last executing test programs: 1m13.919956386s ago: executing program 3 (id=1813): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = io_uring_setup$auto(0x10006, &(0x7f0000000240)={0x9, 0x7, 0x10, 0x14b0e90d, 0x8001, 0x80, r0, [0x4, 0x9, 0xffffffff], {0x98a6686, 0xffffffff, 0x8, 0x6, 0x1, 0x2, 0x6, 0x101, 0x2}, {0x7, 0xa, 0x676, 0x9, 0x40000005, 0x1000, 0x1, 0x3, 0x2}}) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x302, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = waitid$auto(0x42, 0xffffffffffffffff, 0x0, 0x3, &(0x7f00000002c0)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x800, 0x7, 0x7, 0x7, 0x9, 0x3, 0x10001, 0x9577, 0x9, 0x9}) r6 = geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x2, &(0x7f0000000380)={@siginfo_0_0={0x4, 0xfffffffa, 0x0, @_kill={r5, r6}}}, 0x0) msgctl$auto_IPC_INFO(0x80000001, 0x3, &(0x7f00000005c0)={{0x10, 0x0, 0x0, 0x2, 0xa, 0x600, 0x2}, &(0x7f0000000440)=0x5, &(0x7f0000000480)=0x2, 0x83e, 0x8, 0x4, 0x4, 0x80, 0x1, 0x4, 0x3b, @inferred=r5, @raw=0x7ff}) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf257e0000002c453523575b045da02b4bfb0b04208a405c214743f58fe203c56168f52edd74d8c7672b1f3564ac7677df7c5299c4823152070c000000000000"], 0x14}, 0x1, 0x68, 0x1400, 0x4000000}, 0x0) 1m13.454495923s ago: executing program 3 (id=1814): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = prctl$auto_PR_SET_MM_START_STACK(0x4, 0x5, 0xffffffffffffffff, 0x67c, 0x3) io_uring_setup$auto(0x8a7a, &(0x7f0000000000)={0xffff8000, 0x5, 0x9, 0xc, 0x3fb, 0xb, r0, [0x18000, 0xdd, 0x7], {0x1ff, 0x921, 0xffff358b, 0x7, 0xffffffff, 0x7fffffff, 0x200, 0x8, 0x7}, {0xd, 0xe3f, 0x800, 0x200, 0x2f, 0x58a2, 0x200, 0x1fc, 0x7}}) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) setsockopt$auto(r0, 0x50, 0x18, 0x0, 0x2) lseek$auto(0x3, 0x7ffffffffffffffd, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mknod$auto(&(0x7f0000000180)=':,\x00', 0xcb, 0x101) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket(0x11, 0xa, 0x300) execve$auto(&(0x7f0000000000)=':,\x00', 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r2, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) socket(0x10, 0x3, 0x6) write$auto(0xca, &(0x7f0000000340)='\x04>2\x1b!\xe2\x00\x94\xf2\xa2\x00\x00z\x0e\x8d\xea!\xbc\xf8*\x84(rw\xee\x9c\xb4,\xdaW\x0f\xef7\xbf\n|\x9a\xd9\xc3\xe7%\xeb\x1b\xd0\xc4\xc0\xae\xf6\xdf\x90,\x84\x12o4\a\x87\xe6\xe6\x17t\xb3<\xed\x91*\x8a#\x938D\xb6s\x9f\x14\xd4\x97\fY\xad5\xf5\xe9Iv\xe0\xd9\xfd\xff\x02idN\x94\x81\xc3\xa6\xb1\x11pM->0x0, 0x4, 0x6, 0xff, 0x8}, 0x5, 0x4, 0x4b, 0xa, @raw=0x400, @raw=0x5, 0x200, 0x0, &(0x7f0000001140)="2ac580c95d95504c35bbcb6614afc50fbd861edbf9e1ac534e862ed99fcb6d3a37ba077a217f91a325f92e6017ba1536b94b4b2f3f55c58151fcd074c3cec72a55d4175369ef42806f42b434b7471ab8b50673d326aeed7e5cff3200854ad91068814d615320d7e156f2abb876c31792893755820ef6291a41890eed788af90946270aa048", &(0x7f0000001200)="4d0a269005797359d63efc8357f0a85b47b92704a10fa7b4e95fd3e780bf78dafd88"}) msgctl$auto_MSG_STAT_ANY(0x0, 0xd, &(0x7f0000001440)={{0x4, 0xffffffffffffffff, 0xffffffffffffffff, 0x8000, 0x5, 0xffffffff}, &(0x7f00000012c0)=0x5, &(0x7f0000001300)=0x3, 0x250, 0x7, 0x7, 0x7f, 0x5, 0xe, 0x7, 0x5df5, @raw=0x4, @raw=0x4}) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf2502cff3291849be3657003c80080019"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setresgid$auto(r4, r5, 0xee00) getsockopt$auto_SO_PASSPIDFD(r0, 0x1, 0x4c, &(0x7f0000001500)='_@s\x00', &(0x7f0000001540)=0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) r6 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) getegid() ioperm$auto(0xc5, 0x3, 0xc115) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) readv$auto(r6, &(0x7f0000001100)={&(0x7f0000001080)="7654bb5b8af1b89a0d9d32ace55fda928bd3d39a3a1e0f73b4eee6646929f1a81153dbbf8f0be6aacdd7107f2b2863e4a9d9e284254d43082d270a130977333de7866c6d0ecf7559df7bbe74c5dd37bb870fe8f75b2b2d4414787a7093bcc8d45f44d6986a5fea", 0x8}, 0x14f) waitid$auto(0x0, 0x5c5, 0x0, 0x4, 0x0) pipe$auto(&(0x7f00000014c0)=r0) read$auto_tomoyo_operations_securityfs_if(r2, &(0x7f0000000040)=""/4099, 0xfd98) 6.974933318s ago: executing program 4 (id=1975): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x280200, 0x0) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) copy_file_range$auto(r0, &(0x7f0000000000)=0xffffffffffffffff, r0, &(0x7f0000000040)=0x80000000, 0x200, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/id/vendor\x00', 0x2000, 0x0) r2 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_RTC_UIE_ON(r2, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x1f, 0x7, 0x0, 0x5, 0x2, 0x1000, 0xcb, 0x6c35, 0x3}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) read$auto(r1, 0x0, 0x20) write$auto(r0, 0x0, 0x5) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x280200, 0x0) (async) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/ieee80211/phy1/aql_txq_limit\x00', 0x822, 0x0) (async) copy_file_range$auto(r0, &(0x7f0000000000)=0xffffffffffffffff, r0, &(0x7f0000000040)=0x80000000, 0x200, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/id/vendor\x00', 0x2000, 0x0) (async) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async) ioctl$auto_RTC_UIE_ON(r2, 0x7003, 0x0) (async) ioctl$auto_RTC_SET_TIME(r2, 0x4024700a, &(0x7f0000000000)={0x1f, 0x7, 0x0, 0x5, 0x2, 0x1000, 0xcb, 0x6c35, 0x3}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) (async) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r3, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x20, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@HWSIM_ATTR_ADDR_TRANSMITTER={0xa, 0x2, "9e695f99bb0e"}]}, 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) read$auto(r1, 0x0, 0x20) (async) write$auto(r0, 0x0, 0x5) (async) 6.613491955s ago: executing program 4 (id=1976): r0 = memfd_create$auto(0x0, 0x80000000) socket(0x1a, 0x6, 0x968c) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, 0x0, 0x51) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x9, 0x3, 0x16, 0x93f, 0x1ffe0, 0x3, 0x6, 0x2, 0x0, 0x5, 0xfff, 0xf, 0xb0, 0x1, 0x5, 0x7, 0x9, 0x7, 0x0, 0x0, 0x0, 0x200, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, [0x6, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10000000000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x11, 0x8000000000000001]}, 0x1fe, 0x10081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa503}, 0x800}, 0x7, 0x4008) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$auto(0xffffffffffffffff, &(0x7f0000000040)='\xce*+#\x00', 0x80) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.7/usb8/bConfigurationValue\x00', 0x10b042, 0x0) sendfile$auto(r3, r3, 0x0, 0x2) socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x40009, 0xde, 0x9b72, 0x7, 0x28000) capset$auto(0x0, 0x0) socket(0x6, 0x5, 0x88) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wg1\x00'}) bpf$auto(0x0, 0x0, 0xf) r4 = syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYRES16=r4], 0x240}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r2, 0xfffffffffffff000, 0x2) socket(0x18, 0xa, 0x0) 6.611508966s ago: executing program 1 (id=1977): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = io_uring_setup$auto(0x10006, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x302, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={0x0, @_addr_lsb=0x8}}}, 0x3, &(0x7f00000002c0)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x800, 0x7, 0x7, 0x7, 0x9, 0x3, 0x10001, 0x9577, 0x9, 0x9}) r6 = geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x2, &(0x7f0000000380)={@siginfo_0_0={0x4, 0xfffffffa, 0x0, @_kill={r5, r6}}}, 0x0) msgctl$auto_IPC_INFO(0x80000001, 0x3, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x2120, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf257e0014002c453523575b045da02b4bfb0b04208a405c214743f58fe203c56168f52edd74d8c7672b1f3564ac7677df7c5299c4823152070c0000000000000000"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 6.280373776s ago: executing program 0 (id=1979): keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = io_uring_setup$auto(0x10006, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x302, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={0x0, @_addr_lsb=0x8}}}, 0x3, &(0x7f00000002c0)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x800, 0x7, 0x7, 0x7, 0x9, 0x3, 0x10001, 0x9577, 0x9, 0x9}) geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) msgctl$auto_IPC_INFO(0x80000001, 0x3, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf257e0000002c453523575b045da02b4bfb0b04208a405c214743f58f"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 6.205325781s ago: executing program 2 (id=1980): r0 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ILA_CMD_DEL(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010021bd7000fbdbd025020000000c0003000d0000baf39decfd8c8a9aca0008b50100000000000c00030000000000000000f4359d57866beea4218da646bd7d0f8f55834220c243720f433935617dcaa64a34b31dee96f21acfd71832412b0008000000000000c681a14f253fed723d39013db6e4305c0f08cc3e8df1cc3c3953ffb8f125fa18d9b363ceb8e15e588862180d669c921ae82bba7479f92255fa8e520af859e0cb6223af069efeb29ba154e6aab2d53b32346ac05d10eacff96493e56a9d32268153963bf152aab7810840b827c9beb25a", @ANYRES32=r0, @ANYBLOB="0500"/14], 0x50}, 0x1, 0x0, 0x0, 0x4004804}, 0x10) sendmsg$auto_ILA_CMD_DEL(r1, &(0x7f0000000200)={&(0x7f00000000c0), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="2cab1500", @ANYRES16=r0, @ANYBLOB="000425bd700000dcdf25020000000c00010006000000000000000c0003002ded000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20008000}, 0x4000004) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) (async) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) (async) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) (async) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) (async) r3 = socketpair$auto(0x1e, 0x3, 0xfffffffe, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x501101, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x10002, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x10002, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x4000001) (async) sendmsg$auto_SMC_PNETID_ADD(0xffffffffffffffff, 0x0, 0x4000001) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, r3, 0x8000) (async) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, r3, 0x8000) sendmsg$auto_SMC_NETLINK_ENABLE_HS_LIMITATION(r2, 0x0, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, 0x0, 0x20000000) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(0xffffffffffffffff, 0x0, 0x8000) write$auto(0x3, 0x0, 0x100085) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.112278954s ago: executing program 1 (id=1981): socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x2, 0x0) (async) bind$auto(0x4, 0xfffffffffffffffe, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0x1, &(0x7f0000000100)={0x0, 0x400000000000fdef}, 0x1) (async) pread64$auto(0xffffffffffffffff, 0x0, 0x7fc, 0x400) (async) r0 = socket(0x22, 0x1, 0x80000000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/trace\x00', 0x600, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x74c) (async) unshare$auto(0x40000080) (async) sendmmsg$auto(r0, 0x0, 0x3b87, 0xa) (async) mmap$auto(0x0, 0x400008, 0xe4, 0x9b72, 0x2, 0x400) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) unshare$auto(0x384a) (async) r1 = socket(0xa, 0x2, 0x88) (async) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) (async) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7fff, 0xf9) setsockopt$auto(r1, 0x29, 0x10, 0x0, 0x1) (async) socket(0xa, 0x801, 0x84) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) bind$auto(0xffffffffffffffff, 0x0, 0xffffffe6) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose9/phys_port_id\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)=""/150, 0x96) (async) write$auto(0x3, 0x0, 0xfffffdef) (async) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) (async) mmap$auto(0x0, 0x400005, 0xfffffffffffffffe, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) 4.655115611s ago: executing program 0 (id=1982): r0 = bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_LIST_ASSOCIATIONS(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r2, 0x305, 0x70bd27, 0x25dfdbff}, 0x14}, 0x1, 0xffff0000}, 0x84) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x812) socket(0x11, 0xa, 0x300) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0x403, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x2000, 0x0) io_destroy$auto(0xb8) socketpair$auto(0xfff, 0x5, 0x10, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) socket(0x15, 0x5, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/audit\x00', 0x40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x8000000000, 0xc3a, 0xe2, 0x9b72, 0x7, 0x1000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) flock$auto(0x6, 0x1) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1c9002, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2) 4.639824677s ago: executing program 4 (id=1983): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x5) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xfffffff8, 0x8, 0xae85, 0xffffffffffffffff, 0x4, 0x7ff}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)={0xe123, 0xffffffffffffffff}) getsockopt$auto_SO_RXQ_OVFL(r3, 0x42, 0x28, &(0x7f0000000040)='\x00', &(0x7f00000000c0)=0x8) r4 = socket(0x15, 0x5, 0x0) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r5, 0xaf02, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r7 = semctl$auto(0x1ff, 0x2, 0x13, 0x1) r8 = socket(0xa, 0x1, 0x84) getsockopt$auto(r8, 0x0, 0x483, 0x0, 0x0) r9 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000080), r6) r10 = gettid() r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_GET_DAEMON(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)={0x14, r12, 0x701, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x40000) sendmsg$auto_IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[@ANYBLOB="fc0a0000", @ANYRES16=r12, @ANYBLOB="000225bd7000fddbdf2501000000cf0902807afeeb1d94177babd8ff85c5d5a22acea2fb870cfb522f8c6798bdfd3da8a1f33ae26dd7503103c21939a51e39a86ffbb755af27b60abaf791eff3659a11a48870deac2a9ba66438e6e8ba7cc918bbd75ab6433f6e0097f458e9c09494176faf4f3ca44310d6f31d7adea18535b18cc25ce46ecbe19839e858c6fa541a3d7a0903389e6adce9c110599fd32ce2c294ea9d6447da1d6e2d04c806cdbbe47ff6c4664e5836513dd0cb91827008a5f06c49b03e6fdce12f5a8fa00ffc27a7fdcd6e785794c9d3a06ef07d83491eba38f63fa314c18824c30400c9000800410007000000060024007b0000004b07d88008002300", @ANYRES32=r2, @ANYBLOB="d10037800400a680caa3863ab9f7aef5774b8f5198307f19298b9bfb2e21197ec01532fab56a5f22e17e4def897ac1b69ad0cf1ea7920fa290247d303c5479ceda0d84a808739fa06287e87037f412a6cefe4d241fc07ecda933f684cb2f1b782292efb4606050fa5a5dc613814419506a53c36d6d6f5749f86d40d8a598f65f332be4612198e5c5e30e219ffe62895986bb1d25298c412b3b2b77cbbddf01f10160e8667801a15be8f56c8847ed46856214f2c9c12365a233d001edc55050ed10e8ca5f146d8a35bc02390b3c3cd258b5000000ea01e68005000600000000000c005500212d5c252f235d000400a68034f38cc37698374e38e21266fbb94e78aa53d693bd5c845862231596774c783f30cacf5d06e8b21e783745f56006869f7ca8ff2914433b976c5b497c69cf4d49a4220b9d389ff41952fa38870cfca76e039c69b8367321b83a2bff21336038c2e1f4ad6233c3bf5346e09aa44b676252ed574de5b1688100e3987cd1e832c6476712885c2d1eb3b5656a6cca4d9b3e19aef3794ab78c3b20f2a811e57e655f0ed81609cd0f113aac66a04833e10ac3a944b4cae34a8d045fc88168f95824dd75fac28480bbd676d6579eb2ac9946c6f17469b515d508876e39e1dc87a8011f83e0e4e99e2169653af56c2be793adc8da9ff5f58908000b000000080046a5a12786f67bc7a782ed23b19699b30b4acafd5fd3b3fc71357f1406524074a54b15fa69a0b922f7cd823937b9d5b059a73d6137ffd0b622c7fb3f1c6e9aeed1d074327c85d3833a1ec1edc3b29cb2ebdd80db1baa4c11bddbfa787cc57c81db55cef5d70417d487bbdb20c865d18db9db20a1461f65411f26d9ee3511d6804ddf31820f9d624f19ca5992d18668fe18c7755ae656fececfb2d2468478245909a8ed3f45e029413eef8ea5d562c8107112806880cb83b1ab989220eb10c1e612a14e235c91ad8a4827dadbe2b7000008009600", @ANYRES32, @ANYBLOB="e902e380b6227679047387ffaaefe8332dbe1ffd762f6845243db8bcb8fbefcbdfe532261f095745e2818dd1b2c814c3576ff837443fa3f1b1210cc548d9cb6533f9ce063bcd641e5b2738831ff27915c951487beac288358f69cbfcf9d349757566312bba97a95ff688cdf5fc89bddc1fd102a15908cc473eec38f27c32e59505d7bf04f3aef455a197ce818e23a1f727d646618c42fbb32ec833953a08c6b1d3a1762c53dceee9617640a10492df41004243f251e325eca7a72f2d3c3c4a7f77b51e3e7003d683171386fb2a02656fe154f1197fded8484549491c9b6b78e7e00bc529cf690be60d7023d46e2d22770b166b19d72afa6af02100dd25d8c7edd01fd6d1cf53f7954c6fb4df106f559cad2110761ebab95cf3cc66057f0a65cc4ef1f29b7ad5460c278b57988dddb22cd8c7468f4dc0bed57aab5d0a7a4301419f77a4ae931217884e70b049f338a7f5f05cebdd617004000a8067014f806f0009801bb84ec57bd7938dbe212a9297340b328870294c89dbeac05504be275b1be75d16dc2ea1f9a3af469c2909b984647c408f97040aafd0c9cce156266c0b0adfb9876ac75e83fa0c3b1d2726fc7a820ccdc39d4d089bf1ec08008900", @ANYRES32=0x0, @ANYBLOB='\b\x00\r\x00', @ANYRES32=r0, @ANYBLOB="040020800014006d80080034000500000004004a800400df801003513e59ea6468b5419ad4003b0032938f3facd3c9363416d4629ead24517644f587ed4310060bf92f76c11fa27425be809c309d32baf80eafe0e858c45a8a78de4952c26859ec97d757e190dfc21f2d1a3b24b6b0465faa66ff7789205a06354b2a0edc4cf7a962bc237b95c5f33d89d0f45379068f37aea22b4899bcd83f0b561d0677068fe61b2ab1e0a2aca692e243c58725390371c0e515a402e8b63acb7c2e3c085129ce432515ed0240d0c83a5d03465db9a8da242dbd2cc0d4aa1ff3cc3bac95c6fbb78f3d70b5ce5b9a1fd5ef0201c0a994515677d3e59d02110008000000", @ANYRES32, @ANYBLOB='\b\x003\x00', @ANYRES32=r7, @ANYBLOB="9073edf9439ecf6d3ea3872efeae8e835ee7bab9db09650000000c000b009a0000000000000086fe79c231df1c7315229082b0049ae449b1c80b18f532597f273c7c97f130c5a488a7b7a001d6dbb2e4b331c2e4e88bb1cf11180bf2a527b47520475e35fd7bdf60056ece45b4b907eeddb85cfffeda8a0a4872b59a3fbb9e93ca64eb8ca05c1afa2318125377de8e4d3d977f1b75f6254fb4f1dbc105a6474cf4cb4f8e4333cb4ac0812aba6d1294438f0d08753e74c6e00afb840662a246184429ac86a7259d6028be8065f2227757fa4dc44e50c85a59a63749de27f67770bc6ee0469f04c863913c88e9ceebc59bc1bb900752797c9faf81df8e9f3b5b2cab6cc07896f391d3752e98bb427e010cad9841153630aef182ff55cb14bc05ba3ecd2b5e9c3e1dc8b5239e2c8c6e44fe0acce81270e26d375793da0513599cd78d02517529649b4ce3a160a1314feae4868f5d754eaa0c5957c3626cc8a9449ae6851689a48ce429418d7dd7b00446868e6f6529f497fbe0c1bca8e6c9836c8fd29480e59c41d2280be2384062ca9a232b1196323ff9b0baf9f28f925c69d51e31f7fa195400550d765e4f667e991d527fe2be5bb41e6a84d19a8e895e031292263792f705c4be837aaa996077b7fd96cb545f4c57137269c65ac56f3a237523f2eabed09ad4e51ce3a9963da75cc4d92d8ba046cb76ba387b7197d62ded8869d25005ba4c91b47e3fb6faf4dd3712e28a48a109680567465ec3f96e666a8d6c2831bb924a56ea74403b398556f5ac7cf82e7a697d1b7ad3167f2a0ebce7589018b6289f2c55622494b537f1da7f99c36847113bc666580a2e9376f05cecdcec117a060fb1be5f642096b7b6f074534ca6922ee58d01d9558aa3fe96e02fdd4ea978306d4fed406d61d9af4fa5c443816dfb4708000000", @ANYRES32=r1, @ANYBLOB="2000e4801000c600b06e461b7d890eee94d5a82e0400a28008005c00ac1e00017e00d38008001b007f00000104001e800400068008005f006401010208009d00010000000400c980d0e8ad7ffc3f9a46dfa7ded4f12ad0bf3cd82acf35ff5da8b7febca0f86d777aff778baf36b74dcc9060f034a1bd89249c733ae18e792e77f3f0a1e5be49f9d348a9af831ee57c2daaa18022bb21a44777c90b2530a3000000ff00028077a2c6600931cbc21814bc3998637b4e9fdd36778c7847582369a08c12d7f233ae617874bd45eb616dbf995b96a2739baded15899ae1274ba9b746106f3a4580d25f02526b6febfa25b237ff1533eca82b92de36bcfc9b68be4aeaad640c869e037cf70ba04a8831ad8dfe23b6253a1dc33467bfa662921cb8b6735b94b508ed04a61e7ad3eaffcf8b139bb901638021de795101e1b53605258cedeb3a3a9c6ce75baed6d38c7ae9d4bf93f32820ee67cc8df3198696a1d3b1283db34a857a33373a67a4067bf82b0663fa331ef98da2c20ccb99758b9669061ccaeda45fa9f4028e731ab0a2a6a189ecfed24eaf7448a1c260d872fd3bba68afbf0008000600ff01000008000600050000000800060009000000"], 0xafc}, 0x1, 0x0, 0x0, 0x11}, 0x80c4) sendmsg$auto_TASKSTATS_CMD_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010a2bbd7000fbdbdf250100000008000200", @ANYRES32=r10], 0x1c}, 0x1, 0x0, 0x0, 0x2400c8c1}, 0x20048090) write$auto_bm_status_operations_binfmt_misc(r3, &(0x7f0000000100)="6a496d3399a41142d3af5bf75b48661e3c1727fc4ed01e4c764655ce2c81a455866a20903865eabaa56851232b65852ed6303a8f0b5092dcfe54130c3f3bb0b8bab0db14bd6a7dd02dd4ea5dc4ce189a92ea955c1f7cc2b69db5830361", 0x5d) setsockopt$auto(r4, 0x114, 0x8, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x6b) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) io_uring_setup$auto(0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x20000224, 0x5, 0x1, 0x0) clone$auto(0x2, 0x2, 0x0, 0x0, 0x2) 3.552881673s ago: executing program 4 (id=1984): mmap$auto(0xfffffffffffffffc, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity\x00', 0xe0182, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0xef0, 0x8) listmount$auto(0xfffffffffffffffd, 0x0, 0x8, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x110c230000, 0x1, 0x9) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) futex$auto(0x0, 0xc, 0xffffffff, 0x0, 0x0, 0x4) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/178, 0xb2) mmap$auto(0x86, 0x2020007, 0x8, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xac}, 0x5, 0x0, 0x1, 0x697b}, 0xed7138c}, 0x2, 0x9) recvmmsg$auto(0x4, 0x0, 0x7, 0xe, 0x0) mmap$auto(0x0, 0x7, 0x3, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) shmget$auto(0xffffffffffffffff, 0xb0d, 0xa7db6ba) unshare$auto(0x8000400) memfd_secret$auto(0x0) fchownat$auto(0x2, 0x0, 0x4, 0x8001, 0x1000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c5dd100", @ANYRES16=r2, @ANYBLOB="01002abd7000fddbdf250400000008000c0003000000"], 0x1c}, 0x1, 0x0, 0x0, 0x404c091}, 0x40000) 3.533196534s ago: executing program 2 (id=1992): syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x24000800) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e0027b4839f3015398d3b", @ANYRES32, @ANYRES32, @ANYRES64], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) (async, rerun: 64) mmap$auto(0x2, 0x20009, 0xdf, 0xebf, 0x401, 0x5) (async, rerun: 64) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/tty/ptysb/power/runtime_status\x00', 0x1, 0x0) mmap$auto(0x1, 0x40009, 0x7, 0x75, r0, 0x20002) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$dir(0xffffffffffffff9c, 0x0, 0x840, 0xc) (async) socket(0x2b, 0x1, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2481, 0x0) (async) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, 0x0, 0x783300, 0x0) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, 0x0, 0xc0401, 0x0) socket(0x2, 0x5, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async, rerun: 32) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/mnt\x00') (rerun: 32) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) semctl$auto(0x204, 0xfffffffe, 0x3, 0x4) (async) r2 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r2, 0x0, 0xc3) r3 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x68a80, 0x0) ioctl$auto(r3, 0x400454ca, 0xffffffffffffffff) (async) socket(0x18, 0xa, 0x1) (async) connect$auto(r1, &(0x7f0000000000)=@qipcrtr={0x2a, 0xffffffffffffffff, 0x7fff}, 0x26) (async) socket(0x2, 0x6, 0x0) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) 2.860941849s ago: executing program 2 (id=1985): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000980), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'dummy0\x00', 0x0}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) getrandom$auto(0x0, 0x6000000, 0x3) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x100000000, 0x66) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000ffdbdf251a0000000c00018008000100", @ANYRES32=r2, @ANYBLOB="425adb18aab4f6520c787ea1d58a651c39e81febd06f813a3eb671a622181eedc5bfbed749ea2c60"], 0x20}}, 0x40000) 2.858581445s ago: executing program 0 (id=1994): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_ADAP_G_LOG_ADDRS(r0, 0x805c6103, &(0x7f00000001c0)={"8911bd3a", 0x7, 0x0, 0x6, 0x20004, 0x38c, '\x00', "1dcf4f2e", "f34cae3a", "10a991b3", ["94e900008000", "006d8d13fc00", "0149f0a7102c3fffab592db0", "0059c09dca7de9bdbbc6be07"]}) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x0, r2, 0x4, 0x10008, 0x7, 0x1000049, r1, 0x7, 0xd3}, 0x1) sendmsg$auto_HWSIM_CMD_DEL_RADIO(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x3264e154, 0x0, 0xfffffffffffffffe, 0x9d}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x4000, 0x2003f0, 0x15) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x1, 0x0) 2.096077558s ago: executing program 1 (id=1986): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) set_mempolicy$auto(0x3, &(0x7f0000000000)=0x7, 0x9) io_uring_setup$auto(0x6, 0x0) get_mempolicy$auto(0x0, 0x0, 0x9, 0x0, 0x1) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x6, &(0x7f0000000000)={0x0, 0xfc6}, 0x6, 0x0, 0x7, 0xa505}, 0x800}, 0x80000000, 0x4008) set_tid_address$auto(0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv6/fib_multipath_hash_policy\x00', 0x141041, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kfence/parameters/sample_interval\x00', 0x102, 0x0) 1.503675953s ago: executing program 0 (id=1987): unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/rose8/address\x00', 0x752502, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd0\x00', 0xc0c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xa, 0x15) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) mmap$auto(0x401, 0x2000009, 0x6, 0x18, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x1, 0x0) shutdown$auto(0x200000003, 0x2) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/scsi/sg/debug\x00', 0x40, 0x0) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, &(0x7f00000002c0)=""/286, 0x11e) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SOUND_MIXER_READ_DEVMASK2(r2, 0x80044dfe, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1.358193347s ago: executing program 1 (id=1988): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setresuid$auto(0x2, 0x7, 0x8080) setsockopt$auto(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000040)='!\x00', 0x1ff) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) io_uring_setup$auto(0x401, 0x0) ioctl$auto(r1, 0x4b66, 0x1) ioctl$auto(r0, 0x40104d02, r0) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, &(0x7f0000000040)='}+\'%\'#@^\x00', 0xffffffff) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r2, 0x0, 0x1f40) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigtimedwait$auto(0x0, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffefffd, 0x17) madvise$auto(0x0, 0x20499d, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0x5, 0x800, 0x4) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x10000c5, 0x0, 0x40eb2, 0x402, 0x300000000000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x200000, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) 1.250313622s ago: executing program 4 (id=1989): close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/tunl0/queues/rx-0/rps_flow_cnt\x00', 0x2462, 0x0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="110b27bd7000ffdbdf250900000800030000", @ANYRES32=0x0, @ANYBLOB="080006"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x1000) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc045}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000200), r1) sendmsg$auto_IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000480)={0x20, r2, 0x1, 0x70bd26, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x4c}]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000001}, 0x40c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8000, 0x1, 0x8, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "787d66da4a620eab7f736e854ef61529", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000140), r1) shmctl$auto_SHM_UNLOCK(0x7, 0xc, &(0x7f0000000380)={{0x3, 0xffffffffffffffff, 0xee01, 0x2, 0x8, 0x7ff, 0x200}, 0x7fff, 0xf5, 0x3, 0x6, @inferred, @raw=0x1, 0x8, 0x0, &(0x7f0000000300)="21b9acf5aef4845047bad6f4a9baaecfab35a48d81ae799b87eb1d668dd5a6389283bad3300d9ab64ca328b2241bab01cf56376d16cf857558966e1c2934078101a8f2cf88248e19055746d2fd630522e516654a07b75335b8df7fd4d120195dc1903e111e", &(0x7f00000004c0)="78855b80099f24227bbb7b3929837aae1dafa484f615187e86f3159b6d66ef6dbd9a04567beba838d697e343121e4ca2c29caa19b724cc952e1de93371911bc6d67f4a6fdd09d697a1cc85665d78f0f01341215d23f8a84345487918cb5b85920afdee16104e9e00b9c6df8e6fbc6d8df16e26cbc5d3f65fc19951738bc3b1dac7fbcf1698bdfd2b98dbadc46a52a81107c2c7f470e6842eea5da7be4f2f2816f2e55df0ef1bb3a341b8930133bf9ab5e4bf8cdf831f45ee08fc1dec959fcb42255c0b3b4c159fb0d2fa12c45e1522e5"}) sendmsg$auto_NL802154_CMD_SET_BACKOFF_EXPONENT(r3, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000400}, 0xc, &(0x7f0000000180)={&(0x7f0000000800)={0x9a4, r4, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@NL802154_ATTR_WPAN_PHY_CAPS={0x701, 0x18, 0x0, 0x1, [@generic="40d3d3879c6c9002c710873f4643089326fdba424d593ca0fbcf36f96c3b54d092709a9a036d7ab21d9bea0ef033e504cca90a1f33e62b40d9654d03abb3290ceaeda0dfa45352714786caecc1606f4424ac2b9c335a2c71b6f0114a93acc0834f2eaf12db2bc27f40a341f1d88d509d97949567d2cc2e1d23e493ae59fb83a695c60307f564a155febbf4117be53f5b6e71b3bc8b66cdb02c3ce38c4c8c2caa55ac2c03cc8ab0e06010ccc08c7fa6d35ce02a5ac2d30f5613d059e58655976ccf6e0d1bb98c00642325abdb6421fccd8b0ae824753f9459d137b779b4e878c00d8415dbb3baf90612599c9b6a643f599e73e40f0943d3fb3702", @generic="31fa1816616ff5", @nested={0x4, 0x114}, @nested={0x260, 0x14c, 0x0, 0x1, [@typed={0x8, 0xc3, 0x0, 0x0, @pid}, @typed={0x8, 0x7b, 0x0, 0x0, @uid=r5}, @nested={0x4, 0xe7}, @generic="f8ff2b3520302a6b2256a6aec3999f735861c5b785baee6cf09642a22e9303df6163352b01d4eca30ea2f14edddf0a501f58b86033f9e6f58a128f0983680103b51c73f30331d10b875738c01942538eba689061630f1d786bf0b47bca98018a3a5cb79ecc007f502823fb8d0e2c862a16d9e8e3c118e0db74c7bd68ed0af7220d", @nested={0x4, 0x72}, @nested={0x4, 0x13a}, @typed={0xc, 0x151, 0x0, 0x0, @u64=0x3}, @generic="3dbad591449b02c2d3c6dd83cab63b46c210fd48babf06427fc180665ab708ed04e60ac721d8065267ea800717c72e796d00478987a5939587a29f80b8a9a4022a7240a9842e9e744000ab79ca7a5d80e9ffa750cec5a0b84bbd555c19cf9e863f807987fa7900340e964b25cf4c54a247e9e72d2f556e7233899aa19524c450a72f8bcb7ec9c200a80d7f27c876225b789656f4480bdd7bdefab64bc17fa5d809de599a23399d280ab2d2b37926c1e4a75b59e5003a8dc46932038fd1", @typed={0x14, 0x101, 0x0, 0x0, @ipv6=@private1}, @generic="8807e3949b57adf140e39b27a7c6924f4dd71174168b7dde02d1150c52b6d436bded29afa8ee80b2ff771120a6fbde9919028b384a9c6cbd3f4484143a1f0121a4d95a749262e9282e2b36d5511ea6ddb7ae85c50afa7f26128e800fe3f9de3227a55220b15f9686849c065f6f6d554c7889f5483bf1f3446c56dcf26e0fbf1ceb9c9fd9dc593d34cc0692f1c16f443fac25e7361afc1b69ffc69d3165d777e995b3d74f4ede26020cef572ca9740db375b4613b85b78d2ac38f93cd8b9607cbde61b17a0891eb278b4441a09d3f2f0453696a562aa4c6dd7f6a018ad658c55859ce"]}, @nested={0x2dc, 0xbf, 0x0, 0x1, [@generic="2299d173694f36fd2f1ca0e4325cab8a6ce4d2b413f9152fc4633df61682eed81eade6b674a9e49fdcc43a85537ea91dfb6dc43ef84425a3c7bb46369acd0ba11b99a2fb7d98789b5a03b27c661982db606e98f9cb6ccbae2a1308e4e2bdb936e95a205216382358e3ab576570a5d2fba77b9562ce6146328d9ecb232200b75d5d5140c0f5e2a6572351628a4281b6a880869f1c01aa10b184b2abc1dfbf627c5ca70f787a8e168f397c2e4b812ce6689d75b3245703ada8f987b07e3cfc9e585765a6557c79ef9fb63119a049fc5600bc3e61312d", @generic="760fc5a53f1f625df4d20b49a77544e8f06b05d0bd9f27bfb344746464beea7b11d0d2c58d67649e9ca475aeca30446b49e4111a2bf2d14d77b7be96c4117ec1c9ade562e5db692ab1355af5108b906b240c6f1b72f47da524e02c8b8f7d873d3900fdd7ad5d317cd1759485229fa07f89c8f5d4fa04ff0e30ecd45e2e9a65310614353b3b4d77c3bcc7a3b304aa11d634c0f691ecc651558d964b6035b160ca1f75fba43d821ae987255a9734e36e99e862d588104cb0604bdd043f3806034c5301eb7c8dcdb90144ec43de6186bf4bd185d3", @typed={0x68, 0x4d, 0x0, 0x0, @binary="68aee059e6f907f1f1631c9bc6b3d71290a2d7b9d7248f1d4fb8edec2af182d95f0d0b7e91293e4492f2af82ce880ae071e3352cb042def83eb73106d74f3966055834abb2f5a5d541bbceae732b01f04f5289ba677965b7b27dc2a7819e225deee05697"}, @nested={0x4, 0xea}, @generic="965572bb9d5ce63a512b2daa5311c284dc4ba84aeabdacf591085e96ff5957a500d406a62b9d7de0a7bb543b3481b41badd921a8025f3dae6498944ea6f96897e6d7e3a88f7cb6ad19dad63a72b70c13db9f7003734dc00a1a513d8f59fb4e23e79f16574b6352dc5a8735542f986f551beeccf9eed881d7b0a25e4f057d51960fa91a6fdce60f4a2c34e95fda6ab60d55701c4ffe99e677c60a47130545ca8ccc03986df87f6927f9099f2f6dfadcd8dbed7aa0f8aee20d97dafcb07096c013e0e6c518"]}, @generic="64238ef70b70a45a55e5c7a9816665c9a081867f2ddedc0e72b76ff30577d8a9e9d70207f66417bd0e18231823fb8ec1131ff9f6e082258dea9565370f70282b541a1d76b8e426f44a44c6e6035b7e3a1b98b023cf61ab9bfeedbe4f226be00c1a2f68c5e6bf099e70ab1cda68ae251204384c4faca7edfb51d96798234e2c2662423409de430110891802858c413d84fee3a98d29019080c3502fffdd3e92588b3d8d30a9ac5563708bebd086f27cda11fe49039373552a1fb8cd4c"]}, @NL802154_ATTR_SEC_DEVKEY={0x270, 0x2f, 0x0, 0x1, [@generic="b89e0ed265e21290ebba5c0368aa556b577d5faafdb39a5fce98d79129bd0eaa834ca7b58bbdc790b34c9693f20204f60b28893c3857a437e7e910e42dfd9cec", @typed={0xc, 0xe9, 0x0, 0x0, @u64=0x2}, @generic="a39a399bb5054d32cace7780db6d7934cfcd718f5235a6dd8a694bc190da2c86816675fc054e09a6d4edce1e9d8b1f1fc6b77f9a1833bf1950990e8a47ceb897dc64ab7b4a", @nested={0xc, 0x52, 0x0, 0x1, [@nested={0x4, 0x61}, @nested={0x4, 0x40}]}, @nested={0x167, 0x11b, 0x0, 0x1, [@nested={0x4, 0x115}, @generic="73cc2675e8bfde6d6a2f52f56b11054c38caae0edcf46e46f1ee8b97e4d5a9805b0a9b2968b12dadd115467ffe1f414d77d222180bfa6bb4d2304f6bedd89f76f17bf55ec93d0495333dda61627e321cd0ad71015a6ae9e9142082b85dcd6aebbd0cd6211a6d0ed4cce8229a744c261755352730250f988b6e33337bed823236e85108986cbb5b3e21446755aeece8b6c0e938349b7c143d11", @generic="a5fa4538683b6a0ebb5da0e72a98b9bc6cb20773fb076dabe75ba180d19d3fb45d9f00058cd011679cac58d6b5bd9d81533e5df2314a7225cb049c06620519d07040f583a9a4c6c0a1a953cd450661abdf34570985d43f4b7699064b1f33ec51b15443c6bfda658dcb59e7a681529ba974dcf469e3b8930d79443d198903df76c5cdbca14b2689fd3048d47b602057507da4df48f10726769117d640b20961952ba50c3c9f5039ba3c592791161564584a30dab0ff0a7d7aeb0b7a899317e7688b630fb3df20"]}, @generic="7452aeb3620922ce5c48f7a7a70ce9e8e5ca31252de8a150360e037437414d7a34e1b874348c90059cca64988326185ea7cc99d2ac2b4c92b3748497033454a666", @generic="49f1a1fbc42603fac208f433da2c9dafc7953c43ac53aba593d06c85aece392bd8eb6ce1313e"]}, @NL802154_ATTR_IFNAME={0x14, 0x4, 'vcan0\x00'}, @NL802154_ATTR_BEACON_INTERVAL={0x5}]}, 0x9a4}, 0x1, 0x0, 0x0, 0x404c000}, 0x50) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) r6 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r6, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x9, 0x3, 0x800019b72, 0x9, 0x8000000000008000) r7 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC0D0p\x00', 0x20002, 0x0) ioctl$auto___SNDRV_PCM_IOCTL_SYNC_PTR32(r7, 0xc0844123, 0x0) read$auto(0x3, 0x0, 0x80) 1.10917275s ago: executing program 2 (id=1990): keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = io_uring_setup$auto(0x10006, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x302, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={0x0, @_addr_lsb=0x8}}}, 0x3, &(0x7f00000002c0)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x800, 0x7, 0x7, 0x7, 0x9, 0x3, 0x10001, 0x9577, 0x9, 0x9}) geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) msgctl$auto_IPC_INFO(0x80000001, 0x3, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf257e0000002c453523575b045da02b4bfb0b04208a405c214743f58f"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 615.355464ms ago: executing program 4 (id=1991): mmap$auto(0x0, 0x40009, 0x80000003, 0x9b72, 0x7, 0x1000028000) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0xa, 0x1) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20004815}, 0x8800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB=']'], 0x1ac}}, 0x4) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, 0x0, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="8b0500000000fedbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}}, 0x40000) r2 = openat$auto_dmaengine_summary_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x24800, 0x0) statx$auto(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x7f, 0x8, &(0x7f0000000340)={0x6, 0x1, 0x4, 0x7, 0xee00, 0xee01, 0x0, 0x1000, 0x8, 0xc844, 0xffffffffffffffff, 0x7, {0x9, 0xfffffffa}, {0xd9b, 0x5}, {0xff34, 0x1}, {0x100000001, 0x9}, 0x1, 0x1, 0xb, 0x3, 0x7fff, 0x8001, 0x4, 0x9, 0x7d5, 0x4, 0x7fffffff, 0x89, [0x5, 0x1, 0x81, 0x7, 0x8000, 0x0, 0xe, 0xc23d, 0x4]}) fsconfig$auto(r2, 0x1, &(0x7f0000000100)='3(#\x00', &(0x7f0000000180)="8991fc4a0409c39d895766c375cd5dc65dca7f36df243c206fcafb11d801088c1861b7eae2692a96bb973271a63ef6061037d2d1787af57aaaf921206140b18bf9c97341fc22050e7f9bd5579e1dd78b5fefc890687a6a94d8469f10169a5516d9063d566718e2", r3) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 446.255114ms ago: executing program 1 (id=1993): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x5) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xfffffff8, 0x8, 0xae85, 0xffffffffffffffff, 0x4, 0x7ff}, 0x6f4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto_VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, &(0x7f0000000000)={0xe123, 0xffffffffffffffff}) getsockopt$auto_SO_RXQ_OVFL(r3, 0x42, 0x28, &(0x7f0000000040)='\x00', &(0x7f00000000c0)=0x8) r4 = socket(0x15, 0x5, 0x0) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r5, 0xaf01, 0x0) ioctl$auto_VHOST_SET_LOG_FD2(r5, 0xaf02, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r7 = semctl$auto(0x1ff, 0x2, 0x13, 0x1) r8 = socket(0xa, 0x1, 0x84) getsockopt$auto(r8, 0x0, 0x483, 0x0, 0x0) r9 = syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000080), r6) r10 = gettid() r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_GET_DAEMON(r11, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000007c0)={0x14, r12, 0x701, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x804}, 0x40000) sendmsg$auto_IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[@ANYBLOB="fc0a0000", @ANYRES16=r12, @ANYBLOB="000225bd7000fddbdf2501000000cf0902807afeeb1d94177babd8ff85c5d5a22acea2fb870cfb522f8c6798bdfd3da8a1f33ae26dd7503103c21939a51e39a86ffbb755af27b60abaf791eff3659a11a48870deac2a9ba66438e6e8ba7cc918bbd75ab6433f6e0097f458e9c09494176faf4f3ca44310d6f31d7adea18535b18cc25ce46ecbe19839e858c6fa541a3d7a0903389e6adce9c110599fd32ce2c294ea9d6447da1d6e2d04c806cdbbe47ff6c4664e5836513dd0cb91827008a5f06c49b03e6fdce12f5a8fa00ffc27a7fdcd6e785794c9d3a06ef07d83491eba38f63fa314c18824c30400c9000800410007000000060024007b0000004b07d88008002300", @ANYRES32=r2, @ANYBLOB="d10037800400a680caa3863ab9f7aef5774b8f5198307f19298b9bfb2e21197ec01532fab56a5f22e17e4def897ac1b69ad0cf1ea7920fa290247d303c5479ceda0d84a808739fa06287e87037f412a6cefe4d241fc07ecda933f684cb2f1b782292efb4606050fa5a5dc613814419506a53c36d6d6f5749f86d40d8a598f65f332be4612198e5c5e30e219ffe62895986bb1d25298c412b3b2b77cbbddf01f10160e8667801a15be8f56c8847ed46856214f2c9c12365a233d001edc55050ed10e8ca5f146d8a35bc02390b3c3cd258b5000000ea01e68005000600000000000c005500212d5c252f235d000400a68034f38cc37698374e38e21266fbb94e78aa53d693bd5c845862231596774c783f30cacf5d06e8b21e783745f56006869f7ca8ff2914433b976c5b497c69cf4d49a4220b9d389ff41952fa38870cfca76e039c69b8367321b83a2bff21336038c2e1f4ad6233c3bf5346e09aa44b676252ed574de5b1688100e3987cd1e832c6476712885c2d1eb3b5656a6cca4d9b3e19aef3794ab78c3b20f2a811e57e655f0ed81609cd0f113aac66a04833e10ac3a944b4cae34a8d045fc88168f95824dd75fac28480bbd676d6579eb2ac9946c6f17469b515d508876e39e1dc87a8011f83e0e4e99e2169653af56c2be793adc8da9ff5f58908000b000000080046a5a12786f67bc7a782ed23b19699b30b4acafd5fd3b3fc71357f1406524074a54b15fa69a0b922f7cd823937b9d5b059a73d6137ffd0b622c7fb3f1c6e9aeed1d074327c85d3833a1ec1edc3b29cb2ebdd80db1baa4c11bddbfa787cc57c81db55cef5d70417d487bbdb20c865d18db9db20a1461f65411f26d9ee3511d6804ddf31820f9d624f19ca5992d18668fe18c7755ae656fececfb2d2468478245909a8ed3f45e029413eef8ea5d562c8107112806880cb83b1ab989220eb10c1e612a14e235c91ad8a4827dadbe2b7000008009600", @ANYRES32, @ANYBLOB="e902e380b6227679047387ffaaefe8332dbe1ffd762f6845243db8bcb8fbefcbdfe532261f095745e2818dd1b2c814c3576ff837443fa3f1b1210cc548d9cb6533f9ce063bcd641e5b2738831ff27915c951487beac288358f69cbfcf9d349757566312bba97a95ff688cdf5fc89bddc1fd102a15908cc473eec38f27c32e59505d7bf04f3aef455a197ce818e23a1f727d646618c42fbb32ec833953a08c6b1d3a1762c53dceee9617640a10492df41004243f251e325eca7a72f2d3c3c4a7f77b51e3e7003d683171386fb2a02656fe154f1197fded8484549491c9b6b78e7e00bc529cf690be60d7023d46e2d22770b166b19d72afa6af02100dd25d8c7edd01fd6d1cf53f7954c6fb4df106f559cad2110761ebab95cf3cc66057f0a65cc4ef1f29b7ad5460c278b57988dddb22cd8c7468f4dc0bed57aab5d0a7a4301419f77a4ae931217884e70b049f338a7f5f05cebdd617004000a8067014f806f0009801bb84ec57bd7938dbe212a9297340b328870294c89dbeac05504be275b1be75d16dc2ea1f9a3af469c2909b984647c408f97040aafd0c9cce156266c0b0adfb9876ac75e83fa0c3b1d2726fc7a820ccdc39d4d089bf1ec08008900", @ANYRES32=0x0, @ANYBLOB='\b\x00\r\x00', @ANYRES32=r0, @ANYBLOB="040020800014006d80080034000500000004004a800400df801003513e59ea6468b5419ad4003b0032938f3facd3c9363416d4629ead24517644f587ed4310060bf92f76c11fa27425be809c309d32baf80eafe0e858c45a8a78de4952c26859ec97d757e190dfc21f2d1a3b24b6b0465faa66ff7789205a06354b2a0edc4cf7a962bc237b95c5f33d89d0f45379068f37aea22b4899bcd83f0b561d0677068fe61b2ab1e0a2aca692e243c58725390371c0e515a402e8b63acb7c2e3c085129ce432515ed0240d0c83a5d03465db9a8da242dbd2cc0d4aa1ff3cc3bac95c6fbb78f3d70b5ce5b9a1fd5ef0201c0a994515677d3e59d02110008000000", @ANYRES32, @ANYBLOB='\b\x003\x00', @ANYRES32=r7, @ANYBLOB="9073edf9439ecf6d3ea3872efeae8e835ee7bab9db09650000000c000b009a0000000000000086fe79c231df1c7315229082b0049ae449b1c80b18f532597f273c7c97f130c5a488a7b7a001d6dbb2e4b331c2e4e88bb1cf11180bf2a527b47520475e35fd7bdf60056ece45b4b907eeddb85cfffeda8a0a4872b59a3fbb9e93ca64eb8ca05c1afa2318125377de8e4d3d977f1b75f6254fb4f1dbc105a6474cf4cb4f8e4333cb4ac0812aba6d1294438f0d08753e74c6e00afb840662a246184429ac86a7259d6028be8065f2227757fa4dc44e50c85a59a63749de27f67770bc6ee0469f04c863913c88e9ceebc59bc1bb900752797c9faf81df8e9f3b5b2cab6cc07896f391d3752e98bb427e010cad9841153630aef182ff55cb14bc05ba3ecd2b5e9c3e1dc8b5239e2c8c6e44fe0acce81270e26d375793da0513599cd78d02517529649b4ce3a160a1314feae4868f5d754eaa0c5957c3626cc8a9449ae6851689a48ce429418d7dd7b00446868e6f6529f497fbe0c1bca8e6c9836c8fd29480e59c41d2280be2384062ca9a232b1196323ff9b0baf9f28f925c69d51e31f7fa195400550d765e4f667e991d527fe2be5bb41e6a84d19a8e895e031292263792f705c4be837aaa996077b7fd96cb545f4c57137269c65ac56f3a237523f2eabed09ad4e51ce3a9963da75cc4d92d8ba046cb76ba387b7197d62ded8869d25005ba4c91b47e3fb6faf4dd3712e28a48a109680567465ec3f96e666a8d6c2831bb924a56ea74403b398556f5ac7cf82e7a697d1b7ad3167f2a0ebce7589018b6289f2c55622494b537f1da7f99c36847113bc666580a2e9376f05cecdcec117a060fb1be5f642096b7b6f074534ca6922ee58d01d9558aa3fe96e02fdd4ea978306d4fed406d61d9af4fa5c443816dfb4708000000", @ANYRES32=r1, @ANYBLOB="2000e4801000c600b06e461b7d890eee94d5a82e0400a28008005c00ac1e00017e00d38008001b007f00000104001e800400068008005f006401010208009d00010000000400c980d0e8ad7ffc3f9a46dfa7ded4f12ad0bf3cd82acf35ff5da8b7febca0f86d777aff778baf36b74dcc9060f034a1bd89249c733ae18e792e77f3f0a1e5be49f9d348a9af831ee57c2daaa18022bb21a44777c90b2530a3000000ff00028077a2c6600931cbc21814bc3998637b4e9fdd36778c7847582369a08c12d7f233ae617874bd45eb616dbf995b96a2739baded15899ae1274ba9b746106f3a4580d25f02526b6febfa25b237ff1533eca82b92de36bcfc9b68be4aeaad640c869e037cf70ba04a8831ad8dfe23b6253a1dc33467bfa662921cb8b6735b94b508ed04a61e7ad3eaffcf8b139bb901638021de795101e1b53605258cedeb3a3a9c6ce75baed6d38c7ae9d4bf93f32820ee67cc8df3198696a1d3b1283db34a857a33373a67a4067bf82b0663fa331ef98da2c20ccb99758b9669061ccaeda45fa9f4028e731ab0a2a6a189ecfed24eaf7448a1c260d872fd3bba68afbf0008000600ff01000008000600050000000800060009000000"], 0xafc}, 0x1, 0x0, 0x0, 0x11}, 0x80c4) sendmsg$auto_TASKSTATS_CMD_GET(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r9, @ANYBLOB="010a2bbd7000fbdbdf250100000008000200", @ANYRES32=r10], 0x1c}, 0x1, 0x0, 0x0, 0x2400c8c1}, 0x20048090) write$auto_bm_status_operations_binfmt_misc(r3, &(0x7f0000000100)="6a496d3399a41142d3af5bf75b48661e3c1727fc4ed01e4c764655ce2c81a455866a20903865eabaa56851232b65852ed6303a8f0b5092dcfe54130c3f3bb0b8bab0db14bd6a7dd02dd4ea5dc4ce189a92ea955c1f7cc2b69db5830361", 0x5d) setsockopt$auto(r4, 0x114, 0x8, 0x0, 0x4) 441.795641ms ago: executing program 2 (id=1995): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) (async) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/partitions\x00', 0x0, 0x0) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000005e40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd25, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8894}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000002040)={'veth0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r1, &(0x7f0000021740)={0x0, 0x0, &(0x7f0000021700)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x800) (async) pread64$auto(r0, 0x0, 0x6, 0x200) 91.045094ms ago: executing program 1 (id=1996): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000500)='/sys/devices/virtual/block/ram12/queue/read_ahead_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = io_uring_setup$auto(0x10006, 0x0) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r2) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x302, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = waitid$auto(0x42, 0xffffffffffffffff, &(0x7f0000000240)={@siginfo_0_0={0x7, 0x7d2, 0xd5ae, @_sigfault={0x0, @_addr_lsb=0x8}}}, 0x3, &(0x7f00000002c0)={{0x0, 0xffffffffffffffff}, {0x4e, 0x7}, 0x7f, 0x9, 0x6, 0x3fffffff80000000, 0x800, 0x7, 0x7, 0x7, 0x9, 0x3, 0x10001, 0x9577, 0x9, 0x9}) r6 = geteuid() shmctl$auto_SHM_INFO(0x7, 0xe, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x2, &(0x7f0000000380)={@siginfo_0_0={0x4, 0xfffffffa, 0x0, @_kill={r5, r6}}}, 0x0) msgctl$auto_IPC_INFO(0x80000001, 0x3, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x2120, &(0x7f0000000540)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="01002dbd7000fcdbdf257e001f002c453523575b045da02b4bfb0b04208a405c214743f58fe203c56168f52edd74d8c7672b1f3564ac7677df7c5299c4823152070c0000000000000000"], 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) 0s ago: executing program 2 (id=1997): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) (async) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) (async, rerun: 32) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 32) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) (async) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) (async) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000040), 0x6}, 0x3) kernel console output (not intermixed with test programs): 00000000000000 [ 611.200189][T13561] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 611.200230][T13561] [ 612.174826][T13568] FAULT_INJECTION: forcing a failure. [ 612.174826][T13568] name failslab, interval 1, probability 0, space 0, times 0 [ 612.222841][T13568] CPU: 1 UID: 0 PID: 13568 Comm: syz.2.1806 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 612.222891][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.222912][T13568] Call Trace: [ 612.222924][T13568] [ 612.222938][T13568] dump_stack_lvl+0x16c/0x1f0 [ 612.222990][T13568] should_fail_ex+0x512/0x640 [ 612.223036][T13568] ? __kmalloc_noprof+0xbf/0x510 [ 612.223086][T13568] ? public_key_verify_signature+0x25b/0x970 [ 612.223127][T13568] should_failslab+0xc2/0x120 [ 612.223159][T13568] __kmalloc_noprof+0xd2/0x510 [ 612.223218][T13568] public_key_verify_signature+0x25b/0x970 [ 612.223265][T13568] ? __pfx_public_key_verify_signature+0x10/0x10 [ 612.223337][T13568] ? __pfx_public_key_verify_signature_2+0x10/0x10 [ 612.223381][T13568] verify_signature+0xdf/0x130 [ 612.223420][T13568] pkcs7_validate_trust+0x220/0x7e0 [ 612.223471][T13568] verify_pkcs7_message_sig+0x12c/0x250 [ 612.223505][T13568] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 612.223537][T13568] ? kfree+0x2b4/0x4d0 [ 612.223570][T13568] ? public_key_signature_free+0xda/0x110 [ 612.223603][T13568] ? pkcs7_parse_message+0x531/0x720 [ 612.223654][T13568] ? pkcs7_parse_message+0x536/0x720 [ 612.223704][T13568] verify_pkcs7_signature+0x6d/0xa0 [ 612.223744][T13568] valid_regdb+0x215/0x590 [ 612.223780][T13568] ? __pfx___mutex_lock+0x10/0x10 [ 612.223837][T13568] ? __pfx_valid_regdb+0x10/0x10 [ 612.223887][T13568] reg_reload_regdb+0x11e/0x460 [ 612.223927][T13568] ? __pfx_reg_reload_regdb+0x10/0x10 [ 612.223966][T13568] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 612.224012][T13568] ? nl80211_pre_doit+0x1b0/0xb10 [ 612.224063][T13568] genl_family_rcv_msg_doit+0x209/0x2f0 [ 612.224108][T13568] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 612.224145][T13568] ? rcu_is_watching+0x12/0xc0 [ 612.224194][T13568] ? bpf_lsm_capable+0x9/0x10 [ 612.224233][T13568] ? security_capable+0x7e/0x260 [ 612.224275][T13568] genl_rcv_msg+0x55c/0x800 [ 612.224319][T13568] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.224358][T13568] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 612.224401][T13568] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 612.224434][T13568] ? __pfx_nl80211_post_doit+0x10/0x10 [ 612.224495][T13568] netlink_rcv_skb+0x158/0x420 [ 612.224530][T13568] ? __pfx_genl_rcv_msg+0x10/0x10 [ 612.224566][T13568] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 612.224612][T13568] ? netlink_deliver_tap+0x1ae/0xd30 [ 612.224666][T13568] genl_rcv+0x28/0x40 [ 612.224699][T13568] netlink_unicast+0x53a/0x7f0 [ 612.224738][T13568] ? __pfx_netlink_unicast+0x10/0x10 [ 612.224784][T13568] netlink_sendmsg+0x8d1/0xdd0 [ 612.224838][T13568] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.224889][T13568] ____sys_sendmsg+0xa98/0xc70 [ 612.224928][T13568] ? copy_msghdr_from_user+0x10a/0x160 [ 612.224975][T13568] ? __pfx_____sys_sendmsg+0x10/0x10 [ 612.225021][T13568] ? __pfx_futex_wake_mark+0x10/0x10 [ 612.225075][T13568] ___sys_sendmsg+0x134/0x1d0 [ 612.225125][T13568] ? __pfx____sys_sendmsg+0x10/0x10 [ 612.225168][T13568] ? __lock_acquire+0x622/0x1c90 [ 612.225264][T13568] __sys_sendmsg+0x16d/0x220 [ 612.225313][T13568] ? __pfx___sys_sendmsg+0x10/0x10 [ 612.225359][T13568] ? __x64_sys_futex+0x1e0/0x4c0 [ 612.225425][T13568] do_syscall_64+0xcd/0x490 [ 612.225477][T13568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.225509][T13568] RIP: 0033:0x7fe22878e929 [ 612.225536][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 612.225567][T13568] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 612.225597][T13568] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 612.225619][T13568] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 612.225639][T13568] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 612.225658][T13568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 612.225676][T13568] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 612.225715][T13568] [ 614.633776][T13607] FAULT_INJECTION: forcing a failure. [ 614.633776][T13607] name failslab, interval 1, probability 0, space 0, times 0 [ 614.648368][T13607] CPU: 1 UID: 0 PID: 13607 Comm: syz.2.1815 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 614.648417][T13607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 614.648437][T13607] Call Trace: [ 614.648448][T13607] [ 614.648460][T13607] dump_stack_lvl+0x16c/0x1f0 [ 614.648517][T13607] should_fail_ex+0x512/0x640 [ 614.648559][T13607] ? __kmalloc_noprof+0xbf/0x510 [ 614.648608][T13607] ? public_key_verify_signature+0x25b/0x970 [ 614.648646][T13607] should_failslab+0xc2/0x120 [ 614.648677][T13607] __kmalloc_noprof+0xd2/0x510 [ 614.648735][T13607] public_key_verify_signature+0x25b/0x970 [ 614.648774][T13607] ? crypto_destroy_tfm+0x14d/0x2b0 [ 614.648821][T13607] ? __pfx_public_key_verify_signature+0x10/0x10 [ 614.648863][T13607] ? crypto_destroy_tfm+0x14d/0x2b0 [ 614.648927][T13607] pkcs7_verify+0x32f/0x1b20 [ 614.648993][T13607] verify_pkcs7_message_sig+0xdd/0x250 [ 614.649030][T13607] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 614.649063][T13607] ? kfree+0x2b4/0x4d0 [ 614.649097][T13607] ? public_key_signature_free+0xda/0x110 [ 614.649134][T13607] ? pkcs7_parse_message+0x531/0x720 [ 614.649187][T13607] ? pkcs7_parse_message+0x536/0x720 [ 614.649235][T13607] verify_pkcs7_signature+0x6d/0xa0 [ 614.649274][T13607] valid_regdb+0x215/0x590 [ 614.649307][T13607] ? __pfx___mutex_lock+0x10/0x10 [ 614.649354][T13607] ? __pfx_valid_regdb+0x10/0x10 [ 614.649396][T13607] reg_reload_regdb+0x11e/0x460 [ 614.649434][T13607] ? __pfx_reg_reload_regdb+0x10/0x10 [ 614.649471][T13607] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 614.649515][T13607] ? nl80211_pre_doit+0x1b0/0xb10 [ 614.649564][T13607] genl_family_rcv_msg_doit+0x209/0x2f0 [ 614.649599][T13607] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 614.649629][T13607] ? rcu_is_watching+0x12/0xc0 [ 614.649676][T13607] ? bpf_lsm_capable+0x9/0x10 [ 614.649712][T13607] ? security_capable+0x7e/0x260 [ 614.649752][T13607] genl_rcv_msg+0x55c/0x800 [ 614.649795][T13607] ? __pfx_genl_rcv_msg+0x10/0x10 [ 614.649843][T13607] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 614.649886][T13607] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 614.649920][T13607] ? __pfx_nl80211_post_doit+0x10/0x10 [ 614.649982][T13607] netlink_rcv_skb+0x158/0x420 [ 614.650012][T13607] ? __pfx_genl_rcv_msg+0x10/0x10 [ 614.650051][T13607] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 614.650102][T13607] ? netlink_deliver_tap+0x1ae/0xd30 [ 614.650160][T13607] genl_rcv+0x28/0x40 [ 614.650192][T13607] netlink_unicast+0x53a/0x7f0 [ 614.650229][T13607] ? __pfx_netlink_unicast+0x10/0x10 [ 614.650276][T13607] netlink_sendmsg+0x8d1/0xdd0 [ 614.650315][T13607] ? __pfx_netlink_sendmsg+0x10/0x10 [ 614.650364][T13607] ____sys_sendmsg+0xa98/0xc70 [ 614.650400][T13607] ? copy_msghdr_from_user+0x10a/0x160 [ 614.650446][T13607] ? __pfx_____sys_sendmsg+0x10/0x10 [ 614.650489][T13607] ? __pfx_futex_wake_mark+0x10/0x10 [ 614.650541][T13607] ___sys_sendmsg+0x134/0x1d0 [ 614.650587][T13607] ? __pfx____sys_sendmsg+0x10/0x10 [ 614.650629][T13607] ? __lock_acquire+0x622/0x1c90 [ 614.650725][T13607] __sys_sendmsg+0x16d/0x220 [ 614.650773][T13607] ? __pfx___sys_sendmsg+0x10/0x10 [ 614.650841][T13607] ? __x64_sys_futex+0x1e0/0x4c0 [ 614.650908][T13607] do_syscall_64+0xcd/0x490 [ 614.650959][T13607] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 614.650990][T13607] RIP: 0033:0x7fe22878e929 [ 614.651017][T13607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 614.651048][T13607] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 614.651079][T13607] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 614.651098][T13607] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 614.651116][T13607] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 614.651136][T13607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 614.651153][T13607] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 614.651196][T13607] [ 616.931178][T13651] device-mapper: ioctl: Invalid data size in the ioctl structure: 1 [ 617.676220][T13652] FAULT_INJECTION: forcing a failure. [ 617.676220][T13652] name failslab, interval 1, probability 0, space 0, times 0 [ 617.740202][T13652] CPU: 1 UID: 0 PID: 13652 Comm: syz.0.1822 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 617.740241][T13652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 617.740254][T13652] Call Trace: [ 617.740261][T13652] [ 617.740269][T13652] dump_stack_lvl+0x16c/0x1f0 [ 617.740302][T13652] should_fail_ex+0x512/0x640 [ 617.740330][T13652] ? __kmalloc_noprof+0xbf/0x510 [ 617.740360][T13652] ? ring_buffer_read_prepare+0x171/0x320 [ 617.740381][T13652] should_failslab+0xc2/0x120 [ 617.740399][T13652] __kmalloc_noprof+0xd2/0x510 [ 617.740429][T13652] ? kasan_save_track+0x14/0x30 [ 617.740458][T13652] ring_buffer_read_prepare+0x171/0x320 [ 617.740482][T13652] tracing_open+0xbe8/0xf90 [ 617.740507][T13652] do_dentry_open+0x741/0x1c10 [ 617.740536][T13652] ? __pfx_tracing_open+0x10/0x10 [ 617.740561][T13652] vfs_open+0x82/0x3f0 [ 617.740583][T13652] path_openat+0x1de4/0x2cb0 [ 617.740620][T13652] ? __pfx_path_openat+0x10/0x10 [ 617.740648][T13652] ? __lock_acquire+0xb8a/0x1c90 [ 617.740677][T13652] do_filp_open+0x20b/0x470 [ 617.740707][T13652] ? __pfx_do_filp_open+0x10/0x10 [ 617.740749][T13652] ? alloc_fd+0x471/0x7d0 [ 617.740779][T13652] do_sys_openat2+0x11b/0x1d0 [ 617.740800][T13652] ? __pfx_do_sys_openat2+0x10/0x10 [ 617.740829][T13652] __x64_sys_openat+0x174/0x210 [ 617.740860][T13652] ? __pfx___x64_sys_openat+0x10/0x10 [ 617.740890][T13652] do_syscall_64+0xcd/0x490 [ 617.740919][T13652] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.740939][T13652] RIP: 0033:0x7fb6a118e929 [ 617.740955][T13652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 617.740974][T13652] RSP: 002b:00007fb6a1f2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 617.740992][T13652] RAX: ffffffffffffffda RBX: 00007fb6a13b6160 RCX: 00007fb6a118e929 [ 617.741005][T13652] RDX: 0000000000000002 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 617.741017][T13652] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 617.741028][T13652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.741039][T13652] R13: 0000000000000000 R14: 00007fb6a13b6160 R15: 00007ffcec859c48 [ 617.741061][T13652] [ 618.024257][T13659] FAULT_INJECTION: forcing a failure. [ 618.024257][T13659] name failslab, interval 1, probability 0, space 0, times 0 [ 618.281303][T13659] CPU: 1 UID: 0 PID: 13659 Comm: syz.3.1827 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 618.281335][T13659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 618.281347][T13659] Call Trace: [ 618.281354][T13659] [ 618.281363][T13659] dump_stack_lvl+0x16c/0x1f0 [ 618.281395][T13659] should_fail_ex+0x512/0x640 [ 618.281424][T13659] ? __kmalloc_noprof+0xbf/0x510 [ 618.281453][T13659] ? mpi_alloc_limb_space+0x31/0x60 [ 618.281475][T13659] should_failslab+0xc2/0x120 [ 618.281493][T13659] __kmalloc_noprof+0xd2/0x510 [ 618.281525][T13659] mpi_alloc_limb_space+0x31/0x60 [ 618.281556][T13659] mpi_alloc+0x199/0x230 [ 618.281576][T13659] ? mpi_free+0x14/0x160 [ 618.281596][T13659] mpi_read_raw_data+0x133/0x4a0 [ 618.281616][T13659] ? rsa_free_mpi_key+0x15a/0x3a0 [ 618.281649][T13659] rsa_set_pub_key+0x110/0x270 [ 618.281678][T13659] ? __pfx_rsa_set_pub_key+0x10/0x10 [ 618.281716][T13659] ? __asan_memcpy+0x3c/0x60 [ 618.281745][T13659] rsassa_pkcs1_set_pub_key+0xce/0x1f0 [ 618.281770][T13659] public_key_verify_signature+0x779/0x970 [ 618.281797][T13659] ? __pfx_public_key_verify_signature+0x10/0x10 [ 618.281836][T13659] ? __pfx_public_key_verify_signature_2+0x10/0x10 [ 618.281862][T13659] verify_signature+0xdf/0x130 [ 618.281884][T13659] pkcs7_validate_trust+0x220/0x7e0 [ 618.281917][T13659] verify_pkcs7_message_sig+0x12c/0x250 [ 618.281939][T13659] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 618.281968][T13659] ? kfree+0x2b4/0x4d0 [ 618.281990][T13659] ? public_key_signature_free+0xda/0x110 [ 618.282013][T13659] ? pkcs7_parse_message+0x531/0x720 [ 618.282044][T13659] ? pkcs7_parse_message+0x536/0x720 [ 618.282073][T13659] verify_pkcs7_signature+0x6d/0xa0 [ 618.282095][T13659] valid_regdb+0x215/0x590 [ 618.282116][T13659] ? __pfx___mutex_lock+0x10/0x10 [ 618.282145][T13659] ? __pfx_valid_regdb+0x10/0x10 [ 618.282169][T13659] reg_reload_regdb+0x11e/0x460 [ 618.282191][T13659] ? __pfx_reg_reload_regdb+0x10/0x10 [ 618.282214][T13659] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 618.282240][T13659] ? nl80211_pre_doit+0x1b0/0xb10 [ 618.282270][T13659] genl_family_rcv_msg_doit+0x209/0x2f0 [ 618.282296][T13659] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 618.282317][T13659] ? rcu_is_watching+0x12/0xc0 [ 618.282345][T13659] ? bpf_lsm_capable+0x9/0x10 [ 618.282367][T13659] ? security_capable+0x7e/0x260 [ 618.282390][T13659] genl_rcv_msg+0x55c/0x800 [ 618.282415][T13659] ? __pfx_genl_rcv_msg+0x10/0x10 [ 618.282437][T13659] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 618.282463][T13659] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 618.282482][T13659] ? __pfx_nl80211_post_doit+0x10/0x10 [ 618.282516][T13659] netlink_rcv_skb+0x158/0x420 [ 618.282535][T13659] ? __pfx_genl_rcv_msg+0x10/0x10 [ 618.282564][T13659] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 618.282592][T13659] ? netlink_deliver_tap+0x1ae/0xd30 [ 618.282625][T13659] genl_rcv+0x28/0x40 [ 618.282644][T13659] netlink_unicast+0x53a/0x7f0 [ 618.282666][T13659] ? __pfx_netlink_unicast+0x10/0x10 [ 618.282691][T13659] netlink_sendmsg+0x8d1/0xdd0 [ 618.282714][T13659] ? __pfx_netlink_sendmsg+0x10/0x10 [ 618.282741][T13659] ____sys_sendmsg+0xa98/0xc70 [ 618.282764][T13659] ? copy_msghdr_from_user+0x10a/0x160 [ 618.282791][T13659] ? __pfx_____sys_sendmsg+0x10/0x10 [ 618.282821][T13659] ___sys_sendmsg+0x134/0x1d0 [ 618.282850][T13659] ? __pfx____sys_sendmsg+0x10/0x10 [ 618.282875][T13659] ? __lock_acquire+0x622/0x1c90 [ 618.282928][T13659] __sys_sendmsg+0x16d/0x220 [ 618.282955][T13659] ? __pfx___sys_sendmsg+0x10/0x10 [ 618.282982][T13659] ? __x64_sys_futex+0x1e0/0x4c0 [ 618.283019][T13659] do_syscall_64+0xcd/0x490 [ 618.283048][T13659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.283067][T13659] RIP: 0033:0x7fc249d8e929 [ 618.283084][T13659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 618.283103][T13659] RSP: 002b:00007fc24ac74038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 618.283122][T13659] RAX: ffffffffffffffda RBX: 00007fc249fb6080 RCX: 00007fc249d8e929 [ 618.283134][T13659] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 618.283146][T13659] RBP: 00007fc249e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 618.283157][T13659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 618.283168][T13659] R13: 0000000000000000 R14: 00007fc249fb6080 R15: 00007fffef1efaf8 [ 618.283190][T13659] [ 619.395443][T13679] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1833'. [ 620.009266][ T5169] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 620.009312][ T5169] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 620.026942][ T5169] Bluetooth: hci0: Dropping invalid advertising data [ 620.034204][ T5169] Bluetooth: hci0: Dropping invalid advertising data [ 620.041919][ T5169] Bluetooth: hci0: Malformed LE Event: 0x02 [ 620.181139][T13682] mmap: syz.0.1834 (13682): VmData 37728256 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data. [ 620.216079][T13689] FAULT_INJECTION: forcing a failure. [ 620.216079][T13689] name failslab, interval 1, probability 0, space 0, times 0 [ 620.249398][T13689] CPU: 0 UID: 0 PID: 13689 Comm: syz.2.1836 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 620.249447][T13689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 620.249467][T13689] Call Trace: [ 620.249479][T13689] [ 620.249492][T13689] dump_stack_lvl+0x16c/0x1f0 [ 620.249556][T13689] should_fail_ex+0x512/0x640 [ 620.249601][T13689] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 620.249648][T13689] should_failslab+0xc2/0x120 [ 620.249680][T13689] __kmalloc_cache_noprof+0x6a/0x3e0 [ 620.249720][T13689] ? netlink_unicast+0x53a/0x7f0 [ 620.249749][T13689] ? netlink_sendmsg+0x8d1/0xdd0 [ 620.249778][T13689] ? ____sys_sendmsg+0xa98/0xc70 [ 620.249807][T13689] ? mpi_alloc+0x46/0x230 [ 620.249843][T13689] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.249881][T13689] mpi_alloc+0x46/0x230 [ 620.249914][T13689] ? mpi_free+0x14/0x160 [ 620.249948][T13689] mpi_read_raw_data+0x133/0x4a0 [ 620.249980][T13689] ? rsa_free_mpi_key+0x15a/0x3a0 [ 620.250034][T13689] rsa_set_pub_key+0x110/0x270 [ 620.250083][T13689] ? __pfx_rsa_set_pub_key+0x10/0x10 [ 620.250150][T13689] ? __asan_memcpy+0x3c/0x60 [ 620.250198][T13689] rsassa_pkcs1_set_pub_key+0xce/0x1f0 [ 620.250239][T13689] public_key_verify_signature+0x779/0x970 [ 620.250285][T13689] ? __pfx_public_key_verify_signature+0x10/0x10 [ 620.250354][T13689] ? __pfx_public_key_verify_signature_2+0x10/0x10 [ 620.250395][T13689] verify_signature+0xdf/0x130 [ 620.250433][T13689] pkcs7_validate_trust+0x220/0x7e0 [ 620.250487][T13689] verify_pkcs7_message_sig+0x12c/0x250 [ 620.250524][T13689] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 620.250566][T13689] ? kfree+0x2b4/0x4d0 [ 620.250602][T13689] ? public_key_signature_free+0xda/0x110 [ 620.250639][T13689] ? pkcs7_parse_message+0x531/0x720 [ 620.250690][T13689] ? pkcs7_parse_message+0x536/0x720 [ 620.250739][T13689] verify_pkcs7_signature+0x6d/0xa0 [ 620.250778][T13689] valid_regdb+0x215/0x590 [ 620.250810][T13689] ? __pfx___mutex_lock+0x10/0x10 [ 620.250859][T13689] ? __pfx_valid_regdb+0x10/0x10 [ 620.250901][T13689] reg_reload_regdb+0x11e/0x460 [ 620.250939][T13689] ? __pfx_reg_reload_regdb+0x10/0x10 [ 620.250977][T13689] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 620.251019][T13689] ? nl80211_pre_doit+0x1b0/0xb10 [ 620.251070][T13689] genl_family_rcv_msg_doit+0x209/0x2f0 [ 620.251112][T13689] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 620.251147][T13689] ? rcu_is_watching+0x12/0xc0 [ 620.251196][T13689] ? bpf_lsm_capable+0x9/0x10 [ 620.251233][T13689] ? security_capable+0x7e/0x260 [ 620.251277][T13689] genl_rcv_msg+0x55c/0x800 [ 620.251317][T13689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.251353][T13689] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 620.251397][T13689] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 620.251429][T13689] ? __pfx_nl80211_post_doit+0x10/0x10 [ 620.251488][T13689] netlink_rcv_skb+0x158/0x420 [ 620.251522][T13689] ? __pfx_genl_rcv_msg+0x10/0x10 [ 620.251574][T13689] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 620.251624][T13689] ? netlink_deliver_tap+0x1ae/0xd30 [ 620.251682][T13689] genl_rcv+0x28/0x40 [ 620.251714][T13689] netlink_unicast+0x53a/0x7f0 [ 620.251753][T13689] ? __pfx_netlink_unicast+0x10/0x10 [ 620.251797][T13689] netlink_sendmsg+0x8d1/0xdd0 [ 620.251837][T13689] ? __pfx_netlink_sendmsg+0x10/0x10 [ 620.251887][T13689] ____sys_sendmsg+0xa98/0xc70 [ 620.251923][T13689] ? copy_msghdr_from_user+0x10a/0x160 [ 620.251964][T13689] ? __pfx_____sys_sendmsg+0x10/0x10 [ 620.252009][T13689] ? __pfx_futex_wake_mark+0x10/0x10 [ 620.252061][T13689] ___sys_sendmsg+0x134/0x1d0 [ 620.252110][T13689] ? __pfx____sys_sendmsg+0x10/0x10 [ 620.252152][T13689] ? __lock_acquire+0x622/0x1c90 [ 620.252250][T13689] __sys_sendmsg+0x16d/0x220 [ 620.252297][T13689] ? __pfx___sys_sendmsg+0x10/0x10 [ 620.252341][T13689] ? __x64_sys_futex+0x1e0/0x4c0 [ 620.252406][T13689] do_syscall_64+0xcd/0x490 [ 620.252456][T13689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.252489][T13689] RIP: 0033:0x7fe22878e929 [ 620.252515][T13689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.252554][T13689] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 620.252585][T13689] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 620.252607][T13689] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 620.252626][T13689] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 620.252645][T13689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 620.252663][T13689] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 620.252706][T13689] [ 620.704247][ C0] vkms_vblank_simulate: vblank timer overrun [ 622.147061][T13708] FAULT_INJECTION: forcing a failure. [ 622.147061][T13708] name failslab, interval 1, probability 0, space 0, times 0 [ 622.199348][T13708] CPU: 0 UID: 0 PID: 13708 Comm: syz.0.1839 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 622.199398][T13708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 622.199424][T13708] Call Trace: [ 622.199435][T13708] [ 622.199448][T13708] dump_stack_lvl+0x16c/0x1f0 [ 622.199497][T13708] should_fail_ex+0x512/0x640 [ 622.199565][T13708] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 622.199621][T13708] should_failslab+0xc2/0x120 [ 622.199654][T13708] __kmalloc_cache_noprof+0x6a/0x3e0 [ 622.199699][T13708] ? x509_cert_parse+0xfc/0x900 [ 622.199737][T13708] ? kasan_save_track+0x14/0x30 [ 622.199787][T13708] x509_cert_parse+0xfc/0x900 [ 622.199823][T13708] ? kasan_save_stack+0x42/0x60 [ 622.199863][T13708] ? kasan_save_stack+0x33/0x60 [ 622.199904][T13708] ? kasan_save_track+0x14/0x30 [ 622.199953][T13708] pkcs7_extract_cert+0xa4/0x320 [ 622.199999][T13708] asn1_ber_decoder+0xc5f/0x1df0 [ 622.200067][T13708] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 622.200147][T13708] pkcs7_parse_message+0x288/0x720 [ 622.200198][T13708] verify_pkcs7_signature+0x30/0xa0 [ 622.200237][T13708] valid_regdb+0x215/0x590 [ 622.200270][T13708] ? __pfx___mutex_lock+0x10/0x10 [ 622.200318][T13708] ? __pfx_valid_regdb+0x10/0x10 [ 622.200361][T13708] reg_reload_regdb+0x11e/0x460 [ 622.200398][T13708] ? __pfx_reg_reload_regdb+0x10/0x10 [ 622.200435][T13708] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 622.200478][T13708] ? nl80211_pre_doit+0x1b0/0xb10 [ 622.200531][T13708] genl_family_rcv_msg_doit+0x209/0x2f0 [ 622.200573][T13708] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 622.200621][T13708] ? rcu_is_watching+0x12/0xc0 [ 622.200670][T13708] ? bpf_lsm_capable+0x9/0x10 [ 622.200709][T13708] ? security_capable+0x7e/0x260 [ 622.200749][T13708] genl_rcv_msg+0x55c/0x800 [ 622.200793][T13708] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.200831][T13708] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 622.200872][T13708] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 622.200904][T13708] ? __pfx_nl80211_post_doit+0x10/0x10 [ 622.200964][T13708] netlink_rcv_skb+0x158/0x420 [ 622.201003][T13708] ? __pfx_genl_rcv_msg+0x10/0x10 [ 622.201042][T13708] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 622.201094][T13708] ? netlink_deliver_tap+0x1ae/0xd30 [ 622.201150][T13708] genl_rcv+0x28/0x40 [ 622.201183][T13708] netlink_unicast+0x53a/0x7f0 [ 622.201221][T13708] ? __pfx_netlink_unicast+0x10/0x10 [ 622.201266][T13708] netlink_sendmsg+0x8d1/0xdd0 [ 622.201306][T13708] ? __pfx_netlink_sendmsg+0x10/0x10 [ 622.201356][T13708] ____sys_sendmsg+0xa98/0xc70 [ 622.201392][T13708] ? copy_msghdr_from_user+0x10a/0x160 [ 622.201438][T13708] ? __pfx_____sys_sendmsg+0x10/0x10 [ 622.201485][T13708] ? __pfx_futex_wake_mark+0x10/0x10 [ 622.201538][T13708] ___sys_sendmsg+0x134/0x1d0 [ 622.201587][T13708] ? __pfx____sys_sendmsg+0x10/0x10 [ 622.201638][T13708] ? __lock_acquire+0x622/0x1c90 [ 622.201735][T13708] __sys_sendmsg+0x16d/0x220 [ 622.201782][T13708] ? __pfx___sys_sendmsg+0x10/0x10 [ 622.201825][T13708] ? __x64_sys_futex+0x1e0/0x4c0 [ 622.201891][T13708] do_syscall_64+0xcd/0x490 [ 622.201940][T13708] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 622.201971][T13708] RIP: 0033:0x7fb6a118e929 [ 622.201997][T13708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 622.202028][T13708] RSP: 002b:00007fb6a1f6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 622.202059][T13708] RAX: ffffffffffffffda RBX: 00007fb6a13b5fa0 RCX: 00007fb6a118e929 [ 622.202081][T13708] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 622.202100][T13708] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 622.202120][T13708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 622.202140][T13708] R13: 0000000000000000 R14: 00007fb6a13b5fa0 R15: 00007ffcec859c48 [ 622.202182][T13708] [ 622.579928][ C0] vkms_vblank_simulate: vblank timer overrun [ 623.759600][T13724] FAULT_INJECTION: forcing a failure. [ 623.759600][T13724] name failslab, interval 1, probability 0, space 0, times 0 [ 623.916449][T13724] CPU: 0 UID: 0 PID: 13724 Comm: syz.1.1842 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 623.916494][T13724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 623.916514][T13724] Call Trace: [ 623.916524][T13724] [ 623.916547][T13724] dump_stack_lvl+0x16c/0x1f0 [ 623.916596][T13724] should_fail_ex+0x512/0x640 [ 623.916631][T13724] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 623.916667][T13724] should_failslab+0xc2/0x120 [ 623.916690][T13724] __kmalloc_cache_noprof+0x6a/0x3e0 [ 623.916723][T13724] ? mr_table_alloc+0x5f/0x2e0 [ 623.916751][T13724] ? __pfx_ipmr_new_table_set+0x10/0x10 [ 623.916790][T13724] mr_table_alloc+0x5f/0x2e0 [ 623.916814][T13724] ? __pfx_ipmr_expire_process+0x10/0x10 [ 623.916839][T13724] ? __pfx_ipmr_net_init+0x10/0x10 [ 623.916866][T13724] ipmr_net_init+0x3c4/0x4e0 [ 623.916893][T13724] ? __pfx_ipmr_net_init+0x10/0x10 [ 623.916917][T13724] ops_init+0x1df/0x5f0 [ 623.916959][T13724] setup_net+0x1ff/0x510 [ 623.916994][T13724] ? lockdep_init_map_type+0x5c/0x280 [ 623.917029][T13724] ? __pfx_setup_net+0x10/0x10 [ 623.917068][T13724] ? debug_mutex_init+0x37/0x70 [ 623.917097][T13724] copy_net_ns+0x2a6/0x5f0 [ 623.917135][T13724] create_new_namespaces+0x3ea/0xa90 [ 623.917173][T13724] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 623.917204][T13724] ksys_unshare+0x45b/0xa40 [ 623.917242][T13724] ? __pfx_ksys_unshare+0x10/0x10 [ 623.917279][T13724] ? xfd_validate_state+0x61/0x180 [ 623.917324][T13724] __x64_sys_unshare+0x31/0x40 [ 623.917356][T13724] do_syscall_64+0xcd/0x490 [ 623.917394][T13724] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 623.917418][T13724] RIP: 0033:0x7fadf1d8e929 [ 623.917438][T13724] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 623.917462][T13724] RSP: 002b:00007fadf2bdf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 623.917487][T13724] RAX: ffffffffffffffda RBX: 00007fadf1fb6160 RCX: 00007fadf1d8e929 [ 623.917503][T13724] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 623.917518][T13724] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 623.917540][T13724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 623.917555][T13724] R13: 0000000000000000 R14: 00007fadf1fb6160 R15: 00007ffe063c9dd8 [ 623.917588][T13724] [ 625.611896][T13754] FAULT_INJECTION: forcing a failure. [ 625.611896][T13754] name failslab, interval 1, probability 0, space 0, times 0 [ 625.675236][T13754] CPU: 0 UID: 0 PID: 13754 Comm: syz.0.1848 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 625.675287][T13754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 625.675307][T13754] Call Trace: [ 625.675318][T13754] [ 625.675331][T13754] dump_stack_lvl+0x16c/0x1f0 [ 625.675383][T13754] should_fail_ex+0x512/0x640 [ 625.675427][T13754] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 625.675475][T13754] should_failslab+0xc2/0x120 [ 625.675506][T13754] __kmalloc_cache_noprof+0x6a/0x3e0 [ 625.675548][T13754] ? pkcs7_parse_message+0x15d/0x720 [ 625.675591][T13754] ? kasan_save_track+0x14/0x30 [ 625.675642][T13754] pkcs7_parse_message+0x15d/0x720 [ 625.675693][T13754] verify_pkcs7_signature+0x30/0xa0 [ 625.675730][T13754] valid_regdb+0x215/0x590 [ 625.675763][T13754] ? __pfx___mutex_lock+0x10/0x10 [ 625.675811][T13754] ? __pfx_valid_regdb+0x10/0x10 [ 625.675860][T13754] reg_reload_regdb+0x11e/0x460 [ 625.675898][T13754] ? __pfx_reg_reload_regdb+0x10/0x10 [ 625.675936][T13754] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 625.675980][T13754] ? nl80211_pre_doit+0x1b0/0xb10 [ 625.676031][T13754] genl_family_rcv_msg_doit+0x209/0x2f0 [ 625.676074][T13754] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 625.676110][T13754] ? rcu_is_watching+0x12/0xc0 [ 625.676159][T13754] ? bpf_lsm_capable+0x9/0x10 [ 625.676198][T13754] ? security_capable+0x7e/0x260 [ 625.676238][T13754] genl_rcv_msg+0x55c/0x800 [ 625.676281][T13754] ? __pfx_genl_rcv_msg+0x10/0x10 [ 625.676319][T13754] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 625.676361][T13754] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 625.676394][T13754] ? __pfx_nl80211_post_doit+0x10/0x10 [ 625.676455][T13754] netlink_rcv_skb+0x158/0x420 [ 625.676488][T13754] ? __pfx_genl_rcv_msg+0x10/0x10 [ 625.676528][T13754] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 625.676579][T13754] ? netlink_deliver_tap+0x1ae/0xd30 [ 625.676633][T13754] genl_rcv+0x28/0x40 [ 625.676666][T13754] netlink_unicast+0x53a/0x7f0 [ 625.676704][T13754] ? __pfx_netlink_unicast+0x10/0x10 [ 625.676758][T13754] netlink_sendmsg+0x8d1/0xdd0 [ 625.676798][T13754] ? __pfx_netlink_sendmsg+0x10/0x10 [ 625.676856][T13754] ____sys_sendmsg+0xa98/0xc70 [ 625.676894][T13754] ? copy_msghdr_from_user+0x10a/0x160 [ 625.676941][T13754] ? __pfx_____sys_sendmsg+0x10/0x10 [ 625.676987][T13754] ? __pfx_futex_wake_mark+0x10/0x10 [ 625.677039][T13754] ___sys_sendmsg+0x134/0x1d0 [ 625.677088][T13754] ? __pfx____sys_sendmsg+0x10/0x10 [ 625.677131][T13754] ? __lock_acquire+0x622/0x1c90 [ 625.677228][T13754] __sys_sendmsg+0x16d/0x220 [ 625.677275][T13754] ? __pfx___sys_sendmsg+0x10/0x10 [ 625.677320][T13754] ? __x64_sys_futex+0x1e0/0x4c0 [ 625.677386][T13754] do_syscall_64+0xcd/0x490 [ 625.677436][T13754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 625.677468][T13754] RIP: 0033:0x7fb6a118e929 [ 625.677493][T13754] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 625.677524][T13754] RSP: 002b:00007fb6a1f6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 625.677556][T13754] RAX: ffffffffffffffda RBX: 00007fb6a13b5fa0 RCX: 00007fb6a118e929 [ 625.677577][T13754] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 625.677595][T13754] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 625.677614][T13754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 625.677633][T13754] R13: 0000000000000000 R14: 00007fb6a13b5fa0 R15: 00007ffcec859c48 [ 625.677675][T13754] [ 627.079382][T13777] Invalid ELF header magic: != ELF [ 628.383556][T13791] usbip-vudc usbip-vudc.0: gadget not bound [ 628.770026][T13801] i2c i2c-0: new_device: Instantiated device card: at 0x01 [ 629.069398][T13798] random: crng reseeded on system resumption [ 629.455431][T13810] FAULT_INJECTION: forcing a failure. [ 629.455431][T13810] name failslab, interval 1, probability 0, space 0, times 0 [ 629.499013][T13810] CPU: 0 UID: 0 PID: 13810 Comm: syz.1.1859 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 629.499044][T13810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 629.499056][T13810] Call Trace: [ 629.499062][T13810] [ 629.499070][T13810] dump_stack_lvl+0x16c/0x1f0 [ 629.499102][T13810] should_fail_ex+0x512/0x640 [ 629.499129][T13810] ? __kmalloc_noprof+0xbf/0x510 [ 629.499158][T13810] ? asymmetric_key_hex_to_key_id+0x8c/0x130 [ 629.499181][T13810] should_failslab+0xc2/0x120 [ 629.499199][T13810] __kmalloc_noprof+0xd2/0x510 [ 629.499230][T13810] asymmetric_key_hex_to_key_id+0x8c/0x130 [ 629.499253][T13810] ? __pfx_asymmetric_key_cmp+0x10/0x10 [ 629.499273][T13810] asymmetric_key_match_preparse+0x181/0x400 [ 629.499295][T13810] ? __pfx_asymmetric_key_match_preparse+0x10/0x10 [ 629.499318][T13810] keyring_search+0x155/0x3d0 [ 629.499347][T13810] ? __pfx_keyring_search+0x10/0x10 [ 629.499377][T13810] ? __pfx_key_default_cmp+0x10/0x10 [ 629.499407][T13810] ? trace_kmalloc+0x2b/0xd0 [ 629.499425][T13810] ? __kmalloc_noprof+0x242/0x510 [ 629.499452][T13810] ? bin2hex+0x148/0x1b0 [ 629.499475][T13810] find_asymmetric_key+0x198/0x5a0 [ 629.499512][T13810] pkcs7_validate_trust+0x1f1/0x7e0 [ 629.499545][T13810] verify_pkcs7_message_sig+0x12c/0x250 [ 629.499567][T13810] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 629.499588][T13810] ? kfree+0x2b4/0x4d0 [ 629.499611][T13810] ? public_key_signature_free+0xda/0x110 [ 629.499634][T13810] ? pkcs7_parse_message+0x531/0x720 [ 629.499664][T13810] ? pkcs7_parse_message+0x536/0x720 [ 629.499693][T13810] verify_pkcs7_signature+0x6d/0xa0 [ 629.499716][T13810] valid_regdb+0x215/0x590 [ 629.499736][T13810] ? __pfx___mutex_lock+0x10/0x10 [ 629.499764][T13810] ? __pfx_valid_regdb+0x10/0x10 [ 629.499787][T13810] reg_reload_regdb+0x11e/0x460 [ 629.499817][T13810] ? __pfx_reg_reload_regdb+0x10/0x10 [ 629.499839][T13810] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 629.499866][T13810] ? nl80211_pre_doit+0x1b0/0xb10 [ 629.499895][T13810] genl_family_rcv_msg_doit+0x209/0x2f0 [ 629.499921][T13810] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 629.499948][T13810] ? rcu_is_watching+0x12/0xc0 [ 629.499976][T13810] ? bpf_lsm_capable+0x9/0x10 [ 629.499999][T13810] ? security_capable+0x7e/0x260 [ 629.500022][T13810] genl_rcv_msg+0x55c/0x800 [ 629.500047][T13810] ? __pfx_genl_rcv_msg+0x10/0x10 [ 629.500070][T13810] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 629.500095][T13810] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 629.500114][T13810] ? __pfx_nl80211_post_doit+0x10/0x10 [ 629.500150][T13810] netlink_rcv_skb+0x158/0x420 [ 629.500169][T13810] ? __pfx_genl_rcv_msg+0x10/0x10 [ 629.500192][T13810] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 629.500222][T13810] ? netlink_deliver_tap+0x1ae/0xd30 [ 629.500256][T13810] genl_rcv+0x28/0x40 [ 629.500275][T13810] netlink_unicast+0x53a/0x7f0 [ 629.500297][T13810] ? __pfx_netlink_unicast+0x10/0x10 [ 629.500323][T13810] netlink_sendmsg+0x8d1/0xdd0 [ 629.500346][T13810] ? __pfx_netlink_sendmsg+0x10/0x10 [ 629.500374][T13810] ____sys_sendmsg+0xa98/0xc70 [ 629.500396][T13810] ? copy_msghdr_from_user+0x10a/0x160 [ 629.500423][T13810] ? __pfx_____sys_sendmsg+0x10/0x10 [ 629.500449][T13810] ? __pfx_futex_wake_mark+0x10/0x10 [ 629.500480][T13810] ___sys_sendmsg+0x134/0x1d0 [ 629.500510][T13810] ? __pfx____sys_sendmsg+0x10/0x10 [ 629.500536][T13810] ? __lock_acquire+0x622/0x1c90 [ 629.500590][T13810] __sys_sendmsg+0x16d/0x220 [ 629.500617][T13810] ? __pfx___sys_sendmsg+0x10/0x10 [ 629.500644][T13810] ? __x64_sys_futex+0x1e0/0x4c0 [ 629.500682][T13810] do_syscall_64+0xcd/0x490 [ 629.500711][T13810] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.500730][T13810] RIP: 0033:0x7fadf1d8e929 [ 629.500747][T13810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 629.500765][T13810] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 629.500783][T13810] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 629.500796][T13810] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 629.500814][T13810] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 629.500825][T13810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 629.500837][T13810] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 629.500861][T13810] [ 629.997051][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 630.003776][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.972636][T13848] FAULT_INJECTION: forcing a failure. [ 631.972636][T13848] name failslab, interval 1, probability 0, space 0, times 0 [ 631.986841][T13848] CPU: 0 UID: 0 PID: 13848 Comm: syz.2.1866 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 631.986891][T13848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 631.986911][T13848] Call Trace: [ 631.986922][T13848] [ 631.986935][T13848] dump_stack_lvl+0x16c/0x1f0 [ 631.986985][T13848] should_fail_ex+0x512/0x640 [ 631.987029][T13848] ? __kmalloc_noprof+0xbf/0x510 [ 631.987073][T13848] ? mpi_alloc_limb_space+0x31/0x60 [ 631.987106][T13848] should_failslab+0xc2/0x120 [ 631.987141][T13848] __kmalloc_noprof+0xd2/0x510 [ 631.987195][T13848] mpi_alloc_limb_space+0x31/0x60 [ 631.987227][T13848] mpi_powm+0xff7/0x1bf0 [ 631.987280][T13848] ? __pfx_mpi_powm+0x10/0x10 [ 631.987316][T13848] ? kfree+0x2b4/0x4d0 [ 631.987353][T13848] ? __phys_addr+0xe8/0x180 [ 631.987395][T13848] ? mpi_free+0xe1/0x160 [ 631.987438][T13848] rsa_enc+0x1fe/0x3b0 [ 631.987487][T13848] ? __pfx_rsa_enc+0x10/0x10 [ 631.987532][T13848] ? __virt_addr_valid+0x81/0x610 [ 631.987565][T13848] ? __phys_addr+0xe8/0x180 [ 631.987593][T13848] ? sg_init_one+0xf5/0x1b0 [ 631.987628][T13848] rsassa_pkcs1_verify+0x4ff/0xb60 [ 631.987673][T13848] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 631.987726][T13848] ? rsa_max_size+0xd/0x70 [ 631.987769][T13848] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 631.987806][T13848] public_key_verify_signature+0x672/0x970 [ 631.987862][T13848] ? __pfx_public_key_verify_signature+0x10/0x10 [ 631.987905][T13848] ? crypto_destroy_tfm+0x14d/0x2b0 [ 631.987967][T13848] pkcs7_verify+0x32f/0x1b20 [ 631.988025][T13848] verify_pkcs7_message_sig+0xdd/0x250 [ 631.988062][T13848] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 631.988095][T13848] ? kfree+0x2b4/0x4d0 [ 631.988129][T13848] ? public_key_signature_free+0xda/0x110 [ 631.988165][T13848] ? pkcs7_parse_message+0x531/0x720 [ 631.988217][T13848] ? pkcs7_parse_message+0x536/0x720 [ 631.988266][T13848] verify_pkcs7_signature+0x6d/0xa0 [ 631.988304][T13848] valid_regdb+0x215/0x590 [ 631.988337][T13848] ? __pfx___mutex_lock+0x10/0x10 [ 631.988385][T13848] ? __pfx_valid_regdb+0x10/0x10 [ 631.988427][T13848] reg_reload_regdb+0x11e/0x460 [ 631.988465][T13848] ? __pfx_reg_reload_regdb+0x10/0x10 [ 631.988502][T13848] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 631.988545][T13848] ? nl80211_pre_doit+0x1b0/0xb10 [ 631.988595][T13848] genl_family_rcv_msg_doit+0x209/0x2f0 [ 631.988638][T13848] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 631.988674][T13848] ? rcu_is_watching+0x12/0xc0 [ 631.988722][T13848] ? bpf_lsm_capable+0x9/0x10 [ 631.988761][T13848] ? security_capable+0x7e/0x260 [ 631.988801][T13848] genl_rcv_msg+0x55c/0x800 [ 631.988853][T13848] ? __pfx_genl_rcv_msg+0x10/0x10 [ 631.988891][T13848] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 631.988933][T13848] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 631.988966][T13848] ? __pfx_nl80211_post_doit+0x10/0x10 [ 631.989030][T13848] netlink_rcv_skb+0x158/0x420 [ 631.989062][T13848] ? __pfx_genl_rcv_msg+0x10/0x10 [ 631.989104][T13848] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 631.989160][T13848] ? netlink_deliver_tap+0x1ae/0xd30 [ 631.989220][T13848] genl_rcv+0x28/0x40 [ 631.989253][T13848] netlink_unicast+0x53a/0x7f0 [ 631.989292][T13848] ? __pfx_netlink_unicast+0x10/0x10 [ 631.989339][T13848] netlink_sendmsg+0x8d1/0xdd0 [ 631.989381][T13848] ? __pfx_netlink_sendmsg+0x10/0x10 [ 631.989434][T13848] ____sys_sendmsg+0xa98/0xc70 [ 631.989470][T13848] ? copy_msghdr_from_user+0x10a/0x160 [ 631.989516][T13848] ? __pfx_____sys_sendmsg+0x10/0x10 [ 631.989563][T13848] ? __pfx_futex_wake_mark+0x10/0x10 [ 631.989615][T13848] ___sys_sendmsg+0x134/0x1d0 [ 631.989664][T13848] ? __pfx____sys_sendmsg+0x10/0x10 [ 631.989707][T13848] ? __lock_acquire+0x622/0x1c90 [ 631.989814][T13848] __sys_sendmsg+0x16d/0x220 [ 631.989868][T13848] ? __pfx___sys_sendmsg+0x10/0x10 [ 631.989913][T13848] ? __x64_sys_futex+0x1e0/0x4c0 [ 631.989978][T13848] do_syscall_64+0xcd/0x490 [ 631.990029][T13848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 631.990060][T13848] RIP: 0033:0x7fe22878e929 [ 631.990087][T13848] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 631.990118][T13848] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 631.990150][T13848] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 631.990170][T13848] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 631.990190][T13848] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 631.990209][T13848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 631.990228][T13848] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 631.990270][T13848] [ 633.457325][ T30] audit: type=1800 audit(6047029819.504:28): pid=13865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1870" name="lu_gp_id" dev="configfs" ino=45898 res=0 errno=0 [ 634.060154][T13874] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 634.107127][T13874] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 634.178411][T13874] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 635.658648][ T6941] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 635.689445][ T6941] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 635.697766][ T6941] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 635.706803][ T6941] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 635.714984][ T6941] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 637.233714][T13911] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1879'. [ 637.507305][T13898] chnl_net:caif_netlink_parms(): no params data found [ 637.790471][ T5169] Bluetooth: hci4: command tx timeout [ 638.247258][T13898] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.275628][T13898] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.320828][T13898] bridge_slave_0: entered allmulticast mode [ 638.375500][T13898] bridge_slave_0: entered promiscuous mode [ 638.432008][T13898] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.480841][T13898] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.488158][T13898] bridge_slave_1: entered allmulticast mode [ 638.557910][T13898] bridge_slave_1: entered promiscuous mode [ 638.908991][T13943] FAULT_INJECTION: forcing a failure. [ 638.908991][T13943] name failslab, interval 1, probability 0, space 0, times 0 [ 638.968322][T13898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 638.990795][T13943] CPU: 1 UID: 0 PID: 13943 Comm: syz.0.1883 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 638.990845][T13943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 638.990862][T13943] Call Trace: [ 638.990873][T13943] [ 638.990880][T13943] dump_stack_lvl+0x16c/0x1f0 [ 638.990913][T13943] should_fail_ex+0x512/0x640 [ 638.990942][T13943] ? __kmalloc_noprof+0xbf/0x510 [ 638.990972][T13943] ? mpi_alloc_limb_space+0x31/0x60 [ 638.990994][T13943] should_failslab+0xc2/0x120 [ 638.991012][T13943] __kmalloc_noprof+0xd2/0x510 [ 638.991044][T13943] mpi_alloc_limb_space+0x31/0x60 [ 638.991066][T13943] mpi_powm+0xbe2/0x1bf0 [ 638.991097][T13943] ? __pfx_mpi_powm+0x10/0x10 [ 638.991119][T13943] ? kfree+0x2b4/0x4d0 [ 638.991141][T13943] ? __phys_addr+0xe8/0x180 [ 638.991166][T13943] ? mpi_free+0xe1/0x160 [ 638.991190][T13943] rsa_enc+0x1fe/0x3b0 [ 638.991220][T13943] ? __pfx_rsa_enc+0x10/0x10 [ 638.991247][T13943] ? __virt_addr_valid+0x81/0x610 [ 638.991266][T13943] ? __phys_addr+0xe8/0x180 [ 638.991286][T13943] ? sg_init_one+0xf5/0x1b0 [ 638.991311][T13943] rsassa_pkcs1_verify+0x4ff/0xb60 [ 638.991338][T13943] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 638.991369][T13943] ? rsa_max_size+0xd/0x70 [ 638.991396][T13943] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 638.991423][T13943] public_key_verify_signature+0x672/0x970 [ 638.991450][T13943] ? __pfx_public_key_verify_signature+0x10/0x10 [ 638.991475][T13943] ? crypto_destroy_tfm+0x14d/0x2b0 [ 638.991518][T13943] pkcs7_verify+0x32f/0x1b20 [ 638.991555][T13943] verify_pkcs7_message_sig+0xdd/0x250 [ 638.991576][T13943] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 638.991597][T13943] ? kfree+0x2b4/0x4d0 [ 638.991618][T13943] ? public_key_signature_free+0xda/0x110 [ 638.991640][T13943] ? pkcs7_parse_message+0x531/0x720 [ 638.991671][T13943] ? pkcs7_parse_message+0x536/0x720 [ 638.991700][T13943] verify_pkcs7_signature+0x6d/0xa0 [ 638.991723][T13943] valid_regdb+0x215/0x590 [ 638.991746][T13943] ? __pfx___mutex_lock+0x10/0x10 [ 638.991774][T13943] ? __pfx_valid_regdb+0x10/0x10 [ 638.991798][T13943] reg_reload_regdb+0x11e/0x460 [ 638.991820][T13943] ? __pfx_reg_reload_regdb+0x10/0x10 [ 638.991843][T13943] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 638.991869][T13943] ? nl80211_pre_doit+0x1b0/0xb10 [ 638.991898][T13943] genl_family_rcv_msg_doit+0x209/0x2f0 [ 638.991924][T13943] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 638.991946][T13943] ? rcu_is_watching+0x12/0xc0 [ 638.991974][T13943] ? bpf_lsm_capable+0x9/0x10 [ 638.991997][T13943] ? security_capable+0x7e/0x260 [ 638.992020][T13943] genl_rcv_msg+0x55c/0x800 [ 638.992045][T13943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 638.992068][T13943] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 638.992093][T13943] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 638.992114][T13943] ? __pfx_nl80211_post_doit+0x10/0x10 [ 638.992149][T13943] netlink_rcv_skb+0x158/0x420 [ 638.992168][T13943] ? __pfx_genl_rcv_msg+0x10/0x10 [ 638.992191][T13943] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 638.992220][T13943] ? netlink_deliver_tap+0x1ae/0xd30 [ 638.992253][T13943] genl_rcv+0x28/0x40 [ 638.992272][T13943] netlink_unicast+0x53a/0x7f0 [ 638.992294][T13943] ? __pfx_netlink_unicast+0x10/0x10 [ 638.992320][T13943] netlink_sendmsg+0x8d1/0xdd0 [ 638.992343][T13943] ? __pfx_netlink_sendmsg+0x10/0x10 [ 638.992371][T13943] ____sys_sendmsg+0xa98/0xc70 [ 638.992393][T13943] ? copy_msghdr_from_user+0x10a/0x160 [ 638.992420][T13943] ? __pfx_____sys_sendmsg+0x10/0x10 [ 638.992446][T13943] ? __pfx_futex_wake_mark+0x10/0x10 [ 638.992476][T13943] ___sys_sendmsg+0x134/0x1d0 [ 638.992512][T13943] ? __pfx____sys_sendmsg+0x10/0x10 [ 638.992537][T13943] ? __lock_acquire+0x622/0x1c90 [ 638.992591][T13943] __sys_sendmsg+0x16d/0x220 [ 638.992619][T13943] ? __pfx___sys_sendmsg+0x10/0x10 [ 638.992646][T13943] ? __x64_sys_futex+0x1e0/0x4c0 [ 638.992684][T13943] do_syscall_64+0xcd/0x490 [ 638.992716][T13943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.992736][T13943] RIP: 0033:0x7fb6a118e929 [ 638.992753][T13943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 638.992773][T13943] RSP: 002b:00007fb6a1f6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 638.992793][T13943] RAX: ffffffffffffffda RBX: 00007fb6a13b5fa0 RCX: 00007fb6a118e929 [ 638.992805][T13943] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 638.992817][T13943] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 638.992829][T13943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 638.992841][T13943] R13: 0000000000000000 R14: 00007fb6a13b5fa0 R15: 00007ffcec859c48 [ 638.992864][T13943] [ 639.515309][T13898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 639.871768][ T5169] Bluetooth: hci4: command tx timeout [ 640.019808][T13898] team0: Port device team_slave_0 added [ 640.176061][T13898] team0: Port device team_slave_1 added [ 640.644593][T13898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 640.670792][T13898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 640.701577][T13898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 640.937359][T13898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 640.963152][T13898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 641.040468][T13898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 641.765363][T13898] hsr_slave_0: entered promiscuous mode [ 641.783685][T13898] hsr_slave_1: entered promiscuous mode [ 641.801022][T13898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 641.831566][T13898] Cannot create hsr debugfs directory [ 641.970145][T13993] Bluetooth: hci4: command tx timeout [ 642.978788][T14072] FAULT_INJECTION: forcing a failure. [ 642.978788][T14072] name failslab, interval 1, probability 0, space 0, times 0 [ 643.032649][T14072] CPU: 0 UID: 0 PID: 14072 Comm: syz.2.1890 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 643.032696][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 643.032714][T14072] Call Trace: [ 643.032724][T14072] [ 643.032736][T14072] dump_stack_lvl+0x16c/0x1f0 [ 643.032784][T14072] should_fail_ex+0x512/0x640 [ 643.032826][T14072] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 643.032876][T14072] should_failslab+0xc2/0x120 [ 643.032903][T14072] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 643.032945][T14072] ? __proc_create+0xc3/0x8c0 [ 643.032996][T14072] ? __proc_create+0x2ce/0x8c0 [ 643.033048][T14072] __proc_create+0x2ce/0x8c0 [ 643.033096][T14072] ? __pfx___proc_create+0x10/0x10 [ 643.033147][T14072] ? do_raw_spin_unlock+0x172/0x230 [ 643.033177][T14072] ? _raw_spin_unlock+0x28/0x50 [ 643.033221][T14072] proc_create_reg+0x7d/0x180 [ 643.033255][T14072] proc_create_net_data+0x8e/0x1b0 [ 643.033306][T14072] ? __pfx_proc_create_net_data+0x10/0x10 [ 643.033355][T14072] ? __asan_memcpy+0x3c/0x60 [ 643.033395][T14072] ? __pfx_unix_net_init+0x10/0x10 [ 643.033430][T14072] ? __pfx_unix_net_init+0x10/0x10 [ 643.033463][T14072] unix_net_init+0xb7/0x350 [ 643.033500][T14072] ? __pfx_unix_net_init+0x10/0x10 [ 643.033532][T14072] ops_init+0x1df/0x5f0 [ 643.033600][T14072] setup_net+0x1ff/0x510 [ 643.033643][T14072] ? lockdep_init_map_type+0x5c/0x280 [ 643.033687][T14072] ? __pfx_setup_net+0x10/0x10 [ 643.033734][T14072] ? debug_mutex_init+0x37/0x70 [ 643.033771][T14072] copy_net_ns+0x2a6/0x5f0 [ 643.033806][T14072] create_new_namespaces+0x3ea/0xa90 [ 643.033850][T14072] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 643.033889][T14072] ksys_unshare+0x45b/0xa40 [ 643.033929][T14072] ? __pfx_ksys_unshare+0x10/0x10 [ 643.033972][T14072] ? xfd_validate_state+0x61/0x180 [ 643.034026][T14072] __x64_sys_unshare+0x31/0x40 [ 643.034067][T14072] do_syscall_64+0xcd/0x490 [ 643.034116][T14072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.034147][T14072] RIP: 0033:0x7fe22878e929 [ 643.034173][T14072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 643.034202][T14072] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 643.034231][T14072] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 643.034251][T14072] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 643.034268][T14072] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 643.034286][T14072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.034306][T14072] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 643.034347][T14072] [ 643.954494][ T5169] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 643.961384][ T6941] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 644.034160][T13991] Bluetooth: hci10: Opcode 0x0c03 failed: -110 [ 644.035426][T13994] Bluetooth: hci11: Opcode 0x0c03 failed: -110 [ 644.040906][T13991] Bluetooth: hci4: command tx timeout [ 644.047177][T13899] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 644.053324][T13995] Bluetooth: hci8: Opcode 0x0c03 failed: -110 [ 644.060182][T13998] Bluetooth: hci12: Opcode 0x0c03 failed: -110 [ 644.066842][T13993] Bluetooth: hci9: Opcode 0x0c03 failed: -110 [ 644.079975][T13997] Bluetooth: hci16: Opcode 0x0c03 failed: -110 [ 644.114451][T14001] Bluetooth: hci14: Opcode 0x0c03 failed: -110 [ 644.121623][T14000] Bluetooth: hci26: Opcode 0x0c03 failed: -110 [ 644.196219][T14016] Bluetooth: hci23: Opcode 0x0c03 failed: -110 [ 644.203054][T14011] Bluetooth: hci28: Opcode 0x0c03 failed: -110 [ 644.203466][T14013] Bluetooth: hci15: Opcode 0x0c03 failed: -110 [ 644.210992][T14014] Bluetooth: hci21: Opcode 0x0c03 failed: -110 [ 644.216235][T14007] Bluetooth: hci13: Opcode 0x0c03 failed: -110 [ 644.223860][T13999] Bluetooth: hci27: Opcode 0x0c03 failed: -110 [ 644.229908][T14015] Bluetooth: hci17: Opcode 0x0c03 failed: -110 [ 644.278250][T14021] Bluetooth: hci24: Opcode 0x0c03 failed: -110 [ 644.283818][T14018] Bluetooth: hci18: Opcode 0x0c03 failed: -110 [ 644.285548][T14017] Bluetooth: hci20: Opcode 0x0c03 failed: -110 [ 644.291618][T14020] Bluetooth: hci31: Opcode 0x0c03 failed: -110 [ 644.299784][T14025] Bluetooth: hci29: Opcode 0x0c03 failed: -110 [ 644.311742][T14019] Bluetooth: hci22: Opcode 0x0c03 failed: -110 [ 644.313605][T14024] Bluetooth: hci25: Opcode 0x0c03 failed: -110 [ 644.318358][T14026] Bluetooth: hci19: Opcode 0x0c03 failed: -110 [ 644.330932][T14022] Bluetooth: hci37: Opcode 0x0c03 failed: -110 [ 644.338415][T14023] Bluetooth: hci32: Opcode 0x0c03 failed: -110 [ 644.355025][T14028] Bluetooth: hci35: Opcode 0x0c03 failed: -110 [ 644.362001][T14033] Bluetooth: hci42: Opcode 0x0c03 failed: -110 [ 644.370252][T14032] Bluetooth: hci34: Opcode 0x0c03 failed: -110 [ 644.373478][T14027] Bluetooth: hci30: Opcode 0x0c03 failed: -110 [ 644.376879][T14036] Bluetooth: hci44: Opcode 0x0c03 failed: -110 [ 644.384025][T14031] Bluetooth: hci33: Opcode 0x0c03 failed: -110 [ 644.397406][T14035] Bluetooth: hci36: Opcode 0x0c03 failed: -110 [ 644.434194][T14039] Bluetooth: hci47: Opcode 0x0c03 failed: -110 [ 644.434256][T14041] Bluetooth: hci38: Opcode 0x0c03 failed: -110 [ 644.440735][T14043] Bluetooth: hci62: Opcode 0x0c03 failed: -110 [ 644.473536][T14037] Bluetooth: hci39: Opcode 0x0c03 failed: -110 [ 644.505650][ T7998] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 644.524337][T14046] Bluetooth: hci63: Opcode 0x0c03 failed: -110 [ 644.531207][T14051] Bluetooth: hci64: Opcode 0x0c03 failed: -110 [ 644.533533][T14047] Bluetooth: hci41: Opcode 0x0c03 failed: -110 [ 644.594093][T14054] Bluetooth: hci40: Opcode 0x0c03 failed: -110 [ 644.601001][T14058] Bluetooth: hci49: Opcode 0x0c03 failed: -110 [ 644.607609][T14056] Bluetooth: hci43: Opcode 0x0c03 failed: -110 [ 644.613526][T14059] Bluetooth: hci45: Opcode 0x0c03 failed: -110 [ 644.614213][T14060] Bluetooth: hci46: Opcode 0x0c03 failed: -110 [ 644.620645][T14053] Bluetooth: hci65: Opcode 0x0c03 failed: -110 [ 644.626859][T14062] Bluetooth: hci48: Opcode 0x0c03 failed: -110 [ 644.644204][T14061] Bluetooth: hci51: Opcode 0x0c03 failed: -110 [ 644.651427][T14055] Bluetooth: hci61: Opcode 0x0c03 failed: -110 [ 644.676536][T14063] Bluetooth: hci50: Opcode 0x0c03 failed: -110 [ 644.683391][T14068] Bluetooth: hci56: Opcode 0x0c03 failed: -110 [ 644.689923][T14066] Bluetooth: hci55: Opcode 0x0c03 failed: -110 [ 644.694146][T14067] Bluetooth: hci54: Opcode 0x0c03 failed: -110 [ 644.696521][T14065] Bluetooth: hci52: Opcode 0x0c03 failed: -110 [ 644.709454][T14069] Bluetooth: hci53: Opcode 0x0c03 failed: -110 [ 644.753987][T14071] Bluetooth: hci58: Opcode 0x0c03 failed: -110 [ 644.764283][T14076] Bluetooth: hci66: Opcode 0x0c03 failed: -110 [ 644.771177][T14075] Bluetooth: hci60: Opcode 0x0c03 failed: -110 [ 644.773633][T14073] Bluetooth: hci57: Opcode 0x0c03 failed: -110 [ 644.778882][T14077] Bluetooth: hci59: Opcode 0x0c03 failed: -110 [ 644.879311][ T7998] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.236968][ T7998] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.347520][T13898] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 645.409573][T13898] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 645.573310][ T7998] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 645.644997][T13898] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 645.705730][T13898] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 646.206258][T14113] hub 8-0:1.0: USB hub found [ 646.222692][T14114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1894'. [ 646.224063][T14113] hub 8-0:1.0: 1 port detected [ 646.377653][ T7998] bridge_slave_1: left allmulticast mode [ 646.383793][ T7998] bridge_slave_1: left promiscuous mode [ 646.416225][ T7998] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.472587][ T7998] bridge_slave_0: left allmulticast mode [ 646.479558][ T7998] bridge_slave_0: left promiscuous mode [ 646.507493][ T7998] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.485202][ T7998] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 647.528163][ T7998] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 647.560854][ T7998] bond0 (unregistering): Released all slaves [ 647.628098][T14123] platform regulatory.0: loading /lib/firmware/regulatory.db failed with error -12 [ 647.700916][T14123] platform regulatory.0: Direct firmware load for regulatory.db failed with error -12 [ 647.721966][T14123] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 647.797718][T13898] 8021q: adding VLAN 0 to HW filter on device bond0 [ 648.164711][T13898] 8021q: adding VLAN 0 to HW filter on device team0 [ 648.477918][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.485201][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 648.513350][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.520648][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 649.865880][ T7998] hsr_slave_0: left promiscuous mode [ 649.891754][ T7998] hsr_slave_1: left promiscuous mode [ 649.917853][ T7998] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 649.925366][ T7998] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 650.023547][ T7998] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 650.067987][ T7998] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 650.201912][ T7998] veth1_macvtap: left promiscuous mode [ 650.266672][ T7998] veth0_macvtap: left promiscuous mode [ 650.272471][ T7998] veth1_vlan: left promiscuous mode [ 650.312467][ T7998] veth0_vlan: left promiscuous mode [ 651.623967][ T7998] team0 (unregistering): Port device team_slave_1 removed [ 651.693380][ T7998] team0 (unregistering): Port device team_slave_0 removed [ 653.620735][T13898] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 654.050473][T14232] FAULT_INJECTION: forcing a failure. [ 654.050473][T14232] name failslab, interval 1, probability 0, space 0, times 0 [ 654.119913][T14232] CPU: 1 UID: 0 PID: 14232 Comm: syz.2.1909 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 654.119959][T14232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.119978][T14232] Call Trace: [ 654.119990][T14232] [ 654.120002][T14232] dump_stack_lvl+0x16c/0x1f0 [ 654.120055][T14232] should_fail_ex+0x512/0x640 [ 654.120101][T14232] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 654.120159][T14232] should_failslab+0xc2/0x120 [ 654.120191][T14232] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 654.120244][T14232] ? x509_cert_parse+0x3bd/0x900 [ 654.120291][T14232] kmemdup_noprof+0x29/0x60 [ 654.120339][T14232] x509_cert_parse+0x3bd/0x900 [ 654.120375][T14232] ? kasan_save_stack+0x42/0x60 [ 654.120418][T14232] ? kasan_save_stack+0x33/0x60 [ 654.120460][T14232] ? kasan_save_track+0x14/0x30 [ 654.120508][T14232] pkcs7_extract_cert+0xa4/0x320 [ 654.120568][T14232] asn1_ber_decoder+0xc5f/0x1df0 [ 654.120636][T14232] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 654.120718][T14232] pkcs7_parse_message+0x288/0x720 [ 654.120769][T14232] verify_pkcs7_signature+0x30/0xa0 [ 654.120808][T14232] valid_regdb+0x215/0x590 [ 654.120844][T14232] ? __pfx___mutex_lock+0x10/0x10 [ 654.120891][T14232] ? __pfx_valid_regdb+0x10/0x10 [ 654.120940][T14232] reg_reload_regdb+0x11e/0x460 [ 654.120978][T14232] ? __pfx_reg_reload_regdb+0x10/0x10 [ 654.121017][T14232] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 654.121057][T14232] ? nl80211_pre_doit+0x1b0/0xb10 [ 654.121106][T14232] genl_family_rcv_msg_doit+0x209/0x2f0 [ 654.121148][T14232] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 654.121185][T14232] ? rcu_is_watching+0x12/0xc0 [ 654.121234][T14232] ? bpf_lsm_capable+0x9/0x10 [ 654.121272][T14232] ? security_capable+0x7e/0x260 [ 654.121312][T14232] genl_rcv_msg+0x55c/0x800 [ 654.121356][T14232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 654.121395][T14232] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 654.121438][T14232] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 654.121472][T14232] ? __pfx_nl80211_post_doit+0x10/0x10 [ 654.121541][T14232] netlink_rcv_skb+0x158/0x420 [ 654.121576][T14232] ? __pfx_genl_rcv_msg+0x10/0x10 [ 654.121616][T14232] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 654.121667][T14232] ? netlink_deliver_tap+0x1ae/0xd30 [ 654.121724][T14232] genl_rcv+0x28/0x40 [ 654.121756][T14232] netlink_unicast+0x53a/0x7f0 [ 654.121793][T14232] ? __pfx_netlink_unicast+0x10/0x10 [ 654.121839][T14232] netlink_sendmsg+0x8d1/0xdd0 [ 654.121879][T14232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 654.121930][T14232] ____sys_sendmsg+0xa98/0xc70 [ 654.121967][T14232] ? copy_msghdr_from_user+0x10a/0x160 [ 654.122013][T14232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 654.122059][T14232] ? __pfx_futex_wake_mark+0x10/0x10 [ 654.122111][T14232] ___sys_sendmsg+0x134/0x1d0 [ 654.122159][T14232] ? __pfx____sys_sendmsg+0x10/0x10 [ 654.122199][T14232] ? __lock_acquire+0x622/0x1c90 [ 654.122294][T14232] __sys_sendmsg+0x16d/0x220 [ 654.122341][T14232] ? __pfx___sys_sendmsg+0x10/0x10 [ 654.122387][T14232] ? __x64_sys_futex+0x1e0/0x4c0 [ 654.122452][T14232] do_syscall_64+0xcd/0x490 [ 654.122503][T14232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.122543][T14232] RIP: 0033:0x7fe22878e929 [ 654.122571][T14232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.122602][T14232] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 654.122633][T14232] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 654.122654][T14232] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 654.122675][T14232] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 654.122695][T14232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 654.122720][T14232] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 654.122763][T14232] [ 654.724926][T14237] FAULT_INJECTION: forcing a failure. [ 654.724926][T14237] name fail_futex, interval 1, probability 0, space 0, times 0 [ 654.738503][T14237] CPU: 1 UID: 0 PID: 14237 Comm: syz.2.1911 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 654.738547][T14237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 654.738566][T14237] Call Trace: [ 654.738576][T14237] [ 654.738588][T14237] dump_stack_lvl+0x16c/0x1f0 [ 654.738636][T14237] should_fail_ex+0x512/0x640 [ 654.738686][T14237] get_futex_key+0x1d0/0x1540 [ 654.738729][T14237] ? __pfx_get_futex_key+0x10/0x10 [ 654.738769][T14237] ? pick_eevdf+0x3be/0x5b0 [ 654.738804][T14237] ? update_curr_se+0x8b/0x270 [ 654.738845][T14237] ? update_curr+0x74/0x800 [ 654.738894][T14237] futex_wait_setup+0x84/0x510 [ 654.738948][T14237] __futex_wait+0x194/0x2f0 [ 654.738995][T14237] ? __pfx___futex_wait+0x10/0x10 [ 654.739038][T14237] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 654.739087][T14237] ? __pfx_futex_wake_mark+0x10/0x10 [ 654.739137][T14237] ? plist_check_head+0xa3/0x150 [ 654.739172][T14237] ? find_held_lock+0x2b/0x80 [ 654.739217][T14237] futex_wait+0xe8/0x380 [ 654.739261][T14237] ? __pfx_futex_wait+0x10/0x10 [ 654.739315][T14237] ? kfree+0x24f/0x4d0 [ 654.739361][T14237] do_futex+0x229/0x350 [ 654.739398][T14237] ? __pfx_do_futex+0x10/0x10 [ 654.739479][T14237] __x64_sys_futex+0x1e0/0x4c0 [ 654.739524][T14237] ? __pfx___x64_sys_futex+0x10/0x10 [ 654.739563][T14237] ? __sys_setsockopt+0x140/0x1a0 [ 654.739621][T14237] do_syscall_64+0xcd/0x490 [ 654.739669][T14237] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 654.739698][T14237] RIP: 0033:0x7fe22878e929 [ 654.739722][T14237] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 654.739751][T14237] RSP: 002b:00007fe2296260e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 654.739780][T14237] RAX: ffffffffffffffda RBX: 00007fe2289b5fa8 RCX: 00007fe22878e929 [ 654.739801][T14237] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fe2289b5fa8 [ 654.739820][T14237] RBP: 00007fe2289b5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 654.739837][T14237] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe2289b5fac [ 654.739855][T14237] R13: 0000000000000000 R14: 00007ffee0da64b0 R15: 00007ffee0da6598 [ 654.739894][T14237] [ 655.486935][T13898] veth0_vlan: entered promiscuous mode [ 655.555025][T13898] veth1_vlan: entered promiscuous mode [ 655.715694][T13898] veth0_macvtap: entered promiscuous mode [ 655.727481][T13898] veth1_macvtap: entered promiscuous mode [ 655.754543][T13898] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 655.767369][T13898] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 655.792258][T13898] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.821588][T13898] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.830638][T13898] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.841210][T13898] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 655.909976][T14239] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1910'. [ 656.100845][ T7998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 656.108751][ T7998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 656.367919][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 656.429489][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 657.080454][T14282] FAULT_INJECTION: forcing a failure. [ 657.080454][T14282] name failslab, interval 1, probability 0, space 0, times 0 [ 657.080505][T14282] CPU: 1 UID: 0 PID: 14282 Comm: syz.2.1916 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 657.080559][T14282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 657.080578][T14282] Call Trace: [ 657.080588][T14282] [ 657.080601][T14282] dump_stack_lvl+0x16c/0x1f0 [ 657.080651][T14282] should_fail_ex+0x512/0x640 [ 657.080692][T14282] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 657.080739][T14282] should_failslab+0xc2/0x120 [ 657.080769][T14282] __kmalloc_cache_noprof+0x6a/0x3e0 [ 657.080809][T14282] ? x509_cert_parse+0x9a/0x900 [ 657.080846][T14282] ? kasan_save_track+0x14/0x30 [ 657.080891][T14282] x509_cert_parse+0x9a/0x900 [ 657.080926][T14282] ? kasan_save_stack+0x42/0x60 [ 657.080966][T14282] ? kasan_save_stack+0x33/0x60 [ 657.081008][T14282] ? kasan_save_track+0x14/0x30 [ 657.081053][T14282] pkcs7_extract_cert+0xa4/0x320 [ 657.081101][T14282] asn1_ber_decoder+0xc5f/0x1df0 /[ 657.081165][T14282] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 657.081242][T14282] pkcs7_parse_message+0x288/0x720 [ 657.081293][T14282] verify_pkcs7_signature+0x30/0xa0 [ 657.081332][T14282] valid_regdb+0x215/0x590 [ 657.081366][T14282] ? __pfx___mutex_lock+0x10/0x10 [ 657.081414][T14282] ? __pfx_valid_regdb+0x10/0x10 [ 657.081456][T14282] reg_reload_regdb+0x11e/0x460 [ 657.081492][T14282] ? __pfx_reg_reload_regdb+0x10/0x10 [ 657.081540][T14282] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 657.081583][T14282] ? nl80211_pre_doit+0x1b0/0xb10 [ 657.081633][T14282] genl_family_rcv_msg_doit+0x209/0x2f0 [ 657.081676][T14282] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 657.081711][T14282] ? rcu_is_watching+0x12/0xc0 [ 657.081756][T14282] ? bpf_lsm_capable+0x9/0x10 [ 657.081791][T14282] ? security_capable+0x7e/0x260 [ 657.081831][T14282] genl_rcv_msg+0x55c/0x800 [ 657.081872][T14282] ? __pfx_genl_rcv_msg+0x10/0x10 [ 657.081907][T14282] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 657.081947][T14282] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 657.081978][T14282] ? __pfx_nl80211_post_doit+0x10/0x10 [ 657.082037][T14282] netlink_rcv_skb+0x158/0x420 [ 657.082068][T14282] ? __pfx_genl_rcv_msg+0x10/0x10 [ 657.082107][T14282] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 657.082158][T14282] ? netlink_deliver_tap+0x1ae/0xd30 [ 657.082215][T14282] genl_rcv+0x28/0x40 [ 657.082247][T14282] netlink_unicast+0x53a/0x7f0 [ 657.082285][T14282] ? __pfx_netlink_unicast+0x10/0x10 [ 657.082330][T14282] netlink_sendmsg+0x8d1/0xdd0 [ 657.082370][T14282] ? __pfx_netlink_sendmsg+0x10/0x10 [ 657.082420][T14282] ____sys_sendmsg+0xa98/0xc70 [ 657.082457][T14282] ? copy_msghdr_from_user+0x10a/0x160 [ 657.082502][T14282] ? __pfx_____sys_sendmsg+0x10/0x10 [ 657.082554][T14282] ? __pfx_futex_wake_mark+0x10/0x10 [ 657.082606][T14282] ___sys_sendmsg+0x134/0x1d0 [ 657.082655][T14282] ? __pfx____sys_sendmsg+0x10/0x10 [ 657.082696][T14282] ? __lock_acquire+0x622/0x1c90 [ 657.082807][T14282] __sys_sendmsg+0x16d/0x220 [ 657.082853][T14282] ? __pfx___sys_sendmsg+0x10/0x10 [ 657.082899][T14282] ? __x64_sys_futex+0x1e0/0x4c0 [ 657.082969][T14282] do_syscall_64+0xcd/0x490 [ 657.083019][T14282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 657.083051][T14282] RIP: 0033:0x7fe22878e929 [ 657.083076][T14282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 657.083103][T14282] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 657.083133][T14282] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 657.083153][T14282] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 657.083173][T14282] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 657.083190][T14282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 657.083209][T14282] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 657.083249][T14282] [ 658.873887][T14320] Invalid ELF header magic: != ELF [ 659.182599][T14331] FAULT_INJECTION: forcing a failure. [ 659.182599][T14331] name failslab, interval 1, probability 0, space 0, times 0 [ 659.301062][T14331] CPU: 0 UID: 0 PID: 14331 Comm: syz.2.1923 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 659.301106][T14331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 659.301124][T14331] Call Trace: [ 659.301134][T14331] [ 659.301146][T14331] dump_stack_lvl+0x16c/0x1f0 [ 659.301192][T14331] should_fail_ex+0x512/0x640 [ 659.301232][T14331] ? __kmalloc_noprof+0xbf/0x510 [ 659.301277][T14331] ? usb_hcd_submit_urb+0x5cf/0x1c60 [ 659.301321][T14331] should_failslab+0xc2/0x120 [ 659.301350][T14331] __kmalloc_noprof+0xd2/0x510 [ 659.301392][T14331] ? mark_held_locks+0x49/0x80 [ 659.301430][T14331] ? _raw_spin_unlock_irq+0x23/0x50 [ 659.301470][T14331] usb_hcd_submit_urb+0x5cf/0x1c60 [ 659.301537][T14331] usb_submit_urb+0x87c/0x1790 [ 659.301574][T14331] ? lockdep_init_map_type+0x33/0x280 [ 659.301617][T14331] ? __init_swait_queue_head+0xca/0x150 [ 659.301652][T14331] usb_start_wait_urb+0x104/0x4b0 [ 659.301689][T14331] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 659.301738][T14331] ? __asan_memset+0x23/0x50 [ 659.301784][T14331] usb_control_msg+0x326/0x4a0 [ 659.301819][T14331] ? __pfx_usb_control_msg+0x10/0x10 [ 659.301863][T14331] hub_ext_port_status+0x14e/0x670 [ 659.301909][T14331] hub_activate+0x6e5/0x1d60 [ 659.301956][T14331] ? __pfx_hub_activate+0x10/0x10 [ 659.301985][T14331] ? find_held_lock+0x2b/0x80 [ 659.302017][T14331] ? proc_do_submiturb+0x35b0/0x3b00 [ 659.302048][T14331] ? usbfs_notify_resume+0x25/0xf0 [ 659.302088][T14331] hub_resume+0xa8/0x3f0 [ 659.302121][T14331] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 659.302167][T14331] ? __pfx_hub_resume+0x10/0x10 [ 659.302201][T14331] ? __pfx_hcd_bus_resume+0x10/0x10 [ 659.302255][T14331] usb_resume_interface.constprop.0.isra.0+0x2c2/0x3e0 [ 659.302306][T14331] usb_resume_both+0x273/0x800 [ 659.302351][T14331] ? __pfx_usb_resume_both+0x10/0x10 [ 659.302396][T14331] ? __pfx_usb_runtime_resume+0x10/0x10 [ 659.302444][T14331] ? __pfx_usb_runtime_resume+0x10/0x10 [ 659.302498][T14331] __rpm_callback+0xc8/0x610 [ 659.302546][T14331] ? __pfx_usb_runtime_resume+0x10/0x10 [ 659.302593][T14331] rpm_callback+0x1b7/0x200 [ 659.302635][T14331] ? __pfx_usb_runtime_resume+0x10/0x10 [ 659.302680][T14331] rpm_resume+0xd0a/0x1310 [ 659.302740][T14331] ? __pfx_rpm_resume+0x10/0x10 [ 659.302781][T14331] ? do_raw_spin_lock+0x12c/0x2b0 [ 659.302828][T14331] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 659.302891][T14331] __pm_runtime_resume+0xb6/0x170 [ 659.302940][T14331] usb_autoresume_device+0x23/0xe0 [ 659.302987][T14331] usbdev_open+0x228/0x8b0 [ 659.303033][T14331] ? kobject_get_unless_zero+0x156/0x1e0 [ 659.303079][T14331] ? __pfx_usbdev_open+0x10/0x10 [ 659.303123][T14331] ? chrdev_open+0x10b/0x6a0 [ 659.303173][T14331] ? __pfx_usbdev_open+0x10/0x10 [ 659.303218][T14331] chrdev_open+0x234/0x6a0 [ 659.303261][T14331] ? __pfx_apparmor_file_open+0x10/0x10 [ 659.303299][T14331] ? __pfx_chrdev_open+0x10/0x10 [ 659.303347][T14331] ? file_set_fsnotify_mode_from_watchers+0x163/0x640 [ 659.303394][T14331] do_dentry_open+0x741/0x1c10 [ 659.303439][T14331] ? __pfx_chrdev_open+0x10/0x10 [ 659.303500][T14331] vfs_open+0x82/0x3f0 [ 659.303539][T14331] path_openat+0x1de4/0x2cb0 [ 659.303595][T14331] ? __pfx_path_openat+0x10/0x10 [ 659.303640][T14331] ? __lock_acquire+0xb8a/0x1c90 [ 659.303686][T14331] do_filp_open+0x20b/0x470 [ 659.303729][T14331] ? __pfx_do_filp_open+0x10/0x10 [ 659.303802][T14331] ? alloc_fd+0x471/0x7d0 [ 659.303856][T14331] do_sys_openat2+0x11b/0x1d0 [ 659.303890][T14331] ? __pfx_do_sys_openat2+0x10/0x10 [ 659.303938][T14331] __x64_sys_openat+0x174/0x210 [ 659.303973][T14331] ? __pfx___x64_sys_openat+0x10/0x10 [ 659.304027][T14331] do_syscall_64+0xcd/0x490 [ 659.304073][T14331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 659.304103][T14331] RIP: 0033:0x7fe22878e929 [ 659.304128][T14331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 659.304157][T14331] RSP: 002b:00007fe229626038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 659.304187][T14331] RAX: ffffffffffffffda RBX: 00007fe2289b5fa0 RCX: 00007fe22878e929 [ 659.304208][T14331] RDX: 0000000000040402 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 659.304228][T14331] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 659.304246][T14331] R10: 000000000000ecff R11: 0000000000000246 R12: 0000000000000000 [ 659.304264][T14331] R13: 0000000000000000 R14: 00007fe2289b5fa0 R15: 00007ffee0da6598 [ 659.304304][T14331] [ 659.746972][ C0] vkms_vblank_simulate: vblank timer overrun [ 659.851208][T14331] hub 37-0:1.0: hub_ext_port_status failed (err = -12) [ 660.101556][T14321] phram: not enough arguments [ 661.035229][T14347] ptrace attach of "./syz-executor exec"[5854] was attempted by "./syz-executor exec"[14347] [ 661.516102][T14358] FAULT_INJECTION: forcing a failure. [ 661.516102][T14358] name failslab, interval 1, probability 0, space 0, times 0 [ 661.528962][T14358] CPU: 0 UID: 0 PID: 14358 Comm: syz.4.1927 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 661.528992][T14358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 661.529005][T14358] Call Trace: [ 661.529012][T14358] [ 661.529020][T14358] dump_stack_lvl+0x16c/0x1f0 [ 661.529054][T14358] should_fail_ex+0x512/0x640 [ 661.529081][T14358] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 661.529114][T14358] should_failslab+0xc2/0x120 [ 661.529132][T14358] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 661.529163][T14358] ? x509_cert_parse+0x2b6/0x900 [ 661.529190][T14358] kmemdup_noprof+0x29/0x60 [ 661.529218][T14358] x509_cert_parse+0x2b6/0x900 [ 661.529240][T14358] ? kasan_save_stack+0x42/0x60 [ 661.529265][T14358] ? kasan_save_stack+0x33/0x60 [ 661.529296][T14358] ? kasan_save_track+0x14/0x30 [ 661.529324][T14358] pkcs7_extract_cert+0xa4/0x320 [ 661.529354][T14358] asn1_ber_decoder+0xc5f/0x1df0 [ 661.529394][T14358] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 661.529439][T14358] pkcs7_parse_message+0x288/0x720 [ 661.529469][T14358] verify_pkcs7_signature+0x30/0xa0 [ 661.529492][T14358] valid_regdb+0x215/0x590 [ 661.529519][T14358] ? __pfx___mutex_lock+0x10/0x10 [ 661.529548][T14358] ? __pfx_valid_regdb+0x10/0x10 [ 661.529572][T14358] reg_reload_regdb+0x11e/0x460 [ 661.529594][T14358] ? __pfx_reg_reload_regdb+0x10/0x10 [ 661.529617][T14358] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 661.529643][T14358] ? nl80211_pre_doit+0x1b0/0xb10 [ 661.529673][T14358] genl_family_rcv_msg_doit+0x209/0x2f0 [ 661.529699][T14358] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 661.529721][T14358] ? rcu_is_watching+0x12/0xc0 [ 661.529749][T14358] ? bpf_lsm_capable+0x9/0x10 [ 661.529771][T14358] ? security_capable+0x7e/0x260 [ 661.529794][T14358] genl_rcv_msg+0x55c/0x800 [ 661.529819][T14358] ? __pfx_genl_rcv_msg+0x10/0x10 [ 661.529841][T14358] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 661.529866][T14358] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 661.529886][T14358] ? __pfx_nl80211_post_doit+0x10/0x10 [ 661.529921][T14358] netlink_rcv_skb+0x158/0x420 [ 661.529940][T14358] ? __pfx_genl_rcv_msg+0x10/0x10 [ 661.529964][T14358] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 661.529992][T14358] ? netlink_deliver_tap+0x1ae/0xd30 [ 661.530025][T14358] genl_rcv+0x28/0x40 [ 661.530044][T14358] netlink_unicast+0x53a/0x7f0 [ 661.530065][T14358] ? __pfx_netlink_unicast+0x10/0x10 [ 661.530091][T14358] netlink_sendmsg+0x8d1/0xdd0 [ 661.530115][T14358] ? __pfx_netlink_sendmsg+0x10/0x10 [ 661.530158][T14358] ____sys_sendmsg+0xa98/0xc70 [ 661.530192][T14358] ? copy_msghdr_from_user+0x10a/0x160 [ 661.530233][T14358] ? __pfx_____sys_sendmsg+0x10/0x10 [ 661.530263][T14358] ? try_to_wake_up+0xa2f/0x1680 [ 661.530286][T14358] ___sys_sendmsg+0x134/0x1d0 [ 661.530315][T14358] ? __pfx____sys_sendmsg+0x10/0x10 [ 661.530340][T14358] ? __lock_acquire+0x622/0x1c90 [ 661.530393][T14358] __sys_sendmsg+0x16d/0x220 [ 661.530420][T14358] ? __pfx___sys_sendmsg+0x10/0x10 [ 661.530447][T14358] ? __x64_sys_futex+0x1e0/0x4c0 [ 661.530484][T14358] do_syscall_64+0xcd/0x490 [ 661.530521][T14358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.530540][T14358] RIP: 0033:0x7f2b3558e929 [ 661.530556][T14358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 661.530576][T14358] RSP: 002b:00007f2b36406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 661.530596][T14358] RAX: ffffffffffffffda RBX: 00007f2b357b5fa0 RCX: 00007f2b3558e929 [ 661.530608][T14358] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 661.530620][T14358] RBP: 00007f2b35610b39 R08: 0000000000000000 R09: 0000000000000000 [ 661.530631][T14358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.530643][T14358] R13: 0000000000000000 R14: 00007f2b357b5fa0 R15: 00007ffec57d3d88 [ 661.530667][T14358] [ 661.910489][ C0] vkms_vblank_simulate: vblank timer overrun [ 662.709035][ T30] audit: type=1800 audit(6047029848.750:29): pid=14379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1928" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 664.078236][T14424] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 664.325828][T14434] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input22 [ 664.684024][T14443] random: crng reseeded on system resumption [ 665.179912][T14424] Per memcg swappiness does not exist in cgroup v2. See memory.reclaim or memory.swap.max there [ 665.179912][T14424] [ 665.191291][T14455] FAULT_INJECTION: forcing a failure. [ 665.191291][T14455] name fail_futex, interval 1, probability 0, space 0, times 0 [ 665.278011][T14455] CPU: 0 UID: 0 PID: 14455 Comm: syz.1.1939 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 665.278057][T14455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 665.278075][T14455] Call Trace: [ 665.278085][T14455] [ 665.278097][T14455] dump_stack_lvl+0x16c/0x1f0 [ 665.278145][T14455] should_fail_ex+0x512/0x640 [ 665.278192][T14455] get_futex_key+0x1d0/0x1540 [ 665.278233][T14455] ? __pfx_get_futex_key+0x10/0x10 [ 665.278269][T14455] ? pick_eevdf+0x3be/0x5b0 [ 665.278302][T14455] ? update_curr_se+0x8b/0x270 [ 665.278340][T14455] ? update_curr+0x74/0x800 [ 665.278386][T14455] futex_wait_setup+0x84/0x510 [ 665.278435][T14455] __futex_wait+0x194/0x2f0 [ 665.278477][T14455] ? __pfx___futex_wait+0x10/0x10 [ 665.278515][T14455] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 665.278559][T14455] ? __pfx_futex_wake_mark+0x10/0x10 [ 665.278606][T14455] ? preempt_schedule_common+0x44/0xc0 [ 665.278658][T14455] futex_wait+0xe8/0x380 [ 665.278708][T14455] ? __pfx_futex_wait+0x10/0x10 [ 665.278759][T14455] ? __lock_acquire+0xb8a/0x1c90 [ 665.278804][T14455] do_futex+0x229/0x350 [ 665.278839][T14455] ? __pfx_do_futex+0x10/0x10 [ 665.278877][T14455] ? find_held_lock+0x2b/0x80 [ 665.278912][T14455] __x64_sys_futex+0x1e0/0x4c0 [ 665.278952][T14455] ? __pfx___x64_sys_futex+0x10/0x10 [ 665.278986][T14455] ? _copy_to_user+0x48/0xd0 [ 665.279041][T14455] do_syscall_64+0xcd/0x490 [ 665.279085][T14455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 665.279115][T14455] RIP: 0033:0x7fadf1d8e929 [ 665.279145][T14455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 665.279175][T14455] RSP: 002b:00007fadf2c210e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 665.279206][T14455] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa8 RCX: 00007fadf1d8e929 [ 665.279227][T14455] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fadf1fb5fa8 [ 665.279246][T14455] RBP: 00007fadf1fb5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 665.279265][T14455] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fadf1fb5fac [ 665.279283][T14455] R13: 0000000000000000 R14: 00007ffe063c9cf0 R15: 00007ffe063c9dd8 [ 665.279323][T14455] [ 665.504247][ C0] vkms_vblank_simulate: vblank timer overrun [ 666.862010][T14485] FAULT_INJECTION: forcing a failure. [ 666.862010][T14485] name failslab, interval 1, probability 0, space 0, times 0 [ 666.875428][T14485] CPU: 1 UID: 0 PID: 14485 Comm: syz.0.1951 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 666.875456][T14485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 666.875468][T14485] Call Trace: [ 666.875475][T14485] [ 666.875482][T14485] dump_stack_lvl+0x16c/0x1f0 [ 666.875516][T14485] should_fail_ex+0x512/0x640 [ 666.875548][T14485] should_failslab+0xc2/0x120 [ 666.875567][T14485] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 666.875596][T14485] ? lock_acquire+0x179/0x350 [ 666.875621][T14485] ? dst_alloc+0x99/0x1a0 [ 666.875648][T14485] ? __pfx_ip6_dst_gc+0x10/0x10 [ 666.875676][T14485] dst_alloc+0x99/0x1a0 [ 666.875703][T14485] ip6_pol_route+0x96b/0x1230 [ 666.875728][T14485] ? __pfx_ip6_pol_route+0x10/0x10 [ 666.875749][T14485] ? widen_string+0xdc/0x2d0 [ 666.875769][T14485] ? __pfx_ip6_addr_string+0x10/0x10 [ 666.875791][T14485] ? __pfx_widen_string+0x10/0x10 [ 666.875820][T14485] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 666.875842][T14485] fib6_rule_lookup+0x24c/0x720 [ 666.875864][T14485] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 666.875882][T14485] ? put_dec+0x2e/0xc0 [ 666.875898][T14485] ? put_dec_trunc8+0x28b/0x370 [ 666.875925][T14485] ? dev_get_by_index_rcu+0x102/0x140 [ 666.875952][T14485] ip6_route_output_flags+0x1d0/0x640 [ 666.875982][T14485] ip6_dst_lookup_tail.constprop.0+0xa52/0x2140 [ 666.876007][T14485] ? vsnprintf+0x318/0x1160 [ 666.876035][T14485] ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10 [ 666.876058][T14485] ? __pfx_vsnprintf+0x10/0x10 [ 666.876090][T14485] ? snprintf+0xc7/0x100 [ 666.876118][T14485] ip6_dst_lookup_flow+0x99/0x1d0 [ 666.876141][T14485] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 666.876170][T14485] tcp_v6_connect+0xe33/0x2170 [ 666.876195][T14485] ? __pfx_tcp_v6_connect+0x10/0x10 [ 666.876213][T14485] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 666.876248][T14485] ? __lock_acquire+0xb8a/0x1c90 [ 666.876276][T14485] ? __inet_stream_connect+0x3c8/0x1020 [ 666.876301][T14485] __inet_stream_connect+0x3c8/0x1020 [ 666.876330][T14485] ? __pfx___inet_stream_connect+0x10/0x10 [ 666.876356][T14485] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 666.876388][T14485] ? __pfx_inet_stream_connect+0x10/0x10 [ 666.876419][T14485] ? __local_bh_enable_ip+0xa4/0x120 [ 666.876443][T14485] ? __pfx_inet_stream_connect+0x10/0x10 [ 666.876467][T14485] inet_stream_connect+0x57/0xa0 [ 666.876493][T14485] __sys_connect_file+0x13e/0x1a0 [ 666.876519][T14485] __sys_connect+0x13b/0x160 [ 666.876543][T14485] ? __pfx___sys_connect+0x10/0x10 [ 666.876575][T14485] ? xfd_validate_state+0x61/0x180 [ 666.876600][T14485] ? __sys_setsockopt+0x140/0x1a0 [ 666.876630][T14485] __x64_sys_connect+0x72/0xb0 [ 666.876653][T14485] ? lockdep_hardirqs_on+0x7c/0x110 [ 666.876682][T14485] do_syscall_64+0xcd/0x490 [ 666.876711][T14485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 666.876731][T14485] RIP: 0033:0x7fb6a118e929 [ 666.876747][T14485] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 666.876766][T14485] RSP: 002b:00007fb6a1f6f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 666.876784][T14485] RAX: ffffffffffffffda RBX: 00007fb6a13b5fa0 RCX: 00007fb6a118e929 [ 666.876796][T14485] RDX: 000000000000001b RSI: 00002000000018c0 RDI: 0000000000000003 [ 666.876808][T14485] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 666.876819][T14485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 666.876830][T14485] R13: 0000000000000000 R14: 00007fb6a13b5fa0 R15: 00007ffcec859c48 [ 666.876852][T14485] [ 667.807063][T14499] sd 0:0:1:0: PR command failed: 1026 [ 667.819409][T14499] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 667.842547][T14499] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 669.989966][T14527] FAULT_INJECTION: forcing a failure. [ 669.989966][T14527] name failslab, interval 1, probability 0, space 0, times 0 [ 670.008667][T14527] CPU: 0 UID: 0 PID: 14527 Comm: syz.4.1947 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 670.008716][T14527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 670.008734][T14527] Call Trace: [ 670.008745][T14527] [ 670.008758][T14527] dump_stack_lvl+0x16c/0x1f0 [ 670.008811][T14527] should_fail_ex+0x512/0x640 [ 670.008855][T14527] ? __kmalloc_noprof+0xbf/0x510 [ 670.008905][T14527] ? mpi_alloc_limb_space+0x31/0x60 [ 670.008941][T14527] should_failslab+0xc2/0x120 [ 670.008971][T14527] __kmalloc_noprof+0xd2/0x510 [ 670.009028][T14527] mpi_alloc_limb_space+0x31/0x60 [ 670.009065][T14527] mpihelp_mul_karatsuba_case+0x116/0xc20 [ 670.009108][T14527] ? mpihelp_divrem+0x66e/0x1420 [ 670.009149][T14527] ? __pfx_mpihelp_mul_karatsuba_case+0x10/0x10 [ 670.009202][T14527] mpi_powm+0xf63/0x1bf0 [ 670.009258][T14527] ? __pfx_mpi_powm+0x10/0x10 [ 670.009295][T14527] ? kfree+0x2b4/0x4d0 [ 670.009331][T14527] ? __phys_addr+0xe8/0x180 [ 670.009373][T14527] ? mpi_free+0xe1/0x160 [ 670.009414][T14527] rsa_enc+0x1fe/0x3b0 [ 670.009471][T14527] ? __pfx_rsa_enc+0x10/0x10 [ 670.009518][T14527] ? __virt_addr_valid+0x81/0x610 [ 670.009549][T14527] ? __phys_addr+0xe8/0x180 [ 670.009583][T14527] ? sg_init_one+0xf5/0x1b0 [ 670.009627][T14527] rsassa_pkcs1_verify+0x4ff/0xb60 [ 670.009677][T14527] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 670.009733][T14527] ? rsa_max_size+0xd/0x70 [ 670.009777][T14527] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 670.009816][T14527] public_key_verify_signature+0x672/0x970 [ 670.009862][T14527] ? __pfx_public_key_verify_signature+0x10/0x10 [ 670.009903][T14527] ? crypto_destroy_tfm+0x14d/0x2b0 [ 670.009967][T14527] pkcs7_verify+0x32f/0x1b20 [ 670.010029][T14527] verify_pkcs7_message_sig+0xdd/0x250 [ 670.010065][T14527] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 670.010098][T14527] ? kfree+0x2b4/0x4d0 [ 670.010133][T14527] ? public_key_signature_free+0xda/0x110 [ 670.010170][T14527] ? pkcs7_parse_message+0x531/0x720 [ 670.010222][T14527] ? pkcs7_parse_message+0x536/0x720 [ 670.010271][T14527] verify_pkcs7_signature+0x6d/0xa0 [ 670.010309][T14527] valid_regdb+0x215/0x590 [ 670.010344][T14527] ? __pfx___mutex_lock+0x10/0x10 [ 670.010391][T14527] ? __pfx_valid_regdb+0x10/0x10 [ 670.010433][T14527] reg_reload_regdb+0x11e/0x460 [ 670.010478][T14527] ? __pfx_reg_reload_regdb+0x10/0x10 [ 670.010516][T14527] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 670.010559][T14527] ? nl80211_pre_doit+0x1b0/0xb10 [ 670.010610][T14527] genl_family_rcv_msg_doit+0x209/0x2f0 [ 670.010653][T14527] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 670.010689][T14527] ? rcu_is_watching+0x12/0xc0 [ 670.010736][T14527] ? bpf_lsm_capable+0x9/0x10 [ 670.010772][T14527] ? security_capable+0x7e/0x260 [ 670.010811][T14527] genl_rcv_msg+0x55c/0x800 [ 670.010854][T14527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 670.010892][T14527] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 670.010934][T14527] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 670.010965][T14527] ? __pfx_nl80211_post_doit+0x10/0x10 [ 670.011025][T14527] netlink_rcv_skb+0x158/0x420 [ 670.011057][T14527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 670.011096][T14527] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 670.011143][T14527] ? netlink_deliver_tap+0x1ae/0xd30 [ 670.011195][T14527] genl_rcv+0x28/0x40 [ 670.011226][T14527] netlink_unicast+0x53a/0x7f0 [ 670.011260][T14527] ? __pfx_netlink_unicast+0x10/0x10 [ 670.011302][T14527] netlink_sendmsg+0x8d1/0xdd0 [ 670.011339][T14527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 670.011384][T14527] ____sys_sendmsg+0xa98/0xc70 [ 670.011417][T14527] ? copy_msghdr_from_user+0x10a/0x160 [ 670.011458][T14527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 670.011508][T14527] ? __pfx_futex_wake_mark+0x10/0x10 [ 670.011558][T14527] ___sys_sendmsg+0x134/0x1d0 [ 670.011603][T14527] ? __pfx____sys_sendmsg+0x10/0x10 [ 670.011641][T14527] ? __lock_acquire+0x622/0x1c90 [ 670.011733][T14527] __sys_sendmsg+0x16d/0x220 [ 670.011776][T14527] ? __pfx___sys_sendmsg+0x10/0x10 [ 670.011816][T14527] ? __x64_sys_futex+0x1e0/0x4c0 [ 670.011875][T14527] do_syscall_64+0xcd/0x490 [ 670.011919][T14527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 670.011948][T14527] RIP: 0033:0x7f2b3558e929 [ 670.011973][T14527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 670.012002][T14527] RSP: 002b:00007f2b36406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 670.012032][T14527] RAX: ffffffffffffffda RBX: 00007f2b357b5fa0 RCX: 00007f2b3558e929 [ 670.012053][T14527] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 670.012072][T14527] RBP: 00007f2b35610b39 R08: 0000000000000000 R09: 0000000000000000 [ 670.012091][T14527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 670.012109][T14527] R13: 0000000000000000 R14: 00007f2b357b5fa0 R15: 00007ffec57d3d88 [ 670.012149][T14527] [ 671.542800][T14548] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1950'. [ 672.225888][T14581] FAULT_INJECTION: forcing a failure. [ 672.225888][T14581] name failslab, interval 1, probability 0, space 0, times 0 [ 672.277593][T14581] CPU: 0 UID: 0 PID: 14581 Comm: syz.1.1957 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 672.277641][T14581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 672.277659][T14581] Call Trace: [ 672.277668][T14581] [ 672.277681][T14581] dump_stack_lvl+0x16c/0x1f0 [ 672.277740][T14581] should_fail_ex+0x512/0x640 [ 672.277785][T14581] ? __kmalloc_node_noprof+0xc5/0x500 [ 672.277837][T14581] should_failslab+0xc2/0x120 [ 672.277867][T14581] __kmalloc_node_noprof+0xd8/0x500 [ 672.277912][T14581] ? crypto_alg_lookup+0x113/0x1e0 [ 672.277947][T14581] ? crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 672.277986][T14581] ? __pfx_crypto_alg_extsize+0x10/0x10 [ 672.278029][T14581] crypto_alloc_tfmmem.isra.0+0x38/0x110 [ 672.278068][T14581] crypto_create_tfm_node+0x85/0x350 [ 672.278109][T14581] crypto_alloc_tfm_node+0x102/0x260 [ 672.278151][T14581] public_key_verify_signature+0x1ca/0x970 [ 672.278196][T14581] ? __pfx_public_key_verify_signature+0x10/0x10 [ 672.278266][T14581] ? __pfx_public_key_verify_signature_2+0x10/0x10 [ 672.278308][T14581] verify_signature+0xdf/0x130 [ 672.278345][T14581] pkcs7_validate_trust+0x220/0x7e0 [ 672.278399][T14581] verify_pkcs7_message_sig+0x12c/0x250 [ 672.278435][T14581] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 672.278467][T14581] ? kfree+0x2b4/0x4d0 [ 672.278501][T14581] ? public_key_signature_free+0xda/0x110 [ 672.278538][T14581] ? pkcs7_parse_message+0x531/0x720 [ 672.278600][T14581] ? pkcs7_parse_message+0x536/0x720 [ 672.278655][T14581] verify_pkcs7_signature+0x6d/0xa0 [ 672.278694][T14581] valid_regdb+0x215/0x590 [ 672.278736][T14581] ? __pfx___mutex_lock+0x10/0x10 [ 672.278783][T14581] ? __pfx_valid_regdb+0x10/0x10 [ 672.278825][T14581] reg_reload_regdb+0x11e/0x460 [ 672.278863][T14581] ? __pfx_reg_reload_regdb+0x10/0x10 [ 672.278901][T14581] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 672.278945][T14581] ? nl80211_pre_doit+0x1b0/0xb10 [ 672.278995][T14581] genl_family_rcv_msg_doit+0x209/0x2f0 [ 672.279037][T14581] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 672.279073][T14581] ? rcu_is_watching+0x12/0xc0 [ 672.279121][T14581] ? bpf_lsm_capable+0x9/0x10 [ 672.279157][T14581] ? security_capable+0x7e/0x260 [ 672.279196][T14581] genl_rcv_msg+0x55c/0x800 [ 672.279239][T14581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 672.279277][T14581] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 672.279319][T14581] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 672.279351][T14581] ? __pfx_nl80211_post_doit+0x10/0x10 [ 672.279460][T14581] netlink_rcv_skb+0x158/0x420 [ 672.279492][T14581] ? __pfx_genl_rcv_msg+0x10/0x10 [ 672.279533][T14581] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 672.279584][T14581] ? netlink_deliver_tap+0x1ae/0xd30 [ 672.279642][T14581] genl_rcv+0x28/0x40 [ 672.279676][T14581] netlink_unicast+0x53a/0x7f0 [ 672.279721][T14581] ? __pfx_netlink_unicast+0x10/0x10 [ 672.279766][T14581] netlink_sendmsg+0x8d1/0xdd0 [ 672.279806][T14581] ? __pfx_netlink_sendmsg+0x10/0x10 [ 672.279857][T14581] ____sys_sendmsg+0xa98/0xc70 [ 672.279893][T14581] ? copy_msghdr_from_user+0x10a/0x160 [ 672.279938][T14581] ? __pfx_____sys_sendmsg+0x10/0x10 [ 672.279983][T14581] ? __pfx_futex_wake_mark+0x10/0x10 [ 672.280034][T14581] ___sys_sendmsg+0x134/0x1d0 [ 672.280082][T14581] ? __pfx____sys_sendmsg+0x10/0x10 [ 672.280124][T14581] ? __lock_acquire+0x622/0x1c90 [ 672.280242][T14581] __sys_sendmsg+0x16d/0x220 [ 672.280294][T14581] ? __pfx___sys_sendmsg+0x10/0x10 [ 672.280335][T14581] ? __x64_sys_futex+0x1e0/0x4c0 [ 672.280398][T14581] do_syscall_64+0xcd/0x490 [ 672.280453][T14581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.280484][T14581] RIP: 0033:0x7fadf1d8e929 [ 672.280510][T14581] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.280541][T14581] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 672.280579][T14581] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 672.280599][T14581] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 672.280618][T14581] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 672.280637][T14581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.280656][T14581] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 672.280699][T14581] [ 672.322499][T14588] FAULT_INJECTION: forcing a failure. [ 672.322499][T14588] name failslab, interval 1, probability 0, space 0, times 0 [ 672.737747][T14593] FAULT_INJECTION: forcing a failure. [ 672.737747][T14593] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 672.802105][T14594] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1960'. [ 672.887644][T14588] CPU: 1 UID: 0 PID: 14588 Comm: syz.4.1958 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 672.887695][T14588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 672.887714][T14588] Call Trace: [ 672.887725][T14588] [ 672.887736][T14588] dump_stack_lvl+0x16c/0x1f0 [ 672.887789][T14588] should_fail_ex+0x512/0x640 [ 672.887832][T14588] ? __kmalloc_noprof+0xbf/0x510 [ 672.887879][T14588] ? mpi_alloc_limb_space+0x31/0x60 [ 672.887917][T14588] should_failslab+0xc2/0x120 [ 672.887947][T14588] __kmalloc_noprof+0xd2/0x510 [ 672.888005][T14588] mpi_alloc_limb_space+0x31/0x60 [ 672.888044][T14588] mpi_powm+0xff7/0x1bf0 [ 672.888100][T14588] ? __pfx_mpi_powm+0x10/0x10 [ 672.888139][T14588] ? kfree+0x2b4/0x4d0 [ 672.888176][T14588] ? __phys_addr+0xe8/0x180 [ 672.888218][T14588] ? mpi_free+0xe1/0x160 [ 672.888259][T14588] rsa_enc+0x1fe/0x3b0 [ 672.888310][T14588] ? __pfx_rsa_enc+0x10/0x10 [ 672.888356][T14588] ? __virt_addr_valid+0x81/0x610 [ 672.888388][T14588] ? __phys_addr+0xe8/0x180 [ 672.888423][T14588] ? sg_init_one+0xf5/0x1b0 [ 672.888468][T14588] rsassa_pkcs1_verify+0x4ff/0xb60 [ 672.888526][T14588] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 672.888585][T14588] ? rsa_max_size+0xd/0x70 [ 672.888630][T14588] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 672.888671][T14588] public_key_verify_signature+0x672/0x970 [ 672.888718][T14588] ? __pfx_public_key_verify_signature+0x10/0x10 [ 672.888761][T14588] ? crypto_destroy_tfm+0x14d/0x2b0 [ 672.888827][T14588] pkcs7_verify+0x32f/0x1b20 [ 672.888891][T14588] verify_pkcs7_message_sig+0xdd/0x250 [ 672.888928][T14588] ? __pfx_verify_pkcs7_message_sig+0x10/0x10 [ 672.888961][T14588] ? kfree+0x2b4/0x4d0 [ 672.888997][T14588] ? public_key_signature_free+0xda/0x110 [ 672.889033][T14588] ? pkcs7_parse_message+0x531/0x720 [ 672.889086][T14588] ? pkcs7_parse_message+0x536/0x720 [ 672.889133][T14588] verify_pkcs7_signature+0x6d/0xa0 [ 672.889173][T14588] valid_regdb+0x215/0x590 [ 672.889206][T14588] ? __pfx___mutex_lock+0x10/0x10 [ 672.889255][T14588] ? __pfx_valid_regdb+0x10/0x10 [ 672.889298][T14588] reg_reload_regdb+0x11e/0x460 [ 672.889336][T14588] ? __pfx_reg_reload_regdb+0x10/0x10 [ 672.889376][T14588] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 672.889420][T14588] ? nl80211_pre_doit+0x1b0/0xb10 [ 672.889472][T14588] genl_family_rcv_msg_doit+0x209/0x2f0 [ 672.889525][T14588] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 672.889562][T14588] ? rcu_is_watching+0x12/0xc0 [ 672.889612][T14588] ? bpf_lsm_capable+0x9/0x10 [ 672.889651][T14588] ? security_capable+0x7e/0x260 [ 672.889692][T14588] genl_rcv_msg+0x55c/0x800 [ 672.889736][T14588] ? __pfx_genl_rcv_msg+0x10/0x10 [ 672.889774][T14588] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 672.889818][T14588] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 672.889851][T14588] ? __pfx_nl80211_post_doit+0x10/0x10 [ 672.889913][T14588] netlink_rcv_skb+0x158/0x420 [ 672.889947][T14588] ? __pfx_genl_rcv_msg+0x10/0x10 [ 672.889987][T14588] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 672.890038][T14588] ? netlink_deliver_tap+0x1ae/0xd30 [ 672.890095][T14588] genl_rcv+0x28/0x40 [ 672.890127][T14588] netlink_unicast+0x53a/0x7f0 [ 672.890166][T14588] ? __pfx_netlink_unicast+0x10/0x10 [ 672.890213][T14588] netlink_sendmsg+0x8d1/0xdd0 [ 672.890255][T14588] ? __pfx_netlink_sendmsg+0x10/0x10 [ 672.890305][T14588] ____sys_sendmsg+0xa98/0xc70 [ 672.890343][T14588] ? copy_msghdr_from_user+0x10a/0x160 [ 672.890389][T14588] ? __pfx_____sys_sendmsg+0x10/0x10 [ 672.890435][T14588] ? __pfx_futex_wake_mark+0x10/0x10 [ 672.890497][T14588] ___sys_sendmsg+0x134/0x1d0 [ 672.890546][T14588] ? __pfx____sys_sendmsg+0x10/0x10 [ 672.890589][T14588] ? __lock_acquire+0x622/0x1c90 [ 672.890686][T14588] __sys_sendmsg+0x16d/0x220 [ 672.890735][T14588] ? __pfx___sys_sendmsg+0x10/0x10 [ 672.890780][T14588] ? __x64_sys_futex+0x1e0/0x4c0 [ 672.890847][T14588] do_syscall_64+0xcd/0x490 [ 672.890898][T14588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.890931][T14588] RIP: 0033:0x7f2b3558e929 [ 672.890958][T14588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.890990][T14588] RSP: 002b:00007f2b36406038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 672.891022][T14588] RAX: ffffffffffffffda RBX: 00007f2b357b5fa0 RCX: 00007f2b3558e929 [ 672.891044][T14588] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000005 [ 672.891063][T14588] RBP: 00007f2b35610b39 R08: 0000000000000000 R09: 0000000000000000 [ 672.891082][T14588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.891100][T14588] R13: 0000000000000000 R14: 00007f2b357b5fa0 R15: 00007ffec57d3d88 [ 672.891140][T14588] [ 672.973196][T14593] CPU: 0 UID: 0 PID: 14593 Comm: syz.1.1961 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 672.973235][T14593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 672.973252][T14593] Call Trace: [ 672.973261][T14593] [ 672.973273][T14593] dump_stack_lvl+0x16c/0x1f0 [ 672.973318][T14593] should_fail_ex+0x512/0x640 [ 672.973362][T14593] _copy_from_user+0x2e/0xd0 [ 672.973402][T14593] move_addr_to_kernel+0x65/0x170 [ 672.973436][T14593] __sys_connect+0xb1/0x160 [ 672.973468][T14593] ? __pfx___sys_connect+0x10/0x10 [ 672.973514][T14593] ? xfd_validate_state+0x61/0x180 [ 672.973549][T14593] ? __sys_setsockopt+0x140/0x1a0 [ 672.973592][T14593] __x64_sys_connect+0x72/0xb0 [ 672.973625][T14593] ? lockdep_hardirqs_on+0x7c/0x110 [ 672.973661][T14593] do_syscall_64+0xcd/0x490 [ 672.973702][T14593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 672.973742][T14593] RIP: 0033:0x7fadf1d8e929 [ 672.973765][T14593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 672.973792][T14593] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 672.973820][T14593] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 672.973840][T14593] RDX: 000000000000001b RSI: 00002000000018c0 RDI: 0000000000000003 [ 672.973858][T14593] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 672.973877][T14593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 672.973894][T14593] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 672.973931][T14593] [ 673.646459][T14597] hub 8-0:1.0: USB hub found [ 673.688820][T14597] hub 8-0:1.0: 1 port detected [ 676.857380][T14649] FAULT_INJECTION: forcing a failure. [ 676.857380][T14649] name failslab, interval 1, probability 0, space 0, times 0 [ 676.903870][T14649] CPU: 1 UID: 0 PID: 14649 Comm: syz.1.1964 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 676.903920][T14649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 676.903940][T14649] Call Trace: [ 676.903951][T14649] [ 676.903964][T14649] dump_stack_lvl+0x16c/0x1f0 [ 676.904018][T14649] should_fail_ex+0x512/0x640 [ 676.904063][T14649] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 676.904109][T14649] should_failslab+0xc2/0x120 [ 676.904140][T14649] __kmalloc_cache_noprof+0x6a/0x3e0 [ 676.904184][T14649] ? x509_cert_parse+0x162/0x900 [ 676.904224][T14649] ? kasan_save_track+0x14/0x30 [ 676.904274][T14649] x509_cert_parse+0x162/0x900 [ 676.904310][T14649] ? kasan_save_stack+0x42/0x60 [ 676.904353][T14649] ? kasan_save_stack+0x33/0x60 [ 676.904396][T14649] ? kasan_save_track+0x14/0x30 [ 676.904445][T14649] pkcs7_extract_cert+0xa4/0x320 [ 676.904505][T14649] asn1_ber_decoder+0xc5f/0x1df0 [ 676.904575][T14649] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 676.904657][T14649] pkcs7_parse_message+0x288/0x720 [ 676.904707][T14649] verify_pkcs7_signature+0x30/0xa0 [ 676.904746][T14649] valid_regdb+0x215/0x590 [ 676.904781][T14649] ? __pfx___mutex_lock+0x10/0x10 [ 676.904828][T14649] ? __pfx_valid_regdb+0x10/0x10 [ 676.904870][T14649] reg_reload_regdb+0x11e/0x460 [ 676.904905][T14649] ? __pfx_reg_reload_regdb+0x10/0x10 [ 676.904942][T14649] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 676.904983][T14649] ? nl80211_pre_doit+0x1b0/0xb10 [ 676.905033][T14649] genl_family_rcv_msg_doit+0x209/0x2f0 [ 676.905076][T14649] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 676.905112][T14649] ? rcu_is_watching+0x12/0xc0 [ 676.905160][T14649] ? bpf_lsm_capable+0x9/0x10 [ 676.905198][T14649] ? security_capable+0x7e/0x260 [ 676.905238][T14649] genl_rcv_msg+0x55c/0x800 [ 676.905281][T14649] ? __pfx_genl_rcv_msg+0x10/0x10 [ 676.905319][T14649] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 676.905361][T14649] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 676.905392][T14649] ? __pfx_nl80211_post_doit+0x10/0x10 [ 676.905463][T14649] netlink_rcv_skb+0x158/0x420 [ 676.905494][T14649] ? __pfx_genl_rcv_msg+0x10/0x10 [ 676.905532][T14649] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 676.905582][T14649] ? netlink_deliver_tap+0x1ae/0xd30 [ 676.905637][T14649] genl_rcv+0x28/0x40 [ 676.905668][T14649] netlink_unicast+0x53a/0x7f0 [ 676.905705][T14649] ? __pfx_netlink_unicast+0x10/0x10 [ 676.905751][T14649] netlink_sendmsg+0x8d1/0xdd0 [ 676.905791][T14649] ? __pfx_netlink_sendmsg+0x10/0x10 [ 676.905841][T14649] ____sys_sendmsg+0xa98/0xc70 [ 676.905876][T14649] ? copy_msghdr_from_user+0x10a/0x160 [ 676.905921][T14649] ? __pfx_____sys_sendmsg+0x10/0x10 [ 676.905967][T14649] ? __pfx_futex_wake_mark+0x10/0x10 [ 676.906019][T14649] ___sys_sendmsg+0x134/0x1d0 [ 676.906066][T14649] ? __pfx____sys_sendmsg+0x10/0x10 [ 676.906106][T14649] ? __lock_acquire+0x622/0x1c90 [ 676.906203][T14649] __sys_sendmsg+0x16d/0x220 [ 676.906248][T14649] ? __pfx___sys_sendmsg+0x10/0x10 [ 676.906292][T14649] ? __x64_sys_futex+0x1e0/0x4c0 [ 676.906357][T14649] do_syscall_64+0xcd/0x490 [ 676.906406][T14649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 676.906438][T14649] RIP: 0033:0x7fadf1d8e929 [ 676.906477][T14649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 676.906510][T14649] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 676.906542][T14649] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 676.906564][T14649] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 676.906583][T14649] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 676.906603][T14649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 676.906622][T14649] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 676.906664][T14649] [ 678.709248][T14686] FAULT_INJECTION: forcing a failure. [ 678.709248][T14686] name failslab, interval 1, probability 0, space 0, times 0 [ 678.771294][T14686] CPU: 0 UID: 0 PID: 14686 Comm: syz.1.1969 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 678.771342][T14686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 678.771361][T14686] Call Trace: [ 678.771372][T14686] [ 678.771385][T14686] dump_stack_lvl+0x16c/0x1f0 [ 678.771446][T14686] should_fail_ex+0x512/0x640 [ 678.771491][T14686] ? __kmalloc_noprof+0xbf/0x510 [ 678.771540][T14686] ? x509_get_sig_params+0x22f/0x4a0 [ 678.771580][T14686] should_failslab+0xc2/0x120 [ 678.771610][T14686] __kmalloc_noprof+0xd2/0x510 [ 678.771667][T14686] x509_get_sig_params+0x22f/0x4a0 [ 678.771712][T14686] x509_cert_parse+0x4e9/0x900 [ 678.771748][T14686] ? kasan_save_stack+0x42/0x60 [ 678.771790][T14686] ? kasan_save_stack+0x33/0x60 [ 678.771832][T14686] ? kasan_save_track+0x14/0x30 [ 678.771880][T14686] pkcs7_extract_cert+0xa4/0x320 [ 678.771931][T14686] asn1_ber_decoder+0xc5f/0x1df0 [ 678.771999][T14686] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 678.772080][T14686] pkcs7_parse_message+0x288/0x720 [ 678.772130][T14686] verify_pkcs7_signature+0x30/0xa0 [ 678.772169][T14686] valid_regdb+0x215/0x590 [ 678.772202][T14686] ? __pfx___mutex_lock+0x10/0x10 [ 678.772249][T14686] ? __pfx_valid_regdb+0x10/0x10 [ 678.772292][T14686] reg_reload_regdb+0x11e/0x460 [ 678.772336][T14686] ? __pfx_reg_reload_regdb+0x10/0x10 [ 678.772374][T14686] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 678.772418][T14686] ? nl80211_pre_doit+0x1b0/0xb10 [ 678.772478][T14686] genl_family_rcv_msg_doit+0x209/0x2f0 [ 678.772522][T14686] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 678.772558][T14686] ? rcu_is_watching+0x12/0xc0 [ 678.772609][T14686] ? bpf_lsm_capable+0x9/0x10 [ 678.772647][T14686] ? security_capable+0x7e/0x260 [ 678.772689][T14686] genl_rcv_msg+0x55c/0x800 [ 678.772738][T14686] ? __pfx_genl_rcv_msg+0x10/0x10 [ 678.772775][T14686] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 678.772818][T14686] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 678.772851][T14686] ? __pfx_nl80211_post_doit+0x10/0x10 [ 678.772911][T14686] netlink_rcv_skb+0x158/0x420 [ 678.772943][T14686] ? __pfx_genl_rcv_msg+0x10/0x10 [ 678.772984][T14686] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 678.773036][T14686] ? netlink_deliver_tap+0x1ae/0xd30 [ 678.773103][T14686] genl_rcv+0x28/0x40 [ 678.773136][T14686] netlink_unicast+0x53a/0x7f0 [ 678.773173][T14686] ? __pfx_netlink_unicast+0x10/0x10 [ 678.773218][T14686] netlink_sendmsg+0x8d1/0xdd0 [ 678.773256][T14686] ? __pfx_netlink_sendmsg+0x10/0x10 [ 678.773306][T14686] ____sys_sendmsg+0xa98/0xc70 [ 678.773343][T14686] ? copy_msghdr_from_user+0x10a/0x160 [ 678.773389][T14686] ? __pfx_____sys_sendmsg+0x10/0x10 [ 678.773434][T14686] ? try_to_wake_up+0xa2f/0x1680 [ 678.773479][T14686] ___sys_sendmsg+0x134/0x1d0 [ 678.773528][T14686] ? __pfx____sys_sendmsg+0x10/0x10 [ 678.773568][T14686] ? __lock_acquire+0x622/0x1c90 [ 678.773665][T14686] __sys_sendmsg+0x16d/0x220 [ 678.773711][T14686] ? __pfx___sys_sendmsg+0x10/0x10 [ 678.773756][T14686] ? __x64_sys_futex+0x1e0/0x4c0 [ 678.773821][T14686] do_syscall_64+0xcd/0x490 [ 678.773868][T14686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.773900][T14686] RIP: 0033:0x7fadf1d8e929 [ 678.773927][T14686] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.773959][T14686] RSP: 002b:00007fadf2bdf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 678.773989][T14686] RAX: ffffffffffffffda RBX: 00007fadf1fb6160 RCX: 00007fadf1d8e929 [ 678.774010][T14686] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 678.774030][T14686] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 678.774051][T14686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 678.774070][T14686] R13: 0000000000000000 R14: 00007fadf1fb6160 R15: 00007ffe063c9dd8 [ 678.774112][T14686] [ 679.836004][T14698] ovs_ÿþ: entered promiscuous mode [ 680.814532][T14709] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1974'. [ 681.146290][T14721] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1976'. [ 681.300036][T14727] hub 8-0:1.0: USB hub found [ 681.317092][T14727] hub 8-0:1.0: 1 port detected [ 681.465746][T14719] FAULT_INJECTION: forcing a failure. [ 681.465746][T14719] name failslab, interval 1, probability 0, space 0, times 0 [ 681.489753][T14719] CPU: 0 UID: 0 PID: 14719 Comm: syz.1.1977 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 681.489803][T14719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 681.489821][T14719] Call Trace: [ 681.489833][T14719] [ 681.489846][T14719] dump_stack_lvl+0x16c/0x1f0 [ 681.489898][T14719] should_fail_ex+0x512/0x640 [ 681.489941][T14719] ? __kmalloc_noprof+0xbf/0x510 [ 681.489990][T14719] ? x509_fabricate_name.constprop.0+0x1b0/0xa20 [ 681.490030][T14719] should_failslab+0xc2/0x120 [ 681.490059][T14719] __kmalloc_noprof+0xd2/0x510 [ 681.490102][T14719] ? trace_kmalloc+0x2b/0xd0 [ 681.490131][T14719] ? __kmalloc_noprof+0x242/0x510 [ 681.490172][T14719] ? x509_note_OID+0xc6/0x1b0 [ 681.490214][T14719] x509_fabricate_name.constprop.0+0x1b0/0xa20 [ 681.490255][T14719] ? asymmetric_key_generate_id+0x117/0x160 [ 681.490294][T14719] x509_note_issuer+0xed/0x210 [ 681.490337][T14719] asn1_ber_decoder+0xfb7/0x1df0 [ 681.490411][T14719] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 681.490493][T14719] x509_cert_parse+0x1c9/0x900 [ 681.490530][T14719] ? kasan_save_stack+0x42/0x60 [ 681.490571][T14719] ? kasan_save_stack+0x33/0x60 [ 681.490612][T14719] ? kasan_save_track+0x14/0x30 [ 681.490660][T14719] pkcs7_extract_cert+0xa4/0x320 [ 681.490709][T14719] asn1_ber_decoder+0xc5f/0x1df0 [ 681.490784][T14719] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 681.490865][T14719] pkcs7_parse_message+0x288/0x720 [ 681.490915][T14719] verify_pkcs7_signature+0x30/0xa0 [ 681.490953][T14719] valid_regdb+0x215/0x590 [ 681.490989][T14719] ? __pfx___mutex_lock+0x10/0x10 [ 681.491037][T14719] ? __pfx_valid_regdb+0x10/0x10 [ 681.491078][T14719] reg_reload_regdb+0x11e/0x460 [ 681.491117][T14719] ? __pfx_reg_reload_regdb+0x10/0x10 [ 681.491155][T14719] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 681.491198][T14719] ? nl80211_pre_doit+0x1b0/0xb10 [ 681.491249][T14719] genl_family_rcv_msg_doit+0x209/0x2f0 [ 681.491291][T14719] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 681.491328][T14719] ? rcu_is_watching+0x12/0xc0 [ 681.491376][T14719] ? bpf_lsm_capable+0x9/0x10 [ 681.491423][T14719] ? security_capable+0x7e/0x260 [ 681.491463][T14719] genl_rcv_msg+0x55c/0x800 [ 681.491506][T14719] ? __pfx_genl_rcv_msg+0x10/0x10 [ 681.491543][T14719] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 681.491582][T14719] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 681.491610][T14719] ? __pfx_nl80211_post_doit+0x10/0x10 [ 681.491664][T14719] netlink_rcv_skb+0x158/0x420 [ 681.491695][T14719] ? __pfx_genl_rcv_msg+0x10/0x10 [ 681.491733][T14719] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 681.491782][T14719] ? netlink_deliver_tap+0x1ae/0xd30 [ 681.491834][T14719] genl_rcv+0x28/0x40 [ 681.491863][T14719] netlink_unicast+0x53a/0x7f0 [ 681.491901][T14719] ? __pfx_netlink_unicast+0x10/0x10 [ 681.491943][T14719] netlink_sendmsg+0x8d1/0xdd0 [ 681.491982][T14719] ? __pfx_netlink_sendmsg+0x10/0x10 [ 681.492027][T14719] ____sys_sendmsg+0xa98/0xc70 [ 681.492061][T14719] ? copy_msghdr_from_user+0x10a/0x160 [ 681.492102][T14719] ? __pfx_____sys_sendmsg+0x10/0x10 [ 681.492143][T14719] ? __pfx_futex_wake_mark+0x10/0x10 [ 681.492194][T14719] ___sys_sendmsg+0x134/0x1d0 [ 681.492240][T14719] ? __pfx____sys_sendmsg+0x10/0x10 [ 681.492282][T14719] ? __lock_acquire+0x622/0x1c90 [ 681.492376][T14719] __sys_sendmsg+0x16d/0x220 [ 681.492432][T14719] ? __pfx___sys_sendmsg+0x10/0x10 [ 681.492477][T14719] ? __x64_sys_futex+0x1e0/0x4c0 [ 681.492541][T14719] do_syscall_64+0xcd/0x490 [ 681.492591][T14719] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.492623][T14719] RIP: 0033:0x7fadf1d8e929 [ 681.492651][T14719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.492682][T14719] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 681.492713][T14719] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 681.492741][T14719] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 681.492762][T14719] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 681.492782][T14719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 681.492801][T14719] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 681.492844][T14719] [ 682.026163][T14736] FAULT_INJECTION: forcing a failure. [ 682.026163][T14736] name failslab, interval 1, probability 0, space 0, times 0 [ 682.080701][T14736] CPU: 1 UID: 0 PID: 14736 Comm: syz.0.1979 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 682.080750][T14736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 682.080770][T14736] Call Trace: [ 682.080781][T14736] [ 682.080795][T14736] dump_stack_lvl+0x16c/0x1f0 [ 682.080847][T14736] should_fail_ex+0x512/0x640 [ 682.080893][T14736] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 682.080950][T14736] should_failslab+0xc2/0x120 [ 682.080982][T14736] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 682.081035][T14736] ? x509_cert_parse+0x2b6/0x900 [ 682.081082][T14736] kmemdup_noprof+0x29/0x60 [ 682.081130][T14736] x509_cert_parse+0x2b6/0x900 [ 682.081166][T14736] ? kasan_save_stack+0x42/0x60 [ 682.081210][T14736] ? kasan_save_stack+0x33/0x60 [ 682.081253][T14736] ? kasan_save_track+0x14/0x30 [ 682.081302][T14736] pkcs7_extract_cert+0xa4/0x320 [ 682.081352][T14736] asn1_ber_decoder+0xc5f/0x1df0 [ 682.081422][T14736] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 682.081517][T14736] pkcs7_parse_message+0x288/0x720 [ 682.081563][T14736] verify_pkcs7_signature+0x30/0xa0 [ 682.081602][T14736] valid_regdb+0x215/0x590 [ 682.081638][T14736] ? __pfx___mutex_lock+0x10/0x10 [ 682.081686][T14736] ? __pfx_valid_regdb+0x10/0x10 [ 682.081732][T14736] reg_reload_regdb+0x11e/0x460 [ 682.081770][T14736] ? __pfx_reg_reload_regdb+0x10/0x10 [ 682.081810][T14736] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 682.081854][T14736] ? nl80211_pre_doit+0x1b0/0xb10 [ 682.081906][T14736] genl_family_rcv_msg_doit+0x209/0x2f0 [ 682.081950][T14736] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 682.081987][T14736] ? rcu_is_watching+0x12/0xc0 [ 682.082035][T14736] ? bpf_lsm_capable+0x9/0x10 [ 682.082073][T14736] ? security_capable+0x7e/0x260 [ 682.082114][T14736] genl_rcv_msg+0x55c/0x800 [ 682.082158][T14736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 682.082195][T14736] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 682.082238][T14736] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 682.082270][T14736] ? __pfx_nl80211_post_doit+0x10/0x10 [ 682.082332][T14736] netlink_rcv_skb+0x158/0x420 [ 682.082364][T14736] ? __pfx_genl_rcv_msg+0x10/0x10 [ 682.082403][T14736] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 682.082463][T14736] ? netlink_deliver_tap+0x1ae/0xd30 [ 682.082520][T14736] genl_rcv+0x28/0x40 [ 682.082552][T14736] netlink_unicast+0x53a/0x7f0 [ 682.082590][T14736] ? __pfx_netlink_unicast+0x10/0x10 [ 682.082635][T14736] netlink_sendmsg+0x8d1/0xdd0 [ 682.082675][T14736] ? __pfx_netlink_sendmsg+0x10/0x10 [ 682.082731][T14736] ____sys_sendmsg+0xa98/0xc70 [ 682.082770][T14736] ? copy_msghdr_from_user+0x10a/0x160 [ 682.082816][T14736] ? __pfx_____sys_sendmsg+0x10/0x10 [ 682.082862][T14736] ? __pfx_futex_wake_mark+0x10/0x10 [ 682.082914][T14736] ___sys_sendmsg+0x134/0x1d0 [ 682.082963][T14736] ? __pfx____sys_sendmsg+0x10/0x10 [ 682.083005][T14736] ? __lock_acquire+0x622/0x1c90 [ 682.083102][T14736] __sys_sendmsg+0x16d/0x220 [ 682.083149][T14736] ? __pfx___sys_sendmsg+0x10/0x10 [ 682.083194][T14736] ? __x64_sys_futex+0x1e0/0x4c0 [ 682.083258][T14736] do_syscall_64+0xcd/0x490 [ 682.083308][T14736] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 682.083340][T14736] RIP: 0033:0x7fb6a118e929 [ 682.083365][T14736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 682.083396][T14736] RSP: 002b:00007fb6a1f4e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 682.083436][T14736] RAX: ffffffffffffffda RBX: 00007fb6a13b6080 RCX: 00007fb6a118e929 [ 682.083458][T14736] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000006 [ 682.083478][T14736] RBP: 00007fb6a1210b39 R08: 0000000000000000 R09: 0000000000000000 [ 682.083498][T14736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 682.083517][T14736] R13: 0000000000000000 R14: 00007fb6a13b6080 R15: 00007ffcec859c48 [ 682.083560][T14736] [ 682.506542][T14737] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1980'. [ 685.782904][T14811] FAULT_INJECTION: forcing a failure. [ 685.782904][T14811] name failslab, interval 1, probability 0, space 0, times 0 [ 685.831791][T14811] CPU: 1 UID: 0 PID: 14811 Comm: syz.1.1986 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 685.831839][T14811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 685.831859][T14811] Call Trace: [ 685.831871][T14811] [ 685.831884][T14811] dump_stack_lvl+0x16c/0x1f0 [ 685.831935][T14811] should_fail_ex+0x512/0x640 [ 685.831978][T14811] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 685.832031][T14811] should_failslab+0xc2/0x120 [ 685.832062][T14811] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 685.832110][T14811] ? __d_alloc+0x31/0xaa0 [ 685.832165][T14811] __d_alloc+0x31/0xaa0 [ 685.832216][T14811] d_alloc+0x4a/0x1e0 [ 685.832266][T14811] d_alloc_parallel+0xe3/0x12e0 [ 685.832315][T14811] ? find_held_lock+0x2b/0x80 [ 685.832350][T14811] ? __pfx_d_alloc_parallel+0x10/0x10 [ 685.832479][T14811] ? __d_lookup+0x266/0x4a0 [ 685.832527][T14811] lookup_open.isra.0+0x665/0x1580 [ 685.832578][T14811] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 685.832641][T14811] ? mnt_get_write_access+0x20c/0x300 [ 685.832681][T14811] path_openat+0x893/0x2cb0 [ 685.832756][T14811] ? __pfx_path_openat+0x10/0x10 [ 685.832805][T14811] ? __lock_acquire+0xb8a/0x1c90 [ 685.832855][T14811] do_filp_open+0x20b/0x470 [ 685.832902][T14811] ? __pfx_do_filp_open+0x10/0x10 [ 685.832986][T14811] ? alloc_fd+0x471/0x7d0 [ 685.833044][T14811] do_sys_openat2+0x11b/0x1d0 [ 685.833079][T14811] ? __pfx_do_sys_openat2+0x10/0x10 [ 685.833136][T14811] __x64_sys_openat+0x174/0x210 [ 685.833172][T14811] ? __pfx___x64_sys_openat+0x10/0x10 [ 685.833231][T14811] do_syscall_64+0xcd/0x490 [ 685.833282][T14811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.833313][T14811] RIP: 0033:0x7fadf1d8e929 [ 685.833340][T14811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 685.833373][T14811] RSP: 002b:00007fadf2c21038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 685.833412][T14811] RAX: ffffffffffffffda RBX: 00007fadf1fb5fa0 RCX: 00007fadf1d8e929 [ 685.833433][T14811] RDX: 0000000000000102 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 685.833453][T14811] RBP: 00007fadf1e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 685.833472][T14811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 685.833492][T14811] R13: 0000000000000000 R14: 00007fadf1fb5fa0 R15: 00007ffe063c9dd8 [ 685.833535][T14811] [ 687.407559][T14844] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1995'. [ 687.618751][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 687.628985][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 687.638837][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 687.934028][T14856] ================================================================== [ 687.942128][T14856] BUG: KASAN: slab-out-of-bounds in afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 687.950919][T14856] Read of size 1 at addr ffff88801ff1e587 by task syz.2.1997/14856 [ 687.958870][T14856] [ 687.961205][T14856] CPU: 0 UID: 0 PID: 14856 Comm: syz.2.1997 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 687.961230][T14856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 687.961241][T14856] Call Trace: [ 687.961250][T14856] [ 687.961258][T14856] dump_stack_lvl+0x116/0x1f0 [ 687.961290][T14856] print_report+0xcd/0x680 [ 687.961307][T14856] ? __virt_addr_valid+0x81/0x610 [ 687.961328][T14856] ? __phys_addr+0xe8/0x180 [ 687.961348][T14856] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 687.961375][T14856] kasan_report+0xe0/0x110 [ 687.961392][T14856] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 687.961415][T14856] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 687.961435][T14856] ? __lock_acquire+0xb8a/0x1c90 [ 687.961463][T14856] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 687.961484][T14856] ? find_held_lock+0x2b/0x80 [ 687.961502][T14856] ? __might_fault+0xe3/0x190 [ 687.961538][T14856] ? __might_fault+0xe3/0x190 [ 687.961575][T14856] ? __might_fault+0x13b/0x190 [ 687.961614][T14856] ? proc_simple_write+0x114/0x1b0 [ 687.961633][T14856] proc_simple_write+0x114/0x1b0 [ 687.961651][T14856] ? __pfx_proc_simple_write+0x10/0x10 [ 687.961670][T14856] proc_reg_write+0x23d/0x330 [ 687.961698][T14856] ? __pfx_proc_reg_write+0x10/0x10 [ 687.961724][T14856] vfs_writev+0x5df/0xde0 [ 687.961748][T14856] ? __pfx___mutex_trylock_common+0x10/0x10 [ 687.961777][T14856] ? __pfx_vfs_writev+0x10/0x10 [ 687.961801][T14856] ? __mutex_lock+0x1ca/0xb90 [ 687.961830][T14856] ? __pfx___mutex_lock+0x10/0x10 [ 687.961861][T14856] ? __fget_files+0x20e/0x3c0 [ 687.961887][T14856] ? do_writev+0x132/0x340 [ 687.961910][T14856] do_writev+0x132/0x340 [ 687.961934][T14856] ? __pfx_do_writev+0x10/0x10 [ 687.961960][T14856] do_syscall_64+0xcd/0x490 [ 687.961989][T14856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 687.962009][T14856] RIP: 0033:0x7fe22878e929 [ 687.962025][T14856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 687.962044][T14856] RSP: 002b:00007fe229605038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 687.962063][T14856] RAX: ffffffffffffffda RBX: 00007fe2289b6080 RCX: 00007fe22878e929 [ 687.962075][T14856] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 687.962087][T14856] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 687.962098][T14856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 687.962109][T14856] R13: 0000000000000000 R14: 00007fe2289b6080 R15: 00007ffee0da6598 [ 687.962125][T14856] [ 687.962132][T14856] [ 688.091720][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 688.097348][T14856] Allocated by task 14856: [ 688.102507][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 688.106891][T14856] kasan_save_stack+0x33/0x60 [ 688.106941][T14856] kasan_save_track+0x14/0x30 [ 688.106980][T14856] __kasan_kmalloc+0xaa/0xb0 [ 688.107018][T14856] __kmalloc_node_track_caller_noprof+0x221/0x510 [ 688.107060][T14856] memdup_user_nul+0x2b/0x120 [ 688.107085][T14856] proc_simple_write+0xc7/0x1b0 [ 688.107111][T14856] proc_reg_write+0x23d/0x330 [ 688.107148][T14856] vfs_writev+0x5df/0xde0 [ 688.107185][T14856] do_writev+0x132/0x340 [ 688.107218][T14856] do_syscall_64+0xcd/0x490 [ 688.107259][T14856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.107287][T14856] [ 688.107296][T14856] The buggy address belongs to the object at ffff88801ff1e580 [ 688.107296][T14856] which belongs to the cache kmalloc-8 of size 8 [ 688.107320][T14856] The buggy address is located 0 bytes to the right of [ 688.107320][T14856] allocated 7-byte region [ffff88801ff1e580, ffff88801ff1e587) [ 688.107349][T14856] [ 688.107357][T14856] The buggy address belongs to the physical page: [ 688.107377][T14856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88801ff1ed40 pfn:0x1ff1e [ 688.107405][T14856] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 688.107430][T14856] page_type: f5(slab) [ 688.107455][T14856] raw: 00fff00000000000 ffff88801b841500 0000000000000000 dead000000000001 [ 688.107483][T14856] raw: ffff88801ff1ed40 0000000080800076 00000000f5000000 0000000000000000 [ 688.107501][T14856] page dumped because: kasan: bad access detected [ 688.107514][T14856] page_owner tracks the page as allocated [ 688.107524][T14856] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1017, tgid 1017 (kworker/u8:6), ts 104469057597, free_ts 104012120081 [ 688.107574][T14856] post_alloc_hook+0x1c0/0x230 [ 688.107610][T14856] get_page_from_freelist+0x1321/0x3890 [ 688.107648][T14856] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 688.107688][T14856] alloc_pages_mpol+0x1fb/0x550 [ 688.107714][T14856] new_slab+0x23b/0x330 [ 688.107745][T14856] ___slab_alloc+0xd9c/0x1940 [ 688.107777][T14856] __slab_alloc.constprop.0+0x56/0xb0 [ 688.107813][T14856] __kmalloc_noprof+0x2f2/0x510 [ 688.107852][T14856] nsim_fib_event_nb+0x45e/0x10d0 [ 688.107894][T14856] notifier_call_chain+0xbc/0x410 [ 688.107927][T14856] atomic_notifier_call_chain+0x71/0x1c0 [ 688.107963][T14856] call_fib_notifiers+0x33/0x70 [ 688.108004][T14856] fib6_add_rt2node+0x1d0f/0x3660 [ 688.113308][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 688.117715][T14856] fib6_add+0x628/0x1d90 [ 688.122421][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 688.126372][T14856] ip6_ins_rt+0xb5/0x110 [ 688.131350][T14848] netlink: 338 bytes leftover after parsing attributes in process `syz.4.1991'. [ 688.135717][T14856] __ipv6_ifa_notify+0xa6b/0xd60 [ 688.135758][T14856] page last free pid 23 tgid 23 stack trace: [ 688.135774][T14856] __free_frozen_pages+0x7fe/0x1180 [ 688.135809][T14856] rcu_core+0x79c/0x14e0 [ 688.135832][T14856] handle_softirqs+0x219/0x8e0 [ 688.135863][T14856] run_ksoftirqd+0x3a/0x60 [ 688.135891][T14856] smpboot_thread_fn+0x3f7/0xae0 [ 688.135922][T14856] kthread+0x3c2/0x780 [ 688.135958][T14856] ret_from_fork+0x5d7/0x6f0 [ 688.135993][T14856] ret_from_fork_asm+0x1a/0x30 [ 688.136024][T14856] [ 688.136032][T14856] Memory state around the buggy address: [ 688.136049][T14856] ffff88801ff1e480: fa fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 688.136070][T14856] ffff88801ff1e500: 06 fc fc fc fa fc fc fc fa fc fc fc fa fc fc fc [ 688.136091][T14856] >ffff88801ff1e580: 07 fc fc fc fa fc fc fc fa fc fc fc 05 fc fc fc [ 688.136108][T14856] ^ [ 688.136124][T14856] ffff88801ff1e600: fa fc fc fc 05 fc fc fc fa fc fc fc 05 fc fc fc [ 688.136144][T14856] ffff88801ff1e680: 05 fc fc fc fa fc fc fc 05 fc fc fc 05 fc fc fc [ 688.136162][T14856] ================================================================== [ 688.338589][T14856] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 688.338616][T14856] CPU: 0 UID: 0 PID: 14856 Comm: syz.2.1997 Not tainted 6.16.0-rc5-syzkaller-00038-g733923397fd9 #0 PREEMPT(full) [ 688.338652][T14856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 688.338670][T14856] Call Trace: [ 688.338680][T14856] [ 688.338691][T14856] dump_stack_lvl+0x3d/0x1f0 [ 688.338734][T14856] panic+0x71c/0x800 [ 688.338771][T14856] ? __pfx_panic+0x10/0x10 [ 688.338806][T14856] ? mark_held_locks+0x49/0x80 [ 688.338843][T14856] ? preempt_schedule_thunk+0x16/0x30 [ 688.338878][T14856] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 688.338909][T14856] ? preempt_schedule_common+0x44/0xc0 [ 688.338945][T14856] ? check_panic_on_warn+0x1f/0xb0 [ 688.338985][T14856] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 688.339013][T14856] check_panic_on_warn+0xab/0xb0 [ 688.339052][T14856] end_report+0x107/0x170 [ 688.339076][T14856] kasan_report+0xee/0x110 [ 688.339102][T14856] ? afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 688.339135][T14856] afs_proc_addr_prefs_write+0x13a9/0x15f0 [ 688.339163][T14856] ? __lock_acquire+0xb8a/0x1c90 [ 688.339202][T14856] ? __pfx_afs_proc_addr_prefs_write+0x10/0x10 [ 688.339233][T14856] ? find_held_lock+0x2b/0x80 [ 688.339259][T14856] ? __might_fault+0xe3/0x190 [ 688.339295][T14856] ? __might_fault+0xe3/0x190 [ 688.339329][T14856] ? __might_fault+0x13b/0x190 [ 688.339400][T14856] ? proc_simple_write+0x114/0x1b0 [ 688.339427][T14856] proc_simple_write+0x114/0x1b0 [ 688.339453][T14856] ? __pfx_proc_simple_write+0x10/0x10 [ 688.339481][T14856] proc_reg_write+0x23d/0x330 [ 688.339519][T14856] ? __pfx_proc_reg_write+0x10/0x10 [ 688.339555][T14856] vfs_writev+0x5df/0xde0 [ 688.339589][T14856] ? __pfx___mutex_trylock_common+0x10/0x10 [ 688.339630][T14856] ? __pfx_vfs_writev+0x10/0x10 [ 688.339664][T14856] ? __mutex_lock+0x1ca/0xb90 [ 688.339705][T14856] ? __pfx___mutex_lock+0x10/0x10 [ 688.339747][T14856] ? __fget_files+0x20e/0x3c0 [ 688.339787][T14856] ? do_writev+0x132/0x340 [ 688.339819][T14856] do_writev+0x132/0x340 [ 688.339852][T14856] ? __pfx_do_writev+0x10/0x10 [ 688.339891][T14856] do_syscall_64+0xcd/0x490 [ 688.339930][T14856] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.339957][T14856] RIP: 0033:0x7fe22878e929 [ 688.339979][T14856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 688.340006][T14856] RSP: 002b:00007fe229605038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 688.340034][T14856] RAX: ffffffffffffffda RBX: 00007fe2289b6080 RCX: 00007fe22878e929 [ 688.340053][T14856] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 688.340071][T14856] RBP: 00007fe228810b39 R08: 0000000000000000 R09: 0000000000000000 [ 688.340089][T14856] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 688.340106][T14856] R13: 0000000000000000 R14: 00007fe2289b6080 R15: 00007ffee0da6598 [ 688.340132][T14856] [ 688.340732][T14856] Kernel Offset: disabled