last executing test programs: 11.11127298s ago: executing program 0 (id=10443): socket(0x2, 0x2, 0x88) r0 = eventfd$auto(0x0) write$auto_evdev_fops_evdev(r0, &(0x7f0000000040)="399817b6b7dfaa50dd9e5ff6284478019d6fcd22ccc1b0b2ae602e2bc8d395", 0x1f) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x2020009, 0x1000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x1, 0x800000ffff, 0x9b72, 0x7, 0x200000000028000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) r4 = socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(0x0, 0x6) shmctl$auto_SHM_UNLOCK(0x200, 0xc, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r4, 0x0, 0x50) r5 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0\x00') r6 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ppoll$auto(&(0x7f0000000040)={r6, 0xfffc, 0x8}, 0x4, &(0x7f0000000100)={0x7fffffffffffffff, 0x8}, 0x0, 0x8) rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xa, 0x0, 0x400) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), 0xffffffffffffffff) ioctl$auto_BTRFS_IOC_DEVICES_READY(0xffffffffffffffff, 0x90009427, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) (fail_nth: 6) write$auto_console_fops_tty_io(r1, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b", 0x22) 9.650494306s ago: executing program 0 (id=10447): socket(0x11, 0x80003, 0x300) r0 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x440, 0x0) pread64$auto(r0, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x10, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a1842, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/set_event\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f00000003c0)=""/192, 0xc0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x3f00, &(0x7f0000000000), 0x3) syz_clone3(&(0x7f0000000400)={0x9840100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x10000, 0x2000008000, 0xeb1, r1, 0x8000) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x1) openat$nci(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) madvise$auto(0x0, 0x2003f0, 0x15) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = getpid() syz_clone3(&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, &(0x7f0000000100)=[r3], 0x1}, 0x58) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder0\x00', 0x0, 0x0) 8.455287326s ago: executing program 0 (id=10460): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0xc8201, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x11c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x71, 0xbe, "2851deffd25c1ad8570b3ccab61efec8b5287da5740b3f69513508f66478fa0a946f3a3d7266145466ac77c9ad2c8c402858f8ff080284b3fc289fccf971e084e9b8aec596b715aec67311f3932a1379544aff4f5b730bb2779cc29c75729120f7b386758524dc5054da379991"}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0xfffffffc}, @NL80211_ATTR_SAE_PASSWORD={0x84, 0x115, "c3991eff9f839e066026e213626609002100b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c76891de999e8c4f69131d6669b8c097cab0cf92a7d0c3663de237820b905caf4c1063fc543b92853be961d81dc490ea"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}]}, 0x11c}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x16c, r2, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x9b, 0x128, "a7a32dd76013c3f47401792eaafb8f70d320b09b4940ff6bb2a27defcf7ac633b7b8be13688e00a4bbbef6d98ad64b5840d49cd042aaa37708a2702b190b094de0e1becdd205f04af08da3df4c015dc9a7cc871cfe98654b072a25433443a26321db81ee821fba985b6aab09694b0161d12adad2df0cc4b97f127c5e96a6a96ef1cdd11d6eea4aed6870bb574dcd0bb0446ec268becac3"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1f}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_MAC={0x8b, 0x6, "35f9ba6a352efff99503097d52c184e68a2de5d59f3da1ebb105351ecac505988edca9bd123cae559f8bc29b5b1762ec34966b6fc533395b668f32eb27b1b78ebe25a5c6af169749659b1bff97ab9a57afcd0b4a1b6e69dd80f75d3507ce575462865880b74772e56a534635124aafe80017560181f61a5cd0cd03283a09c635f596ec6d2500be"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x5}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3b, 0x9, 0x2, 0x6]}, 0x0) 7.18222959s ago: executing program 0 (id=10459): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/controlC1\x00', 0x141080, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2, 0x801, 0x5) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/nbd9\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x1000000, 0x9, 0xffb, 0x8000000008011, 0x3, 0x80000000) close_range$auto(r0, r0, 0x5) socket(0x9, 0x1, 0x1000) socket(0x2b, 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14f602, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810024, 0x2000000efb, 0x8000000008011, r1, 0x29) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/dynamic_debug/control\x00', 0x0, 0x0) pread64$auto(r2, 0x0, 0x200000000003, 0x2f4a3a23) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.5/usb19/removable\x00', 0x80e80, 0x0) write$auto(r3, &(0x7f0000000100)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C', 0x4) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) madvise$auto(0x0, 0xf663, 0x15) ioprio_set$auto(0x3, 0x0, 0x4b34) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x40a081, 0x0) ioctl$auto_SNDCTL_DSP_STEREO(r4, 0xc0045003, 0x0) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) 4.80467056s ago: executing program 2 (id=10464): r0 = socket(0x2, 0x2, 0x88) r1 = eventfd$auto(0x0) write$auto_evdev_fops_evdev(r1, &(0x7f0000000040)="399817b6b7dfaa50dd9e5ff6284478019d6fcd22ccc1b0b2ae602e2bc8d395", 0x1f) connect$auto(0x3, &(0x7f0000000080)=@generic={0x9, "d644d8ba0c12716ab93cc06cb3d1"}, 0x40000054) mmap$auto(0x0, 0x2020007, 0x1000000000000007, 0xeb5, r0, 0x8000) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x1, 0x800000ffff, 0x9b72, 0x7, 0x200000000028000) r3 = inotify_init1$auto(0xa614) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x105180, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) r6 = socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(0x0, 0x6) execveat$auto(r3, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=&(0x7f0000000180)='!#*\x00', &(0x7f0000000280)=&(0x7f0000000240)='\r@&[^G-::\x00', 0x81) shmctl$auto_SHM_UNLOCK(0x200, 0xc, 0x0) sendmsg$auto_OVS_METER_CMD_SET(r6, 0x0, 0x50) r7 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execveat$auto(r7, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000040)='./file0\x00', &(0x7f0000000340)='./file0\x00') r8 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ppoll$auto(&(0x7f0000000040)={r8, 0xfffc, 0x8}, 0x4, &(0x7f0000000100)={0x7fffffffffffffff, 0x8}, 0x0, 0x8) rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') setsockopt$auto(0xffffffffffffffff, 0x104000000000010e, 0xe, 0x0, 0x400) syz_genetlink_get_family_id$auto_gtp(&(0x7f0000000040), 0xffffffffffffffff) ioctl$auto_BTRFS_IOC_DEVICES_READY(0xffffffffffffffff, 0x90009427, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) write$auto_console_fops_tty_io(r2, &(0x7f0000000440)="671d264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b", 0x22) 4.804531915s ago: executing program 3 (id=10465): mmap$auto(0x7, 0x400008, 0xd7, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x19, &(0x7f0000000080), 0xfffffffe) 4.801802853s ago: executing program 0 (id=10472): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x1, 0x2020009, 0x3, 0x1d, 0xffffffffffffffff, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[], 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='_\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) r2 = socket(0x23, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x8, &(0x7f0000000100)={&(0x7f0000000340), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x8) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000ffdbdf25040000000a0016070000000400000000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/fail-nth\x00', 0x0, 0x0) socket(0x28, 0x80003, 0x7228) r5 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r5, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0x2) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) recvmsg$auto(r4, &(0x7f00000005c0)={0x0, 0x8, &(0x7f00000004c0)={&(0x7f00000003c0)="444debcb5d4827b41b873d646e2663fb2d4aa24da78f4b3472bd8daf8c57304fe5302fe1869cfca458a5a39bd4006710640f6032088c509f0c082c1b04896afe04d524b8b80ce2949dae1a1d2bec705c343bc92a41212ae3ed0a036e67d0c6d7b35e6cb8956ef9b289a7e42615af9f0470dc70d3deea952a1d85a1a845530a190757f55d6e53993d1e8f22b49f44b8a5b9b989d8ed44e1a1f0002bb9f9c8813bee34cfb9b329b8b45794054ee04fdb17a945013b532f53854704c99cc8f02c1582b9c91704e2ed3d57e019cf620547", 0x3}, 0xd3, &(0x7f0000000500)="6bfee52cc6d76e1c2f8b714f9ce8de29c2b8c6a36fd1081b8f6753c4db3a957fc9f3c8ce5a1f6aae5db64bc4b8383dea96682820b78f0fdf870dba5430e851305d4713df7f1124096ace834632a497cc07ffb3b6254aa69082434244066c46fe36fd6a587c8d1a8b40662762a5e48ddb2c86fa27c693a26df7fa2dd4f5762a1616bbbc094ba84c2f033b83814b8572c7bb08c224a9b33f1ac650d8c51cff0960141e613531d3f03e45860d2c2f7110f12d60c0b21f6a1556472a2f918584", 0xc, 0xffffffff}, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) 4.711838374s ago: executing program 3 (id=10466): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x120, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x78, 0xbe, "2851deffd25c1ad8570b3ccab61efec8b5287da5740b3f69513508f66478fa0a946f3a3d7266145466ac77c9ad2c8c402858f8ff080284b3fc289fccf971e084e9b8aec596b715aec67311f3932a1379544aff4f5b730bb2779cc29c75729120f7b386758524dc5054da379991cb65bc7a3a84c6"}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0xfffffffc}, @NL80211_ATTR_SAE_PASSWORD={0x83, 0x115, "c3991eff9f839e066026e213626609002100b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c76891de999e8c4f69131d6669b8c097cab0cf92a7d0c3663de237820b905caf4c1063fc543b92853be961d81dc490"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}]}, 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x51) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x16c, r2, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x9b, 0x128, "a7a32dd76013c3f47401792eaafb8f70d320b09b4940ff6bb2a27defcf7ac633b7b8be13688e00a4bbbef6d98ad64b5840d49cd042aaa37708a2702b190b094de0e1becdd205f04af08da3df4c015dc9a7cc871cfe98654b072a25433443a26321db81ee821fba985b6aab09694b0161d12adad2df0cc4b97f127c5e96a6a96ef1cdd11d6eea4aed6870bb574dcd0bb0446ec268becac3"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1f}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_MAC={0x8b, 0x6, "35f9ba6a352efff99503097d52c184e68a2de5d59f3da1ebb105351ecac505988edca9bd123cae559f8bc29b5b1762ec34966b6fc533395b668f32eb27b1b78ebe25a5c6af169749659b1bff97ab9a57afcd0b4a1b6e69dd80f75d3507ce575462865880b74772e56a534635124aafe80017560181f61a5cd0cd03283a09c635f596ec6d2500be"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x5}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3b, 0x9, 0x2, 0x6]}, 0x0) 4.269305002s ago: executing program 2 (id=10467): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x405, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0xfffffffd, &(0x7f0000000080)={0x0, 0x1}, 0xa, 0x0, 0x4, 0x401}, 0xed7138c}, 0xfffffffd, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000025c0)={0x14, 0x0, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfd}, 0x14}}, 0x8040) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r1 = socket(0x2, 0x3, 0xa) open(0x0, 0x149443, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/lo/tx_queue_len\x00', 0x100, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/vhci_hcd.0/detach\x00', 0x2501, 0x0) write$auto(r1, &(0x7f0000000380)='0\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1d\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d1s!\x01\xff\xfe\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85K /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) socket(0x2, 0x80802, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, 0x0, 0x55) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x5ac, 0x0, 0x106, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x9a6, 0xe000) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8ab00000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000bba969f384aeb30d27d4cf951b2c32fe4aee6c3a9064ba6c6c109b995a86fc7163a7bd205603db33cad3672eae951935c46ec89e45664d8a36bd44d864fe9807ec1e", @ANYRES16=r2, @ANYBLOB="000328bd7000fcdbdf250100000005000d0001000000"], 0x1c}, 0x1, 0x0, 0x0, 0x8010}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0x1ac}}, 0x801) socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010029bd7000fedbdf2503000000040008000c00018008001000040010"], 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x800) 4.122921336s ago: executing program 1 (id=10468): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2000f, 0x4000000000df, 0xeb1, 0x404, 0x8000) sysfs$auto(0x2, 0x4b, 0x0) fsopen$auto(0x0, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) socket(0x23, 0x3, 0x0) syslog$auto(0x4, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000002140)={0x0, 0x0, &(0x7f0000002100)={&(0x7f00000000c0)={0xec, r1, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_HT_CAPABILITY={0xd7, 0x1f, "e8b897a31f9d2853914248d6bd0e6f80db0994047bd7343f8b96bc738e572443b82d3ca918a3002f8d91b9974f497cccd509a8709152c4b0f1d1a1333bf5e4602148b5165c79c001c68728103581a189908cb63e8a06ff0328405b64d46793ce54278f6050b43e476c91d418f10fb9321eba0787e76af0859046c7081b83c429ff166069613a727e1d107451fa061cabb798aa5dcf509192f68073ca9d299730b93b3a7c41400bd33fa33d5411b600b2dd561f49e9cdb9c04f63df064826fc18a80805f136e01cb2e29306c79774a7fd60a944"}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x40) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0xc001) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x10000000084, 0x80, 0x0, 0x8) 4.036955932s ago: executing program 2 (id=10469): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0xc8201, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x120, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x75, 0xbe, "2851deffd25c1ad8570b3ccab61efec8b5287da5740b3f69513508f66478fa0a946f3a3d7266145466ac77c9ad2c8c402858f8ff080284b3fc289fccf971e084e9b8aec596b715aec67311f3932a1379544aff4f5b730bb2779cc29c75729120f7b386758524dc5054da379991cb65bc7a"}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0xfffffffc}, @NL80211_ATTR_SAE_PASSWORD={0x84, 0x115, "c3991eff9f839e066026e213626609002100b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c76891de999e8c4f69131d6669b8c097cab0cf92a7d0c3663de237820b905caf4c1063fc543b92853be961d81dc490ea"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}]}, 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x16c, r2, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x9b, 0x128, "a7a32dd76013c3f47401792eaafb8f70d320b09b4940ff6bb2a27defcf7ac633b7b8be13688e00a4bbbef6d98ad64b5840d49cd042aaa37708a2702b190b094de0e1becdd205f04af08da3df4c015dc9a7cc871cfe98654b072a25433443a26321db81ee821fba985b6aab09694b0161d12adad2df0cc4b97f127c5e96a6a96ef1cdd11d6eea4aed6870bb574dcd0bb0446ec268becac3"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1f}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_MAC={0x8b, 0x6, "35f9ba6a352efff99503097d52c184e68a2de5d59f3da1ebb105351ecac505988edca9bd123cae559f8bc29b5b1762ec34966b6fc533395b668f32eb27b1b78ebe25a5c6af169749659b1bff97ab9a57afcd0b4a1b6e69dd80f75d3507ce575462865880b74772e56a534635124aafe80017560181f61a5cd0cd03283a09c635f596ec6d2500be"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x5}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3b, 0x9, 0x2, 0x6]}, 0x0) 3.693465642s ago: executing program 1 (id=10470): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0xb, 0x0) sendmsg$auto_NETDEV_CMD_QSTATS_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x4c094) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) writev$auto(r0, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0xb) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x18) socket(0xa, 0x1, 0x100) eventfd2$auto(0x6af3, 0x800) socket(0x1e, 0x1, 0x0) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r1, @new_map_fd=r2, 0x3, @old_map_fd=r2}, 0x1) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(0x0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0xfffffffffffffffa, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 3.400213862s ago: executing program 3 (id=10471): openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x28201, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={0x2c, r1, 0x201, 0x70bd2c, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x10, 0x2, 0x0, 0x1, [@typed={0xc, 0x1, 0x0, 0x0, @u64=0xa}]}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20004054}, 0x480b0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x20340, 0x0) ioctl$auto_SNDCTL_DSP_SETDUPLEX(r2, 0x5016, 0x0) open(0x0, 0x261c2, 0x84) socket(0xa, 0x2, 0x1000073) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, 0x0, 0xc02, 0x0) write$auto(r3, 0x0, 0xc3) mlockall$auto(0x800000000000005) clone$auto(0x100000001, 0x4, 0x0, 0x0, 0x200) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) write$auto(0x3, 0x0, 0xffd8) 3.054777038s ago: executing program 3 (id=10473): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) r1 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r1, 0x451, 0x800000a, r0, 0x0) r2 = open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x154) execveat$auto(r2, 0x0, 0x0, 0x0, 0x110f8) 2.886398275s ago: executing program 3 (id=10474): prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004400)='/dev/dsp1\x00', 0x1, 0x0) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f0000004440)) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20005, 0xdf, 0x12, r0, 0x4) open_by_handle_at$auto(r1, &(0x7f00000002c0)={0x1b, 0x136a, "8f42b1077e737d4629d7867bca48102625b1c2c21fa15504a19b9a"}, 0x7d) mmap$auto(0x2, 0x400008, 0xdf, 0xfffffffffffffff7, 0x2, 0x8040) r3 = geteuid() getrusage$auto(0x1, &(0x7f0000000080)={{0x3, 0x6}, {0x9, 0xe}, 0x2, 0x800000101, 0x8000000000000001, 0x5, 0x1000e, 0x7, 0x3, 0x8000000000000001, 0x6, 0x2, 0x6, 0x0, 0x7, 0x2}) keyctl$auto(0x101e, r3, r3, 0x0, 0x8) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(0xffffffffffffffff, 0x0, 0x200000c0) mmap$auto(0xfffffffd, 0x8, 0xdf, 0x9b7e, 0x2, 0x8003) close_range$auto(0x2, 0xa, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000680)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf257e00000004008700080062000010000084001501c3991eff9f839e066026e213626609003500b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c7689194d77a65de999e8c4f69131d6669b8c097cab030d4a43abe3026b292fa4d48cf92a7d064393de237820b905caf651063fc543b92853be961d81dc490ea0600eb0007000000b923b9f28f2a75d791215a897a4d908b4da866bf5330bd2dc9142df25c83fe1b74ffd77f8ef8baf0e048e8cdd2ef671b5291cd3d34f3d53e44136ec39f71c5774dfc2c125c8430227a2fd07dc23656b7ccbc67e30963b4f4a4c654889d23b6c2b8a23e5f566890bb40f618c210231091815807a42b7ebf5e460e426737a650bac9d8bf1b5468c7bbffcda75c3cfa57d23c96237c449b6f20830446bb1f9ad0a462140759afd3d0082d32406452f3effea8f3146952a1b21458e2a34af4425f6b338aaee14b5ed4af1f1921edf60ac2c8f7115240154d1a8e3e250fe27c9778def20f0af00d3815b3dc91ad701a6713b07f98e138559b51dd8a4139213779727bb5a99712d8c257c0add97f540659a9687768397d4772f6910abf2dd9f1ce5cbcd517ff904b8f5c8c332909d51780f5deea722f0ba1c7495c525f0089ac0ca973e7824b70e3a64b170b98ca6937947dd82898f80a2423d241009f2b6a0efdd0f821524314caf137ee965a70cf44ea1df795b37716c27cdf858e1c7f685a25f2163937eba349943194e0760896bd2c52f1e874b1ae2dae733c48e25498a5e01d603540726e6829f4d1acd1aa7a9c759e8a59db9ff8dfd744c30da39c56df69142bba0c5ea6ae1bc9d4448562671cd6359831ca6daeef15aabf88359dd5870461e7f74b51cbcc722cccc2fc1c1d2b321c30371fe46004872b13b06fffd7e098939984"], 0xac}, 0x1, 0x68, 0x0, 0x24040080}, 0xd0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm1p/sub2/xrun_injection\x00', 0x9ee00, 0x0) mmap$auto(0x0, 0x400008, 0x10000000000009f4, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) 2.88567638s ago: executing program 2 (id=10482): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0xc8201, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x120, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x75, 0xbe, "2851deffd25c1ad8570b3ccab61efec8b5287da5740b3f69513508f66478fa0a946f3a3d7266145466ac77c9ad2c8c402858f8ff080284b3fc289fccf971e084e9b8aec596b715aec67311f3932a1379544aff4f5b730bb2779cc29c75729120f7b386758524dc5054da379991cb65bc7a"}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0xfffffffc}, @NL80211_ATTR_SAE_PASSWORD={0x84, 0x115, "c3991eff9f839e066026e213626609002100b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c76891de999e8c4f69131d6669b8c097cab0cf92a7d0c3663de237820b905caf4c1063fc543b92853be961d81dc490ea"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}]}, 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x16c, r2, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x9b, 0x128, "a7a32dd76013c3f47401792eaafb8f70d320b09b4940ff6bb2a27defcf7ac633b7b8be13688e00a4bbbef6d98ad64b5840d49cd042aaa37708a2702b190b094de0e1becdd205f04af08da3df4c015dc9a7cc871cfe98654b072a25433443a26321db81ee821fba985b6aab09694b0161d12adad2df0cc4b97f127c5e96a6a96ef1cdd11d6eea4aed6870bb574dcd0bb0446ec268becac3"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1f}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_MAC={0x8b, 0x6, "35f9ba6a352efff99503097d52c184e68a2de5d59f3da1ebb105351ecac505988edca9bd123cae559f8bc29b5b1762ec34966b6fc533395b668f32eb27b1b78ebe25a5c6af169749659b1bff97ab9a57afcd0b4a1b6e69dd80f75d3507ce575462865880b74772e56a534635124aafe80017560181f61a5cd0cd03283a09c635f596ec6d2500be"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x5}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3b, 0x9, 0x2, 0x6]}, 0x0) 2.700124375s ago: executing program 1 (id=10475): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) r0 = socket(0xa, 0x2, 0x4073) (async, rerun: 32) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20b42, 0x0) connect$auto(r0, 0x0, 0x4) (async) mmap$auto(0x0, 0x40000000202000c, 0x10, 0xeb3, r1, 0x2000000008000) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async, rerun: 64) socket(0x2, 0x801, 0x6) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ram3\x00', 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket(0x10, 0x2, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/007/001\x00', 0x40000, 0x0) (rerun: 64) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) close_range$auto(0x2, 0x8, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) (async) chown$auto(&(0x7f0000000080)='}[,&*}\x00', 0x0, 0xffffffffffffffff) (async) r3 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) (async) r4 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r4, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r3, &(0x7f00000001c0)='-\x00\xe4\xd1\xcd\x9dI\x94\x14Os?)\x97e\xab\x80\xf2\xe3\xc3=\xe3\xb8\xdb=R\xed\x12\xf5\xcb\x1c\x056{R\xa0*\x1e\xdbp\xeb\xc9\xe6\xbcJ^\xa6f9z@)\x97\xa5\xef\xf1O\xa5\x01\x80\x1a\xf8\xf7\x9eE$kT^\xb4j\x85\x1c\x0f\xda\xf6\x0e 3\x8a\x04\xd7\xd6E\nMIG\x98\n\xb4\t\xe6\xb0\x1b\x81\xc4\xa1\xe2`\x05\xe6\xa4\xf7\xfc\x01IZ\x86c=\x8f\x00\xe9\v\xa8N\x05&S\xb5\xb4\xb2\xb1s\xef\xc9\xa1\x88G\xc8qA\x97\x13\x13\xdf\x7f\x1e\x18\xcf\xdd\xfd\x87~\xda\xee\x00`\x82\xd2qJ\xc5\x11PH2\xf2pCX^S\xc6\xdaa\xe4;\f\x8c\xa7a\x81TDN\xdb\xd4Amf\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 266.574058ms ago: executing program 1 (id=10480): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), r1) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000ffdbdf25040000000a0016070000000400000000"], 0x20}, 0x1, 0x0, 0x0, 0x41}, 0x4004040) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0xffffffffffffffff, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) r4 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r4, &(0x7f0000000000)={0x8, 0x2, 'u\x00\x00\x00\x00\x00\x00\x00'}, 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r5, 0x0, 0x20) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) recvmsg$auto(r3, &(0x7f00000005c0)={0x0, 0x8, &(0x7f00000004c0)={&(0x7f00000003c0)="444debcb5d4827b41b873d646e2663fb2d4aa24da78f4b3472bd8daf8c57304fe5302fe1869cfca458a5a39bd4006710640f6032088c509f0c082c1b04896afe04d524b8b80ce2949dae1a1d2bec705c343bc92a41212ae3ed0a036e67d0c6d7b35e6cb8956ef9b289a7e42615af9f0470dc70d3deea952a1d85a1a845530a190757f55d6e53993d1e8f22b49f44b8a5b9b989d8ed44e1a1f0002bb9f9c8813bee34cfb9b329b8b45794054ee04fdb17a945013b532f53854704c99cc8f02c1582b9c91704e2ed3d57e019cf620547", 0x3}, 0xd3, &(0x7f0000000500)="6bfee52cc6d76e1c2f8b714f9ce8de29c2b8c6a36fd1081b8f6753c4db3a957fc9f3c8ce5a1f6aae5db64bc4b8383dea96682820b78f0fdf870dba5430e851305d4713df7f1124096ace834632a497cc07ffb3b6254aa69082434244066c46fe36fd6a587c8d1a8b40662762a5e48ddb2c86fa27c693a26df7fa2dd4f5762a1616bbbc094ba84c2f033b83814b8572c7bb08c224a9b33f1ac650d8c51cff0960141e613531d3f03e45860d2c2f7110f12d60c0b21f6a1556472a2f918584", 0xc, 0xffffffff}, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cuse\x00', 0x41000, 0x0) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r6 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) open_by_handle_at$auto(r6, &(0x7f0000000000)={0x8, 0x2, "8b00000000000000"}, 0x36c) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto(r7, 0x4008af24, 0xffffffffffffffff) 175.884091ms ago: executing program 3 (id=10481): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) membarrier$auto(0x2, 0x0, 0x9) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0xc02, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/radio6\x00', 0x8a240, 0x0) ioctl$auto(r0, 0x5646, r0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) getpid() clock_nanosleep$auto(0x9, 0x0, 0x0, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)={0x120, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x78, 0xbe, "2851deffd25c1ad8570b3ccab61efec8b5287da5740b3f69513508f66478fa0a946f3a3d7266145466ac77c9ad2c8c402858f8ff080284b3fc289fccf971e084e9b8aec596b715aec67311f3932a1379544aff4f5b730bb2779cc29c75729120f7b386758524dc5054da379991cb65bc7a3a84c6"}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0xfffffffc}, @NL80211_ATTR_SAE_PASSWORD={0x83, 0x115, "c3991eff9f839e066026e213626609002100b805414f5b112a44d6875b15c45625a1d8502d7cc067902bf55ce2c5c11d4225f128db3dec1907e02bcf361e22fa649e8610ccef1ef63d274d664ea74441c76891de999e8c4f69131d6669b8c097cab0cf92a7d0c3663de237820b905caf4c1063fc543b92853be961d81dc490"}, @NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x5}]}, 0x120}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) sendmsg$auto_NL80211_CMD_GET_KEY(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x100, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x21}, 0x51) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x16c, r2, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NL80211_ATTR_S1G_CAPABILITY={0x9b, 0x128, "a7a32dd76013c3f47401792eaafb8f70d320b09b4940ff6bb2a27defcf7ac633b7b8be13688e00a4bbbef6d98ad64b5840d49cd042aaa37708a2702b190b094de0e1becdd205f04af08da3df4c015dc9a7cc871cfe98654b072a25433443a26321db81ee821fba985b6aab09694b0161d12adad2df0cc4b97f127c5e96a6a96ef1cdd11d6eea4aed6870bb574dcd0bb0446ec268becac3"}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x1f}, @NL80211_ATTR_WPA_VERSIONS={0x8, 0x4b, 0x3}, @NL80211_ATTR_MAC={0x8b, 0x6, "35f9ba6a352efff99503097d52c184e68a2de5d59f3da1ebb105351ecac505988edca9bd123cae559f8bc29b5b1762ec34966b6fc533395b668f32eb27b1b78ebe25a5c6af169749659b1bff97ab9a57afcd0b4a1b6e69dd80f75d3507ce575462865880b74772e56a534635124aafe80017560181f61a5cd0cd03283a09c635f596ec6d2500be"}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x5}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_USER_PRIO={0x5, 0xd3, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}]}, 0x16c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x6, 0x8d, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3b, 0x9, 0x2, 0x6]}, 0x0) 0s ago: executing program 2 (id=10483): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40942, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x280, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8042, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040)="9f2d140e3bb924e8ce6d51a4487184", 0x4}, 0x7fffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1c8b40, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x800, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) socketpair$auto(0x1e, 0x9, 0x7, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto(0x3, 0x80106f53, r1) kernel console output (not intermixed with test programs): ase+0x201/0x2f0 [ 3425.651143][T31270] ? __fget_files+0x20e/0x3c0 [ 3425.651166][T31270] ksys_mmap_pgoff+0x32c/0x5c0 [ 3425.651193][T31270] ? __pfx_ksys_write+0x10/0x10 [ 3425.651217][T31270] __x64_sys_mmap+0x125/0x190 [ 3425.651249][T31270] do_syscall_64+0xcd/0x490 [ 3425.651276][T31270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3425.651296][T31270] RIP: 0033:0x7f092478ebe9 [ 3425.651310][T31270] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3425.651330][T31270] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3425.651348][T31270] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3425.651362][T31270] RDX: 0000000000000ffb RSI: 0000000000810004 RDI: 0000000000000000 [ 3425.651374][T31270] RBP: 00007f09255d8090 R08: 000000000000000b R09: 0000000000008000 [ 3425.651387][T31270] R10: 0008000000008011 R11: 0000000000000246 R12: 0000000000000001 [ 3425.651399][T31270] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3425.651418][T31270] [ 3425.965768][T31274] vivid-003: ================= START STATUS ================= [ 3425.973464][T31274] vivid-003: Radio HW Seek Mode: Bounded [ 3425.979129][T31274] vivid-003: Radio Programmable HW Seek: false [ 3425.985322][T31274] vivid-003: RDS Rx I/O Mode: Block I/O [ 3425.990869][T31274] vivid-003: Generate RBDS Instead of RDS: false [ 3425.997621][T31274] vivid-003: RDS Reception: true [ 3426.002818][T31274] vivid-003: RDS Program Type: 0 inactive [ 3426.008576][T31274] vivid-003: RDS PS Name: inactive [ 3426.013811][T31274] vivid-003: RDS Radio Text: inactive [ 3426.020161][T31274] vivid-003: RDS Traffic Announcement: false inactive [ 3426.026961][T31274] vivid-003: RDS Traffic Program: false inactive [ 3426.033335][T31274] vivid-003: RDS Music: false inactive [ 3426.038799][T31274] vivid-003: ================== END STATUS ================== [ 3426.197391][T31273] vivid-003: ================= START STATUS ================= [ 3426.211454][T31273] vivid-003: Radio HW Seek Mode: Bounded [ 3426.217110][T31273] vivid-003: Radio Programmable HW Seek: false [ 3426.233890][T31273] vivid-003: RDS Rx I/O Mode: Block I/O [ 3426.247474][T31273] vivid-003: Generate RBDS Instead of RDS: false [ 3426.268792][T31273] vivid-003: RDS Reception: true [ 3426.279962][T31273] vivid-003: RDS Program Type: 0 inactive [ 3426.301305][T31273] vivid-003: RDS PS Name: inactive [ 3426.306537][T31273] vivid-003: RDS Radio Text: inactive [ 3426.318456][T31273] vivid-003: RDS Traffic Announcement: false inactive [ 3426.338808][T31273] vivid-003: RDS Traffic Program: false inactive [ 3426.361839][T31273] vivid-003: RDS Music: false inactive [ 3426.371432][T31273] vivid-003: ================== END STATUS ================== [ 3426.841873][T31296] svc: failed to register nfsdv3 RPC service (errno 111). [ 3426.874075][T31296] svc: failed to register nfsaclv3 RPC service (errno 111). [ 3427.394173][T31312] svc: failed to register nfsdv3 RPC service (errno 111). [ 3427.422163][T31305] vivid-003: ================= START STATUS ================= [ 3427.447103][T31312] svc: failed to register nfsaclv3 RPC service (errno 111). [ 3427.457020][T31305] vivid-003: Radio HW Seek Mode: Bounded [ 3427.470313][T31305] vivid-003: Radio Programmable HW Seek: false [ 3427.498475][T31305] vivid-003: RDS Rx I/O Mode: Block I/O [ 3427.535122][T31305] vivid-003: Generate RBDS Instead of RDS: false [ 3427.568126][T31305] vivid-003: RDS Reception: true [ 3427.597307][T31305] vivid-003: RDS Program Type: 0 inactive [ 3427.619075][T31305] vivid-003: RDS PS Name: inactive [ 3427.635924][T31305] vivid-003: RDS Radio Text: inactive [ 3427.655401][T31305] vivid-003: RDS Traffic Announcement: false inactive [ 3427.678150][T31305] vivid-003: RDS Traffic Program: false inactive [ 3427.700421][T31305] vivid-003: RDS Music: false inactive [ 3427.723473][T31305] vivid-003: ================== END STATUS ================== [ 3428.866441][T31339] vivid-003: ================= START STATUS ================= [ 3428.905481][T31339] vivid-003: Radio HW Seek Mode: Bounded [ 3428.911140][T31339] vivid-003: Radio Programmable HW Seek: false [ 3428.950746][T31347] FAULT_INJECTION: forcing a failure. [ 3428.950746][T31347] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3428.973165][T31339] vivid-003: RDS Rx I/O Mode: Block I/O [ 3428.987454][T31339] vivid-003: Generate RBDS Instead of RDS: false [ 3429.019209][T31339] vivid-003: RDS Reception: true [ 3429.026239][T31347] CPU: 1 UID: 0 PID: 31347 Comm: syz.3.10170 Not tainted syzkaller #0 PREEMPT(full) [ 3429.026266][T31347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3429.026278][T31347] Call Trace: [ 3429.026285][T31347] [ 3429.026293][T31347] dump_stack_lvl+0x16c/0x1f0 [ 3429.026324][T31347] should_fail_ex+0x512/0x640 [ 3429.026356][T31347] should_fail_alloc_page+0xe7/0x130 [ 3429.026386][T31347] prepare_alloc_pages+0x3c2/0x610 [ 3429.026419][T31347] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 3429.026445][T31347] ? arch_stack_walk+0xa6/0x100 [ 3429.026472][T31347] ? stack_trace_save+0x8e/0xc0 [ 3429.026495][T31347] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 3429.026520][T31347] ? rcu_is_watching+0x12/0xc0 [ 3429.026545][T31347] ? kasan_save_track+0x14/0x30 [ 3429.026568][T31347] ? __kasan_slab_alloc+0x89/0x90 [ 3429.026593][T31347] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3429.026617][T31347] ? __pmd_alloc+0xbf/0x930 [ 3429.026648][T31347] ? __handle_mm_fault+0xa06/0x2a50 [ 3429.026667][T31347] ? handle_mm_fault+0x589/0xd10 [ 3429.026687][T31347] ? do_user_addr_fault+0x7a6/0x1370 [ 3429.026720][T31347] ? exc_page_fault+0x5c/0xb0 [ 3429.026743][T31347] ? asm_exc_page_fault+0x26/0x30 [ 3429.026763][T31347] ? rep_movs_alternative+0x11/0x90 [ 3429.026782][T31347] ? _copy_to_user+0xbb/0xd0 [ 3429.026798][T31347] ? __do_sys_getcwd+0x483/0x930 [ 3429.026827][T31347] ? do_syscall_64+0xcd/0x490 [ 3429.026853][T31347] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3429.026885][T31347] ? policy_nodemask+0xea/0x4e0 [ 3429.026914][T31347] alloc_pages_mpol+0x1fb/0x550 [ 3429.026941][T31347] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 3429.026972][T31347] alloc_pages_noprof+0x131/0x390 [ 3429.027000][T31347] pte_alloc_one+0x1c/0x3a0 [ 3429.027021][T31347] __pte_alloc+0x6d/0x3c0 [ 3429.027049][T31347] ? __pfx___pte_alloc+0x10/0x10 [ 3429.027077][T31347] ? rcu_is_watching+0x12/0xc0 [ 3429.027098][T31347] ? do_raw_spin_lock+0x12c/0x2b0 [ 3429.027132][T31347] do_pte_missing+0x285a/0x3ba0 [ 3429.027152][T31347] ? do_raw_spin_unlock+0x172/0x230 [ 3429.027185][T31347] ? _raw_spin_unlock+0x28/0x50 [ 3429.027206][T31347] ? __pmd_alloc+0x3fb/0x930 [ 3429.027257][T31347] __handle_mm_fault+0x152a/0x2a50 [ 3429.027283][T31347] ? mt_find+0x3ef/0xa30 [ 3429.027311][T31347] ? __pfx___handle_mm_fault+0x10/0x10 [ 3429.027331][T31347] ? __pfx_mt_find+0x10/0x10 [ 3429.027357][T31347] ? stack_depot_save_flags+0x29/0x9c0 [ 3429.027393][T31347] ? find_vma+0xbf/0x140 [ 3429.027420][T31347] ? __pfx_find_vma+0x10/0x10 [ 3429.027448][T31347] handle_mm_fault+0x589/0xd10 [ 3429.027469][T31347] ? __bpf_trace_exceptions+0x1/0x40 [ 3429.027500][T31347] do_user_addr_fault+0x7a6/0x1370 [ 3429.027532][T31347] ? rcu_is_watching+0x12/0xc0 [ 3429.027554][T31347] exc_page_fault+0x5c/0xb0 [ 3429.027577][T31347] asm_exc_page_fault+0x26/0x30 [ 3429.027597][T31347] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 3429.027618][T31347] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 3429.027639][T31347] RSP: 0018:ffffc9001143fdb0 EFLAGS: 00050206 [ 3429.027654][T31347] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 3429.027667][T31347] RDX: ffffed100d0a0640 RSI: ffff8880685031fb RDI: 0000000000000000 [ 3429.027680][T31347] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100d0a063f [ 3429.027692][T31347] R10: ffff8880685031ff R11: 0000000000000001 R12: ffff8880685031fb [ 3429.027706][T31347] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 3429.027724][T31347] _copy_to_user+0xbb/0xd0 [ 3429.027743][T31347] __do_sys_getcwd+0x483/0x930 [ 3429.027775][T31347] ? __pfx___do_sys_getcwd+0x10/0x10 [ 3429.027804][T31347] ? fput+0x9b/0xd0 [ 3429.027833][T31347] ? xfd_validate_state+0x61/0x180 [ 3429.027863][T31347] ? __pfx_ksys_write+0x10/0x10 [ 3429.027890][T31347] do_syscall_64+0xcd/0x490 [ 3429.027917][T31347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3429.027938][T31347] RIP: 0033:0x7f092478ebe9 [ 3429.027953][T31347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3429.027973][T31347] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 3429.027991][T31347] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3429.028004][T31347] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 3429.028017][T31347] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3429.028029][T31347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3429.028042][T31347] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3429.028061][T31347] [ 3429.528302][T31339] vivid-003: RDS Program Type: 0 inactive [ 3429.534080][T31339] vivid-003: RDS PS Name: inactive [ 3429.539316][T31339] vivid-003: RDS Radio Text: inactive [ 3429.544821][T31339] vivid-003: RDS Traffic Announcement: false inactive [ 3429.551614][T31339] vivid-003: RDS Traffic Program: false inactive [ 3429.557960][T31339] vivid-003: RDS Music: false inactive [ 3429.563467][T31339] vivid-003: ================== END STATUS ================== [ 3429.950205][T31353] vivid-003: ================= START STATUS ================= [ 3429.958021][T31353] vivid-003: Radio HW Seek Mode: Bounded [ 3429.963730][T31353] vivid-003: Radio Programmable HW Seek: false [ 3429.969884][T31353] vivid-003: RDS Rx I/O Mode: Block I/O [ 3429.975441][T31353] vivid-003: Generate RBDS Instead of RDS: false [ 3429.981764][T31353] vivid-003: RDS Reception: true [ 3430.016933][T31353] vivid-003: RDS Program Type: 0 inactive [ 3430.022767][T31353] vivid-003: RDS PS Name: inactive [ 3430.028030][T31353] vivid-003: RDS Radio Text: inactive [ 3430.033533][T31353] vivid-003: RDS Traffic Announcement: false inactive [ 3430.040331][T31353] vivid-003: RDS Traffic Program: false inactive [ 3430.046689][T31353] vivid-003: RDS Music: false inactive [ 3430.052180][T31353] vivid-003: ================== END STATUS ================== [ 3430.276971][T31362] netlink: 13 bytes leftover after parsing attributes in process `syz.1.10171'. [ 3430.501778][T31366] kernel read not supported for file /¾ò‚çgµîMQ¢_g¿ úò_N°{ùµ7vîGÙl¿†q w–Ùé¨áðÇÄĉuƒè}½O‘ÁUVW.¶­uw.ì`OÁç:ÉKÍdY•Ñ®Á›–ŸajÒüü7¯ÊnöÀwKÎçQ®ÉHgïÚ[壣%'Ï–X:DktÞ€ÝX‘ˆ¡ Ãñþ[“$O8 b´’ô¼Å¹˜9üFìÜ@ÝÚeMàUÈ;õç$Q8Ò‡ÝÅÅèµµ¸ßDÐètŠSª¾ªºž^0øYõJpuº˜ (pid: 31366 comm: syz.1.10175) [ 3430.644008][ T30] audit: type=1800 audit(4294971031.343:12): pid=31366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10175" name=BEF282E71467B5EE4D5113A25F67BF09FAF25F4EB07BF9B53776EE47D96CBF8671207796D9E9A8E1F0C71F1EC4C4897583E87DBD7F4F91C15556572EB6AD047502772EEC604FC10E15E73AC91B4BCD64590395D1AEC19B969F616AD2FCFC1F37AFCA6EF6C0774BCEE751AEC9486701EFDA5BE5A3A325278FCF96583A04446B747FDE8001DD589188A109C3F1FE5B93244F382062B492F4BCC5B99839FC46ECDC40DDDA654DE055C83BF5E7245138D287DDC59DC5E8B5B5B8DF44D0E8748A53AABEAABA9E5E301AF859F54A700875BA98 dev="mqueue" ino=433682 res=0 errno=0 [ 3431.452503][T31394] vivid-003: ================= START STATUS ================= [ 3431.476702][T31394] vivid-003: Radio HW Seek Mode: Bounded [ 3431.501217][T31394] vivid-003: Radio Programmable HW Seek: false [ 3431.517823][T31394] vivid-003: RDS Rx I/O Mode: Block I/O [ 3431.544149][T31394] vivid-003: Generate RBDS Instead of RDS: false [ 3431.563628][T31394] vivid-003: RDS Reception: true [ 3431.584306][T31409] FAULT_INJECTION: forcing a failure. [ 3431.584306][T31409] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3431.611592][T31394] vivid-003: RDS Program Type: 0 inactive [ 3431.647927][T31394] vivid-003: RDS PS Name: inactive [ 3431.687648][T31394] vivid-003: RDS Radio Text: inactive [ 3431.712683][T31409] CPU: 1 UID: 0 PID: 31409 Comm: syz.3.10185 Not tainted syzkaller #0 PREEMPT(full) [ 3431.712709][T31409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3431.712722][T31409] Call Trace: [ 3431.712729][T31409] [ 3431.712737][T31409] dump_stack_lvl+0x16c/0x1f0 [ 3431.712766][T31409] should_fail_ex+0x512/0x640 [ 3431.712798][T31409] _copy_from_user+0x2e/0xd0 [ 3431.712832][T31409] copy_msghdr_from_user+0x98/0x160 [ 3431.712859][T31409] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 3431.712889][T31409] ? kfree+0x24f/0x4d0 [ 3431.712907][T31409] ? futex_unqueue+0x13d/0x2c0 [ 3431.712934][T31409] ___sys_recvmsg+0xdb/0x1a0 [ 3431.712960][T31409] ? __pfx____sys_recvmsg+0x10/0x10 [ 3431.712999][T31409] ? __pfx___might_resched+0x10/0x10 [ 3431.713024][T31409] do_recvmmsg+0x2fe/0x750 [ 3431.713051][T31409] ? __pfx_do_recvmmsg+0x10/0x10 [ 3431.713076][T31409] ? ksys_write+0x190/0x250 [ 3431.713099][T31409] ? rcu_is_watching+0x12/0xc0 [ 3431.713122][T31409] ? do_futex+0x122/0x350 [ 3431.713151][T31409] ? __x64_sys_futex+0x1e0/0x4c0 [ 3431.713178][T31409] __x64_sys_recvmmsg+0x22a/0x280 [ 3431.713207][T31409] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 3431.713238][T31409] do_syscall_64+0xcd/0x490 [ 3431.713266][T31409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3431.713287][T31409] RIP: 0033:0x7f092478ebe9 [ 3431.713302][T31409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3431.713322][T31409] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 3431.713341][T31409] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3431.713355][T31409] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 3431.713367][T31409] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3431.713380][T31409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3431.713392][T31409] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3431.713422][T31409] [ 3431.713584][T31394] vivid-003: RDS Traffic Announcement: false inactive [ 3432.418812][T31394] vivid-003: RDS Traffic Program: false inactive [ 3432.653002][T31394] vivid-003: RDS Music: false inactive [ 3432.683692][T31394] vivid-003: ================== END STATUS ================== [ 3432.918878][T31444] FAULT_INJECTION: forcing a failure. [ 3432.918878][T31444] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3432.976482][T31444] CPU: 1 UID: 0 PID: 31444 Comm: syz.0.10195 Not tainted syzkaller #0 PREEMPT(full) [ 3432.976509][T31444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3432.976522][T31444] Call Trace: [ 3432.976529][T31444] [ 3432.976537][T31444] dump_stack_lvl+0x16c/0x1f0 [ 3432.976567][T31444] should_fail_ex+0x512/0x640 [ 3432.976599][T31444] should_fail_alloc_page+0xe7/0x130 [ 3432.976628][T31444] prepare_alloc_pages+0x3c2/0x610 [ 3432.976662][T31444] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 3432.976687][T31444] ? arch_stack_walk+0xa6/0x100 [ 3432.976714][T31444] ? stack_trace_save+0x8e/0xc0 [ 3432.976737][T31444] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 3432.976762][T31444] ? rcu_is_watching+0x12/0xc0 [ 3432.976786][T31444] ? kasan_save_track+0x14/0x30 [ 3432.976818][T31444] ? __kasan_slab_alloc+0x89/0x90 [ 3432.976848][T31444] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3432.976872][T31444] ? __pmd_alloc+0xbf/0x930 [ 3432.976902][T31444] ? __handle_mm_fault+0xa06/0x2a50 [ 3432.976922][T31444] ? handle_mm_fault+0x589/0xd10 [ 3432.976941][T31444] ? do_user_addr_fault+0x7a6/0x1370 [ 3432.976973][T31444] ? exc_page_fault+0x5c/0xb0 [ 3432.976996][T31444] ? asm_exc_page_fault+0x26/0x30 [ 3432.977015][T31444] ? rep_movs_alternative+0x11/0x90 [ 3432.977034][T31444] ? _copy_to_user+0xbb/0xd0 [ 3432.977050][T31444] ? __do_sys_getcwd+0x483/0x930 [ 3432.977079][T31444] ? do_syscall_64+0xcd/0x490 [ 3432.977105][T31444] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3432.977137][T31444] ? policy_nodemask+0xea/0x4e0 [ 3432.977165][T31444] alloc_pages_mpol+0x1fb/0x550 [ 3432.977192][T31444] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 3432.977223][T31444] alloc_pages_noprof+0x131/0x390 [ 3432.977251][T31444] pte_alloc_one+0x1c/0x3a0 [ 3432.977272][T31444] __pte_alloc+0x6d/0x3c0 [ 3432.977300][T31444] ? __pfx___pte_alloc+0x10/0x10 [ 3432.977328][T31444] ? rcu_is_watching+0x12/0xc0 [ 3432.977349][T31444] ? do_raw_spin_lock+0x12c/0x2b0 [ 3432.977382][T31444] do_pte_missing+0x285a/0x3ba0 [ 3432.977402][T31444] ? do_raw_spin_unlock+0x172/0x230 [ 3432.977435][T31444] ? _raw_spin_unlock+0x28/0x50 [ 3432.977457][T31444] ? __pmd_alloc+0x3fb/0x930 [ 3432.977488][T31444] __handle_mm_fault+0x152a/0x2a50 [ 3432.977511][T31444] ? mt_find+0x3ef/0xa30 [ 3432.977539][T31444] ? __pfx___handle_mm_fault+0x10/0x10 [ 3432.977559][T31444] ? __pfx_mt_find+0x10/0x10 [ 3432.977586][T31444] ? stack_depot_save_flags+0x29/0x9c0 [ 3432.977623][T31444] ? find_vma+0xbf/0x140 [ 3432.977649][T31444] ? __pfx_find_vma+0x10/0x10 [ 3432.977678][T31444] handle_mm_fault+0x589/0xd10 [ 3432.977699][T31444] ? __bpf_trace_exceptions+0x1/0x40 [ 3432.977731][T31444] do_user_addr_fault+0x7a6/0x1370 [ 3432.977765][T31444] ? rcu_is_watching+0x12/0xc0 [ 3432.977787][T31444] exc_page_fault+0x5c/0xb0 [ 3432.977811][T31444] asm_exc_page_fault+0x26/0x30 [ 3432.977830][T31444] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 3432.977857][T31444] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 3432.977878][T31444] RSP: 0018:ffffc90003d5fdb0 EFLAGS: 00050206 [ 3432.977894][T31444] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 3432.977907][T31444] RDX: ffffed100b040640 RSI: ffff8880582031fb RDI: 0000000000000000 [ 3432.977921][T31444] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100b04063f [ 3432.977935][T31444] R10: ffff8880582031ff R11: 0000000000000001 R12: ffff8880582031fb [ 3432.977948][T31444] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 3432.977967][T31444] _copy_to_user+0xbb/0xd0 [ 3432.977985][T31444] __do_sys_getcwd+0x483/0x930 [ 3432.978017][T31444] ? __pfx___do_sys_getcwd+0x10/0x10 [ 3432.978046][T31444] ? fput+0x9b/0xd0 [ 3432.978074][T31444] ? xfd_validate_state+0x61/0x180 [ 3432.978106][T31444] ? __pfx_ksys_write+0x10/0x10 [ 3432.978134][T31444] do_syscall_64+0xcd/0x490 [ 3432.978161][T31444] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3432.978181][T31444] RIP: 0033:0x7fcfabf8ebe9 [ 3432.978196][T31444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3432.978216][T31444] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 3432.978235][T31444] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3432.978249][T31444] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 3432.978261][T31444] RBP: 00007fcfac011e19 R08: 0000000000000000 R09: 0000000000000000 [ 3432.978274][T31444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3432.978287][T31444] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3432.978306][T31444] [ 3434.499292][T31446] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10196'. [ 3435.630997][T31478] vivid-003: ================= START STATUS ================= [ 3435.668639][T31478] vivid-003: Radio HW Seek Mode: Bounded [ 3435.674297][T31478] vivid-003: Radio Programmable HW Seek: false [ 3435.716222][T31478] vivid-003: RDS Rx I/O Mode: Block I/O [ 3435.740626][T31478] vivid-003: Generate RBDS Instead of RDS: false [ 3435.768990][T31478] vivid-003: RDS Reception: true [ 3435.800199][T31478] vivid-003: RDS Program Type: 0 inactive [ 3435.806706][T31494] random: crng reseeded on system resumption [ 3435.825910][T31478] vivid-003: RDS PS Name: inactive [ 3435.871449][T31478] vivid-003: RDS Radio Text: inactive [ 3435.946649][T31478] vivid-003: RDS Traffic Announcement: false inactive [ 3436.065255][T31478] vivid-003: RDS Traffic Program: false inactive [ 3436.141380][T31478] vivid-003: RDS Music: false inactive [ 3436.218383][T31478] vivid-003: ================== END STATUS ================== [ 3436.271480][T31502] vivid-003: ================= START STATUS ================= [ 3436.309334][T31502] vivid-003: Radio HW Seek Mode: Bounded [ 3436.350942][T31502] vivid-003: Radio Programmable HW Seek: false [ 3436.386392][T31502] vivid-003: RDS Rx I/O Mode: Block I/O [ 3436.412883][T31502] vivid-003: Generate RBDS Instead of RDS: false [ 3436.422320][T31509] FAULT_INJECTION: forcing a failure. [ 3436.422320][T31509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3436.437459][T31502] vivid-003: RDS Reception: true [ 3436.448026][T31502] vivid-003: RDS Program Type: 0 inactive [ 3436.458371][T31509] CPU: 1 UID: 0 PID: 31509 Comm: syz.1.10210 Not tainted syzkaller #0 PREEMPT(full) [ 3436.458395][T31509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3436.458407][T31509] Call Trace: [ 3436.458413][T31509] [ 3436.458420][T31509] dump_stack_lvl+0x16c/0x1f0 [ 3436.458449][T31509] should_fail_ex+0x512/0x640 [ 3436.458479][T31509] _copy_to_user+0x32/0xd0 [ 3436.458497][T31509] rng_dev_read+0x1ea/0x810 [ 3436.458530][T31509] ? __pfx_virtio_read+0x10/0x10 [ 3436.458548][T31509] ? __pfx_rng_dev_read+0x10/0x10 [ 3436.458586][T31509] ? bpf_lsm_file_permission+0x9/0x10 [ 3436.458615][T31509] ? security_file_permission+0x71/0x210 [ 3436.458645][T31509] ? rw_verify_area+0xcf/0x6c0 [ 3436.458665][T31509] ? __pfx_rng_dev_read+0x10/0x10 [ 3436.458695][T31509] vfs_read+0x1e4/0xcf0 [ 3436.458719][T31509] ? __pfx_vfs_read+0x10/0x10 [ 3436.458740][T31509] ? __fget_files+0x204/0x3c0 [ 3436.458761][T31509] ? rcu_is_watching+0x12/0xc0 [ 3436.458781][T31509] ? lock_release+0x201/0x2f0 [ 3436.458809][T31509] ? __fget_files+0x20e/0x3c0 [ 3436.458832][T31509] ksys_read+0x12a/0x250 [ 3436.458854][T31509] ? __pfx_ksys_read+0x10/0x10 [ 3436.458875][T31509] ? syscall_user_dispatch+0x78/0x140 [ 3436.458912][T31509] do_syscall_64+0xcd/0x490 [ 3436.458939][T31509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3436.458959][T31509] RIP: 0033:0x7f918578ebe9 [ 3436.458974][T31509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3436.458995][T31509] RSP: 002b:00007f9186686038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3436.459013][T31509] RAX: ffffffffffffffda RBX: 00007f91859b5fa0 RCX: 00007f918578ebe9 [ 3436.459027][T31509] RDX: 00000000fffffe82 RSI: 0000200000000040 RDI: 0000000000000008 [ 3436.459040][T31509] RBP: 00007f9186686090 R08: 0000000000000000 R09: 0000000000000000 [ 3436.459053][T31509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3436.459065][T31509] R13: 00007f91859b6038 R14: 00007f91859b5fa0 R15: 00007ffff9289498 [ 3436.459084][T31509] [ 3436.857434][T31511] FAULT_INJECTION: forcing a failure. [ 3436.857434][T31511] name failslab, interval 1, probability 0, space 0, times 0 [ 3436.870085][T31511] CPU: 1 UID: 0 PID: 31511 Comm: syz.3.10211 Not tainted syzkaller #0 PREEMPT(full) [ 3436.870113][T31511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3436.870127][T31511] Call Trace: [ 3436.870134][T31511] [ 3436.870141][T31511] dump_stack_lvl+0x16c/0x1f0 [ 3436.870171][T31511] should_fail_ex+0x512/0x640 [ 3436.870205][T31511] should_failslab+0xc2/0x120 [ 3436.870235][T31511] __kmalloc_cache_noprof+0x6a/0x3e0 [ 3436.870257][T31511] ? trace_pid_list_alloc+0x27c/0x3f0 [ 3436.870285][T31511] ? kasan_save_track+0x14/0x30 [ 3436.870311][T31511] trace_pid_list_alloc+0x27c/0x3f0 [ 3436.870340][T31511] trace_pid_write+0x10e/0x460 [ 3436.870374][T31511] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 3436.870405][T31511] ? __pfx_trace_pid_write+0x10/0x10 [ 3436.870437][T31511] ? __pfx___mutex_lock+0x10/0x10 [ 3436.870465][T31511] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 3436.870495][T31511] ? update_last_data+0xb3/0x510 [ 3436.870530][T31511] event_pid_write.isra.0+0x3f7/0x7f0 [ 3436.870562][T31511] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 3436.870592][T31511] ? lock_acquire+0x2cd/0x350 [ 3436.870621][T31511] ? __pfx___might_resched+0x10/0x10 [ 3436.870646][T31511] ? __pfx_ftrace_event_pid_write+0x10/0x10 [ 3436.870676][T31511] vfs_writev+0x5df/0xde0 [ 3436.870702][T31511] ? __pfx_vfs_writev+0x10/0x10 [ 3436.870724][T31511] ? __mutex_lock+0x1c5/0x1060 [ 3436.870752][T31511] ? do_writev+0x218/0x340 [ 3436.870773][T31511] ? rcu_is_watching+0x12/0xc0 [ 3436.870797][T31511] ? __pfx___mutex_lock+0x10/0x10 [ 3436.870829][T31511] ? __fget_files+0x20e/0x3c0 [ 3436.870856][T31511] ? do_writev+0x132/0x340 [ 3436.870878][T31511] do_writev+0x132/0x340 [ 3436.870899][T31511] ? __pfx_do_writev+0x10/0x10 [ 3436.870926][T31511] do_syscall_64+0xcd/0x490 [ 3436.870955][T31511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3436.870977][T31511] RIP: 0033:0x7f092478ebe9 [ 3436.870993][T31511] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3436.871015][T31511] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 3436.871035][T31511] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3436.871049][T31511] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 3436.871063][T31511] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3436.871076][T31511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3436.871089][T31511] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3436.871110][T31511] [ 3437.126726][ C1] vkms_vblank_simulate: vblank timer overrun [ 3437.147820][T31502] vivid-003: RDS PS Name: inactive [ 3437.153149][T31502] vivid-003: RDS Radio Text: inactive [ 3437.158701][T31502] vivid-003: RDS Traffic Announcement: false inactive [ 3437.166029][T31502] vivid-003: RDS Traffic Program: false inactive [ 3437.172422][T31502] vivid-003: RDS Music: false inactive [ 3437.177943][T31502] vivid-003: ================== END STATUS ================== [ 3438.065435][T31540] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 3438.151431][T31540] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 3438.388911][T31545] FAULT_INJECTION: forcing a failure. [ 3438.388911][T31545] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3438.456818][T31545] CPU: 1 UID: 0 PID: 31545 Comm: syz.1.10220 Not tainted syzkaller #0 PREEMPT(full) [ 3438.456846][T31545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3438.456859][T31545] Call Trace: [ 3438.456865][T31545] [ 3438.456873][T31545] dump_stack_lvl+0x16c/0x1f0 [ 3438.456902][T31545] should_fail_ex+0x512/0x640 [ 3438.456934][T31545] should_fail_alloc_page+0xe7/0x130 [ 3438.456965][T31545] prepare_alloc_pages+0x3c2/0x610 [ 3438.456998][T31545] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 3438.457024][T31545] ? stack_depot_save_flags+0x29/0x9c0 [ 3438.457055][T31545] ? lock_acquire+0x2cd/0x350 [ 3438.457081][T31545] ? css_rstat_updated+0x1c2/0x510 [ 3438.457104][T31545] ? kasan_save_stack+0x42/0x60 [ 3438.457126][T31545] ? kasan_save_stack+0x33/0x60 [ 3438.457149][T31545] ? kasan_save_track+0x14/0x30 [ 3438.457172][T31545] ? __kasan_slab_alloc+0x89/0x90 [ 3438.457197][T31545] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3438.457221][T31545] ? __anon_vma_prepare+0x344/0x5e0 [ 3438.457243][T31545] ? __vmf_anon_prepare+0x11c/0x240 [ 3438.457274][T31545] ? do_wp_page+0x105a/0x4f00 [ 3438.457303][T31545] ? __handle_mm_fault+0x1b2d/0x2a50 [ 3438.457327][T31545] ? handle_mm_fault+0x589/0xd10 [ 3438.457347][T31545] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 3438.457379][T31545] ? rep_movs_alternative+0x11/0x90 [ 3438.457398][T31545] ? __do_sys_getcwd+0x483/0x930 [ 3438.457427][T31545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3438.457449][T31545] ? rcu_is_watching+0x12/0xc0 [ 3438.457471][T31545] ? local_lock_release+0x99/0x140 [ 3438.457498][T31545] ? rcu_is_watching+0x12/0xc0 [ 3438.457517][T31545] ? lock_release+0x201/0x2f0 [ 3438.457544][T31545] ? rcu_is_watching+0x12/0xc0 [ 3438.457563][T31545] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3438.457594][T31545] ? policy_nodemask+0xea/0x4e0 [ 3438.457622][T31545] alloc_pages_mpol+0x1fb/0x550 [ 3438.457649][T31545] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 3438.457676][T31545] ? __anon_vma_prepare+0x2db/0x5e0 [ 3438.457697][T31545] ? rcu_is_watching+0x12/0xc0 [ 3438.457717][T31545] ? lock_release+0x201/0x2f0 [ 3438.457743][T31545] folio_alloc_mpol_noprof+0x36/0x2f0 [ 3438.457775][T31545] vma_alloc_folio_noprof+0xed/0x1e0 [ 3438.457806][T31545] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 3438.457837][T31545] ? __anon_vma_prepare+0x2e2/0x5e0 [ 3438.457862][T31545] do_wp_page+0x1136/0x4f00 [ 3438.457895][T31545] ? lock_acquire+0x2cd/0x350 [ 3438.457921][T31545] ? __pfx_do_wp_page+0x10/0x10 [ 3438.457952][T31545] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 3438.457984][T31545] ? ___pte_offset_map+0x2ad/0x4f0 [ 3438.458014][T31545] __handle_mm_fault+0x1b2d/0x2a50 [ 3438.458035][T31545] ? mt_find+0x3ef/0xa30 [ 3438.458063][T31545] ? __pfx___handle_mm_fault+0x10/0x10 [ 3438.458083][T31545] ? __pfx_mt_find+0x10/0x10 [ 3438.458109][T31545] ? stack_depot_save_flags+0x29/0x9c0 [ 3438.458145][T31545] ? find_vma+0xbf/0x140 [ 3438.458171][T31545] ? __pfx_find_vma+0x10/0x10 [ 3438.458199][T31545] handle_mm_fault+0x589/0xd10 [ 3438.458220][T31545] ? __bpf_trace_exceptions+0x1/0x40 [ 3438.458252][T31545] do_user_addr_fault+0x7a6/0x1370 [ 3438.458285][T31545] ? rcu_is_watching+0x12/0xc0 [ 3438.458306][T31545] exc_page_fault+0x5c/0xb0 [ 3438.458330][T31545] asm_exc_page_fault+0x26/0x30 [ 3438.458349][T31545] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 3438.458377][T31545] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 3438.458398][T31545] RSP: 0018:ffffc90003c0fdb0 EFLAGS: 00050206 [ 3438.458415][T31545] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 3438.458428][T31545] RDX: ffffed1002716ca0 RSI: ffff8880138b64fb RDI: 0000000000000000 [ 3438.458442][T31545] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed1002716c9f [ 3438.458455][T31545] R10: ffff8880138b64ff R11: 0000000000000001 R12: ffff8880138b64fb [ 3438.458469][T31545] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 3438.458488][T31545] _copy_to_user+0xbb/0xd0 [ 3438.458507][T31545] __do_sys_getcwd+0x483/0x930 [ 3438.458540][T31545] ? __pfx___do_sys_getcwd+0x10/0x10 [ 3438.458568][T31545] ? fput+0x9b/0xd0 [ 3438.458597][T31545] ? xfd_validate_state+0x61/0x180 [ 3438.458632][T31545] ? __pfx_ksys_write+0x10/0x10 [ 3438.458659][T31545] do_syscall_64+0xcd/0x490 [ 3438.458688][T31545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3438.458708][T31545] RIP: 0033:0x7f918578ebe9 [ 3438.458722][T31545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3438.458742][T31545] RSP: 002b:00007f9186686038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 3438.458760][T31545] RAX: ffffffffffffffda RBX: 00007f91859b5fa0 RCX: 00007f918578ebe9 [ 3438.458773][T31545] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 3438.458786][T31545] RBP: 00007f9185811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3438.458798][T31545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3438.458811][T31545] R13: 00007f91859b6038 R14: 00007f91859b5fa0 R15: 00007ffff9289498 [ 3438.458830][T31545] [ 3438.950546][ C1] vkms_vblank_simulate: vblank timer overrun [ 3439.246836][T31556] vivid-003: ================= START STATUS ================= [ 3439.254512][T31556] vivid-003: Radio HW Seek Mode: Bounded [ 3439.260222][T31556] vivid-003: Radio Programmable HW Seek: false [ 3439.266374][T31556] vivid-003: RDS Rx I/O Mode: Block I/O [ 3439.271936][T31556] vivid-003: Generate RBDS Instead of RDS: false [ 3439.278283][T31556] vivid-003: RDS Reception: true [ 3439.283226][T31556] vivid-003: RDS Program Type: 0 inactive [ 3439.288969][T31556] vivid-003: RDS PS Name: inactive [ 3439.294190][T31556] vivid-003: RDS Radio Text: inactive [ 3439.299686][T31556] vivid-003: RDS Traffic Announcement: false inactive [ 3439.306474][T31556] vivid-003: RDS Traffic Program: false inactive [ 3439.313412][T31556] vivid-003: RDS Music: false inactive [ 3439.318897][T31556] vivid-003: ================== END STATUS ================== [ 3440.579546][T31595] usb usb36: usbfs: process 31595 (syz.1.10232) did not claim interface 0 before use [ 3441.467199][T31605] vivid-003: ================= START STATUS ================= [ 3441.503519][T31605] vivid-003: Radio HW Seek Mode: Bounded [ 3441.521507][T31605] vivid-003: Radio Programmable HW Seek: false [ 3441.542105][T31605] vivid-003: RDS Rx I/O Mode: Block I/O [ 3441.565140][T31620] random: crng reseeded on system resumption [ 3441.574815][T31605] vivid-003: Generate RBDS Instead of RDS: false [ 3441.593076][T31605] vivid-003: RDS Reception: true [ 3441.612651][T31605] vivid-003: RDS Program Type: 0 inactive [ 3441.637300][T31605] vivid-003: RDS PS Name: inactive [ 3441.666899][T31605] vivid-003: RDS Radio Text: inactive [ 3441.689954][T31605] vivid-003: RDS Traffic Announcement: false inactive [ 3441.716973][T31605] vivid-003: RDS Traffic Program: false inactive [ 3441.740581][T31605] vivid-003: RDS Music: false inactive [ 3441.761385][T31605] vivid-003: ================== END STATUS ================== [ 3442.488647][T31640] vivid-003: ================= START STATUS ================= [ 3442.531590][T31640] vivid-003: Radio HW Seek Mode: Bounded [ 3442.537245][T31640] vivid-003: Radio Programmable HW Seek: false [ 3442.588297][T31640] vivid-003: RDS Rx I/O Mode: Block I/O [ 3442.613036][T31640] vivid-003: Generate RBDS Instead of RDS: false [ 3442.641249][T31640] vivid-003: RDS Reception: true [ 3442.646645][T31650] FAULT_INJECTION: forcing a failure. [ 3442.646645][T31650] name failslab, interval 1, probability 0, space 0, times 0 [ 3442.693031][T31640] vivid-003: RDS Program Type: 0 inactive [ 3442.717441][T31650] CPU: 1 UID: 0 PID: 31650 Comm: syz.0.10248 Not tainted syzkaller #0 PREEMPT(full) [ 3442.717468][T31650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3442.717482][T31650] Call Trace: [ 3442.717489][T31650] [ 3442.717496][T31650] dump_stack_lvl+0x16c/0x1f0 [ 3442.717526][T31650] should_fail_ex+0x512/0x640 [ 3442.717559][T31650] should_failslab+0xc2/0x120 [ 3442.717588][T31650] __kmalloc_cache_noprof+0x6a/0x3e0 [ 3442.717610][T31650] ? snd_card_file_add+0x52/0x340 [ 3442.717644][T31650] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 3442.717668][T31650] snd_card_file_add+0x52/0x340 [ 3442.717701][T31650] ? lock_release+0x201/0x2f0 [ 3442.717728][T31650] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 3442.717752][T31650] snd_pcm_open+0xf1/0x730 [ 3442.717775][T31650] ? __pfx_snd_pcm_open+0x10/0x10 [ 3442.717803][T31650] ? __pfx_snd_pcm_capture_open+0x10/0x10 [ 3442.717827][T31650] snd_pcm_capture_open+0x89/0xe0 [ 3442.717850][T31650] snd_open+0x22a/0x4c0 [ 3442.717879][T31650] ? __pfx_snd_open+0x10/0x10 [ 3442.717908][T31650] chrdev_open+0x231/0x6a0 [ 3442.717934][T31650] ? __pfx_apparmor_file_open+0x10/0x10 [ 3442.717958][T31650] ? __pfx_chrdev_open+0x10/0x10 [ 3442.717985][T31650] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 3442.718011][T31650] do_dentry_open+0x97f/0x1530 [ 3442.718037][T31650] ? __pfx_chrdev_open+0x10/0x10 [ 3442.718066][T31650] vfs_open+0x82/0x3f0 [ 3442.718097][T31650] path_openat+0x1de4/0x2cb0 [ 3442.718125][T31650] ? __pfx_path_openat+0x10/0x10 [ 3442.718152][T31650] do_filp_open+0x20b/0x470 [ 3442.718176][T31650] ? __pfx_do_filp_open+0x10/0x10 [ 3442.718209][T31650] ? alloc_fd+0x471/0x7d0 [ 3442.718233][T31650] do_sys_openat2+0x11b/0x1d0 [ 3442.718271][T31650] ? __pfx_do_sys_openat2+0x10/0x10 [ 3442.718303][T31650] ? __pfx___might_resched+0x10/0x10 [ 3442.718327][T31650] __x64_sys_openat+0x174/0x210 [ 3442.718359][T31650] ? __pfx___x64_sys_openat+0x10/0x10 [ 3442.718395][T31650] do_syscall_64+0xcd/0x490 [ 3442.718422][T31650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3442.718444][T31650] RIP: 0033:0x7fcfabf8ebe9 [ 3442.718459][T31650] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3442.718480][T31650] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3442.718499][T31650] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3442.718512][T31650] RDX: 0000000000000000 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 3442.718525][T31650] RBP: 00007fcfac011e19 R08: 0000000000000000 R09: 0000000000000000 [ 3442.718538][T31650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3442.718551][T31650] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3442.718570][T31650] [ 3442.987782][ C1] vkms_vblank_simulate: vblank timer overrun [ 3443.000742][T31640] vivid-003: RDS PS Name: inactive [ 3443.005965][T31640] vivid-003: RDS Radio Text: inactive [ 3443.011720][T31640] vivid-003: RDS Traffic Announcement: false inactive [ 3443.018493][T31640] vivid-003: RDS Traffic Program: false inactive [ 3443.024866][T31640] vivid-003: RDS Music: false inactive [ 3443.030389][T31640] vivid-003: ================== END STATUS ================== [ 3444.226249][T31671] vivid-003: ================= START STATUS ================= [ 3444.253652][T31671] vivid-003: Radio HW Seek Mode: Bounded [ 3444.275741][T31671] vivid-003: Radio Programmable HW Seek: false [ 3444.303382][T31671] vivid-003: RDS Rx I/O Mode: Block I/O [ 3444.329495][T31671] vivid-003: Generate RBDS Instead of RDS: false [ 3444.352892][T31671] vivid-003: RDS Reception: true [ 3444.369502][T31671] vivid-003: RDS Program Type: 0 inactive [ 3444.396596][T31671] vivid-003: RDS PS Name: inactive [ 3444.426455][T31671] vivid-003: RDS Radio Text: inactive [ 3444.445153][T31671] vivid-003: RDS Traffic Announcement: false inactive [ 3444.469905][T31671] vivid-003: RDS Traffic Program: false inactive [ 3444.492199][T31671] vivid-003: RDS Music: false inactive [ 3444.509138][T31671] vivid-003: ================== END STATUS ================== [ 3444.987510][T31700] random: crng reseeded on system resumption [ 3445.249008][T31696] vivid-003: ================= START STATUS ================= [ 3445.289296][T31696] vivid-003: Radio HW Seek Mode: Bounded [ 3445.309495][T31696] vivid-003: Radio Programmable HW Seek: false [ 3445.337733][T31696] vivid-003: RDS Rx I/O Mode: Block I/O [ 3445.349355][T31705] FAULT_INJECTION: forcing a failure. [ 3445.349355][T31705] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3445.374973][T31696] vivid-003: Generate RBDS Instead of RDS: false [ 3445.395999][T31696] vivid-003: RDS Reception: true [ 3445.406227][T31705] CPU: 1 UID: 0 PID: 31705 Comm: syz.0.10260 Not tainted syzkaller #0 PREEMPT(full) [ 3445.406252][T31705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3445.406264][T31705] Call Trace: [ 3445.406271][T31705] [ 3445.406278][T31705] dump_stack_lvl+0x16c/0x1f0 [ 3445.406307][T31705] should_fail_ex+0x512/0x640 [ 3445.406336][T31705] _copy_from_user+0x2e/0xd0 [ 3445.406367][T31705] sctp_setsockopt+0x2045/0xb870 [ 3445.406396][T31705] ? lock_release+0x201/0x2f0 [ 3445.406423][T31705] ? __pfx_sctp_setsockopt+0x10/0x10 [ 3445.406451][T31705] ? rcu_is_watching+0x12/0xc0 [ 3445.406472][T31705] ? aa_sock_opt_perm+0xfd/0x1c0 [ 3445.406490][T31705] ? sock_common_setsockopt+0x2e/0xf0 [ 3445.406520][T31705] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 3445.406551][T31705] do_sock_setsockopt+0xf3/0x1d0 [ 3445.406582][T31705] __sys_setsockopt+0x120/0x1a0 [ 3445.406607][T31705] __x64_sys_setsockopt+0xbd/0x160 [ 3445.406630][T31705] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 3445.406661][T31705] do_syscall_64+0xcd/0x490 [ 3445.406688][T31705] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3445.406707][T31705] RIP: 0033:0x7fcfabf8ebe9 [ 3445.406722][T31705] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3445.406742][T31705] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 3445.406768][T31705] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3445.406781][T31705] RDX: 0000000000000085 RSI: 0000010000000084 RDI: 0000000000000003 [ 3445.406794][T31705] RBP: 00007fcfacd15090 R08: 0000000000000090 R09: 0000000000000000 [ 3445.406806][T31705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3445.406818][T31705] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3445.406837][T31705] [ 3445.406918][T31696] vivid-003: RDS Program Type: 0 inactive [ 3446.011415][T31696] vivid-003: RDS PS Name: inactive [ 3446.016642][T31696] vivid-003: RDS Radio Text: inactive [ 3446.071463][T31696] vivid-003: RDS Traffic Announcement: false inactive [ 3446.107585][T31696] vivid-003: RDS Traffic Program: false inactive [ 3446.141440][T31696] vivid-003: RDS Music: false inactive [ 3446.168824][T31696] vivid-003: ================== END STATUS ================== [ 3446.245924][T31695] vivid-003: ================= START STATUS ================= [ 3446.360887][T31695] vivid-003: Radio HW Seek Mode: Bounded [ 3446.422855][T31695] vivid-003: Radio Programmable HW Seek: false [ 3446.422880][T31695] vivid-003: RDS Rx I/O Mode: Block I/O [ 3446.422900][T31695] vivid-003: Generate RBDS Instead of RDS: false [ 3446.422919][T31695] vivid-003: RDS Reception: true [ 3446.422938][T31695] vivid-003: RDS Program Type: 0 inactive [ 3446.422962][T31695] vivid-003: RDS PS Name: inactive [ 3446.422985][T31695] vivid-003: RDS Radio Text: inactive [ 3446.423007][T31695] vivid-003: RDS Traffic Announcement: false inactive [ 3446.423031][T31695] vivid-003: RDS Traffic Program: false inactive [ 3446.423054][T31695] vivid-003: RDS Music: false inactive [ 3446.423076][T31695] vivid-003: ================== END STATUS ================== [ 3446.540439][T31715] vivid-003: ================= START STATUS ================= [ 3446.540456][T31715] vivid-003: Radio HW Seek Mode: Bounded [ 3446.540477][T31715] vivid-003: Radio Programmable HW Seek: false [ 3446.540496][T31715] vivid-003: RDS Rx I/O Mode: Block I/O [ 3446.540514][T31715] vivid-003: Generate RBDS Instead of RDS: false [ 3446.540533][T31715] vivid-003: RDS Reception: true [ 3446.540551][T31715] vivid-003: RDS Program Type: 0 inactive [ 3446.540574][T31715] vivid-003: RDS PS Name: inactive [ 3446.540596][T31715] vivid-003: RDS Radio Text: inactive [ 3446.540617][T31715] vivid-003: RDS Traffic Announcement: false inactive [ 3446.540640][T31715] vivid-003: RDS Traffic Program: false inactive [ 3446.540669][T31715] vivid-003: RDS Music: false inactive [ 3446.540691][T31715] vivid-003: ================== END STATUS ================== [ 3446.549638][T31726] usb usb36: usbfs: process 31726 (syz.3.10264) did not claim interface 0 before use [ 3447.668211][T27645] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 3448.469222][T31756] vivid-003: ================= START STATUS ================= [ 3448.509172][T31756] vivid-003: Radio HW Seek Mode: Bounded [ 3448.532977][T31756] vivid-003: Radio Programmable HW Seek: false [ 3448.539170][T31756] vivid-003: RDS Rx I/O Mode: Block I/O [ 3448.588220][T31756] vivid-003: Generate RBDS Instead of RDS: false [ 3448.634917][T31756] vivid-003: RDS Reception: true [ 3448.650698][T31756] vivid-003: RDS Program Type: 0 inactive [ 3448.697228][T31756] vivid-003: RDS PS Name: inactive [ 3448.734586][T31756] vivid-003: RDS Radio Text: inactive [ 3448.771485][T31756] vivid-003: RDS Traffic Announcement: false inactive [ 3448.833376][T31756] vivid-003: RDS Traffic Program: false inactive [ 3448.863348][T31756] vivid-003: RDS Music: false inactive [ 3448.893224][T31756] vivid-003: ================== END STATUS ================== [ 3449.265872][T31772] vivid-003: ================= START STATUS ================= [ 3449.287117][T31772] vivid-003: Radio HW Seek Mode: Bounded [ 3449.307504][T31772] vivid-003: Radio Programmable HW Seek: false [ 3449.330356][T31772] vivid-003: RDS Rx I/O Mode: Block I/O [ 3449.351066][T31772] vivid-003: Generate RBDS Instead of RDS: false [ 3449.368711][T31772] vivid-003: RDS Reception: true [ 3449.384393][T31772] vivid-003: RDS Program Type: 0 inactive [ 3449.429592][T31772] vivid-003: RDS PS Name: inactive [ 3449.482701][T31772] vivid-003: RDS Radio Text: inactive [ 3449.510993][T31772] vivid-003: RDS Traffic Announcement: false inactive [ 3449.544930][T31772] vivid-003: RDS Traffic Program: false inactive [ 3449.598983][T31772] vivid-003: RDS Music: false inactive [ 3449.642550][T31772] vivid-003: ================== END STATUS ================== [ 3449.686265][T31779] vivid-003: ================= START STATUS ================= [ 3449.738771][T31779] vivid-003: Radio HW Seek Mode: Bounded [ 3449.791057][T31779] vivid-003: Radio Programmable HW Seek: false [ 3449.841577][T31779] vivid-003: RDS Rx I/O Mode: Block I/O [ 3449.886188][T31779] vivid-003: Generate RBDS Instead of RDS: false [ 3449.922516][T31779] vivid-003: RDS Reception: true [ 3449.997095][T31779] vivid-003: RDS Program Type: 0 inactive [ 3450.079069][T31779] vivid-003: RDS PS Name: inactive [ 3450.146138][T31779] vivid-003: RDS Radio Text: inactive [ 3450.207112][T31779] vivid-003: RDS Traffic Announcement: false inactive [ 3450.258714][T31779] vivid-003: RDS Traffic Program: false inactive [ 3450.308088][T31779] vivid-003: RDS Music: false inactive [ 3450.373408][T31779] vivid-003: ================== END STATUS ================== [ 3452.665358][T31849] FAULT_INJECTION: forcing a failure. [ 3452.665358][T31849] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3452.716093][T31849] CPU: 1 UID: 0 PID: 31849 Comm: syz.1.10290 Not tainted syzkaller #0 PREEMPT(full) [ 3452.716125][T31849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3452.716138][T31849] Call Trace: [ 3452.716145][T31849] [ 3452.716152][T31849] dump_stack_lvl+0x16c/0x1f0 [ 3452.716182][T31849] should_fail_ex+0x512/0x640 [ 3452.716214][T31849] should_fail_alloc_page+0xe7/0x130 [ 3452.716244][T31849] prepare_alloc_pages+0x3c2/0x610 [ 3452.716278][T31849] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 3452.716304][T31849] ? stack_depot_save_flags+0x29/0x9c0 [ 3452.716334][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.716357][T31849] ? kasan_save_stack+0x42/0x60 [ 3452.716380][T31849] ? kasan_save_stack+0x33/0x60 [ 3452.716402][T31849] ? kasan_save_track+0x14/0x30 [ 3452.716425][T31849] ? __kasan_slab_alloc+0x89/0x90 [ 3452.716450][T31849] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3452.716474][T31849] ? __anon_vma_prepare+0x344/0x5e0 [ 3452.716495][T31849] ? __vmf_anon_prepare+0x11c/0x240 [ 3452.716526][T31849] ? do_wp_page+0x105a/0x4f00 [ 3452.716555][T31849] ? __handle_mm_fault+0x1b2d/0x2a50 [ 3452.716575][T31849] ? handle_mm_fault+0x589/0xd10 [ 3452.716595][T31849] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 3452.716621][T31849] ? rep_movs_alternative+0x11/0x90 [ 3452.716640][T31849] ? __do_sys_getcwd+0x483/0x930 [ 3452.716669][T31849] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3452.716691][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.716713][T31849] ? local_lock_release+0x99/0x140 [ 3452.716741][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.716761][T31849] ? lock_release+0x201/0x2f0 [ 3452.716789][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.716809][T31849] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3452.716841][T31849] ? policy_nodemask+0xea/0x4e0 [ 3452.716869][T31849] alloc_pages_mpol+0x1fb/0x550 [ 3452.716896][T31849] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 3452.716923][T31849] ? __anon_vma_prepare+0x2db/0x5e0 [ 3452.716945][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.716965][T31849] ? lock_release+0x201/0x2f0 [ 3452.716992][T31849] folio_alloc_mpol_noprof+0x36/0x2f0 [ 3452.717025][T31849] vma_alloc_folio_noprof+0xed/0x1e0 [ 3452.717056][T31849] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 3452.717088][T31849] ? __anon_vma_prepare+0x2e2/0x5e0 [ 3452.717120][T31849] do_wp_page+0x1136/0x4f00 [ 3452.717153][T31849] ? lock_acquire+0x2cd/0x350 [ 3452.717179][T31849] ? __pfx_do_wp_page+0x10/0x10 [ 3452.717210][T31849] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 3452.717242][T31849] ? ___pte_offset_map+0x2ad/0x4f0 [ 3452.717271][T31849] __handle_mm_fault+0x1b2d/0x2a50 [ 3452.717292][T31849] ? mt_find+0x3ef/0xa30 [ 3452.717320][T31849] ? __pfx___handle_mm_fault+0x10/0x10 [ 3452.717340][T31849] ? __pfx_mt_find+0x10/0x10 [ 3452.717366][T31849] ? stack_depot_save_flags+0x29/0x9c0 [ 3452.717401][T31849] ? find_vma+0xbf/0x140 [ 3452.717427][T31849] ? __pfx_find_vma+0x10/0x10 [ 3452.717455][T31849] handle_mm_fault+0x589/0xd10 [ 3452.717475][T31849] ? __bpf_trace_exceptions+0x1/0x40 [ 3452.717507][T31849] do_user_addr_fault+0x7a6/0x1370 [ 3452.717540][T31849] ? rcu_is_watching+0x12/0xc0 [ 3452.717561][T31849] exc_page_fault+0x5c/0xb0 [ 3452.717585][T31849] asm_exc_page_fault+0x26/0x30 [ 3452.717604][T31849] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 3452.717626][T31849] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 3452.717651][T31849] RSP: 0018:ffffc90003c9fdb0 EFLAGS: 00050206 [ 3452.717668][T31849] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 3452.717681][T31849] RDX: ffffed10121f5ca0 RSI: ffff888090fae4fb RDI: 0000000000000000 [ 3452.717694][T31849] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed10121f5c9f [ 3452.717724][T31849] R10: ffff888090fae4ff R11: 0000000000000001 R12: ffff888090fae4fb [ 3452.717738][T31849] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 3452.717758][T31849] _copy_to_user+0xbb/0xd0 [ 3452.717803][T31849] __do_sys_getcwd+0x483/0x930 [ 3452.717839][T31849] ? __pfx___do_sys_getcwd+0x10/0x10 [ 3452.717871][T31849] ? fput+0x9b/0xd0 [ 3452.717903][T31849] ? xfd_validate_state+0x61/0x180 [ 3452.717936][T31849] ? __pfx_ksys_write+0x10/0x10 [ 3452.717966][T31849] do_syscall_64+0xcd/0x490 [ 3452.717997][T31849] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3452.718020][T31849] RIP: 0033:0x7f918578ebe9 [ 3452.718036][T31849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3452.718059][T31849] RSP: 002b:00007f9186686038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 3452.718079][T31849] RAX: ffffffffffffffda RBX: 00007f91859b5fa0 RCX: 00007f918578ebe9 [ 3452.718094][T31849] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 3452.718109][T31849] RBP: 00007f9185811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3452.718129][T31849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3452.718143][T31849] R13: 00007f91859b6038 R14: 00007f91859b5fa0 R15: 00007ffff9289498 [ 3452.718166][T31849] [ 3453.211132][ C1] vkms_vblank_simulate: vblank timer overrun [ 3454.456408][T31865] vivid-003: ================= START STATUS ================= [ 3454.497245][T31865] vivid-003: Radio HW Seek Mode: Bounded [ 3454.502924][T31865] vivid-003: Radio Programmable HW Seek: false [ 3454.577426][T31865] vivid-003: RDS Rx I/O Mode: Block I/O [ 3454.605927][T31865] vivid-003: Generate RBDS Instead of RDS: false [ 3454.632787][T31865] vivid-003: RDS Reception: true [ 3454.660557][T31865] vivid-003: RDS Program Type: 0 inactive [ 3454.682734][T31865] vivid-003: RDS PS Name: inactive [ 3454.744991][T31865] vivid-003: RDS Radio Text: inactive [ 3454.796362][T31865] vivid-003: RDS Traffic Announcement: false inactive [ 3454.851478][T31865] vivid-003: RDS Traffic Program: false inactive [ 3454.885071][T31865] vivid-003: RDS Music: false inactive [ 3454.910983][T31865] vivid-003: ================== END STATUS ================== [ 3454.922339][T31889] FAULT_INJECTION: forcing a failure. [ 3454.922339][T31889] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3455.053663][T31889] CPU: 1 UID: 0 PID: 31889 Comm: syz.1.10299 Not tainted syzkaller #0 PREEMPT(full) [ 3455.053693][T31889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3455.053708][T31889] Call Trace: [ 3455.053716][T31889] [ 3455.053724][T31889] dump_stack_lvl+0x16c/0x1f0 [ 3455.053757][T31889] should_fail_ex+0x512/0x640 [ 3455.053791][T31889] _copy_to_user+0x32/0xd0 [ 3455.053812][T31889] simple_read_from_buffer+0xcb/0x170 [ 3455.053836][T31889] proc_fail_nth_read+0x197/0x240 [ 3455.053860][T31889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 3455.053883][T31889] ? security_file_permission+0x71/0x210 [ 3455.053927][T31889] ? rw_verify_area+0xcf/0x6c0 [ 3455.053950][T31889] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 3455.053974][T31889] vfs_read+0x1e4/0xcf0 [ 3455.053999][T31889] ? poll_select_finish+0x377/0x6b0 [ 3455.054023][T31889] ? __pfx___mutex_lock+0x10/0x10 [ 3455.054054][T31889] ? __pfx_vfs_read+0x10/0x10 [ 3455.054079][T31889] ? __fget_files+0x204/0x3c0 [ 3455.054103][T31889] ? rcu_is_watching+0x12/0xc0 [ 3455.054130][T31889] ? __fget_files+0x20e/0x3c0 [ 3455.054162][T31889] ksys_read+0x12a/0x250 [ 3455.054187][T31889] ? __pfx_ksys_read+0x10/0x10 [ 3455.054218][T31889] do_syscall_64+0xcd/0x490 [ 3455.054250][T31889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3455.054273][T31889] RIP: 0033:0x7f918578d5fc [ 3455.054290][T31889] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 3455.054314][T31889] RSP: 002b:00007f9186665030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3455.054336][T31889] RAX: ffffffffffffffda RBX: 00007f91859b6090 RCX: 00007f918578d5fc [ 3455.054352][T31889] RDX: 000000000000000f RSI: 00007f91866650a0 RDI: 0000000000000009 [ 3455.054367][T31889] RBP: 00007f9186665090 R08: 0000000000000000 R09: 0000000000000000 [ 3455.054381][T31889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3455.054395][T31889] R13: 00007f91859b6128 R14: 00007f91859b6090 R15: 00007ffff9289498 [ 3455.054417][T31889] [ 3455.254332][ C1] vkms_vblank_simulate: vblank timer overrun [ 3455.459135][T31902] vivid-003: ================= START STATUS ================= [ 3455.466816][T31902] vivid-003: Radio HW Seek Mode: Bounded [ 3455.472489][T31902] vivid-003: Radio Programmable HW Seek: false [ 3455.478688][T31902] vivid-003: RDS Rx I/O Mode: Block I/O [ 3455.484266][T31902] vivid-003: Generate RBDS Instead of RDS: false [ 3455.490605][T31902] vivid-003: RDS Reception: true [ 3455.522057][T31902] vivid-003: RDS Program Type: 0 inactive [ 3455.539507][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 3455.545807][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 3455.610919][T31902] vivid-003: RDS PS Name: inactive [ 3455.632819][T31902] vivid-003: RDS Radio Text: inactive [ 3455.663081][T31902] vivid-003: RDS Traffic Announcement: false inactive [ 3455.679126][T31902] vivid-003: RDS Traffic Program: false inactive [ 3455.701406][T31902] vivid-003: RDS Music: false inactive [ 3455.720530][T31902] vivid-003: ================== END STATUS ================== [ 3457.472834][T31938] vivid-003: ================= START STATUS ================= [ 3457.500185][T31938] vivid-003: Radio HW Seek Mode: Bounded [ 3457.518088][T31938] vivid-003: Radio Programmable HW Seek: false [ 3457.549968][T31938] vivid-003: RDS Rx I/O Mode: Block I/O [ 3457.555543][T31938] vivid-003: Generate RBDS Instead of RDS: false [ 3457.636974][T31938] vivid-003: RDS Reception: true [ 3457.718427][T31938] vivid-003: RDS Program Type: 0 inactive [ 3457.724171][T31938] vivid-003: RDS PS Name: inactive [ 3457.780171][T31938] vivid-003: RDS Radio Text: inactive [ 3457.832508][T31938] vivid-003: RDS Traffic Announcement: false inactive [ 3457.895606][T31938] vivid-003: RDS Traffic Program: false inactive [ 3457.958851][T31938] vivid-003: RDS Music: false inactive [ 3458.033611][T31938] vivid-003: ================== END STATUS ================== [ 3458.078009][T31947] vivid-003: ================= START STATUS ================= [ 3458.104142][T31947] vivid-003: Radio HW Seek Mode: Bounded [ 3458.121136][T31947] vivid-003: Radio Programmable HW Seek: false [ 3458.143985][T31947] vivid-003: RDS Rx I/O Mode: Block I/O [ 3458.160128][T31947] vivid-003: Generate RBDS Instead of RDS: false [ 3458.187670][T31947] vivid-003: RDS Reception: true [ 3458.204218][T31947] vivid-003: RDS Program Type: 0 inactive [ 3458.217548][T31947] vivid-003: RDS PS Name: inactive [ 3458.233894][T31947] vivid-003: RDS Radio Text: inactive [ 3458.253393][T31947] vivid-003: RDS Traffic Announcement: false inactive [ 3458.277500][T31947] vivid-003: RDS Traffic Program: false inactive [ 3458.311909][T31947] vivid-003: RDS Music: false inactive [ 3458.334678][T31947] vivid-003: ================== END STATUS ================== [ 3458.445353][T31962] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10318'. [ 3458.822967][T31983] FAULT_INJECTION: forcing a failure. [ 3458.822967][T31983] name failslab, interval 1, probability 0, space 0, times 0 [ 3458.866949][T31983] CPU: 1 UID: 0 PID: 31983 Comm: syz.0.10324 Not tainted syzkaller #0 PREEMPT(full) [ 3458.866975][T31983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3458.866987][T31983] Call Trace: [ 3458.866994][T31983] [ 3458.867001][T31983] dump_stack_lvl+0x16c/0x1f0 [ 3458.867029][T31983] should_fail_ex+0x512/0x640 [ 3458.867059][T31983] should_failslab+0xc2/0x120 [ 3458.867085][T31983] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 3458.867108][T31983] ? __pfx_acct_collect+0x10/0x10 [ 3458.867138][T31983] ? taskstats_exit+0x654/0xbe0 [ 3458.867167][T31983] taskstats_exit+0x654/0xbe0 [ 3458.867194][T31983] ? do_exit+0x2db/0x2bf0 [ 3458.867221][T31983] ? __pfx_taskstats_exit+0x10/0x10 [ 3458.867248][T31983] ? lock_release+0x201/0x2f0 [ 3458.867274][T31983] ? preempt_count_add+0x76/0x150 [ 3458.867303][T31983] do_exit+0x5dc/0x2bf0 [ 3458.867332][T31983] ? __pfx_do_exit+0x10/0x10 [ 3458.867358][T31983] ? do_raw_spin_lock+0x12c/0x2b0 [ 3458.867388][T31983] ? get_signal+0x8f5/0x26d0 [ 3458.867409][T31983] ? rcu_is_watching+0x12/0xc0 [ 3458.867430][T31983] do_group_exit+0xd3/0x2a0 [ 3458.867458][T31983] get_signal+0x2673/0x26d0 [ 3458.867481][T31983] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 3458.867517][T31983] ? __pfx_get_signal+0x10/0x10 [ 3458.867539][T31983] ? do_futex+0x122/0x350 [ 3458.867564][T31983] ? __pfx_do_futex+0x10/0x10 [ 3458.867594][T31983] arch_do_signal_or_restart+0x8f/0x790 [ 3458.867621][T31983] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3458.867651][T31983] ? xfd_validate_state+0x61/0x180 [ 3458.867680][T31983] ? __pfx_ksys_write+0x10/0x10 [ 3458.867705][T31983] exit_to_user_mode_loop+0x84/0x110 [ 3458.867736][T31983] do_syscall_64+0x3f6/0x490 [ 3458.867763][T31983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3458.867783][T31983] RIP: 0033:0x7fcfabf8ebe9 [ 3458.867798][T31983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3458.867818][T31983] RSP: 002b:00007fcfacd150e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 3458.867838][T31983] RAX: fffffffffffffe00 RBX: 00007fcfac1b5fa8 RCX: 00007fcfabf8ebe9 [ 3458.867851][T31983] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fcfac1b5fa8 [ 3458.867864][T31983] RBP: 00007fcfac1b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 3458.867876][T31983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3458.867888][T31983] R13: 00007fcfac1b6038 R14: 00007ffebf983680 R15: 00007ffebf983768 [ 3458.867907][T31983] [ 3460.151343][T32006] vivid-003: ================= START STATUS ================= [ 3460.190734][T32006] vivid-003: Radio HW Seek Mode: Bounded [ 3460.212172][T32006] vivid-003: Radio Programmable HW Seek: false [ 3460.240113][T32006] vivid-003: RDS Rx I/O Mode: Block I/O [ 3460.258977][T32006] vivid-003: Generate RBDS Instead of RDS: false [ 3460.265327][T32006] vivid-003: RDS Reception: true [ 3460.348561][T32006] vivid-003: RDS Program Type: 0 inactive [ 3460.426650][T32006] vivid-003: RDS PS Name: inactive [ 3460.462455][T32006] vivid-003: RDS Radio Text: inactive [ 3460.517575][T32006] vivid-003: RDS Traffic Announcement: false inactive [ 3460.579872][T32006] vivid-003: RDS Traffic Program: false inactive [ 3460.640441][T32006] vivid-003: RDS Music: false inactive [ 3460.710286][T32006] vivid-003: ================== END STATUS ================== [ 3461.126155][T32036] FAULT_INJECTION: forcing a failure. [ 3461.126155][T32036] name failslab, interval 1, probability 0, space 0, times 0 [ 3461.181472][T32036] CPU: 1 UID: 0 PID: 32036 Comm: syz.2.10337 Not tainted syzkaller #0 PREEMPT(full) [ 3461.181498][T32036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3461.181511][T32036] Call Trace: [ 3461.181517][T32036] [ 3461.181524][T32036] dump_stack_lvl+0x16c/0x1f0 [ 3461.181554][T32036] should_fail_ex+0x512/0x640 [ 3461.181583][T32036] should_failslab+0xc2/0x120 [ 3461.181610][T32036] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 3461.181633][T32036] ? __pfx_acct_collect+0x10/0x10 [ 3461.181663][T32036] ? taskstats_exit+0x654/0xbe0 [ 3461.181693][T32036] taskstats_exit+0x654/0xbe0 [ 3461.181721][T32036] ? do_exit+0x2db/0x2bf0 [ 3461.181748][T32036] ? __pfx_taskstats_exit+0x10/0x10 [ 3461.181775][T32036] ? lock_release+0x201/0x2f0 [ 3461.181801][T32036] ? preempt_count_add+0x76/0x150 [ 3461.181831][T32036] do_exit+0x5dc/0x2bf0 [ 3461.181860][T32036] ? __pfx_do_exit+0x10/0x10 [ 3461.181887][T32036] ? do_raw_spin_lock+0x12c/0x2b0 [ 3461.181917][T32036] ? get_signal+0x8f5/0x26d0 [ 3461.181939][T32036] ? rcu_is_watching+0x12/0xc0 [ 3461.181960][T32036] do_group_exit+0xd3/0x2a0 [ 3461.181988][T32036] get_signal+0x2673/0x26d0 [ 3461.182012][T32036] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 3461.182045][T32036] ? __pfx_get_signal+0x10/0x10 [ 3461.182067][T32036] ? do_futex+0x122/0x350 [ 3461.182092][T32036] ? __pfx_do_futex+0x10/0x10 [ 3461.182117][T32036] arch_do_signal_or_restart+0x8f/0x790 [ 3461.182144][T32036] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 3461.182173][T32036] ? xfd_validate_state+0x61/0x180 [ 3461.182202][T32036] ? __pfx_ksys_write+0x10/0x10 [ 3461.182227][T32036] exit_to_user_mode_loop+0x84/0x110 [ 3461.182257][T32036] do_syscall_64+0x3f6/0x490 [ 3461.182284][T32036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3461.182304][T32036] RIP: 0033:0x7fe150d8ebe9 [ 3461.182319][T32036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3461.182339][T32036] RSP: 002b:00007fe14eff60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 3461.182365][T32036] RAX: fffffffffffffe00 RBX: 00007fe150fb5fa8 RCX: 00007fe150d8ebe9 [ 3461.182379][T32036] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe150fb5fa8 [ 3461.182391][T32036] RBP: 00007fe150fb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 3461.182404][T32036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3461.182415][T32036] R13: 00007fe150fb6038 R14: 00007ffd61508250 R15: 00007ffd61508338 [ 3461.182434][T32036] [ 3461.627126][T32038] FAULT_INJECTION: forcing a failure. [ 3461.627126][T32038] name fail_futex, interval 1, probability 0, space 0, times 0 [ 3461.640201][T32038] CPU: 1 UID: 0 PID: 32038 Comm: syz.1.10335 Not tainted syzkaller #0 PREEMPT(full) [ 3461.640227][T32038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3461.640239][T32038] Call Trace: [ 3461.640246][T32038] [ 3461.640254][T32038] dump_stack_lvl+0x16c/0x1f0 [ 3461.640282][T32038] should_fail_ex+0x512/0x640 [ 3461.640313][T32038] get_futex_key+0x1d0/0x1560 [ 3461.640344][T32038] ? __pfx_get_futex_key+0x10/0x10 [ 3461.640366][T32038] ? __pfx_mas_prev+0x10/0x10 [ 3461.640397][T32038] futex_wait_setup+0x9d/0x550 [ 3461.640431][T32038] __futex_wait+0x194/0x2f0 [ 3461.640461][T32038] ? __pfx___futex_wait+0x10/0x10 [ 3461.640491][T32038] ? __blk_flush_plug+0x2f3/0x4b0 [ 3461.640515][T32038] ? __pfx_futex_wake_mark+0x10/0x10 [ 3461.640547][T32038] ? lock_release+0x201/0x2f0 [ 3461.640574][T32038] ? futex_private_hash_put+0x11c/0x300 [ 3461.640599][T32038] futex_wait+0xe8/0x380 [ 3461.640628][T32038] ? __pfx_futex_wait+0x10/0x10 [ 3461.640657][T32038] ? __pfx___up_read+0x10/0x10 [ 3461.640690][T32038] ? madvise_unlock+0x7c/0x220 [ 3461.640720][T32038] do_futex+0x229/0x350 [ 3461.640745][T32038] ? __pfx_do_futex+0x10/0x10 [ 3461.640774][T32038] __x64_sys_futex+0x1e0/0x4c0 [ 3461.640801][T32038] ? __pfx___x64_sys_futex+0x10/0x10 [ 3461.640828][T32038] ? syscall_user_dispatch+0x78/0x140 [ 3461.640864][T32038] do_syscall_64+0xcd/0x490 [ 3461.640891][T32038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3461.640912][T32038] RIP: 0033:0x7f918578ebe9 [ 3461.640927][T32038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3461.640948][T32038] RSP: 002b:00007f91866230e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 3461.640967][T32038] RAX: ffffffffffffffda RBX: 00007f91859b6278 RCX: 00007f918578ebe9 [ 3461.640980][T32038] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f91859b6278 [ 3461.640993][T32038] RBP: 00007f91859b6270 R08: 0000000000000000 R09: 0000000000000000 [ 3461.641006][T32038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3461.641018][T32038] R13: 00007f91859b6308 R14: 00007ffff92893b0 R15: 00007ffff9289498 [ 3461.641037][T32038] [ 3462.640217][T32057] vivid-003: ================= START STATUS ================= [ 3462.687086][T32057] vivid-003: Radio HW Seek Mode: Bounded [ 3462.721645][T32057] vivid-003: Radio Programmable HW Seek: false [ 3462.752108][T32057] vivid-003: RDS Rx I/O Mode: Block I/O [ 3462.782436][T32057] vivid-003: Generate RBDS Instead of RDS: false [ 3462.827264][T32057] vivid-003: RDS Reception: true [ 3462.844446][T32057] vivid-003: RDS Program Type: 0 inactive [ 3462.880876][T32057] vivid-003: RDS PS Name: inactive [ 3462.915777][T32057] vivid-003: RDS Radio Text: inactive [ 3462.939894][T32057] vivid-003: RDS Traffic Announcement: false inactive [ 3462.978355][T32057] vivid-003: RDS Traffic Program: false inactive [ 3463.023886][T32057] vivid-003: RDS Music: false inactive [ 3463.050877][T32057] vivid-003: ================== END STATUS ================== [ 3463.099501][T32066] vivid-003: ================= START STATUS ================= [ 3463.117679][T32066] vivid-003: Radio HW Seek Mode: Bounded [ 3463.146299][T32066] vivid-003: Radio Programmable HW Seek: false [ 3463.170296][T32066] vivid-003: RDS Rx I/O Mode: Block I/O [ 3463.198597][T32066] vivid-003: Generate RBDS Instead of RDS: false [ 3463.235659][T32066] vivid-003: RDS Reception: true [ 3463.260318][T32066] vivid-003: RDS Program Type: 0 inactive [ 3463.280320][T32066] vivid-003: RDS PS Name: inactive [ 3463.307847][T32066] vivid-003: RDS Radio Text: inactive [ 3463.335871][T32066] vivid-003: RDS Traffic Announcement: false inactive [ 3463.370226][T32066] vivid-003: RDS Traffic Program: false inactive [ 3463.401435][T32066] vivid-003: RDS Music: false inactive [ 3463.431468][T32066] vivid-003: ================== END STATUS ================== [ 3463.521113][T32082] FAULT_INJECTION: forcing a failure. [ 3463.521113][T32082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3463.570176][T32082] CPU: 1 UID: 0 PID: 32082 Comm: syz.0.10348 Not tainted syzkaller #0 PREEMPT(full) [ 3463.570203][T32082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3463.570216][T32082] Call Trace: [ 3463.570223][T32082] [ 3463.570230][T32082] dump_stack_lvl+0x16c/0x1f0 [ 3463.570259][T32082] should_fail_ex+0x512/0x640 [ 3463.570291][T32082] _copy_to_user+0x32/0xd0 [ 3463.570310][T32082] simple_read_from_buffer+0xcb/0x170 [ 3463.570332][T32082] proc_fail_nth_read+0x197/0x240 [ 3463.570354][T32082] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 3463.570375][T32082] ? security_file_permission+0x71/0x210 [ 3463.570404][T32082] ? rw_verify_area+0xcf/0x6c0 [ 3463.570424][T32082] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 3463.570445][T32082] vfs_read+0x1e4/0xcf0 [ 3463.570469][T32082] ? __pfx___mutex_lock+0x10/0x10 [ 3463.570496][T32082] ? __pfx_vfs_read+0x10/0x10 [ 3463.570518][T32082] ? __fget_files+0x204/0x3c0 [ 3463.570539][T32082] ? rcu_is_watching+0x12/0xc0 [ 3463.570562][T32082] ? __fget_files+0x20e/0x3c0 [ 3463.570587][T32082] ksys_read+0x12a/0x250 [ 3463.570610][T32082] ? __pfx_ksys_read+0x10/0x10 [ 3463.570633][T32082] ? fput+0x9b/0xd0 [ 3463.570662][T32082] do_syscall_64+0xcd/0x490 [ 3463.570691][T32082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3463.570712][T32082] RIP: 0033:0x7fcfabf8d5fc [ 3463.570727][T32082] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 3463.570759][T32082] RSP: 002b:00007fcfacd15030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 3463.570777][T32082] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8d5fc [ 3463.570791][T32082] RDX: 000000000000000f RSI: 00007fcfacd150a0 RDI: 0000000000000006 [ 3463.570803][T32082] RBP: 00007fcfacd15090 R08: 0000000000000000 R09: 0000000000000000 [ 3463.570815][T32082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3463.570827][T32082] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3463.570846][T32082] [ 3463.794060][T32084] FAULT_INJECTION: forcing a failure. [ 3463.794060][T32084] name failslab, interval 1, probability 0, space 0, times 0 [ 3463.807157][T32084] CPU: 1 UID: 0 PID: 32084 Comm: syz.2.10349 Not tainted syzkaller #0 PREEMPT(full) [ 3463.807183][T32084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3463.807195][T32084] Call Trace: [ 3463.807202][T32084] [ 3463.807209][T32084] dump_stack_lvl+0x16c/0x1f0 [ 3463.807237][T32084] should_fail_ex+0x512/0x640 [ 3463.807267][T32084] should_failslab+0xc2/0x120 [ 3463.807294][T32084] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 3463.807320][T32084] ? rcu_is_watching+0x12/0xc0 [ 3463.807341][T32084] ? snd_pcm_hw_rule_add+0x414/0x5a0 [ 3463.807372][T32084] krealloc_noprof+0x1ff/0x3a0 [ 3463.807397][T32084] snd_pcm_hw_rule_add+0x414/0x5a0 [ 3463.807425][T32084] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 3463.807446][T32084] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 3463.807475][T32084] ? lockdep_init_map_type+0x5c/0x280 [ 3463.807503][T32084] ? debug_mutex_init+0x37/0x70 [ 3463.807521][T32084] ? snd_pcm_attach_substream+0x89d/0xd60 [ 3463.807548][T32084] snd_pcm_open_substream+0x534/0x17f0 [ 3463.807571][T32084] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 3463.807597][T32084] snd_pcm_oss_open+0x735/0x1400 [ 3463.807633][T32084] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 3463.807665][T32084] ? tomoyo_check_open_permission+0x20e/0x3c0 [ 3463.807697][T32084] ? __pfx_default_wake_function+0x10/0x10 [ 3463.807721][T32084] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3463.807745][T32084] ? do_raw_spin_lock+0x12c/0x2b0 [ 3463.807775][T32084] ? rcu_is_watching+0x12/0xc0 [ 3463.807794][T32084] ? lock_release+0x201/0x2f0 [ 3463.807820][T32084] ? __pfx_snd_pcm_oss_open+0x10/0x10 [ 3463.807852][T32084] soundcore_open+0x409/0x580 [ 3463.807879][T32084] ? __pfx_soundcore_open+0x10/0x10 [ 3463.807906][T32084] chrdev_open+0x231/0x6a0 [ 3463.807932][T32084] ? __pfx_apparmor_file_open+0x10/0x10 [ 3463.807953][T32084] ? __pfx_chrdev_open+0x10/0x10 [ 3463.807980][T32084] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 3463.808005][T32084] do_dentry_open+0x97f/0x1530 [ 3463.808029][T32084] ? __pfx_chrdev_open+0x10/0x10 [ 3463.808057][T32084] vfs_open+0x82/0x3f0 [ 3463.808087][T32084] path_openat+0x1de4/0x2cb0 [ 3463.808114][T32084] ? __pfx_path_openat+0x10/0x10 [ 3463.808145][T32084] do_filp_open+0x20b/0x470 [ 3463.808168][T32084] ? __pfx_do_filp_open+0x10/0x10 [ 3463.808200][T32084] ? alloc_fd+0x471/0x7d0 [ 3463.808223][T32084] do_sys_openat2+0x11b/0x1d0 [ 3463.808253][T32084] ? __pfx_do_sys_openat2+0x10/0x10 [ 3463.808285][T32084] ? __fget_files+0x20e/0x3c0 [ 3463.808307][T32084] __x64_sys_openat+0x174/0x210 [ 3463.808339][T32084] ? __pfx___x64_sys_openat+0x10/0x10 [ 3463.808370][T32084] ? ksys_write+0x1ac/0x250 [ 3463.808396][T32084] do_syscall_64+0xcd/0x490 [ 3463.808422][T32084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3463.808441][T32084] RIP: 0033:0x7fe150d8ebe9 [ 3463.808455][T32084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3463.808474][T32084] RSP: 002b:00007fe14eff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3463.808492][T32084] RAX: ffffffffffffffda RBX: 00007fe150fb5fa0 RCX: 00007fe150d8ebe9 [ 3463.808504][T32084] RDX: 0000000000080502 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 3463.808517][T32084] RBP: 00007fe14eff6090 R08: 0000000000000000 R09: 0000000000000000 [ 3463.808528][T32084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3463.808540][T32084] R13: 00007fe150fb6038 R14: 00007fe150fb5fa0 R15: 00007ffd61508338 [ 3463.808558][T32084] [ 3464.201313][T32086] svc: failed to register nfsdv3 RPC service (errno 111). [ 3464.209838][T32086] svc: failed to register nfsaclv3 RPC service (errno 111). [ 3464.727575][T32076] vivid-003: ================= START STATUS ================= [ 3464.761204][T32076] vivid-003: Radio HW Seek Mode: Bounded [ 3464.783545][T32076] vivid-003: Radio Programmable HW Seek: false [ 3464.810438][T32076] vivid-003: RDS Rx I/O Mode: Block I/O [ 3464.836038][T32076] vivid-003: Generate RBDS Instead of RDS: false [ 3464.863476][T32076] vivid-003: RDS Reception: true [ 3464.883245][T32076] vivid-003: RDS Program Type: 0 inactive [ 3464.908296][T32076] vivid-003: RDS PS Name: inactive [ 3464.948626][T32076] vivid-003: RDS Radio Text: inactive [ 3465.020684][T32076] vivid-003: RDS Traffic Announcement: false inactive [ 3465.044921][T32076] vivid-003: RDS Traffic Program: false inactive [ 3465.099534][T32112] mkiss: ax0: crc mode is auto. [ 3465.131190][T32076] vivid-003: RDS Music: false inactive [ 3465.173658][T32076] vivid-003: ================== END STATUS ================== [ 3465.227690][T32107] vivid-003: ================= START STATUS ================= [ 3465.236446][T32107] vivid-003: Radio HW Seek Mode: Bounded [ 3465.262926][T32107] vivid-003: Radio Programmable HW Seek: false [ 3465.293134][T32107] vivid-003: RDS Rx I/O Mode: Block I/O [ 3465.314438][T32107] vivid-003: Generate RBDS Instead of RDS: false [ 3465.334736][T32107] vivid-003: RDS Reception: true [ 3465.351236][T32107] vivid-003: RDS Program Type: 0 inactive [ 3465.387405][T32107] vivid-003: RDS PS Name: inactive [ 3465.402186][T32107] vivid-003: RDS Radio Text: inactive [ 3465.425449][T32107] vivid-003: RDS Traffic Announcement: false inactive [ 3465.444230][T32107] vivid-003: RDS Traffic Program: false inactive [ 3465.450581][T32107] vivid-003: RDS Music: false inactive [ 3465.488662][T32107] vivid-003: ================== END STATUS ================== [ 3465.541951][T32116] vivid-003: ================= START STATUS ================= [ 3465.579925][T32116] vivid-003: Radio HW Seek Mode: Bounded [ 3465.600938][T32116] vivid-003: Radio Programmable HW Seek: false [ 3465.627703][T32116] vivid-003: RDS Rx I/O Mode: Block I/O [ 3465.655313][T32116] vivid-003: Generate RBDS Instead of RDS: false [ 3465.682763][T32116] vivid-003: RDS Reception: true [ 3465.687714][T32116] vivid-003: RDS Program Type: 0 inactive [ 3465.737355][T32127] netlink: 28 bytes leftover after parsing attributes in process `syz.0.10359'. [ 3465.784633][T32116] vivid-003: RDS PS Name: inactive [ 3465.819546][T32116] vivid-003: RDS Radio Text: inactive [ 3465.853221][T32116] vivid-003: RDS Traffic Announcement: false inactive [ 3465.888755][T32127] veth0_macvtap: left promiscuous mode [ 3465.901496][T32116] vivid-003: RDS Traffic Program: false inactive [ 3465.938495][T32116] vivid-003: RDS Music: false inactive [ 3465.969232][T32116] vivid-003: ================== END STATUS ================== [ 3466.772031][T32148] FAULT_INJECTION: forcing a failure. [ 3466.772031][T32148] name failslab, interval 1, probability 0, space 0, times 0 [ 3466.807754][T32140] vivid-003: ================= START STATUS ================= [ 3466.822946][T32148] CPU: 1 UID: 0 PID: 32148 Comm: syz.0.10362 Not tainted syzkaller #0 PREEMPT(full) [ 3466.822974][T32148] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3466.822986][T32148] Call Trace: [ 3466.822993][T32148] [ 3466.823001][T32148] dump_stack_lvl+0x16c/0x1f0 [ 3466.823030][T32148] should_fail_ex+0x512/0x640 [ 3466.823062][T32148] ? tomoyo_encode2+0x100/0x3e0 [ 3466.823090][T32148] should_failslab+0xc2/0x120 [ 3466.823117][T32148] __kmalloc_noprof+0xd2/0x510 [ 3466.823141][T32148] ? d_absolute_path+0x136/0x1a0 [ 3466.823172][T32148] tomoyo_encode2+0x100/0x3e0 [ 3466.823202][T32148] tomoyo_encode+0x29/0x50 [ 3466.823229][T32148] tomoyo_realpath_from_path+0x18f/0x6e0 [ 3466.823263][T32148] tomoyo_path_perm+0x274/0x460 [ 3466.823286][T32148] ? tomoyo_path_perm+0x260/0x460 [ 3466.823311][T32148] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 3466.823347][T32148] ? __pfx_ima_file_check+0x10/0x10 [ 3466.823367][T32148] ? hook_file_truncate+0xc7/0x250 [ 3466.823397][T32148] security_file_truncate+0x84/0x1e0 [ 3466.823427][T32148] path_openat+0xc10/0x2cb0 [ 3466.823455][T32148] ? __pfx_path_openat+0x10/0x10 [ 3466.823482][T32148] do_filp_open+0x20b/0x470 [ 3466.823505][T32148] ? __pfx_do_filp_open+0x10/0x10 [ 3466.823537][T32148] ? alloc_fd+0x471/0x7d0 [ 3466.823560][T32148] do_sys_openat2+0x11b/0x1d0 [ 3466.823591][T32148] ? __pfx_do_sys_openat2+0x10/0x10 [ 3466.823623][T32148] ? __sys_sendmsg+0x18c/0x220 [ 3466.823652][T32148] __x64_sys_openat+0x174/0x210 [ 3466.823683][T32148] ? __pfx___x64_sys_openat+0x10/0x10 [ 3466.823720][T32148] do_syscall_64+0xcd/0x490 [ 3466.823748][T32148] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3466.823768][T32148] RIP: 0033:0x7fcfabf8ebe9 [ 3466.823783][T32148] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3466.823804][T32148] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3466.823823][T32148] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3466.823837][T32148] RDX: 0000000000002262 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 3466.823850][T32148] RBP: 00007fcfac011e19 R08: 0000000000000000 R09: 0000000000000000 [ 3466.823870][T32148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3466.823883][T32148] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3466.823902][T32148] [ 3466.824225][T32148] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3467.082850][T32140] vivid-003: Radio HW Seek Mode: Bounded [ 3467.088503][T32140] vivid-003: Radio Programmable HW Seek: false [ 3467.121757][T32140] vivid-003: RDS Rx I/O Mode: Block I/O [ 3467.127355][T32140] vivid-003: Generate RBDS Instead of RDS: false [ 3467.146315][T32140] vivid-003: RDS Reception: true [ 3467.151273][T32140] vivid-003: RDS Program Type: 0 inactive [ 3467.172935][T32140] vivid-003: RDS PS Name: inactive [ 3467.180259][T32140] vivid-003: RDS Radio Text: inactive [ 3467.192274][T32140] vivid-003: RDS Traffic Announcement: false inactive [ 3467.224423][T32140] vivid-003: RDS Traffic Program: false inactive [ 3467.250805][T32140] vivid-003: RDS Music: false inactive [ 3467.272088][T32140] vivid-003: ================== END STATUS ================== [ 3468.067407][T32171] vivid-003: ================= START STATUS ================= [ 3468.110510][T32171] vivid-003: Radio HW Seek Mode: Bounded [ 3468.145166][T32171] vivid-003: Radio Programmable HW Seek: false [ 3468.173302][T32171] vivid-003: RDS Rx I/O Mode: Block I/O [ 3468.197545][T32171] vivid-003: Generate RBDS Instead of RDS: false [ 3468.255073][T32171] vivid-003: RDS Reception: true [ 3468.255097][T32171] vivid-003: RDS Program Type: 0 inactive [ 3468.255121][T32171] vivid-003: RDS PS Name: inactive [ 3468.255143][T32171] vivid-003: RDS Radio Text: inactive [ 3468.255165][T32171] vivid-003: RDS Traffic Announcement: false inactive [ 3468.255188][T32171] vivid-003: RDS Traffic Program: false inactive [ 3468.255211][T32171] vivid-003: RDS Music: false inactive [ 3468.255233][T32171] vivid-003: ================== END STATUS ================== [ 3468.675590][T32190] FAULT_INJECTION: forcing a failure. [ 3468.675590][T32190] name failslab, interval 1, probability 0, space 0, times 0 [ 3468.729557][T32190] CPU: 1 UID: 0 PID: 32190 Comm: syz.3.10372 Not tainted syzkaller #0 PREEMPT(full) [ 3468.729584][T32190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3468.729597][T32190] Call Trace: [ 3468.729604][T32190] [ 3468.729611][T32190] dump_stack_lvl+0x16c/0x1f0 [ 3468.729640][T32190] should_fail_ex+0x512/0x640 [ 3468.729671][T32190] ? lsm_blob_alloc+0x68/0x90 [ 3468.729695][T32190] should_failslab+0xc2/0x120 [ 3468.729723][T32190] __kmalloc_noprof+0xd2/0x510 [ 3468.729751][T32190] lsm_blob_alloc+0x68/0x90 [ 3468.729768][T32190] security_sk_alloc+0x30/0x270 [ 3468.729791][T32190] sk_prot_alloc+0xfb/0x2a0 [ 3468.729824][T32190] sk_alloc+0x36/0xc20 [ 3468.729848][T32190] unix_create1+0xa6/0x700 [ 3468.729873][T32190] unix_create+0x110/0x270 [ 3468.729898][T32190] __sock_create+0x338/0x8d0 [ 3468.729919][T32190] __sys_socketpair+0x25c/0x5a0 [ 3468.729940][T32190] ? __pfx___sys_socketpair+0x10/0x10 [ 3468.729962][T32190] ? xfd_validate_state+0x61/0x180 [ 3468.729993][T32190] ? __pfx_do_writev+0x10/0x10 [ 3468.730017][T32190] __x64_sys_socketpair+0x96/0x100 [ 3468.730037][T32190] ? trace_irq_enable.constprop.0+0xd4/0x120 [ 3468.730071][T32190] do_syscall_64+0xcd/0x490 [ 3468.730099][T32190] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3468.730120][T32190] RIP: 0033:0x7f092478ebe9 [ 3468.730135][T32190] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3468.730160][T32190] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 3468.730179][T32190] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3468.730193][T32190] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 3468.730206][T32190] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3468.730218][T32190] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3468.730231][T32190] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3468.730251][T32190] [ 3468.929181][ C1] vkms_vblank_simulate: vblank timer overrun [ 3469.211137][T32203] FAULT_INJECTION: forcing a failure. [ 3469.211137][T32203] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3469.248126][T32203] CPU: 1 UID: 0 PID: 32203 Comm: syz.3.10377 Not tainted syzkaller #0 PREEMPT(full) [ 3469.248153][T32203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3469.248166][T32203] Call Trace: [ 3469.248172][T32203] [ 3469.248179][T32203] dump_stack_lvl+0x16c/0x1f0 [ 3469.248209][T32203] should_fail_ex+0x512/0x640 [ 3469.248241][T32203] should_fail_alloc_page+0xe7/0x130 [ 3469.248271][T32203] prepare_alloc_pages+0x3c2/0x610 [ 3469.248304][T32203] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 3469.248330][T32203] ? arch_stack_walk+0xa6/0x100 [ 3469.248356][T32203] ? stack_trace_save+0x8e/0xc0 [ 3469.248380][T32203] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 3469.248405][T32203] ? rcu_is_watching+0x12/0xc0 [ 3469.248430][T32203] ? kasan_save_track+0x14/0x30 [ 3469.248453][T32203] ? __kasan_slab_alloc+0x89/0x90 [ 3469.248478][T32203] ? kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 3469.248502][T32203] ? __pmd_alloc+0xbf/0x930 [ 3469.248532][T32203] ? __handle_mm_fault+0xa06/0x2a50 [ 3469.248552][T32203] ? handle_mm_fault+0x589/0xd10 [ 3469.248571][T32203] ? do_user_addr_fault+0x7a6/0x1370 [ 3469.248604][T32203] ? exc_page_fault+0x5c/0xb0 [ 3469.248627][T32203] ? asm_exc_page_fault+0x26/0x30 [ 3469.248654][T32203] ? rep_movs_alternative+0x11/0x90 [ 3469.248673][T32203] ? _copy_to_user+0xbb/0xd0 [ 3469.248690][T32203] ? __do_sys_getcwd+0x483/0x930 [ 3469.248719][T32203] ? do_syscall_64+0xcd/0x490 [ 3469.248746][T32203] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 3469.248778][T32203] ? policy_nodemask+0xea/0x4e0 [ 3469.248806][T32203] alloc_pages_mpol+0x1fb/0x550 [ 3469.248833][T32203] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 3469.248863][T32203] alloc_pages_noprof+0x131/0x390 [ 3469.248891][T32203] pte_alloc_one+0x1c/0x3a0 [ 3469.248912][T32203] __pte_alloc+0x6d/0x3c0 [ 3469.248940][T32203] ? __pfx___pte_alloc+0x10/0x10 [ 3469.248967][T32203] ? rcu_is_watching+0x12/0xc0 [ 3469.248988][T32203] ? do_raw_spin_lock+0x12c/0x2b0 [ 3469.249022][T32203] do_pte_missing+0x285a/0x3ba0 [ 3469.249043][T32203] ? do_raw_spin_unlock+0x172/0x230 [ 3469.249075][T32203] ? _raw_spin_unlock+0x28/0x50 [ 3469.249097][T32203] ? __pmd_alloc+0x3fb/0x930 [ 3469.249129][T32203] __handle_mm_fault+0x152a/0x2a50 [ 3469.249151][T32203] ? mt_find+0x3ef/0xa30 [ 3469.249180][T32203] ? __pfx___handle_mm_fault+0x10/0x10 [ 3469.249200][T32203] ? __pfx_mt_find+0x10/0x10 [ 3469.249227][T32203] ? stack_depot_save_flags+0x29/0x9c0 [ 3469.249264][T32203] ? find_vma+0xbf/0x140 [ 3469.249290][T32203] ? __pfx_find_vma+0x10/0x10 [ 3469.249319][T32203] handle_mm_fault+0x589/0xd10 [ 3469.249340][T32203] ? __bpf_trace_exceptions+0x1/0x40 [ 3469.249372][T32203] do_user_addr_fault+0x7a6/0x1370 [ 3469.249406][T32203] ? rcu_is_watching+0x12/0xc0 [ 3469.249428][T32203] exc_page_fault+0x5c/0xb0 [ 3469.249452][T32203] asm_exc_page_fault+0x26/0x30 [ 3469.249472][T32203] RIP: 0010:rep_movs_alternative+0x11/0x90 [ 3469.249492][T32203] Code: e9 14 1f 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f 8a 06 <88> 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 2e 0f [ 3469.249513][T32203] RSP: 0018:ffffc9000c187db0 EFLAGS: 00050206 [ 3469.249529][T32203] RAX: 000000000000002f RBX: 0000000000000005 RCX: 0000000000000005 [ 3469.249542][T32203] RDX: ffffed100b5b2640 RSI: ffff88805ad931fb RDI: 0000000000000000 [ 3469.249555][T32203] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100b5b263f [ 3469.249568][T32203] R10: ffff88805ad931ff R11: 0000000000000001 R12: ffff88805ad931fb [ 3469.249581][T32203] R13: 0000000000000005 R14: 00007ffffffff000 R15: 0000000000000000 [ 3469.249600][T32203] _copy_to_user+0xbb/0xd0 [ 3469.249618][T32203] __do_sys_getcwd+0x483/0x930 [ 3469.249655][T32203] ? __pfx___do_sys_getcwd+0x10/0x10 [ 3469.249683][T32203] ? fput+0x9b/0xd0 [ 3469.249711][T32203] ? xfd_validate_state+0x61/0x180 [ 3469.249741][T32203] ? __pfx_ksys_write+0x10/0x10 [ 3469.249768][T32203] do_syscall_64+0xcd/0x490 [ 3469.249795][T32203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3469.249815][T32203] RIP: 0033:0x7f092478ebe9 [ 3469.249829][T32203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3469.249849][T32203] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000004f [ 3469.249867][T32203] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3469.249881][T32203] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000000000000000 [ 3469.249894][T32203] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3469.249906][T32203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3469.249918][T32203] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3469.249938][T32203] [ 3469.704771][ C1] vkms_vblank_simulate: vblank timer overrun [ 3470.081522][T32216] i2c i2c-0: dvb_frontend_start: failed to start kthread (-4) [ 3470.640420][T32201] vivid-003: ================= START STATUS ================= [ 3470.677430][T32201] vivid-003: Radio HW Seek Mode: Bounded [ 3470.708077][T32201] vivid-003: Radio Programmable HW Seek: false [ 3470.747224][T32201] vivid-003: RDS Rx I/O Mode: Block I/O [ 3470.752813][T32201] vivid-003: Generate RBDS Instead of RDS: false [ 3470.817441][T32201] vivid-003: RDS Reception: true [ 3470.836012][T32201] vivid-003: RDS Program Type: 0 inactive [ 3470.863100][T32201] vivid-003: RDS PS Name: inactive [ 3470.872897][T32201] vivid-003: RDS Radio Text: inactive [ 3470.888862][T32201] vivid-003: RDS Traffic Announcement: false inactive [ 3470.943881][T32201] vivid-003: RDS Traffic Program: false inactive [ 3470.963903][T32201] vivid-003: RDS Music: false inactive [ 3471.007105][T32201] vivid-003: ================== END STATUS ================== [ 3471.103880][T32235] [U] - [ 3471.125552][T32235] [U] [ 3471.163834][T32231] netlink: zone id is out of range [ 3471.188503][T32235] [U] S¬õµ [ 3471.245692][T32231] netlink: zone id is out of range [ 3471.305774][T32231] netlink: zone id is out of range [ 3471.334051][T32231] netlink: zone id is out of range [ 3471.503880][T32231] netlink: zone id is out of range [ 3471.621327][T32231] netlink: zone id is out of range [ 3471.695552][T32231] netlink: zone id is out of range [ 3471.770378][T32247] vivid-003: ================= START STATUS ================= [ 3471.786178][T32231] netlink: zone id is out of range [ 3471.805331][T32247] vivid-003: Radio HW Seek Mode: Bounded [ 3471.810985][T32247] vivid-003: Radio Programmable HW Seek: false [ 3471.836917][T32231] netlink: zone id is out of range [ 3471.850932][T32247] vivid-003: RDS Rx I/O Mode: Block I/O [ 3471.866834][T32231] netlink: zone id is out of range [ 3471.872044][T32247] vivid-003: Generate RBDS Instead of RDS: false [ 3471.891752][T32247] vivid-003: RDS Reception: true [ 3471.924129][T32247] vivid-003: RDS Program Type: 0 inactive [ 3471.944488][T32247] vivid-003: RDS PS Name: inactive [ 3472.000805][T32247] vivid-003: RDS Radio Text: inactive [ 3472.026838][T32247] vivid-003: RDS Traffic Announcement: false inactive [ 3472.070694][T32247] vivid-003: RDS Traffic Program: false inactive [ 3472.120218][T32247] vivid-003: RDS Music: false inactive [ 3472.148526][T32247] vivid-003: ================== END STATUS ================== [ 3472.537047][T32269] FAULT_INJECTION: forcing a failure. [ 3472.537047][T32269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3472.744736][T32269] CPU: 1 UID: 0 PID: 32269 Comm: syz.3.10387 Not tainted syzkaller #0 PREEMPT(full) [ 3472.744763][T32269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3472.744775][T32269] Call Trace: [ 3472.744782][T32269] [ 3472.744789][T32269] dump_stack_lvl+0x16c/0x1f0 [ 3472.744822][T32269] should_fail_ex+0x512/0x640 [ 3472.744851][T32269] strncpy_from_user+0x3b/0x2e0 [ 3472.744878][T32269] getname_flags.part.0+0x8f/0x550 [ 3472.744910][T32269] getname_flags+0x93/0xf0 [ 3472.744931][T32269] do_sys_openat2+0xb8/0x1d0 [ 3472.744961][T32269] ? __pfx_do_sys_openat2+0x10/0x10 [ 3472.744992][T32269] ? __fget_files+0x20e/0x3c0 [ 3472.745015][T32269] __x64_sys_open+0x153/0x1e0 [ 3472.745045][T32269] ? __pfx___x64_sys_open+0x10/0x10 [ 3472.745078][T32269] ? rcu_is_watching+0x12/0xc0 [ 3472.745099][T32269] do_syscall_64+0xcd/0x490 [ 3472.745126][T32269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3472.745146][T32269] RIP: 0033:0x7f092478ebe9 [ 3472.745160][T32269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3472.745181][T32269] RSP: 002b:00007f0925596038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 3472.745201][T32269] RAX: ffffffffffffffda RBX: 00007f09249b6180 RCX: 00007f092478ebe9 [ 3472.745215][T32269] RDX: b5d1af1605322df2 RSI: 0000000000000000 RDI: 00002000000000c0 [ 3472.745228][T32269] RBP: 00007f0925596090 R08: 0000000000000000 R09: 0000000000000000 [ 3472.745240][T32269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3472.745253][T32269] R13: 00007f09249b6218 R14: 00007f09249b6180 R15: 00007ffcc8809668 [ 3472.745272][T32269] [ 3472.918121][ C1] vkms_vblank_simulate: vblank timer overrun [ 3473.237737][T32277] FAULT_INJECTION: forcing a failure. [ 3473.237737][T32277] name failslab, interval 1, probability 0, space 0, times 0 [ 3473.385876][T32277] CPU: 1 UID: 0 PID: 32277 Comm: syz.2.10390 Not tainted syzkaller #0 PREEMPT(full) [ 3473.385903][T32277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3473.385915][T32277] Call Trace: [ 3473.385922][T32277] [ 3473.385930][T32277] dump_stack_lvl+0x16c/0x1f0 [ 3473.385960][T32277] should_fail_ex+0x512/0x640 [ 3473.385995][T32277] ? tomoyo_encode2+0x100/0x3e0 [ 3473.386023][T32277] should_failslab+0xc2/0x120 [ 3473.386051][T32277] __kmalloc_noprof+0xd2/0x510 [ 3473.386075][T32277] ? d_absolute_path+0x136/0x1a0 [ 3473.386106][T32277] tomoyo_encode2+0x100/0x3e0 [ 3473.386136][T32277] tomoyo_encode+0x29/0x50 [ 3473.386164][T32277] tomoyo_realpath_from_path+0x18f/0x6e0 [ 3473.386197][T32277] tomoyo_path_perm+0x274/0x460 [ 3473.386221][T32277] ? tomoyo_path_perm+0x260/0x460 [ 3473.386245][T32277] ? __pfx_tomoyo_path_perm+0x10/0x10 [ 3473.386281][T32277] ? __pfx_ima_file_check+0x10/0x10 [ 3473.386302][T32277] ? hook_file_truncate+0xc7/0x250 [ 3473.386331][T32277] security_file_truncate+0x84/0x1e0 [ 3473.386360][T32277] path_openat+0xc10/0x2cb0 [ 3473.386388][T32277] ? __pfx_path_openat+0x10/0x10 [ 3473.386414][T32277] do_filp_open+0x20b/0x470 [ 3473.386437][T32277] ? __pfx_do_filp_open+0x10/0x10 [ 3473.386469][T32277] ? alloc_fd+0x471/0x7d0 [ 3473.386493][T32277] do_sys_openat2+0x11b/0x1d0 [ 3473.386529][T32277] ? __pfx_do_sys_openat2+0x10/0x10 [ 3473.386563][T32277] ? __sys_sendmsg+0x18c/0x220 [ 3473.386592][T32277] __x64_sys_openat+0x174/0x210 [ 3473.386625][T32277] ? __pfx___x64_sys_openat+0x10/0x10 [ 3473.386662][T32277] do_syscall_64+0xcd/0x490 [ 3473.386690][T32277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3473.386711][T32277] RIP: 0033:0x7fe150d8ebe9 [ 3473.386726][T32277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3473.386747][T32277] RSP: 002b:00007fe14eff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3473.386766][T32277] RAX: ffffffffffffffda RBX: 00007fe150fb5fa0 RCX: 00007fe150d8ebe9 [ 3473.386780][T32277] RDX: 0000000000002262 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 3473.386793][T32277] RBP: 00007fe150e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 3473.386806][T32277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3473.386819][T32277] R13: 00007fe150fb6038 R14: 00007fe150fb5fa0 R15: 00007ffd61508338 [ 3473.386838][T32277] [ 3473.386992][T32277] ERROR: Out of memory at tomoyo_realpath_from_path. [ 3473.773976][T32272] vivid-003: ================= START STATUS ================= [ 3473.783549][T32272] vivid-003: Radio HW Seek Mode: Bounded [ 3473.806550][T32272] vivid-003: Radio Programmable HW Seek: false [ 3473.835685][T32272] vivid-003: RDS Rx I/O Mode: Block I/O [ 3473.894145][T32272] vivid-003: Generate RBDS Instead of RDS: false [ 3473.927269][T32272] vivid-003: RDS Reception: true [ 3473.991010][T32272] vivid-003: RDS Program Type: 0 inactive [ 3474.067519][T32272] vivid-003: RDS PS Name: inactive [ 3474.097562][T32272] vivid-003: RDS Radio Text: inactive [ 3474.146853][T32272] vivid-003: RDS Traffic Announcement: false inactive [ 3474.173404][T32272] vivid-003: RDS Traffic Program: false inactive [ 3474.205244][T32272] vivid-003: RDS Music: false inactive [ 3474.225631][T32272] vivid-003: ================== END STATUS ================== [ 3474.323516][T32293] vivid-003: ================= START STATUS ================= [ 3474.362345][T32293] vivid-003: Radio HW Seek Mode: Bounded [ 3474.398229][T32293] vivid-003: Radio Programmable HW Seek: false [ 3474.404399][T32293] vivid-003: RDS Rx I/O Mode: Block I/O [ 3474.468669][T32293] vivid-003: Generate RBDS Instead of RDS: false [ 3474.475023][T32293] vivid-003: RDS Reception: true [ 3474.535669][T32293] vivid-003: RDS Program Type: 0 inactive [ 3474.565436][T32293] vivid-003: RDS PS Name: inactive [ 3474.585546][T32293] vivid-003: RDS Radio Text: inactive [ 3474.606953][T32293] vivid-003: RDS Traffic Announcement: false inactive [ 3474.638386][T32293] vivid-003: RDS Traffic Program: false inactive [ 3474.667300][T32293] vivid-003: RDS Music: false inactive [ 3474.695331][T32293] vivid-003: ================== END STATUS ================== [ 3475.568509][T32315] vivid-003: ================= START STATUS ================= [ 3475.598209][T32315] vivid-003: Radio HW Seek Mode: Bounded [ 3475.603949][T32315] vivid-003: Radio Programmable HW Seek: false [ 3475.668329][T32315] vivid-003: RDS Rx I/O Mode: Block I/O [ 3475.673988][T32315] vivid-003: Generate RBDS Instead of RDS: false [ 3475.733650][T32315] vivid-003: RDS Reception: true [ 3475.759997][T32315] vivid-003: RDS Program Type: 0 inactive [ 3475.765759][T32315] vivid-003: RDS PS Name: inactive [ 3475.803980][T32315] vivid-003: RDS Radio Text: inactive [ 3475.833551][T32315] vivid-003: RDS Traffic Announcement: false inactive [ 3475.862976][T32315] vivid-003: RDS Traffic Program: false inactive [ 3475.884924][T32326] FAULT_INJECTION: forcing a failure. [ 3475.884924][T32326] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 3475.911129][T32315] vivid-003: RDS Music: false inactive [ 3475.937937][T32315] vivid-003: ================== END STATUS ================== [ 3475.998694][T32326] CPU: 1 UID: 0 PID: 32326 Comm: syz.0.10400 Not tainted syzkaller #0 PREEMPT(full) [ 3475.998723][T32326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3475.998738][T32326] Call Trace: [ 3475.998745][T32326] [ 3475.998754][T32326] dump_stack_lvl+0x16c/0x1f0 [ 3475.998787][T32326] should_fail_ex+0x512/0x640 [ 3475.998828][T32326] _copy_from_iter+0x29f/0x16f0 [ 3475.998868][T32326] ? __pfx__copy_from_iter+0x10/0x10 [ 3475.998906][T32326] ? rcu_is_watching+0x12/0xc0 [ 3475.998930][T32326] ? trace_kmalloc+0x2b/0xd0 [ 3475.998963][T32326] ? __kmalloc_noprof+0x242/0x510 [ 3475.998993][T32326] kernfs_fop_write_iter+0x19a/0x510 [ 3475.999017][T32326] vfs_write+0x7d0/0x11d0 [ 3475.999044][T32326] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 3475.999072][T32326] ? __pfx___mutex_lock+0x10/0x10 [ 3475.999103][T32326] ? __pfx_vfs_write+0x10/0x10 [ 3475.999138][T32326] ksys_write+0x12a/0x250 [ 3475.999164][T32326] ? __pfx_ksys_write+0x10/0x10 [ 3475.999195][T32326] do_syscall_64+0xcd/0x490 [ 3475.999226][T32326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3475.999250][T32326] RIP: 0033:0x7fcfabf8ebe9 [ 3475.999280][T32326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3475.999301][T32326] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3475.999322][T32326] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3475.999337][T32326] RDX: 0000000000000002 RSI: 0000200000000040 RDI: 0000000000000003 [ 3475.999351][T32326] RBP: 00007fcfacd15090 R08: 0000000000000000 R09: 0000000000000000 [ 3475.999365][T32326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3475.999378][T32326] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3475.999399][T32326] [ 3476.546870][T32328] FAULT_INJECTION: forcing a failure. [ 3476.546870][T32328] name failslab, interval 1, probability 0, space 0, times 0 [ 3476.576899][T32328] CPU: 1 UID: 0 PID: 32328 Comm: syz.3.10401 Not tainted syzkaller #0 PREEMPT(full) [ 3476.576926][T32328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3476.576938][T32328] Call Trace: [ 3476.576945][T32328] [ 3476.576952][T32328] dump_stack_lvl+0x16c/0x1f0 [ 3476.576981][T32328] should_fail_ex+0x512/0x640 [ 3476.577020][T32328] should_failslab+0xc2/0x120 [ 3476.577049][T32328] __kmalloc_cache_node_noprof+0x6d/0x420 [ 3476.577072][T32328] ? alloc_shrinker_info+0xea/0x470 [ 3476.577099][T32328] ? alloc_shrinker_info+0x18c/0x470 [ 3476.577127][T32328] alloc_shrinker_info+0x18c/0x470 [ 3476.577157][T32328] mem_cgroup_css_online+0x217/0x640 [ 3476.577191][T32328] ? __pfx_mem_cgroup_css_online+0x10/0x10 [ 3476.577225][T32328] online_css+0xaf/0x350 [ 3476.577251][T32328] cgroup_apply_control_enable+0x702/0xbb0 [ 3476.577286][T32328] cgroup_mkdir+0x5e7/0x11f0 [ 3476.577319][T32328] ? __pfx_cgroup_mkdir+0x10/0x10 [ 3476.577350][T32328] kernfs_iop_mkdir+0x111/0x190 [ 3476.577380][T32328] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 3476.577407][T32328] vfs_mkdir+0x590/0x8c0 [ 3476.577427][T32328] do_mkdirat+0x304/0x3e0 [ 3476.577453][T32328] ? __pfx_do_mkdirat+0x10/0x10 [ 3476.577479][T32328] ? getname_flags.part.0+0x1c5/0x550 [ 3476.577513][T32328] __x64_sys_mkdir+0xef/0x140 [ 3476.577538][T32328] do_syscall_64+0xcd/0x490 [ 3476.577566][T32328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3476.577587][T32328] RIP: 0033:0x7f092478ebe9 [ 3476.577602][T32328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3476.577623][T32328] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3476.577645][T32328] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3476.577659][T32328] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 3476.577672][T32328] RBP: 00007f0924811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3476.577684][T32328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3476.577697][T32328] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3476.577716][T32328] [ 3476.891697][T32335] vivid-003: ================= START STATUS ================= [ 3476.899470][T32335] vivid-003: Radio HW Seek Mode: Bounded [ 3476.905102][T32335] vivid-003: Radio Programmable HW Seek: false [ 3476.911907][T32335] vivid-003: RDS Rx I/O Mode: Block I/O [ 3476.917477][T32335] vivid-003: Generate RBDS Instead of RDS: false [ 3476.923823][T32335] vivid-003: RDS Reception: true [ 3476.928780][T32335] vivid-003: RDS Program Type: 0 inactive [ 3476.934503][T32335] vivid-003: RDS PS Name: inactive [ 3476.939724][T32335] vivid-003: RDS Radio Text: inactive [ 3476.945227][T32335] vivid-003: RDS Traffic Announcement: false inactive [ 3476.952021][T32335] vivid-003: RDS Traffic Program: false inactive [ 3476.958382][T32335] vivid-003: RDS Music: false inactive [ 3476.963846][T32335] vivid-003: ================== END STATUS ================== [ 3477.642197][T32346] vivid-003: ================= START STATUS ================= [ 3477.797414][T32346] vivid-003: Radio HW Seek Mode: Bounded [ 3477.803082][T32346] vivid-003: Radio Programmable HW Seek: false [ 3477.988817][T32346] vivid-003: RDS Rx I/O Mode: Block I/O [ 3478.061838][T32346] vivid-003: Generate RBDS Instead of RDS: false [ 3478.148639][T32346] vivid-003: RDS Reception: true [ 3478.287641][T32346] vivid-003: RDS Program Type: 0 inactive [ 3478.362046][T32346] vivid-003: RDS PS Name: inactive [ 3478.408534][T32372] zswap: compressor û not available [ 3478.425706][T32381] FAULT_INJECTION: forcing a failure. [ 3478.425706][T32381] name failslab, interval 1, probability 0, space 0, times 0 [ 3478.448738][T32346] vivid-003: RDS Radio Text: inactive [ 3478.454219][T32346] vivid-003: RDS Traffic Announcement: false inactive [ 3478.481506][T32381] CPU: 1 UID: 0 PID: 32381 Comm: syz.3.10410 Not tainted syzkaller #0 PREEMPT(full) [ 3478.481532][T32381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3478.481545][T32381] Call Trace: [ 3478.481552][T32381] [ 3478.481559][T32381] dump_stack_lvl+0x16c/0x1f0 [ 3478.481588][T32381] should_fail_ex+0x512/0x640 [ 3478.481620][T32381] should_failslab+0xc2/0x120 [ 3478.481650][T32381] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 3478.481674][T32381] ? __pfx___might_resched+0x10/0x10 [ 3478.481696][T32381] ? __anon_vma_prepare+0x344/0x5e0 [ 3478.481720][T32381] __anon_vma_prepare+0x344/0x5e0 [ 3478.481741][T32381] ? __pfx___pte_alloc+0x10/0x10 [ 3478.481771][T32381] __vmf_anon_prepare+0x11c/0x240 [ 3478.481803][T32381] do_pte_missing+0x10bd/0x3ba0 [ 3478.481833][T32381] ? mtree_range_walk+0x718/0xc00 [ 3478.481858][T32381] __handle_mm_fault+0x152a/0x2a50 [ 3478.481882][T32381] ? __pfx___handle_mm_fault+0x10/0x10 [ 3478.481903][T32381] ? mt_validate+0x1d6/0x4210 [ 3478.481935][T32381] ? find_vma+0xbf/0x140 [ 3478.481961][T32381] ? __pfx_find_vma+0x10/0x10 [ 3478.481989][T32381] handle_mm_fault+0x589/0xd10 [ 3478.482011][T32381] __get_user_pages+0x551/0x34a0 [ 3478.482047][T32381] ? __pfx___get_user_pages+0x10/0x10 [ 3478.482078][T32381] ? __pfx___might_resched+0x10/0x10 [ 3478.482097][T32381] ? cap_capable+0xb3/0x250 [ 3478.482119][T32381] populate_vma_page_range+0x267/0x3f0 [ 3478.482153][T32381] ? __pfx_populate_vma_page_range+0x10/0x10 [ 3478.482186][T32381] ? __pfx_find_vma_intersection+0x10/0x10 [ 3478.482216][T32381] ? do_mmap+0x69c/0x1210 [ 3478.482246][T32381] __mm_populate+0x1d8/0x380 [ 3478.482278][T32381] ? __pfx___mm_populate+0x10/0x10 [ 3478.482311][T32381] ? up_write+0x1b2/0x520 [ 3478.482342][T32381] vm_mmap_pgoff+0x37f/0x470 [ 3478.482372][T32381] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 3478.482404][T32381] ? __x64_sys_futex+0x1e0/0x4c0 [ 3478.482430][T32381] ? __x64_sys_futex+0x1e9/0x4c0 [ 3478.482457][T32381] ksys_mmap_pgoff+0x7d/0x5c0 [ 3478.482485][T32381] ? xfd_validate_state+0x61/0x180 [ 3478.482515][T32381] ? __pfx_do_writev+0x10/0x10 [ 3478.482538][T32381] __x64_sys_mmap+0x125/0x190 [ 3478.482572][T32381] do_syscall_64+0xcd/0x490 [ 3478.482599][T32381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3478.482621][T32381] RIP: 0033:0x7f092478ebe9 [ 3478.482636][T32381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3478.482656][T32381] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 3478.482676][T32381] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3478.482690][T32381] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 3478.482702][T32381] RBP: 00007f0924811e19 R08: 0000000000000002 R09: 0000000000008000 [ 3478.482715][T32381] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 3478.482728][T32381] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3478.482747][T32381] [ 3479.056385][T32346] vivid-003: RDS Traffic Program: false inactive [ 3479.063347][T32346] vivid-003: RDS Music: false inactive [ 3479.068877][T32346] vivid-003: ================== END STATUS ================== [ 3480.122087][T32400] FAULT_INJECTION: forcing a failure. [ 3480.122087][T32400] name failslab, interval 1, probability 0, space 0, times 0 [ 3480.161799][T32400] CPU: 1 UID: 0 PID: 32400 Comm: syz.1.10416 Not tainted syzkaller #0 PREEMPT(full) [ 3480.161826][T32400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3480.161838][T32400] Call Trace: [ 3480.161844][T32400] [ 3480.161851][T32400] dump_stack_lvl+0x16c/0x1f0 [ 3480.161880][T32400] should_fail_ex+0x512/0x640 [ 3480.161911][T32400] should_failslab+0xc2/0x120 [ 3480.161940][T32400] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 3480.161968][T32400] ? kstrdup_const+0x63/0x80 [ 3480.161996][T32400] kstrdup+0x53/0x100 [ 3480.162020][T32400] kstrdup_const+0x63/0x80 [ 3480.162045][T32400] __kernfs_new_node+0x9b/0x8e0 [ 3480.162073][T32400] ? __pfx___kernfs_new_node+0x10/0x10 [ 3480.162101][T32400] ? get_partial_node.part.0+0x1b0/0x360 [ 3480.162124][T32400] ? rcu_is_watching+0x12/0xc0 [ 3480.162145][T32400] ? kernfs_root+0xee/0x2a0 [ 3480.162170][T32400] ? rcu_is_watching+0x12/0xc0 [ 3480.162190][T32400] ? lock_release+0x201/0x2f0 [ 3480.162219][T32400] kernfs_new_node+0x13c/0x1e0 [ 3480.162251][T32400] __kernfs_create_file+0x53/0x350 [ 3480.162273][T32400] cgroup_addrm_files+0x546/0xc20 [ 3480.162308][T32400] ? __xa_store+0x1dc/0x2e0 [ 3480.162338][T32400] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 3480.162369][T32400] ? __pfx___xa_store+0x10/0x10 [ 3480.162401][T32400] ? __lockdep_reset_lock+0x60/0x80 [ 3480.162424][T32400] ? do_raw_spin_unlock+0x172/0x230 [ 3480.162459][T32400] css_populate_dir+0x169/0x580 [ 3480.162482][T32400] cgroup_apply_control_enable+0x3f3/0xbb0 [ 3480.162517][T32400] cgroup_mkdir+0x5e7/0x11f0 [ 3480.162550][T32400] ? __pfx_cgroup_mkdir+0x10/0x10 [ 3480.162582][T32400] kernfs_iop_mkdir+0x111/0x190 [ 3480.162611][T32400] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 3480.162639][T32400] vfs_mkdir+0x590/0x8c0 [ 3480.162659][T32400] do_mkdirat+0x304/0x3e0 [ 3480.162691][T32400] ? __pfx_do_mkdirat+0x10/0x10 [ 3480.162716][T32400] ? getname_flags.part.0+0x1c5/0x550 [ 3480.162749][T32400] __x64_sys_mkdir+0xef/0x140 [ 3480.162773][T32400] do_syscall_64+0xcd/0x490 [ 3480.162801][T32400] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3480.162825][T32400] RIP: 0033:0x7f918578ebe9 [ 3480.162841][T32400] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3480.162861][T32400] RSP: 002b:00007f9186686038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 3480.162880][T32400] RAX: ffffffffffffffda RBX: 00007f91859b5fa0 RCX: 00007f918578ebe9 [ 3480.162894][T32400] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 3480.162907][T32400] RBP: 00007f9185811e19 R08: 0000000000000000 R09: 0000000000000000 [ 3480.162919][T32400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3480.162931][T32400] R13: 00007f91859b6038 R14: 00007f91859b5fa0 R15: 00007ffff9289498 [ 3480.162951][T32400] [ 3480.165147][T32400] cgroup: cgroup_addrm_files: failed to add usage_in_bytes, err=-12 [ 3481.041855][T32410] kexec: Could not allocate control_code_buffer [ 3481.851033][T32426] vivid-003: ================= START STATUS ================= [ 3481.883811][T32426] vivid-003: Radio HW Seek Mode: Bounded [ 3481.938888][T32426] vivid-003: Radio Programmable HW Seek: false [ 3481.970665][T32426] vivid-003: RDS Rx I/O Mode: Block I/O [ 3481.976229][T32426] vivid-003: Generate RBDS Instead of RDS: false [ 3482.027926][T32426] vivid-003: RDS Reception: true [ 3482.050602][T32426] vivid-003: RDS Program Type: 0 inactive [ 3482.070833][T32426] vivid-003: RDS PS Name: inactive [ 3482.076062][T32426] vivid-003: RDS Radio Text: inactive [ 3482.113144][T32426] vivid-003: RDS Traffic Announcement: false inactive [ 3482.153000][T32426] vivid-003: RDS Traffic Program: false inactive [ 3482.173892][T32426] vivid-003: RDS Music: false inactive [ 3482.199847][T32426] vivid-003: ================== END STATUS ================== [ 3482.630862][T32443] vivid-003: ================= START STATUS ================= [ 3482.674762][T32443] vivid-003: Radio HW Seek Mode: Bounded [ 3482.700856][T32443] vivid-003: Radio Programmable HW Seek: false [ 3482.734527][T32443] vivid-003: RDS Rx I/O Mode: Block I/O [ 3482.755588][T32443] vivid-003: Generate RBDS Instead of RDS: false [ 3482.771252][T32436] ptrace attach of "./syz-executor exec"[28520] was attempted by "./syz-executor exec"[32436] [ 3482.808136][T32443] vivid-003: RDS Reception: true [ 3482.882735][T32443] vivid-003: RDS Program Type: 0 inactive [ 3482.928656][T32443] vivid-003: RDS PS Name: inactive [ 3482.956722][T32443] vivid-003: RDS Radio Text: inactive [ 3482.977683][T32443] vivid-003: RDS Traffic Announcement: false inactive [ 3483.021231][T32443] vivid-003: RDS Traffic Program: false inactive [ 3483.043593][T32443] vivid-003: RDS Music: false inactive [ 3483.086490][T32443] vivid-003: ================== END STATUS ================== [ 3484.699461][T32490] FAULT_INJECTION: forcing a failure. [ 3484.699461][T32490] name failslab, interval 1, probability 0, space 0, times 0 [ 3484.893618][T32490] CPU: 1 UID: 0 PID: 32490 Comm: syz.3.10434 Not tainted syzkaller #0 PREEMPT(full) [ 3484.893646][T32490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3484.893658][T32490] Call Trace: [ 3484.893665][T32490] [ 3484.893672][T32490] dump_stack_lvl+0x16c/0x1f0 [ 3484.893701][T32490] should_fail_ex+0x512/0x640 [ 3484.893731][T32490] should_failslab+0xc2/0x120 [ 3484.893757][T32490] __kmalloc_cache_noprof+0x6a/0x3e0 [ 3484.893778][T32490] ? do_signalfd4+0x169/0x430 [ 3484.893805][T32490] do_signalfd4+0x169/0x430 [ 3484.893829][T32490] __x64_sys_signalfd4+0x14b/0x1d0 [ 3484.893854][T32490] ? ksys_write+0x1ac/0x250 [ 3484.893877][T32490] ? __pfx___x64_sys_signalfd4+0x10/0x10 [ 3484.893906][T32490] do_syscall_64+0xcd/0x490 [ 3484.893933][T32490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3484.893954][T32490] RIP: 0033:0x7f092478ebe9 [ 3484.893968][T32490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3484.893989][T32490] RSP: 002b:00007f09255d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000121 [ 3484.894008][T32490] RAX: ffffffffffffffda RBX: 00007f09249b5fa0 RCX: 00007f092478ebe9 [ 3484.894022][T32490] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 00000000ffffffff [ 3484.894035][T32490] RBP: 00007f09255d8090 R08: 0000000000000000 R09: 0000000000000000 [ 3484.894048][T32490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3484.894060][T32490] R13: 00007f09249b6038 R14: 00007f09249b5fa0 R15: 00007ffcc8809668 [ 3484.894079][T32490] [ 3485.055081][ C1] vkms_vblank_simulate: vblank timer overrun [ 3485.099046][T32509] vivid-003: ================= START STATUS ================= [ 3485.106719][T32509] vivid-003: Radio HW Seek Mode: Bounded [ 3485.112721][T32509] vivid-003: Radio Programmable HW Seek: false [ 3485.119106][T32509] vivid-003: RDS Rx I/O Mode: Block I/O [ 3485.124700][T32509] vivid-003: Generate RBDS Instead of RDS: false [ 3485.131036][T32509] vivid-003: RDS Reception: true [ 3485.136004][T32509] vivid-003: RDS Program Type: 0 inactive [ 3485.141772][T32509] vivid-003: RDS PS Name: inactive [ 3485.146999][T32509] vivid-003: RDS Radio Text: inactive [ 3485.152481][T32509] vivid-003: RDS Traffic Announcement: false inactive [ 3485.162674][T32509] vivid-003: RDS Traffic Program: false inactive [ 3485.169033][T32509] vivid-003: RDS Music: false inactive [ 3485.174743][T32509] vivid-003: ================== END STATUS ================== [ 3485.348297][T32512] __vm_enough_memory: pid: 32512, comm: syz.0.10440, bytes: 4398046511104 not enough memory for the allocation [ 3485.778598][T32515] vivid-003: ================= START STATUS ================= [ 3485.809558][T32515] vivid-003: Radio HW Seek Mode: Bounded [ 3485.829763][T32515] vivid-003: Radio Programmable HW Seek: false [ 3485.858941][T32515] vivid-003: RDS Rx I/O Mode: Block I/O [ 3485.907013][T32515] vivid-003: Generate RBDS Instead of RDS: false [ 3485.971369][T32515] vivid-003: RDS Reception: true [ 3486.013622][T32515] vivid-003: RDS Program Type: 0 inactive [ 3486.055292][T32515] vivid-003: RDS PS Name: inactive [ 3486.095604][T32515] vivid-003: RDS Radio Text: inactive [ 3486.143103][T32515] vivid-003: RDS Traffic Announcement: false inactive [ 3486.200972][T32515] vivid-003: RDS Traffic Program: false inactive [ 3486.254554][T32515] vivid-003: RDS Music: false inactive [ 3486.311792][T32515] vivid-003: ================== END STATUS ================== [ 3486.502538][T32526] FAULT_INJECTION: forcing a failure. [ 3486.502538][T32526] name failslab, interval 1, probability 0, space 0, times 0 [ 3486.582090][T32526] CPU: 1 UID: 0 PID: 32526 Comm: syz.0.10443 Not tainted syzkaller #0 PREEMPT(full) [ 3486.582123][T32526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3486.582135][T32526] Call Trace: [ 3486.582141][T32526] [ 3486.582148][T32526] dump_stack_lvl+0x16c/0x1f0 [ 3486.582176][T32526] should_fail_ex+0x512/0x640 [ 3486.582206][T32526] should_failslab+0xc2/0x120 [ 3486.582232][T32526] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 3486.582257][T32526] ? alloc_inode+0x61/0x240 [ 3486.582288][T32526] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 3486.582309][T32526] alloc_inode+0x61/0x240 [ 3486.582337][T32526] new_inode+0x22/0x1c0 [ 3486.582367][T32526] __debugfs_create_file+0x11c/0x6b0 [ 3486.582391][T32526] debugfs_create_file_full+0x41/0x60 [ 3486.582416][T32526] ref_tracker_dir_debugfs+0x19d/0x290 [ 3486.582447][T32526] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 3486.582488][T32526] ? lockdep_init_map_type+0x5c/0x280 [ 3486.582519][T32526] preinit_net+0x296/0x8f0 [ 3486.582547][T32526] copy_net_ns+0x1da/0x5f0 [ 3486.582578][T32526] create_new_namespaces+0x3ea/0xa90 [ 3486.582604][T32526] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 3486.582628][T32526] ksys_unshare+0x45b/0xa40 [ 3486.582656][T32526] ? __pfx_ksys_unshare+0x10/0x10 [ 3486.582684][T32526] ? ksys_write+0x1ac/0x250 [ 3486.582711][T32526] __x64_sys_unshare+0x31/0x40 [ 3486.582738][T32526] do_syscall_64+0xcd/0x490 [ 3486.582766][T32526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3486.582786][T32526] RIP: 0033:0x7fcfabf8ebe9 [ 3486.582801][T32526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3486.582822][T32526] RSP: 002b:00007fcfacd15038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 3486.582841][T32526] RAX: ffffffffffffffda RBX: 00007fcfac1b5fa0 RCX: 00007fcfabf8ebe9 [ 3486.582855][T32526] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 3486.582868][T32526] RBP: 00007fcfacd15090 R08: 0000000000000000 R09: 0000000000000000 [ 3486.582880][T32526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3486.582893][T32526] R13: 00007fcfac1b6038 R14: 00007fcfac1b5fa0 R15: 00007ffebf983768 [ 3486.582912][T32526] [ 3486.582919][T32526] debugfs: out of free dentries, can not create file 'net_refcnt@ffff888021fdc9f0' [ 3488.186736][T32551] __vm_enough_memory: pid: 32551, comm: syz.3.10448, bytes: 4398046511104 not enough memory for the allocation [ 3489.761510][T32568] vivid-003: ================= START STATUS ================= [ 3489.813625][T32568] vivid-003: Radio HW Seek Mode: Bounded [ 3489.845342][T32568] vivid-003: Radio Programmable HW Seek: false [ 3489.851516][T32568] vivid-003: RDS Rx I/O Mode: Block I/O [ 3489.924719][T32568] vivid-003: Generate RBDS Instead of RDS: false [ 3489.931078][T32568] vivid-003: RDS Reception: true [ 3490.017265][T32568] vivid-003: RDS Program Type: 0 inactive [ 3490.058171][T32568] vivid-003: RDS PS Name: inactive [ 3490.087306][T32568] vivid-003: RDS Radio Text: inactive [ 3490.116281][T32568] vivid-003: RDS Traffic Announcement: false inactive [ 3490.149071][T32568] vivid-003: RDS Traffic Program: false inactive [ 3490.200270][T32568] vivid-003: RDS Music: false inactive [ 3490.227389][T32568] vivid-003: ================== END STATUS ================== [ 3490.585341][T32588] FAULT_INJECTION: forcing a failure. [ 3490.585341][T32588] name failslab, interval 1, probability 0, space 0, times 0 [ 3490.608052][T32590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10458'. [ 3490.773643][T32588] CPU: 1 UID: 0 PID: 32588 Comm: syz.1.10457 Not tainted syzkaller #0 PREEMPT(full) [ 3490.773671][T32588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3490.773683][T32588] Call Trace: [ 3490.773690][T32588] [ 3490.773697][T32588] dump_stack_lvl+0x16c/0x1f0 [ 3490.773726][T32588] should_fail_ex+0x512/0x640 [ 3490.773762][T32588] should_failslab+0xc2/0x120 [ 3490.773789][T32588] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 3490.773814][T32588] ? xa_load+0x153/0x2c0 [ 3490.773841][T32588] ? __d_alloc+0x32/0xae0 [ 3490.773866][T32588] __d_alloc+0x32/0xae0 [ 3490.773889][T32588] ? rcu_is_watching+0x12/0xc0 [ 3490.773910][T32588] d_alloc_parallel+0x111/0x1480 [ 3490.773941][T32588] ? aio_prep_rw+0x8bd/0xbe0 [ 3490.773961][T32588] ? rcu_is_watching+0x12/0xc0 [ 3490.773981][T32588] ? __d_lookup+0x25c/0x4a0 [ 3490.774009][T32588] ? rcu_is_watching+0x12/0xc0 [ 3490.774029][T32588] ? lock_release+0x201/0x2f0 [ 3490.774054][T32588] ? __pfx_d_alloc_parallel+0x10/0x10 [ 3490.774086][T32588] ? __d_lookup+0x266/0x4a0 [ 3490.774115][T32588] ? lockdep_init_map_type+0x5c/0x280 [ 3490.774143][T32588] ? lockdep_init_map_type+0x5c/0x280 [ 3490.774172][T32588] proc_fill_cache+0x2e6/0x470 [ 3490.774199][T32588] ? __pfx_proc_pident_instantiate+0x10/0x10 [ 3490.774225][T32588] ? __pfx_proc_fill_cache+0x10/0x10 [ 3490.774254][T32588] ? tree_mod_log_oldest_root+0x30/0x180 [ 3490.774277][T32588] ? rcu_is_watching+0x12/0xc0 [ 3490.774297][T32588] ? tree_mod_log_oldest_root+0x30/0x180 [ 3490.774322][T32588] proc_pident_readdir+0x1bc/0x530 [ 3490.774350][T32588] iterate_dir+0x293/0xaf0 [ 3490.774369][T32588] __x64_sys_getdents+0x13c/0x2b0 [ 3490.774386][T32588] ? __pfx___x64_sys_getdents+0x10/0x10 [ 3490.774405][T32588] ? __pfx_filldir+0x10/0x10 [ 3490.774425][T32588] do_syscall_64+0xcd/0x490 [ 3490.774451][T32588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3490.774471][T32588] RIP: 0033:0x7f918578ebe9 [ 3490.774485][T32588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3490.774506][T32588] RSP: 002b:00007f9186686038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e [ 3490.774525][T32588] RAX: ffffffffffffffda RBX: 00007f91859b5fa0 RCX: 00007f918578ebe9 [ 3490.774539][T32588] RDX: 0000000000000fff RSI: 0000000000000000 RDI: 0000000000000004 [ 3490.774552][T32588] RBP: 00007f9186686090 R08: 0000000000000000 R09: 0000000000000000 [ 3490.774565][T32588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 3490.774577][T32588] R13: 00007f91859b6038 R14: 00007f91859b5fa0 R15: 00007ffff9289498 [ 3490.774597][T32588] [ 3491.036492][ C1] vkms_vblank_simulate: vblank timer overrun [ 3493.367553][T32633] vhci_hcd: not connected 4 [ 3493.557638][T32629] vivid-003: ================= START STATUS ================= [ 3493.598357][T32629] vivid-003: Radio HW Seek Mode: Bounded [ 3493.625475][T32629] vivid-003: Radio Programmable HW Seek: false [ 3493.644437][T32629] vivid-003: RDS Rx I/O Mode: Block I/O [ 3493.665908][T32629] vivid-003: Generate RBDS Instead of RDS: false [ 3493.694992][T32629] vivid-003: RDS Reception: true [ 3493.714608][T32629] vivid-003: RDS Program Type: 0 inactive [ 3493.787808][T32629] vivid-003: RDS PS Name: inactive [ 3493.854544][T32629] vivid-003: RDS Radio Text: inactive [ 3493.885342][T32629] vivid-003: RDS Traffic Announcement: false inactive [ 3493.922595][T32629] vivid-003: RDS Traffic Program: false inactive [ 3493.956726][T32629] vivid-003: RDS Music: false inactive [ 3493.980212][T32629] vivid-003: ================== END STATUS ================== [ 3494.021300][T32644] dyndbg: bad flag-op , at start of  [ 3494.040436][T32644] dyndbg: flags parse failed [ 3494.081842][T32640] vivid-003: ================= START STATUS ================= [ 3494.110511][T32640] vivid-003: Radio HW Seek Mode: Bounded [ 3494.131882][T32640] vivid-003: Radio Programmable HW Seek: false [ 3494.168514][T32640] vivid-003: RDS Rx I/O Mode: Block I/O [ 3494.215338][T32640] vivid-003: Generate RBDS Instead of RDS: false [ 3494.252647][T32640] vivid-003: RDS Reception: true [ 3494.273986][T32640] vivid-003: RDS Program Type: 0 inactive [ 3494.312803][T32640] vivid-003: RDS PS Name: inactive [ 3494.330647][T32640] vivid-003: RDS Radio Text: inactive [ 3494.354910][T32640] vivid-003: RDS Traffic Announcement: false inactive [ 3494.387114][T32640] vivid-003: RDS Traffic Program: false inactive [ 3494.434576][T32640] vivid-003: RDS Music: false inactive [ 3494.457859][T32640] vivid-003: ================== END STATUS ================== [ 3495.157316][T32660] vivid-003: ================= START STATUS ================= [ 3495.170518][T32664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.10475'. [ 3495.206720][T32660] vivid-003: Radio HW Seek Mode: Bounded [ 3495.239483][T32660] vivid-003: Radio Programmable HW Seek: false [ 3495.285484][T32660] vivid-003: RDS Rx I/O Mode: Block I/O [ 3495.317324][T32660] vivid-003: Generate RBDS Instead of RDS: false [ 3495.350456][T32660] vivid-003: RDS Reception: true [ 3495.372570][T32660] vivid-003: RDS Program Type: 0 inactive [ 3495.414145][T32660] vivid-003: RDS PS Name: inactive [ 3495.456489][T32660] vivid-003: RDS Radio Text: inactive [ 3495.477936][T32660] vivid-003: RDS Traffic Announcement: false inactive [ 3495.516484][T32660] vivid-003: RDS Traffic Program: false inactive [ 3495.567528][T32660] vivid-003: RDS Music: false inactive [ 3495.594393][T32659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10474'. [ 3495.603537][T32660] vivid-003: ================== END STATUS ================== [ 3497.122691][T32688] vivid-003: ================= START STATUS ================= [ 3497.172063][T32688] vivid-003: Radio HW Seek Mode: Bounded [ 3497.210420][T32688] vivid-003: Radio Programmable HW Seek: false [ 3497.263390][T32688] vivid-003: RDS Rx I/O Mode: Block I/O [ 3497.303324][T32688] vivid-003: Generate RBDS Instead of RDS: false [ 3497.345668][T32688] vivid-003: RDS Reception: true [ 3497.377921][T32688] vivid-003: RDS Program Type: 0 inactive [ 3497.406489][T32688] vivid-003: RDS PS Name: inactive [ 3497.447583][T32688] vivid-003: RDS Radio Text: inactive [ 3497.470230][T32688] vivid-003: RDS Traffic Announcement: false inactive [ 3497.522006][T32688] vivid-003: RDS Traffic Program: false inactive [ 3497.583443][T32688] vivid-003: RDS Music: false inactive [ 3497.623039][T32688] vivid-003: ================== END STATUS ================== [ 3497.672361][T32701] ================================================================== [ 3497.680428][T32701] BUG: KASAN: slab-use-after-free in dvb_device_open+0x36a/0x3b0 [ 3497.688166][T32701] Read of size 8 at addr ffff88802a6e0218 by task syz.2.10483/32701 [ 3497.696132][T32701] [ 3497.698449][T32701] CPU: 1 UID: 0 PID: 32701 Comm: syz.2.10483 Not tainted syzkaller #0 PREEMPT(full) [ 3497.698474][T32701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3497.698487][T32701] Call Trace: [ 3497.698494][T32701] [ 3497.698502][T32701] dump_stack_lvl+0x116/0x1f0 [ 3497.698530][T32701] print_report+0xcd/0x630 [ 3497.698558][T32701] ? __virt_addr_valid+0x81/0x610 [ 3497.698584][T32701] ? __phys_addr+0xe8/0x180 [ 3497.698609][T32701] ? dvb_device_open+0x36a/0x3b0 [ 3497.698636][T32701] kasan_report+0xe0/0x110 [ 3497.698663][T32701] ? dvb_device_open+0x36a/0x3b0 [ 3497.698693][T32701] ? __pfx_dvb_device_open+0x10/0x10 [ 3497.698722][T32701] dvb_device_open+0x36a/0x3b0 [ 3497.698750][T32701] ? __pfx_dvb_device_open+0x10/0x10 [ 3497.698779][T32701] chrdev_open+0x231/0x6a0 [ 3497.698805][T32701] ? __pfx_apparmor_file_open+0x10/0x10 [ 3497.698828][T32701] ? __pfx_chrdev_open+0x10/0x10 [ 3497.698855][T32701] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 3497.698900][T32701] do_dentry_open+0x97f/0x1530 [ 3497.698926][T32701] ? __pfx_chrdev_open+0x10/0x10 [ 3497.698957][T32701] vfs_open+0x82/0x3f0 [ 3497.699001][T32701] path_openat+0x1de4/0x2cb0 [ 3497.699029][T32701] ? __pfx_path_openat+0x10/0x10 [ 3497.699056][T32701] do_filp_open+0x20b/0x470 [ 3497.699080][T32701] ? __pfx_do_filp_open+0x10/0x10 [ 3497.699112][T32701] ? alloc_fd+0x471/0x7d0 [ 3497.699142][T32701] do_sys_openat2+0x11b/0x1d0 [ 3497.699175][T32701] ? __pfx_do_sys_openat2+0x10/0x10 [ 3497.699207][T32701] ? __pfx_do_sys_openat2+0x10/0x10 [ 3497.699240][T32701] ? __pfx___might_resched+0x10/0x10 [ 3497.699264][T32701] __x64_sys_openat+0x174/0x210 [ 3497.699296][T32701] ? __pfx___x64_sys_openat+0x10/0x10 [ 3497.699334][T32701] do_syscall_64+0xcd/0x490 [ 3497.699362][T32701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3497.699383][T32701] RIP: 0033:0x7fe150d8ebe9 [ 3497.699398][T32701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3497.699419][T32701] RSP: 002b:00007fe14eff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3497.699438][T32701] RAX: ffffffffffffffda RBX: 00007fe150fb5fa0 RCX: 00007fe150d8ebe9 [ 3497.699452][T32701] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 3497.699466][T32701] RBP: 00007fe150e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 3497.699479][T32701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3497.699492][T32701] R13: 00007fe150fb6038 R14: 00007fe150fb5fa0 R15: 00007ffd61508338 [ 3497.699512][T32701] [ 3497.699519][T32701] [ 3497.949375][T32701] Allocated by task 32509: [ 3497.953776][T32701] kasan_save_stack+0x33/0x60 [ 3497.958453][T32701] kasan_save_track+0x14/0x30 [ 3497.963121][T32701] __kasan_kmalloc+0xaa/0xb0 [ 3497.967706][T32701] __kmalloc_noprof+0x223/0x510 [ 3497.972550][T32701] mpi_alloc_limb_space+0x31/0x60 [ 3497.977568][T32701] mpi_alloc+0x199/0x230 [ 3497.981807][T32701] mpi_read_raw_from_sgl+0x222/0x5b0 [ 3497.987093][T32701] rsa_enc+0x15d/0x3b0 [ 3497.991170][T32701] rsassa_pkcs1_verify+0x4ff/0xb60 [ 3497.996277][T32701] public_key_verify_signature+0x66f/0x970 [ 3498.002074][T32701] x509_check_for_self_signed+0x31a/0x500 [ 3498.007794][T32701] x509_cert_parse+0x5f8/0x900 [ 3498.012547][T32701] pkcs7_extract_cert+0xa4/0x320 [ 3498.017479][T32701] asn1_ber_decoder+0xc5f/0x1df0 [ 3498.022420][T32701] pkcs7_parse_message+0x288/0x720 [ 3498.027526][T32701] verify_pkcs7_signature+0x30/0xa0 [ 3498.032725][T32701] valid_regdb+0x211/0x590 [ 3498.037134][T32701] reg_reload_regdb+0x11a/0x460 [ 3498.041981][T32701] genl_family_rcv_msg_doit+0x206/0x2f0 [ 3498.047546][T32701] genl_rcv_msg+0x55c/0x800 [ 3498.052063][T32701] netlink_rcv_skb+0x155/0x420 [ 3498.056830][T32701] genl_rcv+0x28/0x40 [ 3498.060810][T32701] netlink_unicast+0x5aa/0x870 [ 3498.065570][T32701] netlink_sendmsg+0x8d1/0xdd0 [ 3498.070329][T32701] ____sys_sendmsg+0xa95/0xc70 [ 3498.075101][T32701] ___sys_sendmsg+0x134/0x1d0 [ 3498.079778][T32701] __sys_sendmsg+0x16d/0x220 [ 3498.084364][T32701] do_syscall_64+0xcd/0x490 [ 3498.088862][T32701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3498.094744][T32701] [ 3498.097060][T32701] Freed by task 32509: [ 3498.101120][T32701] kasan_save_stack+0x33/0x60 [ 3498.105796][T32701] kasan_save_track+0x14/0x30 [ 3498.110465][T32701] kasan_save_free_info+0x3b/0x60 [ 3498.115476][T32701] __kasan_slab_free+0x60/0x70 [ 3498.120235][T32701] kfree+0x2b4/0x4d0 [ 3498.124119][T32701] mpi_free+0x9a/0x160 [ 3498.128178][T32701] rsa_enc+0x21b/0x3b0 [ 3498.132239][T32701] rsassa_pkcs1_verify+0x4ff/0xb60 [ 3498.137348][T32701] public_key_verify_signature+0x66f/0x970 [ 3498.143243][T32701] x509_check_for_self_signed+0x31a/0x500 [ 3498.148961][T32701] x509_cert_parse+0x5f8/0x900 [ 3498.153722][T32701] pkcs7_extract_cert+0xa4/0x320 [ 3498.158656][T32701] asn1_ber_decoder+0xc5f/0x1df0 [ 3498.163593][T32701] pkcs7_parse_message+0x288/0x720 [ 3498.168700][T32701] verify_pkcs7_signature+0x30/0xa0 [ 3498.173908][T32701] valid_regdb+0x211/0x590 [ 3498.178330][T32701] reg_reload_regdb+0x11a/0x460 [ 3498.183192][T32701] genl_family_rcv_msg_doit+0x206/0x2f0 [ 3498.188752][T32701] genl_rcv_msg+0x55c/0x800 [ 3498.193255][T32701] netlink_rcv_skb+0x155/0x420 [ 3498.198018][T32701] genl_rcv+0x28/0x40 [ 3498.201999][T32701] netlink_unicast+0x5aa/0x870 [ 3498.206759][T32701] netlink_sendmsg+0x8d1/0xdd0 [ 3498.211518][T32701] ____sys_sendmsg+0xa95/0xc70 [ 3498.216283][T32701] ___sys_sendmsg+0x134/0x1d0 [ 3498.220955][T32701] __sys_sendmsg+0x16d/0x220 [ 3498.225549][T32701] do_syscall_64+0xcd/0x490 [ 3498.230061][T32701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3498.235947][T32701] [ 3498.238258][T32701] The buggy address belongs to the object at ffff88802a6e0200 [ 3498.238258][T32701] which belongs to the cache kmalloc-256 of size 256 [ 3498.252308][T32701] The buggy address is located 24 bytes inside of [ 3498.252308][T32701] freed 256-byte region [ffff88802a6e0200, ffff88802a6e0300) [ 3498.266020][T32701] [ 3498.268332][T32701] The buggy address belongs to the physical page: [ 3498.274740][T32701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2a6e0 [ 3498.283489][T32701] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 3498.291982][T32701] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 3498.299519][T32701] page_type: f5(slab) [ 3498.303496][T32701] raw: 00fff00000000040 ffff88801b841b40 ffffea0000f77c80 0000000000000004 [ 3498.312077][T32701] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 3498.320659][T32701] head: 00fff00000000040 ffff88801b841b40 ffffea0000f77c80 0000000000000004 [ 3498.329331][T32701] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 3498.337992][T32701] head: 00fff00000000001 ffffea0000a9b801 00000000ffffffff 00000000ffffffff [ 3498.346653][T32701] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 3498.355317][T32701] page dumped because: kasan: bad access detected [ 3498.361718][T32701] page_owner tracks the page as allocated [ 3498.367414][T32701] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 22550479176, free_ts 0 [ 3498.387130][T32701] post_alloc_hook+0x1c0/0x230 [ 3498.391892][T32701] get_page_from_freelist+0x132b/0x38e0 [ 3498.397436][T32701] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 3498.403323][T32701] alloc_pages_mpol+0x1fb/0x550 [ 3498.408181][T32701] new_slab+0x247/0x330 [ 3498.412359][T32701] ___slab_alloc+0xcf2/0x1740 [ 3498.417045][T32701] __slab_alloc.constprop.0+0x56/0xb0 [ 3498.422412][T32701] __kmalloc_cache_noprof+0xfb/0x3e0 [ 3498.427694][T32701] bus_add_driver+0x92/0x690 [ 3498.432278][T32701] driver_register+0x15c/0x4b0 [ 3498.437045][T32701] i2c_register_driver+0xd9/0x1c0 [ 3498.442073][T32701] do_one_initcall+0x120/0x6e0 [ 3498.446833][T32701] kernel_init_freeable+0x5c2/0x910 [ 3498.452083][T32701] kernel_init+0x1c/0x2b0 [ 3498.456417][T32701] ret_from_fork+0x5d4/0x6f0 [ 3498.461017][T32701] ret_from_fork_asm+0x1a/0x30 [ 3498.465779][T32701] page_owner free stack trace missing [ 3498.471132][T32701] [ 3498.473441][T32701] Memory state around the buggy address: [ 3498.479064][T32701] ffff88802a6e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3498.487115][T32701] ffff88802a6e0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3498.495165][T32701] >ffff88802a6e0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3498.503211][T32701] ^ [ 3498.508045][T32701] ffff88802a6e0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 3498.516105][T32701] ffff88802a6e0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 3498.524165][T32701] ================================================================== [ 3498.532219][ C1] vkms_vblank_simulate: vblank timer overrun [ 3498.619444][T32697] vivid-003: ================= START STATUS ================= [ 3498.637302][T32697] vivid-003: Radio HW Seek Mode: Bounded [ 3498.647421][T32697] vivid-003: Radio Programmable HW Seek: false [ 3498.653603][T32697] vivid-003: RDS Rx I/O Mode: Block I/O [ 3498.677313][T32697] vivid-003: Generate RBDS Instead of RDS: false [ 3498.684429][T32697] vivid-003: RDS Reception: true [ 3498.693800][T32697] vivid-003: RDS Program Type: 0 inactive [ 3498.703887][T32697] vivid-003: RDS PS Name: inactive [ 3498.714017][T32697] vivid-003: RDS Radio Text: inactive [ 3498.727452][T32697] vivid-003: RDS Traffic Announcement: false inactive [ 3498.744712][T32697] vivid-003: RDS Traffic Program: false inactive [ 3498.754798][T32697] vivid-003: RDS Music: false inactive [ 3498.764888][T32697] vivid-003: ================== END STATUS ================== [ 3499.315805][T32701] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 3499.323022][T32701] CPU: 1 UID: 0 PID: 32701 Comm: syz.2.10483 Not tainted syzkaller #0 PREEMPT(full) [ 3499.332470][T32701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 3499.342514][T32701] Call Trace: [ 3499.345783][T32701] [ 3499.348707][T32701] dump_stack_lvl+0x3d/0x1f0 [ 3499.353301][T32701] vpanic+0x6e8/0x7a0 [ 3499.357289][T32701] ? __pfx_vpanic+0x10/0x10 [ 3499.361793][T32701] ? __pfx_vprintk_emit+0x10/0x10 [ 3499.366815][T32701] ? dvb_device_open+0x36a/0x3b0 [ 3499.371752][T32701] panic+0xca/0xd0 [ 3499.375475][T32701] ? __pfx_panic+0x10/0x10 [ 3499.379893][T32701] ? dvb_device_open+0x36a/0x3b0 [ 3499.384833][T32701] ? preempt_schedule_common+0x44/0xc0 [ 3499.390289][T32701] ? preempt_schedule_thunk+0x16/0x30 [ 3499.395677][T32701] check_panic_on_warn+0xab/0xb0 [ 3499.400616][T32701] end_report+0x107/0x170 [ 3499.404946][T32701] kasan_report+0xee/0x110 [ 3499.409364][T32701] ? dvb_device_open+0x36a/0x3b0 [ 3499.414302][T32701] ? __pfx_dvb_device_open+0x10/0x10 [ 3499.419586][T32701] dvb_device_open+0x36a/0x3b0 [ 3499.424353][T32701] ? __pfx_dvb_device_open+0x10/0x10 [ 3499.429638][T32701] chrdev_open+0x231/0x6a0 [ 3499.434053][T32701] ? __pfx_apparmor_file_open+0x10/0x10 [ 3499.439593][T32701] ? __pfx_chrdev_open+0x10/0x10 [ 3499.444529][T32701] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 3499.450868][T32701] do_dentry_open+0x97f/0x1530 [ 3499.455630][T32701] ? __pfx_chrdev_open+0x10/0x10 [ 3499.460570][T32701] vfs_open+0x82/0x3f0 [ 3499.464654][T32701] path_openat+0x1de4/0x2cb0 [ 3499.469247][T32701] ? __pfx_path_openat+0x10/0x10 [ 3499.474200][T32701] do_filp_open+0x20b/0x470 [ 3499.478702][T32701] ? __pfx_do_filp_open+0x10/0x10 [ 3499.483743][T32701] ? alloc_fd+0x471/0x7d0 [ 3499.488072][T32701] do_sys_openat2+0x11b/0x1d0 [ 3499.492757][T32701] ? __pfx_do_sys_openat2+0x10/0x10 [ 3499.497957][T32701] ? __pfx_do_sys_openat2+0x10/0x10 [ 3499.503175][T32701] ? __pfx___might_resched+0x10/0x10 [ 3499.508457][T32701] __x64_sys_openat+0x174/0x210 [ 3499.513324][T32701] ? __pfx___x64_sys_openat+0x10/0x10 [ 3499.518706][T32701] do_syscall_64+0xcd/0x490 [ 3499.523212][T32701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 3499.529098][T32701] RIP: 0033:0x7fe150d8ebe9 [ 3499.533546][T32701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 3499.553169][T32701] RSP: 002b:00007fe14eff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 3499.561577][T32701] RAX: ffffffffffffffda RBX: 00007fe150fb5fa0 RCX: 00007fe150d8ebe9 [ 3499.569545][T32701] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 3499.577507][T32701] RBP: 00007fe150e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 3499.585466][T32701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3499.593427][T32701] R13: 00007fe150fb6038 R14: 00007fe150fb5fa0 R15: 00007ffd61508338 [ 3499.601395][T32701] [ 3499.604459][T32701] Kernel Offset: disabled [ 3499.608778][T32701] Rebooting in 86400 seconds..