c51842bdc", 0x3, 0x1}) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000002, 0x0, 0x20, 0x0, 0x0, 0x2004cc, 0x8000002, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x8, 0x4000000000000004, 0x767], 0xeeef0000}) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) r8 = syz_open_dev$tty1(0xc, 0x4, 0x1) r9 = dup(r8) read$usbfs(r9, &(0x7f0000000000)=""/161, 0xa1) ioctl$TCSETS(r8, 0x5402, &(0x7f0000010400)={0x2, 0x614, 0x7, 0xffffffff, 0x9, "972c700500141000000000002000052c707400"}) ioctl$TIOCSTI(r9, 0x5412, &(0x7f00000000c0)) r10 = syz_open_dev$dri(&(0x7f0000000100), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r10, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000280)={0x0, 0x0, r11, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r10, 0xc06864a2, &(0x7f00000008c0)={0x0, 0x0, r11, r12, 0x1, 0x2, 0x0, 0x7, {0x0, 0x0, 0x0, 0x0, 0x8, 0x9, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, "d20bddda7de75aec79ff000000001000000900"}}) read$FUSE(r3, 0x0, 0x0) r13 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup(r13) 18.735647832s ago: executing program 1 (id=8430): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, &(0x7f0000000040)) r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0), 0x20242, 0x0) ioctl$BLKIOOPT(r2, 0x1279, &(0x7f0000000100)) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x10, r1, 0x89e55000) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000180)={0xffffffffffffffff}, 0x106, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000200)={0xe, 0x18, 0xfa00, @id_afonly={&(0x7f0000000140)=0x1, r3, 0x0, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r2, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f0000000240), r3}}, 0x18) write$USERIO_CMD_REGISTER(r2, &(0x7f00000002c0)={0x0, 0x5}, 0x2) ioctl$DRM_IOCTL_AGP_ALLOC(r2, 0xc0206434, &(0x7f0000000300)={0x3, 0x0, 0x10001}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000000340)={0x2, r4}) write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f0000000380)={0x7, 0x8, 0xfa00, {r3, 0x1000}}, 0x10) ioctl$F2FS_IOC_GARBAGE_COLLECT(r1, 0x4004f506, &(0x7f00000003c0)) close(r2) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000400)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff, 0xee00}}, './file0\x00'}) ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000440)={0x1, 0x0, {}, {r6}, 0x7, 0x7fffffffffffffff}) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r5, 0x40089413, &(0x7f0000000480)=0x3) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r5, 0xc1004111, &(0x7f00000004c0)={0x6, [0x7, 0x4, 0x3], [{0x6, 0x1, 0x0, 0x0, 0x1, 0x1}, {0x8, 0x10000, 0x1, 0x0, 0x1}, {0x7f, 0x14, 0x0, 0x0, 0x1}, {0x10000, 0x7f, 0x1, 0x0, 0x1, 0x1}, {0xfff, 0xfffffffc, 0x0, 0x1}, {0xfff, 0x200, 0x1, 0x1, 0x1, 0x1}, {0x0, 0x6, 0x1}, {0x2, 0xce5, 0x0, 0x0, 0x1}, {0x2, 0xc, 0x1, 0x1, 0x1, 0x1}, {0x7fffffff, 0x401, 0x0, 0x1, 0x1}, {0x6, 0x800, 0x0, 0x1}, {0x6, 0x6, 0x0, 0x1, 0x1}], 0x4}) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f00000005c0)=""/238) syz_open_dev$vim2m(&(0x7f00000006c0), 0x7, 0x2) syz_open_dev$video(&(0x7f0000000700), 0x3c4, 0x2441) write$RDMA_USER_CM_CMD_GET_EVENT(r2, &(0x7f00000008c0)={0xc, 0x8, 0xfa00, {&(0x7f0000000740)}}, 0x10) write$USERIO_CMD_SEND_INTERRUPT(r5, &(0x7f0000000900)={0x2, 0xb}, 0x2) write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000940)={0x2, 0x2}, 0x2) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000000980)={0x6}) ioctl$SNDRV_TIMER_IOCTL_STOP(r5, 0x54a1) ioctl$DRM_IOCTL_AGP_BIND(r5, 0x40106436, &(0x7f00000009c0)={r4, 0x7f}) ioctl$VIDIOC_QUERY_EXT_CTRL(r5, 0xc0e85667, &(0x7f0000000a00)={0x40000000, 0x7, "40ddd3e6219c927e55a7448aa41672a8cad02c98fc2e4df40557db8298375461", 0x1, 0xbac, 0x80, 0x7, 0x7fffffff, 0xff, 0x3, 0x5, [0x1, 0x9, 0x0, 0x4]}) ioctl$SNDRV_PCM_IOCTL_FORWARD(r2, 0x40084149, &(0x7f0000000b00)=0xbec) 18.647702221s ago: executing program 5 (id=8431): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1, {0xffffffffffffffff}}, './file0\x00'}) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x9, 0x101, 0x7, 0xe, 0x9000, 0x7, r2, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r4, 0x0) ioctl$BLKZEROOUT(r4, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 18.542786542s ago: executing program 6 (id=8432): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) ioctl$KVM_CAP_HYPERV_VP_INDEX(r0, 0x4068aea3, &(0x7f0000000080)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) write$cgroup_int(r0, &(0x7f0000000040)=0x900, 0x12) 18.343962452s ago: executing program 6 (id=8433): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000) 18.330078993s ago: executing program 5 (id=8434): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0xc80, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x880, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x3, 0x6, 0x1, 0x101, 0x9, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = dup(0xffffffffffffffff) r3 = dup(0xffffffffffffffff) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x8142, 0x0) r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r6 = openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder-control\x00', 0x2, 0x0) ioctl$BINDER_CTL_ADD(r6, 0xc1086201, &(0x7f0000000f00)={'binder0\x00'}) ioctl$BLKRRPART(r4, 0x125f, 0x0) ioctl$SG_NEXT_CMD_LEN(r5, 0x2284, &(0x7f0000000000)) ioctl$SG_GET_COMMAND_Q(r2, 0x2270, &(0x7f0000000280)) r7 = dup(r4) write$vhost_msg(r7, 0x0, 0x0) r8 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000001c0), 0x640100, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r2, 0xc0189378, &(0x7f0000000200)={{0x1, 0x1, 0x18, r2, {r3}}, './file0\x00'}) mmap(&(0x7f00001d9000/0x3000)=nil, 0x3000, 0x1000004, 0x10, r9, 0x13e1f000) r10 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r10, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f911, 0x8000, '\x00', @string=&(0x7f00000000c0)}}) write$rfkill(r8, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r2, 0x0) ioctl$HDIO_GETGEO(r4, 0x301, &(0x7f0000000240)) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f00000003c0)={0x8, 0x3235}) 18.276967225s ago: executing program 6 (id=8435): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nci(r1, &(0x7f0000000080)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x5, "420bf9805f7d5785da2eccb747fba0f75e2c546fbf51ec4176943c32fde2f05ad5572cfd439e43b42a9d69b0d5dfd46c3230ba3ebae53cc742df5460332ab83b803f031b28129a72dcdf859e76b580a524c3f4a7ada6a788f36e437cc861233941a7dd70e9b973448c7d4e1c5b4f6e8770e7ee5035488ff212d0"}, 0x7d) (async) write$nci(r1, &(0x7f0000000080)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x5, "420bf9805f7d5785da2eccb747fba0f75e2c546fbf51ec4176943c32fde2f05ad5572cfd439e43b42a9d69b0d5dfd46c3230ba3ebae53cc742df5460332ab83b803f031b28129a72dcdf859e76b580a524c3f4a7ada6a788f36e437cc861233941a7dd70e9b973448c7d4e1c5b4f6e8770e7ee5035488ff212d0"}, 0x7d) write$ppp(r0, &(0x7f0000000100)="a84143fe674cfb3fdc4a609de81213e40f31a3a60d02daf7795266660ecf2122ab5ffaadfc2d80d636ba98ac0d5e99f72ca9c17bc689540b9dc467baad44ca61fd82a3722c74a6a9a8d5836993", 0x4d) (async) write$ppp(r0, &(0x7f0000000100)="a84143fe674cfb3fdc4a609de81213e40f31a3a60d02daf7795266660ecf2122ab5ffaadfc2d80d636ba98ac0d5e99f72ca9c17bc689540b9dc467baad44ca61fd82a3722c74a6a9a8d5836993", 0x4d) close(r0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x100010, r4, 0x33df6000) pwritev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)}], 0x1, 0x80000001, 0x2) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280), 0x2200, 0x0) write$vga_arbiter(r5, &(0x7f00000002c0), 0xf) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000340)={0x2020}, 0x2020) (async) read$FUSE(r4, &(0x7f0000000340)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000043c0)={{0x1, 0x1, 0x18, r3, {0xee00, 0x0}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) write$FUSE_ENTRY(r6, &(0x7f0000004c00)={0x90, 0x0, r7, {0x3, 0x0, 0x1, 0xe, 0x10000, 0xf, {0x3, 0x5, 0xa, 0x8, 0x800000000, 0x7, 0x8, 0x4, 0x83, 0xc000, 0x1, r8, r10, 0x80}}}, 0x90) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r9, 0xc00c642d, &(0x7f0000004cc0)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_UNIQUE(r11, 0xc0106401, &(0x7f0000004d80)={0x79, &(0x7f0000004d00)=""/121}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000004dc0)={'bridge_slave_1\x00', 0x8000}) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000004e00)={0x1, 0x27b503e}) (async) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000004e00)={0x1, 0x27b503e}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000004e80)={0x7, &(0x7f0000004e40)=[{0x3ff, 0x25, 0x7}, {0x0, 0x6, 0xff, 0x6}, {0x9, 0x76, 0x9, 0x4}, {0x9, 0x4, 0x9, 0x7f}, {0x0, 0x3, 0x9e, 0xbc}, {0x3, 0x1, 0x6, 0xf7}, {0x870e, 0x7, 0x6}]}) ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000004f00)={0x3, &(0x7f0000004ec0)=[{0x8000, 0x8, 0x5, 0x1}, {0xd, 0x80, 0x2, 0xfffffffe}, {0x36a5, 0x0, 0x80}]}) (async) ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000004f00)={0x3, &(0x7f0000004ec0)=[{0x8000, 0x8, 0x5, 0x1}, {0xd, 0x80, 0x2, 0xfffffffe}, {0x36a5, 0x0, 0x80}]}) ioctl$DRM_IOCTL_GEM_OPEN(r9, 0xc010640b, &(0x7f0000004f40)) (async) ioctl$DRM_IOCTL_GEM_OPEN(r9, 0xc010640b, &(0x7f0000004f40)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r11, 0xc008640a, &(0x7f0000004f80)={r12}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000005000)={&(0x7f0000004fc0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) (async) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000005000)={&(0x7f0000004fc0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000005080)={0x0, 0x7, 0x4, 0x8, 0x0, [], [0x5, 0x1, 0x6, 0xb5b], [0x9, 0xfffff801, 0x7fffffff, 0x6], [0x9, 0x7, 0x4, 0x1]}) (async) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000005080)={0x0, 0x7, 0x4, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0], [0x5, 0x1, 0x6, 0xb5b], [0x9, 0xfffff801, 0x7fffffff, 0x6], [0x9, 0x7, 0x4, 0x1]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r11, 0xc06864b8, &(0x7f0000005100)={r13, 0x7, 0x3, 0xd02, 0x2, [r12, r12, r14, r12], [0x2, 0x10000, 0x6, 0x2], [0x0, 0x2, 0x0, 0x4], [0xfffffffffffffffe, 0x7, 0x1, 0x9]}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000005180)={[0x7b47, 0x5, 0x35, 0x3, 0x0, 0x7, 0x4, 0xa8, 0x80000001, 0x4, 0x6, 0x100, 0x9, 0x8, 0x7, 0x2], 0x8000000, 0x200}) 18.199479388s ago: executing program 1 (id=8436): openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28012, r1, 0x0) mmap(&(0x7f00009c5000/0x1000)=nil, 0x1000, 0x3, 0x28012, r1, 0x0) mmap(&(0x7f0000551000/0x2000)=nil, 0x2000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000ae0000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r2 = dup(0xffffffffffffffff) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x8000, 0x0) close(r2) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000000)={0xc, 0x0, 0x0}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f0000000440)={0x48, 0x1, r4, 0x0, 0x94, 0x8000000}) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x20a040, 0x0) ioctl$TCSETSW2(r5, 0x5433, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000500)={0x28, 0x6, r4, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000, 0x80000001}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000180)={0x48, 0x2, r4}) 17.895783162s ago: executing program 1 (id=8437): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x1, @pix_mp={0x0, 0x0, 0x35315241, 0x9}}) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r3 = syz_open_dev$tty20(0xc, 0x4, 0x1) read(r3, &(0x7f0000000100)=""/27, 0x1b) r4 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000002280)=0x8) dup(r2) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000fdff8f"]) ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000005c0)) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r7, 0x0) r8 = syz_open_dev$tty20(0xc, 0x4, 0x1) r9 = dup(r8) ioctl$TCSETAF(r9, 0x5408, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xe, 0x0, "fffffffffffffff7"}) ioctl$TIOCSTI(r9, 0x5412, &(0x7f0000000100)=0xff) r10 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r11 = openat$vcs(0xffffffffffffff9c, &(0x7f0000002200), 0x2, 0x0) r12 = syz_open_dev$ndb(&(0x7f0000000580), 0x0, 0x0) ioctl$BLKFRASET(r12, 0x1264, 0x0) ioctl$BLKZEROOUT(r11, 0x127f, &(0x7f0000002240)={0xb2, 0x4}) ioctl$SNDRV_SEQ_IOCTL_GET_PORT_INFO(r10, 0xc0a85320, &(0x7f0000000100)) read$FUSE(r9, &(0x7f00000001c0)={0x2020}, 0x2020) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 17.697242204s ago: executing program 5 (id=8438): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f00000001c0)=""/153, 0x99) syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x0) (async) r1 = syz_open_dev$amidi(&(0x7f0000000140), 0x2, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) (async) r2 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) (async) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0xfffffd52, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR2(r2, 0xc02464bb, &(0x7f0000000100)={0x1, r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x541b, 0x0) (async) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r1, 0x541b, 0x0) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r5 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r5, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bc, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x2003}}, {0x0, 0x1c}}}, 0xa0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) (async) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KDFONTOP_SET(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x4, 0x0, 0x11, 0x10, 0x100, 0x0}) syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) (async) r7 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0) ioctl$I2C_SMBUS(r7, 0x720, &(0x7f00000000c0)={0x1, 0x0, 0x3, &(0x7f0000000080)={0x0, "cbc19de8d51fc1a057020ccfd3da422ceb02449515512b2bde3ea4bdb44a7af50b"}}) r8 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = dup(r9) ioctl$KVM_SET_MSRS(r10, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYRES8=r10]) r11 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r5, 0xc05c6104, &(0x7f0000000100)={"80e74cc5", 0x1, 0x3, 0x4, 0xe75d, 0x8, "9b2487ede3e5755f55b3b8a0739cfb", "2bea55a4", "b0c61774", "51c52747", ["a6cf06e56ad69b1bbfaae823", "d85facdf887371542862a16d", "c209be3ab28a16d7df32b339", "28702d9fd29361800ef01039"]}) dup(r11) (async) r12 = dup(r11) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r12, 0x0) ioctl$BLKZEROOUT(r12, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 17.373552813s ago: executing program 5 (id=8439): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x10, 0xffffffffffffffff, 0x1000000000000000) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) 17.175736457s ago: executing program 4 (id=8440): write$FUSE_STATFS(0xffffffffffffffff, &(0x7f0000000100)={0x60, 0xfffffffffffffff5, 0x0, {{0x40, 0xff, 0x679, 0xfffffffffffffffb, 0x3, 0x8, 0x3, 0x26}}}, 0x60) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0xfffffffffffffffd, 0x0, 0x10000, 0x0, 0x4002004c4, 0xfff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xffffffffffffffff], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x39b, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r3, 0xc0585605, &(0x7f0000000180)={0x0, 0x0, {0x0, 0x0, 0x3001, 0x1}}) openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002) r5 = dup(r4) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) r7 = syz_open_dev$video(&(0x7f0000000580), 0x7, 0x0) ioctl$VIDIOC_TRY_EXT_CTRLS(r7, 0xc0205647, &(0x7f0000000100)={0x980000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x980913, 0x0, '\x00', @p_u8=0x0}}) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r10, 0x4008ae89, &(0x7f0000000180)={0x1, 0x0, [{0x187, 0x0, 0xfff}]}) dup(r7) ioctl$TIOCNXCL(r6, 0x540d) write$UHID_DESTROY(r5, &(0x7f0000000080), 0x20) r11 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0) r12 = openat$cgroup_ro(r11, &(0x7f0000000300)='freezer.state\x00', 0x275a, 0x0) write$cgroup_subtree(r12, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000000c0)={0x7234, 0x401, 0x1, 'queue0\x00', 0x100}) ioctl$BLKRASET(r11, 0x1262, &(0x7f0000000000)=0x9) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r12, 0x0) write$cgroup_int(r11, &(0x7f0000000200)=0x2ff, 0x12) 16.828421536s ago: executing program 1 (id=8441): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000300)={0xa0, 0x0, 0x0, {{0x2, 0x2, 0x0, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r3, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\t']) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r5 = dup(r4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r5, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4008ae93, &(0x7f0000000540)=0xeeee0000) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) preadv(r7, &(0x7f0000000400)=[{&(0x7f0000000240)=""/6, 0x6}], 0x1, 0x40001, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x1) ioctl$KVM_RUN(r10, 0xae80, 0x0) r11 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$VIDIOC_STREAMOFF(r1, 0x40045613, &(0x7f00000002c0)=0x3) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r11, 0xae80, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x0) ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f0000000000)={0x6000, 0x9}) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f00000003c0)={0x15, 0x110, 0xfa00, {r12, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x4e23, 0x2, @dev={0xfe, 0x80, '\x00', 0x32}, 0x7}, @in={0x2, 0x4e22, @remote}}}, 0x118) 16.763028244s ago: executing program 5 (id=8442): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) (async, rerun: 32) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) (rerun: 32) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) (async) read$FUSE(r1, 0x0, 0x0) (async) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) (async) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) (async) r5 = openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) (async) ioctl$KVM_GET_FPU(r5, 0x81a0ae8c, &(0x7f00000003c0)) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x6000, 0x80600}) 16.403886924s ago: executing program 4 (id=8443): syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x3, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x2, 0xfffffffffffffffe, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f00000003c0)={0x0, 0x0, {0x0, @struct}}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40800, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x4, 0x80600}) 15.61759763s ago: executing program 1 (id=8444): r0 = syz_open_dev$evdev(&(0x7f00000003c0), 0x5d, 0x80) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x80084503, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000400), 0x1d7ac0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x0, r3, r2, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'}) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x41, &(0x7f0000000080)={0x0, 0x3, 0x1, 0xffff}, 0x8, 0x1, 0x0, 0x0, 0x3, 0xfffffffe, 0x0}) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r7, 0x6612) r9 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x302, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000380)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0], 0x4, 0x2, 0x1, 0x3}) r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r8, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r8}, './file0\x00'}) ioctl$BLKIOOPT(r11, 0x1279, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 15.149682138s ago: executing program 5 (id=8445): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x20) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x40}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000200)={0x800, 0x7, 0x2}) ioctl$KVM_CAP_X86_GUEST_MODE(r2, 0x4068aea3, &(0x7f0000000080)) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r7, 0xc06855c8, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x0, {}, {}, @rumble}, {0x0, 0x0, 0x0, {}, {}, @rumble}}) write(r6, &(0x7f0000000140)="f5", 0x5) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x4, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xd, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x8}}, {0x0, 0x1c}}}, 0xa0) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_DESTROY(r10, 0x405c5504) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r11, 0x3, 0x11, r9, 0x0) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@arm64={0x79, 0xb7, 0xf8, '\x00', 0x7}) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) 3.105796811s ago: executing program 35 (id=8435): r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x300, 0x0) r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$nci(r1, &(0x7f0000000080)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x5, "420bf9805f7d5785da2eccb747fba0f75e2c546fbf51ec4176943c32fde2f05ad5572cfd439e43b42a9d69b0d5dfd46c3230ba3ebae53cc742df5460332ab83b803f031b28129a72dcdf859e76b580a524c3f4a7ada6a788f36e437cc861233941a7dd70e9b973448c7d4e1c5b4f6e8770e7ee5035488ff212d0"}, 0x7d) (async) write$nci(r1, &(0x7f0000000080)=@NCI_GID_PROPRIETARY_RSP={0xf, 0x1, 0x2, 0x0, 0x5, "420bf9805f7d5785da2eccb747fba0f75e2c546fbf51ec4176943c32fde2f05ad5572cfd439e43b42a9d69b0d5dfd46c3230ba3ebae53cc742df5460332ab83b803f031b28129a72dcdf859e76b580a524c3f4a7ada6a788f36e437cc861233941a7dd70e9b973448c7d4e1c5b4f6e8770e7ee5035488ff212d0"}, 0x7d) write$ppp(r0, &(0x7f0000000100)="a84143fe674cfb3fdc4a609de81213e40f31a3a60d02daf7795266660ecf2122ab5ffaadfc2d80d636ba98ac0d5e99f72ca9c17bc689540b9dc467baad44ca61fd82a3722c74a6a9a8d5836993", 0x4d) (async) write$ppp(r0, &(0x7f0000000100)="a84143fe674cfb3fdc4a609de81213e40f31a3a60d02daf7795266660ecf2122ab5ffaadfc2d80d636ba98ac0d5e99f72ca9c17bc689540b9dc467baad44ca61fd82a3722c74a6a9a8d5836993", 0x4d) close(r0) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000180), 0x4000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) (async) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x100010, r4, 0x33df6000) pwritev(r2, &(0x7f0000000240)=[{&(0x7f0000000200)}], 0x1, 0x80000001, 0x2) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280), 0x2200, 0x0) write$vga_arbiter(r5, &(0x7f00000002c0), 0xf) r6 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) read$FUSE(r4, &(0x7f0000000340)={0x2020}, 0x2020) (async) read$FUSE(r4, &(0x7f0000000340)={0x2020, 0x0, 0x0}, 0x2020) read$FUSE(r0, &(0x7f0000002380)={0x2020, 0x0, 0x0, 0x0}, 0x2020) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000043c0)={{0x1, 0x1, 0x18, r3, {0xee00, 0x0}}, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00'}) write$FUSE_ENTRY(r6, &(0x7f0000004c00)={0x90, 0x0, r7, {0x3, 0x0, 0x1, 0xe, 0x10000, 0xf, {0x3, 0x5, 0xa, 0x8, 0x800000000, 0x7, 0x8, 0x4, 0x83, 0xc000, 0x1, r8, r10, 0x80}}}, 0x90) ioctl$KVM_RUN(r0, 0xae80, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r9, 0xc00c642d, &(0x7f0000004cc0)={0x0, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_UNIQUE(r11, 0xc0106401, &(0x7f0000004d80)={0x79, &(0x7f0000004d00)=""/121}) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000004dc0)={'bridge_slave_1\x00', 0x8000}) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000004e00)={0x1, 0x27b503e}) (async) ioctl$BLKZEROOUT(r2, 0x127f, &(0x7f0000004e00)={0x1, 0x27b503e}) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000004e80)={0x7, &(0x7f0000004e40)=[{0x3ff, 0x25, 0x7}, {0x0, 0x6, 0xff, 0x6}, {0x9, 0x76, 0x9, 0x4}, {0x9, 0x4, 0x9, 0x7f}, {0x0, 0x3, 0x9e, 0xbc}, {0x3, 0x1, 0x6, 0xf7}, {0x870e, 0x7, 0x6}]}) ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000004f00)={0x3, &(0x7f0000004ec0)=[{0x8000, 0x8, 0x5, 0x1}, {0xd, 0x80, 0x2, 0xfffffffe}, {0x36a5, 0x0, 0x80}]}) (async) ioctl$TUNATTACHFILTER(r9, 0x401054d5, &(0x7f0000004f00)={0x3, &(0x7f0000004ec0)=[{0x8000, 0x8, 0x5, 0x1}, {0xd, 0x80, 0x2, 0xfffffffe}, {0x36a5, 0x0, 0x80}]}) ioctl$DRM_IOCTL_GEM_OPEN(r9, 0xc010640b, &(0x7f0000004f40)) (async) ioctl$DRM_IOCTL_GEM_OPEN(r9, 0xc010640b, &(0x7f0000004f40)={0x0, 0x0}) ioctl$DRM_IOCTL_GEM_FLINK(r11, 0xc008640a, &(0x7f0000004f80)={r12}) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000005000)={&(0x7f0000004fc0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) (async) ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000005000)={&(0x7f0000004fc0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000005080)={0x0, 0x7, 0x4, 0x8, 0x0, [], [0x5, 0x1, 0x6, 0xb5b], [0x9, 0xfffff801, 0x7fffffff, 0x6], [0x9, 0x7, 0x4, 0x1]}) (async) ioctl$DRM_IOCTL_MODE_GETFB2(r11, 0xc06864ce, &(0x7f0000005080)={0x0, 0x7, 0x4, 0x8, 0x0, [0x0, 0x0, 0x0, 0x0], [0x5, 0x1, 0x6, 0xb5b], [0x9, 0xfffff801, 0x7fffffff, 0x6], [0x9, 0x7, 0x4, 0x1]}) ioctl$DRM_IOCTL_MODE_ADDFB2(r11, 0xc06864b8, &(0x7f0000005100)={r13, 0x7, 0x3, 0xd02, 0x2, [r12, r12, r14, r12], [0x2, 0x10000, 0x6, 0x2], [0x0, 0x2, 0x0, 0x4], [0xfffffffffffffffe, 0x7, 0x1, 0x9]}) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000005180)={[0x7b47, 0x5, 0x35, 0x3, 0x0, 0x7, 0x4, 0xa8, 0x80000001, 0x4, 0x6, 0x100, 0x9, 0x8, 0x7, 0x2], 0x8000000, 0x200}) 1.052269406s ago: executing program 36 (id=8443): syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x0) r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) ioctl$BLKOPENZONE(r0, 0x40101286, 0x0) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) write$FUSE_CREATE_OPEN(r1, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x3, 0x2, 0x2, 0x6bf, 0x8, 0x1, {0x6, 0x2, 0x2, 0xfffffffffffffffe, 0x6, 0x1, 0x101, 0x7, 0xe, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x3}}, {0x0, 0x1c}}}, 0xa0) read$FUSE(r1, 0x0, 0x0) ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f00000003c0)={0x0, 0x0, {0x0, @struct}}) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) r3 = dup(r2) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r4, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r3, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40800, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x801, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x202, 0x0) ioctl$BLKZEROOUT(r3, 0x127f, &(0x7f00000000c0)={0x4, 0x80600}) 31.532212ms ago: executing program 37 (id=8444): r0 = syz_open_dev$evdev(&(0x7f00000003c0), 0x5d, 0x80) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x80084503, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000400), 0x1d7ac0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r2, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$NONE(r1, 0x3b89, &(0x7f0000000180)={0x28, 0x0, r3, r2, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) ioctl$UI_DEV_SETUP(r5, 0x405c5503, &(0x7f00000001c0)={{}, 'syz1\x00'}) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r5, 0x5501, 0x0) ioctl$IOMMU_HWPT_ALLOC$TEST(r1, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r3, r4, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)}) r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x80006f, 0x81501) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000240)=@urb_type_control={0x2, {}, 0x0, 0x41, &(0x7f0000000080)={0x0, 0x3, 0x1, 0xffff}, 0x8, 0x1, 0x0, 0x0, 0x3, 0xfffffffe, 0x0}) r7 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) read(r7, &(0x7f0000000100)=""/159, 0xfffffe5a) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r7, 0x6612) r9 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x302, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r9, 0xc04064a0, &(0x7f0000000380)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0], &(0x7f0000000340)=[0x0, 0x0, 0x0], 0x4, 0x2, 0x1, 0x3}) r10 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_RUN(r10, 0xae80, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r8, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r8}, './file0\x00'}) ioctl$BLKIOOPT(r11, 0x1279, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) 0s ago: executing program 38 (id=8445): r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x20) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x40}}, './file0\x00'}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT(r3, 0x404c534a, &(0x7f0000000200)={0x800, 0x7, 0x2}) ioctl$KVM_CAP_X86_GUEST_MODE(r2, 0x4068aea3, &(0x7f0000000080)) read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r6 = syz_open_dev$vcsa(&(0x7f0000000380), 0x7b95b611, 0x802) r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r7, 0xc06855c8, &(0x7f0000000040)={0x0, 0x0, {0x0, 0x0, 0x0, {}, {}, @rumble}, {0x0, 0x0, 0x0, {}, {}, @rumble}}) write(r6, &(0x7f0000000140)="f5", 0x5) write$FUSE_CREATE_OPEN(r6, &(0x7f0000000300)={0xa0, 0xfffffffffffffffe, 0x0, {{0x2, 0x2, 0x2, 0x6bf, 0x4, 0x1, {0x6, 0x2, 0x100000001, 0x0, 0x6, 0x1, 0x101, 0x7, 0xd, 0xb000, 0x7, 0x0, 0x0, 0x1, 0x8}}, {0x0, 0x1c}}}, 0xa0) r8 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_DESTROY(r10, 0x405c5504) r11 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r5, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0x4000)=nil, r11, 0x3, 0x11, r9, 0x0) r12 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r13 = ioctl$KVM_CREATE_VCPU(r12, 0xae41, 0x0) ioctl$KVM_RUN(r13, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, &(0x7f0000000000)=@arm64={0x79, 0xb7, 0xf8, '\x00', 0x7}) ioctl$KVM_RUN(r13, 0xae80, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x6) kernel console output (not intermixed with test programs): 0/0x10 [ 850.216964][T13408] ? fs_reclaim_acquire+0x7d/0x100 [ 850.217000][T13408] should_fail_ex+0x414/0x560 [ 850.217034][T13408] should_failslab+0xa8/0x100 [ 850.217063][T13408] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 850.217091][T13408] ? dup_task_struct+0x52/0x860 [ 850.217128][T13408] dup_task_struct+0x52/0x860 [ 850.217153][T13408] ? lockdep_hardirqs_on+0x9c/0x150 [ 850.217190][T13408] copy_process+0x54b/0x3c00 [ 850.217247][T13408] ? __pfx_copy_process+0x10/0x10 [ 850.217286][T13408] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 850.217308][T13408] vhost_task_create+0x1c4/0x290 [ 850.217337][T13408] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 850.217360][T13408] ? __pfx_vhost_task_create+0x10/0x10 [ 850.217398][T13408] ? __pfx_vhost_task_fn+0x10/0x10 [ 850.217438][T13408] ? kasan_save_track+0x4f/0x80 [ 850.217458][T13408] ? kasan_save_track+0x3e/0x80 [ 850.217487][T13408] kvm_mmu_post_init_vm+0x147/0x2b0 [ 850.217514][T13408] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 850.217549][T13408] ? __mutex_trylock_common+0x153/0x260 [ 850.217579][T13408] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 850.217613][T13408] ? rcu_is_watching+0x15/0xb0 [ 850.217636][T13408] ? look_up_lock_class+0x74/0x170 [ 850.217659][T13408] ? register_lock_class+0x51/0x320 [ 850.217687][T13408] ? __lock_acquire+0xab9/0xd20 [ 850.217737][T13408] kvm_vcpu_ioctl+0x95c/0xe90 [ 850.217771][T13408] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 850.217795][T13408] ? __lock_acquire+0xab9/0xd20 [ 850.217847][T13408] ? __fget_files+0x2a/0x420 [ 850.217881][T13408] ? __fget_files+0x2a/0x420 [ 850.217911][T13408] ? __fget_files+0x3a0/0x420 [ 850.217941][T13408] ? __fget_files+0x2a/0x420 [ 850.217974][T13408] ? bpf_lsm_file_ioctl+0x9/0x20 [ 850.217997][T13408] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 850.218023][T13408] __se_sys_ioctl+0xfc/0x170 [ 850.218052][T13408] do_syscall_64+0xfa/0x3b0 [ 850.218072][T13408] ? lockdep_hardirqs_on+0x9c/0x150 [ 850.218104][T13408] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.218130][T13408] ? clear_bhb_loop+0x60/0xb0 [ 850.218156][T13408] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 850.218176][T13408] RIP: 0033:0x7f4842d8e929 [ 850.218196][T13408] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 850.218214][T13408] RSP: 002b:00007f4843b57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 850.218234][T13408] RAX: ffffffffffffffda RBX: 00007f4842fb5fa0 RCX: 00007f4842d8e929 [ 850.218250][T13408] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 850.218263][T13408] RBP: 00007f4843b57090 R08: 0000000000000000 R09: 0000000000000000 [ 850.218277][T13408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 850.218289][T13408] R13: 0000000000000000 R14: 00007f4842fb5fa0 R15: 00007ffd7ac85eb8 [ 850.218323][T13408] [ 850.556330][ C0] vkms_vblank_simulate: vblank timer overrun [ 850.742548][T12686] veth0_vlan: entered promiscuous mode [ 850.818083][T12686] veth1_vlan: entered promiscuous mode [ 850.896610][T12686] veth0_macvtap: entered promiscuous mode [ 850.966995][T12686] veth1_macvtap: entered promiscuous mode [ 851.032025][T12686] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 851.056035][T12686] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 851.076173][T12686] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.076734][T13424] input: syz1 as /devices/virtual/input/input257 [ 851.086362][T12686] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.139543][T12686] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.148887][T12686] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 851.415275][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 851.431380][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 851.480523][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 851.488516][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 852.747625][T13522] FAULT_INJECTION: forcing a failure. [ 852.747625][T13522] name failslab, interval 1, probability 0, space 0, times 0 [ 852.791112][T13522] CPU: 1 UID: 0 PID: 13522 Comm: syz.5.5882 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 852.791144][T13522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 852.791158][T13522] Call Trace: [ 852.791166][T13522] [ 852.791175][T13522] dump_stack_lvl+0x189/0x250 [ 852.791204][T13522] ? __pfx____ratelimit+0x10/0x10 [ 852.791236][T13522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 852.791260][T13522] ? __pfx__printk+0x10/0x10 [ 852.791290][T13522] ? __pfx___might_resched+0x10/0x10 [ 852.791317][T13522] should_fail_ex+0x414/0x560 [ 852.791349][T13522] should_failslab+0xa8/0x100 [ 852.791376][T13522] __kmalloc_cache_node_noprof+0x73/0x3d0 [ 852.791402][T13522] ? __get_vm_area_node+0x13f/0x300 [ 852.791430][T13522] __get_vm_area_node+0x13f/0x300 [ 852.791458][T13522] __vmalloc_node_range_noprof+0x301/0x12f0 [ 852.791486][T13522] ? copy_process+0x54b/0x3c00 [ 852.791521][T13522] ? percpu_ref_get_many+0x19/0x140 [ 852.791550][T13522] ? percpu_ref_get_many+0x19/0x140 [ 852.791594][T13522] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 852.791626][T13522] ? memcpy_and_pad+0x48/0x80 [ 852.791657][T13522] __vmalloc_node_noprof+0xc2/0x110 [ 852.791685][T13522] ? copy_process+0x54b/0x3c00 [ 852.791707][T13522] ? copy_process+0x54b/0x3c00 [ 852.791734][T13522] dup_task_struct+0x3e7/0x860 [ 852.791766][T13522] copy_process+0x54b/0x3c00 [ 852.791823][T13522] ? __pfx_copy_process+0x10/0x10 [ 852.791861][T13522] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 852.791890][T13522] vhost_task_create+0x1c4/0x290 [ 852.791920][T13522] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 852.791943][T13522] ? __pfx_vhost_task_create+0x10/0x10 [ 852.791980][T13522] ? __pfx_vhost_task_fn+0x10/0x10 [ 852.792020][T13522] ? kasan_save_track+0x4f/0x80 [ 852.792039][T13522] ? kasan_save_track+0x3e/0x80 [ 852.792068][T13522] kvm_mmu_post_init_vm+0x147/0x2b0 [ 852.792096][T13522] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 852.792133][T13522] ? __mutex_trylock_common+0x153/0x260 [ 852.792163][T13522] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 852.792196][T13522] ? rcu_is_watching+0x15/0xb0 [ 852.792219][T13522] ? look_up_lock_class+0x74/0x170 [ 852.792241][T13522] ? register_lock_class+0x51/0x320 [ 852.792268][T13522] ? __lock_acquire+0xab9/0xd20 [ 852.792321][T13522] kvm_vcpu_ioctl+0x95c/0xe90 [ 852.792355][T13522] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 852.792378][T13522] ? __lock_acquire+0xab9/0xd20 [ 852.792422][T13522] ? __fget_files+0x2a/0x420 [ 852.792455][T13522] ? __fget_files+0x2a/0x420 [ 852.792483][T13522] ? __fget_files+0x3a0/0x420 [ 852.792511][T13522] ? __fget_files+0x2a/0x420 [ 852.792546][T13522] ? bpf_lsm_file_ioctl+0x9/0x20 [ 852.792568][T13522] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 852.792594][T13522] __se_sys_ioctl+0xfc/0x170 [ 852.792623][T13522] do_syscall_64+0xfa/0x3b0 [ 852.792642][T13522] ? lockdep_hardirqs_on+0x9c/0x150 [ 852.792674][T13522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.792695][T13522] ? clear_bhb_loop+0x60/0xb0 [ 852.792720][T13522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 852.792740][T13522] RIP: 0033:0x7f4842d8e929 [ 852.792760][T13522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 852.792778][T13522] RSP: 002b:00007f4843b57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 852.792800][T13522] RAX: ffffffffffffffda RBX: 00007f4842fb5fa0 RCX: 00007f4842d8e929 [ 852.792816][T13522] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 852.792828][T13522] RBP: 00007f4843b57090 R08: 0000000000000000 R09: 0000000000000000 [ 852.792842][T13522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 852.792854][T13522] R13: 0000000000000000 R14: 00007f4842fb5fa0 R15: 00007ffd7ac85eb8 [ 852.792893][T13522] [ 852.792904][T13522] warn_alloc: 1 callbacks suppressed [ 852.792916][T13522] syz.5.5882: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 853.206584][T13522] CPU: 1 UID: 0 PID: 13522 Comm: syz.5.5882 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 853.206614][T13522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 853.206627][T13522] Call Trace: [ 853.206636][T13522] [ 853.206646][T13522] dump_stack_lvl+0x189/0x250 [ 853.206680][T13522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 853.206705][T13522] ? __pfx__printk+0x10/0x10 [ 853.206728][T13522] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 853.206757][T13522] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 853.206788][T13522] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 853.206827][T13522] warn_alloc+0x214/0x310 [ 853.206864][T13522] ? __pfx_warn_alloc+0x10/0x10 [ 853.206893][T13522] ? __get_vm_area_node+0x13f/0x300 [ 853.206924][T13522] ? __get_vm_area_node+0x2b5/0x300 [ 853.206959][T13522] __vmalloc_node_range_noprof+0x326/0x12f0 [ 853.207000][T13522] ? percpu_ref_get_many+0x19/0x140 [ 853.207031][T13522] ? percpu_ref_get_many+0x19/0x140 [ 853.207075][T13522] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 853.207107][T13522] ? memcpy_and_pad+0x48/0x80 [ 853.207139][T13522] __vmalloc_node_noprof+0xc2/0x110 [ 853.207167][T13522] ? copy_process+0x54b/0x3c00 [ 853.207190][T13522] ? copy_process+0x54b/0x3c00 [ 853.207218][T13522] dup_task_struct+0x3e7/0x860 [ 853.207250][T13522] copy_process+0x54b/0x3c00 [ 853.207308][T13522] ? __pfx_copy_process+0x10/0x10 [ 853.207346][T13522] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 853.207369][T13522] vhost_task_create+0x1c4/0x290 [ 853.207398][T13522] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 853.207421][T13522] ? __pfx_vhost_task_create+0x10/0x10 [ 853.207459][T13522] ? __pfx_vhost_task_fn+0x10/0x10 [ 853.207499][T13522] ? kasan_save_track+0x4f/0x80 [ 853.207520][T13522] ? kasan_save_track+0x3e/0x80 [ 853.207549][T13522] kvm_mmu_post_init_vm+0x147/0x2b0 [ 853.207578][T13522] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 853.207616][T13522] ? __mutex_trylock_common+0x153/0x260 [ 853.207646][T13522] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 853.207680][T13522] ? rcu_is_watching+0x15/0xb0 [ 853.207705][T13522] ? look_up_lock_class+0x74/0x170 [ 853.207728][T13522] ? register_lock_class+0x51/0x320 [ 853.207756][T13522] ? __lock_acquire+0xab9/0xd20 [ 853.207815][T13522] kvm_vcpu_ioctl+0x95c/0xe90 [ 853.207850][T13522] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 853.207875][T13522] ? __lock_acquire+0xab9/0xd20 [ 853.207918][T13522] ? __fget_files+0x2a/0x420 [ 853.207954][T13522] ? __fget_files+0x2a/0x420 [ 853.207983][T13522] ? __fget_files+0x3a0/0x420 [ 853.208012][T13522] ? __fget_files+0x2a/0x420 [ 853.208048][T13522] ? bpf_lsm_file_ioctl+0x9/0x20 [ 853.208070][T13522] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 853.208097][T13522] __se_sys_ioctl+0xfc/0x170 [ 853.208125][T13522] do_syscall_64+0xfa/0x3b0 [ 853.208146][T13522] ? lockdep_hardirqs_on+0x9c/0x150 [ 853.208177][T13522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.208196][T13522] ? clear_bhb_loop+0x60/0xb0 [ 853.208220][T13522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 853.208239][T13522] RIP: 0033:0x7f4842d8e929 [ 853.208256][T13522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 853.208275][T13522] RSP: 002b:00007f4843b57038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 853.208295][T13522] RAX: ffffffffffffffda RBX: 00007f4842fb5fa0 RCX: 00007f4842d8e929 [ 853.208311][T13522] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 853.208323][T13522] RBP: 00007f4843b57090 R08: 0000000000000000 R09: 0000000000000000 [ 853.208336][T13522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 853.208348][T13522] R13: 0000000000000000 R14: 00007f4842fb5fa0 R15: 00007ffd7ac85eb8 [ 853.208380][T13522] [ 853.591730][T13522] Mem-Info: [ 853.596604][T13522] active_anon:14342 inactive_anon:0 isolated_anon:0 [ 853.596604][T13522] active_file:1572 inactive_file:44011 isolated_file:0 [ 853.596604][T13522] unevictable:768 dirty:31 writeback:0 [ 853.596604][T13522] slab_reclaimable:11383 slab_unreclaimable:95495 [ 853.596604][T13522] mapped:24268 shmem:3558 pagetables:1531 [ 853.596604][T13522] sec_pagetables:5 bounce:0 [ 853.596604][T13522] kernel_misc_reclaimable:0 [ 853.596604][T13522] free:1328683 free_pcp:14078 free_cma:0 [ 853.669793][T13522] Node 0 active_anon:57168kB inactive_anon:0kB active_file:6288kB inactive_file:175840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:97072kB dirty:120kB writeback:0kB shmem:12696kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11396kB pagetables:5888kB sec_pagetables:20kB all_unreclaimable? no Balloon:0kB [ 853.725984][T13522] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:80kB pagetables:136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 853.758078][T13522] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 853.787446][T13522] lowmem_reserve[]: 0 2497 2498 2498 2498 [ 853.793510][T13522] Node 0 DMA32 free:1394492kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:57124kB inactive_anon:0kB active_file:6288kB inactive_file:174532kB unevictable:1536kB writepending:116kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:42372kB local_pcp:21340kB free_cma:0kB [ 853.826799][T13522] lowmem_reserve[]: 0 0 1 1 1 [ 853.831791][T13522] Node 0 Normal free:20kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1308kB unevictable:0kB writepending:4kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB [ 853.862229][T13522] lowmem_reserve[]: 0 0 0 0 0 [ 853.867021][T13522] Node 1 Normal free:3905160kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:14336kB local_pcp:3776kB free_cma:0kB [ 853.898526][T13522] lowmem_reserve[]: 0 0 0 0 0 [ 853.904066][T13522] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 853.917164][T13522] Node 0 DMA32: 2490*4kB (UME) 1227*8kB (UME) 291*16kB (UME) 615*32kB (UME) 196*64kB (UME) 186*128kB (UME) 253*256kB (UME) 240*512kB (UM) 122*1024kB (UME) 15*2048kB (UME) 237*4096kB (UM) = 1394512kB [ 853.937378][T13522] Node 0 Normal: 1*4kB (M) 0*8kB 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20kB [ 853.949845][T13522] Node 1 Normal: 196*4kB (UME) 45*8kB (UME) 43*16kB (UME) 241*32kB (UME) 77*64kB (UME) 18*128kB (UME) 3*256kB (UM) 3*512kB (UM) 3*1024kB (UME) 2*2048kB (UE) 947*4096kB (M) = 3905160kB [ 853.968554][T13522] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 853.978806][T13522] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 853.988457][T13522] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 853.998409][T13522] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 854.008907][T13522] 49140 total pagecache pages [ 854.013993][T13522] 0 pages in swap cache [ 854.018189][T13522] Free swap = 124996kB [ 854.022822][T13522] Total swap = 124996kB [ 854.027028][T13522] 2097051 pages RAM [ 854.030872][T13522] 0 pages HighMem/MovableOnly [ 854.041273][T13522] 425688 pages reserved [ 854.045494][T13522] 0 pages cma reserved [ 854.175907][T13542] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 855.010737][T13606] syz.5.5891: attempt to access beyond end of device [ 855.010737][T13606] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 855.163420][T13612] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 857.944146][T13765] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 860.799684][T13909] binder: 13907:13909 ioctl 400c620e 2000000014c0 returned -22 [ 861.336917][T13930] i2c i2c-0: Invalid block write size 34 [ 862.885282][T14010] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 862.996368][T14000] loop4: detected capacity change from 0 to 7 [ 863.123500][T14027] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 863.408523][T12079] Dev loop4: unable to read RDB block 7 [ 863.418500][T12079] loop4: unable to read partition table [ 863.425605][T12079] loop4: partition table beyond EOD, truncated [ 863.455121][T14000] Dev loop4: unable to read RDB block 7 [ 863.460772][T14000] loop4: unable to read partition table [ 863.554470][T14000] loop4: partition table beyond EOD, truncated [ 863.660312][T14000] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 864.790593][T14125] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 865.089176][T14147] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 865.616414][T14172] binder: 14167:14172 ioctl c00c6211 0 returned -14 [ 866.632235][T14220] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 867.124355][T14243] binder: 14242:14243 ioctl c018620c 200000000380 returned -22 [ 867.315531][T14251] usb usb8: usbfs: process 14251 (syz.5.5985) did not claim interface 0 before use [ 868.183295][ T5155] Bluetooth: hci4: unexpected event 0x04 length: 2 < 10 [ 868.193924][T14306] Bluetooth: hci4: Frame reassembly failed (-84) [ 868.259666][T14307] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 868.317663][T14322] vivid-001: disconnect [ 868.341909][T14320] vivid-001: reconnect [ 868.342001][T14321] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 868.521986][T14328] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 869.051583][T14363] ALSA: seq fatal error: cannot create timer (-22) [ 869.174868][T14373] rtc_cmos 00:00: Alarms can be up to one day in the future [ 869.637905][T14394] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 870.219176][T14423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 870.226818][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 870.238013][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.238963][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 870.244623][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.385671][T14502] sp0: Synchronizing with TNC [ 872.793656][T14645] nvme_fabrics: missing parameter 'transport=%s' [ 872.800058][T14645] nvme_fabrics: missing parameter 'nqn=%s' [ 872.825043][T14652] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 872.836027][T14652] program syz.5.6035 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 873.044314][T14671] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 874.031331][ T30] audit: type=1400 audit(1750410754.064:31): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=14747 comm="syz.6.6046" [ 875.339259][T14807] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 875.451645][T14806] kvm_intel: kvm [14799]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 876.020426][T14806] CUSE: info not properly terminated [ 876.192873][T14864] random: crng reseeded on system resumption [ 876.316856][T14870] input: syz1 as /devices/virtual/input/input260 [ 881.926518][T15155] dlm: no locking on control device [ 881.932725][T15155] program syz.5.6105 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 883.033636][T15190] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=277396926 (4438350816 ns) > initial count (848760656 ns). Using initial count to start timer. [ 883.668221][T15214] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 887.889389][T15345] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 888.314546][T15380] support for the xor transformation has been removed. [ 889.027452][ T49] Bluetooth: hci4: Frame reassembly failed (-84) [ 889.044310][T15411] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 889.213664][T15423] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 889.557486][T15441] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 889.587618][T15441] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 891.093594][T15503] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 891.101904][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 891.104676][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 893.075359][T15610] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 893.696965][T15633] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 894.083844][T15655] input: syz0 as /devices/virtual/input/input263 [ 895.165912][T15725] input: syz0 as /devices/virtual/input/input264 [ 896.094220][T15767] support for cryptoloop has been removed. Use dm-crypt instead. [ 896.638983][T15787] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 897.196895][T15821] usb usb8: usbfs: process 15821 (syz.5.6202) did not claim interface 0 before use [ 897.774042][T15849] mkiss: ax0: crc mode is auto. [ 897.804764][T15849] mkiss: ax1: crc mode is auto. [ 900.127375][T15939] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 900.633813][T15966] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 900.909226][T15986] input: syz1 as /devices/virtual/input/input265 [ 902.026566][T16055] program syz.6.6240 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 902.375305][T16031] tun0: tun_chr_ioctl cmd 1074025676 [ 902.413386][T16031] tun0: owner set to 0 [ 904.354801][T16180] loop6: detected capacity change from 0 to 7 [ 904.363882][ T30] audit: type=1400 audit(1750410784.434:32): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=16181 comm="syz.5.6262" [ 904.387267][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.396524][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.422367][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.431717][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.440210][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.449512][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.471211][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.480423][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.491063][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.500261][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.508458][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.517695][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.534320][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.543588][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.551759][T16180] ldm_validate_partition_table(): Disk read failed. [ 904.558621][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.567889][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.581592][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.590835][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.599671][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 904.609002][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 904.629586][T16180] Dev loop6: unable to read RDB block 0 [ 904.644177][T16180] loop6: unable to read partition table [ 904.660521][T16180] loop6: partition table beyond EOD, truncated [ 904.676093][T16180] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà–() failed (rc=-5) [ 905.104985][T16213] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 905.400825][T16230] binder: 16229:16230 ioctl 4018620d 0 returned -22 [ 905.474921][T16238] binder: 16229:16238 ioctl c018620c 0 returned -14 [ 905.481750][ T30] audit: type=1400 audit(1750410785.544:33): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=3A21D01A0B978D2F2F262D2A83D1 pid=16232 comm="syz.6.6274" [ 905.523736][T16240] Scaler: ================= START STATUS ================= [ 905.541338][T16240] Scaler: ================== END STATUS ================== [ 906.068885][T16257] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 906.216290][T16230] binder: 16229:16230 ioctl c0306201 2000000000c0 returned -14 [ 906.513216][T16288] input: syz0 as /devices/virtual/input/input268 [ 908.560786][T16388] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 908.583369][T16390] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 908.593098][T16387] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 909.389515][T16431] syz.6.6305: attempt to access beyond end of device [ 909.389515][T16431] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 909.614097][T16442] syz.6.6306: attempt to access beyond end of device [ 909.614097][T16442] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 910.628722][T16503] binfmt_misc: register: failed to install interpreter file ./file0 [ 910.794428][T16512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 910.808319][T16516] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 910.858960][T16512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 911.537998][T16557] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 912.732175][T16600] ALSA: mixer_oss: invalid OSS volume '' [ 912.831803][T16619] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 914.071114][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 914.071245][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 914.488799][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.488977][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.489118][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.489305][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.489450][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.489604][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490174][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490323][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490467][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490610][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490746][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.490887][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.500403][T16668] snd_aloop snd_aloop.0: control 3:4:4:syz0:9 is already present [ 914.658843][T16678] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 914.883612][ T3019] hid-generic 0002:0004:0005.000B: unknown main item tag 0x2 [ 914.883680][ T3019] hid-generic 0002:0004:0005.000B: reserved main item tag 0xe [ 914.883706][ T3019] hid-generic 0002:0004:0005.000B: item fetching failed at offset 22/112 [ 914.884455][ T3019] hid-generic 0002:0004:0005.000B: probe with driver hid-generic failed with error -22 [ 915.194107][ T30] audit: type=1800 audit(1750410795.264:34): pid=16714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6351" name="[kvm-gmem]" dev="anon_inodefs" ino=205539 res=0 errno=0 [ 915.199835][T16714] syz.5.6351: attempt to access beyond end of device [ 915.199835][T16714] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 915.779331][T16742] program syz.4.6357 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 916.052176][T16750] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 916.452542][T16764] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 916.459804][T16763] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 918.271201][T16856] input: syz1 as /devices/virtual/input/input272 [ 919.461930][T16899] input: syz0 as /devices/virtual/input/input274 [ 921.305957][T16964] binder: 16958:16964 ioctl c0306201 0 returned -14 [ 921.313124][T16964] binder: 16958:16964 ioctl c0306201 2000000000c0 returned -11 [ 922.262224][T17004] block nbd5: NBD_DISCONNECT [ 922.508876][T17015] binder: 17009:17015 ioctl c0306201 2000000001c0 returned -22 [ 925.607831][ T30] audit: type=1800 audit(1750410805.674:35): pid=17160 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.6422" name="dmabuf" dev="dmabuf" ino=37 res=0 errno=0 [ 925.700449][T17168] ALSA: seq fatal error: cannot create timer (-19) [ 926.430718][T17198] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 927.542838][T17252] vivid-001: disconnect [ 927.584667][T17252] vivid-001: reconnect [ 927.739864][T17262] input: syz0 as /devices/virtual/input/input276 [ 928.697675][T17293] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 929.145908][T17311] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 929.337113][T17332] blktrace: Concurrent blktraces are not allowed on sg0 [ 929.365001][T17332] blktrace: Concurrent blktraces are not allowed on nullb0 [ 931.484938][T17434] input: syz1 as /devices/virtual/input/input278 [ 931.668081][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.674880][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.899957][T17454] usb usb8: usbfs: process 17454 (syz.4.6471) did not claim interface 0 before use [ 933.263927][T17522] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 934.677284][T17580] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 934.768229][T17594] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 934.885770][T17604] can0: slcan on ptm1. [ 935.592160][T17603] can0 (unregistered): slcan off ptm1. [ 937.334613][T17734] syz.5.6505: attempt to access beyond end of device [ 937.334613][T17734] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 939.477068][T17825] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 940.484837][T17865] input: syz0 as /devices/virtual/input/input280 [ 940.508372][T17878] input: syz1 as /devices/virtual/input/input281 [ 942.922405][T17964] block device autoloading is deprecated and will be removed. [ 943.130827][T17976] kvm: user requested TSC rate below hardware speed [ 944.797176][ T30] audit: type=1800 audit(1750410824.864:36): pid=18034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.6556" name="dmabuf" dev="dmabuf" ino=38 res=0 errno=0 [ 944.873825][T18036] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 945.863685][T18083] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 946.222547][T18107] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 946.620522][T18138] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 946.927675][T18141] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 948.585467][T18225] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 948.596424][T18229] input: syz0 as /devices/virtual/input/input282 [ 948.616385][T18225] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 949.145244][T18266] CUSE: info not properly terminated [ 949.154321][T18262] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 949.255990][T18262] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 949.742129][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 949.750200][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 951.016269][ T3009] Bluetooth: Error in BCSP hdr checksum [ 951.274594][ T3009] Bluetooth: Error in BCSP hdr checksum [ 952.177902][ T10] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz1 [ 952.201912][T18407] can0: slcan on ptm1. [ 952.784427][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 952.791673][ T5155] Bluetooth: hci4: command 0x1003 tx timeout [ 953.443654][T18405] can0 (unregistered): slcan off ptm1. [ 953.918230][T18488] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 954.823287][T18501] Trying to write to read-only block-device nullb0 [ 958.145332][T18686] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 958.239540][T18693] syz.6.6651: attempt to access beyond end of device [ 958.239540][T18693] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 959.234846][T18739] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 959.688038][T18764] input: syz1 as /devices/virtual/input/input284 [ 960.361734][T18779] binder: 18778:18779 ioctl c0306201 200000000300 returned -22 [ 960.384843][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.442286][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.449773][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.638279][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.652110][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.663631][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.671558][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.679009][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.695265][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.702927][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.702960][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.702987][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703013][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703040][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703066][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703091][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703117][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703141][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703167][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703192][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703218][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703243][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703269][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703313][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703340][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703367][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703394][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703420][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703456][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703481][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703507][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703532][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703558][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703584][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703609][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703632][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703657][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703681][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703703][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703734][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703760][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703786][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703812][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703837][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.703861][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.858632][ T5155] Bluetooth: hci4: unexpected event 0x02 length: 0 < 1 [ 960.861980][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 960.997956][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.005803][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.015347][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.022965][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.030396][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.040308][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.047818][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.069688][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.077307][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.084807][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.092348][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.099794][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.107634][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.117258][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.124768][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.132272][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.139717][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.147224][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.154707][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.162189][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.169595][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.177069][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.184599][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.192185][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.199663][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.207558][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.215299][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.222948][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.230873][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.239106][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.247149][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.255352][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.263452][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.270904][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.279049][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.286699][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.296043][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.311316][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.318764][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.326660][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.334340][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.342082][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.349510][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.357223][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.364921][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.372580][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.380008][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.387710][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.395962][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.406546][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.414250][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.425826][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.435291][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.451640][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.459112][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.469893][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.477951][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.489227][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.497727][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.506313][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.514397][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.522228][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.529784][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.542831][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.550281][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.558201][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.566415][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.574193][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.582399][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.590269][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.616572][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.624965][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.638738][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.647121][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.672835][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.680305][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.689904][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.699162][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.708416][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.717650][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.727868][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.738946][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.750173][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.759620][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.771223][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.783626][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.792088][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.799528][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.811664][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.819115][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.827131][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.834867][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.842604][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.850044][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.859003][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.866747][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.877038][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.895582][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.904745][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.913590][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.921482][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.930530][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.938481][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.946456][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.954677][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.962752][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.970219][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.979352][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.988876][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 961.997545][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.005292][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.013902][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.025360][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.033101][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.040607][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.079737][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.090316][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.101996][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.109527][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.118789][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.129301][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.139293][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.149411][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.159572][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.169679][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.180732][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.190299][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.202226][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.210172][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.222841][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.233022][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.240558][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.248455][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.256107][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.263755][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.273664][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.283058][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.299277][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.307438][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.315122][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.349901][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.358086][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.369375][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.376927][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.388697][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.396259][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404473][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404507][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404534][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404571][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404598][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404625][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404651][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404678][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404706][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404733][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404760][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404787][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404814][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404841][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404868][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404894][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404920][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404947][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.404974][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.405001][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.405028][ T3019] hid-generic 01FF:0004:0400.000D: unknown main item tag 0x0 [ 962.413623][ T3019] hid-generic 01FF:0004:0400.000D: hidraw0: HID v0.05 Device [syz0] on syz1 [ 962.506456][T18866] fido_id[18866]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 962.593447][T18874] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 962.864002][ T51] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 963.453552][T13110] Bluetooth: hci4: Frame reassembly failed (-84) [ 965.514507][ T5155] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 965.843347][T19059] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 966.062772][T19072] program syz.6.6723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 966.125711][T19074] program syz.6.6723 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 966.159502][T19074] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 966.255615][T19076] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 967.306497][T19138] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 967.513330][T19151] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 968.014353][T19173] ALSA: mixer_oss: invalid OSS volume '(' [ 971.859573][T19280] loop4: detected capacity change from 0 to 524255232 [ 972.987927][T19315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 973.967898][T19349] syz.4.6780: attempt to access beyond end of device [ 973.967898][T19349] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 975.748249][T19427] kvm: user requested TSC rate below hardware speed [ 975.961603][T19450] binder: 19438:19450 ioctl c0306201 200000000540 returned -22 [ 976.818662][T19476] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 977.708182][T19531] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 977.718047][ T30] audit: type=1400 audit(1750410857.774:37): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=19530 comm="syz.6.6812" [ 977.983753][T19544] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 978.494971][T19577] vim2m vim2m.0: Fourcc format (0x42474752) invalid. [ 978.641736][ T5155] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 978.651814][ T5155] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 978.660333][ T5155] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 978.669776][ T5155] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 978.679271][ T5155] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 978.701408][ T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 978.735911][ T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 978.744990][ T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 978.754883][ T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 978.763657][ T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 979.316392][T19581] chnl_net:caif_netlink_parms(): no params data found [ 979.773905][T19775] binder: 19774:19775 ioctl c018620c 200000000500 returned -1 [ 980.041559][T19611] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 980.047552][T19611] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 980.128180][T19581] bridge0: port 1(bridge_slave_0) entered blocking state [ 980.150224][T19581] bridge0: port 1(bridge_slave_0) entered disabled state [ 980.161170][T19581] bridge_slave_0: entered allmulticast mode [ 980.173416][T19581] bridge_slave_0: entered promiscuous mode [ 980.186097][T19581] bridge0: port 2(bridge_slave_1) entered blocking state [ 980.195518][T19581] bridge0: port 2(bridge_slave_1) entered disabled state [ 980.204701][T19581] bridge_slave_1: entered allmulticast mode [ 980.213942][T19581] bridge_slave_1: entered promiscuous mode [ 980.752448][T19581] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 980.782030][T19581] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 981.397404][T13110] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 981.515329][T19581] team0: Port device team_slave_0 added [ 981.608935][T19581] team0: Port device team_slave_1 added [ 981.944802][T13110] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 982.147175][T19581] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 982.154438][T19581] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 982.185816][T19581] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 982.217772][T19941] [U]  [ 982.220619][T19941] [U] K{‘ [ 982.233761][T19941] [U] ät Ž1ÊàŠªFìÇÄfËŠî`GÊJç˜Ügö毹¬¡—þÈoÕñ/ümCç [ 982.240901][T19941] [U] tžØ–/,~ˆÄœ­‹jõÿÊ}8îÊþ'o1Ü"™7-î‚JQœK—¤Wºïqé5c%"¬H12–¦Y“„‰ž€ÊXÍ`ˆ‚íè¼`+³û(·â¿!(éûéz'àtXln»I®gÅj– °üÝ­·på~÷7í!‘Õò"ø¨Î ¾ª(È5ˆObü¤‡ÍƒJÖ [ 982.261486][T19941] [U] ±k\&—}6£6œXîHX ¥ôµ„Ìþ.`¸a“$Û40|϶¿9°øÞ¨„¯À ÏU‚ò4ôä®VbzÃð}ÌwÔM”TºŽíQŸýΦr’ 4”ÿ [ 982.274325][T19941] [U] ".h6øÞ"Ökã‡[›‰¤ŒJá4çØIn¨™[Z(•„C|Të]z{â3Ÿc=»¨xîôžë…î4ßw‰)\T‘XJøSH{q;ì¹¢…ötÔÇ+‹¦÷gíèÿ®d„.Ë‚³>yž÷éwUh„fN—ŽÇhl]SÔ2ŠÇÙ\g%ŠO¼&z)µðš'¨pul‚_<㠢ذ‰ò®Ôå`Ò±TÔÁþœÐËþ;_ô"(‘u{7jœ¿2X ‘/€'ÝÙcÑÌõIº©ÀÏH¿cÕ³žV¦=‘AiÇ%w¼Esž RšŸjŠîœƒÚ”gÂ÷rÁ¹í¡hI˜¢œaïì6-úDúV¨á i"øånæ¨ þÚAsc~4Áª¹8cø*­OO5/ÿœJš~º§¡w—vK+¬®‰Œ3èÇY)޹M°¸æv¶Ìyqæ½€DTr¯Otpem%f×ÊejÍA5æÔT_-X~ ^aaÛ‚ò˜½qÖå [ 982.313906][T19941] [U] +w‰G?]£Ó'a: »Ú)Õïó™“' B>t¢ ¡f/™÷<'èUÓ'–¼h§ié.+]eŸ.½-É¿ÿ¿Ò%÷è>2`¶^Uÿ8F.Š6¤Å3ÓØ+ËA¾Â««„°g3ÓpÂó6:^0Àtéèv÷'Eõt¼€ûâYC‰n¾þrÏ©ÞnèPj× ;æZ†êôñû‘8!¯È\ù…¸AØÊ–2Á£$ðµ™Â­wi.Íç#ŠÈ/Bai¼Ä`ðá4j’ôdîy@Óz„ügW÷5Ë¿BÄ µÙœ Nóy"vI2ûÌ [ 982.338201][T19941] [U] ôT¦_K5¸t¬YJÐþÎ9ðÕcÊ$brŸLúNul ¶ü9wÈýÍ|žGå"ʃÆ%Çú¶êCªØ°¶ºqîÙ ŸÇ3‹Æq¯ôN^HP*½Ü$ µ.Î7yÓ±œ2³ [ 982.350623][T19941] [U] ½?©ÿ hüä*ÙÁ”Î3í7Üé¾^#Q"0~‡ ‚ð(éoïX LŒb£,'vîÓ=‹ÝëCÌS«…’G‚S¶Þ0•Ö‚‹Ù`˜›žÙ‡Ÿ†=1(÷î¾™÷p#ò2DO*Ƀ [ 982.362737][T19941] [U] ©s¹“gžµ²¶“˜GuÐÔd-{¸™â|&“®ŸŸñ2µ›LÞc_©œ!`¨ÍozÖ¥¢B¶³%>êrñ¶öwï‡ýŽSsÂH"£yA4£O.šYÙÛä„RTÔ¶ŒBÚ[+/<>—¡{q¢Ú×_²ÕLX8ÊU„ÇØî{ðZ³íø)ÿÒ7?ËrR;ÿcßr hײڣỨè1Å>)©Măâ‰Ït§²Ú(ìÇaÏ„}9·Ú¥ãJ*MÑœ¥Ä¡«'L¹£q ìDWŸòø¸=ؽ|q¬ ÏÆ™W;5æÙŽª!ñdB¸x`é§ö/÷ÂE`ƦM¢Xîâ"ä\ [ 982.417074][T13110] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 982.457172][ C0] vkms_vblank_simulate: vblank timer overrun [ 982.494864][T19941] [U] {;Ž õ¥ÂÙ˜_ˆo2«Ñ)îo®›.2ÐW2겨ðyùÃãx_ HPϱœSªD­¦ø:]‚{Ë©ÔÝæè½ [ 982.503834][T19941] [U] I,Ç>Çó¤ îÙ51ñ÷^1òN4¯oǶþ'0ý?Ö’iÙ9w.ï_.¶WŠa¼ŠVˆ±`)ÑZ¬ïæc6GiÓ¹²a»¬XL[¢›½¡Fü*ÀñO‰W)+‡Ç'\nÆ[K@ÑëÄü2çǬ–®¡p"^`Á‰í øß [ 982.518998][T19941] [U] 22½“Æ©Ðû©x?0;3u± [ 982.523829][T19941] [U] ÞœÕæósObx 8”Wˆ4á‘(ð~/§¿íKÇUžãÔ–oQËe+·G®-yµgY_•>v¢ÜÈë—3.hÁÓ™]Í„²2‘”)™DË, ‘Ä þD~×d©£¡+Ãw; A\˜FPÉþȘ|$ºø)KØI³éÐÉ¿kñYT^RÍüù癵“ËA=±#–Üœ ÝíßËae©tå1·Îݯ4K¯.e"RÚS|ðŸÀsÖ’Á:•ù>p ™…rÐ"z‰ú­ûúé#P!˜KY"›}ÃÆF¿N84ü³ƒÅhÞ±£o•Èsߙ̫%DlwÙmæ²Ç [ 982.549858][T19941] [U] [ª['xn€'²÷ á¿Ü,mr¦«/žšœâ1D=!DŽx91Bùwç»R—lf…ƒÆKì¤Zõê# `ì‘ lØ›§Ëœ»×b~åmÒÔÖ [ 982.560160][T19941] [U] ™LÖ>ñd+ˆd¯§—®Ì"5Žêh3<ª¨ÅiR=F^”fnõóÜÀ‰¿û­vÛ÷œDÁOIOÚ:Uö>ÖYâ [ 982.571547][T19941] [U] 'B—6vý20³ä·çž¥·×Œï"t8Ñ{9ÆFW]ôÊäì© [ 982.578272][T19941] [U] ù72þ‰ïÂÃuþC6™îüÔÏ„I]8cª£tÛ¨QSkYÞîIÒÀâ¹ ¿|V'ÛTV/ùÅg•$[â 9kh`ú"ü‘úõ}€ñ[^=ˆú0á]½ã%ÆÌ‚T“Šž¹ØFì_vö4C¸òÅ [ 982.595346][T19941] [U] ¹ ec [ 982.598549][T19941] [U] —”|‚Êì<äî:^ü3$7nK~Ø-™@÷¦?Ÿ–/mtl·Û¾©Iˆwè¬@g~tØ{êÜPß+Æ$ªjp|µ ŽçIÛRiópmð õ·YÓ ú”8ìtÉÐÞVžÙÿÆë,îlâ,Õ [ 982.654489][T19581] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 982.662254][T19581] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 982.689766][T19581] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 982.773245][T19962] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 982.827333][T13110] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 983.083727][T19924] [U] ˆKÌúÛõ‰)0ÄÄÝ~ü³ÊªÁiP'ífóòœzÚÞr¬™ÿ @BÓ]Â5ÝÊ{­©Ê¼ô'à8寥F‡¹UTqUdÇ©¤K;7íª0c[„ãy–¼ÈYC¦¶»Ø°mª™Lò8’T…ÍšÎ5³ýýrx™¶ðWí x¤²óoQhVi'8œ¥Î…Lµ [ 983.280122][T19581] hsr_slave_0: entered promiscuous mode [ 983.287189][T19581] hsr_slave_1: entered promiscuous mode [ 983.301853][T19581] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 983.319915][T19581] Cannot create hsr debugfs directory [ 983.556456][T20037] input: syz1 as /devices/virtual/input/input288 [ 984.475242][T13110] bridge_slave_1: left allmulticast mode [ 984.493191][T13110] bridge_slave_1: left promiscuous mode [ 984.499066][T13110] bridge0: port 2(bridge_slave_1) entered disabled state [ 984.615154][T13110] bridge_slave_0: left allmulticast mode [ 984.644285][T13110] bridge_slave_0: left promiscuous mode [ 984.661213][T13110] bridge0: port 1(bridge_slave_0) entered disabled state [ 986.662655][T13110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 986.771851][T13110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 986.814150][T13110] bond0 (unregistering): Released all slaves [ 988.737907][T20266] random: crng reseeded on system resumption [ 988.771223][T13110] hsr_slave_0: left promiscuous mode [ 988.803391][T20272] kvm_intel: kvm [20267]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0xff [ 988.831341][T13110] hsr_slave_1: left promiscuous mode [ 988.839358][T13110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 988.847402][T13110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 988.892176][T13110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 988.901374][T13110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 988.989562][T13110] veth1_macvtap: left promiscuous mode [ 988.996395][T13110] veth0_macvtap: left promiscuous mode [ 989.002577][T13110] veth1_vlan: left promiscuous mode [ 989.008098][T13110] veth0_vlan: left promiscuous mode [ 992.058727][T13110] team0 (unregistering): Port device team_slave_1 removed [ 992.304348][T13110] team0 (unregistering): Port device team_slave_0 removed [ 992.443105][T20481] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 993.108693][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.118254][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.191835][T19581] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 995.246097][T19581] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 995.311465][T19581] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 995.404710][T19581] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 995.839504][T19581] 8021q: adding VLAN 0 to HW filter on device bond0 [ 995.920562][T19581] 8021q: adding VLAN 0 to HW filter on device team0 [ 995.942208][ T154] bridge0: port 1(bridge_slave_0) entered blocking state [ 995.949527][ T154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 995.980189][ T154] bridge0: port 2(bridge_slave_1) entered blocking state [ 995.988021][ T154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 996.537044][T19581] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 996.557866][T20653] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 996.767792][T19581] veth0_vlan: entered promiscuous mode [ 996.792417][T19581] veth1_vlan: entered promiscuous mode [ 996.928463][T19581] veth0_macvtap: entered promiscuous mode [ 996.960956][T19581] veth1_macvtap: entered promiscuous mode [ 996.998987][T19581] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 997.033300][T19581] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 997.067962][T19581] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.081670][T19581] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.090433][T19581] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.100210][T19581] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 997.389734][T13109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 997.409334][T20713] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 997.418896][T13109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 997.429154][T20712] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 997.477197][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 997.494842][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 997.955430][T20753] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 999.283937][T20828] syz.6.6928: attempt to access beyond end of device [ 999.283937][T20828] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 999.597727][T20836] binder: 20832:20836 ioctl c018620c 200000000080 returned -22 [ 1001.134096][ T30] audit: type=1804 audit(1750410881.204:38): pid=20917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.6948" name="/newroot/397/cgroup.controllers" dev="tmpfs" ino=2064 res=1 errno=0 [ 1001.158926][ T30] audit: type=1800 audit(1750410881.204:39): pid=20917 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.6948" name="cgroup.controllers" dev="tmpfs" ino=2064 res=0 errno=0 [ 1001.446760][T20946] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1001.522472][T20946] input: syz1 as /devices/virtual/input/input291 [ 1001.967603][T20980] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1002.677079][T21115] input: syz1 as /devices/virtual/input/input292 [ 1002.747241][T21115] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1002.781639][T21125] mkiss: ax0: crc mode is auto. [ 1003.014730][T21149] QAT: Invalid ioctl 1075861082 [ 1003.165922][T21133] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1003.226996][T21133] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1003.913819][T21205] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 1004.486648][T21236] vimc link validate: Scaler:src:16x16 (0x33424752, 8, 1, 0, 2) RGB/YUV Capture:snk:16x16 (0x38414761, 8, 0, 0, 0) [ 1006.742541][T21315] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1007.429311][T21346] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1009.030640][T21411] QAT: Invalid ioctl -1073453434 [ 1009.066941][T21411] QAT: Invalid ioctl 26130 [ 1009.073546][T21411] QAT: Invalid ioctl -2114415556 [ 1010.751709][T21512] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1010.843520][T21525] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1012.667779][T21607] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1012.916796][T21620] Bluetooth: hci2: Frame reassembly failed (-84) [ 1013.410495][T21655] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1013.460030][T21655] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1014.941591][ T51] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1014.944667][ T5155] Bluetooth: hci2: command 0xfc11 tx timeout [ 1015.296455][T21858] input: syz1 as /devices/virtual/input/input297 [ 1015.488335][T21877] binder: 21876:21877 ioctl c0306201 0 returned -14 [ 1015.498595][T21877] binder: 21876:21877 ioctl c0306201 2000000000c0 returned -11 [ 1015.819668][T21888] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1016.698517][T21924] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1016.714289][T21924] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1017.965160][T21995] input: syz1 as /devices/virtual/input/input298 [ 1018.268023][T21980] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1018.758277][T22041] binder: 22039:22041 ioctl c018620c 200000000140 returned -22 [ 1021.189964][T22165] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1021.346482][T22176] binder_alloc: binder_alloc_mmap_handler: 22174 200000735000-200000736000 already mapped failed -16 [ 1022.137601][T22198] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1024.234266][T22277] sp0: Synchronizing with TNC [ 1025.586882][T22365] usb usb9: usbfs: process 22365 (syz.4.7151) did not claim interface 0 before use [ 1025.868444][T22378] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1026.018080][T22385] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1026.144999][T22397] Invalid logical block size (2) [ 1027.233806][T22442] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1027.649877][T22468] input: syz1 as /devices/virtual/input/input301 [ 1028.164574][T22488] CUSE: info not properly terminated [ 1028.257108][T22498] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1029.573013][T22564] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1031.780230][T22664] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1032.284231][T22691] mkiss: ax0: crc mode is auto. [ 1032.551633][T22709] program syz.6.7214 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1032.806700][T22726] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1033.119129][T22741] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1034.416958][T22816] input: syz1 as /devices/virtual/input/input302 [ 1035.738462][T22845] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1036.715148][T22895] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1036.747514][ T30] audit: type=1800 audit(1750410916.814:40): pid=22892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.7251" name="memory.events" dev="tmpfs" ino=3000 res=0 errno=0 [ 1037.119742][T22919] random: crng reseeded on system resumption [ 1038.532339][T22998] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1041.743859][T23177] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1042.205194][ T5155] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1042.216452][ T5155] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1042.227246][ T5155] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1042.247131][T23202] input: syz1 as /devices/virtual/input/input305 [ 1042.258379][ T5155] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1042.273910][ T5155] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1042.305983][ T51] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1042.330422][ T51] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1042.339046][ T51] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1042.347334][ T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1042.355927][ T51] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1042.572930][T23242] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1043.458036][T23197] chnl_net:caif_netlink_parms(): no params data found [ 1043.625318][ T3009] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1043.810468][T23413] syz.1.7318: attempt to access beyond end of device [ 1043.810468][T23413] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1043.952591][ T3009] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1044.033678][T23428] [U]  [ 1044.207120][T23422] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1044.374888][ T3009] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1044.385568][ T5155] Bluetooth: hci2: command tx timeout [ 1044.435587][T23197] bridge0: port 1(bridge_slave_0) entered blocking state [ 1044.444444][T23197] bridge0: port 1(bridge_slave_0) entered disabled state [ 1044.452616][T23197] bridge_slave_0: entered allmulticast mode [ 1044.466683][T23197] bridge_slave_0: entered promiscuous mode [ 1044.574794][ T3009] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1044.614076][T23197] bridge0: port 2(bridge_slave_1) entered blocking state [ 1044.621615][T23197] bridge0: port 2(bridge_slave_1) entered disabled state [ 1044.628865][T23197] bridge_slave_1: entered allmulticast mode [ 1044.637238][T23197] bridge_slave_1: entered promiscuous mode [ 1044.924059][T23197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1044.956958][T23197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1045.292133][T23197] team0: Port device team_slave_0 added [ 1045.344914][T23197] team0: Port device team_slave_1 added [ 1045.984225][T23197] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1045.991546][T23197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.017484][ C1] vkms_vblank_simulate: vblank timer overrun [ 1046.025883][T23197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1046.083161][T23197] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1046.094994][T23197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1046.126153][T23197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1046.275210][T23561] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1046.296744][T23561] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1046.374216][T23655] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1046.400033][ T3009] bridge_slave_1: left allmulticast mode [ 1046.405863][ T3009] bridge_slave_1: left promiscuous mode [ 1046.413445][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 1046.461131][ T5155] Bluetooth: hci2: command tx timeout [ 1046.492923][ T3009] bridge_slave_0: left allmulticast mode [ 1046.498770][ T3009] bridge_slave_0: left promiscuous mode [ 1046.513502][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 1047.174378][T23692] loop6: detected capacity change from 0 to 524287999 [ 1047.182555][T23692] blk_print_req_error: 10 callbacks suppressed [ 1047.182574][T23692] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1047.198175][T23692] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1047.222304][T23692] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1047.237138][T23692] buffer_io_error: 10 callbacks suppressed [ 1047.237156][T23692] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1047.271107][T23698] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1047.280588][T23698] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1047.302132][ T94] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0 [ 1048.773571][ T3009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1048.857977][T23744] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1048.872098][ T3009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1048.913064][ T3009] bond0 (unregistering): Released all slaves [ 1048.988140][T23197] hsr_slave_0: entered promiscuous mode [ 1048.998081][T23197] hsr_slave_1: entered promiscuous mode [ 1049.008798][T23197] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1049.016863][T23197] Cannot create hsr debugfs directory [ 1049.357777][T23763] binder: 23762:23763 ioctl c00c620f 200000000180 returned -22 [ 1050.681697][T23865] syz.5.7357: attempt to access beyond end of device [ 1050.681697][T23865] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1050.803904][ T3009] hsr_slave_0: left promiscuous mode [ 1050.862373][ T3009] hsr_slave_1: left promiscuous mode [ 1050.868494][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1050.891045][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1050.942051][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1050.949534][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1051.069734][ T3009] veth1_macvtap: left promiscuous mode [ 1051.091465][ T3009] veth0_macvtap: left promiscuous mode [ 1051.106515][ T3009] veth1_vlan: left promiscuous mode [ 1051.124793][ T3009] veth0_vlan: left promiscuous mode [ 1051.210524][T23885] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1051.549011][ T30] audit: type=1800 audit(1750410931.614:41): pid=23899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.7364" name="memory.events" dev="tmpfs" ino=2251 res=0 errno=0 [ 1051.578848][T23899] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1051.578964][ T30] audit: type=1804 audit(1750410931.644:42): pid=23899 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.7364" name="/newroot/436/memory.events" dev="tmpfs" ino=2251 res=1 errno=0 [ 1051.784670][T23906] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1053.593380][ T3009] team0 (unregistering): Port device team_slave_1 removed [ 1053.844207][ T3009] team0 (unregistering): Port device team_slave_0 removed [ 1054.544892][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.551373][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.430512][T23911] tap0: tun_chr_ioctl cmd 1074025677 [ 1056.436206][T23911] tap0: linktype set to 774 [ 1056.707427][T23949] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1057.479397][T24007] misc userio: Begin command sent, but we're already running [ 1057.488671][T23986] misc userio: Can't change port type on an already running userio instance [ 1058.588875][T24072] program syz.5.7380 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1058.599755][T23197] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1058.722502][T23197] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1058.774730][T23197] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1058.862881][T23197] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1059.207826][T23197] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1059.268761][T23197] 8021q: adding VLAN 0 to HW filter on device team0 [ 1059.346712][T13138] bridge0: port 1(bridge_slave_0) entered blocking state [ 1059.353976][T13138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1059.405263][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.412503][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1060.085673][T23197] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1060.428475][T24163] input: syz1 as /devices/virtual/input/input308 [ 1060.622930][T23197] veth0_vlan: entered promiscuous mode [ 1060.649181][T23197] veth1_vlan: entered promiscuous mode [ 1060.694761][T24182] input: syz0 as /devices/virtual/input/input309 [ 1060.704615][T23197] veth0_macvtap: entered promiscuous mode [ 1060.716961][T23197] veth1_macvtap: entered promiscuous mode [ 1060.742822][T23197] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1060.766929][T23197] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1060.780654][T23197] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.796534][T23197] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.807004][T23197] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1060.816222][T23197] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1061.068612][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1061.097366][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1061.138206][T13109] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1061.148329][T13109] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1061.416764][T24244] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1062.381056][ T51] Bluetooth: hci3: command 0x1003 tx timeout [ 1062.383503][ T5155] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 1062.495059][T24276] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1066.430650][T24605] program syz.6.7437 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1066.761125][ T30] audit: type=1400 audit(1750410946.814:43): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=3A3A0AE10CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A552C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=24612 comm="syz.6.7439" [ 1067.361187][T24640] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1068.293302][T24708] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1069.806530][T24775] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1069.860807][T24786] program syz.5.7476 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1069.932441][T24791] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1069.956359][T24791] input: syz0 as /devices/virtual/input/input316 [ 1070.453220][T24813] vim2m vim2m.0: Fourcc format (0x47524247) invalid. [ 1071.910370][T24902] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1072.748775][T24946] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1072.769484][T24952] kvm: kvm [24951]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 1072.963885][T24964] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1073.091356][T24976] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1074.212285][T25026] binder: 25025:25026 ioctl c0306201 2000000003c0 returned -14 [ 1074.699499][T25055] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1074.790800][T25066] syz.4.7522: attempt to access beyond end of device [ 1074.790800][T25066] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1075.154085][T25085] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1076.334405][T25117] QAT: failed to copy from user cfg_data. [ 1076.755905][T25152] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1077.015005][T25178] random: crng reseeded on system resumption [ 1077.750491][ T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1077.766456][ T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1077.784867][ T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1077.797479][ T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1077.807720][ T51] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1077.833350][ T5155] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1077.860639][ T5155] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1077.869605][ T5155] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1077.878435][ T5155] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1077.891324][ T5155] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1078.574979][T13109] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1078.712193][T25258] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1078.718258][T25258] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1078.989287][T13109] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.073985][T25318] block nbd4: NBD_DISCONNECT [ 1079.157521][T25314] can0: slcan on ptm0. [ 1079.283158][T13109] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.740317][T13109] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.813590][T25194] chnl_net:caif_netlink_parms(): no params data found [ 1080.604679][T25194] bridge0: port 1(bridge_slave_0) entered blocking state [ 1080.630170][T25194] bridge0: port 1(bridge_slave_0) entered disabled state [ 1080.654410][T25194] bridge_slave_0: entered allmulticast mode [ 1080.671266][T25194] bridge_slave_0: entered promiscuous mode [ 1080.681332][T25194] bridge0: port 2(bridge_slave_1) entered blocking state [ 1080.701344][T25194] bridge0: port 2(bridge_slave_1) entered disabled state [ 1080.708646][T25194] bridge_slave_1: entered allmulticast mode [ 1080.723928][T25194] bridge_slave_1: entered promiscuous mode [ 1080.761029][T25310] can0 (unregistered): slcan off ptm0. [ 1080.777847][T25514] loop6: detected capacity change from 0 to 4 [ 1080.803037][ C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1080.812558][ C0] Buffer I/O error on dev loop6, logical block 0, lost async page write [ 1080.852937][T25524] kvm: kvm [25508]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010004) = 0x3 [ 1081.126699][T25194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1081.267601][T25194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1081.723434][T25194] team0: Port device team_slave_0 added [ 1081.736974][T25194] team0: Port device team_slave_1 added [ 1082.117741][T25652] input: syz0 as /devices/virtual/input/input322 [ 1082.155997][T13109] bridge_slave_1: left allmulticast mode [ 1082.162127][T13109] bridge_slave_1: left promiscuous mode [ 1082.168079][T13109] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.253497][T13109] bridge_slave_0: left allmulticast mode [ 1082.259287][T13109] bridge_slave_0: left promiscuous mode [ 1082.270971][T13109] bridge0: port 1(bridge_slave_0) entered disabled state [ 1083.399666][T25706] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1083.983479][T25726] nvme_fabrics: unknown parameter or missing value '' in ctrl creation request [ 1084.000149][T25726] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1084.010078][T25726] nvme_fabrics: unknown parameter or missing value 'DIGITAL3' in ctrl creation request [ 1084.342379][T13109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1084.464835][T13109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1084.497415][T13109] bond0 (unregistering): Released all slaves [ 1084.558013][T25194] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1084.565127][T25194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.591023][ C0] vkms_vblank_simulate: vblank timer overrun [ 1084.597412][T25194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1084.618487][T25194] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.625914][T25194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1084.651859][ C0] vkms_vblank_simulate: vblank timer overrun [ 1084.659774][T25194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1085.039181][T25194] hsr_slave_0: entered promiscuous mode [ 1085.040251][T25194] hsr_slave_1: entered promiscuous mode [ 1085.053004][T25194] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1085.053082][T25194] Cannot create hsr debugfs directory [ 1086.581437][T13109] hsr_slave_0: left promiscuous mode [ 1086.622910][T13109] hsr_slave_1: left promiscuous mode [ 1086.629179][T13109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1086.644100][T13109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1086.692849][T13109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1086.700486][T13109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1086.749541][T25940] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1086.820623][T13109] veth1_macvtap: left promiscuous mode [ 1086.831363][T13109] veth0_macvtap: left promiscuous mode [ 1086.837100][T13109] veth1_vlan: left promiscuous mode [ 1086.853433][T13109] veth0_vlan: left promiscuous mode [ 1086.985263][T25953] ttynull ttynull: ldisc open failed (-12), clearing slot 0 [ 1089.342031][T13109] team0 (unregistering): Port device team_slave_1 removed [ 1089.573591][T13109] team0 (unregistering): Port device team_slave_0 removed [ 1093.664182][T26049] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1094.543452][T25194] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1094.595156][T25194] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1094.665867][T25194] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1094.798841][T25194] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1095.085770][T25194] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1095.137826][T25194] 8021q: adding VLAN 0 to HW filter on device team0 [ 1095.169711][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1095.176962][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1095.217170][T13109] bridge0: port 2(bridge_slave_1) entered blocking state [ 1095.224431][T13109] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1095.765959][T25194] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1096.226714][T25194] veth0_vlan: entered promiscuous mode [ 1096.265580][T25194] veth1_vlan: entered promiscuous mode [ 1096.382774][T25194] veth0_macvtap: entered promiscuous mode [ 1096.404294][T25194] veth1_macvtap: entered promiscuous mode [ 1096.432934][T25194] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1096.449050][T25194] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1096.460318][T25194] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.471887][T25194] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.480650][T25194] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.502421][T25194] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1096.640196][T26217] ALSA: seq fatal error: cannot create timer (-22) [ 1096.647390][T26216] ALSA: seq fatal error: cannot create timer (-22) [ 1096.673372][T26216] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1097.055242][ T3009] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.072938][ T3009] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.096503][T26261] program syz.4.7634 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1097.174328][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1097.192059][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1097.297879][T26270] input: syz1 as /devices/virtual/input/input326 [ 1097.788820][T26321] binder: 26299:26321 ioctl c0306201 2000000001c0 returned -22 [ 1098.060818][T26354] input: syz1 as /devices/virtual/input/input327 [ 1098.080983][T26353] binder: 26351:26353 ioctl c018620c 200000000380 returned -22 [ 1098.406067][T26416] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1098.985737][T26529] binder: 26527:26529 ioctl 40046205 0 returned -22 [ 1099.028461][T26529] CUSE: info not properly terminated [ 1099.959142][T26622] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1100.358850][ T30] audit: type=1800 audit(1750410980.424:44): pid=26672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.7658" name="[kvm-gmem]" dev="anon_inodefs" ino=246368 res=0 errno=0 [ 1101.223898][T26731] vivid-003: disconnect [ 1101.244354][T26731] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1101.336679][T26738] sp0: Synchronizing with TNC [ 1102.017577][T26725] [U] è [ 1102.085188][T26726] vivid-003: reconnect [ 1103.649229][T26858] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1105.907558][T26891] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1106.524252][T26947] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1106.607998][T26930] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1108.580483][T27042] kvm: kvm [27040]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010007) = 0x7 [ 1109.896305][T27085] program syz.6.7729 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1110.431663][T27102] ttyprintk ttyprintk: ldisc open failed (-12), clearing slot 0 [ 1110.676297][T27116] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1111.575311][T27143] [U]  [ 1112.290319][T27164] binder: 27163:27164 ioctl c018620c 200000000640 returned -22 [ 1113.138065][T27203] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1113.194918][T27216] misc userio: Begin command sent, but we're already running [ 1113.768041][T27245] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1114.345572][T27275] input: syz0 as /devices/virtual/input/input333 [ 1114.420732][T27284] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1114.781534][T27296] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4093662463 (4093662463 ns) > initial count (1099723850 ns). Using initial count to start timer. [ 1115.112044][T27266] [U] ^C [ 1115.999126][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.999198][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.012611][T27324] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1116.422253][T27346] blktrace: Concurrent blktraces are not allowed on rnullb0 [ 1116.763168][T27365] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1116.777576][T27372] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1117.054147][T27395] loop6: detected capacity change from 0 to 524287999 [ 1117.829263][ T30] audit: type=1804 audit(1750410997.894:45): pid=27434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.7799" name="/newroot/597/cpu.stat" dev="tmpfs" ino=3072 res=1 errno=0 [ 1117.850897][ C1] vkms_vblank_simulate: vblank timer overrun [ 1118.962202][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1118.973725][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1118.993830][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1119.004206][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1119.016194][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1119.109967][ T5155] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1119.122240][ T5155] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1119.133022][ T5155] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1119.143231][ T5155] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1119.151819][ T5155] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1119.367151][T27533] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1119.426634][T27542] ubi31: attaching mtd0 [ 1119.439377][T27542] ubi31: scanning is finished [ 1119.673357][T27542] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1119.729261][T27542] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1119.771127][T27542] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1119.778238][T27542] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1119.791285][T27542] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1119.798369][T27542] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1119.820759][T27542] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3089378445 [ 1119.835409][T27542] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1119.866808][T27549] ubi31: background thread "ubi_bgt31d" started, PID 27549 [ 1120.380065][T13109] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1120.773191][T13109] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.172928][T13109] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.181489][ T5155] Bluetooth: hci3: command tx timeout [ 1121.312650][T27491] chnl_net:caif_netlink_parms(): no params data found [ 1121.463615][T13109] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1121.964583][T27491] bridge0: port 1(bridge_slave_0) entered blocking state [ 1121.973511][T27491] bridge0: port 1(bridge_slave_0) entered disabled state [ 1121.980800][T27491] bridge_slave_0: entered allmulticast mode [ 1121.988532][T27491] bridge_slave_0: entered promiscuous mode [ 1121.997400][T27491] bridge0: port 2(bridge_slave_1) entered blocking state [ 1122.004788][T27491] bridge0: port 2(bridge_slave_1) entered disabled state [ 1122.012302][T27491] bridge_slave_1: entered allmulticast mode [ 1122.020201][T27491] bridge_slave_1: entered promiscuous mode [ 1122.308369][T27491] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1122.327914][T27491] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1122.543041][T13109] bridge_slave_1: left allmulticast mode [ 1122.549709][T13109] bridge_slave_1: left promiscuous mode [ 1122.557917][T13109] bridge0: port 2(bridge_slave_1) entered disabled state [ 1122.653132][T13109] bridge_slave_0: left allmulticast mode [ 1122.658848][T13109] bridge_slave_0: left promiscuous mode [ 1122.666665][T13109] bridge0: port 1(bridge_slave_0) entered disabled state [ 1123.261252][ T5155] Bluetooth: hci3: command tx timeout [ 1123.281678][T27890] syz.5.7835: attempt to access beyond end of device [ 1123.281678][T27890] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1123.345191][T27892] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1123.362717][T27892] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1123.821229][T27728] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 1123.827470][T27728] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 1124.594493][T13109] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1124.681885][T13109] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1124.735080][T13109] bond0 (unregistering): Released all slaves [ 1124.788514][T27491] team0: Port device team_slave_0 added [ 1124.935518][T27892] can0: slcan on ttyS3. [ 1124.953454][T27491] team0: Port device team_slave_1 added [ 1125.101464][T27891] can0 (unregistered): slcan off ttyS3. [ 1125.396798][T27491] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1125.413413][T27491] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1125.443903][T27491] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1125.559656][T27491] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1125.579066][T27491] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1125.614466][T27491] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1125.855174][T27973] input: syz0 as /devices/virtual/input/input336 [ 1125.941534][T27977] syz.1.7843: attempt to access beyond end of device [ 1125.941534][T27977] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1126.062117][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1126.064564][ T5155] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1126.070696][T27491] hsr_slave_0: entered promiscuous mode [ 1126.079876][T27491] hsr_slave_1: entered promiscuous mode [ 1126.112308][T27491] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1126.112336][T27491] Cannot create hsr debugfs directory [ 1126.433323][T28021] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1126.451375][T13109] hsr_slave_0: left promiscuous mode [ 1126.481831][T13109] hsr_slave_1: left promiscuous mode [ 1126.482620][T13109] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1126.482689][T13109] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1126.542607][T13109] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1126.542643][T13109] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1126.652124][T13109] veth1_macvtap: left promiscuous mode [ 1126.652221][T13109] veth0_macvtap: left promiscuous mode [ 1126.652432][T13109] veth1_vlan: left promiscuous mode [ 1126.652584][T13109] veth0_vlan: left promiscuous mode [ 1129.241968][T13109] team0 (unregistering): Port device team_slave_1 removed [ 1129.448688][T13109] team0 (unregistering): Port device team_slave_0 removed [ 1132.221902][T28129] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1134.848360][T27491] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1134.917446][T27491] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1135.005653][T27491] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1135.068377][T27491] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1135.357873][T27491] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1135.389109][T27491] 8021q: adding VLAN 0 to HW filter on device team0 [ 1135.427773][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1135.435037][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1135.448205][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1135.455513][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1136.021972][T27491] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1136.479860][T27491] veth0_vlan: entered promiscuous mode [ 1136.489568][T27491] veth1_vlan: entered promiscuous mode [ 1136.573714][T27491] veth0_macvtap: entered promiscuous mode [ 1136.578778][T27491] veth1_macvtap: entered promiscuous mode [ 1136.604905][T27491] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1136.649191][T27491] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1136.657842][T27491] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.657884][T27491] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.657916][T27491] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.657947][T27491] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1136.895614][ T154] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1136.895640][ T154] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1136.938748][ T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1136.938773][ T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1137.111551][T28408] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1138.048425][T28451] ptm ptm11: ldisc open failed (-12), clearing slot 11 [ 1138.574669][T28485] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1138.655625][T28494] program syz.6.7899 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1139.456701][T28529] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1140.388955][T28565] syz.4.7917: attempt to access beyond end of device [ 1140.388955][T28565] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1140.758695][T28587] hub 1-0:1.0: USB hub found [ 1140.766842][T28587] hub 1-0:1.0: 1 port detected [ 1141.081277][T28604] input: syz0 as /devices/virtual/input/input338 [ 1141.136553][T28610] vivid-003: disconnect [ 1141.161596][T28608] vivid-003: reconnect [ 1141.213711][ T30] audit: type=1800 audit(1750411021.284:46): pid=28616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.7922" name="dmabuf" dev="dmabuf" ino=45 res=0 errno=0 [ 1141.233518][ C1] vkms_vblank_simulate: vblank timer overrun [ 1141.266360][T28619] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1141.750177][T28639] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1142.859910][T28709] input: syz1 as /devices/virtual/input/input339 [ 1143.138305][T28720] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1143.390615][T28742] random: crng reseeded on system resumption [ 1143.420161][T28742] Restarting kernel threads ... [ 1143.428428][T28742] Done restarting kernel threads. [ 1143.725079][T28735] usb usb3: usbfs: process 28735 (syz.1.7948) did not claim interface 0 before use [ 1145.125891][T28821] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1145.331820][T28834] binder: 28831:28834 ioctl c0306201 200000000640 returned -22 [ 1145.685570][T28837] loop8: detected capacity change from 0 to 7 [ 1145.703722][T26468] Dev loop8: unable to read RDB block 7 [ 1145.709404][T26468] loop8: unable to read partition table [ 1145.715976][T26468] loop8: partition table beyond EOD, truncated [ 1145.723858][T28837] Dev loop8: unable to read RDB block 7 [ 1145.737586][T28837] loop8: unable to read partition table [ 1145.744845][T28837] loop8: partition table beyond EOD, truncated [ 1145.761227][T28837] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5) [ 1146.040463][T28859] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1146.622328][T28895] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1146.654139][T28895] vivid-000: disconnect [ 1146.662455][T28894] vivid-000: reconnect [ 1147.940742][T28952] kvm: kvm [28945]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x4000002a) = 0x4 [ 1149.637412][T29060] binder: 29053:29060 ioctl c0306201 200000000640 returned -22 [ 1150.465718][T29094] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1150.851051][T29129] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1152.782653][T29331] loop6: detected capacity change from 0 to 524287976 [ 1152.791606][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.799614][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.813185][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.831118][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.839311][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.848414][T29329] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.865222][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.874784][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.885312][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.893759][T26468] ldm_validate_partition_table(): Disk read failed. [ 1152.900559][T26468] Buffer I/O error on dev loop6, logical block 0, async page read [ 1152.910166][T26468] Dev loop6: unable to read RDB block 0 [ 1152.916953][T26468] loop6: unable to read partition table [ 1152.924804][T29331] ldm_validate_partition_table(): Disk read failed. [ 1152.936249][T29331] Dev loop6: unable to read RDB block 0 [ 1152.945732][T29331] loop6: unable to read partition table [ 1152.964813][T29331] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾‚³˜) failed (rc=-5) [ 1153.543431][T29356] loop6: detected capacity change from 0 to 4 [ 1153.557823][ C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1153.627186][ C0] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0 [ 1153.664564][T29362] ubi: mtd0 is already attached to ubi31 [ 1153.770754][T29362] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1154.504342][T29403] ptm ptm11: ldisc open failed (-12), clearing slot 11 [ 1155.550947][T29438] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1155.559333][T29448] syz.5.8063: attempt to access beyond end of device [ 1155.559333][T29448] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1155.825404][ T154] Bluetooth: hci1: Frame reassembly failed (-84) [ 1157.821005][ T5155] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1158.986956][T29634] tty tty3: ldisc open failed (-12), clearing slot 2 [ 1159.114980][T29646] loop8: detected capacity change from 0 to 524287999 [ 1159.225443][T26468] buffer_io_error: 26 callbacks suppressed [ 1159.225463][T26468] Buffer I/O error on dev loop8, logical block 65535999, async page read [ 1159.902716][T29697] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1161.112207][T29736] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1161.112233][T29736] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1161.295579][T29736] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 1161.826235][T29749] input: syz0 as /devices/virtual/input/input342 [ 1162.195021][T29771] input: syz1 as /devices/virtual/input/input343 [ 1163.465280][T29835] sg_write: data in/out 26278/6 bytes for SCSI command 0x0-- guessing data in; [ 1163.465280][T29835] program syz.5.8130 not setting count and/or reply_len properly [ 1164.018114][T29854] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1164.274169][T29876] usb usb8: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1164.301634][T29876] sp0: Synchronizing with TNC [ 1164.348901][T29881] usb usb7: usbfs: process 29881 (syz.4.8139) did not claim interface 0 before use [ 1164.349116][T29881] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1165.079718][T23739] hid (null): invalid report_size 1506279577 [ 1165.086489][T23739] hid (null): unknown global tag 0xd [ 1165.096483][T23739] hid (null): unknown global tag 0xc [ 1165.111580][T29914] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1165.128350][T23739] hid (null): unknown global tag 0xe [ 1165.144872][T23739] hid (null): unknown global tag 0xd [ 1165.155893][T23739] hid-generic FF01:0005:7FFF.000E: invalid report_size 1506279577 [ 1165.164549][T23739] hid-generic FF01:0005:7FFF.000E: item 0 4 1 7 parsing failed [ 1165.175399][T29919] loop6: detected capacity change from 0 to 7 [ 1165.182944][T23739] hid-generic FF01:0005:7FFF.000E: probe with driver hid-generic failed with error -22 [ 1165.194951][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.204279][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.215119][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.224367][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.233866][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.243238][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.253080][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.262313][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.270463][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.280516][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.311602][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.320832][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.329593][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.338828][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.346768][T29919] ldm_validate_partition_table(): Disk read failed. [ 1165.358443][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.367717][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.390932][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.400184][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.408472][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 1165.417756][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 1165.440967][T29919] Dev loop6: unable to read RDB block 0 [ 1165.458727][T29919] loop6: unable to read partition table [ 1165.466582][T29919] loop6: partition table beyond EOD, truncated [ 1165.490811][T29919] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà–() failed (rc=-5) [ 1166.330269][T29962] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1166.338545][T29965] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1166.349518][T29962] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1166.350373][T29965] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1166.770597][T29988] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1166.889464][T29990] usb usb5: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1169.086109][T30122] syz.1.8193: attempt to access beyond end of device [ 1169.086109][T30122] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1169.132150][T30125] random: crng reseeded on system resumption [ 1169.349819][T30137] CUSE: info not properly terminated [ 1169.360087][T30137] ALSA: mixer_oss: invalid OSS volume '' [ 1169.865752][T30156] ALSA: seq fatal error: cannot create timer (-22) [ 1171.527754][T30225] binder: 30224:30225 ioctl c018620c 200000000500 returned -1 [ 1171.536618][T30225] syz.4.8211: attempt to access beyond end of device [ 1171.536618][T30225] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1171.898729][T30258] hub 6-0:1.0: USB hub found [ 1171.904123][T30258] hub 6-0:1.0: 1 port detected [ 1171.987049][ T30] audit: type=1400 audit(1750411052.054:47): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 1171.993622][ T30] audit: type=1400 audit(1750411052.064:48): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F041 [ 1172.084732][ C1] vkms_vblank_simulate: vblank timer overrun [ 1172.176409][ C1] vkms_vblank_simulate: vblank timer overrun [ 1172.272030][T30275] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1173.310043][T30305] QAT: failed to copy from user. [ 1173.350318][T30305] QAT: failed to copy from user. [ 1173.636265][T30326] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1173.676301][T30326] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1174.825836][T30406] binder: 30404:30406 ioctl c0306201 2000000003c0 returned -14 [ 1175.928317][T30444] No buffer was provided with the request [ 1176.759535][T30501] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1177.436350][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.436434][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.101406][ T3019] hid-generic 0000:0000:0000.000F: hidraw0: HID v0.00 Device [syz1] on syz1 [ 1179.276770][T30648] fido_id[30648]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1179.477711][T30656] input: syz1 as /devices/virtual/input/input347 [ 1180.234786][T30695] usb usb8: usbfs: process 30695 (syz.6.8317) did not claim interface 0 before use [ 1180.517565][T30705] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1180.672587][T30714] input: syz1 as /devices/virtual/input/input348 [ 1181.186059][T30762] loop6: detected capacity change from 0 to 524287999 [ 1181.206150][T30762] buffer_io_error: 10 callbacks suppressed [ 1181.206166][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.224083][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.283752][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.292195][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.300237][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.308841][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.317309][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.325756][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.334076][T30762] ldm_validate_partition_table(): Disk read failed. [ 1181.346105][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.355316][T30762] Buffer I/O error on dev loop6, logical block 0, async page read [ 1181.364064][T30762] Dev loop6: unable to read RDB block 0 [ 1181.370246][T30762] loop6: unable to read partition table [ 1181.489153][T30762] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1181.576419][T30777] Invalid logical block size (6) [ 1181.649331][ T5206] ldm_validate_partition_table(): Disk read failed. [ 1181.657085][ T5206] Dev loop6: unable to read RDB block 0 [ 1181.664765][ T5206] loop6: unable to read partition table [ 1181.762673][T30788] support for the xor transformation has been removed. [ 1181.824307][ T5206] ldm_validate_partition_table(): Disk read failed. [ 1181.834239][ T5206] Dev loop6: unable to read RDB block 0 [ 1181.840304][ T5206] loop6: unable to read partition table [ 1182.116328][ T5206] ldm_validate_partition_table(): Disk read failed. [ 1182.126320][ T5206] Dev loop6: unable to read RDB block 0 [ 1182.133855][ T5206] loop6: unable to read partition table [ 1182.863842][T30836] cgroup: fork rejected by pids controller in /syz6 [ 1183.771469][T30854] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1183.780338][T30854] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1183.788304][T30854] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1183.798595][T30854] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1183.808292][T30854] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1183.827539][ T51] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1183.846087][ T51] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1183.854537][ T51] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1183.869905][ T51] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1183.886708][ T51] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1183.991159][ T51] Bluetooth: hci1: command 0x1003 tx timeout [ 1183.992202][ T5155] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1184.100027][T30882] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1184.235647][ T3009] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.267862][T30894] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1184.284420][T30894] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1184.513500][ T3009] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.789092][ T3009] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1184.853726][T30934] can0: slcan on ptm0. [ 1185.035618][ T3009] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1185.250747][T30927] can0 (unregistered): slcan off ptm0. [ 1185.433820][T30851] chnl_net:caif_netlink_parms(): no params data found [ 1185.509591][ T3009] bridge_slave_1: left allmulticast mode [ 1185.516418][ T3009] bridge_slave_1: left promiscuous mode [ 1185.530470][ T3009] bridge0: port 2(bridge_slave_1) entered disabled state [ 1185.607741][ T3009] bridge_slave_0: left allmulticast mode [ 1185.614554][ T3009] bridge_slave_0: left promiscuous mode [ 1185.631792][ T3009] bridge0: port 1(bridge_slave_0) entered disabled state [ 1185.994912][ T5155] Bluetooth: hci3: command tx timeout [ 1186.436695][T31080] CUSE: info not properly terminated [ 1187.552300][ T3009] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1187.666504][ T3009] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1187.713040][ T3009] bond0 (unregistering): Released all slaves [ 1188.061282][ T5155] Bluetooth: hci3: command tx timeout [ 1188.833808][T30851] bridge0: port 1(bridge_slave_0) entered blocking state [ 1188.853848][T30851] bridge0: port 1(bridge_slave_0) entered disabled state [ 1188.866139][T30851] bridge_slave_0: entered allmulticast mode [ 1188.874288][T30851] bridge_slave_0: entered promiscuous mode [ 1188.887269][T30851] bridge0: port 2(bridge_slave_1) entered blocking state [ 1188.895603][T30851] bridge0: port 2(bridge_slave_1) entered disabled state [ 1188.901435][T31213] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1188.906514][T30851] bridge_slave_1: entered allmulticast mode [ 1188.917602][T30851] bridge_slave_1: entered promiscuous mode [ 1188.952341][T31213] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1189.116564][T30851] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1189.161815][ T30] audit: type=1804 audit(1750411069.234:49): pid=31261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.8380" name="/newroot/207/cgroup.controllers" dev="tmpfs" ino=1072 res=1 errno=0 [ 1189.194021][ T30] audit: type=1800 audit(1750411069.234:50): pid=31261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.8380" name="cgroup.controllers" dev="tmpfs" ino=1072 res=0 errno=0 [ 1189.222980][T30851] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1189.459438][T30851] team0: Port device team_slave_0 added [ 1189.574765][T31183] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1189.577484][T30851] team0: Port device team_slave_1 added [ 1189.582236][T31183] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 1189.905518][T31330] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1190.019062][T30851] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1190.019085][T30851] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1190.019122][T30851] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1190.026929][T30851] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1190.026951][T30851] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1190.026992][T30851] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1190.080252][ C1] vkms_vblank_simulate: vblank timer overrun [ 1190.129569][ C1] vkms_vblank_simulate: vblank timer overrun [ 1190.241556][T31349] sp0: Synchronizing with TNC [ 1190.246185][T31348] [U] è [ 1190.560043][T30851] hsr_slave_0: entered promiscuous mode [ 1190.561801][T30851] hsr_slave_1: entered promiscuous mode [ 1190.882888][T31423] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1191.027088][ T3009] hsr_slave_0: left promiscuous mode [ 1191.081067][ T3009] hsr_slave_1: left promiscuous mode [ 1191.088050][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1191.099889][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1191.141897][ T3009] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1191.151048][ T3009] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1191.254782][ T3009] veth1_macvtap: left promiscuous mode [ 1191.260407][ T3009] veth0_macvtap: left promiscuous mode [ 1191.267086][ T3009] veth1_vlan: left promiscuous mode [ 1191.279756][ T3009] veth0_vlan: left promiscuous mode [ 1191.536708][T31448] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1192.126607][T31474] binder: 31464:31474 ioctl c018620c 200000000140 returned -22 [ 1194.063695][ T3009] team0 (unregistering): Port device team_slave_1 removed [ 1194.087484][T31499] slcan: can't register candev [ 1194.093907][T31499] Falling back ldisc for ptm0. [ 1194.322655][ T3009] team0 (unregistering): Port device team_slave_0 removed [ 1199.485355][T30851] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1199.529641][T30851] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1199.565629][T30851] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1199.592122][T30851] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1199.914749][T30851] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1199.961835][T30851] 8021q: adding VLAN 0 to HW filter on device team0 [ 1199.996439][T31026] bridge0: port 1(bridge_slave_0) entered blocking state [ 1200.003667][T31026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1200.047285][ T4122] bridge0: port 2(bridge_slave_1) entered blocking state [ 1200.054514][ T4122] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1200.505637][T30851] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1201.218296][T30851] veth0_vlan: entered promiscuous mode [ 1201.236186][T30851] veth1_vlan: entered promiscuous mode [ 1201.298400][T30851] veth0_macvtap: entered promiscuous mode [ 1201.328703][T30851] veth1_macvtap: entered promiscuous mode [ 1201.361640][T30851] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1201.385107][T30851] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1201.400084][T30851] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.416908][T30851] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.450937][T30851] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.459797][T30851] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1201.548639][T31751] syz.4.8421: attempt to access beyond end of device [ 1201.548639][T31751] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1201.708253][ T4122] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1201.729250][ T4122] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1201.789488][ T3009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1201.818170][ T3009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1204.951956][T31938] kvm: kvm [31935]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x187) = 0xfff [ 1206.373862][T31977] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1206.382011][T31977] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1238.866449][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.873167][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.306158][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.312961][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 1355.341062][ T31] INFO: task kworker/0:5:5969 blocked for more than 143 seconds. [ 1355.348853][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1355.356630][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1355.365460][ T31] task:kworker/0:5 state:D stack:24296 pid:5969 tgid:5969 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1355.377560][ T31] Workqueue: events rfkill_sync_work [ 1355.382939][ T31] Call Trace: [ 1355.386242][ T31] SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1355.389180][ T31] __schedule+0x16f5/0x4d00 [ 1355.393855][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 1355.399670][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1355.406508][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1355.412017][ T31] ? schedule+0x165/0x360 [ 1355.416400][ T31] ? __pfx___schedule+0x10/0x10 [ 1355.421477][ T31] ? schedule+0x91/0x360 [ 1355.425773][ T31] schedule+0x165/0x360 [ 1355.429995][ T31] schedule_preempt_disabled+0x13/0x30 [ 1355.435593][ T31] __mutex_lock+0x724/0xe80 [ 1355.440150][ T31] ? __lock_acquire+0xab9/0xd20 [ 1355.446193][ T31] ? __mutex_lock+0x51b/0xe80 [ 1355.453855][ T31] ? nfc_rfkill_set_block+0x50/0x2e0 [ 1355.459285][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1355.464431][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1355.469679][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 1355.478772][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1355.486228][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 1355.492195][ T31] nfc_rfkill_set_block+0x50/0x2e0 [ 1355.497355][ T31] ? __pfx_nfc_rfkill_set_block+0x10/0x10 [ 1355.503203][ T31] rfkill_set_block+0x1cf/0x440 [ 1355.508117][ T31] rfkill_sync_work+0x114/0x200 [ 1355.513194][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1355.518985][ T31] process_scheduled_works+0xae1/0x17b0 [ 1355.524759][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1355.530854][ T31] worker_thread+0x8a0/0xda0 [ 1355.535493][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1355.547605][ T31] ? __kthread_parkme+0x7b/0x200 [ 1355.552757][ T31] kthread+0x70e/0x8a0 [ 1355.556882][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1355.562230][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.566886][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1355.572199][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1355.577441][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.582179][ T31] ret_from_fork+0x3f9/0x770 [ 1355.586815][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1355.592067][ T31] ? __switch_to_asm+0x39/0x70 [ 1355.596904][ T31] ? __switch_to_asm+0x33/0x70 [ 1355.602720][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.607369][ T31] ret_from_fork_asm+0x1a/0x30 [ 1355.612284][ T31] [ 1355.615363][ T31] INFO: task kworker/0:3:23922 blocked for more than 143 seconds. [ 1355.626333][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1355.634118][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1355.646111][ T31] task:kworker/0:3 state:D stack:24904 pid:23922 tgid:23922 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1355.659754][ T31] Workqueue: events rfkill_global_led_trigger_worker [ 1355.678556][ T31] Call Trace: [ 1355.681954][ T31] [ 1355.684926][ T31] __schedule+0x16f5/0x4d00 [ 1355.689495][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1355.698023][ T31] ? schedule+0x165/0x360 [ 1355.702554][ T31] ? __pfx___schedule+0x10/0x10 [ 1355.707471][ T31] ? schedule+0x91/0x360 [ 1355.716855][ T31] schedule+0x165/0x360 [ 1355.721190][ T31] schedule_preempt_disabled+0x13/0x30 [ 1355.726701][ T31] __mutex_lock+0x724/0xe80 [ 1355.734242][ T31] ? look_up_lock_class+0x74/0x170 [ 1355.739401][ T31] ? __mutex_lock+0x51b/0xe80 [ 1355.746449][ T31] ? rfkill_global_led_trigger_worker+0x27/0xd0 [ 1355.755693][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1355.762971][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1355.768752][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1355.777431][ T31] rfkill_global_led_trigger_worker+0x27/0xd0 [ 1355.784692][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1355.790463][ T31] process_scheduled_works+0xae1/0x17b0 [ 1355.800244][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1355.806368][ T31] worker_thread+0x8a0/0xda0 [ 1355.814019][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1355.820414][ T31] ? __kthread_parkme+0x7b/0x200 [ 1355.827906][ T31] kthread+0x70e/0x8a0 [ 1355.835264][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1355.840433][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.845158][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1355.855149][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1355.860512][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.865224][ T31] ret_from_fork+0x3f9/0x770 [ 1355.869858][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1355.879999][ T31] ? __switch_to_asm+0x39/0x70 [ 1355.900940][ T31] ? __switch_to_asm+0x33/0x70 [ 1355.905785][ T31] ? __pfx_kthread+0x10/0x10 [ 1355.910501][ T31] ret_from_fork_asm+0x1a/0x30 [ 1355.924291][ T31] [ 1355.927483][ T31] INFO: task syz.6.8435:31889 blocked for more than 143 seconds. [ 1355.935833][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1355.945280][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1355.954145][ T31] task:syz.6.8435 state:D stack:25128 pid:31889 tgid:31889 ppid:30851 task_flags:0x400040 flags:0x00004004 [ 1355.966601][ T31] Call Trace: [ 1355.969931][ T31] [ 1355.973744][ T31] __schedule+0x16f5/0x4d00 [ 1355.978339][ T31] ? schedule+0x165/0x360 [ 1355.983220][ T31] ? __lock_acquire+0xab9/0xd20 [ 1355.988121][ T31] ? __pfx___schedule+0x10/0x10 [ 1355.993121][ T31] ? schedule+0x91/0x360 [ 1355.997407][ T31] schedule+0x165/0x360 [ 1356.001679][ T31] schedule_timeout+0x9a/0x270 [ 1356.006495][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1356.011990][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1356.017234][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1356.022505][ T31] ? wait_for_completion+0x267/0x5d0 [ 1356.027842][ T31] wait_for_completion+0x2bf/0x5d0 [ 1356.033108][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 1356.038805][ T31] ? __flush_work+0xd2/0xbc0 [ 1356.043499][ T31] ? __flush_work+0xd2/0xbc0 [ 1356.048143][ T31] __flush_work+0x9b9/0xbc0 [ 1356.052789][ T31] ? __flush_work+0xd2/0xbc0 [ 1356.057431][ T31] ? __pfx___flush_work+0x10/0x10 [ 1356.062630][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 1356.067978][ T31] ? __pfx___cancel_work+0x10/0x10 [ 1356.073554][ T31] ? nfc_genl_device_removed+0x23c/0x330 [ 1356.079239][ T31] __cancel_work_sync+0xbe/0x110 [ 1356.084816][ T31] rfkill_unregister+0x92/0x220 [ 1356.089731][ T31] nfc_unregister_device+0x96/0x2a0 [ 1356.095041][ T31] ? __pfx_virtual_ncidev_close+0x10/0x10 [ 1356.100887][ T31] virtual_ncidev_close+0x56/0x90 [ 1356.105964][ T31] __fput+0x44c/0xa70 [ 1356.109972][ T31] task_work_run+0x1d1/0x260 [ 1356.114665][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1356.119841][ T31] ? exit_to_user_mode_loop+0x40/0x110 [ 1356.125407][ T31] exit_to_user_mode_loop+0xec/0x110 [ 1356.130730][ T31] do_syscall_64+0x2bd/0x3b0 [ 1356.135408][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1356.140632][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.146953][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1356.151771][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.157696][ T31] RIP: 0033:0x7f7ff598e929 [ 1356.162220][ T31] RSP: 002b:00007ffeec9e6c88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1356.170697][ T31] RAX: 0000000000000000 RBX: 0000000000125daf RCX: 00007f7ff598e929 [ 1356.178780][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 1356.187078][ T31] RBP: 00007f7ff5bb7ba0 R08: 0000000000000001 R09: 00000028ec9e6f7f [ 1356.195127][ T31] R10: 00007f7ff5800000 R11: 0000000000000246 R12: 00007f7ff5bb5fac [ 1356.203202][ T31] R13: 00007f7ff5bb5fa0 R14: ffffffffffffffff R15: 00007ffeec9e6da0 [ 1356.211276][ T31] [ 1356.214344][ T31] INFO: task syz.4.8443:31970 blocked for more than 144 seconds. [ 1356.228791][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1356.236519][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1356.245293][ T31] task:syz.4.8443 state:D stack:28328 pid:31970 tgid:31967 ppid:23197 task_flags:0x400040 flags:0x00004004 [ 1356.257338][ T31] Call Trace: [ 1356.260640][ T31] [ 1356.263670][ T31] __schedule+0x16f5/0x4d00 [ 1356.268241][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.273157][ T31] ? schedule+0x165/0x360 [ 1356.277527][ T31] ? __pfx___schedule+0x10/0x10 [ 1356.282529][ T31] ? schedule+0x91/0x360 [ 1356.286822][ T31] schedule+0x165/0x360 [ 1356.291343][ T31] schedule_preempt_disabled+0x13/0x30 [ 1356.296877][ T31] __mutex_lock+0x724/0xe80 [ 1356.301550][ T31] ? __mutex_lock+0x51b/0xe80 [ 1356.306293][ T31] ? rfkill_fop_open+0x12d/0x820 [ 1356.311328][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1356.316386][ T31] ? __raw_spin_lock_init+0x45/0x100 [ 1356.321781][ T31] ? __init_waitqueue_head+0xa9/0x150 [ 1356.327200][ T31] rfkill_fop_open+0x12d/0x820 [ 1356.332038][ T31] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1356.337352][ T31] misc_open+0x2bc/0x330 [ 1356.341710][ T31] chrdev_open+0x4cc/0x5e0 [ 1356.346172][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.351193][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.356172][ T31] do_dentry_open+0xdf3/0x1970 [ 1356.361028][ T31] vfs_open+0x3b/0x340 [ 1356.365123][ T31] ? path_openat+0x2ecd/0x3830 [ 1356.369903][ T31] path_openat+0x2ee5/0x3830 [ 1356.374578][ T31] ? arch_stack_walk+0xfc/0x150 [ 1356.379491][ T31] ? __pfx_path_openat+0x10/0x10 [ 1356.384686][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.390875][ T31] do_filp_open+0x1fa/0x410 [ 1356.395412][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.400272][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1356.405699][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1356.410617][ T31] ? alloc_fd+0x64c/0x6c0 [ 1356.415067][ T31] do_sys_openat2+0x121/0x1c0 [ 1356.419794][ T31] ? __se_sys_futex+0x36f/0x400 [ 1356.424776][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1356.430012][ T31] ? rcu_is_watching+0x15/0xb0 [ 1356.434863][ T31] __x64_sys_openat+0x138/0x170 [ 1356.439752][ T31] do_syscall_64+0xfa/0x3b0 [ 1356.444425][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1356.449662][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.455794][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1356.460508][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.466601][ T31] RIP: 0033:0x7f851ad8e929 [ 1356.471096][ T31] RSP: 002b:00007f851bca0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1356.479542][ T31] RAX: ffffffffffffffda RBX: 00007f851afb6080 RCX: 00007f851ad8e929 [ 1356.487590][ T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1356.495634][ T31] RBP: 00007f851ae10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1356.503673][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1356.512005][ T31] R13: 0000000000000000 R14: 00007f851afb6080 R15: 00007ffc9d463c28 [ 1356.520023][ T31] [ 1356.523165][ T31] INFO: task syz.4.8443:31971 blocked for more than 144 seconds. [ 1356.532098][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1356.539784][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1356.548553][ T31] task:syz.4.8443 state:D stack:28120 pid:31971 tgid:31967 ppid:23197 task_flags:0x400040 flags:0x00004004 [ 1356.560957][ T31] Call Trace: [ 1356.564264][ T31] [ 1356.567207][ T31] __schedule+0x16f5/0x4d00 [ 1356.571795][ T31] ? __kasan_slab_free+0x62/0x70 [ 1356.576791][ T31] ? security_file_open+0xb1/0x270 [ 1356.582014][ T31] ? do_dentry_open+0x35e/0x1970 [ 1356.586985][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.591910][ T31] ? schedule+0x165/0x360 [ 1356.596286][ T31] ? __pfx___schedule+0x10/0x10 [ 1356.601248][ T31] ? schedule+0x91/0x360 [ 1356.605531][ T31] schedule+0x165/0x360 [ 1356.609701][ T31] schedule_preempt_disabled+0x13/0x30 [ 1356.615253][ T31] __mutex_lock+0x724/0xe80 [ 1356.619792][ T31] ? __mutex_lock+0x51b/0xe80 [ 1356.626456][ T31] ? misc_open+0x51/0x330 [ 1356.630903][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1356.636006][ T31] misc_open+0x51/0x330 [ 1356.640181][ T31] chrdev_open+0x4cc/0x5e0 [ 1356.644715][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.649716][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.654765][ T31] do_dentry_open+0xdf3/0x1970 [ 1356.659592][ T31] vfs_open+0x3b/0x340 [ 1356.663782][ T31] ? path_openat+0x2ecd/0x3830 [ 1356.668592][ T31] path_openat+0x2ee5/0x3830 [ 1356.673252][ T31] ? arch_stack_walk+0xfc/0x150 [ 1356.678160][ T31] ? __pfx_path_openat+0x10/0x10 [ 1356.683186][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.689299][ T31] do_filp_open+0x1fa/0x410 [ 1356.693881][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.698765][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1356.704107][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1356.709121][ T31] ? alloc_fd+0x64c/0x6c0 [ 1356.713674][ T31] do_sys_openat2+0x121/0x1c0 [ 1356.718415][ T31] ? __se_sys_futex+0x36f/0x400 [ 1356.723379][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1356.728623][ T31] ? rcu_is_watching+0x15/0xb0 [ 1356.733720][ T31] __x64_sys_openat+0x138/0x170 [ 1356.738623][ T31] do_syscall_64+0xfa/0x3b0 [ 1356.743226][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1356.748466][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.754620][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1356.759339][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.765317][ T31] RIP: 0033:0x7f851ad8e929 [ 1356.769759][ T31] RSP: 002b:00007f851bc7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1356.778248][ T31] RAX: ffffffffffffffda RBX: 00007f851afb6160 RCX: 00007f851ad8e929 [ 1356.786524][ T31] RDX: 0000000000040800 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 1356.794721][ T31] RBP: 00007f851ae10b39 R08: 0000000000000000 R09: 0000000000000000 [ 1356.802805][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1356.810861][ T31] R13: 0000000000000000 R14: 00007f851afb6160 R15: 00007ffc9d463c28 [ 1356.818876][ T31] [ 1356.822351][ T31] INFO: task syz.1.8444:31976 blocked for more than 144 seconds. [ 1356.830099][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1356.837787][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1356.846713][ T31] task:syz.1.8444 state:D stack:28120 pid:31976 tgid:31975 ppid:19581 task_flags:0x400040 flags:0x00004004 [ 1356.858711][ T31] Call Trace: [ 1356.862167][ T31] [ 1356.865261][ T31] __schedule+0x16f5/0x4d00 [ 1356.869826][ T31] ? __kasan_slab_free+0x62/0x70 [ 1356.874850][ T31] ? security_file_open+0xb1/0x270 [ 1356.880097][ T31] ? do_dentry_open+0x35e/0x1970 [ 1356.885123][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.890011][ T31] ? schedule+0x165/0x360 [ 1356.894410][ T31] ? __pfx___schedule+0x10/0x10 [ 1356.899314][ T31] ? schedule+0x91/0x360 [ 1356.903652][ T31] schedule+0x165/0x360 [ 1356.908152][ T31] schedule_preempt_disabled+0x13/0x30 [ 1356.913732][ T31] __mutex_lock+0x724/0xe80 [ 1356.918280][ T31] ? __mutex_lock+0x51b/0xe80 [ 1356.923072][ T31] ? misc_open+0x51/0x330 [ 1356.927456][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1356.932619][ T31] misc_open+0x51/0x330 [ 1356.936822][ T31] chrdev_open+0x4cc/0x5e0 [ 1356.941370][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.946352][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1356.951634][ T31] do_dentry_open+0xdf3/0x1970 [ 1356.956587][ T31] vfs_open+0x3b/0x340 [ 1356.960666][ T31] ? path_openat+0x2ecd/0x3830 [ 1356.965526][ T31] path_openat+0x2ee5/0x3830 [ 1356.970146][ T31] ? arch_stack_walk+0xfc/0x150 [ 1356.975104][ T31] ? __pfx_path_openat+0x10/0x10 [ 1356.980070][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.986248][ T31] do_filp_open+0x1fa/0x410 [ 1356.990858][ T31] ? __lock_acquire+0xab9/0xd20 [ 1356.995736][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1357.000892][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1357.005795][ T31] ? alloc_fd+0x64c/0x6c0 [ 1357.010152][ T31] do_sys_openat2+0x121/0x1c0 [ 1357.014918][ T31] ? __se_sys_futex+0x36f/0x400 [ 1357.019811][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1357.025476][ T31] ? __fget_files+0x2a/0x420 [ 1357.030125][ T31] ? __pfx___se_sys_futex+0x10/0x10 [ 1357.035494][ T31] ? __fget_files+0x2a/0x420 [ 1357.040125][ T31] __x64_sys_openat+0x138/0x170 [ 1357.045073][ T31] do_syscall_64+0xfa/0x3b0 [ 1357.049616][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1357.054916][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.061341][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1357.066073][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.072068][ T31] RIP: 0033:0x7f7d7358e929 [ 1357.076511][ T31] RSP: 002b:00007f7d7449b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1357.085111][ T31] RAX: ffffffffffffffda RBX: 00007f7d737b5fa0 RCX: 00007f7d7358e929 [ 1357.093179][ T31] RDX: 0000000000000801 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1357.101239][ T31] RBP: 00007f7d73610b39 R08: 0000000000000000 R09: 0000000000000000 [ 1357.109239][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1357.117284][ T31] R13: 0000000000000000 R14: 00007f7d737b5fa0 R15: 00007fff2f262308 [ 1357.125323][ T31] [ 1357.128373][ T31] INFO: task syz.5.8445:31982 blocked for more than 145 seconds. [ 1357.136360][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1357.144062][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1357.152830][ T31] task:syz.5.8445 state:D stack:28120 pid:31982 tgid:31981 ppid:25194 task_flags:0x400040 flags:0x00004004 [ 1357.164815][ T31] Call Trace: [ 1357.168104][ T31] [ 1357.171397][ T31] __schedule+0x16f5/0x4d00 [ 1357.175977][ T31] ? __kasan_slab_free+0x62/0x70 [ 1357.181008][ T31] ? security_file_open+0xb1/0x270 [ 1357.186155][ T31] ? do_dentry_open+0x35e/0x1970 [ 1357.191182][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.196069][ T31] ? schedule+0x165/0x360 [ 1357.200417][ T31] ? __pfx___schedule+0x10/0x10 [ 1357.205347][ T31] ? schedule+0x91/0x360 [ 1357.209633][ T31] schedule+0x165/0x360 [ 1357.213877][ T31] schedule_preempt_disabled+0x13/0x30 [ 1357.219378][ T31] __mutex_lock+0x724/0xe80 [ 1357.223955][ T31] ? __mutex_lock+0x51b/0xe80 [ 1357.228667][ T31] ? misc_open+0x51/0x330 [ 1357.233106][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1357.238177][ T31] misc_open+0x51/0x330 [ 1357.242416][ T31] chrdev_open+0x4cc/0x5e0 [ 1357.246890][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.251935][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.256916][ T31] do_dentry_open+0xdf3/0x1970 [ 1357.261881][ T31] vfs_open+0x3b/0x340 [ 1357.265989][ T31] ? path_openat+0x2ecd/0x3830 [ 1357.270982][ T31] path_openat+0x2ee5/0x3830 [ 1357.275611][ T31] ? arch_stack_walk+0xfc/0x150 [ 1357.280495][ T31] ? __pfx_path_openat+0x10/0x10 [ 1357.285768][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.291955][ T31] do_filp_open+0x1fa/0x410 [ 1357.296502][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.301466][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1357.306565][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1357.311509][ T31] ? alloc_fd+0x64c/0x6c0 [ 1357.315886][ T31] do_sys_openat2+0x121/0x1c0 [ 1357.320572][ T31] ? __se_sys_futex+0x36f/0x400 [ 1357.325504][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1357.330809][ T31] ? rcu_is_watching+0x15/0xb0 [ 1357.335602][ T31] __x64_sys_openat+0x138/0x170 [ 1357.340465][ T31] do_syscall_64+0xfa/0x3b0 [ 1357.345073][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1357.350316][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.356483][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1357.361245][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.367256][ T31] RIP: 0033:0x7f76dcf8e929 [ 1357.371758][ T31] RSP: 002b:00007f76dde8c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1357.380207][ T31] RAX: ffffffffffffffda RBX: 00007f76dd1b5fa0 RCX: 00007f76dcf8e929 [ 1357.388260][ T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1357.396477][ T31] RBP: 00007f76dd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1357.404534][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1357.412582][ T31] R13: 0000000000000000 R14: 00007f76dd1b5fa0 R15: 00007fffbee6b528 [ 1357.420597][ T31] [ 1357.424036][ T31] INFO: task syz.5.8445:31983 blocked for more than 145 seconds. [ 1357.431821][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1357.439453][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1357.448213][ T31] task:syz.5.8445 state:D stack:24568 pid:31983 tgid:31981 ppid:25194 task_flags:0x400040 flags:0x00004004 [ 1357.460217][ T31] Call Trace: [ 1357.463609][ T31] [ 1357.466606][ T31] __schedule+0x16f5/0x4d00 [ 1357.471191][ T31] ? __kasan_slab_free+0x62/0x70 [ 1357.476141][ T31] ? security_file_open+0xb1/0x270 [ 1357.481359][ T31] ? do_dentry_open+0x35e/0x1970 [ 1357.486327][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.491287][ T31] ? schedule+0x165/0x360 [ 1357.495667][ T31] ? __pfx___schedule+0x10/0x10 [ 1357.500593][ T31] ? schedule+0x91/0x360 [ 1357.505190][ T31] schedule+0x165/0x360 [ 1357.509393][ T31] schedule_preempt_disabled+0x13/0x30 [ 1357.514936][ T31] __mutex_lock+0x724/0xe80 [ 1357.519473][ T31] ? __mutex_lock+0x51b/0xe80 [ 1357.524273][ T31] ? misc_open+0x51/0x330 [ 1357.528643][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1357.533766][ T31] misc_open+0x51/0x330 [ 1357.537961][ T31] chrdev_open+0x4cc/0x5e0 [ 1357.542495][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.547492][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.552541][ T31] do_dentry_open+0xdf3/0x1970 [ 1357.557346][ T31] vfs_open+0x3b/0x340 [ 1357.561502][ T31] ? path_openat+0x2ecd/0x3830 [ 1357.566298][ T31] path_openat+0x2ee5/0x3830 [ 1357.570966][ T31] ? __pfx_stack_trace_save+0x10/0x10 [ 1357.576373][ T31] ? futex_unqueue+0x22/0x240 [ 1357.581276][ T31] ? __kfence_alloc+0x385/0x3b0 [ 1357.586357][ T31] ? getname_flags+0xb8/0x540 [ 1357.591142][ T31] ? __pfx_path_openat+0x10/0x10 [ 1357.596124][ T31] do_filp_open+0x1fa/0x410 [ 1357.600654][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.605606][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1357.610687][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1357.615890][ T31] ? alloc_fd+0x64c/0x6c0 [ 1357.620274][ T31] do_sys_openat2+0x121/0x1c0 [ 1357.625192][ T31] ? __se_sys_futex+0x36f/0x400 [ 1357.630113][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1357.635551][ T31] ? rcu_is_watching+0x15/0xb0 [ 1357.640375][ T31] __x64_sys_openat+0x138/0x170 [ 1357.645309][ T31] do_syscall_64+0xfa/0x3b0 [ 1357.649847][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1357.655151][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.661368][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1357.666103][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.672125][ T31] RIP: 0033:0x7f76dcf8e929 [ 1357.676583][ T31] RSP: 002b:00007f76dde6b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1357.685259][ T31] RAX: ffffffffffffffda RBX: 00007f76dd1b6080 RCX: 00007f76dcf8e929 [ 1357.693334][ T31] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1357.701428][ T31] RBP: 00007f76dd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1357.709442][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1357.717556][ T31] R13: 0000000000000000 R14: 00007f76dd1b6080 R15: 00007fffbee6b528 [ 1357.725639][ T31] [ 1357.728673][ T31] INFO: task syz.5.8445:31984 blocked for more than 145 seconds. [ 1357.736461][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1357.745051][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1357.754136][ T31] task:syz.5.8445 state:D stack:28328 pid:31984 tgid:31981 ppid:25194 task_flags:0x400040 flags:0x00004004 [ 1357.766215][ T31] Call Trace: [ 1357.769522][ T31] [ 1357.772528][ T31] __schedule+0x16f5/0x4d00 [ 1357.777073][ T31] ? __kasan_slab_free+0x62/0x70 [ 1357.782138][ T31] ? security_file_open+0xb1/0x270 [ 1357.787288][ T31] ? do_dentry_open+0x35e/0x1970 [ 1357.792323][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.797216][ T31] ? schedule+0x165/0x360 [ 1357.801641][ T31] ? __pfx___schedule+0x10/0x10 [ 1357.806560][ T31] ? schedule+0x91/0x360 [ 1357.810906][ T31] schedule+0x165/0x360 [ 1357.815107][ T31] schedule_preempt_disabled+0x13/0x30 [ 1357.820580][ T31] __mutex_lock+0x724/0xe80 [ 1357.825343][ T31] ? __mutex_lock+0x51b/0xe80 [ 1357.830084][ T31] ? misc_open+0x51/0x330 [ 1357.834772][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1357.839931][ T31] misc_open+0x51/0x330 [ 1357.844195][ T31] chrdev_open+0x4cc/0x5e0 [ 1357.848669][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.853738][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1357.858724][ T31] do_dentry_open+0xdf3/0x1970 [ 1357.863632][ T31] vfs_open+0x3b/0x340 [ 1357.867735][ T31] ? path_openat+0x2ecd/0x3830 [ 1357.872591][ T31] path_openat+0x2ee5/0x3830 [ 1357.877218][ T31] ? arch_stack_walk+0xfc/0x150 [ 1357.882190][ T31] ? __pfx_path_openat+0x10/0x10 [ 1357.887160][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.893317][ T31] do_filp_open+0x1fa/0x410 [ 1357.897855][ T31] ? __lock_acquire+0xab9/0xd20 [ 1357.902939][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1357.908250][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1357.913209][ T31] ? alloc_fd+0x64c/0x6c0 [ 1357.917583][ T31] do_sys_openat2+0x121/0x1c0 [ 1357.922368][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1357.927690][ T31] ? exc_page_fault+0x76/0xf0 [ 1357.932499][ T31] ? do_user_addr_fault+0xc8a/0x1390 [ 1357.937825][ T31] __x64_sys_openat+0x138/0x170 [ 1357.942781][ T31] do_syscall_64+0xfa/0x3b0 [ 1357.947343][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1357.952613][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.958717][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1357.963523][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1357.969467][ T31] RIP: 0033:0x7f76dcf8e929 [ 1357.973946][ T31] RSP: 002b:00007f76dde4a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1357.982593][ T31] RAX: ffffffffffffffda RBX: 00007f76dd1b6160 RCX: 00007f76dcf8e929 [ 1357.990604][ T31] RDX: 0000000000000000 RSI: 0000200000000340 RDI: ffffffffffffff9c [ 1357.998717][ T31] RBP: 00007f76dd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1358.006771][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1358.014809][ T31] R13: 0000000000000001 R14: 00007f76dd1b6160 R15: 00007fffbee6b528 [ 1358.022872][ T31] [ 1358.025925][ T31] INFO: task syz.5.8445:31985 blocked for more than 146 seconds. [ 1358.033711][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1358.041453][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1358.050157][ T31] task:syz.5.8445 state:D stack:27672 pid:31985 tgid:31981 ppid:25194 task_flags:0x400040 flags:0x00004004 [ 1358.062257][ T31] Call Trace: [ 1358.065567][ T31] [ 1358.068514][ T31] __schedule+0x16f5/0x4d00 [ 1358.073137][ T31] ? __kasan_slab_free+0x62/0x70 [ 1358.078107][ T31] ? security_file_open+0xb1/0x270 [ 1358.083387][ T31] ? do_dentry_open+0x35e/0x1970 [ 1358.088372][ T31] ? __lock_acquire+0xab9/0xd20 [ 1358.093301][ T31] ? schedule+0x165/0x360 [ 1358.097674][ T31] ? __pfx___schedule+0x10/0x10 [ 1358.102676][ T31] ? schedule+0x91/0x360 [ 1358.106976][ T31] schedule+0x165/0x360 [ 1358.111283][ T31] schedule_preempt_disabled+0x13/0x30 [ 1358.116780][ T31] __mutex_lock+0x724/0xe80 [ 1358.121347][ T31] ? __mutex_lock+0x51b/0xe80 [ 1358.126058][ T31] ? misc_open+0x51/0x330 [ 1358.130398][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1358.135519][ T31] misc_open+0x51/0x330 [ 1358.139721][ T31] chrdev_open+0x4cc/0x5e0 [ 1358.144280][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1358.149266][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1358.154290][ T31] do_dentry_open+0xdf3/0x1970 [ 1358.159095][ T31] vfs_open+0x3b/0x340 [ 1358.163281][ T31] ? path_openat+0x2ecd/0x3830 [ 1358.168091][ T31] path_openat+0x2ee5/0x3830 [ 1358.172765][ T31] ? arch_stack_walk+0xfc/0x150 [ 1358.177677][ T31] ? __pfx_path_openat+0x10/0x10 [ 1358.182734][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.188869][ T31] do_filp_open+0x1fa/0x410 [ 1358.193486][ T31] ? __lock_acquire+0xab9/0xd20 [ 1358.198372][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1358.203479][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1358.208340][ T31] ? alloc_fd+0x64c/0x6c0 [ 1358.212807][ T31] do_sys_openat2+0x121/0x1c0 [ 1358.217531][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1358.222868][ T31] ? exc_page_fault+0x76/0xf0 [ 1358.227599][ T31] ? do_user_addr_fault+0xc8a/0x1390 [ 1358.232991][ T31] __x64_sys_openat+0x138/0x170 [ 1358.237974][ T31] do_syscall_64+0xfa/0x3b0 [ 1358.242593][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1358.247941][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.254098][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1358.258803][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.264833][ T31] RIP: 0033:0x7f76dcf8e929 [ 1358.269274][ T31] RSP: 002b:00007f76dde29038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1358.277768][ T31] RAX: ffffffffffffffda RBX: 00007f76dd1b6240 RCX: 00007f76dcf8e929 [ 1358.285805][ T31] RDX: 0000000000000000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 1358.293902][ T31] RBP: 00007f76dd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1358.301992][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1358.310014][ T31] R13: 0000000000000001 R14: 00007f76dd1b6240 R15: 00007fffbee6b528 [ 1358.318124][ T31] [ 1358.321247][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1358.330296][ T31] INFO: task syz.5.8445:31986 blocked for more than 146 seconds. [ 1358.338095][ T31] Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 [ 1358.345795][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1358.354529][ T31] task:syz.5.8445 state:D stack:28120 pid:31986 tgid:31981 ppid:25194 task_flags:0x400040 flags:0x00004004 [ 1358.366531][ T31] Call Trace: [ 1358.369825][ T31] [ 1358.372821][ T31] __schedule+0x16f5/0x4d00 [ 1358.377360][ T31] ? __kasan_slab_free+0x62/0x70 [ 1358.382583][ T31] ? security_file_open+0xb1/0x270 [ 1358.387764][ T31] ? do_dentry_open+0x35e/0x1970 [ 1358.392808][ T31] ? __lock_acquire+0xab9/0xd20 [ 1358.397704][ T31] ? schedule+0x165/0x360 [ 1358.402181][ T31] ? __pfx___schedule+0x10/0x10 [ 1358.407082][ T31] ? schedule+0x91/0x360 [ 1358.411449][ T31] schedule+0x165/0x360 [ 1358.415664][ T31] schedule_preempt_disabled+0x13/0x30 [ 1358.421246][ T31] __mutex_lock+0x724/0xe80 [ 1358.425787][ T31] ? __mutex_lock+0x51b/0xe80 [ 1358.430478][ T31] ? misc_open+0x51/0x330 [ 1358.434897][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1358.439978][ T31] misc_open+0x51/0x330 [ 1358.444228][ T31] chrdev_open+0x4cc/0x5e0 [ 1358.448687][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1358.453733][ T31] ? __pfx_chrdev_open+0x10/0x10 [ 1358.458723][ T31] do_dentry_open+0xdf3/0x1970 [ 1358.463664][ T31] vfs_open+0x3b/0x340 [ 1358.467775][ T31] ? path_openat+0x2ecd/0x3830 [ 1358.472628][ T31] path_openat+0x2ee5/0x3830 [ 1358.477251][ T31] ? arch_stack_walk+0xfc/0x150 [ 1358.482222][ T31] ? __pfx_path_openat+0x10/0x10 [ 1358.487202][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.493376][ T31] do_filp_open+0x1fa/0x410 [ 1358.497945][ T31] ? __lock_acquire+0xab9/0xd20 [ 1358.502905][ T31] ? __pfx_do_filp_open+0x10/0x10 [ 1358.507989][ T31] ? _raw_spin_unlock+0x28/0x50 [ 1358.512974][ T31] ? alloc_fd+0x64c/0x6c0 [ 1358.517361][ T31] do_sys_openat2+0x121/0x1c0 [ 1358.522142][ T31] ? __se_sys_futex+0x36f/0x400 [ 1358.527034][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 1358.532307][ T31] ? __fget_files+0x2a/0x420 [ 1358.536938][ T31] ? __pfx___se_sys_futex+0x10/0x10 [ 1358.542261][ T31] ? __fget_files+0x2a/0x420 [ 1358.546894][ T31] __x64_sys_openat+0x138/0x170 [ 1358.551974][ T31] do_syscall_64+0xfa/0x3b0 [ 1358.556539][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1358.561842][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.567940][ T31] ? clear_bhb_loop+0x60/0xb0 [ 1358.572715][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.578738][ T31] RIP: 0033:0x7f76dcf8e929 [ 1358.583241][ T31] RSP: 002b:00007f76dde08038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1358.591819][ T31] RAX: ffffffffffffffda RBX: 00007f76dd1b6320 RCX: 00007f76dcf8e929 [ 1358.599836][ T31] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1358.607921][ T31] RBP: 00007f76dd010b39 R08: 0000000000000000 R09: 0000000000000000 [ 1358.615957][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1358.624091][ T31] R13: 0000000000000000 R14: 00007f76dd1b6320 R15: 00007fffbee6b528 [ 1358.632161][ T31] [ 1358.635208][ T31] Future hung task reports are suppressed, see sysctl kernel.hung_task_warnings [ 1358.644333][ T31] [ 1358.644333][ T31] Showing all locks held in the system: [ 1358.652149][ T31] 1 lock held by khungtaskd/31: [ 1358.657026][ T31] #0: ffffffff8e33eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1358.667015][ T31] 1 lock held by klogd/5195: [ 1358.671664][ T31] #0: ffff8880b8639f98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 1358.681716][ T31] 2 locks held by getty/5595: [ 1358.686424][ T31] #0: ffff888030b460a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1358.696320][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1358.706565][ T31] 4 locks held by kworker/0:5/5969: [ 1358.711832][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1358.722939][ T31] #1: ffffc90004c87bc0 ((work_completion)(&rfkill->sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1358.735463][ T31] #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_sync_work+0x2e/0x200 [ 1358.745618][ T31] #3: ffff888032b2e100 (&dev->mutex){....}-{4:4}, at: nfc_rfkill_set_block+0x50/0x2e0 [ 1358.755452][ T31] 3 locks held by kworker/0:3/23922: [ 1358.760820][ T31] #0: ffff88801a880d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1358.771990][ T31] #1: ffffc9000c2a7bc0 ((work_completion)(&rfkill_global_led_trigger_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1358.785820][ T31] #2: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_global_led_trigger_worker+0x27/0xd0 [ 1358.797754][ T31] 3 locks held by kworker/u8:8/31026: [ 1358.803455][ T31] 1 lock held by syz.6.8435/31889: [ 1358.808612][ T31] #0: ffff888032b2e100 (&dev->mutex){....}-{4:4}, at: nfc_unregister_device+0x63/0x2a0 [ 1358.818452][ T31] 2 locks held by syz.4.8443/31970: [ 1358.823725][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.832296][ T31] #1: ffffffff8f9fd5a8 (rfkill_global_mutex){+.+.}-{4:4}, at: rfkill_fop_open+0x12d/0x820 [ 1358.842451][ T31] 1 lock held by syz.4.8443/31971: [ 1358.847585][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.856105][ T31] 1 lock held by syz.1.8444/31976: [ 1358.861376][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.870035][ T31] 1 lock held by syz.5.8445/31982: [ 1358.875241][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.883818][ T31] 1 lock held by syz.5.8445/31983: [ 1358.888951][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.897476][ T31] 1 lock held by syz.5.8445/31984: [ 1358.902649][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.911203][ T31] 1 lock held by syz.5.8445/31985: [ 1358.916329][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.924860][ T31] 1 lock held by syz.5.8445/31986: [ 1358.929991][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.938525][ T31] 1 lock held by syz-executor/31993: [ 1358.944026][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.952861][ T31] 1 lock held by syz-executor/31999: [ 1358.958197][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.966754][ T31] 1 lock held by syz-executor/32003: [ 1358.972756][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.981508][ T31] 1 lock held by syz-executor/32004: [ 1358.986844][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1358.995471][ T31] 1 lock held by syz-executor/32017: [ 1359.000840][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.009367][ T31] 1 lock held by syz-executor/32020: [ 1359.014828][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.023518][ T31] 1 lock held by syz-executor/32023: [ 1359.028840][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.037411][ T31] 1 lock held by syz-executor/32024: [ 1359.042810][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.051402][ T31] 1 lock held by syz-executor/32039: [ 1359.056790][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.065402][ T31] 1 lock held by syz-executor/32042: [ 1359.070710][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.079293][ T31] 1 lock held by syz-executor/32045: [ 1359.084683][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.093230][ T31] 1 lock held by syz-executor/32046: [ 1359.098520][ T31] #0: ffffffff8ebd4788 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x51/0x330 [ 1359.107183][ T31] [ 1359.109541][ T31] ============================================= [ 1359.109541][ T31] [ 1359.118050][ T31] NMI backtrace for cpu 1 [ 1359.118068][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 1359.118090][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1359.118102][ T31] Call Trace: [ 1359.118110][ T31] [ 1359.118119][ T31] dump_stack_lvl+0x189/0x250 [ 1359.118146][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1359.118177][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1359.118200][ T31] ? __pfx__printk+0x10/0x10 [ 1359.118233][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1359.118265][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1359.118291][ T31] ? _printk+0xcf/0x120 [ 1359.118319][ T31] ? __pfx__printk+0x10/0x10 [ 1359.118345][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1359.118381][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1359.118413][ T31] watchdog+0xfee/0x1030 [ 1359.118437][ T31] ? watchdog+0x1de/0x1030 [ 1359.118466][ T31] kthread+0x70e/0x8a0 [ 1359.118499][ T31] ? __pfx_watchdog+0x10/0x10 [ 1359.118519][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.118550][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1359.118588][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1359.118618][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.118648][ T31] ret_from_fork+0x3f9/0x770 [ 1359.118683][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1359.118711][ T31] ? __switch_to_asm+0x39/0x70 [ 1359.118736][ T31] ? __switch_to_asm+0x33/0x70 [ 1359.118760][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.118789][ T31] ret_from_fork_asm+0x1a/0x30 [ 1359.118831][ T31] [ 1359.118840][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1359.276159][ C0] NMI backtrace for cpu 0 [ 1359.276177][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 1359.276198][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1359.276209][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 1359.276242][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 09 1b 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 1359.276258][ C0] RSP: 0018:ffffffff8e007d80 EFLAGS: 000002c6 [ 1359.276273][ C0] RAX: 0e435e10af598500 RBX: ffffffff81979d58 RCX: 0e435e10af598500 [ 1359.276287][ C0] RDX: 0000000000000001 RSI: ffffffff8da4c121 RDI: ffffffff8be41880 [ 1359.276300][ C0] RBP: ffffffff8e007ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 1359.276313][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8fc232f0 [ 1359.276325][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1c12a50 [ 1359.276337][ C0] FS: 0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000 [ 1359.276352][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1359.276364][ C0] CR2: 000056189aceafb0 CR3: 000000000e138000 CR4: 00000000003526f0 [ 1359.276379][ C0] Call Trace: [ 1359.276386][ C0] [ 1359.276393][ C0] default_idle+0x13/0x20 [ 1359.276412][ C0] default_idle_call+0x74/0xb0 [ 1359.276432][ C0] do_idle+0x1e8/0x510 [ 1359.276455][ C0] ? __pfx_do_idle+0x10/0x10 [ 1359.276482][ C0] cpu_startup_entry+0x44/0x60 [ 1359.276501][ C0] rest_init+0x2de/0x300 [ 1359.276522][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 1359.276550][ C0] start_kernel+0x47d/0x500 [ 1359.276572][ C0] x86_64_start_reservations+0x24/0x30 [ 1359.276597][ C0] x86_64_start_kernel+0x143/0x1c0 [ 1359.276622][ C0] common_startup_64+0x13e/0x147 [ 1359.276654][ C0] [ 1359.277185][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1359.466232][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00158-g5c8013ae2e86 #0 PREEMPT(full) [ 1359.478069][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1359.488140][ T31] Call Trace: [ 1359.491434][ T31] [ 1359.494376][ T31] dump_stack_lvl+0x99/0x250 [ 1359.498983][ T31] ? __asan_memcpy+0x40/0x70 [ 1359.503586][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1359.508798][ T31] ? __pfx__printk+0x10/0x10 [ 1359.513411][ T31] panic+0x2db/0x790 [ 1359.517322][ T31] ? __pfx_panic+0x10/0x10 [ 1359.521746][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1359.527571][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1359.532966][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1359.539162][ T31] watchdog+0x102d/0x1030 [ 1359.543506][ T31] ? watchdog+0x1de/0x1030 [ 1359.547937][ T31] kthread+0x70e/0x8a0 [ 1359.552024][ T31] ? __pfx_watchdog+0x10/0x10 [ 1359.557055][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.561665][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1359.566885][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1359.572101][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.576724][ T31] ret_from_fork+0x3f9/0x770 [ 1359.581329][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1359.586471][ T31] ? __switch_to_asm+0x39/0x70 [ 1359.591252][ T31] ? __switch_to_asm+0x33/0x70 [ 1359.596028][ T31] ? __pfx_kthread+0x10/0x10 [ 1359.600645][ T31] ret_from_fork_asm+0x1a/0x30 [ 1359.605436][ T31] [ 1359.608791][ T31] Kernel Offset: disabled [ 1359.613130][ T31] Rebooting in 86400 seconds..