last executing test programs: 8.343897527s ago: executing program 0 (id=4761): r0 = openat$auto_nodes_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) read$auto_nodes_fops_netdebug(r0, 0x0, 0x0) mmap$auto(0x1, 0x400009, 0x70, 0x9b73, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) msgrcv$auto(0x0, 0x0, 0xff9, 0xfffffffffffffffc, 0xb4) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) r1 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/loginuid\x00', 0x1a9602, 0x0) write$auto_proc_loginuid_operations_base(r1, 0x0, 0x0) socket(0x2, 0x3, 0xa) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x24, 0x0, 0x1, 0x70bd29, 0x25dfdbf9, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0xf, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40010}, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000fb3d89cb809172a3320003008000400088"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}, 0x1, 0x0, 0x0, 0x4000804}, 0x40000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0x800}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0xa788}, 0x7, 0x8) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) 7.858687547s ago: executing program 0 (id=4763): unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) ioctl$auto(r0, 0x8903, 0x8) mmap$auto(0x10000000000001, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbdf25050000e5f44621dd080001", @ANYRES32=0x0, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) mmap$auto(0x1, 0x4020007, 0xdb, 0xeb2, 0xffffffffffffffff, 0x8002) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb2, 0x4, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r3, 0x27c9d9d5b13b6c03, 0x70bd25, 0x25dfdbfd, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) 7.066877377s ago: executing program 1 (id=4765): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000340), 0x189e42, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) r3 = socket(0x1e, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x80000, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r4 = socket(0xa, 0x801, 0x84) listen$auto(r4, 0x3) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r3, 0x29, 0x11, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) r5 = socket(0x2, 0x800, 0x4) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r5, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x8000000000000001, 0x8, 0x8fd6, 0x4, 0x7, 0x4, 0x3, 0x3, 0xfffff7fffffffffa, 0x80000001, 0x7440, 0x3, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) preadv$auto(r6, &(0x7f0000003340)={0x0, 0x40}, 0x9, 0x1000000005, 0x100000001) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x500, 0x0) unshare$auto(0x40000080) 6.890699476s ago: executing program 2 (id=4767): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/dev/cdrom/info\x00', 0x2000, 0x0) read$auto(r0, 0x0, 0x1ff) read$auto(0x3, 0x0, 0x80) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x27) r2 = openat$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy7/netdev:wlan0/stations/08:02:11:00:00:01/rc_stats\x00', 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) io_uring_setup$auto(0x1, 0x0) r3 = socket(0x1a, 0x2, 0xfffffff9) setsockopt$auto(r3, 0x107, 0x1000005, 0x0, 0x8004) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vlan0\x00', 0x0}) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@can={0x1d, r4}, 0x6a) bpf$auto_BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000005c0)=@bpf_attr_0={0xf, 0x2, 0x1f7, 0x2, 0x9, r1, 0xb, "12b3272197a2c5108e3706cd17b7d547", r4, r1, 0xfdf, 0xfffffffe, 0xa, 0x285, r0, r1}, 0x4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000540)={"ef13a5421a8765cadfca437c4d1316833843180bb151ed36e8ce6cb454168d6c", 0x3ff, 0xc9, 0x1000, 0xd, 0x9}) ioctl$auto_BLKTRACESTART(r5, 0x1274, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) r6 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x404140, 0x0) r7 = socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(r7, 0x6a, 0x2, 0x0, 0x0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(r6, 0x4048587b, &(0x7f0000000480)={{r2, &(0x7f0000000040)="5c5ef62f341789261b922abadd8246eab0f5da8fb4e0f526edb37883943ecc9b1966d8a60346db4ce8644323695319b8bfe16cbf94b0e19156eb824c5fefe5a69b2b45104c98e6672ef1c2", 0x9, &(0x7f0000000140)="f27f78cdb705c34313858c6e0c8e3b7259367bd9e1b64b6208b5f7099d87326ccc525345d7bdc77cee4a4313fdce9bf30722daecf7d7f79b49ed301098e575a95cb12e3f8413544d09fa96eedce5baec823b9534a6262ed262540eb673", 0x3, &(0x7f00000001c0)="94a34869d8b424dafac3855767e8aa6635966f053ce796cb5a4bda580b89deef97830c2b731569ec9dd2db228759b6c88e398a5f69c14b8cf8c7a822cf1d372a72ae933d19c37fceff14e6e20f5b587ac058fca5bd6c7787bbe31ea130bbb6708110bb7df089c596f3313b392c1005c94b751ddb8ac5cf50c2b5abd8e8671a376f049ece4bde99ab1bd1f496f345c77c804c1659a6657549cd363fdb93c71dbf322e2b3bafb67b08e3b9d8d54dba514eca131a277dc6af9b7786e20bcb1f5d1901c9f6c0cf9ea319d453ef3bab16a76a5b33a7b09c2d99bd92", &(0x7f0000000300)=0xb}, 0xb, &(0x7f0000000440)={0x9, 0x5, &(0x7f0000000340)="a4a4207728e7f167539fa02bcce76812ed8188475f2923304e2fd2b1496cb961369def58edb19f57e7b3", &(0x7f0000000380)="24c0b5905ba74ed18cbecd307318caff1d42a0e1d4764f8037d79bd2de0c01f2c43f7101d7c3db0060418793b834d261581709b7ff13340ba4aa6c87ba940555e294f75c4070a7e98fb35276cfbf580a2dd5bf830183cd46c1801e74ab781b1ba979eca5c277efa5d0e290157d67cabbf73dd13a8ac24756861ce39f078887cd0337f088ae1288b0d1a7c46573f21dee39515de909bef5a12cfdbd498db542e13f024297af65", 0x7d5e, 0x3}}) 6.66115023s ago: executing program 0 (id=4768): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-9/xps_rxqs\x00', 0x1a1842, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000003c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r0, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000280)=ANY=[@ANYRESHEX=r1, @ANYRES16=r1, @ANYBLOB="2bb22bbd7000fcdbdf25050000000400038008000100", @ANYRES32=0x0, @ANYBLOB="829c7e555615f362764034cf7ac8ae71dd96c3a14d9eb0156b522918653403d5a3e22d3e1f50ef881e6c8905012fe29e6f9095b750e3cc218ad18f8d14d58f9c77"], 0x20}}, 0x40094) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x4c0801, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') lsm_get_self_attr$auto(0x64, 0x0, 0x0, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x428, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffeffe, 0x2) io_uring_setup$auto(0x7, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x181902, 0x0) io_uring_setup$auto(0x6, 0x0) mbind$auto(0x5, 0x111f, 0x28, &(0x7f0000000180)=0x13fffffff, 0xfffffffffffffffc, 0x3f) io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) 6.204467487s ago: executing program 3 (id=4769): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000340), 0x189e42, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) r3 = socket(0x1e, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x80000, 0x3) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x84, 0xac1, 0x2, 0x36242398, 0xfffff5b2, 0x3bb, 0x8000007, 0xffff, 0x6, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r4 = socket(0xa, 0x801, 0x84) listen$auto(r4, 0x3) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(r3, 0x29, 0x11, 0x0, 0x110) r5 = socket(0x2, 0x800, 0x4) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r5, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x8000000000000001, 0x8, 0x8fd6, 0x4, 0x7, 0x4, 0x3, 0x3, 0xfffff7fffffffffa, 0x80000001, 0x7440, 0x3, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) preadv$auto(r6, &(0x7f0000003340)={0x0, 0x40}, 0x9, 0x1000000005, 0x100000001) unshare$auto(0x40000080) 5.411023522s ago: executing program 0 (id=4770): unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) ioctl$auto(r0, 0x8903, 0x8) mmap$auto(0x10000000000001, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbdf25050000e5f44621dd080001", @ANYRES32=0x0, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) mmap$auto(0x1, 0x4020007, 0xdb, 0xeb2, 0xffffffffffffffff, 0x8002) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb2, 0x4, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r3, 0x27c9d9d5b13b6c03, 0x70bd25, 0x25dfdbfd, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) 4.140572849s ago: executing program 1 (id=4771): mmap$auto(0x0, 0x8, 0xdf, 0xeb1, 0x0, 0x8000) sysfs$auto(0x2, 0x9, 0x0) fsopen$auto(0x0, 0x1) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) socket(0xa, 0x3, 0x3a) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0xc, 0x20009, 0x5, 0x14, 0xffffffffffffffff, 0x0) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/misc/cpu_dma_latency/power/runtime_active_time\x00', 0x200, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) madvise$auto(0x0, 0x2003f0, 0x18) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) bpf$auto(0x1a, &(0x7f0000000380)=@link_create={@map_fd, @target_ifindex=r1, 0x3, 0x81, @uprobe_multi={0x81, 0x1ff, 0x3d7e, 0x0, 0x1, 0x4}}, 0x92) 4.101672474s ago: executing program 2 (id=4772): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x54) openat$auto_hwsim_fops_ps_(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy4/hwsim/ps\x00', 0x8000, 0x0) socket(0xa, 0x5, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, 0x0, 0x405b) socket(0x10, 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getsockopt$auto(0xffffffffffffffff, 0xff, 0x90, 0x0, &(0x7f0000000140)=0x3) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xf, 0x1, 0x948b, 0x3, 0x15f4da07, 0x3, 0x8000000003, 0x62, 0x8000001f, 0x40007, 0x4, 0x9, 0x2, 0x8]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/system/memory/memory10/phys_index\x00', 0x100, 0x0) read$auto(0x3, 0x0, 0x7) close_range$auto(0x2, 0xa, 0x0) getsockopt$auto_SO_BROADCAST(0xffffffffffffffff, 0xf7f, 0x6, 0x0, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20001, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfffe) 4.008320625s ago: executing program 0 (id=4773): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r1, 0x4b4a) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r3 = socket(0x23, 0x5, 0x0) bind$auto(r3, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) socket(0xf, 0xa, 0x5) connect$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x6, @none, 0x5}, 0x2) ioperm$auto(0x7, 0x75, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='./cgroup.net/blkio.bfq.dequeue\x00', 0x8ad00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/4096, 0x1000) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) 3.989301744s ago: executing program 3 (id=4774): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="110b27bd7000ffdbdf2509000000"], 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x1000) 3.785860549s ago: executing program 3 (id=4775): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x3f, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) mmap$auto(0xf4, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0) bpf$auto(0x2, &(0x7f0000000380)=@token_create={0x5315, r2}, 0x1) read$auto(0x3, 0x0, 0x80) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/rpc/use-gss-proxy\x00', 0x48041, 0x0) write$auto(r3, 0x0, 0x6) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto_XFS_IOC_FSBULKSTAT(r1, 0xc0205865, &(0x7f00000002c0)={0x0, 0x10001, 0x0, &(0x7f0000000280)=0x2}) r5 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r5, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 2.94295646s ago: executing program 2 (id=4776): mmap$auto(0x200004, 0x1, 0x4, 0x95, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x40) modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10) (fail_nth: 2) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000240)={0x25, 0x3, 0x7f, 0xff, 0x7fc, 0x0, &(0x7f0000000100)="67ed45ca2572fb35d549840000000020000000000000000000"}) mmap$auto(0x201, 0x14000, 0x4000000200df, 0x11, 0x404, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xf, 0x801, 0x84) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket(0xa, 0x2, 0x88) r4 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r3, @new_prog_fd=0x4, 0x4, @old_prog_fd=r1}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r4, @new_prog_fd=r5, 0x1, @old_prog_fd=r2}, 0x7) newfstatat$auto(0xffffffffffffffff, &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x784a) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x42, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/usb15-port6/early_stop\x00', 0x4e2340, 0x0) getsockopt$auto_SO_PEERPIDFD(0xffffffffffffffff, 0x4, 0x4d, &(0x7f0000000000)='/dev/kvm\x00', &(0x7f0000000040)=0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xfffffffffffffff3, 0xdf, 0xeb3, r2, 0x40) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x0, 0x0, 0x0, 0x440a48d3) 1.855923624s ago: executing program 2 (id=4777): openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c45d446", @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000600060009000000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a0005000180c200000e00000a0001"], 0x6c}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r0 = socket(0x10, 0x2, 0x6) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r1, 0xc0045009, &(0x7f0000000040)) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(0xffffffffffffffff, 0xc1004111, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyx3\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2000, 0x0) write$auto(0x3, 0x0, 0x7) 1.778649633s ago: executing program 1 (id=4778): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14b602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5422, 0x9) openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/setgroups\x00', 0x20d00, 0x0) 1.377486468s ago: executing program 1 (id=4779): io_uring_register$auto(0x2, 0x1e, &(0x7f0000000180), 0x1) 1.337688484s ago: executing program 2 (id=4780): mmap$auto(0x200004, 0x1, 0x4, 0x95, 0xfffffffffffffffa, 0x8000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000080)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x40) modify_ldt$auto(0x1, &(0x7f00000001c0), 0x10) ioctl$auto_USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000240)={0x25, 0x3, 0x7f, 0xff, 0x7fc, 0x0, &(0x7f0000000100)="67ed45ca2572fb35d549840000000020000000000000000000"}) mmap$auto(0x201, 0x14000, 0x4000000200df, 0x11, 0x404, 0x0) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xf, 0x801, 0x84) r2 = io_uring_setup$auto(0x6, 0x0) r3 = socket(0xa, 0x2, 0x88) r4 = bpf$auto(0x0, &(0x7f0000000000)=@link_update={r3, @new_prog_fd=0x4, 0x4, @old_prog_fd=r1}, 0xa3) bpf$auto(0x4, &(0x7f0000000040)=@link_update={r4, @new_prog_fd=r5, 0x1, @old_prog_fd=r2}, 0x7) newfstatat$auto(0xffffffffffffffff, &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x784a) pread64$auto(0xffffffffffffffff, 0x0, 0x7ff, 0x400) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x42, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/usb15-port6/early_stop\x00', 0x4e2340, 0x0) getsockopt$auto_SO_PEERPIDFD(0xffffffffffffffff, 0x4, 0x4d, &(0x7f0000000000)='/dev/kvm\x00', &(0x7f0000000040)=0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x7f, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xfffffffffffffff3, 0xdf, 0xeb3, r2, 0x40) futex$auto(&(0x7f0000000080)=0x3, 0x3, 0x0, 0x0, 0x0, 0x440a48d3) 1.191373757s ago: executing program 3 (id=4781): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), r0) sendmsg$auto_ILA_CMD_ADD(r0, &(0x7f0000000b00)={0x0, 0x300, &(0x7f0000000ac0)={&(0x7f0000000080)={0x14, r1, 0x201, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x8080}, 0x38) 657.661326ms ago: executing program 2 (id=4782): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D3\x00', 0x418000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/cgroup\x00') syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00') getpid() r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/route\x00', 0x0, 0x0) pread64$auto(r1, 0x0, 0x8, 0x8000) mlockall$auto(0x5) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x40000000a}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x4) socketpair$auto(0x1c, 0x1, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x5, 0x3, 0xbb72, 0x7, 0x28000) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0xa, 0x3, 0x3b) open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x10a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) socket(0x18, 0xa, 0x1) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x261c2, 0x84) 656.876943ms ago: executing program 1 (id=4783): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) r1 = socket(0x1d, 0x2, 0x7) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010029bd7000fbdbdf2502ff"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x840) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(r1, &(0x7f0000000000)=@can={0x1d, r3}, 0x6a) r4 = bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000000)=@query={@target_fd=r0, 0x6, 0x0, 0x94, 0x7fffffff, @count=0x6, 0x0, 0x7fffffff, 0x2, 0x3}, 0x5) msgget$auto(0x1, 0x4) r6 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000100), r5) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, r6, 0x10, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_RINGS_TX_PUSH_BUF_LEN={0x8, 0xf, 0x2}, @ETHTOOL_A_RINGS_RX_BUF_LEN={0x8, 0xa, 0xb4d}, @ETHTOOL_A_RINGS_TCP_DATA_SPLIT={0x5, 0xb, 0x1}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x9}, @ETHTOOL_A_RINGS_CQE_SIZE={0x8, 0xc, 0xa}]}, 0x3c}}, 0x8000) 635.848054ms ago: executing program 3 (id=4784): openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) mmap$auto(0x7000000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) 396.549711ms ago: executing program 3 (id=4785): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810008, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rseq$auto(0x0, 0xfffffff4, 0x0, 0x5) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r1, 0x4b4a) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x62040, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r3 = socket(0x23, 0x5, 0x0) bind$auto(r3, &(0x7f0000000140)=@phonet={0x23, 0x6, 0x0, 0xa3}, 0x80) socket(0xf, 0xa, 0x5) connect$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x6, @none, 0x5}, 0x2) ioperm$auto(0x7, 0x75, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='./cgroup.net/blkio.bfq.dequeue\x00', 0x8ad00, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f00000000c0)=""/4096, 0x1000) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) close_range$auto(0x2, 0xa, 0x0) 112.706964ms ago: executing program 1 (id=4786): unshare$auto(0x40000080) r0 = socket(0xa, 0x5, 0x0) ioctl$auto(r0, 0x8903, 0x8) mmap$auto(0x10000000000001, 0x3, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, 0x0, 0x800) unshare$auto(0x40000080) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB, @ANYBLOB="2bb22bbd7000fcdbdf25050000e5f44621dd08000100", @ANYRES32=0x0, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) mmap$auto(0x1, 0x4020007, 0xdb, 0xeb2, 0xffffffffffffffff, 0x8002) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb2, 0x4, 0x80) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000000)={0x1c, r3, 0x27c9d9d5b13b6c03, 0x70bd25, 0x25dfdbfd, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c884}, 0x64004890) 0s ago: executing program 0 (id=4787): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x3, 0xff) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) (fail_nth: 9) kernel console output (not intermixed with test programs): 00000000000000ca [ 1749.316858][T27487] RAX: fffffffffffffe00 RBX: 00007f5cc61b5fa8 RCX: 00007f5cc5f8ebe9 [ 1749.316874][T27487] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5cc61b5fa8 [ 1749.316890][T27487] RBP: 00007f5cc61b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1749.316905][T27487] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1749.316919][T27487] R13: 00007f5cc61b6038 R14: 00007fff65f46eb0 R15: 00007fff65f46f98 [ 1749.316954][T27487] [ 1749.622898][T27486] vivid-003: RDS Traffic Announcement: false inactive [ 1749.635103][T27486] vivid-003: RDS Traffic Program: false inactive [ 1749.773401][T27486] vivid-003: RDS Music: false inactive [ 1749.854731][T27486] vivid-003: ================== END STATUS ================== [ 1750.373271][T27503] netlink: 'syz.3.4173': attribute type 19 has an invalid length. [ 1750.381379][T27503] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4173'. [ 1751.454739][T27522] random: crng reseeded on system resumption [ 1753.111269][T27546] vivid-003: ================= START STATUS ================= [ 1753.140011][T27546] vivid-003: Radio HW Seek Mode: Bounded [ 1753.145898][T27546] vivid-003: Radio Programmable HW Seek: false [ 1753.152130][T27546] vivid-003: RDS Rx I/O Mode: Block I/O [ 1753.161307][T27546] vivid-003: Generate RBDS Instead of RDS: false [ 1753.177031][T27546] vivid-003: RDS Reception: true [ 1753.183021][T27546] vivid-003: RDS Program Type: 0 inactive [ 1753.202999][T27546] vivid-003: RDS PS Name: inactive [ 1753.209785][T27546] vivid-003: RDS Radio Text: inactive [ 1753.230438][T27546] vivid-003: RDS Traffic Announcement: false inactive [ 1753.387356][T27546] vivid-003: RDS Traffic Program: false inactive [ 1753.422199][T27546] vivid-003: RDS Music: false inactive [ 1753.440596][T27546] vivid-003: ================== END STATUS ================== [ 1753.563483][T27553] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1753.574855][T27553] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1753.605926][T27553] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1753.630161][T27553] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1753.793890][T27560] netlink: 'syz.1.4184': attribute type 19 has an invalid length. [ 1753.801782][T27560] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4184'. [ 1755.597554][T25752] Bluetooth: hci3: command 0x0c1a tx timeout [ 1755.607691][T26111] Bluetooth: hci4: command 0x041b tx timeout [ 1755.673675][T25752] Bluetooth: hci0: command 0x0c1a tx timeout [ 1755.679743][T26111] Bluetooth: hci1: command 0x0c1a tx timeout [ 1755.941839][T27589] random: crng reseeded on system resumption [ 1756.223834][T27596] ERROR: Out of memory at tomoyo_memory_ok. [ 1761.046965][T27663] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1761.774379][T27677] FAULT_INJECTION: forcing a failure. [ 1761.774379][T27677] name failslab, interval 1, probability 0, space 0, times 0 [ 1761.844141][T27682] netlink: 'syz.3.4206': attribute type 19 has an invalid length. [ 1761.872664][T27682] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4206'. [ 1761.912992][T27677] CPU: 1 UID: 0 PID: 27677 Comm: syz.0.4205 Tainted: G U syzkaller #0 PREEMPT(full) [ 1761.913040][T27677] Tainted: [U]=USER [ 1761.913052][T27677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1761.913070][T27677] Call Trace: [ 1761.913082][T27677] [ 1761.913094][T27677] dump_stack_lvl+0x16c/0x1f0 [ 1761.913143][T27677] should_fail_ex+0x512/0x640 [ 1761.913189][T27677] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1761.913227][T27677] should_failslab+0xc2/0x120 [ 1761.913270][T27677] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1761.913304][T27677] ? allocate_file_region_entries+0x15b/0x620 [ 1761.913343][T27677] ? allocate_file_region_entries+0x1a0/0x620 [ 1761.913390][T27677] allocate_file_region_entries+0x1a0/0x620 [ 1761.913437][T27677] ? __pfx_allocate_file_region_entries+0x10/0x10 [ 1761.913490][T27677] region_chg+0x85/0x140 [ 1761.913529][T27677] __vma_reservation_common+0x43b/0x740 [ 1761.913606][T27677] ? __pfx___vma_reservation_common+0x10/0x10 [ 1761.913661][T27677] alloc_hugetlb_folio+0x946/0x1560 [ 1761.913717][T27677] ? __pfx_alloc_hugetlb_folio+0x10/0x10 [ 1761.913763][T27677] ? _raw_spin_unlock+0x28/0x50 [ 1761.913799][T27677] ? __filemap_get_folio+0x32b/0xc30 [ 1761.913847][T27677] hugetlb_fault+0x1bce/0x2f40 [ 1761.913882][T27677] ? __pfx_hugetlb_fault+0x10/0x10 [ 1761.913925][T27677] ? find_vma+0xbf/0x140 [ 1761.913961][T27677] ? __pfx_find_vma+0x10/0x10 [ 1761.914014][T27677] handle_mm_fault+0xbfa/0xd10 [ 1761.914044][T27677] ? __bpf_trace_exceptions+0x1/0x40 [ 1761.914089][T27677] do_user_addr_fault+0x7a6/0x1370 [ 1761.914135][T27677] ? rcu_is_watching+0x12/0xc0 [ 1761.914167][T27677] exc_page_fault+0x5c/0xb0 [ 1761.914202][T27677] asm_exc_page_fault+0x26/0x30 [ 1761.914228][T27677] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1761.914256][T27677] Code: cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1761.914283][T27677] RSP: 0018:ffffc900033b7e08 EFLAGS: 00050206 [ 1761.914304][T27677] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000001000 [ 1761.914321][T27677] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88807b0b2000 [ 1761.914338][T27677] RBP: 0000000000001000 R08: 0000000000000001 R09: ffffed100f6165ff [ 1761.914356][T27677] R10: ffff88807b0b2fff R11: 0000000000000000 R12: 0000000000000000 [ 1761.914373][T27677] R13: ffff88807b0b2000 R14: 0000000050009405 R15: 0000000000000000 [ 1761.914408][T27677] _copy_from_user+0x98/0xd0 [ 1761.914473][T27677] memdup_user+0x6b/0xe0 [ 1761.914510][T27677] btrfs_control_ioctl+0x9f/0x3b0 [ 1761.914550][T27677] ? __pfx_btrfs_control_ioctl+0x10/0x10 [ 1761.914589][T27677] ? __pfx_btrfs_control_ioctl+0x10/0x10 [ 1761.914625][T27677] __x64_sys_ioctl+0x18e/0x210 [ 1761.914673][T27677] do_syscall_64+0xcd/0x490 [ 1761.914713][T27677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1761.914741][T27677] RIP: 0033:0x7fbaab58ebe9 [ 1761.914762][T27677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1761.914788][T27677] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1761.914814][T27677] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1761.914832][T27677] RDX: 0000000000000000 RSI: 0000000050009405 RDI: 000000000000000b [ 1761.914849][T27677] RBP: 00007fbaac3dc090 R08: 0000000000000000 R09: 0000000000000000 [ 1761.914866][T27677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1761.914882][T27677] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1761.914918][T27677] [ 1763.394345][T27698] Loading of unsigned module is rejected [ 1763.590522][T27702] ubi0: attaching mtd0 [ 1763.664508][T27702] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 1763.771916][T27702] ubi0 error: validate_ec_hdr: bad EC header [ 1763.781991][T27702] Erase counter header dump: [ 1763.798965][T27702] magic 0x55424923 [ 1763.814600][T27702] version 1 [ 1763.855371][T27702] ec 1 [ 1763.901206][T27702] vid_hdr_offset 64 [ 1763.909766][T27702] data_offset 128 [ 1763.918312][T27702] image_seq -1609683612 [ 1763.927561][T27702] hdr_crc 0xcc0d6019 [ 1763.937791][T27702] erase counter header hexdump: [ 1763.952852][T27702] CPU: 1 UID: 0 PID: 27702 Comm: syz.1.4211 Tainted: G U syzkaller #0 PREEMPT(full) [ 1763.952899][T27702] Tainted: [U]=USER [ 1763.952911][T27702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1763.952931][T27702] Call Trace: [ 1763.952943][T27702] [ 1763.952954][T27702] dump_stack_lvl+0x16c/0x1f0 [ 1763.953007][T27702] validate_ec_hdr+0x28c/0x330 [ 1763.953060][T27702] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 1763.953115][T27702] ubi_attach+0x5e7/0x4bd0 [ 1763.953192][T27702] ? __pfx_ubi_msg+0x10/0x10 [ 1763.953221][T27702] ? __hrtimer_setup+0x66/0x280 [ 1763.953283][T27702] ? __pfx_ubi_attach+0x10/0x10 [ 1763.953346][T27702] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 1763.953386][T27702] ? __vmalloc_node_noprof+0xad/0xf0 [ 1763.953420][T27702] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 1763.953474][T27702] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 1763.953535][T27702] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 1763.953573][T27702] ? __pfx_get_mtd_device+0x10/0x10 [ 1763.953633][T27702] ctrl_cdev_ioctl+0x337/0x3d0 [ 1763.953669][T27702] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1763.953710][T27702] ? __x64_sys_ioctl+0x123/0x210 [ 1763.953776][T27702] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1763.953817][T27702] __x64_sys_ioctl+0x18e/0x210 [ 1763.953880][T27702] do_syscall_64+0xcd/0x490 [ 1763.953934][T27702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1763.953971][T27702] RIP: 0033:0x7f5cc5f8ebe9 [ 1763.953999][T27702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1763.954033][T27702] RSP: 002b:00007f5cc6df8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1763.954068][T27702] RAX: ffffffffffffffda RBX: 00007f5cc61b5fa0 RCX: 00007f5cc5f8ebe9 [ 1763.954092][T27702] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 1763.954114][T27702] RBP: 00007f5cc6011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1763.954136][T27702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1763.954156][T27702] R13: 00007f5cc61b6038 R14: 00007f5cc61b5fa0 R15: 00007fff65f46f98 [ 1763.954200][T27702] [ 1763.954286][T27702] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 1765.100957][T27702] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1766.362219][T27724] netlink: 'syz.3.4217': attribute type 19 has an invalid length. [ 1766.382584][T27724] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4217'. [ 1767.158704][T27740] : Can't lookup blockdev [ 1769.642317][T27759] blktrace: Concurrent blktraces are not allowed on loop2 [ 1770.875031][T27777] netlink: 'syz.1.4228': attribute type 19 has an invalid length. [ 1770.915747][T27777] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4228'. [ 1771.149672][T27775] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1771.622047][T27790] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1772.344751][ T30] audit: type=1804 audit(1755941596.571:59): pid=27798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4233" name="/newroot/459/file0" dev="tmpfs" ino=2460 res=1 errno=0 [ 1773.303075][T27820] vivid-003: ================= START STATUS ================= [ 1773.310890][T27820] vivid-003: Radio HW Seek Mode: Bounded [ 1773.317569][T27820] vivid-003: Radio Programmable HW Seek: false [ 1773.344886][T27820] vivid-003: RDS Rx I/O Mode: Block I/O [ 1773.380296][T27820] vivid-003: Generate RBDS Instead of RDS: false [ 1773.412768][T27820] vivid-003: RDS Reception: true [ 1773.463090][T27820] vivid-003: RDS Program Type: 0 inactive [ 1773.468916][T27820] vivid-003: RDS PS Name: inactive [ 1773.525178][T27820] vivid-003: RDS Radio Text: inactive [ 1773.559708][T27820] vivid-003: RDS Traffic Announcement: false inactive [ 1773.592440][T27820] vivid-003: RDS Traffic Program: false inactive [ 1773.600477][T27820] vivid-003: RDS Music: false inactive [ 1773.635594][T27820] vivid-003: ================== END STATUS ================== [ 1774.372856][T27830] netlink: 'syz.2.4240': attribute type 19 has an invalid length. [ 1774.420239][T27830] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4240'. [ 1774.769296][T27833] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4241'. [ 1775.298011][T27848] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1775.736211][ T30] audit: type=1804 audit(1755941599.971:60): pid=27853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4246" name="/newroot/463/file0" dev="tmpfs" ino=2482 res=1 errno=0 [ 1776.009525][T27862] vivid-003: ================= START STATUS ================= [ 1776.017598][T27862] vivid-003: Radio HW Seek Mode: Bounded [ 1776.024155][T27862] vivid-003: Radio Programmable HW Seek: false [ 1776.030393][T27862] vivid-003: RDS Rx I/O Mode: Block I/O [ 1776.042865][T27862] vivid-003: Generate RBDS Instead of RDS: false [ 1776.063186][T27862] vivid-003: RDS Reception: true [ 1776.068219][T27862] vivid-003: RDS Program Type: 0 inactive [ 1776.092752][T27862] vivid-003: RDS PS Name: inactive [ 1776.098166][T27862] vivid-003: RDS Radio Text: inactive [ 1776.133864][T27862] vivid-003: RDS Traffic Announcement: false inactive [ 1776.171158][T27862] vivid-003: RDS Traffic Program: false inactive [ 1776.227055][T27862] vivid-003: RDS Music: false inactive [ 1776.260499][T27862] vivid-003: ================== END STATUS ================== [ 1777.605152][T27883] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4253'. [ 1778.759864][T27905] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1779.442159][ T30] audit: type=1804 audit(1755941603.671:61): pid=27907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4258" name="/newroot/465/file0" dev="tmpfs" ino=2519 res=1 errno=0 [ 1780.734416][T27925] FAULT_INJECTION: forcing a failure. [ 1780.734416][T27925] name failslab, interval 1, probability 0, space 0, times 0 [ 1780.777767][T27925] CPU: 1 UID: 0 PID: 27925 Comm: syz.3.4262 Tainted: G U syzkaller #0 PREEMPT(full) [ 1780.777815][T27925] Tainted: [U]=USER [ 1780.777826][T27925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1780.777845][T27925] Call Trace: [ 1780.777856][T27925] [ 1780.777869][T27925] dump_stack_lvl+0x16c/0x1f0 [ 1780.777917][T27925] should_fail_ex+0x512/0x640 [ 1780.777965][T27925] ? fs_reclaim_acquire+0xae/0x150 [ 1780.778018][T27925] should_failslab+0xc2/0x120 [ 1780.778064][T27925] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1780.778105][T27925] ? security_inode_alloc+0x3b/0x2b0 [ 1780.778149][T27925] security_inode_alloc+0x3b/0x2b0 [ 1780.778189][T27925] inode_init_always_gfp+0xce4/0x1030 [ 1780.778234][T27925] alloc_inode+0x86/0x240 [ 1780.778290][T27925] sock_alloc+0x40/0x280 [ 1780.778340][T27925] __sock_create+0xc1/0x8d0 [ 1780.778380][T27925] __sys_socket+0x14d/0x260 [ 1780.778421][T27925] ? __pfx___sys_socket+0x10/0x10 [ 1780.778454][T27925] ? xfd_validate_state+0x61/0x180 [ 1780.778514][T27925] __x64_sys_socket+0x72/0xb0 [ 1780.778546][T27925] ? lockdep_hardirqs_on+0x7c/0x110 [ 1780.778587][T27925] do_syscall_64+0xcd/0x490 [ 1780.778633][T27925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.778666][T27925] RIP: 0033:0x7f6c51f8ebe9 [ 1780.778691][T27925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1780.778722][T27925] RSP: 002b:00007f6c52e53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1780.778753][T27925] RAX: ffffffffffffffda RBX: 00007f6c521b5fa0 RCX: 00007f6c51f8ebe9 [ 1780.778773][T27925] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1780.778792][T27925] RBP: 00007f6c52011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1780.778810][T27925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1780.778829][T27925] R13: 00007f6c521b6038 R14: 00007f6c521b5fa0 R15: 00007ffe51b75a88 [ 1780.778869][T27925] [ 1780.778905][T27925] socket: no more sockets [ 1781.051785][T27932] netlink: 186 bytes leftover after parsing attributes in process `syz.0.4263'. [ 1782.373330][T27948] FAULT_INJECTION: forcing a failure. [ 1782.373330][T27948] name failslab, interval 1, probability 0, space 0, times 0 [ 1782.400059][T27948] CPU: 1 UID: 0 PID: 27948 Comm: syz.3.4269 Tainted: G U syzkaller #0 PREEMPT(full) [ 1782.400110][T27948] Tainted: [U]=USER [ 1782.400122][T27948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1782.400141][T27948] Call Trace: [ 1782.400152][T27948] [ 1782.400164][T27948] dump_stack_lvl+0x16c/0x1f0 [ 1782.400210][T27948] should_fail_ex+0x512/0x640 [ 1782.400255][T27948] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1782.400299][T27948] should_failslab+0xc2/0x120 [ 1782.400337][T27948] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1782.400367][T27948] ? __alloc_skb+0x2b2/0x380 [ 1782.400402][T27948] __alloc_skb+0x2b2/0x380 [ 1782.400431][T27948] ? __pfx___alloc_skb+0x10/0x10 [ 1782.400461][T27948] ? genl_rcv_msg+0x4c0/0x800 [ 1782.400498][T27948] ? genl_rcv_msg+0x4bb/0x800 [ 1782.400543][T27948] netlink_ack+0x15d/0xb80 [ 1782.400586][T27948] netlink_rcv_skb+0x332/0x420 [ 1782.400620][T27948] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1782.400661][T27948] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1782.400708][T27948] ? netlink_deliver_tap+0x1ae/0xd30 [ 1782.400752][T27948] genl_rcv+0x28/0x40 [ 1782.400787][T27948] netlink_unicast+0x5aa/0x870 [ 1782.400825][T27948] ? __pfx_netlink_unicast+0x10/0x10 [ 1782.400859][T27948] ? __pfx___might_resched+0x10/0x10 [ 1782.400884][T27948] ? __lock_acquire+0xb97/0x1ce0 [ 1782.400925][T27948] netlink_sendmsg+0x8d1/0xdd0 [ 1782.400964][T27948] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1782.401003][T27948] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1782.401035][T27948] ____sys_sendmsg+0xa95/0xc70 [ 1782.401059][T27948] ? copy_msghdr_from_user+0x10a/0x160 [ 1782.401092][T27948] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1782.401129][T27948] ___sys_sendmsg+0x134/0x1d0 [ 1782.401164][T27948] ? __pfx____sys_sendmsg+0x10/0x10 [ 1782.401245][T27948] __sys_sendmsg+0x16d/0x220 [ 1782.401278][T27948] ? __pfx___sys_sendmsg+0x10/0x10 [ 1782.401328][T27948] do_syscall_64+0xcd/0x490 [ 1782.401363][T27948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1782.401387][T27948] RIP: 0033:0x7f6c51f8ebe9 [ 1782.401406][T27948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1782.401430][T27948] RSP: 002b:00007f6c52e53038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1782.401451][T27948] RAX: ffffffffffffffda RBX: 00007f6c521b5fa0 RCX: 00007f6c51f8ebe9 [ 1782.401467][T27948] RDX: 0000000000000038 RSI: 0000200000000b00 RDI: 0000000000000003 [ 1782.401482][T27948] RBP: 00007f6c52e53090 R08: 0000000000000000 R09: 0000000000000000 [ 1782.401496][T27948] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1782.401510][T27948] R13: 00007f6c521b6038 R14: 00007f6c521b5fa0 R15: 00007ffe51b75a88 [ 1782.401540][T27948] [ 1784.536529][T27967] kexec: Could not allocate control_code_buffer [ 1785.127553][ T30] audit: type=1800 audit(1755941609.361:62): pid=27991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4276" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 1785.526804][T28002] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1785.744943][ T30] audit: type=1804 audit(1755941609.981:63): pid=28007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4281" name="/newroot/475/file0" dev="tmpfs" ino=2514 res=1 errno=0 [ 1785.945194][T28011] FAULT_INJECTION: forcing a failure. [ 1785.945194][T28011] name failslab, interval 1, probability 0, space 0, times 0 [ 1785.958014][T28011] CPU: 0 UID: 0 PID: 28011 Comm: syz.0.4283 Tainted: G U syzkaller #0 PREEMPT(full) [ 1785.958060][T28011] Tainted: [U]=USER [ 1785.958070][T28011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1785.958088][T28011] Call Trace: [ 1785.958098][T28011] [ 1785.958111][T28011] dump_stack_lvl+0x16c/0x1f0 [ 1785.958159][T28011] should_fail_ex+0x512/0x640 [ 1785.958211][T28011] should_failslab+0xc2/0x120 [ 1785.958255][T28011] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1785.958297][T28011] ? xas_split_alloc+0x11c/0x490 [ 1785.958347][T28011] xas_split_alloc+0x11c/0x490 [ 1785.958403][T28011] __folio_split+0xdd0/0x4a80 [ 1785.958470][T28011] ? __lock_acquire+0x541/0x1ce0 [ 1785.958531][T28011] ? __mem_cgroup_try_charge_swap+0x8c/0x3f0 [ 1785.958585][T28011] ? __pfx___folio_split+0x10/0x10 [ 1785.958636][T28011] ? find_held_lock+0x2b/0x80 [ 1785.958677][T28011] ? folio_alloc_swap+0x93f/0xc70 [ 1785.958726][T28011] split_folio_to_list+0x9b/0x180 [ 1785.958780][T28011] shmem_writeout+0x42e/0x1140 [ 1785.958824][T28011] ? __pfx_shmem_writeout+0x10/0x10 [ 1785.958857][T28011] ? __pfx_try_to_unmap+0x10/0x10 [ 1785.958892][T28011] ? find_held_lock+0x2b/0x80 [ 1785.958927][T28011] ? inode_to_bdi+0x9e/0x160 [ 1785.958970][T28011] ? folio_clear_dirty_for_io+0x112/0x810 [ 1785.959029][T28011] shrink_folio_list+0x2f4c/0x4880 [ 1785.959077][T28011] ? __pfx_shrink_folio_list+0x10/0x10 [ 1785.959124][T28011] ? __lock_acquire+0x62e/0x1ce0 [ 1785.959169][T28011] ? rcu_is_watching+0x12/0xc0 [ 1785.959208][T28011] ? __lock_acquire+0xb97/0x1ce0 [ 1785.959293][T28011] reclaim_folio_list+0xda/0x5d0 [ 1785.959322][T28011] ? __pfx_css_rstat_updated+0x10/0x10 [ 1785.959358][T28011] ? __pfx_reclaim_folio_list+0x10/0x10 [ 1785.959404][T28011] ? lru_gen_update_size+0x543/0xe10 [ 1785.959443][T28011] ? lru_gen_del_folio+0x32b/0x540 [ 1785.959483][T28011] reclaim_pages+0x47b/0x650 [ 1785.959520][T28011] ? __pfx_reclaim_pages+0x10/0x10 [ 1785.959553][T28011] ? madvise_cold_or_pageout_pte_range+0x1e81/0x2120 [ 1785.959609][T28011] madvise_cold_or_pageout_pte_range+0x152f/0x2120 [ 1785.959663][T28011] ? arch_stack_walk+0xa6/0x100 [ 1785.959703][T28011] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1785.959750][T28011] ? __lock_acquire+0x62e/0x1ce0 [ 1785.959791][T28011] ? __pfx_stack_trace_save+0x10/0x10 [ 1785.959839][T28011] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 1785.959877][T28011] walk_pgd_range+0xc02/0x1f50 [ 1785.959928][T28011] ? __pfx_walk_pgd_range+0x10/0x10 [ 1785.959965][T28011] __walk_page_range+0x163/0x820 [ 1785.960017][T28011] ? __lock_acquire+0xb97/0x1ce0 [ 1785.960057][T28011] walk_page_range_vma+0x2c7/0xa20 [ 1785.960092][T28011] ? __pfx_walk_page_range_vma+0x10/0x10 [ 1785.960124][T28011] ? find_held_lock+0x2b/0x80 [ 1785.960159][T28011] madvise_pageout+0x257/0x540 [ 1785.960194][T28011] ? __pfx_madvise_pageout+0x10/0x10 [ 1785.960250][T28011] madvise_vma_behavior+0xb22/0x2d60 [ 1785.960290][T28011] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 1785.960325][T28011] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1785.960364][T28011] ? __pfx_mas_prev+0x10/0x10 [ 1785.960403][T28011] ? find_vma_prev+0xda/0x160 [ 1785.960440][T28011] ? __pfx_find_vma_prev+0x10/0x10 [ 1785.960501][T28011] madvise_walk_vmas+0x31f/0x9c0 [ 1785.960542][T28011] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1785.960587][T28011] madvise_do_behavior+0x1e2/0x530 [ 1785.960627][T28011] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1785.960665][T28011] ? down_read+0x13d/0x480 [ 1785.960716][T28011] do_madvise+0x176/0x240 [ 1785.960752][T28011] ? __pfx_do_madvise+0x10/0x10 [ 1785.960795][T28011] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1785.960854][T28011] ? __fget_files+0x20e/0x3c0 [ 1785.960908][T28011] ? syscall_user_dispatch+0x78/0x140 [ 1785.960953][T28011] __x64_sys_madvise+0xa9/0x110 [ 1785.960988][T28011] do_syscall_64+0xcd/0x490 [ 1785.961022][T28011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1785.961046][T28011] RIP: 0033:0x7fbaab58ebe9 [ 1785.961064][T28011] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1785.961088][T28011] RSP: 002b:00007fbaac3bb038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1785.961111][T28011] RAX: ffffffffffffffda RBX: 00007fbaab7b6090 RCX: 00007fbaab58ebe9 [ 1785.961127][T28011] RDX: 0000000000000015 RSI: 00000000002003f2 RDI: 0000000000000000 [ 1785.961142][T28011] RBP: 00007fbaac3bb090 R08: 0000000000000000 R09: 0000000000000000 [ 1785.961157][T28011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1785.961171][T28011] R13: 00007fbaab7b6128 R14: 00007fbaab7b6090 R15: 00007fffe5090b28 [ 1785.961201][T28011] [ 1787.374877][T28021] FAULT_INJECTION: forcing a failure. [ 1787.374877][T28021] name failslab, interval 1, probability 0, space 0, times 0 [ 1787.405998][T28021] CPU: 1 UID: 0 PID: 28021 Comm: syz.1.4285 Tainted: G U syzkaller #0 PREEMPT(full) [ 1787.406049][T28021] Tainted: [U]=USER [ 1787.406059][T28021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1787.406077][T28021] Call Trace: [ 1787.406089][T28021] [ 1787.406101][T28021] dump_stack_lvl+0x16c/0x1f0 [ 1787.406146][T28021] should_fail_ex+0x512/0x640 [ 1787.406211][T28021] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1787.406255][T28021] should_failslab+0xc2/0x120 [ 1787.406298][T28021] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1787.406344][T28021] ? do_raw_spin_lock+0x12c/0x2b0 [ 1787.406393][T28021] ? seq_open+0x55/0x170 [ 1787.406447][T28021] seq_open+0x55/0x170 [ 1787.406495][T28021] tracing_err_log_open+0x14d/0x250 [ 1787.406546][T28021] do_dentry_open+0x97f/0x1530 [ 1787.406589][T28021] ? __pfx_tracing_err_log_open+0x10/0x10 [ 1787.406645][T28021] vfs_open+0x82/0x3f0 [ 1787.406700][T28021] path_openat+0x1de4/0x2cb0 [ 1787.406753][T28021] ? __pfx_path_openat+0x10/0x10 [ 1787.406804][T28021] do_filp_open+0x20b/0x470 [ 1787.406845][T28021] ? __pfx_do_filp_open+0x10/0x10 [ 1787.406915][T28021] ? alloc_fd+0x471/0x7d0 [ 1787.406963][T28021] do_sys_openat2+0x11b/0x1d0 [ 1787.407015][T28021] ? __pfx_do_sys_openat2+0x10/0x10 [ 1787.407071][T28021] ? __fget_files+0x20e/0x3c0 [ 1787.407116][T28021] __x64_sys_openat+0x174/0x210 [ 1787.407168][T28021] ? __pfx___x64_sys_openat+0x10/0x10 [ 1787.407220][T28021] ? ksys_write+0x1ac/0x250 [ 1787.407273][T28021] do_syscall_64+0xcd/0x490 [ 1787.407321][T28021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1787.407405][T28021] RIP: 0033:0x7f5cc5f8ebe9 [ 1787.407430][T28021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1787.407460][T28021] RSP: 002b:00007f5cc6df8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1787.407489][T28021] RAX: ffffffffffffffda RBX: 00007f5cc61b5fa0 RCX: 00007f5cc5f8ebe9 [ 1787.407509][T28021] RDX: 0000000000004100 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1787.407531][T28021] RBP: 00007f5cc6df8090 R08: 0000000000000000 R09: 0000000000000000 [ 1787.407550][T28021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1787.407569][T28021] R13: 00007f5cc61b6038 R14: 00007f5cc61b5fa0 R15: 00007fff65f46f98 [ 1787.407611][T28021] [ 1788.985248][ T30] audit: type=1806 audit(1755941613.211:64): xattr="" res=-22 [ 1789.444656][T28028] kexec: Could not allocate control_code_buffer [ 1789.620867][T28053] device-mapper: ioctl: dm_ctl_ioctl: unknown command 0xfffffd12 [ 1791.768368][T28094] blktrace: Concurrent blktraces are not allowed on loop2 [ 1792.648013][T28113] vivid-003: ================= START STATUS ================= [ 1792.669190][T28113] vivid-003: Radio HW Seek Mode: Bounded [ 1792.691416][T28113] vivid-003: Radio Programmable HW Seek: false [ 1792.735612][T28113] vivid-003: RDS Rx I/O Mode: Block I/O [ 1792.752441][T28113] vivid-003: Generate RBDS Instead of RDS: false [ 1792.760062][T28113] vivid-003: RDS Reception: true [ 1792.769010][T28113] vivid-003: RDS Program Type: 0 inactive [ 1792.825015][T28113] vivid-003: RDS PS Name: inactive [ 1792.830313][T28113] vivid-003: RDS Radio Text: inactive [ 1792.836859][T28113] vivid-003: RDS Traffic Announcement: false inactive [ 1792.843837][T28113] vivid-003: RDS Traffic Program: false inactive [ 1792.862654][T28113] vivid-003: RDS Music: false inactive [ 1792.868238][T28113] vivid-003: ================== END STATUS ================== [ 1793.462971][T28097] kexec: Could not allocate control_code_buffer [ 1794.224171][T28139] FAULT_INJECTION: forcing a failure. [ 1794.224171][T28139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1794.262158][T28139] CPU: 1 UID: 0 PID: 28139 Comm: syz.2.4315 Tainted: G U syzkaller #0 PREEMPT(full) [ 1794.262209][T28139] Tainted: [U]=USER [ 1794.262220][T28139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1794.262240][T28139] Call Trace: [ 1794.262252][T28139] [ 1794.262264][T28139] dump_stack_lvl+0x16c/0x1f0 [ 1794.262311][T28139] should_fail_ex+0x512/0x640 [ 1794.262364][T28139] strncpy_from_user+0x3b/0x2e0 [ 1794.262413][T28139] getname_flags.part.0+0x8f/0x550 [ 1794.262483][T28139] getname_flags+0x93/0xf0 [ 1794.262522][T28139] do_sys_openat2+0xb8/0x1d0 [ 1794.262570][T28139] ? __pfx_do_sys_openat2+0x10/0x10 [ 1794.262623][T28139] ? __fget_files+0x20e/0x3c0 [ 1794.262663][T28139] __x64_sys_openat+0x174/0x210 [ 1794.262714][T28139] ? __pfx___x64_sys_openat+0x10/0x10 [ 1794.262770][T28139] ? ksys_write+0x1ac/0x250 [ 1794.262821][T28139] do_syscall_64+0xcd/0x490 [ 1794.262867][T28139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.262900][T28139] RIP: 0033:0x7f01be78ebe9 [ 1794.262924][T28139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1794.262956][T28139] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1794.262987][T28139] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1794.263008][T28139] RDX: 0000000000000603 RSI: 0000200000000440 RDI: ffffffffffffff9c [ 1794.263027][T28139] RBP: 00007f01bf569090 R08: 0000000000000000 R09: 0000000000000000 [ 1794.263046][T28139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1794.263063][T28139] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1794.263104][T28139] [ 1794.557169][T28146] FAULT_INJECTION: forcing a failure. [ 1794.557169][T28146] name failslab, interval 1, probability 0, space 0, times 0 [ 1794.569909][T28146] CPU: 1 UID: 0 PID: 28146 Comm: syz.0.4316 Tainted: G U syzkaller #0 PREEMPT(full) [ 1794.569961][T28146] Tainted: [U]=USER [ 1794.569971][T28146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1794.569989][T28146] Call Trace: [ 1794.570001][T28146] [ 1794.570013][T28146] dump_stack_lvl+0x16c/0x1f0 [ 1794.570063][T28146] should_fail_ex+0x512/0x640 [ 1794.570109][T28146] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1794.570151][T28146] should_failslab+0xc2/0x120 [ 1794.570194][T28146] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1794.570230][T28146] ? __lock_acquire+0x62e/0x1ce0 [ 1794.570274][T28146] ? __pmd_alloc+0xbf/0x930 [ 1794.570329][T28146] __pmd_alloc+0xbf/0x930 [ 1794.570383][T28146] walk_pgd_range+0x88b/0x1f50 [ 1794.570431][T28146] ? mt_find+0x757/0xa30 [ 1794.570476][T28146] ? __pfx_guard_install_set_pte+0x10/0x10 [ 1794.570541][T28146] ? mt_find+0x3ef/0xa30 [ 1794.570585][T28146] ? __pfx_guard_install_set_pte+0x10/0x10 [ 1794.570631][T28146] ? __pfx_guard_install_set_pte+0x10/0x10 [ 1794.570679][T28146] ? __pfx_walk_pgd_range+0x10/0x10 [ 1794.570732][T28146] __walk_page_range+0x163/0x820 [ 1794.570790][T28146] ? find_vma+0xbf/0x140 [ 1794.570834][T28146] ? __pfx_find_vma+0x10/0x10 [ 1794.570885][T28146] ? walk_page_test+0x9b/0x180 [ 1794.570929][T28146] walk_page_range_mm+0x461/0xb40 [ 1794.570980][T28146] ? __pfx_walk_page_range_mm+0x10/0x10 [ 1794.571034][T28146] ? __anon_vma_prepare+0x2e2/0x5e0 [ 1794.571076][T28146] madvise_vma_behavior+0xa62/0x2d60 [ 1794.571128][T28146] ? mas_prev_setup.constprop.0+0xb6/0x9d0 [ 1794.571173][T28146] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1794.571228][T28146] ? __pfx_mas_prev+0x10/0x10 [ 1794.571281][T28146] ? find_vma_prev+0xda/0x160 [ 1794.571328][T28146] ? find_held_lock+0x2b/0x80 [ 1794.571361][T28146] ? __pfx_find_vma_prev+0x10/0x10 [ 1794.571407][T28146] ? futex_unqueue+0x133/0x2c0 [ 1794.571460][T28146] ? __futex_wait+0x24c/0x2f0 [ 1794.571516][T28146] madvise_walk_vmas+0x31f/0x9c0 [ 1794.571572][T28146] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1794.571643][T28146] madvise_do_behavior+0x1e2/0x530 [ 1794.571688][T28146] ? futex_private_hash_put+0x18a/0x300 [ 1794.571727][T28146] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1794.571801][T28146] ? down_read+0x13d/0x480 [ 1794.571864][T28146] do_madvise+0x176/0x240 [ 1794.571912][T28146] ? __pfx_do_madvise+0x10/0x10 [ 1794.571959][T28146] ? do_futex+0x122/0x350 [ 1794.572031][T28146] ? xfd_validate_state+0x61/0x180 [ 1794.572081][T28146] ? __pfx_ksys_write+0x10/0x10 [ 1794.572130][T28146] __x64_sys_madvise+0xa9/0x110 [ 1794.572181][T28146] ? lockdep_hardirqs_on+0x7c/0x110 [ 1794.572225][T28146] do_syscall_64+0xcd/0x490 [ 1794.572273][T28146] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1794.572308][T28146] RIP: 0033:0x7fbaab58ebe9 [ 1794.572337][T28146] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1794.572370][T28146] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1794.572403][T28146] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1794.572425][T28146] RDX: 0000000000000066 RSI: 0000000002021000 RDI: 0000000000000000 [ 1794.572447][T28146] RBP: 00007fbaab611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1794.572467][T28146] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1794.572486][T28146] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1794.572532][T28146] [ 1795.432013][T28161] : Can't lookup blockdev [ 1795.546919][ T30] audit: type=1800 audit(1755941619.721:65): pid=28162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4316" name="features" dev="configfs" ino=121229 res=0 errno=0 [ 1796.421301][T28171] netlink: 'syz.2.4320': attribute type 19 has an invalid length. [ 1796.429307][T28171] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4320'. [ 1797.192179][T28187] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1797.537274][ T30] audit: type=1804 audit(1755941621.761:66): pid=28189 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4325" name="/newroot/484/file0" dev="tmpfs" ino=2625 res=1 errno=0 [ 1798.847838][T28213] blktrace: Concurrent blktraces are not allowed on loop2 [ 1799.510872][T28233] : Can't lookup blockdev [ 1799.659553][T28221] blktrace: Concurrent blktraces are not allowed on loop2 [ 1800.591902][T28242] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1801.210037][ T30] audit: type=1804 audit(1755941625.431:67): pid=28249 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4338" name="/newroot/484/file0" dev="tmpfs" ino=2590 res=1 errno=0 [ 1802.409109][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1802.415711][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1802.428240][T28264] blktrace: Concurrent blktraces are not allowed on loop2 [ 1803.286746][T28282] FAULT_INJECTION: forcing a failure. [ 1803.286746][T28282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1803.314702][T28282] CPU: 1 UID: 0 PID: 28282 Comm: syz.1.4346 Tainted: G U syzkaller #0 PREEMPT(full) [ 1803.314749][T28282] Tainted: [U]=USER [ 1803.314759][T28282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1803.314777][T28282] Call Trace: [ 1803.314788][T28282] [ 1803.314801][T28282] dump_stack_lvl+0x16c/0x1f0 [ 1803.314847][T28282] should_fail_ex+0x512/0x640 [ 1803.314898][T28282] _copy_from_user+0x2e/0xd0 [ 1803.314950][T28282] core_sys_select+0x35b/0xc10 [ 1803.314995][T28282] ? __pfx_core_sys_select+0x10/0x10 [ 1803.315047][T28282] ? proc_fail_nth_write+0x9f/0x220 [ 1803.315135][T28282] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1803.315193][T28282] kern_select+0x15d/0x1e0 [ 1803.315227][T28282] ? __pfx_kern_select+0x10/0x10 [ 1803.315280][T28282] ? __pfx_ksys_write+0x10/0x10 [ 1803.315325][T28282] __x64_sys_select+0xbd/0x160 [ 1803.315357][T28282] ? do_syscall_64+0x91/0x490 [ 1803.315400][T28282] ? lockdep_hardirqs_on+0x7c/0x110 [ 1803.315439][T28282] do_syscall_64+0xcd/0x490 [ 1803.315486][T28282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1803.315518][T28282] RIP: 0033:0x7f5cc5f8ebe9 [ 1803.315542][T28282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1803.315572][T28282] RSP: 002b:00007f5cc6dd7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1803.315602][T28282] RAX: ffffffffffffffda RBX: 00007f5cc61b6090 RCX: 00007f5cc5f8ebe9 [ 1803.315623][T28282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 1803.315642][T28282] RBP: 00007f5cc6dd7090 R08: 0000000000000000 R09: 0000000000000000 [ 1803.315662][T28282] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 1803.315699][T28282] R13: 00007f5cc61b6128 R14: 00007f5cc61b6090 R15: 00007fff65f46f98 [ 1803.315742][T28282] [ 1804.382858][T28288] zswap: compressor not available [ 1806.242469][T28269] kexec: Could not allocate control_code_buffer [ 1808.753872][T28354] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1809.380291][ T30] audit: type=1804 audit(1755941633.611:68): pid=28359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4359" name="/newroot/493/file0" dev="tmpfs" ino=2673 res=1 errno=0 [ 1810.736919][T28358] kexec: Could not allocate control_code_buffer [ 1812.598521][T28392] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4367'. [ 1813.450916][T28412] netlink: 'syz.3.4372': attribute type 19 has an invalid length. [ 1813.479403][T28412] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4372'. [ 1814.005065][T28422] ubi0: attaching mtd0 [ 1814.026712][T28417] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4374'. [ 1814.039730][T28422] ubi0: scanning is finished [ 1814.222358][T28422] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1814.230798][T28422] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1814.250235][T28422] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1814.302607][T28422] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1814.324898][T28422] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1814.347086][T28422] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1814.445686][T28422] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 2685283684 [ 1814.532085][T28422] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1814.594459][T28427] ubi0: background thread "ubi_bgt0d" started, PID 28427 [ 1814.601969][T28423] ubi0: detaching mtd0 [ 1814.777135][T28423] ubi0: mtd0 is detached [ 1815.318106][T28437] random: crng reseeded on system resumption [ 1817.301413][T28462] vivid-003: ================= START STATUS ================= [ 1817.322096][T28462] vivid-003: Radio HW Seek Mode: Bounded [ 1817.322152][T28462] vivid-003: Radio Programmable HW Seek: false [ 1817.388957][T28462] vivid-003: RDS Rx I/O Mode: Block I/O [ 1817.395029][T28462] vivid-003: Generate RBDS Instead of RDS: false [ 1817.401565][T28462] vivid-003: RDS Reception: true [ 1817.547500][T28462] vivid-003: RDS Program Type: 0 inactive [ 1817.554518][T28462] vivid-003: RDS PS Name: inactive [ 1817.559789][T28462] vivid-003: RDS Radio Text: inactive [ 1817.568758][T28462] vivid-003: RDS Traffic Announcement: false inactive [ 1817.576437][T28462] vivid-003: RDS Traffic Program: false inactive [ 1817.584876][T28462] vivid-003: RDS Music: false inactive [ 1817.590392][T28462] vivid-003: ================== END STATUS ================== [ 1817.754054][T28465] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4386'. [ 1818.241950][T28473] FAULT_INJECTION: forcing a failure. [ 1818.241950][T28473] name failslab, interval 1, probability 0, space 0, times 0 [ 1818.242000][T28473] CPU: 1 UID: 0 PID: 28473 Comm: syz.3.4388 Tainted: G U syzkaller #0 PREEMPT(full) [ 1818.242041][T28473] Tainted: [U]=USER [ 1818.242051][T28473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1818.242069][T28473] Call Trace: [ 1818.242080][T28473] [ 1818.242092][T28473] dump_stack_lvl+0x16c/0x1f0 [ 1818.242137][T28473] should_fail_ex+0x512/0x640 [ 1818.242181][T28473] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1818.242225][T28473] should_failslab+0xc2/0x120 [ 1818.242268][T28473] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1818.242306][T28473] ? d_instantiate+0x77/0x90 [ 1818.242345][T28473] ? alloc_empty_file+0x55/0x1e0 [ 1818.242397][T28473] alloc_empty_file+0x55/0x1e0 [ 1818.242446][T28473] alloc_file_pseudo+0x13a/0x230 [ 1818.242501][T28473] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1818.242549][T28473] ? __pfx_unix_socketpair+0x10/0x10 [ 1818.242598][T28473] sock_alloc_file+0x50/0x210 [ 1818.242645][T28473] __sys_socketpair+0x31c/0x5a0 [ 1818.242683][T28473] ? __pfx___sys_socketpair+0x10/0x10 [ 1818.242714][T28473] ? fput+0x9b/0xd0 [ 1818.242762][T28473] ? __pfx_ksys_write+0x10/0x10 [ 1818.242807][T28473] __x64_sys_socketpair+0x96/0x100 [ 1818.242860][T28473] ? lockdep_hardirqs_on+0x7c/0x110 [ 1818.242908][T28473] do_syscall_64+0xcd/0x490 [ 1818.242956][T28473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1818.242989][T28473] RIP: 0033:0x7f6c51f8ebe9 [ 1818.243015][T28473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1818.243048][T28473] RSP: 002b:00007f6c52e53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1818.243078][T28473] RAX: ffffffffffffffda RBX: 00007f6c521b5fa0 RCX: 00007f6c51f8ebe9 [ 1818.243099][T28473] RDX: 8000000000000000 RSI: 0000000000000002 RDI: 0000000000000001 [ 1818.243118][T28473] RBP: 00007f6c52e53090 R08: 0000000000000000 R09: 0000000000000000 [ 1818.243137][T28473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1818.243155][T28473] R13: 00007f6c521b6038 R14: 00007f6c521b5fa0 R15: 00007ffe51b75a88 [ 1818.243197][T28473] [ 1818.578828][T28479] random: crng reseeded on system resumption [ 1819.048787][T28474] blktrace: Concurrent blktraces are not allowed on loop2 [ 1819.310121][T28487] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1819.704275][ T30] audit: type=1804 audit(1755941643.941:69): pid=28491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4391" name="/newroot/504/file0" dev="tmpfs" ino=2733 res=1 errno=0 [ 1820.850003][T28520] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4397'. [ 1821.221821][T28523] ERROR: Out of memory at tomoyo_memory_ok. [ 1821.470495][T28532] netlink: 'syz.3.4401': attribute type 19 has an invalid length. [ 1821.479213][T28532] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4401'. [ 1823.103497][T28565] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1823.270624][T28563] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4407'. [ 1823.324334][T28557] kexec: Could not allocate control_code_buffer [ 1823.390793][T28570] HfR: entered promiscuous mode [ 1823.510502][T28570] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4409'. [ 1823.693639][ T30] audit: type=1804 audit(1755941647.931:70): pid=28573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4408" name="/newroot/508/file0" dev="tmpfs" ino=2756 res=1 errno=0 [ 1823.897058][T28570] HfR: left promiscuous mode [ 1824.552322][T28591] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 1824.969899][T28596] ERROR: Out of memory at tomoyo_memory_ok. [ 1825.313034][T28601] random: crng reseeded on system resumption [ 1826.265154][T28616] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4419'. [ 1827.738847][T28638] vivid-003: ================= START STATUS ================= [ 1827.771601][T28638] vivid-003: Radio HW Seek Mode: Bounded [ 1827.814586][T28638] vivid-003: Radio Programmable HW Seek: false [ 1827.889720][T28638] vivid-003: RDS Rx I/O Mode: Block I/O [ 1827.895667][T28638] vivid-003: Generate RBDS Instead of RDS: false [ 1827.902157][T28638] vivid-003: RDS Reception: true [ 1827.907203][T28638] vivid-003: RDS Program Type: 0 inactive [ 1827.913581][T28638] vivid-003: RDS PS Name: inactive [ 1827.918864][T28638] vivid-003: RDS Radio Text: inactive [ 1827.924563][T28638] vivid-003: RDS Traffic Announcement: false inactive [ 1827.938470][T28638] vivid-003: RDS Traffic Program: false inactive [ 1827.952932][T28638] vivid-003: RDS Music: false inactive [ 1827.969359][T28638] vivid-003: ================== END STATUS ================== [ 1828.893033][T28652] netlink: 'syz.1.4427': attribute type 19 has an invalid length. [ 1828.910670][T28652] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4427'. [ 1829.024994][T28633] kexec: Could not allocate control_code_buffer [ 1829.254090][T28658] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1829.872821][ T30] audit: type=1804 audit(1755941654.101:71): pid=28661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4429" name="/newroot/513/file0" dev="tmpfs" ino=2783 res=1 errno=0 [ 1829.938396][T28663] blktrace: Concurrent blktraces are not allowed on loop2 [ 1829.959748][T28669] vivid-003: ================= START STATUS ================= [ 1829.975714][T28669] vivid-003: Radio HW Seek Mode: Bounded [ 1829.983100][T28669] vivid-003: Radio Programmable HW Seek: false [ 1830.017497][T28669] vivid-003: RDS Rx I/O Mode: Block I/O [ 1830.027658][T28669] vivid-003: Generate RBDS Instead of RDS: false [ 1830.053058][T28669] vivid-003: RDS Reception: true [ 1830.078653][T28669] vivid-003: RDS Program Type: 0 inactive [ 1830.094835][T28669] vivid-003: RDS PS Name: inactive [ 1830.110412][T28669] vivid-003: RDS Radio Text: inactive [ 1830.122589][T28669] vivid-003: RDS Traffic Announcement: false inactive [ 1830.150852][T28676] FAULT_INJECTION: forcing a failure. [ 1830.150852][T28676] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1830.164332][T28669] vivid-003: RDS Traffic Program: false inactive [ 1830.170739][T28669] vivid-003: RDS Music: false inactive [ 1830.186684][T28676] CPU: 1 UID: 0 PID: 28676 Comm: syz.2.4432 Tainted: G U syzkaller #0 PREEMPT(full) [ 1830.186730][T28676] Tainted: [U]=USER [ 1830.186741][T28676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1830.186759][T28676] Call Trace: [ 1830.186770][T28676] [ 1830.186782][T28676] dump_stack_lvl+0x16c/0x1f0 [ 1830.186825][T28676] should_fail_ex+0x512/0x640 [ 1830.186884][T28676] should_fail_alloc_page+0xe7/0x130 [ 1830.186926][T28676] prepare_alloc_pages+0x3c2/0x610 [ 1830.186974][T28676] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1830.187011][T28676] ? copy_splice_read+0x1a8/0xc20 [ 1830.187038][T28676] ? stack_trace_save+0x8e/0xc0 [ 1830.187069][T28676] ? __pfx_stack_trace_save+0x10/0x10 [ 1830.187101][T28676] ? stack_depot_save_flags+0x29/0x9c0 [ 1830.187140][T28676] ? bpf_ksym_find+0x124/0x1c0 [ 1830.187170][T28676] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1830.187203][T28676] ? kasan_save_stack+0x33/0x60 [ 1830.187234][T28676] ? __kasan_kmalloc+0xaa/0xb0 [ 1830.187264][T28676] ? copy_splice_read+0x1a8/0xc20 [ 1830.187288][T28676] ? do_splice_read+0x282/0x370 [ 1830.187312][T28676] ? splice_direct_to_actor+0x2a1/0xa30 [ 1830.187338][T28676] ? do_splice_direct+0x174/0x240 [ 1830.187363][T28676] ? do_sendfile+0xb06/0xe50 [ 1830.187391][T28676] ? __x64_sys_sendfile64+0x1d8/0x220 [ 1830.187426][T28676] ? do_syscall_64+0xcd/0x490 [ 1830.187487][T28676] alloc_pages_bulk_noprof+0x71c/0x1410 [ 1830.187532][T28676] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1830.187574][T28676] ? trace_kmalloc+0x2b/0xd0 [ 1830.187612][T28676] ? __kmalloc_noprof+0x242/0x510 [ 1830.187653][T28676] copy_splice_read+0x1e1/0xc20 [ 1830.187688][T28676] ? __pfx_copy_splice_read+0x10/0x10 [ 1830.187719][T28676] ? look_up_lock_class+0x6b/0x150 [ 1830.187759][T28676] ? lockdep_init_map_type+0x5c/0x280 [ 1830.187800][T28676] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1830.187834][T28676] ? __pfx_copy_splice_read+0x10/0x10 [ 1830.187867][T28676] do_splice_read+0x282/0x370 [ 1830.187898][T28676] splice_direct_to_actor+0x2a1/0xa30 [ 1830.187929][T28676] ? __pfx_direct_splice_actor+0x10/0x10 [ 1830.187964][T28676] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1830.187991][T28676] ? get_pid_task+0xfc/0x250 [ 1830.188038][T28676] do_splice_direct+0x174/0x240 [ 1830.188067][T28676] ? __pfx_do_splice_direct+0x10/0x10 [ 1830.188108][T28676] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1830.188141][T28676] ? rw_verify_area+0xcf/0x6c0 [ 1830.188170][T28676] do_sendfile+0xb06/0xe50 [ 1830.188205][T28676] ? __pfx_do_sendfile+0x10/0x10 [ 1830.188234][T28676] ? __fget_files+0x20e/0x3c0 [ 1830.188271][T28676] __x64_sys_sendfile64+0x1d8/0x220 [ 1830.188307][T28676] ? ksys_write+0x1ac/0x250 [ 1830.188337][T28676] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1830.188383][T28676] do_syscall_64+0xcd/0x490 [ 1830.188421][T28676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1830.188448][T28676] RIP: 0033:0x7f01be78ebe9 [ 1830.188470][T28676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1830.188516][T28676] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1830.188543][T28676] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1830.188562][T28676] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 1830.188579][T28676] RBP: 00007f01bf569090 R08: 0000000000000000 R09: 0000000000000000 [ 1830.188597][T28676] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 1830.188626][T28676] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1830.188679][T28676] [ 1830.558842][T28669] vivid-003: ================== END STATUS ================== [ 1831.087532][T28688] vivid-003: ================= START STATUS ================= [ 1831.102672][T28688] vivid-003: Radio HW Seek Mode: Bounded [ 1831.113684][T28688] vivid-003: Radio Programmable HW Seek: false [ 1831.131769][T28688] vivid-003: RDS Rx I/O Mode: Block I/O [ 1831.166404][T28688] vivid-003: Generate RBDS Instead of RDS: false [ 1831.193202][T28688] vivid-003: RDS Reception: true [ 1831.198413][T28688] vivid-003: RDS Program Type: 0 inactive [ 1831.208726][T28688] vivid-003: RDS PS Name: inactive [ 1831.215359][T28688] vivid-003: RDS Radio Text: inactive [ 1831.221049][T28688] vivid-003: RDS Traffic Announcement: false inactive [ 1831.228932][T28688] vivid-003: RDS Traffic Program: false inactive [ 1831.239997][T28688] vivid-003: RDS Music: false inactive [ 1831.245957][T28688] vivid-003: ================== END STATUS ================== [ 1831.951381][T28695] ERROR: Out of memory at tomoyo_memory_ok. [ 1832.955655][T28714] : Can't lookup blockdev [ 1834.089649][T28721] ERROR: Out of memory at tomoyo_memory_ok. [ 1834.117482][T28721] FAULT_INJECTION: forcing a failure. [ 1834.117482][T28721] name failslab, interval 1, probability 0, space 0, times 0 [ 1834.142026][T28719] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4444'. [ 1834.161504][T28721] CPU: 1 UID: 0 PID: 28721 Comm: syz.0.4443 Tainted: G U syzkaller #0 PREEMPT(full) [ 1834.161551][T28721] Tainted: [U]=USER [ 1834.161561][T28721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1834.161579][T28721] Call Trace: [ 1834.161590][T28721] [ 1834.161603][T28721] dump_stack_lvl+0x16c/0x1f0 [ 1834.161651][T28721] should_fail_ex+0x512/0x640 [ 1834.161698][T28721] ? __kmalloc_noprof+0xbf/0x510 [ 1834.161741][T28721] ? memcg_list_lru_alloc+0x4e9/0x740 [ 1834.161780][T28721] should_failslab+0xc2/0x120 [ 1834.161830][T28721] __kmalloc_noprof+0xd2/0x510 [ 1834.161866][T28721] ? __lock_acquire+0x62e/0x1ce0 [ 1834.161921][T28721] memcg_list_lru_alloc+0x4e9/0x740 [ 1834.161973][T28721] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1834.162027][T28721] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1834.162068][T28721] __memcg_slab_post_alloc_hook+0x133/0x960 [ 1834.162140][T28721] ? kasan_save_track+0x14/0x30 [ 1834.162183][T28721] kmem_cache_alloc_lru_noprof+0x30f/0x3b0 [ 1834.162226][T28721] ? alloc_inode+0xc3/0x240 [ 1834.162284][T28721] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1834.162325][T28721] alloc_inode+0xc3/0x240 [ 1834.162374][T28721] new_inode+0x22/0x1c0 [ 1834.162417][T28721] ? find_held_lock+0x2b/0x80 [ 1834.162451][T28721] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1834.162490][T28721] simple_fill_super+0xff/0x720 [ 1834.162531][T28721] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1834.162569][T28721] nfsd_fill_super+0x90/0x530 [ 1834.162603][T28721] ? __pfx_set_anon_super_fc+0x10/0x10 [ 1834.162638][T28721] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1834.162675][T28721] get_tree_keyed+0x10b/0x1d0 [ 1834.162714][T28721] vfs_get_tree+0x8b/0x340 [ 1834.162745][T28721] path_mount+0x1513/0x2000 [ 1834.162795][T28721] ? __pfx_path_mount+0x10/0x10 [ 1834.162840][T28721] ? kmem_cache_free+0x2d1/0x4d0 [ 1834.162877][T28721] ? putname+0x154/0x1a0 [ 1834.162930][T28721] ? putname+0x154/0x1a0 [ 1834.162979][T28721] ? __x64_sys_mount+0x28d/0x310 [ 1834.163017][T28721] __x64_sys_mount+0x28d/0x310 [ 1834.163060][T28721] ? __pfx___x64_sys_mount+0x10/0x10 [ 1834.163116][T28721] do_syscall_64+0xcd/0x490 [ 1834.163165][T28721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1834.163198][T28721] RIP: 0033:0x7fbaab58ebe9 [ 1834.163224][T28721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1834.163255][T28721] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1834.163293][T28721] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1834.163315][T28721] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1834.163336][T28721] RBP: 00007fbaac3dc090 R08: 0000000000000000 R09: 0000000000000000 [ 1834.163356][T28721] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000002 [ 1834.163376][T28721] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1834.163419][T28721] [ 1834.788946][T28702] kexec: Could not allocate control_code_buffer [ 1834.807276][T28724] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4445'. [ 1834.818970][T28724] bridge_slave_1: left allmulticast mode [ 1834.829086][T28724] bridge_slave_1: left promiscuous mode [ 1834.836539][T28724] bridge0: port 2(bridge_slave_1) entered disabled state [ 1834.868762][T28724] bridge_slave_0: left allmulticast mode [ 1834.906637][T28724] bridge_slave_0: left promiscuous mode [ 1834.932956][T28724] bridge0: port 1(bridge_slave_0) entered disabled state [ 1836.238035][T28743] blktrace: Concurrent blktraces are not allowed on loop2 [ 1836.576725][T28748] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4451'. [ 1836.750732][T28760] : Can't lookup blockdev [ 1837.012935][T28759] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4453'. [ 1837.583468][T28781] vivid-003: ================= START STATUS ================= [ 1837.616610][T28781] vivid-003: Radio HW Seek Mode: Bounded [ 1837.639904][T28781] vivid-003: Radio Programmable HW Seek: false [ 1837.648834][T28781] vivid-003: RDS Rx I/O Mode: Block I/O [ 1837.656318][T28781] vivid-003: Generate RBDS Instead of RDS: false [ 1837.664227][T28781] vivid-003: RDS Reception: true [ 1837.669255][T28781] vivid-003: RDS Program Type: 0 inactive [ 1837.702158][T28781] vivid-003: RDS PS Name: inactive [ 1837.708996][T28781] vivid-003: RDS Radio Text: inactive [ 1837.717803][T28781] vivid-003: RDS Traffic Announcement: false inactive [ 1837.725401][T28781] vivid-003: RDS Traffic Program: false inactive [ 1837.731818][T28781] vivid-003: RDS Music: false inactive [ 1837.744690][T28781] vivid-003: ================== END STATUS ================== [ 1837.792085][T28788] netlink: 'syz.1.4461': attribute type 19 has an invalid length. [ 1837.820948][T28788] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4461'. [ 1839.674604][T28810] vivid-003: ================= START STATUS ================= [ 1839.692337][T28806] blktrace: Concurrent blktraces are not allowed on loop2 [ 1839.732901][T28810] vivid-003: Radio HW Seek Mode: Bounded [ 1839.752742][T28810] vivid-003: Radio Programmable HW Seek: false [ 1839.765421][T28810] vivid-003: RDS Rx I/O Mode: Block I/O [ 1839.771064][T28810] vivid-003: Generate RBDS Instead of RDS: false [ 1839.778477][T28810] vivid-003: RDS Reception: true [ 1839.785686][T28810] vivid-003: RDS Program Type: 0 inactive [ 1839.801419][T28810] vivid-003: RDS PS Name: inactive [ 1839.815881][T28810] vivid-003: RDS Radio Text: inactive [ 1839.824965][T28810] vivid-003: RDS Traffic Announcement: false inactive [ 1839.846644][T28810] vivid-003: RDS Traffic Program: false inactive [ 1839.866080][T28810] vivid-003: RDS Music: false inactive [ 1839.892777][T28810] vivid-003: ================== END STATUS ================== [ 1840.036150][T28812] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4466'. [ 1840.313552][T28818] vivid-003: ================= START STATUS ================= [ 1840.321367][T28818] vivid-003: Radio HW Seek Mode: Bounded [ 1840.327136][T28818] vivid-003: Radio Programmable HW Seek: false [ 1840.334794][T28818] vivid-003: RDS Rx I/O Mode: Block I/O [ 1840.340409][T28818] vivid-003: Generate RBDS Instead of RDS: false [ 1840.348300][T28818] vivid-003: RDS Reception: true [ 1840.357519][T28818] vivid-003: RDS Program Type: 0 inactive [ 1840.386271][T28818] vivid-003: RDS PS Name: inactive [ 1840.392901][T28818] vivid-003: RDS Radio Text: inactive [ 1840.398561][T28818] vivid-003: RDS Traffic Announcement: false inactive [ 1840.412612][T28818] vivid-003: RDS Traffic Program: false inactive [ 1840.449302][T28818] vivid-003: RDS Music: false inactive [ 1840.459148][T28818] vivid-003: ================== END STATUS ================== [ 1840.536860][T28794] kexec: Could not allocate control_code_buffer [ 1840.932241][T28832] : Can't lookup blockdev [ 1841.240722][T28838] netlink: 'syz.2.4471': attribute type 19 has an invalid length. [ 1841.251541][T28838] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4471'. [ 1842.098065][T28848] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4475'. [ 1842.674691][T28858] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4476'. [ 1843.136295][T28875] netlink: 'syz.0.4483': attribute type 19 has an invalid length. [ 1843.277642][T28875] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4483'. [ 1843.612836][T28883] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1843.791173][ T30] audit: type=1804 audit(1755941668.021:72): pid=28889 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4484" name="/newroot/522/file0" dev="tmpfs" ino=2757 res=1 errno=0 [ 1843.839523][T28885] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4485'. [ 1846.587054][T28933] netlink: 'syz.3.4494': attribute type 19 has an invalid length. [ 1846.682977][T28933] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4494'. [ 1846.933405][T28930] blktrace: Concurrent blktraces are not allowed on loop2 [ 1847.164001][T28942] netlink: 'syz.3.4496': attribute type 15 has an invalid length. [ 1847.492010][T28945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4498'. [ 1848.943779][T28965] blktrace: Concurrent blktraces are not allowed on loop2 [ 1849.840550][T28974] netlink: 'syz.0.4506': attribute type 15 has an invalid length. [ 1850.871196][T28994] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1851.033748][ T30] audit: type=1804 audit(1755941675.261:73): pid=28995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4509" name="/newroot/526/file0" dev="tmpfs" ino=2778 res=1 errno=0 [ 1854.520805][T29026] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1855.180636][T29045] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4520'. [ 1855.793745][T29025] kexec: Could not allocate control_code_buffer [ 1857.859553][T25752] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1859.671026][T29110] netlink: 'syz.3.4534': attribute type 19 has an invalid length. [ 1859.718577][T29110] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4534'. [ 1859.924745][T25752] Bluetooth: hci0: command 0x0c1a tx timeout [ 1860.104839][T29120] syz.1.4532 (29120) used obsolete PPPIOCDETACH ioctl [ 1862.755673][T29146] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1862.914929][ T30] audit: type=1804 audit(1755941687.151:74): pid=29148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4541" name="/newroot/535/file0" dev="tmpfs" ino=2825 res=1 errno=0 [ 1863.024082][T29144] blktrace: Concurrent blktraces are not allowed on loop2 [ 1863.838778][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1863.847866][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1864.336804][T29169] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4545'. [ 1864.887554][T29169] mac80211_hwsim hwsim14 ›: renamed from wlan0 (while UP) [ 1866.829975][T25752] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1867.471111][T29210] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1867.906671][ T30] audit: type=1804 audit(1755941692.141:75): pid=29214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4551" name="/newroot/538/file0" dev="tmpfs" ino=2880 res=1 errno=0 [ 1867.942972][T29209] blktrace: Concurrent blktraces are not allowed on loop2 [ 1868.890487][T25752] Bluetooth: hci4: command 0x041b tx timeout [ 1869.604716][T29244] netlink: 'syz.2.4557': attribute type 19 has an invalid length. [ 1869.653148][T29244] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4557'. [ 1871.255387][T29269] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1871.571094][ T30] audit: type=1804 audit(1755941695.801:76): pid=29274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4562" name="/newroot/541/file0" dev="tmpfs" ino=2857 res=1 errno=0 [ 1871.943864][T29278] blktrace: Concurrent blktraces are not allowed on loop2 [ 1872.151786][T29288] vivid-003: ================= START STATUS ================= [ 1872.205705][T29288] vivid-003: Radio HW Seek Mode: Bounded [ 1872.227766][T29288] vivid-003: Radio Programmable HW Seek: false [ 1872.252290][T29288] vivid-003: RDS Rx I/O Mode: Block I/O [ 1872.292144][T29288] vivid-003: Generate RBDS Instead of RDS: false [ 1872.300089][T29288] vivid-003: RDS Reception: true [ 1872.305252][T29288] vivid-003: RDS Program Type: 0 inactive [ 1872.311169][T29288] vivid-003: RDS PS Name: inactive [ 1872.316808][T29288] vivid-003: RDS Radio Text: inactive [ 1872.322711][T29288] vivid-003: RDS Traffic Announcement: false inactive [ 1872.329573][T29288] vivid-003: RDS Traffic Program: false inactive [ 1872.336040][T29288] vivid-003: RDS Music: false inactive [ 1872.341683][T29288] vivid-003: ================== END STATUS ================== [ 1872.643354][ T30] audit: type=1800 audit(1755941696.871:77): pid=29283 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4565" name="dbroot" dev="configfs" ino=128423 res=0 errno=0 [ 1872.770130][T29294] vivid-003: ================= START STATUS ================= [ 1872.842989][T29294] vivid-003: Radio HW Seek Mode: Bounded [ 1872.900104][T29294] vivid-003: Radio Programmable HW Seek: false [ 1872.916565][T29294] vivid-003: RDS Rx I/O Mode: Block I/O [ 1872.957893][T29294] vivid-003: Generate RBDS Instead of RDS: false [ 1872.968205][T29294] vivid-003: RDS Reception: true [ 1872.973616][T29294] vivid-003: RDS Program Type: 0 inactive [ 1872.979657][T29294] vivid-003: RDS PS Name: inactive [ 1872.986174][T29294] vivid-003: RDS Radio Text: inactive [ 1872.993660][T29294] vivid-003: RDS Traffic Announcement: false inactive [ 1873.000515][T29294] vivid-003: RDS Traffic Program: false inactive [ 1873.007378][T29294] vivid-003: RDS Music: false inactive [ 1873.014261][T29294] vivid-003: ================== END STATUS ================== [ 1873.511275][T29303] FAULT_INJECTION: forcing a failure. [ 1873.511275][T29303] name failslab, interval 1, probability 0, space 0, times 0 [ 1873.525593][T29303] CPU: 1 UID: 0 PID: 29303 Comm: syz.0.4569 Tainted: G U syzkaller #0 PREEMPT(full) [ 1873.525631][T29303] Tainted: [U]=USER [ 1873.525639][T29303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1873.525654][T29303] Call Trace: [ 1873.525664][T29303] [ 1873.525678][T29303] dump_stack_lvl+0x16c/0x1f0 [ 1873.525727][T29303] should_fail_ex+0x512/0x640 [ 1873.525773][T29303] ? __kvmalloc_node_noprof+0x124/0x620 [ 1873.525819][T29303] should_failslab+0xc2/0x120 [ 1873.525852][T29303] __kvmalloc_node_noprof+0x137/0x620 [ 1873.525880][T29303] ? lockdep_init_map_type+0x5c/0x280 [ 1873.525914][T29303] ? __v4l2_subdev_state_alloc+0x1a7/0x400 [ 1873.525949][T29303] ? __v4l2_subdev_state_alloc+0x1a7/0x400 [ 1873.525974][T29303] __v4l2_subdev_state_alloc+0x1a7/0x400 [ 1873.526022][T29303] subdev_open+0xa6/0x560 [ 1873.526049][T29303] v4l2_open+0x225/0x490 [ 1873.526079][T29303] ? __pfx_v4l2_open+0x10/0x10 [ 1873.526110][T29303] chrdev_open+0x231/0x6a0 [ 1873.526142][T29303] ? __pfx_apparmor_file_open+0x10/0x10 [ 1873.526170][T29303] ? __pfx_chrdev_open+0x10/0x10 [ 1873.526205][T29303] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1873.526239][T29303] do_dentry_open+0x97f/0x1530 [ 1873.526271][T29303] ? __pfx_chrdev_open+0x10/0x10 [ 1873.526310][T29303] vfs_open+0x82/0x3f0 [ 1873.526351][T29303] path_openat+0x1de4/0x2cb0 [ 1873.526391][T29303] ? __pfx_path_openat+0x10/0x10 [ 1873.526422][T29303] ? stack_trace_save+0x8e/0xc0 [ 1873.526450][T29303] ? __pfx_stack_trace_save+0x10/0x10 [ 1873.526482][T29303] do_filp_open+0x20b/0x470 [ 1873.526512][T29303] ? __pfx_do_filp_open+0x10/0x10 [ 1873.526541][T29303] ? kasan_save_stack+0x42/0x60 [ 1873.526568][T29303] ? kasan_save_stack+0x33/0x60 [ 1873.526629][T29303] file_open_name+0x2a3/0x450 [ 1873.526669][T29303] ? __pfx_file_open_name+0x10/0x10 [ 1873.526721][T29303] acct_on+0x77/0x870 [ 1873.526759][T29303] __x64_sys_acct+0xaf/0x230 [ 1873.526800][T29303] ? lockdep_hardirqs_on+0x7c/0x110 [ 1873.526833][T29303] do_syscall_64+0xcd/0x490 [ 1873.526869][T29303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1873.526895][T29303] RIP: 0033:0x7fbaab58ebe9 [ 1873.526914][T29303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1873.526940][T29303] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1873.526963][T29303] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1873.526980][T29303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 1873.526996][T29303] RBP: 00007fbaab611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1873.527011][T29303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1873.527026][T29303] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1873.527057][T29303] [ 1874.779842][T29331] vivid-003: ================= START STATUS ================= [ 1874.822750][T29331] vivid-003: Radio HW Seek Mode: Bounded [ 1874.828563][T29331] vivid-003: Radio Programmable HW Seek: false [ 1874.840180][T29331] vivid-003: RDS Rx I/O Mode: Block I/O [ 1874.846258][T29331] vivid-003: Generate RBDS Instead of RDS: false [ 1874.852705][T29331] vivid-003: RDS Reception: true [ 1874.859107][T29331] vivid-003: RDS Program Type: 0 inactive [ 1874.865162][T29331] vivid-003: RDS PS Name: inactive [ 1874.870427][T29331] vivid-003: RDS Radio Text: inactive [ 1874.881693][T29331] vivid-003: RDS Traffic Announcement: false inactive [ 1874.888671][T29331] vivid-003: RDS Traffic Program: false inactive [ 1874.899182][T29331] vivid-003: RDS Music: false inactive [ 1874.904871][T29331] vivid-003: ================== END STATUS ================== [ 1875.687523][T29341] netlink: 'syz.3.4577': attribute type 19 has an invalid length. [ 1875.723621][T29341] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4577'. [ 1875.756474][T29328] FAULT_INJECTION: forcing a failure. [ 1875.756474][T29328] name failslab, interval 1, probability 0, space 0, times 0 [ 1875.871331][T29328] CPU: 0 UID: 0 PID: 29328 Comm: syz.2.4575 Tainted: G U syzkaller #0 PREEMPT(full) [ 1875.871377][T29328] Tainted: [U]=USER [ 1875.871385][T29328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1875.871398][T29328] Call Trace: [ 1875.871406][T29328] [ 1875.871415][T29328] dump_stack_lvl+0x16c/0x1f0 [ 1875.871451][T29328] should_fail_ex+0x512/0x640 [ 1875.871484][T29328] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1875.871511][T29328] should_failslab+0xc2/0x120 [ 1875.871541][T29328] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1875.871566][T29328] ? snd_seq_create_port+0xf7/0xae0 [ 1875.871605][T29328] snd_seq_create_port+0xf7/0xae0 [ 1875.871645][T29328] snd_seq_ioctl_create_port+0x253/0x950 [ 1875.871679][T29328] ? __pfx_snd_seq_ioctl_create_port+0x10/0x10 [ 1875.871714][T29328] ? kasan_save_stack+0x42/0x60 [ 1875.871739][T29328] ? kasan_save_stack+0x33/0x60 [ 1875.871763][T29328] ? kasan_save_track+0x14/0x30 [ 1875.871792][T29328] snd_seq_kernel_client_ctl+0x107/0x1c0 [ 1875.871831][T29328] create_port+0x197/0x260 [ 1875.871877][T29328] ? __pfx_create_port+0x10/0x10 [ 1875.871917][T29328] ? __pfx_snd_seq_oss_event_input+0x10/0x10 [ 1875.871940][T29328] ? __pfx_free_devinfo+0x10/0x10 [ 1875.871995][T29328] ? mark_held_locks+0x49/0x80 [ 1875.872025][T29328] ? _raw_spin_unlock_irq+0x23/0x50 [ 1875.872054][T29328] snd_seq_oss_open+0x36c/0xa20 [ 1875.872095][T29328] odev_open+0x6f/0x90 [ 1875.872126][T29328] ? __pfx_odev_open+0x10/0x10 [ 1875.872158][T29328] soundcore_open+0x40c/0x580 [ 1875.872193][T29328] ? __pfx_soundcore_open+0x10/0x10 [ 1875.872225][T29328] chrdev_open+0x231/0x6a0 [ 1875.872254][T29328] ? __pfx_apparmor_file_open+0x10/0x10 [ 1875.872279][T29328] ? __pfx_chrdev_open+0x10/0x10 [ 1875.872310][T29328] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1875.872342][T29328] do_dentry_open+0x97f/0x1530 [ 1875.872370][T29328] ? __pfx_chrdev_open+0x10/0x10 [ 1875.872406][T29328] vfs_open+0x82/0x3f0 [ 1875.872443][T29328] path_openat+0x1de4/0x2cb0 [ 1875.872492][T29328] ? __pfx_path_openat+0x10/0x10 [ 1875.872538][T29328] do_filp_open+0x20b/0x470 [ 1875.872574][T29328] ? __pfx_do_filp_open+0x10/0x10 [ 1875.872636][T29328] ? alloc_fd+0x471/0x7d0 [ 1875.872679][T29328] do_sys_openat2+0x11b/0x1d0 [ 1875.872727][T29328] ? __pfx_do_sys_openat2+0x10/0x10 [ 1875.872789][T29328] __x64_sys_openat+0x174/0x210 [ 1875.872837][T29328] ? __pfx___x64_sys_openat+0x10/0x10 [ 1875.872909][T29328] do_syscall_64+0xcd/0x490 [ 1875.872955][T29328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1875.872987][T29328] RIP: 0033:0x7f01be78ebe9 [ 1875.873012][T29328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1875.873042][T29328] RSP: 002b:00007f01bf527038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1875.873071][T29328] RAX: ffffffffffffffda RBX: 00007f01be9b6180 RCX: 00007f01be78ebe9 [ 1875.873093][T29328] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1875.873113][T29328] RBP: 00007f01be811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1875.873132][T29328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1875.873151][T29328] R13: 00007f01be9b6218 R14: 00007f01be9b6180 R15: 00007ffc55402af8 [ 1875.873190][T29328] [ 1876.261739][T29328] ALSA: seq_oss: can't create port [ 1876.293504][T29325] kexec: Could not allocate control_code_buffer [ 1876.912964][T29347] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4579'. [ 1877.246715][T29349] blktrace: Concurrent blktraces are not allowed on loop2 [ 1877.858966][T29364] netlink: 'syz.2.4583': attribute type 19 has an invalid length. [ 1877.866965][T29364] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4583'. [ 1881.378478][T29384] kexec: Could not allocate control_code_buffer [ 1881.809172][T29415] vivid-003: ================= START STATUS ================= [ 1881.852175][T29415] vivid-003: Radio HW Seek Mode: Bounded [ 1881.886826][T29415] vivid-003: Radio Programmable HW Seek: false [ 1881.955540][T29415] vivid-003: RDS Rx I/O Mode: Block I/O [ 1881.983038][T29417] netlink: 'syz.3.4593': attribute type 19 has an invalid length. [ 1882.002809][T29415] vivid-003: Generate RBDS Instead of RDS: false [ 1882.009292][T29417] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4593'. [ 1882.038673][T29415] vivid-003: RDS Reception: true [ 1882.085886][T29415] vivid-003: RDS Program Type: 0 inactive [ 1882.091740][T29415] vivid-003: RDS PS Name: inactive [ 1882.173089][T29415] vivid-003: RDS Radio Text: inactive [ 1882.211751][T29415] vivid-003: RDS Traffic Announcement: false inactive [ 1882.240264][T29415] vivid-003: RDS Traffic Program: false inactive [ 1882.253197][T29415] vivid-003: RDS Music: false inactive [ 1882.259654][T29415] vivid-003: ================== END STATUS ================== [ 1883.275762][T29438] blktrace: Concurrent blktraces are not allowed on loop2 [ 1883.757584][T29441] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1883.901552][T29443] netlink: 'syz.2.4599': attribute type 19 has an invalid length. [ 1883.910951][T29443] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4599'. [ 1884.167905][ T30] audit: type=1804 audit(1755941708.401:78): pid=29448 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4598" name="/newroot/555/file0" dev="tmpfs" ino=3000 res=1 errno=0 [ 1886.176184][T29477] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1886.518985][T29452] kexec: Could not allocate control_code_buffer [ 1886.840669][T29458] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1887.818381][T29495] blktrace: Concurrent blktraces are not allowed on loop2 [ 1889.233329][T29512] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4612'. [ 1891.733663][T29545] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1892.514142][ T30] audit: type=1804 audit(1755941716.751:79): pid=29550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4618" name="/newroot/554/file0" dev="tmpfs" ino=2965 res=1 errno=0 [ 1892.612804][T29553] vivid-003: ================= START STATUS ================= [ 1892.732605][T29553] vivid-003: Radio HW Seek Mode: Bounded [ 1892.738396][T29553] vivid-003: Radio Programmable HW Seek: false [ 1892.786704][T29553] vivid-003: RDS Rx I/O Mode: Block I/O [ 1892.810326][T29553] vivid-003: Generate RBDS Instead of RDS: false [ 1892.870626][T29553] vivid-003: RDS Reception: true [ 1892.880280][T29553] vivid-003: RDS Program Type: 0 inactive [ 1892.907350][T29553] vivid-003: RDS PS Name: inactive [ 1892.912944][T29553] vivid-003: RDS Radio Text: inactive [ 1892.918501][T29553] vivid-003: RDS Traffic Announcement: false inactive [ 1892.925501][T29553] vivid-003: RDS Traffic Program: false inactive [ 1892.936525][T29553] vivid-003: RDS Music: false inactive [ 1892.942114][T29553] vivid-003: ================== END STATUS ================== [ 1893.779471][T29565] FAULT_INJECTION: forcing a failure. [ 1893.779471][T29565] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1893.865785][T29565] CPU: 1 UID: 0 PID: 29565 Comm: syz.1.4621 Tainted: G U syzkaller #0 PREEMPT(full) [ 1893.865824][T29565] Tainted: [U]=USER [ 1893.865832][T29565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1893.865847][T29565] Call Trace: [ 1893.865855][T29565] [ 1893.865865][T29565] dump_stack_lvl+0x16c/0x1f0 [ 1893.865902][T29565] should_fail_ex+0x512/0x640 [ 1893.865946][T29565] should_fail_alloc_page+0xe7/0x130 [ 1893.866003][T29565] prepare_alloc_pages+0x3c2/0x610 [ 1893.866046][T29565] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1893.866084][T29565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1893.866130][T29565] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1893.866165][T29565] ? mas_next_slot+0x12d3/0x21b0 [ 1893.866214][T29565] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1893.866261][T29565] ? policy_nodemask+0xea/0x4e0 [ 1893.866298][T29565] alloc_pages_mpol+0x1fb/0x550 [ 1893.866333][T29565] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1893.866376][T29565] alloc_pages_noprof+0x131/0x390 [ 1893.866411][T29565] pte_alloc_one+0x1c/0x3a0 [ 1893.866438][T29565] __pte_alloc+0x6d/0x3c0 [ 1893.866473][T29565] ? __pfx___pte_alloc+0x10/0x10 [ 1893.866506][T29565] ? __lock_acquire+0x62e/0x1ce0 [ 1893.866546][T29565] do_pte_missing+0x285a/0x3ba0 [ 1893.866573][T29565] ? mtree_range_walk+0x718/0xc00 [ 1893.866604][T29565] ? find_held_lock+0x2b/0x80 [ 1893.866630][T29565] __handle_mm_fault+0x152a/0x2a50 [ 1893.866665][T29565] ? __pfx___handle_mm_fault+0x10/0x10 [ 1893.866717][T29565] handle_mm_fault+0x589/0xd10 [ 1893.866749][T29565] __get_user_pages+0x551/0x34a0 [ 1893.866800][T29565] ? __pfx___get_user_pages+0x10/0x10 [ 1893.866847][T29565] populate_vma_page_range+0x267/0x3f0 [ 1893.866890][T29565] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1893.866930][T29565] ? __pfx_find_vma_intersection+0x10/0x10 [ 1893.866969][T29565] ? do_mmap+0x69c/0x1210 [ 1893.867010][T29565] __mm_populate+0x1d8/0x380 [ 1893.867052][T29565] ? __pfx___mm_populate+0x10/0x10 [ 1893.867100][T29565] ? up_write+0x1b2/0x520 [ 1893.867140][T29565] vm_mmap_pgoff+0x37f/0x470 [ 1893.867181][T29565] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1893.867225][T29565] ? __x64_sys_futex+0x1e0/0x4c0 [ 1893.867263][T29565] ? __x64_sys_futex+0x1e9/0x4c0 [ 1893.867300][T29565] ksys_mmap_pgoff+0x7d/0x5c0 [ 1893.867335][T29565] ? xfd_validate_state+0x61/0x180 [ 1893.867372][T29565] ? do_getpgid+0x101/0x2e0 [ 1893.867399][T29565] __x64_sys_mmap+0x125/0x190 [ 1893.867443][T29565] do_syscall_64+0xcd/0x490 [ 1893.867479][T29565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1893.867505][T29565] RIP: 0033:0x7f5cc5f8ebe9 [ 1893.867525][T29565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1893.867551][T29565] RSP: 002b:00007f5cc6df8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1893.867574][T29565] RAX: ffffffffffffffda RBX: 00007f5cc61b5fa0 RCX: 00007f5cc5f8ebe9 [ 1893.867591][T29565] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 1893.867606][T29565] RBP: 00007f5cc6011e19 R08: 0000000000000002 R09: 0000000000008000 [ 1893.867621][T29565] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1893.867637][T29565] R13: 00007f5cc61b6038 R14: 00007f5cc61b5fa0 R15: 00007fff65f46f98 [ 1893.867668][T29565] [ 1894.381460][T29567] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4623'. [ 1894.830570][T29569] ksmbd: Unknown IPC event: 0, ignore. [ 1895.180669][T29590] program syz.1.4627 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1895.917040][T29591] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1896.416353][T29606] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1896.603361][T29604] blktrace: Concurrent blktraces are not allowed on loop2 [ 1899.143774][T29635] blktrace: Concurrent blktraces are not allowed on loop2 [ 1899.561988][T29644] FAULT_INJECTION: forcing a failure. [ 1899.561988][T29644] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1899.630214][T29644] CPU: 0 UID: 0 PID: 29644 Comm: syz.0.4636 Tainted: G U syzkaller #0 PREEMPT(full) [ 1899.630263][T29644] Tainted: [U]=USER [ 1899.630273][T29644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1899.630290][T29644] Call Trace: [ 1899.630301][T29644] [ 1899.630314][T29644] dump_stack_lvl+0x16c/0x1f0 [ 1899.630360][T29644] should_fail_ex+0x512/0x640 [ 1899.630412][T29644] get_futex_key+0x293/0x1560 [ 1899.630457][T29644] ? __pfx_get_futex_key+0x10/0x10 [ 1899.630496][T29644] ? __mutex_trylock_common+0xe9/0x250 [ 1899.630552][T29644] futex_wake+0xea/0x530 [ 1899.630604][T29644] ? __pfx_futex_wake+0x10/0x10 [ 1899.630671][T29644] do_futex+0x1e3/0x350 [ 1899.630713][T29644] ? __pfx_do_futex+0x10/0x10 [ 1899.630772][T29644] ? __might_fault+0xe3/0x190 [ 1899.630822][T29644] mm_release+0x24e/0x300 [ 1899.630860][T29644] do_exit+0x68e/0x2bf0 [ 1899.630915][T29644] ? __pfx_do_exit+0x10/0x10 [ 1899.630957][T29644] ? do_raw_spin_lock+0x12c/0x2b0 [ 1899.631003][T29644] ? find_held_lock+0x2b/0x80 [ 1899.631039][T29644] do_group_exit+0xd3/0x2a0 [ 1899.631087][T29644] get_signal+0x2673/0x26d0 [ 1899.631127][T29644] ? iput+0x519/0x880 [ 1899.631185][T29644] ? __pfx_get_signal+0x10/0x10 [ 1899.631223][T29644] ? do_futex+0x122/0x350 [ 1899.631264][T29644] ? __pfx_do_futex+0x10/0x10 [ 1899.631309][T29644] arch_do_signal_or_restart+0x8f/0x790 [ 1899.631354][T29644] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1899.631408][T29644] ? xfd_validate_state+0x61/0x180 [ 1899.631452][T29644] ? __pfx_do_writev+0x10/0x10 [ 1899.631492][T29644] exit_to_user_mode_loop+0x84/0x110 [ 1899.631542][T29644] do_syscall_64+0x3f6/0x490 [ 1899.631595][T29644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1899.631625][T29644] RIP: 0033:0x7fbaab58ebe9 [ 1899.631650][T29644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1899.631682][T29644] RSP: 002b:00007fbaac3dc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1899.631711][T29644] RAX: fffffffffffffe00 RBX: 00007fbaab7b5fa8 RCX: 00007fbaab58ebe9 [ 1899.631730][T29644] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbaab7b5fa8 [ 1899.631756][T29644] RBP: 00007fbaab7b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1899.631775][T29644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1899.631792][T29644] R13: 00007fbaab7b6038 R14: 00007fffe5090a40 R15: 00007fffe5090b28 [ 1899.631830][T29644] [ 1900.462094][T29646] kexec: Could not allocate control_code_buffer [ 1901.402088][T29662] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1901.841251][ T30] audit: type=1804 audit(1755941726.071:80): pid=29672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4640" name="/newroot/560/file0" dev="tmpfs" ino=2957 res=1 errno=0 [ 1901.843873][T29668] blktrace: Concurrent blktraces are not allowed on loop2 [ 1905.214541][T29720] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4653'. [ 1905.728805][T29729] netlink: 'syz.0.4662': attribute type 19 has an invalid length. [ 1905.742875][T29729] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4662'. [ 1907.563011][T29760] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1908.128575][ T30] audit: type=1804 audit(1755941732.361:81): pid=29764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4660" name="/newroot/548/file0" dev="tmpfs" ino=2924 res=1 errno=0 [ 1908.517580][T29773] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4663'. [ 1908.823470][T29780] netlink: 'syz.1.4665': attribute type 19 has an invalid length. [ 1908.831352][T29780] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4665'. [ 1909.101646][T29785] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1909.169012][T29788] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1909.530215][T29797] FAULT_INJECTION: forcing a failure. [ 1909.530215][T29797] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1909.612942][ T30] audit: type=1804 audit(1755941733.841:82): pid=29792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4666" name="/newroot/549/file0" dev="tmpfs" ino=2930 res=1 errno=0 [ 1909.662914][T29797] CPU: 1 UID: 0 PID: 29797 Comm: syz.1.4669 Tainted: G U syzkaller #0 PREEMPT(full) [ 1909.662961][T29797] Tainted: [U]=USER [ 1909.662971][T29797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1909.662992][T29797] Call Trace: [ 1909.663004][T29797] [ 1909.663016][T29797] dump_stack_lvl+0x16c/0x1f0 [ 1909.663067][T29797] should_fail_ex+0x512/0x640 [ 1909.663119][T29797] _copy_from_user+0x2e/0xd0 [ 1909.663173][T29797] copy_msghdr_from_user+0x98/0x160 [ 1909.663218][T29797] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1909.663270][T29797] ? kfree+0x24f/0x4d0 [ 1909.663300][T29797] ? futex_hash_put+0x3e/0x50 [ 1909.663334][T29797] ? futex_wait_setup+0x3ce/0x550 [ 1909.663390][T29797] ___sys_sendmsg+0xfe/0x1d0 [ 1909.663435][T29797] ? __pfx____sys_sendmsg+0x10/0x10 [ 1909.663514][T29797] ? __pfx___might_resched+0x10/0x10 [ 1909.663556][T29797] __sys_sendmmsg+0x200/0x420 [ 1909.663617][T29797] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1909.663670][T29797] ? __pfx_do_futex+0x10/0x10 [ 1909.663730][T29797] ? fput+0x9b/0xd0 [ 1909.663781][T29797] ? xfd_validate_state+0x61/0x180 [ 1909.663826][T29797] ? __pfx_ksys_write+0x10/0x10 [ 1909.663872][T29797] __x64_sys_sendmmsg+0x9c/0x100 [ 1909.663915][T29797] ? lockdep_hardirqs_on+0x7c/0x110 [ 1909.663958][T29797] do_syscall_64+0xcd/0x490 [ 1909.664006][T29797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1909.664039][T29797] RIP: 0033:0x7f5cc5f8ebe9 [ 1909.664064][T29797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1909.664096][T29797] RSP: 002b:00007f5cc6db6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1909.664127][T29797] RAX: ffffffffffffffda RBX: 00007f5cc61b6180 RCX: 00007f5cc5f8ebe9 [ 1909.664148][T29797] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1909.664167][T29797] RBP: 00007f5cc6011e19 R08: 0000000000000000 R09: 0000000000000000 [ 1909.664187][T29797] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000000 [ 1909.664208][T29797] R13: 00007f5cc61b6218 R14: 00007f5cc61b6180 R15: 00007fff65f46f98 [ 1909.664246][T29797] [ 1911.595705][T29830] FAULT_INJECTION: forcing a failure. [ 1911.595705][T29830] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1911.693901][T29830] CPU: 1 UID: 0 PID: 29830 Comm: syz.3.4676 Tainted: G U syzkaller #0 PREEMPT(full) [ 1911.693951][T29830] Tainted: [U]=USER [ 1911.693962][T29830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1911.693979][T29830] Call Trace: [ 1911.693989][T29830] [ 1911.694001][T29830] dump_stack_lvl+0x16c/0x1f0 [ 1911.694047][T29830] should_fail_ex+0x512/0x640 [ 1911.694098][T29830] _copy_from_iter+0x29f/0x1720 [ 1911.694153][T29830] ? _copy_from_iter+0x15d/0x1720 [ 1911.694204][T29830] ? __pfx__copy_from_iter+0x10/0x10 [ 1911.694258][T29830] ? __pfx__copy_from_iter+0x10/0x10 [ 1911.694307][T29830] ? arch_stack_walk+0xa6/0x100 [ 1911.694349][T29830] copy_page_from_iter+0xde/0x180 [ 1911.694405][T29830] skb_copy_datagram_from_iter+0x2a0/0x740 [ 1911.694458][T29830] tun_get_user+0x185c/0x3ce0 [ 1911.694509][T29830] ? __pfx_tun_get_user+0x10/0x10 [ 1911.694543][T29830] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1911.694605][T29830] ? find_held_lock+0x2b/0x80 [ 1911.694638][T29830] ? tun_get+0x191/0x370 [ 1911.694704][T29830] tun_chr_write_iter+0xdc/0x210 [ 1911.694741][T29830] vfs_write+0x7d0/0x11d0 [ 1911.694779][T29830] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1911.694817][T29830] ? __pfx_vfs_write+0x10/0x10 [ 1911.694852][T29830] ? find_held_lock+0x2b/0x80 [ 1911.694910][T29830] __x64_sys_pwrite64+0x1eb/0x250 [ 1911.694951][T29830] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 1911.695005][T29830] do_syscall_64+0xcd/0x490 [ 1911.695052][T29830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1911.695084][T29830] RIP: 0033:0x7f6c51f8ebe9 [ 1911.695108][T29830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1911.695140][T29830] RSP: 002b:00007f6c52e53038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 1911.695169][T29830] RAX: ffffffffffffffda RBX: 00007f6c521b5fa0 RCX: 00007f6c51f8ebe9 [ 1911.695190][T29830] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 00000000000000c8 [ 1911.695208][T29830] RBP: 00007f6c52e53090 R08: 0000000000000000 R09: 0000000000000000 [ 1911.695226][T29830] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000002 [ 1911.695244][T29830] R13: 00007f6c521b6038 R14: 00007f6c521b5fa0 R15: 00007ffe51b75a88 [ 1911.695283][T29830] [ 1912.538962][T29819] kexec: Could not allocate control_code_buffer [ 1913.301830][T29844] random: crng reseeded on system resumption [ 1915.101290][T29870] netlink: 'syz.3.4684': attribute type 19 has an invalid length. [ 1915.109407][T29870] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4684'. [ 1915.562963][T29872] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1916.014326][ T30] audit: type=1804 audit(1755941740.241:83): pid=29874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4685" name="/newroot/575/file0" dev="tmpfs" ino=3076 res=1 errno=0 [ 1916.251097][T29882] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1916.260344][T29879] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4686'. [ 1916.621018][ T30] audit: type=1804 audit(1755941740.851:84): pid=29886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4688" name="/newroot/575/file0" dev="tmpfs" ino=3105 res=1 errno=0 [ 1916.665294][T29888] FAULT_INJECTION: forcing a failure. [ 1916.665294][T29888] name failslab, interval 1, probability 0, space 0, times 0 [ 1916.775310][T29888] CPU: 0 UID: 0 PID: 29888 Comm: syz.2.4689 Tainted: G U syzkaller #0 PREEMPT(full) [ 1916.775364][T29888] Tainted: [U]=USER [ 1916.775375][T29888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1916.775394][T29888] Call Trace: [ 1916.775405][T29888] [ 1916.775418][T29888] dump_stack_lvl+0x16c/0x1f0 [ 1916.775467][T29888] should_fail_ex+0x512/0x640 [ 1916.775511][T29888] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1916.775550][T29888] ? __pfx_mon_text_open+0x10/0x10 [ 1916.775584][T29888] should_failslab+0xc2/0x120 [ 1916.775628][T29888] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1916.775665][T29888] ? mon_text_open+0x1cb/0x4f0 [ 1916.775705][T29888] ? __pfx_mon_text_open+0x10/0x10 [ 1916.775742][T29888] mon_text_open+0x1cb/0x4f0 [ 1916.775778][T29888] ? __pfx_mon_text_open+0x10/0x10 [ 1916.775813][T29888] ? __debugfs_file_get+0x1fe/0x840 [ 1916.775864][T29888] ? __pfx___debugfs_file_get+0x10/0x10 [ 1916.775916][T29888] ? __pfx_apparmor_file_open+0x10/0x10 [ 1916.775952][T29888] ? lockdown_is_locked_down+0x3f/0x130 [ 1916.775990][T29888] ? bpf_lsm_locked_down+0x9/0x10 [ 1916.776047][T29888] ? __pfx_mon_text_open+0x10/0x10 [ 1916.776091][T29888] full_proxy_open_regular+0x1b9/0x360 [ 1916.776130][T29888] do_dentry_open+0x97f/0x1530 [ 1916.776173][T29888] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1916.776218][T29888] vfs_open+0x82/0x3f0 [ 1916.776272][T29888] path_openat+0x1de4/0x2cb0 [ 1916.776326][T29888] ? __pfx_path_openat+0x10/0x10 [ 1916.776378][T29888] do_filp_open+0x20b/0x470 [ 1916.776419][T29888] ? __pfx_do_filp_open+0x10/0x10 [ 1916.776492][T29888] ? alloc_fd+0x471/0x7d0 [ 1916.776538][T29888] do_sys_openat2+0x11b/0x1d0 [ 1916.776590][T29888] ? __pfx_do_sys_openat2+0x10/0x10 [ 1916.776659][T29888] __x64_sys_openat+0x174/0x210 [ 1916.776713][T29888] ? __pfx___x64_sys_openat+0x10/0x10 [ 1916.776784][T29888] do_syscall_64+0xcd/0x490 [ 1916.776834][T29888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1916.776868][T29888] RIP: 0033:0x7f01be78ebe9 [ 1916.776894][T29888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1916.776928][T29888] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1916.776962][T29888] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1916.776983][T29888] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1916.777005][T29888] RBP: 00007f01be811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1916.777025][T29888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1916.777045][T29888] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1916.777098][T29888] [ 1917.849613][T29908] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1917.957723][ T30] audit: type=1804 audit(1755941742.191:85): pid=29909 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4694" name="/newroot/573/file0" dev="tmpfs" ino=3028 res=1 errno=0 [ 1918.861608][T29916] netlink: 'syz.2.4695': attribute type 19 has an invalid length. [ 1918.869657][T29916] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4695'. [ 1919.842241][T29939] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4701'. [ 1919.885918][T29939] : renamed from gre0 (while UP) [ 1919.941352][T29943] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1919.974120][T29939] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4701'. [ 1920.002076][T29945] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1920.101347][ T30] audit: type=1804 audit(1755941744.311:86): pid=29946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4703" name="/newroot/576/file0" dev="tmpfs" ino=3045 res=1 errno=0 [ 1920.435453][T29951] netlink: 'syz.3.4705': attribute type 19 has an invalid length. [ 1920.444391][T29951] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4705'. [ 1920.532415][T29954] ubi0: attaching mtd0 [ 1920.538231][T29954] ubi0 error: validate_ec_hdr: bad VID header offset 64, expected 3965 [ 1920.572027][T29954] ubi0 error: validate_ec_hdr: bad EC header [ 1920.603486][T29954] Erase counter header dump: [ 1920.626078][T29954] magic 0x55424923 [ 1920.667932][T29954] version 1 [ 1920.701082][T29954] ec 1 [ 1920.741743][T29954] vid_hdr_offset 64 [ 1920.820898][T29954] data_offset 128 [ 1920.851797][T29954] image_seq -1609683612 [ 1920.878007][T29954] hdr_crc 0xcc0d6019 [ 1920.891606][T29954] erase counter header hexdump: [ 1920.912126][T29954] CPU: 1 UID: 0 PID: 29954 Comm: syz.2.4706 Tainted: G U syzkaller #0 PREEMPT(full) [ 1920.912170][T29954] Tainted: [U]=USER [ 1920.912182][T29954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1920.912201][T29954] Call Trace: [ 1920.912213][T29954] [ 1920.912226][T29954] dump_stack_lvl+0x16c/0x1f0 [ 1920.912274][T29954] validate_ec_hdr+0x28c/0x330 [ 1920.912323][T29954] ubi_io_read_ec_hdr+0x63b/0x6c0 [ 1920.912374][T29954] ubi_attach+0x5e7/0x4bd0 [ 1920.912449][T29954] ? __pfx_ubi_msg+0x10/0x10 [ 1920.912481][T29954] ? __pfx_ubi_attach+0x10/0x10 [ 1920.912556][T29954] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 1920.912589][T29954] ? __vmalloc_node_noprof+0xad/0xf0 [ 1920.912621][T29954] ? ubi_attach_mtd_dev+0x155b/0x35d0 [ 1920.912671][T29954] ubi_attach_mtd_dev+0x15a7/0x35d0 [ 1920.912727][T29954] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 1920.912763][T29954] ? __pfx_get_mtd_device+0x10/0x10 [ 1920.912816][T29954] ctrl_cdev_ioctl+0x337/0x3d0 [ 1920.912846][T29954] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1920.912884][T29954] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 1920.912916][T29954] __x64_sys_ioctl+0x18e/0x210 [ 1920.912965][T29954] do_syscall_64+0xcd/0x490 [ 1920.913006][T29954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1920.913035][T29954] RIP: 0033:0x7f01be78ebe9 [ 1920.913058][T29954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1920.913089][T29954] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1920.913117][T29954] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1920.913136][T29954] RDX: 0000200000000080 RSI: 0000000040186f40 RDI: 0000000000000003 [ 1920.913155][T29954] RBP: 00007f01be811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1920.913174][T29954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1920.913192][T29954] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1920.913230][T29954] [ 1921.206606][T29954] ubi0 error: ubi_io_read_ec_hdr: validation failed for PEB 0 [ 1921.355980][T29959] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1921.371975][T29954] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1921.673024][ T30] audit: type=1804 audit(1755941745.901:87): pid=29961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4707" name="/newroot/559/file0" dev="tmpfs" ino=2986 res=1 errno=0 [ 1923.589080][T30000] netlink: 'syz.0.4715': attribute type 19 has an invalid length. [ 1923.598289][T30000] netlink: 334 bytes leftover after parsing attributes in process `syz.0.4715'. [ 1924.485867][T30018] vivid-003: ================= START STATUS ================= [ 1924.512831][T30018] vivid-003: Radio HW Seek Mode: Bounded [ 1924.564157][T30018] vivid-003: Radio Programmable HW Seek: false [ 1924.589682][T30018] vivid-003: RDS Rx I/O Mode: Block I/O [ 1924.612111][T30018] vivid-003: Generate RBDS Instead of RDS: false [ 1924.632799][T30018] vivid-003: RDS Reception: true [ 1924.652793][T30018] vivid-003: RDS Program Type: 0 inactive [ 1924.675370][T30018] vivid-003: RDS PS Name: inactive [ 1924.781510][T30018] vivid-003: RDS Radio Text: inactive [ 1924.882768][T30018] vivid-003: RDS Traffic Announcement: false inactive [ 1924.922668][T30018] vivid-003: RDS Traffic Program: false inactive [ 1924.930335][T30018] vivid-003: RDS Music: false inactive [ 1924.941663][T30018] vivid-003: ================== END STATUS ================== [ 1925.285336][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 1925.291759][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 1925.653019][T30032] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1925.764075][ T30] audit: type=1804 audit(1755941749.991:88): pid=30036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4722" name="/newroot/583/file0" dev="tmpfs" ino=3119 res=1 errno=0 [ 1926.733119][T30048] netlink: 'syz.3.4725': attribute type 19 has an invalid length. [ 1926.755391][T30048] netlink: 334 bytes leftover after parsing attributes in process `syz.3.4725'. [ 1926.956925][T30049] blktrace: Concurrent blktraces are not allowed on loop2 [ 1927.122220][T30053] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1927.289317][ T30] audit: type=1804 audit(1755941751.521:89): pid=30055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.4726" name="/newroot/563/file0" dev="tmpfs" ino=3009 res=1 errno=0 [ 1929.013094][T30067] FAULT_INJECTION: forcing a failure. [ 1929.013094][T30067] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1929.026796][T30067] CPU: 1 UID: 0 PID: 30067 Comm: syz.2.4728 Tainted: G U syzkaller #0 PREEMPT(full) [ 1929.026847][T30067] Tainted: [U]=USER [ 1929.026859][T30067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1929.026880][T30067] Call Trace: [ 1929.026892][T30067] [ 1929.026904][T30067] dump_stack_lvl+0x16c/0x1f0 [ 1929.026954][T30067] should_fail_ex+0x512/0x640 [ 1929.027007][T30067] _copy_from_user+0x2e/0xd0 [ 1929.027065][T30067] restore_sigcontext+0xcb/0x6a0 [ 1929.027110][T30067] ? __pfx_restore_sigcontext+0x10/0x10 [ 1929.027192][T30067] ? __pfx_restore_altstack+0x10/0x10 [ 1929.027257][T30067] ? _raw_spin_unlock_irq+0x23/0x50 [ 1929.027293][T30067] ? lockdep_hardirqs_on+0x7c/0x110 [ 1929.027340][T30067] __do_sys_rt_sigreturn+0x1bb/0x230 [ 1929.027383][T30067] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 1929.027460][T30067] do_syscall_64+0xcd/0x490 [ 1929.027506][T30067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1929.027541][T30067] RIP: 0033:0x7f01be72ade9 [ 1929.027567][T30067] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 1929.027599][T30067] RSP: 002b:00007f01bc5f3b40 EFLAGS: 00000206 ORIG_RAX: 000000000000000f [ 1929.027630][T30067] RAX: ffffffffffffffda RBX: 00007f01be9b6278 RCX: 00007f01be72ade9 [ 1929.027653][T30067] RDX: 00007f01bc5f3b40 RSI: 00007f01bc5f3c70 RDI: 0000000000000021 [ 1929.027674][T30067] RBP: 00007f01be9b6270 R08: 0000000000000000 R09: 0000000000000000 [ 1929.027692][T30067] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1929.027723][T30067] R13: 00007f01be9b6308 R14: 00007ffc55402a10 R15: 00007ffc55402af8 [ 1929.027764][T30067] [ 1929.288897][T30033] kexec: Could not allocate control_code_buffer [ 1929.635831][T30071] FAULT_INJECTION: forcing a failure. [ 1929.635831][T30071] name failslab, interval 1, probability 0, space 0, times 0 [ 1929.649009][T30071] CPU: 1 UID: 0 PID: 30071 Comm: syz.0.4729 Tainted: G U syzkaller #0 PREEMPT(full) [ 1929.649047][T30071] Tainted: [U]=USER [ 1929.649055][T30071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1929.649071][T30071] Call Trace: [ 1929.649079][T30071] [ 1929.649087][T30071] dump_stack_lvl+0x16c/0x1f0 [ 1929.649123][T30071] should_fail_ex+0x512/0x640 [ 1929.649158][T30071] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1929.649187][T30071] should_failslab+0xc2/0x120 [ 1929.649219][T30071] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1929.649244][T30071] ? sctp_auth_shkey_create+0x9e/0x210 [ 1929.649280][T30071] sctp_auth_shkey_create+0x9e/0x210 [ 1929.649312][T30071] sctp_endpoint_new+0x562/0xcd0 [ 1929.649347][T30071] sctp_init_sock+0xe2d/0x1330 [ 1929.649374][T30071] ? sock_init_data_uid+0x7f6/0xa00 [ 1929.649400][T30071] ? __pfx_sctp_init_sock+0x10/0x10 [ 1929.649429][T30071] inet_create+0x939/0x1040 [ 1929.649454][T30071] ? inet_create+0x93/0x1040 [ 1929.649482][T30071] __sock_create+0x335/0x8d0 [ 1929.649511][T30071] __sys_socket+0x14d/0x260 [ 1929.649536][T30071] ? __pfx___sys_socket+0x10/0x10 [ 1929.649560][T30071] ? xfd_validate_state+0x61/0x180 [ 1929.649596][T30071] ? __pfx_do_writev+0x10/0x10 [ 1929.649628][T30071] __x64_sys_socket+0x72/0xb0 [ 1929.649652][T30071] ? lockdep_hardirqs_on+0x7c/0x110 [ 1929.649682][T30071] do_syscall_64+0xcd/0x490 [ 1929.649717][T30071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1929.649741][T30071] RIP: 0033:0x7fbaab58ebe9 [ 1929.649760][T30071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1929.649784][T30071] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1929.649805][T30071] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1929.649821][T30071] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 1929.649835][T30071] RBP: 00007fbaab611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1929.649850][T30071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1929.649865][T30071] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1929.649901][T30071] [ 1932.590933][T30120] FAULT_INJECTION: forcing a failure. [ 1932.590933][T30120] name failslab, interval 1, probability 0, space 0, times 0 [ 1932.682603][T30120] CPU: 1 UID: 0 PID: 30120 Comm: syz.0.4735 Tainted: G U syzkaller #0 PREEMPT(full) [ 1932.682655][T30120] Tainted: [U]=USER [ 1932.682667][T30120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1932.682685][T30120] Call Trace: [ 1932.682697][T30120] [ 1932.682710][T30120] dump_stack_lvl+0x16c/0x1f0 [ 1932.682779][T30120] should_fail_ex+0x512/0x640 [ 1932.682829][T30120] ? __kmalloc_noprof+0xbf/0x510 [ 1932.682883][T30120] ? vkms_crtc_atomic_check+0x3c5/0x880 [ 1932.682920][T30120] should_failslab+0xc2/0x120 [ 1932.682967][T30120] __kmalloc_noprof+0xd2/0x510 [ 1932.683007][T30120] ? drm_atomic_add_affected_planes+0x32b/0x3f0 [ 1932.683067][T30120] vkms_crtc_atomic_check+0x3c5/0x880 [ 1932.683114][T30120] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 1932.683148][T30120] drm_atomic_helper_check_planes+0x4dd/0x900 [ 1932.683214][T30120] drm_atomic_helper_check+0xae/0x190 [ 1932.683271][T30120] vkms_atomic_check+0x1d9/0x250 [ 1932.683322][T30120] ? __pfx_vkms_atomic_check+0x10/0x10 [ 1932.683373][T30120] drm_atomic_check_only+0x19c7/0x3130 [ 1932.683430][T30120] drm_atomic_commit+0x136/0x300 [ 1932.683465][T30120] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1932.683498][T30120] ? __pfx___drm_printfn_info+0x10/0x10 [ 1932.683546][T30120] ? drm_client_rotation+0x4da/0x6a0 [ 1932.683587][T30120] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 1932.683637][T30120] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1932.683669][T30120] ? rcu_is_watching+0x12/0xc0 [ 1932.683730][T30120] drm_client_modeset_commit_locked+0x14d/0x580 [ 1932.683766][T30120] drm_client_modeset_commit+0x4f/0x80 [ 1932.683798][T30120] __drm_fb_helper_restore_fbdev_mode_unlocked+0x19f/0x200 [ 1932.683829][T30120] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1932.683876][T30120] drm_fbdev_client_restore+0x2c/0x40 [ 1932.683915][T30120] drm_client_dev_restore+0x1f6/0x2a0 [ 1932.683951][T30120] drm_release+0x2c4/0x360 [ 1932.683981][T30120] ? __pfx_drm_release+0x10/0x10 [ 1932.684007][T30120] __fput+0x3ff/0xb70 [ 1932.684056][T30120] task_work_run+0x14d/0x240 [ 1932.684101][T30120] ? __pfx_task_work_run+0x10/0x10 [ 1932.684145][T30120] ? __pfx___do_sys_close_range+0x10/0x10 [ 1932.684187][T30120] exit_to_user_mode_loop+0xeb/0x110 [ 1932.684231][T30120] do_syscall_64+0x3f6/0x490 [ 1932.684272][T30120] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1932.684300][T30120] RIP: 0033:0x7fbaab58ebe9 [ 1932.684323][T30120] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1932.684351][T30120] RSP: 002b:00007fbaac3bb038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1932.684378][T30120] RAX: 0000000000000000 RBX: 00007fbaab7b6090 RCX: 00007fbaab58ebe9 [ 1932.684396][T30120] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1932.684413][T30120] RBP: 00007fbaab611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1932.684430][T30120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1932.684447][T30120] R13: 00007fbaab7b6128 R14: 00007fbaab7b6090 R15: 00007fffe5090b28 [ 1932.684483][T30120] [ 1934.283041][T30136] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1934.404973][T30138] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 1934.503330][T30141] blktrace: Concurrent blktraces are not allowed on loop2 [ 1934.922164][ T30] audit: type=1804 audit(1755941759.151:90): pid=30143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4739" name="/newroot/586/file0" dev="tmpfs" ino=3096 res=1 errno=0 [ 1935.157167][T30127] kexec: Could not allocate control_code_buffer [ 1935.215473][T30142] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1935.750569][T30140] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 1936.855802][T30157] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4745'. [ 1937.124972][T30165] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1937.669914][ T30] audit: type=1804 audit(1755941761.891:91): pid=30170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4747" name="/newroot/587/file0" dev="tmpfs" ino=3170 res=1 errno=0 [ 1937.822075][ T30] audit: type=1804 audit(1755941762.041:92): pid=30183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4749" name="/newroot/590/file0" dev="tmpfs" ino=3155 res=1 errno=0 [ 1940.459164][T30202] netlink: 'syz.2.4753': attribute type 19 has an invalid length. [ 1940.468299][T30202] netlink: 334 bytes leftover after parsing attributes in process `syz.2.4753'. [ 1940.811270][T30167] kexec: Could not allocate control_code_buffer [ 1942.151656][T30216] FAULT_INJECTION: forcing a failure. [ 1942.151656][T30216] name failslab, interval 1, probability 0, space 0, times 0 [ 1942.218325][T30216] CPU: 0 UID: 0 PID: 30216 Comm: syz.0.4756 Tainted: G U syzkaller #0 PREEMPT(full) [ 1942.218375][T30216] Tainted: [U]=USER [ 1942.218386][T30216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1942.218403][T30216] Call Trace: [ 1942.218414][T30216] [ 1942.218426][T30216] dump_stack_lvl+0x16c/0x1f0 [ 1942.218471][T30216] should_fail_ex+0x512/0x640 [ 1942.218517][T30216] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1942.218561][T30216] should_failslab+0xc2/0x120 [ 1942.218606][T30216] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1942.218645][T30216] ? __alloc_skb+0x2b2/0x380 [ 1942.218692][T30216] __alloc_skb+0x2b2/0x380 [ 1942.218731][T30216] ? __pfx___alloc_skb+0x10/0x10 [ 1942.218786][T30216] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1942.218830][T30216] ? __lock_acquire+0xb97/0x1ce0 [ 1942.218878][T30216] netlink_alloc_large_skb+0x69/0x130 [ 1942.218927][T30216] netlink_sendmsg+0x6a1/0xdd0 [ 1942.218979][T30216] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1942.219029][T30216] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1942.219071][T30216] ____sys_sendmsg+0xa95/0xc70 [ 1942.219102][T30216] ? copy_msghdr_from_user+0x10a/0x160 [ 1942.219146][T30216] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1942.219195][T30216] ___sys_sendmsg+0x134/0x1d0 [ 1942.219240][T30216] ? __pfx____sys_sendmsg+0x10/0x10 [ 1942.219332][T30216] __sys_sendmsg+0x16d/0x220 [ 1942.219377][T30216] ? __pfx___sys_sendmsg+0x10/0x10 [ 1942.219432][T30216] ? syscall_user_dispatch+0x78/0x140 [ 1942.219495][T30216] do_syscall_64+0xcd/0x490 [ 1942.219542][T30216] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1942.219574][T30216] RIP: 0033:0x7fbaab58ebe9 [ 1942.219598][T30216] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1942.219629][T30216] RSP: 002b:00007fbaac39a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1942.219658][T30216] RAX: ffffffffffffffda RBX: 00007fbaab7b6180 RCX: 00007fbaab58ebe9 [ 1942.219678][T30216] RDX: 0000000024048084 RSI: 0000200000000440 RDI: 0000000000000005 [ 1942.219695][T30216] RBP: 00007fbaac39a090 R08: 0000000000000000 R09: 0000000000000000 [ 1942.219713][T30216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1942.219729][T30216] R13: 00007fbaab7b6218 R14: 00007fbaab7b6180 R15: 00007fffe5090b28 [ 1942.219775][T30216] [ 1943.613484][T30229] FAULT_INJECTION: forcing a failure. [ 1943.613484][T30229] name failslab, interval 1, probability 0, space 0, times 0 [ 1943.662078][T30229] CPU: 1 UID: 0 PID: 30229 Comm: syz.3.4759 Tainted: G U syzkaller #0 PREEMPT(full) [ 1943.662124][T30229] Tainted: [U]=USER [ 1943.662132][T30229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1943.662148][T30229] Call Trace: [ 1943.662157][T30229] [ 1943.662167][T30229] dump_stack_lvl+0x16c/0x1f0 [ 1943.662204][T30229] should_fail_ex+0x512/0x640 [ 1943.662240][T30229] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1943.662274][T30229] should_failslab+0xc2/0x120 [ 1943.662308][T30229] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1943.662337][T30229] ? bpf_ksym_find+0x124/0x1c0 [ 1943.662360][T30229] ? alloc_empty_file+0x55/0x1e0 [ 1943.662402][T30229] alloc_empty_file+0x55/0x1e0 [ 1943.662445][T30229] path_openat+0xda/0x2cb0 [ 1943.662479][T30229] ? arch_stack_walk+0xa6/0x100 [ 1943.662520][T30229] ? __pfx_path_openat+0x10/0x10 [ 1943.662554][T30229] ? stack_trace_save+0x8e/0xc0 [ 1943.662582][T30229] ? __pfx_stack_trace_save+0x10/0x10 [ 1943.662614][T30229] do_filp_open+0x20b/0x470 [ 1943.662644][T30229] ? __pfx_do_filp_open+0x10/0x10 [ 1943.662674][T30229] ? kasan_save_stack+0x42/0x60 [ 1943.662702][T30229] ? kasan_save_stack+0x33/0x60 [ 1943.662762][T30229] file_open_name+0x2a3/0x450 [ 1943.662803][T30229] ? __pfx_file_open_name+0x10/0x10 [ 1943.662854][T30229] acct_on+0x77/0x870 [ 1943.662892][T30229] __x64_sys_acct+0xaf/0x230 [ 1943.662934][T30229] ? lockdep_hardirqs_on+0x7c/0x110 [ 1943.662965][T30229] do_syscall_64+0xcd/0x490 [ 1943.663001][T30229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1943.663027][T30229] RIP: 0033:0x7f6c51f8ebe9 [ 1943.663046][T30229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1943.663070][T30229] RSP: 002b:00007f6c52e53038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 1943.663094][T30229] RAX: ffffffffffffffda RBX: 00007f6c521b5fa0 RCX: 00007f6c51f8ebe9 [ 1943.663110][T30229] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00002000000001c0 [ 1943.663125][T30229] RBP: 00007f6c52e53090 R08: 0000000000000000 R09: 0000000000000000 [ 1943.663140][T30229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1943.663155][T30229] R13: 00007f6c521b6038 R14: 00007f6c521b5fa0 R15: 00007ffe51b75a88 [ 1943.663185][T30229] [ 1944.470217][T30231] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4760'. [ 1944.585310][T30233] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4761'. [ 1945.259712][T30237] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4764'. [ 1946.025697][T30247] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4766'. [ 1947.118710][T30256] blktrace: Concurrent blktraces are not allowed on loop2 [ 1949.753024][T30296] FAULT_INJECTION: forcing a failure. [ 1949.753024][T30296] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.812799][T30296] CPU: 1 UID: 0 PID: 30296 Comm: syz.2.4776 Tainted: G U syzkaller #0 PREEMPT(full) [ 1949.812843][T30296] Tainted: [U]=USER [ 1949.812851][T30296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1949.812866][T30296] Call Trace: [ 1949.812875][T30296] [ 1949.812884][T30296] dump_stack_lvl+0x16c/0x1f0 [ 1949.812921][T30296] should_fail_ex+0x512/0x640 [ 1949.812955][T30296] ? fs_reclaim_acquire+0xae/0x150 [ 1949.812993][T30296] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1949.813028][T30296] should_failslab+0xc2/0x120 [ 1949.813060][T30296] __kmalloc_noprof+0xd2/0x510 [ 1949.813096][T30296] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1949.813152][T30296] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1949.813183][T30296] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1949.813242][T30296] ? find_held_lock+0x2b/0x80 [ 1949.813273][T30296] tomoyo_file_open+0x6b/0x90 [ 1949.813297][T30296] security_file_open+0x84/0x1e0 [ 1949.813331][T30296] do_dentry_open+0x596/0x1530 [ 1949.813370][T30296] vfs_open+0x82/0x3f0 [ 1949.813415][T30296] path_openat+0x1de4/0x2cb0 [ 1949.813453][T30296] ? __pfx_path_openat+0x10/0x10 [ 1949.813490][T30296] do_filp_open+0x20b/0x470 [ 1949.813518][T30296] ? __pfx_do_filp_open+0x10/0x10 [ 1949.813557][T30296] ? __pfx_kfree_link+0x10/0x10 [ 1949.813602][T30296] ? alloc_fd+0x471/0x7d0 [ 1949.813653][T30296] do_sys_openat2+0x11b/0x1d0 [ 1949.813687][T30296] ? __pfx_do_sys_openat2+0x10/0x10 [ 1949.813732][T30296] __x64_sys_openat+0x174/0x210 [ 1949.813768][T30296] ? __pfx___x64_sys_openat+0x10/0x10 [ 1949.813814][T30296] do_syscall_64+0xcd/0x490 [ 1949.813846][T30296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1949.813869][T30296] RIP: 0033:0x7f01be78d550 [ 1949.813886][T30296] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1949.813908][T30296] RSP: 002b:00007f01bf568fe0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1949.813928][T30296] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f01be78d550 [ 1949.813942][T30296] RDX: 0000000000000002 RSI: 00007f01be8120d3 RDI: 00000000ffffff9c [ 1949.813956][T30296] RBP: 00007f01be8120d3 R08: 0000000000000000 R09: 00007f01bf56a000 [ 1949.813970][T30296] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1949.813983][T30296] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1949.814011][T30296] [ 1949.814020][T30296] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1950.121279][T30296] FAULT_INJECTION: forcing a failure. [ 1950.121279][T30296] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.241720][T30296] CPU: 0 UID: 0 PID: 30296 Comm: syz.2.4776 Tainted: G U syzkaller #0 PREEMPT(full) [ 1950.241759][T30296] Tainted: [U]=USER [ 1950.241767][T30296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1950.241782][T30296] Call Trace: [ 1950.241790][T30296] [ 1950.241800][T30296] dump_stack_lvl+0x16c/0x1f0 [ 1950.241836][T30296] should_fail_ex+0x512/0x640 [ 1950.241871][T30296] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1950.241899][T30296] should_failslab+0xc2/0x120 [ 1950.241937][T30296] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1950.241968][T30296] ? down_write_killable+0x154/0x250 [ 1950.242029][T30296] ? alloc_ldt_struct+0x5d/0x1a0 [ 1950.242068][T30296] alloc_ldt_struct+0x5d/0x1a0 [ 1950.242096][T30296] write_ldt+0x852/0xd20 [ 1950.242130][T30296] ? __fget_files+0x20e/0x3c0 [ 1950.242158][T30296] ? rcu_watching_snap_stopped_since+0x100/0x110 [ 1950.242189][T30296] ? __pfx_write_ldt+0x10/0x10 [ 1950.242213][T30296] ? fput+0x9b/0xd0 [ 1950.242247][T30296] ? ksys_write+0x1ac/0x250 [ 1950.242273][T30296] ? __pfx_ksys_write+0x10/0x10 [ 1950.242307][T30296] __x64_sys_modify_ldt+0xb1/0x170 [ 1950.242341][T30296] do_syscall_64+0xcd/0x490 [ 1950.242375][T30296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1950.242399][T30296] RIP: 0033:0x7f01be78ebe9 [ 1950.242418][T30296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1950.242452][T30296] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1950.242481][T30296] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1950.242500][T30296] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1950.242514][T30296] RBP: 00007f01bf569090 R08: 0000000000000000 R09: 0000000000000000 [ 1950.242529][T30296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1950.242542][T30296] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1950.242572][T30296] [ 1950.988540][T30302] netlink: 186 bytes leftover after parsing attributes in process `syz.2.4777'. [ 1951.433380][T30307] FAULT_INJECTION: forcing a failure. [ 1951.433380][T30307] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1951.453114][T30307] CPU: 0 UID: 0 PID: 30307 Comm: syz.2.4780 Tainted: G U syzkaller #0 PREEMPT(full) [ 1951.453171][T30307] Tainted: [U]=USER [ 1951.453184][T30307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1951.453204][T30307] Call Trace: [ 1951.453216][T30307] [ 1951.453236][T30307] dump_stack_lvl+0x16c/0x1f0 [ 1951.453286][T30307] should_fail_ex+0x512/0x640 [ 1951.453335][T30307] should_fail_alloc_page+0xe7/0x130 [ 1951.453371][T30307] prepare_alloc_pages+0x3c2/0x610 [ 1951.453413][T30307] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1951.453445][T30307] ? __alloc_frozen_pages_noprof+0x294/0x23f0 [ 1951.453488][T30307] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1951.453518][T30307] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1951.453565][T30307] ? __lock_acquire+0xb97/0x1ce0 [ 1951.453596][T30307] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1951.453635][T30307] ? policy_nodemask+0xea/0x4e0 [ 1951.453670][T30307] alloc_pages_mpol+0x1fb/0x550 [ 1951.453715][T30307] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1951.453745][T30307] ? do_raw_spin_lock+0x12c/0x2b0 [ 1951.453780][T30307] ? find_held_lock+0x2b/0x80 [ 1951.453808][T30307] alloc_pages_noprof+0x131/0x390 [ 1951.453839][T30307] __pmd_alloc+0x3b/0x930 [ 1951.453873][T30307] ? __pud_alloc+0x526/0x750 [ 1951.453909][T30307] walk_to_pmd+0x3a6/0x4c0 [ 1951.453948][T30307] __get_locked_pte+0x25/0xc0 [ 1951.453985][T30307] map_ldt_struct+0x3b0/0xa60 [ 1951.454046][T30307] ? __pfx_map_ldt_struct+0x10/0x10 [ 1951.454073][T30307] ? alloc_pages_noprof+0x23c/0x390 [ 1951.454112][T30307] write_ldt+0x8fa/0xd20 [ 1951.454142][T30307] ? __pfx_write_ldt+0x10/0x10 [ 1951.454166][T30307] ? fput+0x9b/0xd0 [ 1951.454204][T30307] ? __pfx_ksys_write+0x10/0x10 [ 1951.454246][T30307] __x64_sys_modify_ldt+0xb1/0x170 [ 1951.454274][T30307] do_syscall_64+0xcd/0x490 [ 1951.454311][T30307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1951.454335][T30307] RIP: 0033:0x7f01be78ebe9 [ 1951.454355][T30307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1951.454379][T30307] RSP: 002b:00007f01bf569038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1951.454402][T30307] RAX: ffffffffffffffda RBX: 00007f01be9b5fa0 RCX: 00007f01be78ebe9 [ 1951.454419][T30307] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1951.454434][T30307] RBP: 00007f01be811e19 R08: 0000000000000000 R09: 0000000000000000 [ 1951.454449][T30307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1951.454463][T30307] R13: 00007f01be9b6038 R14: 00007f01be9b5fa0 R15: 00007ffc55402af8 [ 1951.454493][T30307] [ 1952.628869][T30331] FAULT_INJECTION: forcing a failure. [ 1952.628869][T30331] name failslab, interval 1, probability 0, space 0, times 0 [ 1952.665853][T30331] CPU: 0 UID: 0 PID: 30331 Comm: syz.0.4787 Tainted: G U syzkaller #0 PREEMPT(full) [ 1952.665902][T30331] Tainted: [U]=USER [ 1952.665912][T30331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1952.665932][T30331] Call Trace: [ 1952.665943][T30331] [ 1952.665956][T30331] dump_stack_lvl+0x16c/0x1f0 [ 1952.666008][T30331] should_fail_ex+0x512/0x640 [ 1952.666080][T30331] should_failslab+0xc2/0x120 [ 1952.666138][T30331] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1952.666173][T30331] ? do_raw_spin_lock+0x12c/0x2b0 [ 1952.666224][T30331] ? find_held_lock+0x2b/0x80 [ 1952.666255][T30331] ? async_schedule_node_domain+0x54/0x120 [ 1952.666300][T30331] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 1952.666341][T30331] async_schedule_node_domain+0x54/0x120 [ 1952.666383][T30331] dev_cache_fw_image+0x38e/0x490 [ 1952.666424][T30331] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1952.666469][T30331] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1952.666510][T30331] dpm_for_each_dev+0x5a/0xb0 [ 1952.666547][T30331] fw_pm_notify+0x81/0x150 [ 1952.666582][T30331] notifier_call_chain+0xb9/0x410 [ 1952.666623][T30331] ? __pfx_fw_pm_notify+0x10/0x10 [ 1952.666666][T30331] blocking_notifier_call_chain_robust+0xc8/0x160 [ 1952.666716][T30331] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 1952.666778][T30331] pm_notifier_call_chain_robust+0x27/0x60 [ 1952.666826][T30331] snapshot_open+0x189/0x2b0 [ 1952.666866][T30331] ? __pfx_snapshot_open+0x10/0x10 [ 1952.666907][T30331] misc_open+0x35a/0x420 [ 1952.666942][T30331] ? __pfx_misc_open+0x10/0x10 [ 1952.666978][T30331] chrdev_open+0x231/0x6a0 [ 1952.667018][T30331] ? __pfx_apparmor_file_open+0x10/0x10 [ 1952.667054][T30331] ? __pfx_chrdev_open+0x10/0x10 [ 1952.667105][T30331] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1952.667148][T30331] do_dentry_open+0x97f/0x1530 [ 1952.667192][T30331] ? __pfx_chrdev_open+0x10/0x10 [ 1952.667256][T30331] vfs_open+0x82/0x3f0 [ 1952.667310][T30331] path_openat+0x1de4/0x2cb0 [ 1952.667364][T30331] ? __pfx_path_openat+0x10/0x10 [ 1952.667415][T30331] do_filp_open+0x20b/0x470 [ 1952.667455][T30331] ? __pfx_do_filp_open+0x10/0x10 [ 1952.667527][T30331] ? alloc_fd+0x471/0x7d0 [ 1952.667575][T30331] do_sys_openat2+0x11b/0x1d0 [ 1952.667625][T30331] ? __pfx_do_sys_openat2+0x10/0x10 [ 1952.667681][T30331] __x64_sys_openat+0x174/0x210 [ 1952.667723][T30331] ? __pfx___x64_sys_openat+0x10/0x10 [ 1952.667772][T30331] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 1952.667820][T30331] do_syscall_64+0xcd/0x490 [ 1952.667862][T30331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1952.667888][T30331] RIP: 0033:0x7fbaab58ebe9 [ 1952.667911][T30331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1952.667939][T30331] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1952.667965][T30331] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1952.667983][T30331] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1952.668001][T30331] RBP: 00007fbaac3dc090 R08: 0000000000000000 R09: 0000000000000000 [ 1952.668017][T30331] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 1952.668033][T30331] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1952.668070][T30331] [ 1953.010221][T30331] [ 1953.012578][T30331] ====================================================== [ 1953.019604][T30331] WARNING: possible circular locking dependency detected [ 1953.026622][T30331] syzkaller #0 Tainted: G U [ 1953.032608][T30331] ------------------------------------------------------ [ 1953.039635][T30331] syz.0.4787/30331 is trying to acquire lock: [ 1953.045695][T30331] ffff888029a36288 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}, at: process_measurement+0x7e0/0x23e0 [ 1953.056329][T30331] [ 1953.056329][T30331] but task is already holding lock: [ 1953.063703][T30331] ffffffff8f5173c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 1953.072621][T30331] [ 1953.072621][T30331] which lock already depends on the new lock. [ 1953.072621][T30331] [ 1953.083025][T30331] [ 1953.083025][T30331] the existing dependency chain (in reverse order) is: [ 1953.092039][T30331] [ 1953.092039][T30331] -> #4 (dpm_list_mtx){+.+.}-{4:4}: [ 1953.099457][T30331] __mutex_lock+0x193/0x1060 [ 1953.104628][T30331] device_pm_add+0x87/0x3e0 [ 1953.109670][T30331] device_add+0x9cd/0x1aa0 [ 1953.114617][T30331] device_create_groups_vargs+0x1f8/0x270 [ 1953.120885][T30331] device_create+0xed/0x130 [ 1953.125916][T30331] msr_device_create+0x31/0x70 [ 1953.131216][T30331] cpuhp_invoke_callback+0x3d5/0xa10 [ 1953.137055][T30331] cpuhp_thread_fun+0x47e/0x6f0 [ 1953.142444][T30331] smpboot_thread_fn+0x3f7/0xae0 [ 1953.147958][T30331] kthread+0x3c5/0x780 [ 1953.152592][T30331] ret_from_fork+0x5d4/0x6f0 [ 1953.157737][T30331] ret_from_fork_asm+0x1a/0x30 [ 1953.163034][T30331] [ 1953.163034][T30331] -> #3 (cpuhp_state-up){+.+.}-{0:0}: [ 1953.170602][T30331] cpuhp_thread_fun+0x193/0x6f0 [ 1953.175985][T30331] smpboot_thread_fn+0x3f7/0xae0 [ 1953.181494][T30331] kthread+0x3c5/0x780 [ 1953.186142][T30331] ret_from_fork+0x5d4/0x6f0 [ 1953.191290][T30331] ret_from_fork_asm+0x1a/0x30 [ 1953.196587][T30331] [ 1953.196587][T30331] -> #2 (cpu_hotplug_lock){++++}-{0:0}: [ 1953.204365][T30331] cpus_read_lock+0x42/0x160 [ 1953.209499][T30331] ring_buffer_resize+0x105/0x15c0 [ 1953.215144][T30331] tracing_update_buffers+0x15e/0x1f0 [ 1953.221052][T30331] ftrace_event_write+0x14a/0x290 [ 1953.226607][T30331] vfs_write+0x29d/0x11d0 [ 1953.231470][T30331] ksys_write+0x12a/0x250 [ 1953.236329][T30331] do_syscall_64+0xcd/0x490 [ 1953.241369][T30331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1953.247805][T30331] [ 1953.247805][T30331] -> #1 (trace_types_lock){+.+.}-{4:4}: [ 1953.255548][T30331] __mutex_lock+0x193/0x1060 [ 1953.260676][T30331] tracing_check_open_get_tr.part.0+0x49/0x190 [ 1953.267368][T30331] tracing_open_generic_tr+0x66/0xf0 [ 1953.273186][T30331] do_dentry_open+0x97f/0x1530 [ 1953.278479][T30331] vfs_open+0x82/0x3f0 [ 1953.283086][T30331] dentry_open+0x71/0xd0 [ 1953.287877][T30331] ima_calc_file_hash+0x2b6/0x490 [ 1953.293447][T30331] ima_collect_measurement+0x899/0xa40 [ 1953.299480][T30331] process_measurement+0x11fa/0x23e0 [ 1953.305293][T30331] ima_file_check+0xc5/0x110 [ 1953.310412][T30331] security_file_post_open+0x8e/0x210 [ 1953.316326][T30331] path_openat+0x1404/0x2cb0 [ 1953.321451][T30331] do_filp_open+0x20b/0x470 [ 1953.326488][T30331] do_sys_openat2+0x11b/0x1d0 [ 1953.331710][T30331] __x64_sys_openat+0x174/0x210 [ 1953.337107][T30331] do_syscall_64+0xcd/0x490 [ 1953.342152][T30331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1953.348576][T30331] [ 1953.348576][T30331] -> #0 (&ima_iint_mutex_key[depth]){+.+.}-{4:4}: [ 1953.357190][T30331] __lock_acquire+0x12a6/0x1ce0 [ 1953.362604][T30331] lock_acquire+0x179/0x350 [ 1953.367649][T30331] __mutex_lock+0x193/0x1060 [ 1953.372800][T30331] process_measurement+0x7e0/0x23e0 [ 1953.378539][T30331] ima_file_check+0xc5/0x110 [ 1953.383666][T30331] security_file_post_open+0x8e/0x210 [ 1953.389594][T30331] path_openat+0x1404/0x2cb0 [ 1953.394724][T30331] do_file_open_root+0x322/0x610 [ 1953.400209][T30331] file_open_root+0x2a7/0x450 [ 1953.405424][T30331] kernel_read_file_from_path_initns+0x189/0x260 [ 1953.412300][T30331] _request_firmware+0x744/0x1470 [ 1953.417864][T30331] __async_dev_cache_fw_image+0xb1/0x340 [ 1953.424035][T30331] async_schedule_node_domain+0xd4/0x120 [ 1953.430201][T30331] dev_cache_fw_image+0x38e/0x490 [ 1953.435766][T30331] dpm_for_each_dev+0x5a/0xb0 [ 1953.440986][T30331] fw_pm_notify+0x81/0x150 [ 1953.445934][T30331] notifier_call_chain+0xb9/0x410 [ 1953.451504][T30331] blocking_notifier_call_chain_robust+0xc8/0x160 [ 1953.458460][T30331] pm_notifier_call_chain_robust+0x27/0x60 [ 1953.464805][T30331] snapshot_open+0x189/0x2b0 [ 1953.469938][T30331] misc_open+0x35a/0x420 [ 1953.474725][T30331] chrdev_open+0x231/0x6a0 [ 1953.479694][T30331] do_dentry_open+0x97f/0x1530 [ 1953.484991][T30331] vfs_open+0x82/0x3f0 [ 1953.489599][T30331] path_openat+0x1de4/0x2cb0 [ 1953.494746][T30331] do_filp_open+0x20b/0x470 [ 1953.499790][T30331] do_sys_openat2+0x11b/0x1d0 [ 1953.505010][T30331] __x64_sys_openat+0x174/0x210 [ 1953.510423][T30331] do_syscall_64+0xcd/0x490 [ 1953.515460][T30331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1953.521880][T30331] [ 1953.521880][T30331] other info that might help us debug this: [ 1953.521880][T30331] [ 1953.532102][T30331] Chain exists of: [ 1953.532102][T30331] &ima_iint_mutex_key[depth] --> cpuhp_state-up --> dpm_list_mtx [ 1953.532102][T30331] [ 1953.545758][T30331] Possible unsafe locking scenario: [ 1953.545758][T30331] [ 1953.553205][T30331] CPU0 CPU1 [ 1953.558562][T30331] ---- ---- [ 1953.563918][T30331] lock(dpm_list_mtx); [ 1953.568073][T30331] lock(cpuhp_state-up); [ 1953.574938][T30331] lock(dpm_list_mtx); [ 1953.581613][T30331] lock(&ima_iint_mutex_key[depth]); [ 1953.586992][T30331] [ 1953.586992][T30331] *** DEADLOCK *** [ 1953.586992][T30331] [ 1953.595132][T30331] 5 locks held by syz.0.4787/30331: [ 1953.600329][T30331] #0: ffffffff8f306f48 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420 [ 1953.608828][T30331] #1: ffffffff8e484808 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0 [ 1953.619231][T30331] #2: ffffffff8e4c4c70 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160 [ 1953.631101][T30331] #3: ffffffff8f51c9c8 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150 [ 1953.639735][T30331] #4: ffffffff8f5173c8 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0 [ 1953.649068][T30331] [ 1953.649068][T30331] stack backtrace: [ 1953.654968][T30331] CPU: 0 UID: 0 PID: 30331 Comm: syz.0.4787 Tainted: G U syzkaller #0 PREEMPT(full) [ 1953.655013][T30331] Tainted: [U]=USER [ 1953.655020][T30331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1953.655034][T30331] Call Trace: [ 1953.655043][T30331] [ 1953.655052][T30331] dump_stack_lvl+0x116/0x1f0 [ 1953.655084][T30331] print_circular_bug+0x275/0x350 [ 1953.655114][T30331] check_noncircular+0x14c/0x170 [ 1953.655145][T30331] __lock_acquire+0x12a6/0x1ce0 [ 1953.655179][T30331] lock_acquire+0x179/0x350 [ 1953.655225][T30331] ? process_measurement+0x7e0/0x23e0 [ 1953.655251][T30331] ? __pfx___might_resched+0x10/0x10 [ 1953.655277][T30331] ? process_measurement+0x7e0/0x23e0 [ 1953.655300][T30331] __mutex_lock+0x193/0x1060 [ 1953.655331][T30331] ? process_measurement+0x7e0/0x23e0 [ 1953.655359][T30331] ? __pfx___mutex_lock+0x10/0x10 [ 1953.655390][T30331] ? __pfx___might_resched+0x10/0x10 [ 1953.655413][T30331] ? find_held_lock+0x2b/0x80 [ 1953.655436][T30331] ? down_write+0x14d/0x200 [ 1953.655472][T30331] ? process_measurement+0x7e0/0x23e0 [ 1953.655496][T30331] process_measurement+0x7e0/0x23e0 [ 1953.655524][T30331] ? __pfx_process_measurement+0x10/0x10 [ 1953.655551][T30331] ? find_held_lock+0x2b/0x80 [ 1953.655573][T30331] ? fscrypt_file_open+0x47c/0x590 [ 1953.655615][T30331] ? __pfx___fsnotify_parent+0x10/0x10 [ 1953.655639][T30331] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1953.655669][T30331] ima_file_check+0xc5/0x110 [ 1953.655693][T30331] ? __pfx_ima_file_check+0x10/0x10 [ 1953.655718][T30331] ? vfs_open+0x2e3/0x3f0 [ 1953.655758][T30331] security_file_post_open+0x8e/0x210 [ 1953.655790][T30331] path_openat+0x1404/0x2cb0 [ 1953.655821][T30331] ? trace_kmem_cache_alloc+0x28/0xc0 [ 1953.655857][T30331] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 1953.655886][T30331] ? __pfx_path_openat+0x10/0x10 [ 1953.655913][T30331] ? __asan_memcpy+0x3c/0x60 [ 1953.655938][T30331] do_file_open_root+0x322/0x610 [ 1953.655967][T30331] ? __pfx_do_file_open_root+0x10/0x10 [ 1953.656009][T30331] ? xfrm_state_find+0x46e0/0x84c0 [ 1953.656058][T30331] ? vsnprintf+0x318/0x1160 [ 1953.656088][T30331] file_open_root+0x2a7/0x450 [ 1953.656119][T30331] ? __pfx_file_open_root+0x10/0x10 [ 1953.656151][T30331] ? find_held_lock+0x2b/0x80 [ 1953.656173][T30331] ? kernel_read_file_from_path_initns+0x17a/0x260 [ 1953.656212][T30331] kernel_read_file_from_path_initns+0x189/0x260 [ 1953.656249][T30331] ? __pfx_kernel_read_file_from_path_initns+0x10/0x10 [ 1953.656284][T30331] ? trace_kmem_cache_alloc+0x28/0xc0 [ 1953.656319][T30331] ? _request_firmware+0x503/0x1470 [ 1953.656349][T30331] _request_firmware+0x744/0x1470 [ 1953.656381][T30331] ? __pfx__request_firmware+0x10/0x10 [ 1953.656408][T30331] ? dump_stack_lvl+0x197/0x1f0 [ 1953.656437][T30331] ? dump_stack_lvl+0x1a3/0x1f0 [ 1953.656467][T30331] __async_dev_cache_fw_image+0xb1/0x340 [ 1953.656497][T30331] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 1953.656528][T30331] ? mark_held_locks+0x49/0x80 [ 1953.656557][T30331] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1953.656584][T30331] ? __pfx___async_dev_cache_fw_image+0x10/0x10 [ 1953.656615][T30331] async_schedule_node_domain+0xd4/0x120 [ 1953.656644][T30331] dev_cache_fw_image+0x38e/0x490 [ 1953.656671][T30331] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1953.656699][T30331] ? __pfx_dev_cache_fw_image+0x10/0x10 [ 1953.656726][T30331] dpm_for_each_dev+0x5a/0xb0 [ 1953.656750][T30331] fw_pm_notify+0x81/0x150 [ 1953.656779][T30331] notifier_call_chain+0xb9/0x410 [ 1953.656810][T30331] ? __pfx_fw_pm_notify+0x10/0x10 [ 1953.656839][T30331] blocking_notifier_call_chain_robust+0xc8/0x160 [ 1953.656874][T30331] ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10 [ 1953.656913][T30331] pm_notifier_call_chain_robust+0x27/0x60 [ 1953.656947][T30331] snapshot_open+0x189/0x2b0 [ 1953.656976][T30331] ? __pfx_snapshot_open+0x10/0x10 [ 1953.657006][T30331] misc_open+0x35a/0x420 [ 1953.657032][T30331] ? __pfx_misc_open+0x10/0x10 [ 1953.657057][T30331] chrdev_open+0x231/0x6a0 [ 1953.657088][T30331] ? __pfx_apparmor_file_open+0x10/0x10 [ 1953.657114][T30331] ? __pfx_chrdev_open+0x10/0x10 [ 1953.657146][T30331] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1953.657177][T30331] do_dentry_open+0x97f/0x1530 [ 1953.657218][T30331] ? __pfx_chrdev_open+0x10/0x10 [ 1953.657266][T30331] vfs_open+0x82/0x3f0 [ 1953.657299][T30331] path_openat+0x1de4/0x2cb0 [ 1953.657328][T30331] ? __pfx_path_openat+0x10/0x10 [ 1953.657374][T30331] do_filp_open+0x20b/0x470 [ 1953.657415][T30331] ? __pfx_do_filp_open+0x10/0x10 [ 1953.657466][T30331] ? alloc_fd+0x471/0x7d0 [ 1953.657493][T30331] do_sys_openat2+0x11b/0x1d0 [ 1953.657529][T30331] ? __pfx_do_sys_openat2+0x10/0x10 [ 1953.657571][T30331] __x64_sys_openat+0x174/0x210 [ 1953.657608][T30331] ? __pfx___x64_sys_openat+0x10/0x10 [ 1953.657648][T30331] ? trace_irq_enable.constprop.0+0x2f/0x120 [ 1953.657687][T30331] do_syscall_64+0xcd/0x490 [ 1953.657720][T30331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1953.657744][T30331] RIP: 0033:0x7fbaab58ebe9 [ 1953.657768][T30331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1953.657790][T30331] RSP: 002b:00007fbaac3dc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1953.657812][T30331] RAX: ffffffffffffffda RBX: 00007fbaab7b5fa0 RCX: 00007fbaab58ebe9 [ 1953.657828][T30331] RDX: 0000000000000400 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 1953.657843][T30331] RBP: 00007fbaac3dc090 R08: 0000000000000000 R09: 0000000000000000 [ 1953.657858][T30331] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000001 [ 1953.657872][T30331] R13: 00007fbaab7b6038 R14: 00007fbaab7b5fa0 R15: 00007fffe5090b28 [ 1953.657895][T30331] [ 1954.222850][T30331] (NULL device *): loading /lib/firmware/regulatory.db failed with error -12 [ 1954.231693][T30331] (NULL device *): Direct firmware load for regulatory.db failed with error -12 [ 1954.276349][T30331] (NULL device *): Falling back to sysfs fallback for: regulatory.db