last executing test programs: 10.108429462s ago: executing program 1 (id=4569): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x6, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0xfd}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x11, 0x80003, 0x300) 7.944241348s ago: executing program 1 (id=4576): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x200801, 0x0) fchdir$auto(r0) mkdir$auto(&(0x7f00000002c0)='./cgroup\x00', 0x6) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000014c0)='/proc/self/net/ip_vs_conn\x00', 0x20440, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) fsopen$auto(0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xc048aeca, 0x1000000) 7.438730181s ago: executing program 1 (id=4579): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) ioctl$auto_BLKSSZGET(0xffffffffffffffff, 0x1268, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x9, 0x3, 0x0, 0x0) r1 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) writev$auto(r1, &(0x7f0000000380)={&(0x7f00000002c0)="ffaf25e5", 0xe0d}, 0x8) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) write$auto_tty_fops_tty_io(r0, &(0x7f0000000200)="352c8efa61", 0x5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/apparmor/parameters/lock_policy\x00', 0x82, 0x0) sendfile$auto(r2, r2, 0x0, 0x5) ioctl$auto_FICLONE(r2, 0x40049409, r2) r3 = socket(0x10, 0x2, 0x0) setsockopt$auto(r3, 0x0, 0x2, &(0x7f0000000140)='lp\x00h\x85M\xac\x1d\x83\x8a\xa7d\v\xfbY\x10\xf4K\xc4]U', 0x4) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) select$auto(0x1ff, &(0x7f0000000740)={[0xb, 0xa6e, 0x5, 0x8000000000000001, 0x1, 0x4, 0x9, 0x0, 0x2, 0x4, 0xff, 0x8000, 0xfffffffffffffffa, 0xb, 0x1, 0x2]}, &(0x7f00000007c0)={[0x1, 0x43, 0x101, 0x2, 0x61, 0x1, 0x2, 0x3ff, 0x2, 0x1f0, 0x0, 0xffffffff, 0x7fffffffffffffff, 0x9, 0x7, 0x9d32]}, &(0x7f0000000840)={[0xfffffffffffff071, 0x6, 0xf4, 0x1, 0x6, 0x8f3, 0x100, 0xfffffffffffffffa, 0x6, 0xf, 0x0, 0x80000001, 0x9, 0x6, 0x7]}, &(0x7f00000008c0)={0x5, 0x9}) r5 = clone$auto(0xca, 0x4, &(0x7f00000000c0)=0x9, &(0x7f0000000100)=0x401, 0x1) r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x100, 0x10001, 0x6, 0x14, r6, 0x8000) read$auto_trace_clock_fops_trace(r6, &(0x7f0000000900)=""/143, 0x8f) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r3, &(0x7f0000000700)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000006c0)={&(0x7f00000001c0)={0x4d8, r4, 0x800, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x18, 0x9, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private0}]}, @TIPC_NLA_MON={0x201, 0x9, 0x0, 0x1, [@typed={0xc, 0xb, 0x0, 0x0, @u64=0x6}, @generic="230a65a3aceced97a7e94796dabf10c26e085a184562bae084a08633aca92e8716f0e89a85b0cfb14bcbee9dd8d7743cbc7dc3cb6324a115ccccf4782c5cbb2241a638cf83023a8d97409e3138b1b5dd7f718a24bda1698b915b228d3ad60afdb317f61abdf271700d1006ec9b78209f269201ad8ad28551fd84355b8cd9e790761e6055f4e9743721ef06a844dfd9b148ee73b302cabda3fc67e26e48735953ddb07b94a0a41998a986ddc519e9b4fe5b8a6cd89e13e0b70c18f15cbc5ccb23369f477531b4b27d578f6f67bda676939d1c291ec5886ef615499afd4cb93887748b157e2a46333063eefdf0d339fd6e47e8b739", @nested={0x4, 0x133}, @typed={0x8, 0x3b, 0x0, 0x0, @pid=r5}, @generic="bee8747d8a822e908939a80ea4a2ebd31e14f89fea0aad667f08838a4ce4889d98029247f424caa2ece9f79240e80f0bb164d4a40da5eab066369827051e2a04108f130eb5cae22349f1e5657f8ecbb146d6c7301ea020be8d3dd79b318e356df5808234608133f7d574ecb0469d93e33915db4c3ec1e056494e3f262864f005da0203856e807333eb4b933cebc5efcc1e8640116ebebb1da56b715da6a813a60f0d8af6eb1433afa2c0b0929a297ef80e3b26cb135fbefc655348df31ed2af434fded485f6083e21a76d302a76f5b54f739cd0bf5d363c95eb3a541cc6d364500502b73ef1c53f1179c53672c891c8fdf"]}, @TIPC_NLA_NET={0x2a6, 0x7, 0x0, 0x1, [@generic="8fcbda5488b12a25371a914c063ed271101fc69b92c10637416feb2e7c4299b6338cbb9250a248c2edb967ab0a732b8defef90748b30aa7c8e8bff8ab3af58ffec592d71c591e9752a405193deed4c880fa0a4dbd4c2dadffd52a2b99785ae63294bf1f0535ca3942597cd7c7ab07f7dd4011238a78318c3d392b9e5adb3f45e3a6b5a354cc4a6376eccfbb6604701561c4322e3764a0f138b5b1ceb538b72263d9850c1526f83c446c94b940536e18fbdfb9cfc1a472e7afc9359138854089f054d2b48b6b238", @typed={0x8, 0x147, 0x0, 0x0, @pid}, @typed={0x8, 0x47, 0x0, 0x0, @u32=0x6}, @nested={0x96, 0x7b, 0x0, 0x1, [@nested={0x4, 0x48}, @generic="52b8fdc4c234eecda3398e5c1acc5594416664d2a0429d09e322", @typed={0x14, 0xd1, 0x0, 0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}}, @nested={0x4, 0x14d}, @generic="9eaa3b3aca0ce89e35a6cfa545354649760b9a2068b3dd587c61ecf86e0775474733738a59c5dd6e7f65dd39f0f1b4094a96981aa0a2646788d8d1dcd2131ef369927d9d7c8ffc308b2e8775054f3c9931645e91fe764f8fd8f17f95"]}, @generic="d1105114f4995966b82955bd245e4c2cf575bfb4a5b76f352b06df91ee9ce7aef8837493cf16067cba173dd4990f435de024a1779c1034482fb6f40f2706022a1d75027479a70a08411e772c2a839e8dfdb42bd955c2d39f0dadff663e2a391a90971981cf9653", @nested={0xcc, 0xf3, 0x0, 0x1, [@typed={0x14, 0x4f, 0x0, 0x0, @ipv6=@remote}, @generic="9bec318ea448b593484551a72824ca8082d54d595f6d8cf6c8dec1a66eb34d0de946067e08c0b08b29bbf2d12adae5b65997e729e85627a4328e74bb3b9d839693f42fec5b4f39817ea819231cf54d695617802716eb8b9c1a3ca6f99df33baec53931e30288515aa715302c101595614f22b61539e27bd43fba97ce7d2904c96d434b45393881ecfd9c7f2f", @typed={0x8, 0xd6, 0x0, 0x0, @fd=r2}, @generic="9f9b7939067ef04b756c0d969c8c8a9902f527fd712629298fd1c3b64222c458"]}]}]}, 0x4d8}, 0x1, 0x0, 0x0, 0xb27be8427b8367ce}, 0x8000) 7.056130207s ago: executing program 0 (id=4580): pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00;\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t3\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\xfb\xba\xb2.$\'\x1e\x82\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/250, 0x7ff, 0x39) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/036/001\x00', 0x40001, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) listen$auto(0x3, 0x83) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000001040)={0xa0, 0x6, 0x9, 0x17, 0x800, 0x80000, 0x0}) getsockopt$auto_SO_PEEK_OFF(r0, 0x9, 0x2a, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup\x00', &(0x7f0000000080)=0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup\x00', 0x2, 0x0) r1 = syz_clone(0x124a000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8008000) shmctl$auto(0x9, 0xd, 0x0) read$auto(0xffffffffffffffff, 0x0, 0xea) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/xt_recent/parameters/ip_list_uid\x00', 0x301000, 0x0) read$auto(r2, 0x0, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/fail-nth\x00', 0x229602, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) madvise$auto(0xfffffffffffffffe, 0x100000, 0x17) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) geteuid() socket(0xb877d7ae5150abdb, 0x3, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x3, r1, 0x1, 0x4000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0xd49) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) r4 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x804, 0x0) ioctl$auto_RTC_ALM_SET(r4, 0x40247007, &(0x7f00000000c0)={0x9, 0x9, 0x8, 0x4b, 0xb828, 0xffffffff, 0x7, 0x4, 0x400}) sendmmsg$auto(r2, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0xb}, 0x800008}, 0x1ff, 0x1ffffff8) semget$auto(0x0, 0x13c, 0x1ff) socket$nl_generic(0x10, 0x3, 0x10) 6.733640927s ago: executing program 0 (id=4582): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket(0x2, 0x3, 0xa) socket(0x1e, 0x5, 0x0) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, 0x0, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x8, 0x3, 0x105, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.599157127s ago: executing program 1 (id=4583): madvise$auto(0x0, 0x2000040080000004, 0xe) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) socket(0x3f, 0x800, 0x84) socket$nl_generic(0x10, 0x3, 0x10) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) read$auto_uinput_fops_uinput(r0, &(0x7f0000000040)=""/250, 0xfa) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x648902, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000140), 0x2040, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ip6erspan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TDLS_OPER(r3, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x30, 0x0, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r4}, @NL80211_ATTR_WIPHY_TX_POWER_LEVEL={0x8, 0x62, 0x8}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_IFINDEX={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x40c0}, 0x8010) 6.243028542s ago: executing program 0 (id=4584): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) (fail_nth: 1) close_range$auto(0x2, 0x8, 0x0) socket(0x9, 0x800, 0xd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 5.550207885s ago: executing program 0 (id=4587): socket(0x2, 0x3, 0xa) prctl$auto_PR_GET_DUMPABLE(0x3, 0x8a, 0x0, 0xfffffffffffffffd, 0xd) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x80, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x3, 0x0, 0xfffffdef) rseq$auto(0x0, 0x8000, 0x0, 0x6) rseq$auto(0x0, 0x8000, 0x0, 0x6) shmctl$auto_SHM_UNLOCK(0x2, 0xc, &(0x7f00000004c0)={{0xa, 0x0, 0x0, 0x800, 0x10001, 0x1, 0x8}, 0x6, 0x9fd, 0x6d3b1c2d, 0x0, @raw=0x4, @inferred=0xffffffffffffffff, 0x595f, 0x0, &(0x7f0000000300)="6a0c957d1ae7c3ac1bdb44eeb2f6ab64b91d44e00bfb8ac435a643c3d14d0cadef50e2325abada30db7fb667dab341d28ac2f2fa8c3ceb1907a6aa9bfb2b11e4cecc4bbce90f54624d731e2ba4e8b9f5734db6c854c652e72c9f3d187bcd5c282e8f1234993daa247196f24985", &(0x7f0000000380)="83a2f7e97a656c083df2750b95b6d01fb34f6a0a839f1739d91afcf6e49b176826e9baab85886dd1672a86e5c9577cb92992f5fd2d2202246d90dbfb74e5979c8a8c423804485d59941540f9b692c6eef3dc7d75f950527a86ff6196974553026db71052f70057d4860eb39f78d36b14fed4979ac0898d888148e21ff42eb0c5b96bbb9eb2805a1d7f3cde65edebe30c0b3f663fb2f5601fff495638f7c6118407fb925d6d"}) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop15\x00', 0x14f602, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/apparmor/parameters/path_max\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000000c0)=""/17, 0x11) 5.257749532s ago: executing program 1 (id=4588): madvise$auto(0x0, 0x2000040080000003, 0xe) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xc4\xe2q;KzH\n\xc4\x9b\xf0\xa0p\xa7fFn\xf8\xd18|\x1b\xb1cO\xaa\x14\xbf_5a\xcb\x97\x01)V\xa5\x1b\xa6Ug\x0e\x16\x1e\xd9\xa1\xa3\x1bi\x9a\x8a4\xf3\xfeX/$\xf5\x9c\xf8vp\x9b\xbe\xccE\x1d\x8e\xcc\xacJ\x7fQ3\xd2', 0x100000a3d9) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, 0x0, 0xc800) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) nanosleep$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x12, 0x2, 0x8000) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x42801, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r3, 0xc0385720, &(0x7f0000000040)={0x1, '\x00 \x00', 0xc5, 0xffffffff, 0xeda, 0xbb1b, "011586f1c8b112f0059652a7b9638fe9"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) write$auto(r2, &(0x7f0000000000)='/dev/audio1\x00', 0x4) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x200000000006, 0x8) 4.09749222s ago: executing program 0 (id=4590): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xf, 0x3, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x2, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe\x00', 0x24501, 0x0) mmap$auto(0x100000001, 0x5, 0xfffffffffffffffe, 0x17, r0, 0x401) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x50b880, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x8, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x80000001, 0xd, 0x1, 0x6, 0x3, 0x15f4da0a, 0x3, 0x3, 0x3, 0x4, 0xfffffffffffffffd, 0x6d3c, 0x9, 0x2, 0x6]}, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/cmdline\x00', 0x481, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dummy0\x00'}) socket(0xa, 0x5, 0x8) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_GET_VCPU_MMAP_SIZE(r2, 0xae04, 0x0) r3 = gettid() r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/fib_trie\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x5, 0x9a6) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000440)={{@inferred, 0x80, 0x3, 0x1, "977d648a0881449f3ce8ba5b483e904dfacb519a28d0b90b462bf9ad3e3c7e488826dc0852829cf353806ac4", @inferred=r3}, 0x0, 0x7, 0x4, @raw=0x9, @integer={0x5, 0xfffffffffffffff4, 0x4}, "b957b0168b84987d4211529b4bf24c25c2a1e7c1cbcff5c254d7954a4ffb435e9426e9c83a87cd49439334e9a0bf167595e50bfb2200e43a76fd8e68ce7be399"}) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) 3.146397165s ago: executing program 3 (id=4592): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x2, 0x73) r1 = ioctl$auto_NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc880) sendto$auto(r0, 0x0, 0x402, 0x0, &(0x7f0000000000)=@generic={0x1, "e2e18340cba8fe8000"}, 0x1c) 2.941120682s ago: executing program 2 (id=4593): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) socket(0x2, 0x3, 0xa) socket(0x1e, 0x5, 0x0) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, 0x0, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x7, 0x0, 0x5, 0xffffffff, 0x2000000000210006, 0x0, 0x7, 0x5, 0x2, 0x7, 0xaf, 0x9, 0x8, 0x3, 0x105, 0x7, 0x0, 0x0, 0x10000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x200000000000000]}, 0x1fe, 0x81) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc7}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.910944505s ago: executing program 2 (id=4594): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x68342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) r1 = fcntl$auto(0xffffffffffffffff, 0x7, 0xa553) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0xa, 0x1, 0x100) ioperm$auto(0x7, 0x5ad2, 0x8) modify_ldt$auto(0xc, 0x0, 0x100000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptyd1\x00', 0xf8000, 0x0) openat$auto_force_devcoredump_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) rseq$auto(&(0x7f0000000300)={0x12, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) socket(0x10, 0x2, 0x0) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) r3 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r1) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto_HDIO_GETGEO(r4, 0x301, &(0x7f00000001c0)) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000002100)=""/4110, 0x100e) sendmsg$auto_NL802154_CMD_DEL_SEC_LEVEL(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000540)=ANY=[@ANYBLOB="2a2789e782347869f8707f32bb951e9cd137de23df15656c553e26dca6ba793224cc97e258e9e7e34bd02a90eb0db3d4e6abf058477fee3eb8bd1d1bec1215afa67d5fade50f1d022c6e97f7320394208722c019ac8fd476c7395ac30d0f0501c4aa2cf4ccff9c8501521087b205e24779294ae12ac73188d7a09b689e036efe7fb59fc49670095ac9d781694dee059cfd35173c3fdcca2f9044b8edc58248e7d4fefcd78d45b217f20c006b5a4f084cb18622", @ANYRES16=r3, @ANYBLOB="00042cbd7000ffdbdf25210000000800270000000000d3012e80c2f54637f73aac129034b1f041c80f9f744f3d777826cd2122dd2663507b5da3dfd84ae433dbf215fc6357d04d2a45877c02555123b6e1cdabcc0cbe36c9e712fb43a0de4a2071c2dc810ba3216b3e775adc4d4f02463ba0681892dfa34ba1fb2504532fe91400d3800800c700", @ANYRES32=0x0, @ANYBLOB="04008a8004009580c4003e80040086800400e48004001d800400d08004004080b8ae3b2f48645f5cc59ea89b73b425ff6307fefbabed180dc8c44f9dbdd9e7c4a2dfd3ddbe9239adaf8d0beb20043c75c3723059a10e46ab779b57494ec4426c23d8f954e665b97f3eece2a3fade43ece2048a096d0bc5e8d56d0895dfdfb428fe65fed4613e64728ab340d5baa3360746bbe6eb9837febcbb4ed077e30dd14b70453c076181af30a4d43e31c8cac45573f9ca5a040041801400e8002001000000000000000000000000000029df6c203ab7f77664d7b9fa9d8a1909f434af60d87e299311475e81557cddbe39b40766bbf4694c89bed1b7ae33494cf5ba6422749870da0b4a351de978f715beed62c9cc42762a3c58e0c25c2001593939ff0908ecb3a86f32817fa2c50cebef11c9de5f0043d4f6d24ce9bbd94c0014aa35efe8674fe013e35d63905bb6b82c2c9c42ed90cbe85d34ca5a6764d7614f5300"], 0x1f0}, 0x1, 0x0, 0x0, 0x800}, 0x48054) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xf0, 0x200006, 0x5, 0x40eb1, 0x602, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x8) write$auto(0x3, 0x0, 0x100082) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/domainname\x00', 0x88042, 0x0) poll$auto(&(0x7f0000000080)={r5, 0x0, 0x5}, 0x5, 0x49) write$auto_proc_sys_file_operations_proc_sysctl(r5, 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0xfffffffffffffffc) 2.828383329s ago: executing program 3 (id=4595): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x2, 0x3, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) setsockopt$auto(0x3, 0x0, 0xc9, 0xfffffffffffffffc, 0xfd72) ioctl$auto_VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f00000000c0)=0x4000000) 2.540643305s ago: executing program 3 (id=4596): socket(0x1a, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), r1) sendmsg$auto_OVS_DP_CMD_NEW(r1, &(0x7f0000000140)={0x0, 0x340, &(0x7f0000000580)={&(0x7f0000000200)={0x2c, r2, 0x1, 0x2070bd26, 0x25dfdbf8, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x8, 0x1, 'HfR\x00'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x80) 2.076315171s ago: executing program 2 (id=4597): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) (async) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) getrandom$auto(0x0, 0x6000000, 0x3) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) (async) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) accept$auto(r0, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41, 0x4}, 0x2}}, &(0x7f0000000080)=0x7) (async) r1 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r1, 0x0, 0xc3) 1.952390169s ago: executing program 3 (id=4598): r0 = socket(0xa, 0x2, 0x73) sendto$auto(r0, 0x0, 0x4, 0xfffffffe, &(0x7f0000000000)=@generic={0xa, "e208004002de00"}, 0x1c) 1.702116514s ago: executing program 2 (id=4599): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd5\x00', 0x14f602, 0x0) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd8\x00', 0x28ac83, 0x0) socket(0xa, 0x2, 0x88) r2 = openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/loginuid\x00', 0xf10284d3518cb39e, 0x0) openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/bluetooth/hci7/msft_opcode\x00', 0x4001, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@link_update={r1, @new_prog_fd=r2, 0x9d, @old_prog_fd=r0}, 0x2f1e) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(&(0x7f00000000c0)='\xc4--:\xdd:,./-${\x00', 0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000340), r4) sendmsg$auto_NL802154_CMD_LIST_ASSOCIATIONS(r3, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r5, 0x20, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_MAX_ASSOCIATIONS={0x8, 0x27, 0x9}, @NL802154_ATTR_CHANNEL={0x5, 0x8, 0x7f}]}, 0x24}, 0x1, 0x0, 0x0, 0x40011}, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000000c0), r6) sendmsg$auto_SMC_NETLINK_DUMP_UEID(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r7, 0x315, 0x70bd2b, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20008805}, 0x40c0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0x10006, 0x300000000000) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) r8 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r8, &(0x7f0000000440)="671f264add69b6440843b6e6688a2b5ad9df2669e6f9cd236532b20ed763ac8caf4b", 0x22) 1.628280311s ago: executing program 3 (id=4600): madvise$auto(0x0, 0x2000040080000003, 0xe) write$auto(0xffffffffffffffff, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, 0x0, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xc4\xe2q;KzH\n\xc4\x9b\xf0\xa0p\xa7fFn\xf8\xd18|\x1b\xb1cO\xaa\x14\xbf_5a\xcb\x97\x01)V\xa5\x1b\xa6Ug\x0e\x16\x1e\xd9\xa1\xa3\x1bi\x9a\x8a4\xf3\xfeX/$\xf5\x9c\xf8vp\x9b\xbe\xccE\x1d\x8e\xcc\xacJ\x7fQ3\xd2', 0x100000a3d9) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x40, r2, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x14, 0x0, 0x1, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x600000}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) nanosleep$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_clone(0x4040400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x9, 0x400008, 0xdf, 0x12, 0x2, 0x8000) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000040), 0xffffffffffffffff) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000006900)='/sys/kernel/config/target/dbroot\x00', 0x189002, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x42801, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_STATUS64(r4, 0xc0385720, &(0x7f0000000040)={0x1, '\x00 \x00', 0xc5, 0xffffffff, 0xeda, 0xbb1b, "011586f1c8b112f0059652a7b9638fe9"}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7) write$auto(r3, &(0x7f0000000000)='/dev/audio1\x00', 0x4) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/fib_triestat\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x200000000006, 0x8) 1.497268314s ago: executing program 1 (id=4601): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x6, 0x62, 0x80000000, 0x9, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) getpid() mlockall$auto(0x5) rt_sigprocmask$auto(0x6, &(0x7f0000000080)={0x6}, 0xffffffffffffffff, 0x8) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x4) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfd, {0x2, 0x0, 0xfd}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004081}, 0x20000084) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0xa, 0x300) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x400, 0x7) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x11, 0x80003, 0x300) 1.12413895s ago: executing program 2 (id=4602): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r0, 0x0, 0xb4d3) socket(0x10, 0x4, 0xffffffc0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) write$auto(0xffffffffffffffff, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89MO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\x93\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xb2A\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x9c\xd5x\xfa\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbf\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\xfc\xc7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\x0e\xf0\xf80\\\'d&(\t\x1a|\x15\xb2\\\x19-\x8d\xc9\xfd\xf0\x1aP\xael\x8fH\xa9z\xe66\xd0P\xf7\xdfs\xeb{\xbb\x95\x96f/\x84\x85\xa1\xd7\xbd\x9c!\xfe\x164\x10\x0e\xe5A5\a\x1b\x1fW)\xe5q\xeejh\xb8`\xbeP\x8d\xbcQ [\xd73Q\xb7Z\xe72\xc6\xe1\x94\x98+\x19h\x8b\xde9l\xd6j\xa0\x03\xbc\xb5\xfe\xceI\xc3^\x90\xfd\xb5\xb1e\xda@?\nE\x89\x06\x15\x9f\x01\xf7 |\x80\xa1\xec\x83\xd1\x81N7\xd2\xd15\xee\xb0\xe4\x96\x8d\xc7~B\xb2\xb4V', 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) fchdir$auto(r2) inotify_init1$auto(0x3000000000000) socket(0x2, 0x801, 0x100) rmdir$auto(&(0x7f0000000300)='./cgroup\x00') close_range$auto(0x2, 0x8, 0x0) getuid() socket(0xa, 0x1, 0x0) socket(0x2, 0x1, 0x84) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0xffffffffffffffff, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x2, 0x80009, 0xb, 0x14, r3, 0x0) r4 = socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x800) bpf$auto(0x6, &(0x7f00000001c0)=@test={r4, 0x10004, 0x0, 0x1000, 0x106, 0x0, 0x0, 0xfff, 0x10000, 0x9, 0x0, 0x4, 0x7, 0x2, 0xfffeffff}, 0x1) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 333.97585ms ago: executing program 0 (id=4603): sendmsg$auto_NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4c0d0}, 0x4084) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000500), 0xffffffffffffffff) r0 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0xfffffffa, 0x200055}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180)="f0a404df7717f9dccf61ebc08ae74730084a3623f191", 0x49}, 0x1, &(0x7f0000000200)="0858f3f5c6e90000c21e6ba32d7f0ddb6073ed3e5419b49fc344b4788249bb246b4a7f5257fb443a502ca4f4829b4eb9aeae839407597a798a524a80fab53605be1de6cdf9508fe9c706e7dc", 0x5, 0x1000}, 0x5}, 0x2, 0x100) r1 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) shmctl$auto_SHM_UNLOCK(0x40dd, 0xc, &(0x7f00000002c0)={{0xe329, 0xee01, 0x0, 0x6, 0x4000009, 0x5, 0x6}, 0x6, 0x9, 0x100, 0x3ffffffffff, @raw=0xfff, @raw, 0x1, 0x0, &(0x7f0000000600)="5ffb8c54275d0c4ca6f3bc9bcbd9adff6b4e73563f2fc459934217e5e98a", &(0x7f00000008c0)="684fed96de5981c9194d06062c57e164fe577b2648abeeb8991a55d88f66df8fc85de8dd226d81227cbf525fe5de958f82c9e461e2062a230cc7dc01ae2d4e7fc3258c8e13c6243e1de760cf744c29a519f51e4b5fff2e6a0bef2d8ed08578606a7099daa0221315c2b10e97a97243221bb8507339bba2d71a59fdf512a5f54aa6ad0ac13e7c44994c7f50509bd9484f3368647a8b9eae6477116ea0862cfba268718c920cbf4bc66c0c"}) shmctl$auto_SHM_STAT_ANY(0x15700000, 0xf, &(0x7f0000000540)={{0x9, 0xee00, 0x0, 0x3, 0x0, 0x5, 0x8}, 0x101, 0xdd80, 0x7f, 0x8000000000000000, @inferred, @inferred, 0x98, 0x0, &(0x7f0000000340)="f4c945ba13cc5d5d9bfaeb8acb033ac0df0e8ad0c237674a98301dd29f4ffccbfb13f1835d7954a4a8ec8c9a8a7955947b13da8cec5e38d008bb314b301b28c75b1c44d4eeebfd4e951ebc5b23f5dbfafc845c4a553e479aee9a6299b68dc54b9dc7dbabdacb2a2a1aef9c1af76ea6793d6e3655f26e2689eef1cc1a7925d8222f42d9de5d47b79869cbbc6fb5d4289f7cf37363e769c22e0d3d55bfd9aa0e663353f59476d36110e5858deb9a62f0c7ea80da3dbf280dec85d7953092a32a804c7b98821fc63ab4eb54dad96b0fad577ab1a1b09d1325438173c606f8", &(0x7f0000000740)="bbf2bf849384833d6d499f7ef874e0d89eff9c0e92100ce29968196fc709a586448255931706ec630ddee6e2353b28b8bfd7869d7e0a5db9bec42273434b6ca3f9554cc686fd479cc3f9d92fa564255e924867d600bc11315e08459a19550c37363dc55161b734791d8e9ccff7e1422988c3ce738304b2449091ac04a5e5918b444aea1a3ba4d60861e8f5a08ef146a47a9418ee244ec884c44470cc2c81d6fe6fd7254c58c37490a3484150b2f80eb45aeb14a4bb45886ac46045cd6b9c0454ebc4e96db61e95ffff83e646438d351b30c466a1d504580f158d9efacfc86be7b50ea4de87b9e1270a7a282332dde82e7dc7e2817216ec4c26636362ce5c47b6476734bf1650350d22d536a35918037297dc4e8cd6e3dee318f2b86c7ee2f2afbcbe48bdbac86c4bfd892fe7f93e1bc0becc17bcafb6bf551b9e98ea47c18c35fcb91318d229c4196ebe3fe00e72979d23235f2e4d24165177734ef874915fd5039505ee9c0274f931d9107781cacc4f7ce86c6e8bf31be2"}) ioctl$auto_KVM_HAS_DEVICE_ATTR(0xffffffffffffffff, 0x4018aee3, &(0x7f0000000480)={0x3, 0xee01, 0x5, 0x6}) capget$auto(&(0x7f0000000280)={0x9d6}, &(0x7f0000000440)={0x1, 0x8f4a, 0x200}) keyctl$auto(0x100, r2, r3, r4, 0x0) poll$auto(&(0x7f00000000c0)={r1, 0x5, 0xd9c0}, 0x3, 0xb) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) mmap$auto(0xffffffffffffffff, 0x9, 0x4000001, 0xffffe, r1, 0x400010) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000040)=0x1ff) socket(0xa, 0x2, 0x73) ioctl$auto_VHOST_SET_VRING_CALL2(r5, 0x4008af21, &(0x7f00000004c0)={0xf71, r5}) io_uring_register$auto_IORING_REGISTER_CLOCK(0xffffffffffffffff, 0x1d, &(0x7f0000000080)="64394e5632a90afe4dddd153d935", 0x84) bpf$auto(0x2, &(0x7f00000000c0)=@link_create={@map_fd=r5, @target_fd, 0x80000001, 0x7fff, @perf_event={0xe4}}, 0x800) mmap$auto(0x0, 0x20009, 0xdf, 0x4f7, 0xffffffffffffffff, 0x1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) 11.132621ms ago: executing program 3 (id=4604): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x393041, 0x0) landlock_restrict_self$auto(0xffffffffffffffff, 0x1) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy8/netdev:wlan1/tsf\x00', 0x20000, 0x0) read$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) socket(0x11, 0x80003, 0x5ffd617) connect$auto(0x3, &(0x7f00000018c0)=@in={0x2, 0x4e21, @loopback=0xac14140a}, 0x400055) close_range$auto(0x2, 0x8, 0x0) socket(0x3, 0x5, 0xfffffffd) shutdown$auto(0x200000003, 0x2) getpid() lseek$auto(0x3, 0x20000, 0x1) timer_create$auto(0x0, 0x0, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card0/pcm0p/sub0/xrun_injection\x00', 0x482, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x9}, 0xb) getpid() close_range$auto(0x2, 0x8, 0x0) setresuid$auto(0xffffffffffffffff, 0xeffffffeffffffff, 0xd2) r2 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/cec31\x00', 0x42, 0x0) poll$auto(&(0x7f0000000c00)={r2, 0x200, 0x9}, 0x1, 0x8) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, r2, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x8, 0x1, 0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) socket(0x9, 0x800, 0xd) mmap$auto(0x4, 0x400008, 0xe0, 0x9b7e, 0x2, 0x200008000) 0s ago: executing program 2 (id=4605): membarrier$auto_MEMBARRIER_CMD_PRIVATE_EXPEDITED(0x8, 0x8000, 0x6) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/net\x00') kernel console output (not intermixed with test programs): 24328] name failslab, interval 1, probability 0, space 0, times 0 [ 1219.666367][T24328] CPU: 1 UID: 0 PID: 24328 Comm: syz.2.3728 Not tainted syzkaller #0 PREEMPT(full) [ 1219.666388][T24328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1219.666397][T24328] Call Trace: [ 1219.666402][T24328] [ 1219.666408][T24328] dump_stack_lvl+0x16c/0x1f0 [ 1219.666430][T24328] should_fail_ex+0x512/0x640 [ 1219.666453][T24328] ? __kmalloc_noprof+0xbf/0x510 [ 1219.666472][T24328] ? constrain_params_by_rules+0x175/0xca0 [ 1219.666486][T24328] should_failslab+0xc2/0x120 [ 1219.666505][T24328] __kmalloc_noprof+0xd2/0x510 [ 1219.666520][T24328] ? unwind_get_return_address+0x59/0xa0 [ 1219.666540][T24328] constrain_params_by_rules+0x175/0xca0 [ 1219.666558][T24328] ? stack_trace_save+0x8e/0xc0 [ 1219.666577][T24328] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1219.666595][T24328] ? __kasan_kmalloc+0xaa/0xb0 [ 1219.666610][T24328] ? snd_pcm_oss_change_params_locked+0x6f4/0x3a30 [ 1219.666624][T24328] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1219.666636][T24328] ? snd_pcm_oss_write+0x4c3/0xa10 [ 1219.666656][T24328] ? snd_interval_refine+0x2fa/0x580 [ 1219.666677][T24328] snd_pcm_hw_refine+0x7de/0xad0 [ 1219.666701][T24328] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1219.666730][T24328] ? snd_interval_refine+0x2fa/0x580 [ 1219.666749][T24328] snd_pcm_oss_change_params_locked+0x208e/0x3a30 [ 1219.666772][T24328] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1219.666797][T24328] ? irqentry_exit+0x3b/0x90 [ 1219.666817][T24328] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1219.666833][T24328] snd_pcm_oss_write+0x4c3/0xa10 [ 1219.666853][T24328] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1219.666866][T24328] vfs_write+0x29d/0x11d0 [ 1219.666887][T24328] ? __pfx_vfs_write+0x10/0x10 [ 1219.666901][T24328] ? find_held_lock+0x2b/0x80 [ 1219.666916][T24328] ? __fget_files+0x204/0x3c0 [ 1219.666934][T24328] ? __fget_files+0x20e/0x3c0 [ 1219.666954][T24328] ksys_write+0x12a/0x250 [ 1219.666969][T24328] ? __pfx_ksys_write+0x10/0x10 [ 1219.666991][T24328] do_syscall_64+0xcd/0x490 [ 1219.667010][T24328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1219.667025][T24328] RIP: 0033:0x7f1adbd8ebe9 [ 1219.667037][T24328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1219.667051][T24328] RSP: 002b:00007f1adcc86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1219.667067][T24328] RAX: ffffffffffffffda RBX: 00007f1adbfb5fa0 RCX: 00007f1adbd8ebe9 [ 1219.667077][T24328] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1219.667086][T24328] RBP: 00007f1adcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 1219.667095][T24328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1219.667103][T24328] R13: 00007f1adbfb6038 R14: 00007f1adbfb5fa0 R15: 00007ffc30824c18 [ 1219.667121][T24328] [ 1220.070685][T24335] netlink: 'syz.0.3729': attribute type 11 has an invalid length. [ 1220.078611][T24335] netlink: 'syz.0.3729': attribute type 11 has an invalid length. [ 1220.086401][T24335] netlink: 'syz.0.3729': attribute type 11 has an invalid length. [ 1220.239070][T24322] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1220.670408][T24344] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3732'. [ 1220.921710][T24345] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1221.729901][T24367] HfR: entered promiscuous mode [ 1221.880447][T24355] FAULT_INJECTION: forcing a failure. [ 1221.880447][T24355] name failslab, interval 1, probability 0, space 0, times 0 [ 1221.903614][T24355] CPU: 1 UID: 0 PID: 24355 Comm: syz.1.3734 Not tainted syzkaller #0 PREEMPT(full) [ 1221.903649][T24355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1221.903665][T24355] Call Trace: [ 1221.903674][T24355] [ 1221.903684][T24355] dump_stack_lvl+0x16c/0x1f0 [ 1221.903723][T24355] should_fail_ex+0x512/0x640 [ 1221.903760][T24355] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1221.903793][T24355] should_failslab+0xc2/0x120 [ 1221.903823][T24355] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1221.903855][T24355] ? kstrdup_const+0x63/0x80 [ 1221.903886][T24355] kstrdup+0x53/0x100 [ 1221.903915][T24355] kstrdup_const+0x63/0x80 [ 1221.903944][T24355] __kernfs_new_node+0x9b/0x8e0 [ 1221.903982][T24355] ? __pfx___kernfs_new_node+0x10/0x10 [ 1221.904020][T24355] ? find_held_lock+0x2b/0x80 [ 1221.904045][T24355] ? kernfs_root+0xee/0x2a0 [ 1221.904081][T24355] kernfs_new_node+0x13c/0x1e0 [ 1221.904123][T24355] kernfs_create_link+0xcc/0x240 [ 1221.904151][T24355] sysfs_do_create_link_sd+0x90/0x140 [ 1221.904184][T24355] sysfs_create_link+0x61/0xc0 [ 1221.904226][T24355] device_add+0x62c/0x1aa0 [ 1221.904256][T24355] ? __pfx_device_add+0x10/0x10 [ 1221.904282][T24355] ? lockdep_init_map_type+0x5c/0x280 [ 1221.904320][T24355] ? __init_waitqueue_head+0xca/0x150 [ 1221.904368][T24355] netdev_register_kobject+0x1a9/0x3d0 [ 1221.904415][T24355] register_netdevice+0x13dc/0x2270 [ 1221.904459][T24355] ? __pfx_register_netdevice+0x10/0x10 [ 1221.904508][T24355] slip_open+0xb86/0x1150 [ 1221.904567][T24355] ? __pfx_slip_open+0x10/0x10 [ 1221.904604][T24355] ? down_write+0x14d/0x200 [ 1221.904644][T24355] ? __pfx_slip_open+0x10/0x10 [ 1221.904681][T24355] tty_ldisc_open+0x9f/0x120 [ 1221.904716][T24355] tty_set_ldisc+0x32b/0x780 [ 1221.904754][T24355] tty_ioctl+0xc2e/0x1680 [ 1221.904790][T24355] ? __pfx_tty_ioctl+0x10/0x10 [ 1221.904836][T24355] ? find_held_lock+0x2b/0x80 [ 1221.904862][T24355] ? hook_file_ioctl_common+0x145/0x410 [ 1221.904905][T24355] ? __fget_files+0x20e/0x3c0 [ 1221.904941][T24355] ? __pfx_tty_ioctl+0x10/0x10 [ 1221.904977][T24355] __x64_sys_ioctl+0x18e/0x210 [ 1221.905020][T24355] do_syscall_64+0xcd/0x490 [ 1221.905057][T24355] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.905085][T24355] RIP: 0033:0x7f6d0b58ebe9 [ 1221.905108][T24355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1221.905141][T24355] RSP: 002b:00007f6d0c3ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1221.905168][T24355] RAX: ffffffffffffffda RBX: 00007f6d0b7b6090 RCX: 00007f6d0b58ebe9 [ 1221.905187][T24355] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000e [ 1221.905212][T24355] RBP: 00007f6d0b611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1221.905229][T24355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1221.905246][T24355] R13: 00007f6d0b7b6128 R14: 00007f6d0b7b6090 R15: 00007ffe7357b188 [ 1221.905284][T24355] [ 1222.730559][T24355] Falling back ldisc for ptm1. [ 1222.756150][T24381] FAULT_INJECTION: forcing a failure. [ 1222.756150][T24381] name failslab, interval 1, probability 0, space 0, times 0 [ 1222.808804][T24381] CPU: 1 UID: 0 PID: 24381 Comm: syz.3.3742 Not tainted syzkaller #0 PREEMPT(full) [ 1222.808839][T24381] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1222.808857][T24381] Call Trace: [ 1222.808866][T24381] [ 1222.808877][T24381] dump_stack_lvl+0x16c/0x1f0 [ 1222.808914][T24381] should_fail_ex+0x512/0x640 [ 1222.808947][T24381] ? fs_reclaim_acquire+0xae/0x150 [ 1222.808985][T24381] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1222.809019][T24381] should_failslab+0xc2/0x120 [ 1222.809052][T24381] __kmalloc_noprof+0xd2/0x510 [ 1222.809089][T24381] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1222.809136][T24381] ? tomoyo_profile+0x47/0x60 [ 1222.809163][T24381] tomoyo_path_number_perm+0x245/0x580 [ 1222.809194][T24381] ? tomoyo_path_number_perm+0x237/0x580 [ 1222.809228][T24381] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1222.809261][T24381] ? find_held_lock+0x2b/0x80 [ 1222.809319][T24381] ? find_held_lock+0x2b/0x80 [ 1222.809343][T24381] ? hook_file_ioctl_common+0x145/0x410 [ 1222.809383][T24381] ? __fget_files+0x20e/0x3c0 [ 1222.809417][T24381] security_file_ioctl+0x9b/0x240 [ 1222.809451][T24381] __x64_sys_ioctl+0xb7/0x210 [ 1222.809492][T24381] do_syscall_64+0xcd/0x490 [ 1222.809527][T24381] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1222.809554][T24381] RIP: 0033:0x7f62b5d8ebe9 [ 1222.809575][T24381] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1222.809600][T24381] RSP: 002b:00007f62b3ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1222.809624][T24381] RAX: ffffffffffffffda RBX: 00007f62b5fb5fa0 RCX: 00007f62b5d8ebe9 [ 1222.809642][T24381] RDX: 0000000000000000 RSI: 0000000000004b72 RDI: 0000000000000000 [ 1222.809658][T24381] RBP: 00007f62b3ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1222.809674][T24381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1222.809690][T24381] R13: 00007f62b5fb6038 R14: 00007f62b5fb5fa0 R15: 00007ffefeeb1738 [ 1222.809725][T24381] [ 1222.809762][T24381] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1223.376952][T24388] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3744'. [ 1225.774854][T24419] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1226.095684][T24431] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3752'. [ 1226.144766][T24431] HfR: left promiscuous mode [ 1226.380967][T24434] zswap: compressor not available [ 1227.541807][T24445] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1227.553867][T24445] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1227.563310][T24445] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1227.570205][T24445] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1228.114469][T24472] netlink: 'syz.0.3764': attribute type 11 has an invalid length. [ 1228.163858][T24472] netlink: 'syz.0.3764': attribute type 11 has an invalid length. [ 1228.180719][T24472] netlink: 'syz.0.3764': attribute type 11 has an invalid length. [ 1228.295665][ T30] audit: type=1800 audit(4294967626.420:161): pid=24480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3761" name="dbroot" dev="configfs" ino=130000 res=0 errno=0 [ 1228.750341][T24482] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1228.781569][T24488] FAULT_INJECTION: forcing a failure. [ 1228.781569][T24488] name failslab, interval 1, probability 0, space 0, times 0 [ 1228.794446][T24488] CPU: 0 UID: 0 PID: 24488 Comm: syz.0.3766 Not tainted syzkaller #0 PREEMPT(full) [ 1228.794467][T24488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1228.794476][T24488] Call Trace: [ 1228.794482][T24488] [ 1228.794491][T24488] dump_stack_lvl+0x16c/0x1f0 [ 1228.794515][T24488] should_fail_ex+0x512/0x640 [ 1228.794535][T24488] ? fs_reclaim_acquire+0xae/0x150 [ 1228.794557][T24488] ? tomoyo_encode2+0x100/0x3e0 [ 1228.794575][T24488] should_failslab+0xc2/0x120 [ 1228.794594][T24488] __kmalloc_noprof+0xd2/0x510 [ 1228.794610][T24488] ? d_absolute_path+0x136/0x1a0 [ 1228.794634][T24488] tomoyo_encode2+0x100/0x3e0 [ 1228.794655][T24488] tomoyo_encode+0x29/0x50 [ 1228.794673][T24488] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1228.794698][T24488] tomoyo_path_number_perm+0x245/0x580 [ 1228.794714][T24488] ? tomoyo_path_number_perm+0x237/0x580 [ 1228.794733][T24488] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1228.794750][T24488] ? find_held_lock+0x2b/0x80 [ 1228.794781][T24488] ? find_held_lock+0x2b/0x80 [ 1228.794800][T24488] ? hook_file_ioctl_common+0x145/0x410 [ 1228.794823][T24488] ? __fget_files+0x20e/0x3c0 [ 1228.794841][T24488] security_file_ioctl+0x9b/0x240 [ 1228.794861][T24488] __x64_sys_ioctl+0xb7/0x210 [ 1228.794884][T24488] do_syscall_64+0xcd/0x490 [ 1228.794904][T24488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1228.794918][T24488] RIP: 0033:0x7f528538ebe9 [ 1228.794930][T24488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1228.794944][T24488] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1228.794959][T24488] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1228.794968][T24488] RDX: 0000000000000000 RSI: 0000000000004b72 RDI: 0000000000000000 [ 1228.794977][T24488] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1228.794986][T24488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1228.794994][T24488] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1228.795012][T24488] [ 1228.795026][T24488] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1228.841494][T22687] Bluetooth: hci2: command 0x0c1a tx timeout [ 1229.258238][T24489] zswap: compressor not available [ 1229.610726][T22687] Bluetooth: hci1: command 0x0c1a tx timeout [ 1229.610754][ T5862] Bluetooth: hci0: command 0x0c1a tx timeout [ 1229.616774][T22687] Bluetooth: hci4: command 0x0c1a tx timeout [ 1229.709206][T24502] netlink: 98 bytes leftover after parsing attributes in process `syz.2.3770'. [ 1229.751310][T24502] netlink: 50 bytes leftover after parsing attributes in process `syz.2.3770'. [ 1232.843357][T24543] blktrace: Concurrent blktraces are not allowed on ram7 [ 1233.105110][T24535] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1234.164602][T24560] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3784'. [ 1235.525768][ T30] audit: type=1800 audit(4294967633.640:162): pid=24570 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3786" name="dbroot" dev="configfs" ino=130736 res=0 errno=0 [ 1236.210011][T24566] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1237.259765][T24577] FAULT_INJECTION: forcing a failure. [ 1237.259765][T24577] name failslab, interval 1, probability 0, space 0, times 0 [ 1237.275002][T24577] CPU: 0 UID: 0 PID: 24577 Comm: syz.3.3788 Not tainted syzkaller #0 PREEMPT(full) [ 1237.275025][T24577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1237.275034][T24577] Call Trace: [ 1237.275041][T24577] [ 1237.275047][T24577] dump_stack_lvl+0x16c/0x1f0 [ 1237.275070][T24577] should_fail_ex+0x512/0x640 [ 1237.275090][T24577] ? __kmalloc_noprof+0xbf/0x510 [ 1237.275107][T24577] ? constrain_params_by_rules+0x175/0xca0 [ 1237.275122][T24577] should_failslab+0xc2/0x120 [ 1237.275140][T24577] __kmalloc_noprof+0xd2/0x510 [ 1237.275156][T24577] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1237.275177][T24577] constrain_params_by_rules+0x175/0xca0 [ 1237.275191][T24577] ? arch_stack_walk+0xa6/0x100 [ 1237.275212][T24577] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1237.275226][T24577] ? stack_trace_save+0x8e/0xc0 [ 1237.275242][T24577] ? __pfx_stack_trace_save+0x10/0x10 [ 1237.275261][T24577] ? stack_trace_save+0x8e/0xc0 [ 1237.275280][T24577] ? snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 1237.275294][T24577] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1237.275307][T24577] ? snd_pcm_oss_write+0x4c3/0xa10 [ 1237.275320][T24577] ? vfs_write+0x29d/0x11d0 [ 1237.275335][T24577] ? ksys_write+0x12a/0x250 [ 1237.275349][T24577] ? do_syscall_64+0xcd/0x490 [ 1237.275367][T24577] ? snd_interval_refine+0x2fa/0x580 [ 1237.275387][T24577] snd_pcm_hw_refine+0x7de/0xad0 [ 1237.275404][T24577] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1237.275430][T24577] snd_pcm_hw_param_first+0x334/0x6f0 [ 1237.275455][T24577] snd_pcm_hw_param_near.constprop.0+0x702/0x8e0 [ 1237.275481][T24577] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1237.275505][T24577] ? snd_pcm_oss_change_params_locked+0x958/0x3a30 [ 1237.275523][T24577] snd_pcm_oss_change_params_locked+0x9cd/0x3a30 [ 1237.275546][T24577] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1237.275570][T24577] ? find_held_lock+0x2b/0x80 [ 1237.275588][T24577] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1237.275603][T24577] snd_pcm_oss_write+0x4c3/0xa10 [ 1237.275619][T24577] ? bpf_lsm_file_permission+0x9/0x10 [ 1237.275639][T24577] ? security_file_permission+0x71/0x210 [ 1237.275661][T24577] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1237.275683][T24577] vfs_write+0x29d/0x11d0 [ 1237.275704][T24577] ? __pfx_vfs_write+0x10/0x10 [ 1237.275718][T24577] ? find_held_lock+0x2b/0x80 [ 1237.275732][T24577] ? __fget_files+0x204/0x3c0 [ 1237.275750][T24577] ? __fget_files+0x20e/0x3c0 [ 1237.275776][T24577] ksys_write+0x12a/0x250 [ 1237.275792][T24577] ? __pfx_ksys_write+0x10/0x10 [ 1237.275814][T24577] do_syscall_64+0xcd/0x490 [ 1237.275833][T24577] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1237.275848][T24577] RIP: 0033:0x7f62b5d8ebe9 [ 1237.275861][T24577] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1237.275875][T24577] RSP: 002b:00007f62b3ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1237.275889][T24577] RAX: ffffffffffffffda RBX: 00007f62b5fb5fa0 RCX: 00007f62b5d8ebe9 [ 1237.275899][T24577] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1237.275908][T24577] RBP: 00007f62b3ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1237.275916][T24577] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1237.275925][T24577] R13: 00007f62b5fb6038 R14: 00007f62b5fb5fa0 R15: 00007ffefeeb1738 [ 1237.275943][T24577] [ 1238.337320][T24592] FAULT_INJECTION: forcing a failure. [ 1238.337320][T24592] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1238.572490][T24592] CPU: 0 UID: 0 PID: 24592 Comm: syz.2.3790 Not tainted syzkaller #0 PREEMPT(full) [ 1238.572524][T24592] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1238.572533][T24592] Call Trace: [ 1238.572539][T24592] [ 1238.572545][T24592] dump_stack_lvl+0x16c/0x1f0 [ 1238.572569][T24592] should_fail_ex+0x512/0x640 [ 1238.572591][T24592] _copy_from_user+0x2e/0xd0 [ 1238.572618][T24592] vt_ioctl+0x42e/0x30a0 [ 1238.572632][T24592] ? lockdep_hardirqs_on+0x7c/0x110 [ 1238.572655][T24592] ? __pfx_vt_ioctl+0x10/0x10 [ 1238.572669][T24592] ? tomoyo_path_number_perm+0x295/0x580 [ 1238.572690][T24592] ? tomoyo_path_number_perm+0x18d/0x580 [ 1238.572711][T24592] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1238.572729][T24592] ? find_held_lock+0x2b/0x80 [ 1238.572744][T24592] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1238.572766][T24592] ? tty_jobctrl_ioctl+0x152/0xe00 [ 1238.572782][T24592] ? __pfx_vt_ioctl+0x10/0x10 [ 1238.572794][T24592] tty_ioctl+0x65e/0x1680 [ 1238.572815][T24592] ? __pfx_tty_ioctl+0x10/0x10 [ 1238.572838][T24592] ? find_held_lock+0x2b/0x80 [ 1238.572858][T24592] ? hook_file_ioctl_common+0x145/0x410 [ 1238.572881][T24592] ? __fget_files+0x20e/0x3c0 [ 1238.572899][T24592] ? __pfx_tty_ioctl+0x10/0x10 [ 1238.572918][T24592] __x64_sys_ioctl+0x18e/0x210 [ 1238.572941][T24592] do_syscall_64+0xcd/0x490 [ 1238.572961][T24592] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1238.572976][T24592] RIP: 0033:0x7f1adbd8ebe9 [ 1238.572988][T24592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1238.573004][T24592] RSP: 002b:00007f1adcc86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1238.573027][T24592] RAX: ffffffffffffffda RBX: 00007f1adbfb5fa0 RCX: 00007f1adbd8ebe9 [ 1238.573043][T24592] RDX: 0000000000000000 RSI: 0000000000004b72 RDI: 0000000000000000 [ 1238.573058][T24592] RBP: 00007f1adcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 1238.573074][T24592] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1238.573088][T24592] R13: 00007f1adbfb6038 R14: 00007f1adbfb5fa0 R15: 00007ffc30824c18 [ 1238.573124][T24592] [ 1238.975203][ T30] audit: type=1800 audit(4294967637.110:163): pid=24598 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3792" name="dbroot" dev="configfs" ino=131503 res=0 errno=0 [ 1239.160595][T24602] netlink: 'syz.1.3793': attribute type 11 has an invalid length. [ 1239.208349][T24602] netlink: 'syz.1.3793': attribute type 11 has an invalid length. [ 1239.213729][T24582] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1239.216662][T24602] netlink: 'syz.1.3793': attribute type 11 has an invalid length. [ 1239.943464][T24619] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3798'. [ 1240.423250][T24623] netlink: 'syz.1.3800': attribute type 1 has an invalid length. [ 1240.764345][T24634] netlink: 'syz.1.3803': attribute type 11 has an invalid length. [ 1240.777490][T24634] netlink: 'syz.1.3803': attribute type 11 has an invalid length. [ 1240.788699][T24634] netlink: 'syz.1.3803': attribute type 11 has an invalid length. [ 1241.140079][T24636] zswap: compressor not available [ 1241.202303][T24629] FAULT_INJECTION: forcing a failure. [ 1241.202303][T24629] name failslab, interval 1, probability 0, space 0, times 0 [ 1241.216407][T24629] CPU: 1 UID: 0 PID: 24629 Comm: syz.0.3801 Not tainted syzkaller #0 PREEMPT(full) [ 1241.216444][T24629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1241.216460][T24629] Call Trace: [ 1241.216470][T24629] [ 1241.216479][T24629] dump_stack_lvl+0x16c/0x1f0 [ 1241.216521][T24629] should_fail_ex+0x512/0x640 [ 1241.216558][T24629] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1241.216579][T24629] should_failslab+0xc2/0x120 [ 1241.216596][T24629] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1241.216612][T24629] ? __asan_memcpy+0x3c/0x60 [ 1241.216630][T24629] ? __kernfs_new_node+0xd2/0x8e0 [ 1241.216651][T24629] __kernfs_new_node+0xd2/0x8e0 [ 1241.216671][T24629] ? __pfx___kernfs_new_node+0x10/0x10 [ 1241.216693][T24629] ? find_held_lock+0x2b/0x80 [ 1241.216708][T24629] ? kernfs_root+0xee/0x2a0 [ 1241.216735][T24629] kernfs_new_node+0x13c/0x1e0 [ 1241.216776][T24629] kernfs_create_link+0xcc/0x240 [ 1241.216806][T24629] sysfs_do_create_link_sd+0x90/0x140 [ 1241.216832][T24629] sysfs_create_link+0x61/0xc0 [ 1241.216849][T24629] device_add+0x62c/0x1aa0 [ 1241.216864][T24629] ? __pfx_device_add+0x10/0x10 [ 1241.216877][T24629] ? lockdep_init_map_type+0x5c/0x280 [ 1241.216896][T24629] ? __init_waitqueue_head+0xca/0x150 [ 1241.216921][T24629] netdev_register_kobject+0x1a9/0x3d0 [ 1241.216945][T24629] register_netdevice+0x13dc/0x2270 [ 1241.216968][T24629] ? __pfx_register_netdevice+0x10/0x10 [ 1241.216993][T24629] slip_open+0xb86/0x1150 [ 1241.217017][T24629] ? __pfx_slip_open+0x10/0x10 [ 1241.217035][T24629] ? down_write+0x14d/0x200 [ 1241.217056][T24629] ? __pfx_slip_open+0x10/0x10 [ 1241.217074][T24629] tty_ldisc_open+0x9f/0x120 [ 1241.217091][T24629] tty_set_ldisc+0x32b/0x780 [ 1241.217110][T24629] tty_ioctl+0xc2e/0x1680 [ 1241.217130][T24629] ? __pfx_tty_ioctl+0x10/0x10 [ 1241.217153][T24629] ? find_held_lock+0x2b/0x80 [ 1241.217166][T24629] ? hook_file_ioctl_common+0x145/0x410 [ 1241.217189][T24629] ? __fget_files+0x20e/0x3c0 [ 1241.217207][T24629] ? __pfx_tty_ioctl+0x10/0x10 [ 1241.217225][T24629] __x64_sys_ioctl+0x18e/0x210 [ 1241.217248][T24629] do_syscall_64+0xcd/0x490 [ 1241.217267][T24629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1241.217281][T24629] RIP: 0033:0x7f528538ebe9 [ 1241.217294][T24629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1241.217307][T24629] RSP: 002b:00007f528622e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1241.217321][T24629] RAX: ffffffffffffffda RBX: 00007f52855b6090 RCX: 00007f528538ebe9 [ 1241.217331][T24629] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000e [ 1241.217340][T24629] RBP: 00007f5285411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1241.217349][T24629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1241.217358][T24629] R13: 00007f52855b6128 R14: 00007f52855b6090 R15: 00007ffcea7caa88 [ 1241.217386][T24629] [ 1242.701735][T24659] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1242.904309][T24652] FAULT_INJECTION: forcing a failure. [ 1242.904309][T24652] name failslab, interval 1, probability 0, space 0, times 0 [ 1242.917202][T24652] CPU: 0 UID: 0 PID: 24652 Comm: syz.0.3807 Not tainted syzkaller #0 PREEMPT(full) [ 1242.917240][T24652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1242.917256][T24652] Call Trace: [ 1242.917266][T24652] [ 1242.917277][T24652] dump_stack_lvl+0x16c/0x1f0 [ 1242.917319][T24652] should_fail_ex+0x512/0x640 [ 1242.917354][T24652] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1242.917390][T24652] should_failslab+0xc2/0x120 [ 1242.917425][T24652] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1242.917466][T24652] ? __kernfs_new_node+0xd2/0x8e0 [ 1242.917505][T24652] __kernfs_new_node+0xd2/0x8e0 [ 1242.917541][T24652] ? kernfs_add_one+0x37d/0x840 [ 1242.917578][T24652] ? __pfx___kernfs_new_node+0x10/0x10 [ 1242.917618][T24652] ? find_held_lock+0x2b/0x80 [ 1242.917642][T24652] ? kernfs_root+0xee/0x2a0 [ 1242.917679][T24652] kernfs_new_node+0x13c/0x1e0 [ 1242.917721][T24652] __kernfs_create_file+0x53/0x350 [ 1242.917753][T24652] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1242.917794][T24652] sysfs_create_file_ns+0x13d/0x1d0 [ 1242.917826][T24652] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1242.917855][T24652] ? down_read+0x13d/0x480 [ 1242.917891][T24652] ? __pfx___up_read+0x10/0x10 [ 1242.917928][T24652] ? acpi_device_notify+0x351/0x480 [ 1242.917966][T24652] device_create_file+0xf2/0x1e0 [ 1242.917998][T24652] device_add+0x2bf/0x1aa0 [ 1242.918023][T24652] ? __pfx_dev_set_name+0x10/0x10 [ 1242.918050][T24652] ? __pfx_device_add+0x10/0x10 [ 1242.918076][T24652] ? lockdep_init_map_type+0x5c/0x280 [ 1242.918111][T24652] ? __init_waitqueue_head+0xca/0x150 [ 1242.918159][T24652] netdev_register_kobject+0x1a9/0x3d0 [ 1242.918202][T24652] register_netdevice+0x13dc/0x2270 [ 1242.918247][T24652] ? __pfx_register_netdevice+0x10/0x10 [ 1242.918295][T24652] slip_open+0xb86/0x1150 [ 1242.918342][T24652] ? __pfx_slip_open+0x10/0x10 [ 1242.918378][T24652] ? down_write+0x14d/0x200 [ 1242.918420][T24652] ? __pfx_slip_open+0x10/0x10 [ 1242.918464][T24652] tty_ldisc_open+0x9f/0x120 [ 1242.918497][T24652] tty_set_ldisc+0x32b/0x780 [ 1242.918533][T24652] tty_ioctl+0xc2e/0x1680 [ 1242.918571][T24652] ? __pfx_tty_ioctl+0x10/0x10 [ 1242.918615][T24652] ? find_held_lock+0x2b/0x80 [ 1242.918641][T24652] ? hook_file_ioctl_common+0x145/0x410 [ 1242.918684][T24652] ? __fget_files+0x20e/0x3c0 [ 1242.918719][T24652] ? __pfx_tty_ioctl+0x10/0x10 [ 1242.918754][T24652] __x64_sys_ioctl+0x18e/0x210 [ 1242.918796][T24652] do_syscall_64+0xcd/0x490 [ 1242.918834][T24652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1242.918862][T24652] RIP: 0033:0x7f528538ebe9 [ 1242.918885][T24652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1242.918912][T24652] RSP: 002b:00007f528622e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1242.918937][T24652] RAX: ffffffffffffffda RBX: 00007f52855b6090 RCX: 00007f528538ebe9 [ 1242.918955][T24652] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000e [ 1242.918972][T24652] RBP: 00007f5285411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1242.918991][T24652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1242.919007][T24652] R13: 00007f52855b6128 R14: 00007f52855b6090 R15: 00007ffcea7caa88 [ 1242.919043][T24652] [ 1243.298209][ T30] audit: type=1800 audit(4294967641.420:164): pid=24664 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3809" name="dbroot" dev="configfs" ino=131679 res=0 errno=0 [ 1244.175065][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1244.181550][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.272954][T24675] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1244.769096][T24685] zswap: compressor not available [ 1244.992679][T24697] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3817'. [ 1246.026367][T24701] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1247.056586][T24723] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1247.580777][T24736] zswap: compressor not available [ 1248.241893][T24761] HfR: entered promiscuous mode [ 1248.252578][T24763] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3835'. [ 1248.261944][T24763] HfR: left promiscuous mode [ 1249.262016][T24778] FAULT_INJECTION: forcing a failure. [ 1249.262016][T24778] name failslab, interval 1, probability 0, space 0, times 0 [ 1249.308574][T24778] CPU: 1 UID: 0 PID: 24778 Comm: syz.2.3839 Not tainted syzkaller #0 PREEMPT(full) [ 1249.308616][T24778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1249.308631][T24778] Call Trace: [ 1249.308640][T24778] [ 1249.308647][T24778] dump_stack_lvl+0x16c/0x1f0 [ 1249.308670][T24778] should_fail_ex+0x512/0x640 [ 1249.308690][T24778] ? __kmalloc_noprof+0xbf/0x510 [ 1249.308708][T24778] ? constrain_params_by_rules+0x175/0xca0 [ 1249.308723][T24778] should_failslab+0xc2/0x120 [ 1249.308741][T24778] __kmalloc_noprof+0xd2/0x510 [ 1249.308756][T24778] ? unwind_get_return_address+0x59/0xa0 [ 1249.308772][T24778] ? arch_stack_walk+0xa6/0x100 [ 1249.308790][T24778] constrain_params_by_rules+0x175/0xca0 [ 1249.308808][T24778] ? stack_trace_save+0x8e/0xc0 [ 1249.308826][T24778] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1249.308840][T24778] ? kfree+0x2b4/0x4d0 [ 1249.308853][T24778] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1249.308879][T24778] ? __kasan_kmalloc+0xaa/0xb0 [ 1249.308894][T24778] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1249.308916][T24778] ? snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 1249.308929][T24778] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1249.308952][T24778] snd_pcm_hw_refine+0x7de/0xad0 [ 1249.308969][T24778] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1249.308991][T24778] ? _snd_pcm_hw_param_min+0x259/0x630 [ 1249.309015][T24778] snd_pcm_hw_param_near.constprop.0+0x58a/0x8e0 [ 1249.309040][T24778] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1249.309063][T24778] ? __asan_memset+0x23/0x50 [ 1249.309076][T24778] ? calc_src_frames.isra.0+0x187/0x1d0 [ 1249.309089][T24778] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 1249.309108][T24778] snd_pcm_oss_change_params_locked+0x1398/0x3a30 [ 1249.309131][T24778] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1249.309156][T24778] ? find_held_lock+0x2b/0x80 [ 1249.309173][T24778] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1249.309189][T24778] snd_pcm_oss_write+0x4c3/0xa10 [ 1249.309205][T24778] ? bpf_lsm_file_permission+0x9/0x10 [ 1249.309225][T24778] ? security_file_permission+0x71/0x210 [ 1249.309247][T24778] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1249.309261][T24778] vfs_write+0x29d/0x11d0 [ 1249.309281][T24778] ? __pfx_vfs_write+0x10/0x10 [ 1249.309295][T24778] ? find_held_lock+0x2b/0x80 [ 1249.309309][T24778] ? __fget_files+0x204/0x3c0 [ 1249.309328][T24778] ? __fget_files+0x20e/0x3c0 [ 1249.309348][T24778] ksys_write+0x12a/0x250 [ 1249.309363][T24778] ? __pfx_ksys_write+0x10/0x10 [ 1249.309384][T24778] do_syscall_64+0xcd/0x490 [ 1249.309404][T24778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1249.309419][T24778] RIP: 0033:0x7f1adbd8ebe9 [ 1249.309434][T24778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1249.309449][T24778] RSP: 002b:00007f1adcc86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1249.309463][T24778] RAX: ffffffffffffffda RBX: 00007f1adbfb5fa0 RCX: 00007f1adbd8ebe9 [ 1249.309473][T24778] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1249.309481][T24778] RBP: 00007f1adcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 1249.309490][T24778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1249.309499][T24778] R13: 00007f1adbfb6038 R14: 00007f1adbfb5fa0 R15: 00007ffc30824c18 [ 1249.309517][T24778] [ 1250.545668][T24792] netlink: 'syz.3.3841': attribute type 1 has an invalid length. [ 1254.048469][T24855] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1254.457735][T24867] zswap: compressor not available [ 1256.103343][T24879] FAULT_INJECTION: forcing a failure. [ 1256.103343][T24879] name failslab, interval 1, probability 0, space 0, times 0 [ 1256.138617][T24879] CPU: 0 UID: 0 PID: 24879 Comm: syz.3.3856 Not tainted syzkaller #0 PREEMPT(full) [ 1256.138654][T24879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1256.138670][T24879] Call Trace: [ 1256.138679][T24879] [ 1256.138689][T24879] dump_stack_lvl+0x16c/0x1f0 [ 1256.138731][T24879] should_fail_ex+0x512/0x640 [ 1256.138767][T24879] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1256.138803][T24879] should_failslab+0xc2/0x120 [ 1256.138839][T24879] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1256.138871][T24879] ? __kernfs_new_node+0xd2/0x8e0 [ 1256.138910][T24879] __kernfs_new_node+0xd2/0x8e0 [ 1256.138948][T24879] ? __pfx___kernfs_new_node+0x10/0x10 [ 1256.138991][T24879] ? find_held_lock+0x2b/0x80 [ 1256.139019][T24879] ? kernfs_root+0xee/0x2a0 [ 1256.139060][T24879] kernfs_new_node+0x13c/0x1e0 [ 1256.139099][T24879] ? net_ns_get_ownership+0xf8/0x1b0 [ 1256.139139][T24879] kernfs_create_dir_ns+0x4c/0x1a0 [ 1256.139180][T24879] sysfs_create_dir_ns+0x13a/0x2b0 [ 1256.139252][T24879] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1256.139285][T24879] ? find_held_lock+0x2b/0x80 [ 1256.139317][T24879] ? net_namespace+0x12/0x50 [ 1256.139355][T24879] ? device_namespace+0x76/0xa0 [ 1256.139397][T24879] kobject_add_internal+0x2c4/0x9b0 [ 1256.139449][T24879] kobject_add+0x16e/0x240 [ 1256.139487][T24879] ? __pfx_kobject_add+0x10/0x10 [ 1256.139528][T24879] ? get_device_parent+0x1c5/0x4e0 [ 1256.139567][T24879] ? kobject_put+0xab/0x5a0 [ 1256.139613][T24879] device_add+0x288/0x1aa0 [ 1256.139639][T24879] ? __pfx_dev_set_name+0x10/0x10 [ 1256.139667][T24879] ? __pfx_device_add+0x10/0x10 [ 1256.139692][T24879] ? lockdep_init_map_type+0x5c/0x280 [ 1256.139729][T24879] ? __init_waitqueue_head+0xca/0x150 [ 1256.139777][T24879] netdev_register_kobject+0x1a9/0x3d0 [ 1256.139822][T24879] register_netdevice+0x13dc/0x2270 [ 1256.139867][T24879] ? __pfx_register_netdevice+0x10/0x10 [ 1256.139917][T24879] slip_open+0xb86/0x1150 [ 1256.139962][T24879] ? __pfx_slip_open+0x10/0x10 [ 1256.139997][T24879] ? down_write+0x14d/0x200 [ 1256.140036][T24879] ? __pfx_slip_open+0x10/0x10 [ 1256.140074][T24879] tty_ldisc_open+0x9f/0x120 [ 1256.140106][T24879] tty_set_ldisc+0x32b/0x780 [ 1256.140144][T24879] tty_ioctl+0xc2e/0x1680 [ 1256.140181][T24879] ? __pfx_tty_ioctl+0x10/0x10 [ 1256.140237][T24879] ? find_held_lock+0x2b/0x80 [ 1256.140264][T24879] ? hook_file_ioctl_common+0x145/0x410 [ 1256.140310][T24879] ? __fget_files+0x20e/0x3c0 [ 1256.140345][T24879] ? __pfx_tty_ioctl+0x10/0x10 [ 1256.140381][T24879] __x64_sys_ioctl+0x18e/0x210 [ 1256.140424][T24879] do_syscall_64+0xcd/0x490 [ 1256.140458][T24879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1256.140474][T24879] RIP: 0033:0x7f62b5d8ebe9 [ 1256.140487][T24879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1256.140502][T24879] RSP: 002b:00007f62b3fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1256.140516][T24879] RAX: ffffffffffffffda RBX: 00007f62b5fb6090 RCX: 00007f62b5d8ebe9 [ 1256.140526][T24879] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000e [ 1256.140534][T24879] RBP: 00007f62b5e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1256.140543][T24879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1256.140551][T24879] R13: 00007f62b5fb6128 R14: 00007f62b5fb6090 R15: 00007ffefeeb1738 [ 1256.140571][T24879] [ 1256.142119][T24879] kobject: kobject_add_internal failed for sl0 (error: -12 parent: net) [ 1256.749770][T24890] ptrace attach of ""[24893] was attempted by "./syz-executor exec"[24890] [ 1257.584004][T24905] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3863'. [ 1257.593560][T24905] HfR: left promiscuous mode [ 1258.904062][T24926] netlink: 'syz.2.3870': attribute type 1 has an invalid length. [ 1260.176629][T24913] kexec: Could not allocate control_code_buffer [ 1260.218051][T24938] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1260.459623][T24949] netlink: 342 bytes leftover after parsing attributes in process `syz.0.3872'. [ 1260.573337][T24930] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1261.531247][T24961] netlink: 'syz.3.3876': attribute type 11 has an invalid length. [ 1261.565837][T24961] netlink: 'syz.3.3876': attribute type 11 has an invalid length. [ 1261.586824][T24961] netlink: 'syz.3.3876': attribute type 11 has an invalid length. [ 1261.613546][T24961] netlink: 'syz.3.3876': attribute type 11 has an invalid length. [ 1261.916906][T24973] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3877'. [ 1262.054669][T24968] HfR: entered promiscuous mode [ 1262.071471][T24973] HfR: left promiscuous mode [ 1262.690472][T24988] netlink: 4285 bytes leftover after parsing attributes in process `syz.2.3881'. [ 1262.771208][T24981] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1263.286301][T24994] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input50 [ 1263.574207][T25003] netlink: 'syz.1.3887': attribute type 11 has an invalid length. [ 1263.627053][T25003] netlink: 'syz.1.3887': attribute type 11 has an invalid length. [ 1263.706008][T25003] netlink: 'syz.1.3887': attribute type 11 has an invalid length. [ 1263.812447][T25003] netlink: 'syz.1.3887': attribute type 11 has an invalid length. [ 1264.261795][T24993] kexec: Could not allocate control_code_buffer [ 1264.285656][T25010] FAULT_INJECTION: forcing a failure. [ 1264.285656][T25010] name failslab, interval 1, probability 0, space 0, times 0 [ 1264.332712][T25010] CPU: 1 UID: 0 PID: 25010 Comm: syz.3.3888 Not tainted syzkaller #0 PREEMPT(full) [ 1264.332750][T25010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1264.332768][T25010] Call Trace: [ 1264.332778][T25010] [ 1264.332790][T25010] dump_stack_lvl+0x16c/0x1f0 [ 1264.332830][T25010] should_fail_ex+0x512/0x640 [ 1264.332866][T25010] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1264.332901][T25010] should_failslab+0xc2/0x120 [ 1264.332937][T25010] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1264.332971][T25010] ? mas_alloc_nodes+0x18b/0x8b0 [ 1264.333007][T25010] mas_alloc_nodes+0x18b/0x8b0 [ 1264.333045][T25010] mas_node_count_gfp+0x105/0x130 [ 1264.333078][T25010] mas_preallocate+0x7e0/0xde0 [ 1264.333124][T25010] ? __memcg_slab_post_alloc_hook+0x4a2/0x960 [ 1264.333176][T25010] ? __pfx_mas_preallocate+0x10/0x10 [ 1264.333226][T25010] ? anon_vma_name+0x81/0x2f0 [ 1264.333268][T25010] __split_vma+0x34a/0x1070 [ 1264.333303][T25010] ? __pfx___split_vma+0x10/0x10 [ 1264.333338][T25010] ? __lock_acquire+0x62e/0x1ce0 [ 1264.333381][T25010] vma_modify+0x16dc/0x2030 [ 1264.333424][T25010] ? find_held_lock+0x2b/0x80 [ 1264.333450][T25010] ? __pfx_vma_modify+0x10/0x10 [ 1264.333489][T25010] vma_modify_flags+0x212/0x2d0 [ 1264.333521][T25010] ? __pfx_vma_modify_flags+0x10/0x10 [ 1264.333576][T25010] mlock_fixup+0x27c/0xe50 [ 1264.333605][T25010] ? mas_find+0x156/0x6d0 [ 1264.333643][T25010] apply_vma_lock_flags+0x261/0x390 [ 1264.333678][T25010] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 1264.333709][T25010] ? __pfx___might_resched+0x10/0x10 [ 1264.333743][T25010] ? __pfx_down_write_killable+0x10/0x10 [ 1264.333780][T25010] ? do_futex+0x122/0x350 [ 1264.333818][T25010] do_mlock+0x2ac/0x810 [ 1264.333847][T25010] ? __pfx___might_resched+0x10/0x10 [ 1264.333878][T25010] ? __pfx_do_mlock+0x10/0x10 [ 1264.333906][T25010] ? __x64_sys_futex+0x1e0/0x4c0 [ 1264.333935][T25010] ? __x64_sys_futex+0x1e9/0x4c0 [ 1264.333968][T25010] ? __pfx_blkcg_maybe_throttle_current+0x10/0x10 [ 1264.334005][T25010] ? xfd_validate_state+0x61/0x180 [ 1264.334041][T25010] ? __pfx_do_writev+0x10/0x10 [ 1264.334078][T25010] __x64_sys_mlock+0x59/0x80 [ 1264.334116][T25010] do_syscall_64+0xcd/0x490 [ 1264.334154][T25010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1264.334190][T25010] RIP: 0033:0x7f62b5d8ebe9 [ 1264.334210][T25010] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1264.334235][T25010] RSP: 002b:00007f62b3fd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 1264.334259][T25010] RAX: ffffffffffffffda RBX: 00007f62b5fb6090 RCX: 00007f62b5d8ebe9 [ 1264.334276][T25010] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 000000000000fbe8 [ 1264.334292][T25010] RBP: 00007f62b5e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1264.334310][T25010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1264.334326][T25010] R13: 00007f62b5fb6128 R14: 00007f62b5fb6090 R15: 00007ffefeeb1738 [ 1264.334364][T25010] [ 1266.314887][T25045] HfR: entered promiscuous mode [ 1266.437756][T25045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3896'. [ 1266.450729][T25045] HfR: left promiscuous mode [ 1266.626082][T25043] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1268.567135][T25082] netlink: 'syz.2.3905': attribute type 1 has an invalid length. [ 1268.894459][T25087] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3906'. [ 1270.884812][T25129] FAULT_INJECTION: forcing a failure. [ 1270.884812][T25129] name failslab, interval 1, probability 0, space 0, times 0 [ 1270.897880][T25129] CPU: 0 UID: 0 PID: 25129 Comm: syz.2.3913 Not tainted syzkaller #0 PREEMPT(full) [ 1270.897915][T25129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1270.897929][T25129] Call Trace: [ 1270.897939][T25129] [ 1270.897948][T25129] dump_stack_lvl+0x16c/0x1f0 [ 1270.897979][T25129] should_fail_ex+0x512/0x640 [ 1270.898000][T25129] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 1270.898016][T25129] should_failslab+0xc2/0x120 [ 1270.898035][T25129] __kmalloc_cache_noprof+0x6a/0x3e0 [ 1270.898049][T25129] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 1270.898077][T25129] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1270.898100][T25129] ? snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1270.898124][T25129] snd_pcm_hw_param_near.constprop.0+0xbc/0x8e0 [ 1270.898149][T25129] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1270.898172][T25129] ? __asan_memset+0x23/0x50 [ 1270.898185][T25129] ? calc_src_frames.isra.0+0x187/0x1d0 [ 1270.898199][T25129] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 1270.898218][T25129] snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 1270.898241][T25129] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1270.898265][T25129] ? find_held_lock+0x2b/0x80 [ 1270.898283][T25129] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1270.898298][T25129] snd_pcm_oss_write+0x4c3/0xa10 [ 1270.898313][T25129] ? bpf_lsm_file_permission+0x9/0x10 [ 1270.898334][T25129] ? security_file_permission+0x71/0x210 [ 1270.898356][T25129] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1270.898369][T25129] vfs_write+0x29d/0x11d0 [ 1270.898397][T25129] ? __pfx_vfs_write+0x10/0x10 [ 1270.898421][T25129] ? find_held_lock+0x2b/0x80 [ 1270.898445][T25129] ? __fget_files+0x204/0x3c0 [ 1270.898476][T25129] ? __fget_files+0x20e/0x3c0 [ 1270.898511][T25129] ksys_write+0x12a/0x250 [ 1270.898538][T25129] ? __pfx_ksys_write+0x10/0x10 [ 1270.898564][T25129] do_syscall_64+0xcd/0x490 [ 1270.898591][T25129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1270.898606][T25129] RIP: 0033:0x7f1adbd8ebe9 [ 1270.898619][T25129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1270.898633][T25129] RSP: 002b:00007f1adcc86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1270.898648][T25129] RAX: ffffffffffffffda RBX: 00007f1adbfb5fa0 RCX: 00007f1adbd8ebe9 [ 1270.898658][T25129] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1270.898667][T25129] RBP: 00007f1adcc86090 R08: 0000000000000000 R09: 0000000000000000 [ 1270.898676][T25129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1270.898685][T25129] R13: 00007f1adbfb6038 R14: 00007f1adbfb5fa0 R15: 00007ffc30824c18 [ 1270.898703][T25129] [ 1272.387866][T25157] zswap: compressor not available [ 1272.653610][T25181] ICMPv6: process `syz.1.3921' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 1274.347892][T25205] random: crng reseeded on system resumption [ 1275.275222][T25243] FAULT_INJECTION: forcing a failure. [ 1275.275222][T25243] name failslab, interval 1, probability 0, space 0, times 0 [ 1275.311411][T25243] CPU: 1 UID: 0 PID: 25243 Comm: syz.3.3934 Not tainted syzkaller #0 PREEMPT(full) [ 1275.311446][T25243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1275.311460][T25243] Call Trace: [ 1275.311469][T25243] [ 1275.311499][T25243] dump_stack_lvl+0x16c/0x1f0 [ 1275.311537][T25243] should_fail_ex+0x512/0x640 [ 1275.311570][T25243] ? __kmalloc_noprof+0xbf/0x510 [ 1275.311600][T25243] ? constrain_params_by_rules+0x175/0xca0 [ 1275.311625][T25243] should_failslab+0xc2/0x120 [ 1275.311654][T25243] __kmalloc_noprof+0xd2/0x510 [ 1275.311681][T25243] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1275.311719][T25243] constrain_params_by_rules+0x175/0xca0 [ 1275.311746][T25243] ? arch_stack_walk+0xa6/0x100 [ 1275.311786][T25243] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1275.311809][T25243] ? stack_trace_save+0x8e/0xc0 [ 1275.311836][T25243] ? __pfx_stack_trace_save+0x10/0x10 [ 1275.311866][T25243] ? __kasan_slab_free+0x60/0x70 [ 1275.311892][T25243] ? kfree+0x2b4/0x4d0 [ 1275.311914][T25243] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1275.311958][T25243] ? snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 1275.311984][T25243] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1275.312008][T25243] ? snd_pcm_oss_write+0x4c3/0xa10 [ 1275.312036][T25243] ? vfs_write+0x29d/0x11d0 [ 1275.312063][T25243] ? ksys_write+0x12a/0x250 [ 1275.312088][T25243] ? do_syscall_64+0xcd/0x490 [ 1275.312118][T25243] ? snd_interval_refine+0x2fa/0x580 [ 1275.312153][T25243] snd_pcm_hw_refine+0x7de/0xad0 [ 1275.312185][T25243] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1275.312233][T25243] snd_pcm_hw_param_first+0x334/0x6f0 [ 1275.312278][T25243] snd_pcm_hw_param_near.constprop.0+0x702/0x8e0 [ 1275.312320][T25243] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1275.312357][T25243] ? __asan_memset+0x23/0x50 [ 1275.312380][T25243] ? calc_src_frames.isra.0+0x187/0x1d0 [ 1275.312403][T25243] ? calc_dst_frames.constprop.0.isra.0+0x103/0x130 [ 1275.312438][T25243] snd_pcm_oss_change_params_locked+0x13f9/0x3a30 [ 1275.312487][T25243] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1275.312533][T25243] ? find_held_lock+0x2b/0x80 [ 1275.312565][T25243] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1275.312594][T25243] snd_pcm_oss_write+0x4c3/0xa10 [ 1275.312622][T25243] ? bpf_lsm_file_permission+0x9/0x10 [ 1275.312656][T25243] ? security_file_permission+0x71/0x210 [ 1275.312695][T25243] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1275.312720][T25243] vfs_write+0x29d/0x11d0 [ 1275.312756][T25243] ? __pfx_vfs_write+0x10/0x10 [ 1275.312780][T25243] ? find_held_lock+0x2b/0x80 [ 1275.312806][T25243] ? __fget_files+0x204/0x3c0 [ 1275.312839][T25243] ? __fget_files+0x20e/0x3c0 [ 1275.312877][T25243] ksys_write+0x12a/0x250 [ 1275.312906][T25243] ? __pfx_ksys_write+0x10/0x10 [ 1275.312945][T25243] do_syscall_64+0xcd/0x490 [ 1275.312980][T25243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1275.313007][T25243] RIP: 0033:0x7f62b5d8ebe9 [ 1275.313029][T25243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1275.313054][T25243] RSP: 002b:00007f62b3ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1275.313079][T25243] RAX: ffffffffffffffda RBX: 00007f62b5fb5fa0 RCX: 00007f62b5d8ebe9 [ 1275.313097][T25243] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1275.313113][T25243] RBP: 00007f62b3ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1275.313130][T25243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1275.313146][T25243] R13: 00007f62b5fb6038 R14: 00007f62b5fb5fa0 R15: 00007ffefeeb1738 [ 1275.313181][T25243] [ 1276.627387][T25267] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1276.817856][T25283] netlink: 'syz.3.3942': attribute type 11 has an invalid length. [ 1276.833213][T25283] netlink: 'syz.3.3942': attribute type 11 has an invalid length. [ 1276.847647][T25283] netlink: 'syz.3.3942': attribute type 11 has an invalid length. [ 1276.857820][T25283] netlink: 'syz.3.3942': attribute type 11 has an invalid length. [ 1281.780220][T25364] netlink: 'syz.1.3955': attribute type 11 has an invalid length. [ 1281.837311][T25364] netlink: 'syz.1.3955': attribute type 11 has an invalid length. [ 1281.863499][T25364] netlink: 'syz.1.3955': attribute type 11 has an invalid length. [ 1281.888584][T25364] netlink: 'syz.1.3955': attribute type 11 has an invalid length. [ 1282.405922][T25371] netlink: 'syz.0.3956': attribute type 1 has an invalid length. [ 1282.784663][ T30] audit: type=1804 audit(4294967680.920:165): pid=25377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.3957" name="/newroot/375/file0" dev="tmpfs" ino=2007 res=1 errno=0 [ 1282.942290][T25382] FAULT_INJECTION: forcing a failure. [ 1282.942290][T25382] name failslab, interval 1, probability 0, space 0, times 0 [ 1282.969408][T25382] CPU: 1 UID: 0 PID: 25382 Comm: syz.1.3959 Not tainted syzkaller #0 PREEMPT(full) [ 1282.969442][T25382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1282.969456][T25382] Call Trace: [ 1282.969464][T25382] [ 1282.969474][T25382] dump_stack_lvl+0x16c/0x1f0 [ 1282.969508][T25382] should_fail_ex+0x512/0x640 [ 1282.969539][T25382] ? __kmalloc_noprof+0xbf/0x510 [ 1282.969570][T25382] ? constrain_params_by_rules+0x175/0xca0 [ 1282.969596][T25382] should_failslab+0xc2/0x120 [ 1282.969629][T25382] __kmalloc_noprof+0xd2/0x510 [ 1282.969658][T25382] ? unwind_get_return_address+0x59/0xa0 [ 1282.969704][T25382] constrain_params_by_rules+0x175/0xca0 [ 1282.969739][T25382] ? __lock_acquire+0xb97/0x1ce0 [ 1282.969776][T25382] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1282.969802][T25382] ? __lock_acquire+0xb97/0x1ce0 [ 1282.969853][T25382] ? rcu_is_watching+0x12/0xc0 [ 1282.969880][T25382] ? trace_contention_end+0xdd/0x130 [ 1282.969915][T25382] ? snd_interval_refine+0x2fa/0x580 [ 1282.969952][T25382] snd_pcm_hw_refine+0x7de/0xad0 [ 1282.969986][T25382] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1282.970021][T25382] ? do_raw_spin_lock+0x12c/0x2b0 [ 1282.970063][T25382] ? mark_held_locks+0x49/0x80 [ 1282.970100][T25382] snd_pcm_hw_params+0x422/0x1ba0 [ 1282.970126][T25382] ? snd_pcm_hw_param_first+0x30d/0x6f0 [ 1282.970157][T25382] ? snd_pcm_hw_param_near.constprop.0+0x72f/0x8e0 [ 1282.970193][T25382] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1282.970218][T25382] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1282.970255][T25382] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1282.970288][T25382] ? __asan_memset+0x23/0x50 [ 1282.970313][T25382] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1282.970339][T25382] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1282.970376][T25382] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1282.970416][T25382] ? find_held_lock+0x2b/0x80 [ 1282.970443][T25382] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1282.970468][T25382] snd_pcm_oss_write+0x4c3/0xa10 [ 1282.970492][T25382] ? bpf_lsm_file_permission+0x9/0x10 [ 1282.970522][T25382] ? security_file_permission+0x71/0x210 [ 1282.970556][T25382] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1282.970577][T25382] vfs_write+0x29d/0x11d0 [ 1282.970609][T25382] ? __pfx_vfs_write+0x10/0x10 [ 1282.970630][T25382] ? find_held_lock+0x2b/0x80 [ 1282.970652][T25382] ? __fget_files+0x204/0x3c0 [ 1282.970680][T25382] ? __fget_files+0x20e/0x3c0 [ 1282.970720][T25382] ksys_write+0x12a/0x250 [ 1282.970745][T25382] ? __pfx_ksys_write+0x10/0x10 [ 1282.970779][T25382] do_syscall_64+0xcd/0x490 [ 1282.970810][T25382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.970832][T25382] RIP: 0033:0x7f6d0b58ebe9 [ 1282.970851][T25382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1282.970872][T25382] RSP: 002b:00007f6d0c40e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1282.970894][T25382] RAX: ffffffffffffffda RBX: 00007f6d0b7b5fa0 RCX: 00007f6d0b58ebe9 [ 1282.970909][T25382] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1282.970922][T25382] RBP: 00007f6d0c40e090 R08: 0000000000000000 R09: 0000000000000000 [ 1282.970936][T25382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1282.970948][T25382] R13: 00007f6d0b7b6038 R14: 00007f6d0b7b5fa0 R15: 00007ffe7357b188 [ 1282.970979][T25382] [ 1284.563728][T25399] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1286.126919][T25445] FAULT_INJECTION: forcing a failure. [ 1286.126919][T25445] name failslab, interval 1, probability 0, space 0, times 0 [ 1286.142783][T25445] CPU: 1 UID: 0 PID: 25445 Comm: syz.0.3975 Not tainted syzkaller #0 PREEMPT(full) [ 1286.142807][T25445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1286.142816][T25445] Call Trace: [ 1286.142823][T25445] [ 1286.142829][T25445] dump_stack_lvl+0x16c/0x1f0 [ 1286.142852][T25445] should_fail_ex+0x512/0x640 [ 1286.142872][T25445] ? __kmalloc_noprof+0xbf/0x510 [ 1286.142890][T25445] ? constrain_params_by_rules+0x175/0xca0 [ 1286.142905][T25445] should_failslab+0xc2/0x120 [ 1286.142924][T25445] __kmalloc_noprof+0xd2/0x510 [ 1286.142938][T25445] ? kasan_quarantine_put+0x10a/0x240 [ 1286.142954][T25445] ? lockdep_hardirqs_on+0x7c/0x110 [ 1286.142974][T25445] constrain_params_by_rules+0x175/0xca0 [ 1286.142988][T25445] ? constrain_params_by_rules+0xa09/0xca0 [ 1286.143005][T25445] ? constrain_params_by_rules+0xa0e/0xca0 [ 1286.143021][T25445] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1286.143039][T25445] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1286.143053][T25445] ? __lock_acquire+0xb97/0x1ce0 [ 1286.143082][T25445] snd_pcm_hw_refine+0x7de/0xad0 [ 1286.143110][T25445] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1286.143128][T25445] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1286.143149][T25445] snd_pcm_hw_param_first+0x334/0x6f0 [ 1286.143176][T25445] snd_pcm_hw_params+0x5eb/0x1ba0 [ 1286.143195][T25445] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1286.143212][T25445] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1286.143238][T25445] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1286.143261][T25445] ? __asan_memset+0x23/0x50 [ 1286.143277][T25445] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1286.143294][T25445] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1286.143317][T25445] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1286.143342][T25445] ? find_held_lock+0x2b/0x80 [ 1286.143364][T25445] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1286.143388][T25445] snd_pcm_oss_write+0x4c3/0xa10 [ 1286.143403][T25445] ? bpf_lsm_file_permission+0x9/0x10 [ 1286.143423][T25445] ? security_file_permission+0x71/0x210 [ 1286.143445][T25445] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1286.143459][T25445] vfs_write+0x29d/0x11d0 [ 1286.143480][T25445] ? __pfx_vfs_write+0x10/0x10 [ 1286.143495][T25445] ? find_held_lock+0x2b/0x80 [ 1286.143509][T25445] ? __fget_files+0x204/0x3c0 [ 1286.143528][T25445] ? __fget_files+0x20e/0x3c0 [ 1286.143548][T25445] ksys_write+0x12a/0x250 [ 1286.143564][T25445] ? __pfx_ksys_write+0x10/0x10 [ 1286.143585][T25445] do_syscall_64+0xcd/0x490 [ 1286.143606][T25445] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1286.143620][T25445] RIP: 0033:0x7f528538ebe9 [ 1286.143633][T25445] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1286.143647][T25445] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1286.143661][T25445] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1286.143671][T25445] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1286.143680][T25445] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1286.143688][T25445] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1286.143696][T25445] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1286.143715][T25445] [ 1288.106205][T25469] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1288.335098][T25473] kexec: Could not allocate control_code_buffer [ 1289.921408][T25515] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3988'. [ 1290.064885][T25517] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3987'. [ 1290.138104][T25516] HfR: entered promiscuous mode [ 1290.158144][T25517] HfR: left promiscuous mode [ 1291.298453][ T30] audit: type=1800 audit(4294967689.430:166): pid=25532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3991" name="dbroot" dev="configfs" ino=138316 res=0 errno=0 [ 1292.451722][T25550] netlink: 'syz.3.3996': attribute type 11 has an invalid length. [ 1292.509524][T25550] netlink: 'syz.3.3996': attribute type 11 has an invalid length. [ 1292.545278][T25550] netlink: 'syz.3.3996': attribute type 11 has an invalid length. [ 1292.585084][T25550] netlink: 'syz.3.3996': attribute type 11 has an invalid length. [ 1293.153339][T25554] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3997'. [ 1294.562483][T25576] HfR: entered promiscuous mode [ 1294.563048][T25578] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4002'. [ 1294.586580][T25578] HfR: left promiscuous mode [ 1295.579918][T25592] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4007'. [ 1295.648067][T25593] FAULT_INJECTION: forcing a failure. [ 1295.648067][T25593] name failslab, interval 1, probability 0, space 0, times 0 [ 1295.716638][T25593] CPU: 1 UID: 0 PID: 25593 Comm: syz.0.4008 Not tainted syzkaller #0 PREEMPT(full) [ 1295.716671][T25593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1295.716685][T25593] Call Trace: [ 1295.716694][T25593] [ 1295.716703][T25593] dump_stack_lvl+0x16c/0x1f0 [ 1295.716740][T25593] should_fail_ex+0x512/0x640 [ 1295.716772][T25593] ? __kmalloc_noprof+0xbf/0x510 [ 1295.716804][T25593] ? constrain_params_by_rules+0x175/0xca0 [ 1295.716829][T25593] should_failslab+0xc2/0x120 [ 1295.716862][T25593] __kmalloc_noprof+0xd2/0x510 [ 1295.716889][T25593] ? kasan_quarantine_put+0x10a/0x240 [ 1295.716917][T25593] ? constrain_params_by_rules+0xa09/0xca0 [ 1295.716949][T25593] constrain_params_by_rules+0x175/0xca0 [ 1295.716991][T25593] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1295.717026][T25593] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1295.717050][T25593] ? __lock_acquire+0xb97/0x1ce0 [ 1295.717103][T25593] snd_pcm_hw_refine+0x7de/0xad0 [ 1295.717136][T25593] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1295.717169][T25593] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1295.717211][T25593] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 1295.717253][T25593] snd_pcm_hw_param_first+0x334/0x6f0 [ 1295.717293][T25593] ? trace_hw_mask_param+0x18b/0x200 [ 1295.717332][T25593] snd_pcm_hw_params+0x5eb/0x1ba0 [ 1295.717367][T25593] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1295.717397][T25593] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1295.717443][T25593] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1295.717484][T25593] ? __asan_memset+0x23/0x50 [ 1295.717513][T25593] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1295.717545][T25593] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1295.717590][T25593] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1295.717636][T25593] ? find_held_lock+0x2b/0x80 [ 1295.717669][T25593] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1295.717698][T25593] snd_pcm_oss_write+0x4c3/0xa10 [ 1295.717728][T25593] ? bpf_lsm_file_permission+0x9/0x10 [ 1295.717762][T25593] ? security_file_permission+0x71/0x210 [ 1295.717803][T25593] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1295.717828][T25593] vfs_write+0x29d/0x11d0 [ 1295.717866][T25593] ? __pfx_vfs_write+0x10/0x10 [ 1295.717892][T25593] ? find_held_lock+0x2b/0x80 [ 1295.717919][T25593] ? __fget_files+0x204/0x3c0 [ 1295.717952][T25593] ? __fget_files+0x20e/0x3c0 [ 1295.717988][T25593] ksys_write+0x12a/0x250 [ 1295.718017][T25593] ? __pfx_ksys_write+0x10/0x10 [ 1295.718057][T25593] do_syscall_64+0xcd/0x490 [ 1295.718093][T25593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1295.718120][T25593] RIP: 0033:0x7f528538ebe9 [ 1295.718141][T25593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1295.718166][T25593] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1295.718196][T25593] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1295.718215][T25593] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1295.718231][T25593] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1295.718247][T25593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1295.718263][T25593] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1295.718300][T25593] [ 1296.941841][T25620] zswap: compressor not available [ 1297.260610][T25633] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4015'. [ 1297.279696][T25612] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1297.313176][T25632] HfR: entered promiscuous mode [ 1297.334183][T25633] HfR: left promiscuous mode [ 1298.158638][T25650] netlink: 'syz.0.4018': attribute type 1 has an invalid length. [ 1299.559782][T25683] netlink: 'syz.3.4023': attribute type 11 has an invalid length. [ 1299.567640][T25683] netlink: 'syz.3.4023': attribute type 11 has an invalid length. [ 1299.648524][T25683] netlink: 'syz.3.4023': attribute type 11 has an invalid length. [ 1299.656423][T25683] netlink: 'syz.3.4023': attribute type 11 has an invalid length. [ 1301.392001][T25724] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4031'. [ 1301.583807][T25708] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1301.835335][T25730] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4032'. [ 1303.742960][T25758] netlink: 'syz.1.4040': attribute type 33 has an invalid length. [ 1303.779809][T25758] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4040'. [ 1303.831288][T25761] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4041'. [ 1304.934497][T25778] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4044'. [ 1305.612026][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1305.619115][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1306.661100][T25793] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1306.794481][T25800] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1307.620313][T25813] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4054'. [ 1308.277635][T25830] FAULT_INJECTION: forcing a failure. [ 1308.277635][T25830] name failslab, interval 1, probability 0, space 0, times 0 [ 1308.290704][T25830] CPU: 1 UID: 0 PID: 25830 Comm: syz.0.4057 Not tainted syzkaller #0 PREEMPT(full) [ 1308.290737][T25830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1308.290752][T25830] Call Trace: [ 1308.290761][T25830] [ 1308.290772][T25830] dump_stack_lvl+0x16c/0x1f0 [ 1308.290806][T25830] should_fail_ex+0x512/0x640 [ 1308.290837][T25830] ? __kmalloc_noprof+0xbf/0x510 [ 1308.290868][T25830] ? constrain_params_by_rules+0x175/0xca0 [ 1308.290894][T25830] should_failslab+0xc2/0x120 [ 1308.290926][T25830] __kmalloc_noprof+0xd2/0x510 [ 1308.290952][T25830] ? kasan_quarantine_put+0x10a/0x240 [ 1308.290981][T25830] ? constrain_params_by_rules+0xa09/0xca0 [ 1308.291014][T25830] constrain_params_by_rules+0x175/0xca0 [ 1308.291054][T25830] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1308.291093][T25830] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 1308.291117][T25830] ? __lock_acquire+0xb97/0x1ce0 [ 1308.291161][T25830] ? snd_interval_refine+0x2fa/0x580 [ 1308.291198][T25830] snd_pcm_hw_refine+0x7de/0xad0 [ 1308.291233][T25830] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1308.291271][T25830] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 1308.291311][T25830] ? snd_pcm_hw_param_value+0x266/0x5b0 [ 1308.291354][T25830] snd_pcm_hw_param_first+0x334/0x6f0 [ 1308.291402][T25830] snd_pcm_hw_params+0x5eb/0x1ba0 [ 1308.291438][T25830] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1308.291469][T25830] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1308.291516][T25830] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1308.291563][T25830] ? __asan_memset+0x23/0x50 [ 1308.291592][T25830] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1308.291624][T25830] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1308.291670][T25830] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1308.291716][T25830] ? find_held_lock+0x2b/0x80 [ 1308.291749][T25830] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1308.291779][T25830] snd_pcm_oss_write+0x4c3/0xa10 [ 1308.291808][T25830] ? bpf_lsm_file_permission+0x9/0x10 [ 1308.291843][T25830] ? security_file_permission+0x71/0x210 [ 1308.291881][T25830] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1308.291905][T25830] vfs_write+0x29d/0x11d0 [ 1308.291942][T25830] ? __pfx_vfs_write+0x10/0x10 [ 1308.291968][T25830] ? find_held_lock+0x2b/0x80 [ 1308.291993][T25830] ? __fget_files+0x204/0x3c0 [ 1308.292025][T25830] ? __fget_files+0x20e/0x3c0 [ 1308.292062][T25830] ksys_write+0x12a/0x250 [ 1308.292091][T25830] ? __pfx_ksys_write+0x10/0x10 [ 1308.292131][T25830] do_syscall_64+0xcd/0x490 [ 1308.292166][T25830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1308.292198][T25830] RIP: 0033:0x7f528538ebe9 [ 1308.292220][T25830] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1308.292245][T25830] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1308.292270][T25830] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1308.292293][T25830] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1308.292309][T25830] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1308.292325][T25830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1308.292340][T25830] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1308.292375][T25830] [ 1308.933379][T25828] zswap: compressor not available [ 1309.883246][T25850] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1310.527747][T25852] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1310.786558][T25875] netlink: 'syz.0.4066': attribute type 33 has an invalid length. [ 1310.798755][T25875] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4066'. [ 1311.590656][T25896] netlink: 'syz.3.4071': attribute type 11 has an invalid length. [ 1311.618723][T25896] netlink: 'syz.3.4071': attribute type 11 has an invalid length. [ 1311.627216][T25896] netlink: 'syz.3.4071': attribute type 11 has an invalid length. [ 1311.637503][T25896] netlink: 'syz.3.4071': attribute type 11 has an invalid length. [ 1312.368769][T25906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4072'. [ 1312.420974][T25904] HfR: entered promiscuous mode [ 1312.498249][T25906] HfR: left promiscuous mode [ 1313.852488][T25942] netlink: 'syz.0.4078': attribute type 33 has an invalid length. [ 1313.884226][T25942] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4078'. [ 1314.783462][T25965] netlink: 'syz.2.4081': attribute type 11 has an invalid length. [ 1314.793345][T25965] netlink: 'syz.2.4081': attribute type 11 has an invalid length. [ 1314.805513][T25965] netlink: 'syz.2.4081': attribute type 11 has an invalid length. [ 1314.858637][T25965] netlink: 'syz.2.4081': attribute type 11 has an invalid length. [ 1315.279838][T25970] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4084'. [ 1315.494894][T25974] netlink: 'syz.2.4086': attribute type 1 has an invalid length. [ 1316.570486][T25990] HfR: entered promiscuous mode [ 1316.636166][T25990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4088'. [ 1316.695690][T25990] HfR: left promiscuous mode [ 1317.512670][T25995] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1317.632357][T26009] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4094'. [ 1318.303665][T26023] netlink: 'syz.0.4096': attribute type 11 has an invalid length. [ 1318.319518][T26014] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1318.335034][T26023] netlink: 'syz.0.4096': attribute type 11 has an invalid length. [ 1318.368873][T26023] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4096'. [ 1318.377862][T26023] netlink: 'syz.0.4096': attribute type 11 has an invalid length. [ 1318.385819][T26023] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4096'. [ 1318.394989][T26023] netlink: 200 bytes leftover after parsing attributes in process `syz.0.4096'. [ 1318.965731][T26031] netlink: 'syz.2.4099': attribute type 11 has an invalid length. [ 1319.012990][T26031] netlink: 'syz.2.4099': attribute type 11 has an invalid length. [ 1319.068530][T26031] netlink: 'syz.2.4099': attribute type 11 has an invalid length. [ 1319.082064][T26031] netlink: 'syz.2.4099': attribute type 11 has an invalid length. [ 1321.088096][T26041] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1321.922388][T26066] netlink: 'syz.1.4106': attribute type 33 has an invalid length. [ 1321.935647][T26066] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4106'. [ 1321.972388][T26068] netlink: 'syz.0.4107': attribute type 33 has an invalid length. [ 1322.018528][T26068] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4107'. [ 1322.093880][T26053] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1322.448141][T26088] FAULT_INJECTION: forcing a failure. [ 1322.448141][T26088] name failslab, interval 1, probability 0, space 0, times 0 [ 1322.479455][T26088] CPU: 1 UID: 0 PID: 26088 Comm: syz.0.4112 Not tainted syzkaller #0 PREEMPT(full) [ 1322.479492][T26088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1322.479507][T26088] Call Trace: [ 1322.479516][T26088] [ 1322.479527][T26088] dump_stack_lvl+0x16c/0x1f0 [ 1322.479564][T26088] should_fail_ex+0x512/0x640 [ 1322.479598][T26088] ? kmem_cache_alloc_node_noprof+0x5e/0x3b0 [ 1322.479633][T26088] should_failslab+0xc2/0x120 [ 1322.479666][T26088] kmem_cache_alloc_node_noprof+0x71/0x3b0 [ 1322.479697][T26088] ? __alloc_skb+0x2b2/0x380 [ 1322.479733][T26088] __alloc_skb+0x2b2/0x380 [ 1322.479763][T26088] ? __pfx___alloc_skb+0x10/0x10 [ 1322.479797][T26088] ? __pfx_netlink_autobind.isra.0+0x10/0x10 [ 1322.479830][T26088] ? __lock_acquire+0xb97/0x1ce0 [ 1322.479868][T26088] netlink_alloc_large_skb+0x69/0x130 [ 1322.479904][T26088] netlink_sendmsg+0x6a1/0xdd0 [ 1322.479950][T26088] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1322.479989][T26088] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1322.480024][T26088] ____sys_sendmsg+0xa98/0xc70 [ 1322.480049][T26088] ? copy_msghdr_from_user+0x10a/0x160 [ 1322.480082][T26088] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1322.480123][T26088] ___sys_sendmsg+0x134/0x1d0 [ 1322.480159][T26088] ? __pfx____sys_sendmsg+0x10/0x10 [ 1322.480233][T26088] __sys_sendmsg+0x16d/0x220 [ 1322.480268][T26088] ? __pfx___sys_sendmsg+0x10/0x10 [ 1322.480323][T26088] do_syscall_64+0xcd/0x490 [ 1322.480358][T26088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1322.480386][T26088] RIP: 0033:0x7f528538ebe9 [ 1322.480407][T26088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1322.480431][T26088] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1322.480455][T26088] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1322.480473][T26088] RDX: 00000000040188c0 RSI: 0000200000000300 RDI: 0000000000000003 [ 1322.480490][T26088] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1322.480506][T26088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1322.480522][T26088] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1322.480557][T26088] [ 1324.232494][ T30] audit: type=1800 audit(4294967722.370:167): pid=26122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4116" name="dbroot" dev="configfs" ino=141223 res=0 errno=0 [ 1324.687227][T26117] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 1325.051382][T26131] HfR: entered promiscuous mode [ 1325.236637][T26131] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4120'. [ 1325.294561][T26131] HfR: left promiscuous mode [ 1326.874246][ T30] audit: type=1800 audit(4294967725.010:168): pid=26136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4121" name="dbroot" dev="configfs" ino=142397 res=0 errno=0 [ 1327.328735][T22687] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 1327.328771][T22687] Bluetooth: hci2: unexpected subevent 0x0d length: 725 > 260 [ 1327.328930][T26155] netlink: 'syz.3.4123': attribute type 11 has an invalid length. [ 1327.339520][T22687] Bluetooth: hci2: Unknown advertising packet type: 0x7f [ 1327.352790][T22687] Bluetooth: hci2: adv larger than maximum supported [ 1327.360391][T22687] Bluetooth: hci2: Malformed LE Event: 0x0d [ 1327.398205][T26155] netlink: 'syz.3.4123': attribute type 11 has an invalid length. [ 1327.443792][T26155] netlink: 'syz.3.4123': attribute type 11 has an invalid length. [ 1327.574008][T26155] netlink: 'syz.3.4123': attribute type 11 has an invalid length. [ 1327.748333][T26149] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1327.934840][T26156] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1328.070050][T26161] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4126'. [ 1328.768488][T26171] netlink: 'syz.2.4129': attribute type 1 has an invalid length. [ 1329.331007][T26167] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1329.608955][ T30] audit: type=1800 audit(4294967727.750:169): pid=26179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4132" name="dbroot" dev="configfs" ino=143497 res=0 errno=0 [ 1329.849273][T26185] FAULT_INJECTION: forcing a failure. [ 1329.849273][T26185] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.879137][T26188] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4134'. [ 1329.963837][T26185] CPU: 0 UID: 0 PID: 26185 Comm: syz.3.4133 Not tainted syzkaller #0 PREEMPT(full) [ 1329.963860][T26185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1329.963869][T26185] Call Trace: [ 1329.963875][T26185] [ 1329.963880][T26185] dump_stack_lvl+0x16c/0x1f0 [ 1329.963903][T26185] should_fail_ex+0x512/0x640 [ 1329.963923][T26185] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1329.963943][T26185] should_failslab+0xc2/0x120 [ 1329.963961][T26185] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1329.963981][T26185] ? __d_alloc+0x32/0xae0 [ 1329.964001][T26185] __d_alloc+0x32/0xae0 [ 1329.964019][T26185] d_alloc_pseudo+0x1c/0xc0 [ 1329.964039][T26185] alloc_file_pseudo+0xcf/0x230 [ 1329.964060][T26185] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1329.964093][T26185] __shmem_file_setup+0x1a3/0x330 [ 1329.964110][T26185] __do_sys_memfd_create+0x40a/0x8a0 [ 1329.964135][T26185] do_syscall_64+0xcd/0x490 [ 1329.964154][T26185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1329.964169][T26185] RIP: 0033:0x7f62b5d8ebe9 [ 1329.964181][T26185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1329.964195][T26185] RSP: 002b:00007f62b3ff6038 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1329.964209][T26185] RAX: ffffffffffffffda RBX: 00007f62b5fb5fa0 RCX: 00007f62b5d8ebe9 [ 1329.964219][T26185] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000000 [ 1329.964235][T26185] RBP: 00007f62b5e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1329.964245][T26185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1329.964253][T26185] R13: 00007f62b5fb6038 R14: 00007f62b5fb5fa0 R15: 00007ffefeeb1738 [ 1329.964272][T26185] [ 1331.245917][T26208] FAULT_INJECTION: forcing a failure. [ 1331.245917][T26208] name failslab, interval 1, probability 0, space 0, times 0 [ 1331.331925][T26208] CPU: 0 UID: 0 PID: 26208 Comm: syz.0.4139 Not tainted syzkaller #0 PREEMPT(full) [ 1331.331947][T26208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1331.331956][T26208] Call Trace: [ 1331.331962][T26208] [ 1331.331967][T26208] dump_stack_lvl+0x16c/0x1f0 [ 1331.331990][T26208] should_fail_ex+0x512/0x640 [ 1331.332009][T26208] ? __kmalloc_cache_node_noprof+0x5a/0x420 [ 1331.332029][T26208] should_failslab+0xc2/0x120 [ 1331.332047][T26208] __kmalloc_cache_node_noprof+0x6d/0x420 [ 1331.332064][T26208] ? __get_vm_area_node+0x101/0x330 [ 1331.332087][T26208] __get_vm_area_node+0x101/0x330 [ 1331.332111][T26208] __vmalloc_node_range_noprof+0x271/0x14b0 [ 1331.332125][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.332145][T26208] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1331.332167][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.332183][T26208] ? rcu_is_watching+0x12/0xc0 [ 1331.332198][T26208] ? trace_contention_end+0xdd/0x130 [ 1331.332218][T26208] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1331.332235][T26208] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1331.332257][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.332272][T26208] __vmalloc_node_noprof+0xad/0xf0 [ 1331.332285][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.332301][T26208] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 1331.332319][T26208] __snd_dma_alloc_pages+0x53/0x90 [ 1331.332336][T26208] snd_dma_alloc_dir_pages+0x151/0x240 [ 1331.332355][T26208] do_alloc_pages+0x136/0x2d0 [ 1331.332373][T26208] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1331.332393][T26208] snd_pcm_hw_params+0x1656/0x1ba0 [ 1331.332413][T26208] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1331.332429][T26208] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1331.332455][T26208] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1331.332478][T26208] ? __asan_memset+0x23/0x50 [ 1331.332494][T26208] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1331.332511][T26208] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1331.332534][T26208] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1331.332559][T26208] ? find_held_lock+0x2b/0x80 [ 1331.332576][T26208] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1331.332591][T26208] snd_pcm_oss_write+0x4c3/0xa10 [ 1331.332607][T26208] ? bpf_lsm_file_permission+0x9/0x10 [ 1331.332627][T26208] ? security_file_permission+0x71/0x210 [ 1331.332649][T26208] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1331.332663][T26208] vfs_write+0x29d/0x11d0 [ 1331.332684][T26208] ? __pfx_vfs_write+0x10/0x10 [ 1331.332698][T26208] ? find_held_lock+0x2b/0x80 [ 1331.332712][T26208] ? __fget_files+0x204/0x3c0 [ 1331.332732][T26208] ? __fget_files+0x20e/0x3c0 [ 1331.332752][T26208] ksys_write+0x12a/0x250 [ 1331.332768][T26208] ? __pfx_ksys_write+0x10/0x10 [ 1331.332789][T26208] do_syscall_64+0xcd/0x490 [ 1331.332809][T26208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.332824][T26208] RIP: 0033:0x7f528538ebe9 [ 1331.332841][T26208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1331.332854][T26208] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1331.332869][T26208] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1331.332878][T26208] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1331.332887][T26208] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1331.332896][T26208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1331.332904][T26208] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1331.332924][T26208] [ 1331.332932][T26208] syz.0.4139: vmalloc error: size 4096, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 1331.768669][T26208] CPU: 1 UID: 0 PID: 26208 Comm: syz.0.4139 Not tainted syzkaller #0 PREEMPT(full) [ 1331.768691][T26208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1331.768700][T26208] Call Trace: [ 1331.768706][T26208] [ 1331.768712][T26208] dump_stack_lvl+0x16c/0x1f0 [ 1331.768736][T26208] warn_alloc+0x248/0x3a0 [ 1331.768755][T26208] ? __pfx_warn_alloc+0x10/0x10 [ 1331.768771][T26208] ? rcu_is_watching+0x12/0xc0 [ 1331.768786][T26208] ? trace_kmalloc+0x2b/0xd0 [ 1331.768805][T26208] ? __kmalloc_cache_node_noprof+0x272/0x420 [ 1331.768824][T26208] ? __kasan_kmalloc+0x8a/0xb0 [ 1331.768841][T26208] ? __get_vm_area_node+0x208/0x330 [ 1331.768866][T26208] __vmalloc_node_range_noprof+0xb2d/0x14b0 [ 1331.768884][T26208] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1331.768905][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.768923][T26208] ? rcu_is_watching+0x12/0xc0 [ 1331.768936][T26208] ? trace_contention_end+0xdd/0x130 [ 1331.768957][T26208] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1331.768975][T26208] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 1331.768996][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.769011][T26208] __vmalloc_node_noprof+0xad/0xf0 [ 1331.769025][T26208] ? __snd_dma_alloc_pages+0x53/0x90 [ 1331.769040][T26208] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 1331.769059][T26208] __snd_dma_alloc_pages+0x53/0x90 [ 1331.769084][T26208] snd_dma_alloc_dir_pages+0x151/0x240 [ 1331.769102][T26208] do_alloc_pages+0x136/0x2d0 [ 1331.769121][T26208] snd_pcm_lib_malloc_pages+0x3df/0x980 [ 1331.769141][T26208] snd_pcm_hw_params+0x1656/0x1ba0 [ 1331.769161][T26208] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 1331.769178][T26208] ? snd_pcm_hw_param_near.constprop.0+0x734/0x8e0 [ 1331.769203][T26208] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1331.769226][T26208] ? __asan_memset+0x23/0x50 [ 1331.769242][T26208] snd_pcm_kernel_ioctl+0x147/0x2e0 [ 1331.769259][T26208] snd_pcm_oss_change_params_locked+0x1432/0x3a30 [ 1331.769282][T26208] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1331.769307][T26208] ? find_held_lock+0x2b/0x80 [ 1331.769324][T26208] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 1331.769339][T26208] snd_pcm_oss_write+0x4c3/0xa10 [ 1331.769355][T26208] ? bpf_lsm_file_permission+0x9/0x10 [ 1331.769375][T26208] ? security_file_permission+0x71/0x210 [ 1331.769398][T26208] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1331.769411][T26208] vfs_write+0x29d/0x11d0 [ 1331.769432][T26208] ? __pfx_vfs_write+0x10/0x10 [ 1331.769446][T26208] ? find_held_lock+0x2b/0x80 [ 1331.769460][T26208] ? __fget_files+0x204/0x3c0 [ 1331.769479][T26208] ? __fget_files+0x20e/0x3c0 [ 1331.769499][T26208] ksys_write+0x12a/0x250 [ 1331.769515][T26208] ? __pfx_ksys_write+0x10/0x10 [ 1331.769536][T26208] do_syscall_64+0xcd/0x490 [ 1331.769556][T26208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.769571][T26208] RIP: 0033:0x7f528538ebe9 [ 1331.769583][T26208] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1331.769597][T26208] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1331.769611][T26208] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1331.769621][T26208] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 1331.769630][T26208] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1331.769639][T26208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1331.769647][T26208] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1331.769666][T26208] [ 1331.769672][T26208] Mem-Info: [ 1332.279434][T26208] active_anon:22049 inactive_anon:0 isolated_anon:0 [ 1332.279434][T26208] active_file:4110 inactive_file:60500 isolated_file:0 [ 1332.279434][T26208] unevictable:789 dirty:2631 writeback:0 [ 1332.279434][T26208] slab_reclaimable:15735 slab_unreclaimable:121651 [ 1332.279434][T26208] mapped:35950 shmem:10040 pagetables:1233 [ 1332.279434][T26208] sec_pagetables:0 bounce:0 [ 1332.279434][T26208] kernel_misc_reclaimable:0 [ 1332.279434][T26208] free:1266495 free_pcp:14309 free_cma:0 [ 1332.335047][T26208] Node 0 active_anon:88396kB inactive_anon:0kB active_file:16440kB inactive_file:241860kB unevictable:1620kB isolated(anon):0kB isolated(file):0kB mapped:143900kB dirty:10524kB writeback:0kB shmem:38724kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12896kB pagetables:4816kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1332.369048][T26208] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1332.399477][T26208] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1332.468482][T26208] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 1332.474887][T26208] Node 0 DMA32 free:1140800kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:85124kB inactive_anon:0kB active_file:16440kB inactive_file:240544kB unevictable:1620kB writepending:10524kB present:3129332kB managed:2539592kB mlocked:84kB bounce:0kB free_pcp:59876kB local_pcp:33724kB free_cma:0kB [ 1332.509252][T26208] lowmem_reserve[]: 0 0 1 1 1 [ 1332.514972][T26208] Node 0 Normal free:12kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1316kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:8kB free_cma:0kB [ 1332.545212][T26208] lowmem_reserve[]: 0 0 0 0 0 [ 1332.555011][T26208] Node 1 Normal free:3909808kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:140kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1332.601041][T26208] lowmem_reserve[]: 0 0 0 0 0 [ 1332.628538][T26208] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1332.778522][T26208] Node 0 DMA32: 3222*4kB (UME) 1771*8kB (UM) 1759*16kB (UM) 1079*32kB (UM) 485*64kB (UME) 193*128kB (UME) 79*256kB (ME) 24*512kB (UM) 32*1024kB (UM) 7*2048kB (UM) 224*4096kB (UM) = 1142592kB [ 1332.938577][T26208] Node 0 Normal: 3*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1333.078493][T26208] Node 1 Normal: 198*4kB (UME) 53*8kB (UME) 53*16kB (UME) 233*32kB (UME) 114*64kB (UME) 36*128kB (UME) 11*256kB (UME) 7*512kB (UME) 3*1024kB (UME) 2*2048kB (UE) 946*4096kB (M) = 3909808kB [ 1333.098165][T26208] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1333.118158][T26208] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1333.165129][T26208] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1333.234863][T26208] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 1333.238667][T26219] vivid-003: ================= START STATUS ================= [ 1333.301339][T26208] 69710 total pagecache pages [ 1333.303971][T26219] vivid-003: Radio HW Seek Mode: Bounded [ 1333.306154][T26208] 0 pages in swap cache [ 1333.334855][T26219] vivid-003: Radio Programmable HW Seek: false [ 1333.344352][T26208] Free swap = 124996kB [ 1333.361362][T26208] Total swap = 124996kB [ 1333.377502][T26219] vivid-003: RDS Rx I/O Mode: Block I/O [ 1333.387108][T26208] 2097051 pages RAM [ 1333.418554][T26208] 0 pages HighMem/MovableOnly [ 1333.423278][T26208] 430191 pages reserved [ 1333.437322][T26219] vivid-003: Generate RBDS Instead of RDS: false [ 1333.449450][T26219] vivid-003: RDS Reception: true [ 1333.467901][T26208] 0 pages cma reserved [ 1333.583833][T26219] vivid-003: RDS Program Type: 0 inactive [ 1333.645906][T26219] vivid-003: RDS PS Name: inactive [ 1333.651626][T26219] vivid-003: RDS Radio Text: inactive [ 1333.657644][T26219] vivid-003: RDS Traffic Announcement: false inactive [ 1333.666202][T26219] vivid-003: RDS Traffic Program: false inactive [ 1333.677432][T26219] vivid-003: RDS Music: false inactive [ 1333.683773][T26219] vivid-003: ================== END STATUS ================== [ 1335.216992][T26266] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1335.254423][T26290] netlink: 'syz.0.4150': attribute type 33 has an invalid length. [ 1335.262449][T26290] netlink: 322 bytes leftover after parsing attributes in process `syz.0.4150'. [ 1335.702068][T26285] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1336.364336][T26300] FAULT_INJECTION: forcing a failure. [ 1336.364336][T26300] name failslab, interval 1, probability 0, space 0, times 0 [ 1336.377473][T26300] CPU: 0 UID: 0 PID: 26300 Comm: syz.3.4151 Not tainted syzkaller #0 PREEMPT(full) [ 1336.377502][T26300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1336.377511][T26300] Call Trace: [ 1336.377518][T26300] [ 1336.377524][T26300] dump_stack_lvl+0x16c/0x1f0 [ 1336.377547][T26300] should_fail_ex+0x512/0x640 [ 1336.377568][T26300] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1336.377587][T26300] should_failslab+0xc2/0x120 [ 1336.377609][T26300] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1336.377626][T26300] ? __kernfs_new_node+0xd2/0x8e0 [ 1336.377647][T26300] __kernfs_new_node+0xd2/0x8e0 [ 1336.377666][T26300] ? kernfs_add_one+0x37d/0x840 [ 1336.377684][T26300] ? __pfx___kernfs_new_node+0x10/0x10 [ 1336.377706][T26300] ? find_held_lock+0x2b/0x80 [ 1336.377722][T26300] ? kernfs_root+0xee/0x2a0 [ 1336.377743][T26300] kernfs_new_node+0x13c/0x1e0 [ 1336.377765][T26300] __kernfs_create_file+0x53/0x350 [ 1336.377782][T26300] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1336.377803][T26300] sysfs_create_file_ns+0x13d/0x1d0 [ 1336.377819][T26300] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1336.377834][T26300] ? down_read+0x13d/0x480 [ 1336.377853][T26300] ? __pfx___up_read+0x10/0x10 [ 1336.377873][T26300] ? acpi_device_notify+0x351/0x480 [ 1336.377893][T26300] device_create_file+0xf2/0x1e0 [ 1336.377909][T26300] device_add+0x2bf/0x1aa0 [ 1336.377922][T26300] ? __pfx_dev_set_name+0x10/0x10 [ 1336.377937][T26300] ? __pfx_device_add+0x10/0x10 [ 1336.377949][T26300] ? lockdep_init_map_type+0x5c/0x280 [ 1336.377968][T26300] ? __init_waitqueue_head+0xca/0x150 [ 1336.377993][T26300] netdev_register_kobject+0x1a9/0x3d0 [ 1336.378016][T26300] register_netdevice+0x13dc/0x2270 [ 1336.378040][T26300] ? __pfx_register_netdevice+0x10/0x10 [ 1336.378066][T26300] slip_open+0xb86/0x1150 [ 1336.378089][T26300] ? __pfx_slip_open+0x10/0x10 [ 1336.378108][T26300] ? down_write+0x14d/0x200 [ 1336.378128][T26300] ? __pfx_slip_open+0x10/0x10 [ 1336.378147][T26300] tty_ldisc_open+0x9f/0x120 [ 1336.378164][T26300] tty_set_ldisc+0x32b/0x780 [ 1336.378183][T26300] tty_ioctl+0xc2e/0x1680 [ 1336.378202][T26300] ? __pfx_tty_ioctl+0x10/0x10 [ 1336.378226][T26300] ? find_held_lock+0x2b/0x80 [ 1336.378238][T26300] ? hook_file_ioctl_common+0x145/0x410 [ 1336.378260][T26300] ? __fget_files+0x20e/0x3c0 [ 1336.378279][T26300] ? __pfx_tty_ioctl+0x10/0x10 [ 1336.378297][T26300] __x64_sys_ioctl+0x18e/0x210 [ 1336.378320][T26300] do_syscall_64+0xcd/0x490 [ 1336.378348][T26300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1336.378372][T26300] RIP: 0033:0x7f62b5d8ebe9 [ 1336.378393][T26300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1336.378416][T26300] RSP: 002b:00007f62b3fb4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1336.378441][T26300] RAX: ffffffffffffffda RBX: 00007f62b5fb6180 RCX: 00007f62b5d8ebe9 [ 1336.378459][T26300] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 000000000000000d [ 1336.378473][T26300] RBP: 00007f62b5e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1336.378489][T26300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1336.378504][T26300] R13: 00007f62b5fb6218 R14: 00007f62b5fb6180 R15: 00007ffefeeb1738 [ 1336.378526][T26300] [ 1339.318181][T26331] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1340.687075][T26338] zswap: compressor not available [ 1340.756813][T26348] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4162'. [ 1341.338926][T26360] zswap: compressor not available [ 1341.354683][T26365] HfR: entered promiscuous mode [ 1341.368675][T26365] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4167'. [ 1342.022582][T26365] HfR: left promiscuous mode [ 1342.067063][T26370] netlink: 'syz.3.4169': attribute type 1 has an invalid length. [ 1342.454260][T26380] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4168'. [ 1342.645854][T26377] HfR: entered promiscuous mode [ 1343.075802][T26378] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1343.152034][T26380] HfR: left promiscuous mode [ 1343.703186][T26385] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1344.104072][T26400] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4175'. [ 1344.336414][T26408] netlink: 'syz.2.4177': attribute type 33 has an invalid length. [ 1344.363133][T26408] netlink: 322 bytes leftover after parsing attributes in process `syz.2.4177'. [ 1344.562232][T26396] zswap: compressor not available [ 1345.284968][T26429] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4180'. [ 1348.525318][T26494] program syz.0.4192 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1348.917876][ T30] audit: type=1800 audit(4294967747.050:170): pid=26500 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4193" name="dbroot" dev="configfs" ino=145447 res=0 errno=0 [ 1350.526865][T26524] FAULT_INJECTION: forcing a failure. [ 1350.526865][T26524] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1350.808641][T26524] CPU: 1 UID: 0 PID: 26524 Comm: syz.1.4197 Not tainted syzkaller #0 PREEMPT(full) [ 1350.808676][T26524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1350.808692][T26524] Call Trace: [ 1350.808700][T26524] [ 1350.808709][T26524] dump_stack_lvl+0x16c/0x1f0 [ 1350.808747][T26524] should_fail_ex+0x512/0x640 [ 1350.808784][T26524] _copy_from_user+0x2e/0xd0 [ 1350.808823][T26524] restore_altstack+0x93/0x170 [ 1350.808882][T26524] ? __pfx_restore_altstack+0x10/0x10 [ 1350.808924][T26524] ? _raw_spin_unlock_irq+0x23/0x50 [ 1350.808952][T26524] ? lockdep_hardirqs_on+0x7c/0x110 [ 1350.808982][T26524] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1350.809012][T26524] ? set_current_blocked+0xdd/0x120 [ 1350.809041][T26524] __do_sys_rt_sigreturn+0x13c/0x230 [ 1350.809078][T26524] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 1350.809124][T26524] do_syscall_64+0xcd/0x490 [ 1350.809171][T26524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1350.809200][T26524] RIP: 0033:0x7f6d0b52ade9 [ 1350.809229][T26524] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 1350.809270][T26524] RSP: 002b:00007f6d0c40da80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 1350.809297][T26524] RAX: ffffffffffffffda RBX: 00007f6d0b7b5fa0 RCX: 00007f6d0b52ade9 [ 1350.809316][T26524] RDX: 00007f6d0c40da80 RSI: 00007f6d0c40dbb0 RDI: 0000000000000011 [ 1350.809334][T26524] RBP: 00007f6d0b611e19 R08: 0000000000000000 R09: 0000000000000000 [ 1350.809351][T26524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1350.809367][T26524] R13: 00007f6d0b7b6038 R14: 00007f6d0b7b5fa0 R15: 00007ffe7357b188 [ 1350.809403][T26524] [ 1351.314999][ T30] audit: type=1800 audit(4294967749.450:171): pid=26511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4195" name="dbroot" dev="configfs" ino=144718 res=0 errno=0 [ 1352.030311][T26539] netlink: 'syz.2.4200': attribute type 1 has an invalid length. [ 1352.398579][T26530] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1352.451178][T26530] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1352.594144][T26530] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1352.603720][T26530] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1352.786945][T26530] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1352.814536][T26530] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1352.900201][T26530] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1352.931549][T26530] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1353.379405][T26557] HfR: entered promiscuous mode [ 1353.559114][T26570] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4202'. [ 1354.117915][T26571] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1354.635224][T26598] netlink: 'syz.0.4208': attribute type 11 has an invalid length. [ 1354.668592][T26598] netlink: 'syz.0.4208': attribute type 11 has an invalid length. [ 1354.694292][T26598] netlink: 'syz.0.4208': attribute type 11 has an invalid length. [ 1354.729786][T26598] netlink: 'syz.0.4208': attribute type 11 has an invalid length. [ 1355.221305][T26612] netlink: 'syz.0.4211': attribute type 11 has an invalid length. [ 1355.248088][T26612] netlink: 'syz.0.4211': attribute type 11 has an invalid length. [ 1355.278554][T26612] netlink: 'syz.0.4211': attribute type 11 has an invalid length. [ 1355.353414][T26612] netlink: 'syz.0.4211': attribute type 11 has an invalid length. [ 1356.120105][T26644] FAULT_INJECTION: forcing a failure. [ 1356.120105][T26644] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1356.156786][T26644] CPU: 1 UID: 0 PID: 26644 Comm: syz.0.4218 Not tainted syzkaller #0 PREEMPT(full) [ 1356.156824][T26644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1356.156839][T26644] Call Trace: [ 1356.156849][T26644] [ 1356.156859][T26644] dump_stack_lvl+0x16c/0x1f0 [ 1356.156897][T26644] should_fail_ex+0x512/0x640 [ 1356.156937][T26644] _copy_to_user+0x32/0xd0 [ 1356.156965][T26644] kvm_arch_vcpu_ioctl+0x1a69/0x52d0 [ 1356.157001][T26644] ? stack_trace_save+0x8e/0xc0 [ 1356.157035][T26644] ? __pfx_kvm_arch_vcpu_ioctl+0x10/0x10 [ 1356.157064][T26644] ? __lock_acquire+0xb97/0x1ce0 [ 1356.157102][T26644] ? kasan_save_stack+0x42/0x60 [ 1356.157131][T26644] ? kasan_save_stack+0x33/0x60 [ 1356.157159][T26644] ? kasan_save_track+0x14/0x30 [ 1356.157186][T26644] ? kasan_save_free_info+0x3b/0x60 [ 1356.157223][T26644] ? __kasan_slab_free+0x60/0x70 [ 1356.157251][T26644] ? kfree+0x2b4/0x4d0 [ 1356.157274][T26644] ? tomoyo_path_number_perm+0x470/0x580 [ 1356.157311][T26644] ? __lock_acquire+0xb97/0x1ce0 [ 1356.157357][T26644] ? __mutex_trylock_common+0xe9/0x250 [ 1356.157401][T26644] ? rcu_is_watching+0x12/0xc0 [ 1356.157428][T26644] ? trace_contention_end+0xdd/0x130 [ 1356.157462][T26644] ? __mutex_lock+0x1c5/0x1060 [ 1356.157499][T26644] ? kasan_quarantine_put+0x10a/0x240 [ 1356.157531][T26644] ? __pfx___mutex_lock+0x10/0x10 [ 1356.157578][T26644] ? tomoyo_path_number_perm+0x18d/0x580 [ 1356.157616][T26644] ? kvm_vcpu_ioctl+0x1236/0x1690 [ 1356.157647][T26644] kvm_vcpu_ioctl+0x1236/0x1690 [ 1356.157684][T26644] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1356.157724][T26644] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1356.157765][T26644] ? do_vfs_ioctl+0x128/0x14f0 [ 1356.157803][T26644] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1356.157852][T26644] ? find_held_lock+0x2b/0x80 [ 1356.157877][T26644] ? hook_file_ioctl_common+0x145/0x410 [ 1356.157919][T26644] ? __fget_files+0x20e/0x3c0 [ 1356.157952][T26644] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 1356.157985][T26644] __x64_sys_ioctl+0x18e/0x210 [ 1356.158025][T26644] do_syscall_64+0xcd/0x490 [ 1356.158061][T26644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1356.158087][T26644] RIP: 0033:0x7f528538ebe9 [ 1356.158109][T26644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1356.158134][T26644] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1356.158159][T26644] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1356.158177][T26644] RDX: 0000000000000000 RSI: 00000000c048aeca RDI: 0000000000000004 [ 1356.158193][T26644] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1356.158209][T26644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1356.158225][T26644] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1356.158260][T26644] [ 1358.470513][T26683] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1359.152045][T26717] netlink: 'syz.1.4230': attribute type 1 has an invalid length. [ 1360.742890][ T30] audit: type=1800 audit(4294967758.880:172): pid=26747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4233" name="dbroot" dev="configfs" ino=146576 res=0 errno=0 [ 1360.796313][T26756] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4234'. [ 1361.691194][T26770] netlink: 'syz.1.4236': attribute type 33 has an invalid length. [ 1361.790066][T26770] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4236'. [ 1362.907464][T26785] netlink: 'syz.3.4239': attribute type 33 has an invalid length. [ 1362.918585][T26785] netlink: 322 bytes leftover after parsing attributes in process `syz.3.4239'. [ 1363.769455][T26784] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1364.271583][T26797] netlink: 'syz.1.4245': attribute type 33 has an invalid length. [ 1364.283494][T26797] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4245'. [ 1364.981277][T26814] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1366.950378][T26843] openvswitch: netlink: nsh attribute has 14 unknown bytes. [ 1367.055774][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1367.064540][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1367.138047][T26849] netlink: 'syz.1.4257': attribute type 11 has an invalid length. [ 1367.171720][T26849] netlink: 'syz.1.4257': attribute type 11 has an invalid length. [ 1367.185138][T26849] netlink: 'syz.1.4257': attribute type 11 has an invalid length. [ 1367.195746][T26849] netlink: 'syz.1.4257': attribute type 11 has an invalid length. [ 1367.213303][T26856] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4258'. [ 1367.720489][T26869] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4261'. [ 1367.765866][T26861] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1368.122475][T26879] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4264'. [ 1368.209273][T26871] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1368.581774][T26885] zswap: compressor not available [ 1370.046896][T26899] FAULT_INJECTION: forcing a failure. [ 1370.046896][T26899] name failslab, interval 1, probability 0, space 0, times 0 [ 1370.046944][T26899] CPU: 0 UID: 0 PID: 26899 Comm: syz.2.4268 Not tainted syzkaller #0 PREEMPT(full) [ 1370.046963][T26899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1370.046972][T26899] Call Trace: [ 1370.046978][T26899] [ 1370.046984][T26899] dump_stack_lvl+0x16c/0x1f0 [ 1370.047023][T26899] should_fail_ex+0x512/0x640 [ 1370.047044][T26899] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 1370.047066][T26899] should_failslab+0xc2/0x120 [ 1370.047085][T26899] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 1370.047105][T26899] ? kstrdup_const+0x63/0x80 [ 1370.047127][T26899] kstrdup+0x53/0x100 [ 1370.047148][T26899] kstrdup_const+0x63/0x80 [ 1370.047164][T26899] __kernfs_new_node+0x9b/0x8e0 [ 1370.047185][T26899] ? __pfx___kernfs_new_node+0x10/0x10 [ 1370.047207][T26899] ? find_held_lock+0x2b/0x80 [ 1370.047222][T26899] ? kernfs_root+0xee/0x2a0 [ 1370.047243][T26899] kernfs_new_node+0x13c/0x1e0 [ 1370.047266][T26899] kernfs_create_dir_ns+0x4c/0x1a0 [ 1370.047287][T26899] sysfs_create_dir_ns+0x13a/0x2b0 [ 1370.047305][T26899] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1370.047321][T26899] ? find_held_lock+0x2b/0x80 [ 1370.047337][T26899] ? class_dir_child_ns_type+0xd/0x60 [ 1370.047359][T26899] kobject_add_internal+0x2c4/0x9b0 [ 1370.047389][T26899] kobject_add+0x16e/0x240 [ 1370.047409][T26899] ? __pfx_kobject_add+0x10/0x10 [ 1370.047431][T26899] ? get_device_parent+0x1c5/0x4e0 [ 1370.047452][T26899] ? kobject_put+0xab/0x5a0 [ 1370.047477][T26899] device_add+0x288/0x1aa0 [ 1370.047493][T26899] ? __pfx_device_add+0x10/0x10 [ 1370.047505][T26899] ? kfree+0x24f/0x4d0 [ 1370.047524][T26899] device_create_groups_vargs+0x1f8/0x270 [ 1370.047541][T26899] device_create+0xed/0x130 [ 1370.047555][T26899] ? __pfx_device_create+0x10/0x10 [ 1370.047569][T26899] ? con_is_visible+0x65/0x150 [ 1370.047583][T26899] ? csi_J+0x54a/0xad0 [ 1370.047605][T26899] vc_allocate+0x501/0x880 [ 1370.047622][T26899] ? __pfx_vc_allocate+0x10/0x10 [ 1370.047646][T26899] con_install+0xa1/0x600 [ 1370.047664][T26899] ? __pfx_con_install+0x10/0x10 [ 1370.047685][T26899] ? __pfx_con_install+0x10/0x10 [ 1370.047703][T26899] tty_init_dev.part.0+0x99/0x500 [ 1370.047724][T26899] tty_open+0xa50/0xf90 [ 1370.047747][T26899] ? __pfx_tty_open+0x10/0x10 [ 1370.047765][T26899] ? chrdev_open+0x58c/0x6a0 [ 1370.047789][T26899] ? __pfx_tty_open+0x10/0x10 [ 1370.047809][T26899] chrdev_open+0x231/0x6a0 [ 1370.047827][T26899] ? __pfx_chrdev_open+0x10/0x10 [ 1370.047845][T26899] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1370.047865][T26899] do_dentry_open+0x97f/0x1530 [ 1370.047883][T26899] ? __pfx_chrdev_open+0x10/0x10 [ 1370.047904][T26899] vfs_open+0x82/0x3f0 [ 1370.047927][T26899] path_openat+0x1de4/0x2cb0 [ 1370.047950][T26899] ? __pfx_path_openat+0x10/0x10 [ 1370.047972][T26899] do_filp_open+0x20b/0x470 [ 1370.047988][T26899] ? __pfx_do_filp_open+0x10/0x10 [ 1370.048018][T26899] ? alloc_fd+0x471/0x7d0 [ 1370.048047][T26899] do_sys_openat2+0x11b/0x1d0 [ 1370.048078][T26899] ? __pfx_do_sys_openat2+0x10/0x10 [ 1370.048112][T26899] ? __rseq_handle_notify_resume+0x681/0x10e0 [ 1370.048151][T26899] __x64_sys_openat+0x174/0x210 [ 1370.048186][T26899] ? __pfx___x64_sys_openat+0x10/0x10 [ 1370.048222][T26899] ? ksys_mmap_pgoff+0x85/0x5c0 [ 1370.048271][T26899] do_syscall_64+0xcd/0x490 [ 1370.048306][T26899] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.048333][T26899] RIP: 0033:0x7f1adbd8ebe9 [ 1370.048354][T26899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1370.048384][T26899] RSP: 002b:00007f1adcc86038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1370.048409][T26899] RAX: ffffffffffffffda RBX: 00007f1adbfb5fa0 RCX: 00007f1adbd8ebe9 [ 1370.048426][T26899] RDX: 0000000000040001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1370.048444][T26899] RBP: 00007f1adbe11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1370.048460][T26899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1370.048474][T26899] R13: 00007f1adbfb6038 R14: 00007f1adbfb5fa0 R15: 00007ffc30824c18 [ 1370.048512][T26899] [ 1370.066741][T26899] kobject: kobject_add_internal failed for vcsa10 (error: -12 parent: vc) [ 1370.808248][T26926] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1374.661252][ T30] audit: type=1800 audit(4294967772.800:173): pid=27006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4283" name="dbroot" dev="configfs" ino=148280 res=0 errno=0 [ 1375.097400][T27002] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1375.798514][T27013] zswap: compressor not available [ 1377.389764][ T30] audit: type=1800 audit(4294967775.520:174): pid=27038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4287" name="dbroot" dev="configfs" ino=147453 res=0 errno=0 [ 1377.545202][T27032] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1377.791772][T27045] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4291'. [ 1379.394666][T27066] vivid-003: ================= START STATUS ================= [ 1379.404179][T27066] vivid-003: Radio HW Seek Mode: Bounded [ 1379.410090][T27066] vivid-003: Radio Programmable HW Seek: false [ 1379.416306][T27066] vivid-003: RDS Rx I/O Mode: Block I/O [ 1379.421979][T27066] vivid-003: Generate RBDS Instead of RDS: false [ 1379.441415][T27066] vivid-003: RDS Reception: true [ 1379.456166][T27066] vivid-003: RDS Program Type: 0 inactive [ 1379.479720][T27066] vivid-003: RDS PS Name: inactive [ 1379.558668][T27066] vivid-003: RDS Radio Text: inactive [ 1379.564225][T27066] vivid-003: RDS Traffic Announcement: false inactive [ 1379.609536][T27066] vivid-003: RDS Traffic Program: false inactive [ 1379.617083][T27066] vivid-003: RDS Music: false inactive [ 1379.622816][T27066] vivid-003: ================== END STATUS ================== [ 1380.311787][T27072] netlink: 'syz.0.4297': attribute type 11 has an invalid length. [ 1380.319822][T27072] netlink: 'syz.0.4297': attribute type 11 has an invalid length. [ 1380.327683][T27072] netlink: 'syz.0.4297': attribute type 11 has an invalid length. [ 1380.335704][T27072] netlink: 'syz.0.4297': attribute type 11 has an invalid length. [ 1380.749255][T27073] zswap: compressor not available [ 1382.091699][ T30] audit: type=1800 audit(4294967780.210:175): pid=27096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4302" name="dbroot" dev="configfs" ino=149581 res=0 errno=0 [ 1383.775401][T27133] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 1384.370676][T27137] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input52 [ 1384.424975][T27143] zswap: compressor not available [ 1385.315018][T27156] HfR: entered promiscuous mode [ 1387.083916][T27190] netlink: 'syz.2.4319': attribute type 33 has an invalid length. [ 1387.106467][T27190] netlink: 322 bytes leftover after parsing attributes in process `syz.2.4319'. [ 1387.979567][T27203] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1388.057278][T27194] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1388.660029][T27221] sp0: Synchronizing with TNC [ 1388.704728][T27221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4327'. [ 1390.275816][T27250] netlink: 'syz.0.4334': attribute type 11 has an invalid length. [ 1390.424776][T27250] netlink: 'syz.0.4334': attribute type 11 has an invalid length. [ 1390.432884][T27250] netlink: 'syz.0.4334': attribute type 11 has an invalid length. [ 1390.440996][T27250] netlink: 'syz.0.4334': attribute type 11 has an invalid length. [ 1390.775895][T27259] netlink: 'syz.1.4335': attribute type 1 has an invalid length. [ 1390.893644][T27252] zswap: compressor not available [ 1391.616480][T27263] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1393.394288][T27304] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1394.366601][T27323] netlink: 'syz.3.4348': attribute type 11 has an invalid length. [ 1394.406826][T27323] netlink: 'syz.3.4348': attribute type 11 has an invalid length. [ 1394.460194][T27323] netlink: 'syz.3.4348': attribute type 11 has an invalid length. [ 1394.548752][T27323] netlink: 'syz.3.4348': attribute type 11 has an invalid length. [ 1395.567420][ T30] audit: type=1800 audit(4294967793.700:176): pid=27327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4349" name="dbroot" dev="configfs" ino=151558 res=0 errno=0 [ 1396.989849][T27356] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1397.076047][T27369] openvswitch: HfR: Dropping previously announced user features [ 1397.888606][T27378] openvswitch: HfR: Dropping previously announced user features [ 1398.563945][T27387] netlink: 'syz.0.4362': attribute type 11 has an invalid length. [ 1398.607592][T27387] netlink: 'syz.0.4362': attribute type 11 has an invalid length. [ 1398.701600][T27387] netlink: 'syz.0.4362': attribute type 11 has an invalid length. [ 1398.727465][T27387] netlink: 'syz.0.4362': attribute type 11 has an invalid length. [ 1399.429472][T27400] netlink: 'syz.2.4364': attribute type 1 has an invalid length. [ 1400.947712][T27425] HfR: entered promiscuous mode [ 1401.913724][ T30] audit: type=1800 audit(4294967800.050:177): pid=27439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4374" name="dbroot" dev="configfs" ino=150999 res=0 errno=0 [ 1403.022256][T27450] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1403.370432][T27463] openvswitch: HfR: Dropping previously announced user features [ 1403.569114][T27460] zswap: compressor not available [ 1405.063924][T27483] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1405.558930][T27499] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4388'. [ 1405.621826][T27499] HfR: left promiscuous mode [ 1406.541481][T27511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4390'. [ 1406.666197][T27511] openvswitch: HfR: Dropping previously announced user features [ 1407.956033][T27541] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4405'. [ 1408.100065][T27540] openvswitch: HfR: Dropping previously announced user features [ 1408.358668][T27541] HfR: left promiscuous mode [ 1409.584709][T27542] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1410.475481][T27565] netlink: 'syz.3.4401': attribute type 33 has an invalid length. [ 1410.528511][T27565] netlink: 322 bytes leftover after parsing attributes in process `syz.3.4401'. [ 1410.587150][T27568] netlink: 'syz.1.4403': attribute type 33 has an invalid length. [ 1410.596237][T27568] netlink: 322 bytes leftover after parsing attributes in process `syz.1.4403'. [ 1411.098826][T27581] HfR: entered promiscuous mode [ 1412.334361][T27590] zswap: compressor not available [ 1412.756087][ T30] audit: type=1800 audit(4294967810.890:178): pid=27599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4410" name="dbroot" dev="configfs" ino=152718 res=0 errno=0 [ 1413.188979][T27614] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4414'. [ 1414.279288][T27619] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1415.819128][T27638] zswap: compressor not available [ 1415.882050][T27642] HfR: entered promiscuous mode [ 1417.559330][T27667] netlink: 'syz.2.4428': attribute type 11 has an invalid length. [ 1417.581845][T27667] netlink: 'syz.2.4428': attribute type 11 has an invalid length. [ 1417.612080][T27667] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4428'. [ 1417.636205][T27667] netlink: 'syz.2.4428': attribute type 11 has an invalid length. [ 1417.668525][T27667] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4428'. [ 1417.711770][T27667] netlink: 200 bytes leftover after parsing attributes in process `syz.2.4428'. [ 1418.792418][ T30] audit: type=1800 audit(4294967816.930:179): pid=27676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4429" name="dbroot" dev="configfs" ino=153017 res=0 errno=0 [ 1419.005966][T27682] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1420.325500][T27703] zswap: compressor not available [ 1421.114765][T27711] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4435'. [ 1421.378609][T27717] openvswitch: HfR: Dropping previously announced user features [ 1422.023769][T27731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4440'. [ 1422.085653][T27731] openvswitch: HfR: Dropping previously announced user features [ 1424.302118][T27766] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4447'. [ 1425.855433][T27779] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1426.297055][ T30] audit: type=1800 audit(4294967824.370:180): pid=27798 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4456" name="dbroot" dev="configfs" ino=154061 res=0 errno=0 [ 1426.796887][T27801] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1426.824329][T27800] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1428.506939][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.513482][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1428.724267][T27839] vhci_hcd: invalid port number 23 [ 1428.738493][T27839] vhci_hcd: Wrong hub descriptor type for USB 3.0 roothub. [ 1429.089223][T27847] netlink: 'syz.1.4464': attribute type 11 has an invalid length. [ 1429.098950][T27847] netlink: 'syz.1.4464': attribute type 11 has an invalid length. [ 1429.106786][T27847] netlink: 'syz.1.4464': attribute type 11 has an invalid length. [ 1429.126016][T27832] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1429.158570][T27847] netlink: 'syz.1.4464': attribute type 11 has an invalid length. [ 1430.899277][T27854] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1432.255252][T27881] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4472'. [ 1432.418451][T27881] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4472'. [ 1433.824296][ T30] audit: type=1800 audit(4294967831.960:181): pid=27902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4477" name="dbroot" dev="configfs" ino=154431 res=0 errno=0 [ 1436.484601][T27930] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1437.473808][T27942] HfR: entered promiscuous mode [ 1439.210538][T27938] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1441.746315][T28000] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1442.130614][T28020] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1443.052167][T28049] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4509'. [ 1443.157791][T28049] openvswitch: HfR: Dropping previously announced user features [ 1443.656254][ T30] audit: type=1800 audit(4294967841.770:182): pid=28044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4505" name="dbroot" dev="configfs" ino=156696 res=0 errno=0 [ 1443.886354][T28060] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1443.946824][T28051] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1444.735530][T28072] zswap: compressor not available [ 1446.065629][T28087] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1446.132061][T28088] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1446.582393][T28103] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4516'. [ 1447.469986][ T30] audit: type=1800 audit(4294967845.610:183): pid=28115 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4520" name="dbroot" dev="configfs" ino=157039 res=0 errno=0 [ 1448.862217][T28140] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1448.944497][T28139] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1449.739053][T28153] openvswitch: HfR: Dropping previously announced user features [ 1451.668772][T28182] zswap: compressor not available [ 1451.903156][T28186] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1452.143537][T28202] openvswitch: HfR: Dropping previously announced user features [ 1452.570322][T28213] netlink: 'syz.1.4544': attribute type 11 has an invalid length. [ 1452.617719][T28213] netlink: 'syz.1.4544': attribute type 11 has an invalid length. [ 1452.652787][T28213] netlink: 'syz.1.4544': attribute type 11 has an invalid length. [ 1452.758556][T28213] netlink: 'syz.1.4544': attribute type 11 has an invalid length. [ 1454.329622][T28244] zswap: compressor not available [ 1454.419386][T28239] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1454.571500][T28248] netlink: 'syz.1.4551': attribute type 11 has an invalid length. [ 1454.585753][T28248] netlink: 'syz.1.4551': attribute type 11 has an invalid length. [ 1455.076910][T28260] openvswitch: HfR: Dropping previously announced user features [ 1455.441506][T28254] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1457.057329][T28285] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1457.831757][T28299] zswap: compressor not available [ 1458.647877][T28312] openvswitch: HfR: Dropping previously announced user features [ 1459.634003][T28317] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(1) [ 1461.801504][T28337] openvswitch: HfR: Dropping previously announced user features [ 1462.425865][T28348] zswap: compressor not available [ 1464.262432][T28398] FAULT_INJECTION: forcing a failure. [ 1464.262432][T28398] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1464.332127][T28398] CPU: 0 UID: 0 PID: 28398 Comm: syz.0.4584 Not tainted syzkaller #0 PREEMPT(full) [ 1464.332165][T28398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1464.332181][T28398] Call Trace: [ 1464.332190][T28398] [ 1464.332200][T28398] dump_stack_lvl+0x16c/0x1f0 [ 1464.332249][T28398] should_fail_ex+0x512/0x640 [ 1464.332290][T28398] _copy_from_user+0x2e/0xd0 [ 1464.332331][T28398] get_timespec64+0x8b/0x1b0 [ 1464.332362][T28398] ? __pfx_get_timespec64+0x10/0x10 [ 1464.332403][T28398] __x64_sys_clock_nanosleep+0x1ce/0x4a0 [ 1464.332433][T28398] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 1464.332486][T28398] do_syscall_64+0xcd/0x490 [ 1464.332523][T28398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.332549][T28398] RIP: 0033:0x7f528538ebe9 [ 1464.332575][T28398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1464.332601][T28398] RSP: 002b:00007f528624f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1464.332626][T28398] RAX: ffffffffffffffda RBX: 00007f52855b5fa0 RCX: 00007f528538ebe9 [ 1464.332645][T28398] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000008 [ 1464.332661][T28398] RBP: 00007f528624f090 R08: 0000000000000000 R09: 0000000000000000 [ 1464.332678][T28398] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000001 [ 1464.332695][T28398] R13: 00007f52855b6038 R14: 00007f52855b5fa0 R15: 00007ffcea7caa88 [ 1464.332731][T28398] [ 1465.878765][T28417] zswap: compressor not available [ 1466.341636][ T30] audit: type=1800 audit(4294967864.480:184): pid=28416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4588" name="dbroot" dev="configfs" ino=158022 res=0 errno=0 [ 1466.690481][T28436] netlink: 'syz.3.4591': attribute type 11 has an invalid length. [ 1466.701442][T28436] netlink: 'syz.3.4591': attribute type 11 has an invalid length. [ 1466.711923][T28436] netlink: 'syz.3.4591': attribute type 11 has an invalid length. [ 1466.773050][T28436] netlink: 'syz.3.4591': attribute type 11 has an invalid length. [ 1467.961378][T28456] openvswitch: HfR: Dropping previously announced user features [ 1469.711855][ T30] audit: type=1800 audit(4294967867.840:185): pid=28471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4600" name="dbroot" dev="configfs" ino=159482 res=0 errno=0 [ 1470.317707][ T36] ------------[ cut here ]------------ [ 1470.323387][ T36] wlan1: Failed check-sdata-in-driver check, flags: 0x0 [ 1470.378765][ T36] WARNING: CPU: 0 PID: 36 at net/mac80211/driver-ops.c:255 drv_get_tsf+0x1c7/0x780 [ 1470.388141][ T36] Modules linked in: [ 1470.392372][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 1470.401783][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1470.411983][ T36] Workqueue: events_unbound cfg80211_wiphy_work [ 1470.418269][ T36] RIP: 0010:drv_get_tsf+0x1c7/0x780 [ 1470.423613][ T36] Code: 0f 84 3d 05 00 00 e8 18 6f bd f6 49 81 c4 20 01 00 00 e8 0c 6f bd f6 44 89 f2 4c 89 e6 48 c7 c7 00 8d 08 8d e8 9a 67 7c f6 90 <0f> 0b 90 90 e8 f0 6e bd f6 4c 89 ea 48 b8 00 00 00 00 00 fc ff df [ 1470.443497][ T36] RSP: 0018:ffffc90000ac7b88 EFLAGS: 00010286 [ 1470.449642][ T36] RAX: 0000000000000000 RBX: ffff88805abc8d80 RCX: ffffffff817a02c8 [ 1470.457723][ T36] RDX: ffff888143681e00 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 1470.465811][ T36] RBP: ffff8880284b0e40 R08: 0000000000000001 R09: 0000000000000000 [ 1470.473907][ T36] R10: 0000000000000001 R11: 00000000000b1998 R12: ffff88805abc8120 [ 1470.482023][ T36] R13: ffff88805abc9728 R14: 0000000000000000 R15: ffff8880284b06b8 [ 1470.490072][ T36] FS: 0000000000000000(0000) GS:ffff8881246c3000(0000) knlGS:0000000000000000 [ 1470.499119][ T36] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1470.505734][ T36] CR2: 000020000019c000 CR3: 000000005db5a000 CR4: 00000000003526f0 [ 1470.513801][ T36] Call Trace: [ 1470.517098][ T36] [ 1470.520131][ T36] ieee80211_if_fmt_tsf+0x42/0x70 [ 1470.525190][ T36] ? __pfx_ieee80211_if_read_sdata_handler+0x10/0x10 [ 1470.531962][ T36] wiphy_locked_debugfs_read_work+0xe6/0x1c0 [ 1470.538005][ T36] ? trace_wiphy_work_run+0x190/0x210 [ 1470.543492][ T36] cfg80211_wiphy_work+0x2c4/0x580 [ 1470.548719][ T36] process_one_work+0x9cf/0x1b70 [ 1470.553699][ T36] ? __pfx_batadv_mcast_mla_update+0x10/0x10 [ 1470.559876][ T36] ? __pfx_process_one_work+0x10/0x10 [ 1470.565303][ T36] ? assign_work+0x1a0/0x250 [ 1470.570081][ T36] worker_thread+0x6c8/0xf10 [ 1470.574720][ T36] ? __pfx_worker_thread+0x10/0x10 [ 1470.580054][ T36] kthread+0x3c5/0x780 [ 1470.584217][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.588915][ T36] ? rcu_is_watching+0x12/0xc0 [ 1470.593716][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.598460][ T36] ret_from_fork+0x5d4/0x6f0 [ 1470.603089][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.607721][ T36] ret_from_fork_asm+0x1a/0x30 [ 1470.612642][ T36] [ 1470.615689][ T36] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1470.622994][ T36] CPU: 0 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) [ 1470.632305][ T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1470.642387][ T36] Workqueue: events_unbound cfg80211_wiphy_work [ 1470.648666][ T36] Call Trace: [ 1470.651946][ T36] [ 1470.654880][ T36] dump_stack_lvl+0x3d/0x1f0 [ 1470.659478][ T36] vpanic+0x6e8/0x7a0 [ 1470.663466][ T36] ? __pfx_vpanic+0x10/0x10 [ 1470.667976][ T36] ? drv_get_tsf+0x1c7/0x780 [ 1470.672572][ T36] panic+0xca/0xd0 [ 1470.676300][ T36] ? __pfx_panic+0x10/0x10 [ 1470.680726][ T36] ? check_panic_on_warn+0x1f/0xb0 [ 1470.685843][ T36] check_panic_on_warn+0xab/0xb0 [ 1470.690793][ T36] __warn+0xf6/0x3c0 [ 1470.694693][ T36] ? drv_get_tsf+0x1c7/0x780 [ 1470.699288][ T36] report_bug+0x3c3/0x580 [ 1470.703617][ T36] ? drv_get_tsf+0x1c7/0x780 [ 1470.708213][ T36] handle_bug+0x184/0x210 [ 1470.712546][ T36] exc_invalid_op+0x17/0x50 [ 1470.717054][ T36] asm_exc_invalid_op+0x1a/0x20 [ 1470.721906][ T36] RIP: 0010:drv_get_tsf+0x1c7/0x780 [ 1470.727108][ T36] Code: 0f 84 3d 05 00 00 e8 18 6f bd f6 49 81 c4 20 01 00 00 e8 0c 6f bd f6 44 89 f2 4c 89 e6 48 c7 c7 00 8d 08 8d e8 9a 67 7c f6 90 <0f> 0b 90 90 e8 f0 6e bd f6 4c 89 ea 48 b8 00 00 00 00 00 fc ff df [ 1470.746799][ T36] RSP: 0018:ffffc90000ac7b88 EFLAGS: 00010286 [ 1470.752870][ T36] RAX: 0000000000000000 RBX: ffff88805abc8d80 RCX: ffffffff817a02c8 [ 1470.760837][ T36] RDX: ffff888143681e00 RSI: ffffffff817a02d5 RDI: 0000000000000001 [ 1470.768812][ T36] RBP: ffff8880284b0e40 R08: 0000000000000001 R09: 0000000000000000 [ 1470.776776][ T36] R10: 0000000000000001 R11: 00000000000b1998 R12: ffff88805abc8120 [ 1470.784741][ T36] R13: ffff88805abc9728 R14: 0000000000000000 R15: ffff8880284b06b8 [ 1470.792722][ T36] ? __warn_printk+0x198/0x350 [ 1470.797491][ T36] ? __warn_printk+0x1a5/0x350 [ 1470.802261][ T36] ? drv_get_tsf+0x1c6/0x780 [ 1470.806855][ T36] ieee80211_if_fmt_tsf+0x42/0x70 [ 1470.811886][ T36] ? __pfx_ieee80211_if_read_sdata_handler+0x10/0x10 [ 1470.818570][ T36] wiphy_locked_debugfs_read_work+0xe6/0x1c0 [ 1470.824568][ T36] ? trace_wiphy_work_run+0x190/0x210 [ 1470.829944][ T36] cfg80211_wiphy_work+0x2c4/0x580 [ 1470.835060][ T36] process_one_work+0x9cf/0x1b70 [ 1470.840013][ T36] ? __pfx_batadv_mcast_mla_update+0x10/0x10 [ 1470.846001][ T36] ? __pfx_process_one_work+0x10/0x10 [ 1470.851388][ T36] ? assign_work+0x1a0/0x250 [ 1470.855985][ T36] worker_thread+0x6c8/0xf10 [ 1470.860590][ T36] ? __pfx_worker_thread+0x10/0x10 [ 1470.865696][ T36] kthread+0x3c5/0x780 [ 1470.869775][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.874392][ T36] ? rcu_is_watching+0x12/0xc0 [ 1470.879152][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.883750][ T36] ret_from_fork+0x5d4/0x6f0 [ 1470.888349][ T36] ? __pfx_kthread+0x10/0x10 [ 1470.893029][ T36] ret_from_fork_asm+0x1a/0x30 [ 1470.897805][ T36] [ 1470.901060][ T36] Kernel Offset: disabled [ 1470.905377][ T36] Rebooting in 86400 seconds..