last executing test programs: 2.547151523s ago: executing program 4 (id=2621): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000003c0), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0) 2.396122522s ago: executing program 4 (id=2623): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x9) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) accept(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) 1.974147766s ago: executing program 2 (id=2626): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb01001800ffff000000001c0000001c00000005000000020000000000000f0300000044942d050000000000000f0100000084002e616100"], &(0x7f00000014c0)=""/2, 0x39, 0x2, 0x1}, 0x28) r1 = syz_init_net_socket$llc(0x1a, 0x4, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x14c, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x800000000000, 0x4, 0x40000000}, {}, 0x70bd25, 0x0, 0x2, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x14c}}, 0x4810) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x13, 0x13, &(0x7f00000002c0)=ANY=[@ANYBLOB="18020000010000000000000000000000180100002020702500000000002020207baaf8ff00000000bd4106000000000047010000f8ffffffb702000008000000b7030000000000008500002dd10000001801000020786c250000000000202020db1af8ffa1000000bda100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095", @ANYBLOB="c4e8694f6a41bbc567fae44525993146a82394ba87056e58f8079f32790aa69701414be95298b6807f79ed859d4494bc64f80a1079b7b9f4cf21a097c0f1a2039418c499717a196c4c1718e95b088747660acec57c85aeb09b59f1e8938be36d6ae51420891784f822f9790d9491a0e65420d62c8f97566004b7e39a6b9e7035bc2ed1ad9f772be86375d716377fd4c67c9cd89579cf6f2101e0815eb3e61cf6f4506806c80a1543a1c2b9bbe13af7fd86bbbf35a9f64a49acf5b2febaf912a3744b293e1fa27d46e9c664c7d96b0f9d7d3be55b38659f382dd8287efab57e269e0b35af7ecd7d7f", @ANYRES8=r0, @ANYRES64=r3, @ANYRES16=r3, @ANYBLOB="63ec2f52ac0bc2186a0ef72eb4fa1a053d14b26b595e36bf8e89da4c67e55dedf6381f3b371200715c702bfe9790395f05b8e5c1e6601814e63bd43f1385cf76576f89536afa140f6ed17389f769923934dca1a064e317651d4d2f34ed16ed1cb8407edf8112c3829f62bd7cc1c05b985ad360431ba747225784d2fa3bad145bd465587b6915e471196eb2d9447c0b", @ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$IP_VS_SO_GET_VERSION(r3, 0x0, 0x480, &(0x7f0000005680), &(0x7f0000009980)=0x40) syz_emit_ethernet(0x22, &(0x7f0000000000)={@random="adea708edf67", @multicast, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x84, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x36}}}}}}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000000)={r3, 0x160, 0x8, 0x8}) sendmmsg$sock(r1, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@l2tp={0x2, 0x0, @multicast1}, 0x80, 0x0}}, {{&(0x7f0000000700)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x80, 0x0}}], 0x400000000000297, 0x48094) 1.967966159s ago: executing program 4 (id=2627): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000196000/0x1000)=nil, 0x1000, 0x0, 0x840000000000a132, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='freezer.parent_freezing\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f0000000140)=[@in={0x2, 0x4e24, @loopback}], 0x10) getsockopt$sock_buf(r3, 0x1, 0x1c, 0x0, &(0x7f00000000c0)=0x1200) mmap(&(0x7f0000c89000/0x4000)=nil, 0x4000, 0x7000009, 0x3af3fabf6edc1b5f, r3, 0x1000) mmap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x12, r2, 0xd1383000) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000691000/0x4000)=nil, 0x4000, 0x3, 0x28011, r4, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000200)=ANY=[@ANYBLOB="199212d3bbbbbbbbbbbbbad4f943162486dd6000000000103afffe040000000000000000000000000001ff02000000000000000000000000000186009078010a0100e100000005000000"], 0x0) mmap(&(0x7f0000867000/0x2000)=nil, 0x2000, 0x0, 0x11, r4, 0x1000) mmap(&(0x7f00005d3000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0xfffff000) mmap(&(0x7f00008b7000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) mmap(&(0x7f00004a3000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) mmap(&(0x7f0000071000/0x4000)=nil, 0x4000, 0x0, 0x13, r1, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.group_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f000015b000/0x3000)=nil, 0x3000, 0x800001, 0x10012, r5, 0x0) mmap(&(0x7f000086a000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x2000) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x109001, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'\x00', 0x1}) ioctl$TUNSETPERSIST(r6, 0x400454c9, 0x200000000000001) ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x1) socket$l2tp(0x2, 0x2, 0x73) ioctl$TUNSETPERSIST(r6, 0x400454cb, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) socket$nl_route(0x10, 0x3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) 1.743652869s ago: executing program 2 (id=2629): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x100000f, 0x4000010, r0, 0xffffe000) r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f00000006c0)=ANY=[@ANYBLOB="1b0000000000000000000000002000000000000021d73bd4d4baeb9c7959f00297f5e6e9814a80ea565b8ca78d274ec1d7f9e6038212ce612b6550e90f5dde1a7ad6635d07d9d5c06ea4610d6dfae5a1dfafbbb93b8a146ef208b01b331ce87515549afe859661d52fbaae14a74cfc605df981a7e22bc84c749f9c9fa79e3a2128fc5f29bfbe593217f9556e8ac630e8ac064f28642c1e1361cf1186c29153257351c95aed8abf4b5ed0652c9391b0aa8f8f97a7", @ANYRES32=r0, @ANYBLOB="00000000000000bbc13373502b80c9352bbd9124000000000000001482101949e7", @ANYRES32=0x0, @ANYRES16=r0, @ANYBLOB='\x00'/28], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xf, &(0x7f0000000400)=ANY=[@ANYBLOB="180300004000000000110000ff000000181100202c57027d3e8bccd5c1b5208baa98678d7471165cc5e48afff7b033dd02937a1b71c731beab5379ed34b84d0f4a7693322672f6c9d9d8ca419dfa2e352b9985a2abb2e788b778712fd43bca6ae2f650875ce4b81512303c4ca653d814e1be5573f409aa39b05eeb788d9300"/140, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b5020000140000008500000083000000bc0900000000000055090100240000009500000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0xa, 0x1003, &(0x7f0000001e40)=""/4099, 0x40f00, 0x9, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$xdp(0x2c, 0x3, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000280)=""/22, 0x100000, 0x800, 0x0, 0x1}, 0x20) setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f000000cdc0)=0x10, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00'}) setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4) syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e22, 0xcc15, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x9}, 0x1c) socket$xdp(0x2c, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0xf) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000004f40)={'gre0\x00', &(0x7f0000000240)={'gretap0\x00', 0x0, 0x1, 0x20, 0x0, 0x4, {{0x5, 0x4, 0x1, 0x8, 0x14, 0x67, 0x0, 0xdb, 0x4, 0x0, @empty, @empty}}}}) syz_genetlink_get_family_id$l2tp(0x0, r5) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_all\x00', 0x275a, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r8, &(0x7f0000000200)=0x10001, 0x12) sendfile(0xffffffffffffffff, r7, 0x0, 0xf03a0006) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a44, 0x1700) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r9, 0x6, 0x3, &(0x7f0000000000)=0x2c, 0x4) bind$bt_l2cap(r9, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe) connect$bt_l2cap(r9, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe) 1.718877828s ago: executing program 4 (id=2630): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x40201, 0x0) r1 = socket$kcm(0x2, 0xa, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x94) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'veth1_macvtap\x00', @link_local}) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet(0xa, 0x801, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) socket$netlink(0x10, 0x3, 0xf) socket$netlink(0x10, 0x3, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000080)=[@sack_perm, @mss={0x2, 0x8}, @mss={0x2, 0x7}, @sack_perm, @window={0x3, 0xd, 0xff28}, @window={0x3, 0x7, 0x3}, @window={0x3, 0x3, 0x4}, @window={0x3, 0x9}, @sack_perm, @mss={0x2, 0xd}], 0xa) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_sctp(0x2, 0x1, 0x84) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 1.651993478s ago: executing program 0 (id=2631): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={{0x14, 0x10, 0x1, 0xf5ffffff}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x7, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x30, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_USERDATA={0xf, 0x3, "91abc12404cf378042f26c"}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x9}], {0x14}}, 0x8c}}, 0x0) 1.495543702s ago: executing program 4 (id=2632): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x7c, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x50, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_EXPR={0x14, 0x11, 0x0, 0x1, @counter={{0xc}, @val={0x4}}}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "d1"}]}]}]}]}], {0x14, 0x11, 0x20, 0x0, 0x0, {0x1}}}, 0xb8}}, 0x40) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000200)=0x4, 0x4) write$bt_hci(r0, &(0x7f0000000200)=ANY=[], 0x6) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32], 0x48) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) getsockopt$rose(r2, 0x104, 0x2, 0x0, 0x0) bind$rds(r3, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1a}}, 0x10) sendmsg$rds(r3, &(0x7f00000002c0)={&(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00'}, 0x10) ppoll(&(0x7f0000000500)=[{}], 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f00007a6000/0x3000)=nil, 0x3000, 0x100000c, 0x22051, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x22051, 0xffffffffffffffff, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="480000001400030400000000000000000a3f0000", @ANYRES32=r6, @ANYBLOB="14000200ff2300000000000000000000000000011400060000000000060000000000000000000000080008000004"], 0x48}}, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000100)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x56, r6}) setsockopt$CAN_RAW_ERR_FILTER(r4, 0x65, 0x2, &(0x7f0000000000)=0x9, 0x4) 1.494928735s ago: executing program 0 (id=2633): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f00000004c0)="df034affffffffffff0000000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c) 1.470344873s ago: executing program 0 (id=2634): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0x40d, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r2, 0x1, 0xc000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_MODE={0x5, 0x1, 0x6}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x404c084}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x1, 0x803, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001400)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x440}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x3c}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700ff01000000000000000000000000000108000a00", @ANYRES32=r8], 0x54}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=@newlink={0x2c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0xffc3, r2, 0x0, 0x1201}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}}, 0x0) 1.352168628s ago: executing program 0 (id=2635): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00'}, 0x10) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8905, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.187799221s ago: executing program 0 (id=2637): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') unshare(0x6a040000) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(0xffffffffffffffff, 0x9) r0 = socket$inet_mptcp(0x2, 0x1, 0x106) accept(0xffffffffffffffff, 0x0, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) 1.160116041s ago: executing program 3 (id=2638): sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32, @ANYBLOB="60005080110001004abee339084eeef16f162471f4000000080003000aac0f00050002"], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) (async) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x3, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}}, 0x40000) sendmsg$nl_xfrm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0xf0, 0x10, 0x1, 0xfffffffe, 0x100, {{@in6=@remote, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x714, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in6=@mcast2, 0x4d4, 0x6c}, @in=@loopback, {0x0, 0x192, 0x6, 0xffff, 0x8251c, 0x2, 0xfffffffffffffff8}, {0xffffffffffffffff, 0x0, 0x1f, 0xfffffffffffffffe}, {0x2, 0xfffffffc, 0x7}, 0x70bd2a, 0x3504, 0xa, 0x1, 0x0, 0x20}}, 0xf0}, 0x1, 0x0, 0x0, 0x8801}, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) (async) sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010829bd7000000000000b00000008000300", @ANYRES32=r2], 0x7c}, 0x1, 0x0, 0x0, 0x4}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x20000, 0x0) 1.053866223s ago: executing program 3 (id=2640): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) bind$inet6(r0, &(0x7f0000000300)={0xa, 0x4e23, 0x0, @empty, 0x5}, 0x1c) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f0000000380)=ANY=[@ANYBLOB="020101090800000000170006ffffff00030006001000000002000000e0000009f9ff0f0005000000030005007217440502000000e0000001"], 0x40}}, 0x0) sendmsg$key(r1, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0xfeffffff, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x4d6, 0x0, 0x0, 0x0, 0x2}, @sadb_address={0x3, 0x5, 0x0, 0x20, 0x0, @in={0x2, 0x4e1d, @loopback}}]}, 0x50}}, 0x0) 993.876485ms ago: executing program 1 (id=2641): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x800001, @loopback}, 0x1c) r1 = socket(0x40000000015, 0x805, 0x0) getsockopt(r1, 0x114, 0x2718, 0x0, &(0x7f00000000c0)) unshare(0x26020480) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x9, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="2100000000000000000000000080"], 0x50) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_buf(r2, 0x6, 0x1c, 0x0, &(0x7f0000000100)) socketpair(0xa, 0x3, 0x0, &(0x7f0000000040)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_type(r3, &(0x7f0000000100), 0x2, 0x0) openat$cgroup_pressure(0xffffffffffffffff, 0x0, 0x2, 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r4}, 0x18) setsockopt$MRT6_DEL_MFC(0xffffffffffffffff, 0x29, 0xcd, &(0x7f0000000300)={{0xa, 0x6, 0x56, @local}, {0xa, 0x4e24, 0x3, @remote, 0x2}, 0xffffffffffffffff, {[0x9, 0x9, 0xa, 0xa, 0x0, 0x8000, 0xfffffff7, 0x7f]}}, 0x5c) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r5 = socket$inet_udp(0x2, 0x2, 0x0) r6 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r6, &(0x7f0000000440)=@pppol2tp={0x18, 0x1, {0x0, r5, {0x2, 0x1, @remote}, 0xa}}, 0x26) sendmmsg$inet(r6, &(0x7f0000005f80)=[{{0x0, 0x0, &(0x7f0000005dc0)}}], 0x1a000, 0x8040) r7 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0xffffff35) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 923.673538ms ago: executing program 3 (id=2642): r0 = socket$inet(0x2, 0x80001, 0x0) r1 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0x20800001, 0x4) setsockopt$inet6_int(r1, 0x29, 0x4e, &(0x7f0000000000)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @loopback={0x0, 0xa8aaaafffeaaaa1e}, 0x8000}, 0x1c) listen(r1, 0xb7) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e24, 0x833, @private0={0xfc, 0x0, '\x00', 0x1}, 0x8}, 0x1c) r2 = socket$nl_audit(0x10, 0x3, 0x9) sendmsg$AUDIT_SET_FEATURE(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, 0x3fa, 0x400, 0x70bd29, 0x25dfdbfe, {0x1, 0x0, 0x1, 0x1}, ["", "", "", "", "", "", "", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000}, 0x80) setsockopt$IPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000100)=ANY=[@ANYBLOB="739a4e00000000000000000000000000000000000000000000000000000000000200"/72], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x16, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, [@generic={0x91, 0x1, 0x1, 0x4f}]}, &(0x7f0000000c40)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff9}, 0x94) 908.754211ms ago: executing program 1 (id=2643): r0 = socket(0xa, 0x3, 0x3a) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0xffffffa4]}}, 0x5c) setsockopt$MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd3, &(0x7f00000000c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xe3]}}, 0x5c) 852.735514ms ago: executing program 2 (id=2644): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) bind$netlink(r1, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB="3400000010400d042abd70000000000000000000", @ANYRES32=r2, @ANYBLOB="0100000000c000001400128009000100626f6e640000000004000280"], 0x34}, 0x1, 0x0, 0x0, 0x24040800}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_BEACONS(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="073201000800fddbdf25ff7f000008000300", @ANYRES32=r6, @ANYBLOB], 0x1c}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x4000090) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'wlan0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f000000d040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20008811}, 0x0) sendmsg$NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x80) r7 = socket$nl_generic(0x10, 0x3, 0x10) socket$l2tp6(0xa, 0x2, 0x73) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000100004000000000fdffffff85000000200000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) sendto$l2tp6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x80, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x19, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x8, 0x0, 0x78c8a1269c7fb89b}, 0x94) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r7, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r8, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x24008000) 807.634298ms ago: executing program 1 (id=2645): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000e00)={0x38, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x20, @from_mac}, @NL80211_ATTR_IE={0x4}]}, 0x38}, 0x1, 0x0, 0x1000000}, 0x0) 800.93179ms ago: executing program 3 (id=2646): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x1) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x80000001, 0x0) sendto$inet(r0, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd7", 0x1ab, 0x805, 0x0, 0x0) recvmmsg(r0, &(0x7f00000031c0)=[{{0x0, 0x1802, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/135, 0x87}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/146, 0x92}, {&(0x7f0000000080)=""/43, 0x2b}, {&(0x7f0000000a80)=""/242, 0xf2}, {&(0x7f0000000b80)=""/143, 0x8f}], 0x4, 0x0, 0x810}, 0x2}], 0x400000000000300, 0x22, 0x0) 745.874571ms ago: executing program 2 (id=2647): syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) socket$inet(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00'}, 0x10) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8905, &(0x7f0000000100)={0x0, 'erspan0\x00', {0x1}, 0x26}) sendto$inet6(0xffffffffffffffff, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 722.480978ms ago: executing program 3 (id=2648): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="7800000018002507b9409b14ffff00000204be04020b06050e020909430009003f00064c0a000000040085a168d0bf46d32345653600648d04000500eb16000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a320004001600", 0x62, 0x0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000003c0), r0) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000ecffffffffff2000000005002000000000000c001f0070687930"], 0x28}}, 0x0) 621.190771ms ago: executing program 3 (id=2649): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001500)=ANY=[@ANYBLOB="d8000000000203000000000000000000020000053c0002802c00018014000300fc00000000000000000000000000000114000400000000000000000000000000000000010c00028005000100210000000400038004000180"], 0xd8}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet(0x2, 0x2, 0x1) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000007c0)={'batadv0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000003c0)=@bridge_getneigh={0x28, 0x1e, 0x3c964e403b131b43, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x2000c058) r6 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r6, 0x89f0, &(0x7f0000000040)={'team_slave_1\x00', &(0x7f0000000100)=@ethtool_coalesce={0xe, 0x0, 0xffd, 0xffff, 0x400000, 0x803, 0x6, 0xc0000000, 0x402, 0xa, 0x5, 0x5, 0x3, 0x4006, 0x4, 0xfffffffc, 0x0, 0x37e9, 0x80000004, 0x4000002, 0x6, 0xfffffff9, 0x3}}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_HANDLE={0xc, 0x4, 0x1, 0x0, 0x1}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0xb0, 0x16, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x1}, @NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x2}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x74, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0xff}, @NFTA_FLOWTABLE_HOOK_DEVS={0x68, 0x3, 0x0, 0x1, [{0x14, 0x1, 'veth0\x00'}, {0x14, 0x1, 'netpci0\x00'}, {0x14, 0x1, 'veth0_vlan\x00'}, {0x14, 0x1, 'erspan0\x00'}, {0x14, 0x1, 'erspan0\x00'}]}]}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x124}}, 0x0) syz_80211_join_ibss(&(0x7f00000002c0)='wlan0\x00', &(0x7f0000000340)=@default_ap_ssid, 0x6, 0x2) r8 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000026c0)=@flushpolicy={0x38, 0x12, 0x105, 0x0, 0x0, "", [@address_filter={0x28, 0x1a, {@in=@private=0xa010102, @in=@private=0xa010100, 0xa, 0x6, 0x9}}]}, 0x38}}, 0x20040810) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r10, 0x10e, 0xc, &(0x7f0000000180)={0x2d6}, 0x10) r11 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r11, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10) bind$tipc(r11, &(0x7f0000000140)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10) bind$tipc(r11, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10) r12 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r12, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x1}, 0x10) close(0x3) write(r10, &(0x7f0000000000)="240000001a005f0400f9f407000904018000200000000000000000000800010000000000", 0x24) setsockopt$PNPIPE_ENCAP(r10, 0x113, 0x1, &(0x7f0000000240), 0x4) r13 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r9, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x20, r13, 0x9c3fa077fa966179, 0x70bd29, 0x0, {{0x7e}, {@void, @val={0xc, 0x99, {0x916d, 0x15}}}}}, 0x20}}, 0x4000054) 571.767655ms ago: executing program 4 (id=2650): r0 = socket(0x10, 0x2, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x10002, 0xffffffff, 0x6, 0xfffffff9}, 0x10) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff8070000001d00000000000000080009000d000000", 0x24) r1 = socket$can_j1939(0x1d, 0x2, 0x7) r2 = socket$key(0xf, 0x3, 0x2) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) bind$can_j1939(r1, &(0x7f0000000100)={0x1d, r3, 0x10003, {}, 0xfe}, 0x18) connect$can_j1939(r1, 0x0, 0x0) r4 = socket$inet(0x2b, 0x801, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r4, 0x0, 0x480, 0x0, 0x0) sendmsg$can_j1939(r1, 0x0, 0x1) socket$can_j1939(0x1d, 0x2, 0x7) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000000)={r1, 0x6, 0xb, 0x80000001}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x41) socket$nl_generic(0x10, 0x3, 0x10) bpf$ITER_CREATE(0x21, &(0x7f00000000c0), 0x8) 571.058514ms ago: executing program 2 (id=2651): bpf$PROG_LOAD(0x5, 0x0, 0xffffffffffffffbe) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000003b142870cb0ac89172f53ed3b66e76692b089b0dd50d229c", @ANYRES16=0x0, @ANYBLOB="040727bd7000fddbdf2528000000"], 0x14}}, 0xd4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3c000000b0f4c0bbf5ed3fb0496cade7692973850f27ebc31deb609b917957bad95a09c0fe50b014b6840322c145fb4a05baca4f4344a0c2c2a8c68d9b3a2bb970623a4fa8d98ec271d194862804dc8c91fef3d95ac2cb7d7d4c170f17355023e65f309bae203ba343764aecbb53f35e58cf1518eb7555b57e8f52c487797af71ab04a9af1b348bdfa6760c44b0537c8f55e4cd54f80104d92590276849bc87f90409977229e21cfcf6850602d02d3bc17a89021f5055f3c7a58ae678e18957774bc0e33d0d71af0b8642ac679cf5104e75b2eeaa75a34e1197d226fca53ef7707daa5de0f6fd7da6658a426233bec6e0190ee36a4e28e379edf22efd34bcedf5652c751", @ANYRES16=r2, @ANYBLOB="010000000000000000000c00000018000180140002007665746830000000000000000000000010000380080002000200000004000400"], 0x3c}}, 0x4040004) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r3 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4) connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10) sendmmsg$inet(r3, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20040c91) r4 = gettid() r5 = socket(0x10, 0x803, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="3c00000010000304f9ffbffffedbdf2500007400", @ANYRES32, @ANYBLOB="049c01000750050008001300", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0) r6 = socket(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYRES8=0x0, @ANYRES32, @ANYBLOB="110055477e77a04041e9bb480c01006272696467a6"], 0x3c}, 0x1, 0x0, 0x0, 0x4044000}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x400, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x0, 0x0, 0x0, 0x40002000, 0xffffffff}, 0x3548, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x4}}}}]}, 0x78}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) 569.747624ms ago: executing program 1 (id=2652): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_STATION(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x24, r1, 0x5cfe9b9de6b8c055, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xa}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x8000) (fail_nth: 1) 354.308745ms ago: executing program 1 (id=2653): r0 = socket(0x1, 0x1, 0x1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x840000000002, 0x3, 0x100) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r2) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r4, @ANYBLOB="200001"], 0x38}}, 0x0) (async) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="380000005500e502000000000000000007000000", @ANYRES32=r4, @ANYBLOB="200001"], 0x38}}, 0x0) r5 = socket(0x400000000010, 0x3, 0x0) r6 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) (async) sendmsg$nl_route_sched(r5, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xb, 0xfff3}, {}, {0x7, 0x300}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x0) getsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f00000000c0)={@local}, &(0x7f0000000100)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) r8 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) socket$nl_route(0x10, 0x3, 0x0) (async) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r9, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xffffff92}]}]}]}}]}, 0xa4}, 0x1, 0x7a00}, 0x0) (async) sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000640)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0x1000000, {0x0, 0x0, 0x12, r9, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x0, 0x0, 0x0, 0xd645, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xffff]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0xffffff92}]}]}]}}]}, 0xa4}, 0x1, 0x7a00}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan1\x00'}) sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0) (async) sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, 0x0, 0x0) (async) setsockopt$MRT_ADD_VIF(r2, 0x0, 0xca, 0x0, 0x0) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000003c0)={@rand_addr=0x64010101, @local}, 0xc) syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff) (async) r11 = syz_genetlink_get_family_id$nbd(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r1, &(0x7f00000027c0)={0x0, 0x0, &(0x7f0000002780)={&(0x7f0000000500)={0x3c, r11, 0x1, 0x70bd29, 0x25dfdbfb, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x40d5}, @NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r0}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000004}, 0x4000) 171.996727ms ago: executing program 0 (id=2654): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000340)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0xffffffff]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xfffffffc}]}]}, 0x30}, 0x1, 0xfcffffffffffffff}, 0x0) 91.33083ms ago: executing program 2 (id=2655): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x1}, 0x8) shutdown(r0, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r1}, 0x10) nanosleep(&(0x7f0000000080)={0x0, 0x3938700}, 0xfffffffffffffffc) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r4, @ANYBLOB="080004000001"], 0x4c}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x48, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffec, 0x0, 0x0, 0x0, 0x3}, 0x94) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r6}, 0x94) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r6, 0x0) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$NL80211_CMD_JOIN_MESH(r6, &(0x7f00000004c0)={&(0x7f0000000140), 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x30, r7, 0x100, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0xa926, 0x13}}}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x10}, 0x8000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r5, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) getpeername$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000080)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@bridge_getneigh={0x84, 0x1e, 0x300, 0x70bd2c, 0x25dfdbfc, {0x7, 0x0, 0x0, r4, 0x4780, 0x40304}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8, 0x8, r5}]}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_PORT_SELF={0x40, 0x19, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "54ea2b8214904cf8d08742b3b73ec5ed"}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xf}, @IFLA_PORT_VF={0x8, 0x1, 0x3}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}, @IFLA_PORT_PROFILE={0x5, 0x2, '\x00'}]}, @IFLA_TXQLEN={0x8, 0xd, 0x6}, @IFLA_LINK={0x8, 0x5, r9}]}, 0x84}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040) 0s ago: executing program 1 (id=2656): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) sendmmsg$sock(r0, &(0x7f0000002180)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000800)=[@txtime={{0x18, 0x1, 0x3d, 0x3ff}}], 0x18}}], 0x2, 0x8124) (fail_nth: 4) kernel console output (not intermixed with test programs): nk: 20 bytes leftover after parsing attributes in process `syz.3.1809'. [ 253.035044][T12070] wg1 speed is unknown, defaulting to 1000 [ 253.075224][T12091] syzkaller0: entered promiscuous mode [ 253.080818][T12091] syzkaller0: entered allmulticast mode [ 253.102230][T12087] wg1 speed is unknown, defaulting to 1000 [ 253.131286][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 253.139414][ C1] lec:lec_tx_timeout: lec0 [ 253.144054][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 254.805972][T12108] siw: device registration error -23 [ 255.146381][T12119] wg1 speed is unknown, defaulting to 1000 [ 255.153628][T12124] FAULT_INJECTION: forcing a failure. [ 255.153628][T12124] name failslab, interval 1, probability 0, space 0, times 0 [ 255.206634][T12124] CPU: 0 UID: 0 PID: 12124 Comm: syz.3.1822 Not tainted syzkaller #0 PREEMPT(full) [ 255.206659][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 255.206668][T12124] Call Trace: [ 255.206675][T12124] [ 255.206683][T12124] dump_stack_lvl+0x189/0x250 [ 255.206708][T12124] ? __pfx____ratelimit+0x10/0x10 [ 255.206731][T12124] ? __pfx_dump_stack_lvl+0x10/0x10 [ 255.206752][T12124] ? __pfx__printk+0x10/0x10 [ 255.206773][T12124] ? __pfx___might_resched+0x10/0x10 [ 255.206799][T12124] should_fail_ex+0x414/0x560 [ 255.206826][T12124] should_failslab+0xa8/0x100 [ 255.206843][T12124] kmem_cache_alloc_node_noprof+0x77/0x710 [ 255.206865][T12124] ? __alloc_skb+0x112/0x2d0 [ 255.206893][T12124] __alloc_skb+0x112/0x2d0 [ 255.206913][T12124] netlink_ack+0x146/0xa50 [ 255.206929][T12124] ? __pfx_genl_rcv_msg+0x10/0x10 [ 255.206953][T12124] ? __asan_memcpy+0x40/0x70 [ 255.206974][T12124] ? __pfx_ref_tracker_free+0x10/0x10 [ 255.206997][T12124] netlink_rcv_skb+0x28c/0x470 [ 255.207011][T12124] ? __lock_acquire+0xab9/0xd20 [ 255.207025][T12124] ? __pfx_genl_rcv_msg+0x10/0x10 [ 255.207045][T12124] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 255.207077][T12124] ? down_read+0x1ad/0x2e0 [ 255.207098][T12124] genl_rcv+0x28/0x40 [ 255.207117][T12124] netlink_unicast+0x82f/0x9e0 [ 255.207150][T12124] ? __pfx_netlink_unicast+0x10/0x10 [ 255.207173][T12124] ? netlink_sendmsg+0x642/0xb30 [ 255.207189][T12124] ? skb_put+0x11b/0x210 [ 255.207210][T12124] netlink_sendmsg+0x805/0xb30 [ 255.207238][T12124] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.207260][T12124] ? aa_sock_msg_perm+0xf1/0x1d0 [ 255.207284][T12124] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 255.207300][T12124] ? __pfx_netlink_sendmsg+0x10/0x10 [ 255.207319][T12124] __sock_sendmsg+0x21c/0x270 [ 255.207344][T12124] ____sys_sendmsg+0x505/0x830 [ 255.207369][T12124] ? __pfx_____sys_sendmsg+0x10/0x10 [ 255.207394][T12124] ? import_iovec+0x74/0xa0 [ 255.207419][T12124] ___sys_sendmsg+0x21f/0x2a0 [ 255.207441][T12124] ? __pfx____sys_sendmsg+0x10/0x10 [ 255.207496][T12124] ? __fget_files+0x2a/0x420 [ 255.207511][T12124] ? __fget_files+0x3a0/0x420 [ 255.207538][T12124] __x64_sys_sendmsg+0x19b/0x260 [ 255.207560][T12124] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 255.207590][T12124] ? __pfx_ksys_write+0x10/0x10 [ 255.207616][T12124] ? do_syscall_64+0xbe/0xfa0 [ 255.207636][T12124] do_syscall_64+0xfa/0xfa0 [ 255.207651][T12124] ? lockdep_hardirqs_on+0x9c/0x150 [ 255.207667][T12124] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.207684][T12124] ? clear_bhb_loop+0x60/0xb0 [ 255.207703][T12124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 255.207717][T12124] RIP: 0033:0x7f5771d8f6c9 [ 255.207731][T12124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 255.207744][T12124] RSP: 002b:00007f5772c50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 255.207763][T12124] RAX: ffffffffffffffda RBX: 00007f5771fe5fa0 RCX: 00007f5771d8f6c9 [ 255.207773][T12124] RDX: 0000000000008840 RSI: 0000200000000200 RDI: 0000000000000003 [ 255.207784][T12124] RBP: 00007f5772c50090 R08: 0000000000000000 R09: 0000000000000000 [ 255.207794][T12124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 255.207804][T12124] R13: 00007f5771fe6038 R14: 00007f5771fe5fa0 R15: 00007ffccb839708 [ 255.207832][T12124] [ 255.960637][T12150] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 255.976436][T12150] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 256.298290][T12168] geneve3: entered promiscuous mode [ 256.306701][T12168] geneve3: entered allmulticast mode [ 256.366902][T12172] siw: device registration error -23 [ 256.378482][T12172] wg1 speed is unknown, defaulting to 1000 [ 256.530844][T12187] batadv2: entered promiscuous mode [ 256.667426][T12193] wg1 speed is unknown, defaulting to 1000 [ 256.722471][T12194] wg1 speed is unknown, defaulting to 1000 [ 257.056191][T12212] __nla_validate_parse: 8 callbacks suppressed [ 257.056210][T12212] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1850'. [ 257.095277][T12217] FAULT_INJECTION: forcing a failure. [ 257.095277][T12217] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.128348][T12217] CPU: 1 UID: 0 PID: 12217 Comm: syz.4.1853 Not tainted syzkaller #0 PREEMPT(full) [ 257.128374][T12217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 257.128384][T12217] Call Trace: [ 257.128391][T12217] [ 257.128399][T12217] dump_stack_lvl+0x189/0x250 [ 257.128426][T12217] ? __pfx____ratelimit+0x10/0x10 [ 257.128458][T12217] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.128480][T12217] ? __pfx__printk+0x10/0x10 [ 257.128510][T12217] should_fail_ex+0x414/0x560 [ 257.128541][T12217] _copy_to_user+0x31/0xb0 [ 257.128565][T12217] simple_read_from_buffer+0xe1/0x170 [ 257.128595][T12217] proc_fail_nth_read+0x1b3/0x220 [ 257.128620][T12217] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 257.128644][T12217] ? rw_verify_area+0x2a6/0x4d0 [ 257.128665][T12217] ? __lock_acquire+0xab9/0xd20 [ 257.128681][T12217] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 257.128701][T12217] vfs_read+0x200/0xa30 [ 257.128722][T12217] ? fdget_pos+0x247/0x320 [ 257.128743][T12217] ? __pfx___mutex_lock+0x10/0x10 [ 257.128762][T12217] ? __pfx_vfs_read+0x10/0x10 [ 257.128785][T12217] ? __fget_files+0x2a/0x420 [ 257.128806][T12217] ? __fget_files+0x3a0/0x420 [ 257.128820][T12217] ? __fget_files+0x2a/0x420 [ 257.128845][T12217] ksys_read+0x145/0x250 [ 257.128870][T12217] ? __pfx_ksys_read+0x10/0x10 [ 257.128895][T12217] ? do_syscall_64+0xbe/0xfa0 [ 257.128917][T12217] do_syscall_64+0xfa/0xfa0 [ 257.128934][T12217] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.128950][T12217] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 257.128967][T12217] ? clear_bhb_loop+0x60/0xb0 [ 257.128988][T12217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.129004][T12217] RIP: 0033:0x7fa76c18e0dc [ 257.129020][T12217] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 257.129035][T12217] RSP: 002b:00007fa76d0d1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 257.129057][T12217] RAX: ffffffffffffffda RBX: 00007fa76c3e5fa0 RCX: 00007fa76c18e0dc [ 257.129070][T12217] RDX: 000000000000000f RSI: 00007fa76d0d10a0 RDI: 0000000000000005 [ 257.129081][T12217] RBP: 00007fa76d0d1090 R08: 0000000000000000 R09: 0000000000000000 [ 257.129091][T12217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.129102][T12217] R13: 00007fa76c3e6038 R14: 00007fa76c3e5fa0 R15: 00007fff0258faf8 [ 257.129134][T12217] [ 257.385030][T12225] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 257.566492][T12235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1861'. [ 257.572958][T12233] IPv6: NLM_F_REPLACE set, but no existing node found! [ 257.690625][T12239] batadv1: entered promiscuous mode [ 257.764397][T12235] mac80211_hwsim hwsim11 wlan1: entered promiscuous mode [ 257.822137][T12235] macsec1: entered promiscuous mode [ 257.930381][T12222] syzkaller0: entered promiscuous mode [ 257.937414][T12222] syzkaller0: entered allmulticast mode [ 257.950336][T12256] sysfs: cannot create duplicate filename '/class/ieee80211/π,xb)% ]3DL̥!!b.>nS#^' [ 257.996647][T12256] CPU: 1 UID: 0 PID: 12256 Comm: syz.3.1866 Not tainted syzkaller #0 PREEMPT(full) [ 257.996680][T12256] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 257.996692][T12256] Call Trace: [ 257.996699][T12256] [ 257.996708][T12256] dump_stack_lvl+0x189/0x250 [ 257.996739][T12256] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.996764][T12256] ? __pfx__printk+0x10/0x10 [ 257.996787][T12256] ? kernfs_path_from_node+0x2f/0x290 [ 257.996806][T12256] ? kernfs_path_from_node+0x250/0x290 [ 257.996824][T12256] ? kernfs_path_from_node+0x2f/0x290 [ 257.996848][T12256] sysfs_warn_dup+0x8e/0xa0 [ 257.996867][T12256] sysfs_do_create_link_sd+0xc0/0x110 [ 257.996888][T12256] device_add_class_symlinks+0x1cf/0x240 [ 257.996914][T12256] device_add+0x475/0xb50 [ 257.996937][T12256] wiphy_register+0x1d2e/0x2d20 [ 257.996980][T12256] ? __pfx_wiphy_register+0x10/0x10 [ 257.997003][T12256] ? __pfx_netdev_run_todo+0x10/0x10 [ 257.997025][T12256] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 257.997056][T12256] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 257.997082][T12256] ieee80211_register_hw+0x3473/0x40d0 [ 257.997114][T12256] ? ieee80211_register_hw+0x14b1/0x40d0 [ 257.997143][T12256] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 257.997162][T12256] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 257.997192][T12256] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 257.997217][T12256] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.997248][T12256] ? __hrtimer_setup+0x187/0x210 [ 257.997266][T12256] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 257.997290][T12256] mac80211_hwsim_new_radio+0x2f9a/0x5260 [ 257.997361][T12256] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 257.997385][T12256] ? trace_kmalloc+0x1f/0xd0 [ 257.997407][T12256] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 257.997432][T12256] ? kstrndup+0xbf/0x160 [ 257.997464][T12256] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 257.997490][T12256] ? __pfx___nla_validate_parse+0x10/0x10 [ 257.997527][T12256] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 257.997552][T12256] ? rcu_is_watching+0x15/0xb0 [ 257.997578][T12256] ? __nla_parse+0x40/0x60 [ 257.997601][T12256] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 257.997632][T12256] genl_family_rcv_msg_doit+0x215/0x300 [ 257.997664][T12256] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 257.997703][T12256] ? bpf_lsm_capable+0x9/0x20 [ 257.997723][T12256] ? security_capable+0x7e/0x2e0 [ 257.997754][T12256] genl_rcv_msg+0x60e/0x790 [ 257.997781][T12256] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.997800][T12256] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 257.997831][T12256] netlink_rcv_skb+0x208/0x470 [ 257.997848][T12256] ? __lock_acquire+0xab9/0xd20 [ 257.997867][T12256] ? __pfx_genl_rcv_msg+0x10/0x10 [ 257.997891][T12256] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 257.997931][T12256] ? down_read+0x1ad/0x2e0 [ 257.997955][T12256] genl_rcv+0x28/0x40 [ 257.997975][T12256] netlink_unicast+0x82f/0x9e0 [ 257.998010][T12256] ? __pfx_netlink_unicast+0x10/0x10 [ 257.998036][T12256] ? netlink_sendmsg+0x642/0xb30 [ 257.998052][T12256] ? skb_put+0x11b/0x210 [ 257.998077][T12256] netlink_sendmsg+0x805/0xb30 [ 257.998106][T12256] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.998128][T12256] ? aa_sock_msg_perm+0xf1/0x1d0 [ 257.998156][T12256] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 257.998174][T12256] ? __pfx_netlink_sendmsg+0x10/0x10 [ 257.998196][T12256] __sock_sendmsg+0x21c/0x270 [ 257.998225][T12256] ____sys_sendmsg+0x505/0x830 [ 257.998253][T12256] ? __pfx_____sys_sendmsg+0x10/0x10 [ 257.998285][T12256] ? import_iovec+0x74/0xa0 [ 257.998310][T12256] ___sys_sendmsg+0x21f/0x2a0 [ 257.998334][T12256] ? __pfx____sys_sendmsg+0x10/0x10 [ 257.998405][T12256] ? __fget_files+0x2a/0x420 [ 257.998422][T12256] ? __fget_files+0x3a0/0x420 [ 257.998451][T12256] __x64_sys_sendmsg+0x19b/0x260 [ 257.998475][T12256] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 257.998516][T12256] ? do_syscall_64+0xbe/0xfa0 [ 257.998539][T12256] do_syscall_64+0xfa/0xfa0 [ 257.998556][T12256] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.998573][T12256] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.998591][T12256] ? clear_bhb_loop+0x60/0xb0 [ 257.998612][T12256] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.998630][T12256] RIP: 0033:0x7f5771d8f6c9 [ 257.998647][T12256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.998661][T12256] RSP: 002b:00007f5772c50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.998681][T12256] RAX: ffffffffffffffda RBX: 00007f5771fe5fa0 RCX: 00007f5771d8f6c9 [ 257.998694][T12256] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 257.998705][T12256] RBP: 00007f5771e11f91 R08: 0000000000000000 R09: 0000000000000000 [ 257.998715][T12256] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 257.998725][T12256] R13: 00007f5771fe6038 R14: 00007f5771fe5fa0 R15: 00007ffccb839708 [ 257.998757][T12256] [ 258.530937][T12245] wg1 speed is unknown, defaulting to 1000 [ 258.553534][T12258] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1865'. [ 258.610536][T12263] wg1 speed is unknown, defaulting to 1000 [ 258.991295][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5850 ms [ 258.999339][ C1] lec:lec_tx_timeout: lec0 [ 259.004188][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 259.666096][T12302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1878'. [ 259.825216][T12313] batadv0: entered promiscuous mode [ 259.918736][T12315] wg1 speed is unknown, defaulting to 1000 [ 259.963663][T12322] wg1 speed is unknown, defaulting to 1000 [ 260.428514][T12335] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1886'. [ 260.707017][T12349] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1890'. [ 260.758444][T12352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1891'. [ 260.939540][T12361] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1895'. [ 261.123700][T12370] batadv2: entered promiscuous mode [ 261.139327][T12368] wg1 speed is unknown, defaulting to 1000 [ 261.279410][T12370] wg1 speed is unknown, defaulting to 1000 [ 261.297003][T12375] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1899'. [ 261.521014][T12390] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1902'. [ 261.552573][T12392] FAULT_INJECTION: forcing a failure. [ 261.552573][T12392] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 261.574642][T12392] CPU: 0 UID: 0 PID: 12392 Comm: syz.2.1903 Not tainted syzkaller #0 PREEMPT(full) [ 261.574668][T12392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 261.574678][T12392] Call Trace: [ 261.574685][T12392] [ 261.574693][T12392] dump_stack_lvl+0x189/0x250 [ 261.574720][T12392] ? __pfx____ratelimit+0x10/0x10 [ 261.574743][T12392] ? __pfx_dump_stack_lvl+0x10/0x10 [ 261.574762][T12392] ? __pfx__printk+0x10/0x10 [ 261.574780][T12392] ? __might_fault+0xb0/0x130 [ 261.574812][T12392] should_fail_ex+0x414/0x560 [ 261.574839][T12392] _copy_from_user+0x2d/0xb0 [ 261.574862][T12392] ____sys_sendmsg+0x2fe/0x830 [ 261.574887][T12392] ? __pfx_____sys_sendmsg+0x10/0x10 [ 261.574914][T12392] ? import_iovec+0x74/0xa0 [ 261.574938][T12392] ___sys_sendmsg+0x21f/0x2a0 [ 261.574959][T12392] ? __pfx____sys_sendmsg+0x10/0x10 [ 261.575076][T12392] ? __fget_files+0x2a/0x420 [ 261.575089][T12392] ? __fget_files+0x3a0/0x420 [ 261.575107][T12392] __x64_sys_sendmsg+0x19b/0x260 [ 261.575127][T12392] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 261.575156][T12392] ? __pfx_ksys_write+0x10/0x10 [ 261.575181][T12392] ? do_syscall_64+0xbe/0xfa0 [ 261.575202][T12392] do_syscall_64+0xfa/0xfa0 [ 261.575217][T12392] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.575230][T12392] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 261.575242][T12392] ? clear_bhb_loop+0x60/0xb0 [ 261.575262][T12392] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 261.575277][T12392] RIP: 0033:0x7f27f278f6c9 [ 261.575293][T12392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 261.575306][T12392] RSP: 002b:00007f27f3688038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 261.575325][T12392] RAX: ffffffffffffffda RBX: 00007f27f29e5fa0 RCX: 00007f27f278f6c9 [ 261.575337][T12392] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000004 [ 261.575349][T12392] RBP: 00007f27f3688090 R08: 0000000000000000 R09: 0000000000000000 [ 261.575360][T12392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 261.575370][T12392] R13: 00007f27f29e6038 R14: 00007f27f29e5fa0 R15: 00007fff08946a88 [ 261.575399][T12392] [ 261.582663][T12383] wg1 speed is unknown, defaulting to 1000 [ 262.555154][T12433] batadv1: entered promiscuous mode [ 262.837325][T12436] wg1 speed is unknown, defaulting to 1000 [ 262.906835][T12444] __nla_validate_parse: 1 callbacks suppressed [ 262.906851][T12444] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1917'. [ 263.070934][T12449] wg1 speed is unknown, defaulting to 1000 [ 263.297637][T12461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1921'. [ 263.550667][T12480] wg1 speed is unknown, defaulting to 1000 [ 263.602702][T12483] macvtap1: entered promiscuous mode [ 263.609816][T12483] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 263.847048][T12494] batadv1: entered promiscuous mode [ 263.965568][T12502] wg1 speed is unknown, defaulting to 1000 [ 264.011252][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 264.019409][ C1] lec:lec_tx_timeout: lec0 [ 264.024269][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 264.205752][T12511] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1934'. [ 264.246303][T12509] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1933'. [ 264.352115][T12516] syzkaller1: entered promiscuous mode [ 264.358501][T12516] syzkaller1: entered allmulticast mode [ 265.054396][T12557] batadv2: entered promiscuous mode [ 265.194048][T12564] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1948'. [ 265.209432][T12557] wg1 speed is unknown, defaulting to 1000 [ 265.278016][T12567] netlink: 'syz.1.1949': attribute type 15 has an invalid length. [ 265.311289][T12567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1949'. [ 265.319081][T12570] netlink: 'syz.4.1950': attribute type 1 has an invalid length. [ 265.368326][ T1157] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 2816 - 0 [ 265.397690][ T1157] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 2816 - 0 [ 265.416832][T12567] netlink: 'syz.1.1949': attribute type 15 has an invalid length. [ 265.427852][T12567] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1949'. [ 265.451604][ T1157] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 2816 - 0 [ 265.460732][ T1157] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 2816 - 0 [ 265.483143][T12577] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1952'. [ 265.677654][T12591] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1956'. [ 265.767036][T12596] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1959'. [ 266.125572][T12606] wg1 speed is unknown, defaulting to 1000 [ 266.143068][T12615] FAULT_INJECTION: forcing a failure. [ 266.143068][T12615] name failslab, interval 1, probability 0, space 0, times 0 [ 266.193205][T12615] CPU: 0 UID: 0 PID: 12615 Comm: syz.0.1965 Not tainted syzkaller #0 PREEMPT(full) [ 266.193231][T12615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 266.193242][T12615] Call Trace: [ 266.193249][T12615] [ 266.193257][T12615] dump_stack_lvl+0x189/0x250 [ 266.193284][T12615] ? __pfx____ratelimit+0x10/0x10 [ 266.193309][T12615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 266.193331][T12615] ? __pfx__printk+0x10/0x10 [ 266.193355][T12615] ? __pfx___might_resched+0x10/0x10 [ 266.193378][T12615] should_fail_ex+0x414/0x560 [ 266.193408][T12615] should_failslab+0xa8/0x100 [ 266.193428][T12615] __kmalloc_noprof+0xcb/0x7f0 [ 266.193451][T12615] ? kfree+0x4d/0x6d0 [ 266.193469][T12615] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 266.193507][T12615] tomoyo_realpath_from_path+0xe3/0x5d0 [ 266.193533][T12615] ? tomoyo_domain+0xd9/0x130 [ 266.193556][T12615] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 266.193577][T12615] tomoyo_path_number_perm+0x1e8/0x5a0 [ 266.193601][T12615] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 266.193662][T12615] ? __fget_files+0x2a/0x420 [ 266.193684][T12615] ? __fget_files+0x3a0/0x420 [ 266.193699][T12615] ? __fget_files+0x2a/0x420 [ 266.193720][T12615] security_file_ioctl+0xcb/0x2d0 [ 266.193742][T12615] __se_sys_ioctl+0x47/0x170 [ 266.193766][T12615] do_syscall_64+0xfa/0xfa0 [ 266.193783][T12615] ? lockdep_hardirqs_on+0x9c/0x150 [ 266.193800][T12615] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.193816][T12615] ? clear_bhb_loop+0x60/0xb0 [ 266.193838][T12615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 266.193854][T12615] RIP: 0033:0x7f126238f6c9 [ 266.193870][T12615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 266.193885][T12615] RSP: 002b:00007f1263310038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 266.193905][T12615] RAX: ffffffffffffffda RBX: 00007f12625e5fa0 RCX: 00007f126238f6c9 [ 266.193918][T12615] RDX: 0000200000000000 RSI: 00000000000089e1 RDI: 0000000000000003 [ 266.193929][T12615] RBP: 00007f1263310090 R08: 0000000000000000 R09: 0000000000000000 [ 266.193940][T12615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 266.193951][T12615] R13: 00007f12625e6038 R14: 00007f12625e5fa0 R15: 00007fff8476ab58 [ 266.193982][T12615] [ 266.193990][T12615] ERROR: Out of memory at tomoyo_realpath_from_path. [ 266.484220][T12627] netlink: 'syz.0.1969': attribute type 13 has an invalid length. [ 266.532635][T12627] netlink: 'syz.0.1969': attribute type 17 has an invalid length. [ 266.589841][T12627] gretap0: refused to change device tx_queue_len [ 266.597129][T12627] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 266.908913][T12644] batadv2: entered promiscuous mode [ 267.027252][T12650] wg1 speed is unknown, defaulting to 1000 [ 267.168528][ T52] Bluetooth: hci4: link tx timeout [ 267.174571][ T52] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 267.249373][T12662] netlink: 'syz.4.1981': attribute type 10 has an invalid length. [ 267.258317][T12662] veth1_macvtap: entered promiscuous mode [ 267.269531][T12662] tipc: Enabled bearer , priority 0 [ 267.277041][T12662] syzkaller0: entered promiscuous mode [ 267.282840][T12662] syzkaller0: entered allmulticast mode [ 267.428391][T12669] tipc: Resetting bearer [ 267.523311][T12680] siw: device registration error -23 [ 267.536850][T12680] wg1 speed is unknown, defaulting to 1000 [ 267.556194][T12682] FAULT_INJECTION: forcing a failure. [ 267.556194][T12682] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.569756][T12682] CPU: 1 UID: 0 PID: 12682 Comm: syz.1.1988 Not tainted syzkaller #0 PREEMPT(full) [ 267.569781][T12682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 267.569789][T12682] Call Trace: [ 267.569795][T12682] [ 267.569803][T12682] dump_stack_lvl+0x189/0x250 [ 267.569829][T12682] ? __pfx____ratelimit+0x10/0x10 [ 267.569853][T12682] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.569872][T12682] ? __pfx__printk+0x10/0x10 [ 267.569888][T12682] ? __might_fault+0xb0/0x130 [ 267.569919][T12682] should_fail_ex+0x414/0x560 [ 267.569948][T12682] _copy_from_iter+0x1de/0x1790 [ 267.569972][T12682] ? rcu_is_watching+0x15/0xb0 [ 267.569993][T12682] ? kmalloc_reserve+0xbd/0x290 [ 267.570010][T12682] ? __pfx__copy_from_iter+0x10/0x10 [ 267.570028][T12682] ? __build_skb_around+0x262/0x3f0 [ 267.570049][T12682] ? netlink_sendmsg+0x642/0xb30 [ 267.570066][T12682] ? skb_put+0x11b/0x210 [ 267.570086][T12682] netlink_sendmsg+0x6b2/0xb30 [ 267.570112][T12682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.570134][T12682] ? aa_sock_msg_perm+0xf1/0x1d0 [ 267.570159][T12682] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 267.570176][T12682] ? __pfx_netlink_sendmsg+0x10/0x10 [ 267.570196][T12682] __sock_sendmsg+0x21c/0x270 [ 267.570220][T12682] ____sys_sendmsg+0x505/0x830 [ 267.570245][T12682] ? __pfx_____sys_sendmsg+0x10/0x10 [ 267.570272][T12682] ? import_iovec+0x74/0xa0 [ 267.570294][T12682] ___sys_sendmsg+0x21f/0x2a0 [ 267.570315][T12682] ? __pfx____sys_sendmsg+0x10/0x10 [ 267.570364][T12682] ? __fget_files+0x2a/0x420 [ 267.570380][T12682] ? __fget_files+0x3a0/0x420 [ 267.570407][T12682] __x64_sys_sendmsg+0x19b/0x260 [ 267.570427][T12682] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 267.570453][T12682] ? __pfx_ksys_write+0x10/0x10 [ 267.570478][T12682] ? do_syscall_64+0xbe/0xfa0 [ 267.570496][T12682] do_syscall_64+0xfa/0xfa0 [ 267.570510][T12682] ? lockdep_hardirqs_on+0x9c/0x150 [ 267.570527][T12682] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.570542][T12682] ? clear_bhb_loop+0x60/0xb0 [ 267.570563][T12682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.570579][T12682] RIP: 0033:0x7fb017b8f6c9 [ 267.570603][T12682] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 267.570617][T12682] RSP: 002b:00007fb018981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 267.570635][T12682] RAX: ffffffffffffffda RBX: 00007fb017de5fa0 RCX: 00007fb017b8f6c9 [ 267.570647][T12682] RDX: 0000000000000040 RSI: 0000200000009b40 RDI: 0000000000000003 [ 267.570658][T12682] RBP: 00007fb018981090 R08: 0000000000000000 R09: 0000000000000000 [ 267.570668][T12682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.570678][T12682] R13: 00007fb017de6038 R14: 00007fb017de5fa0 R15: 00007fff9b221b58 [ 267.570708][T12682] [ 267.911379][T12686] FAULT_INJECTION: forcing a failure. [ 267.911379][T12686] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 267.925084][ T5832] Bluetooth: hci4: link tx timeout [ 267.930278][ T5832] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 267.939114][T12686] CPU: 1 UID: 0 PID: 12686 Comm: syz.1.1990 Not tainted syzkaller #0 PREEMPT(full) [ 267.939136][T12686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 267.939146][T12686] Call Trace: [ 267.939153][T12686] [ 267.939160][T12686] dump_stack_lvl+0x189/0x250 [ 267.939188][T12686] ? __pfx____ratelimit+0x10/0x10 [ 267.939210][T12686] ? __pfx_dump_stack_lvl+0x10/0x10 [ 267.939229][T12686] ? __pfx__printk+0x10/0x10 [ 267.939256][T12686] should_fail_ex+0x414/0x560 [ 267.939286][T12686] _copy_to_user+0x31/0xb0 [ 267.939308][T12686] simple_read_from_buffer+0xe1/0x170 [ 267.939338][T12686] proc_fail_nth_read+0x1b3/0x220 [ 267.939362][T12686] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.939384][T12686] ? rw_verify_area+0x2a6/0x4d0 [ 267.939404][T12686] ? __lock_acquire+0xab9/0xd20 [ 267.939431][T12686] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 267.939453][T12686] vfs_read+0x200/0xa30 [ 267.939486][T12686] ? fdget_pos+0x247/0x320 [ 267.939513][T12686] ? __pfx___mutex_lock+0x10/0x10 [ 267.939529][T12686] ? __pfx_vfs_read+0x10/0x10 [ 267.939551][T12686] ? __fget_files+0x2a/0x420 [ 267.939572][T12686] ? __fget_files+0x3a0/0x420 [ 267.939586][T12686] ? __fget_files+0x2a/0x420 [ 267.939613][T12686] ksys_read+0x145/0x250 [ 267.939637][T12686] ? __pfx_ksys_read+0x10/0x10 [ 267.939661][T12686] ? do_syscall_64+0xbe/0xfa0 [ 267.939687][T12686] do_syscall_64+0xfa/0xfa0 [ 267.939704][T12686] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.939719][T12686] ? asm_sysvec_call_function_single+0x1a/0x20 [ 267.939735][T12686] ? clear_bhb_loop+0x60/0xb0 [ 267.939755][T12686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 267.939771][T12686] RIP: 0033:0x7fb017b8e0dc [ 267.939787][T12686] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 267.939800][T12686] RSP: 002b:00007fb018981030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 267.939818][T12686] RAX: ffffffffffffffda RBX: 00007fb017de5fa0 RCX: 00007fb017b8e0dc [ 267.939829][T12686] RDX: 000000000000000f RSI: 00007fb0189810a0 RDI: 0000000000000004 [ 267.939841][T12686] RBP: 00007fb018981090 R08: 0000000000000000 R09: 0000000000000000 [ 267.939851][T12686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 267.939859][T12686] R13: 00007fb017de6038 R14: 00007fb017de5fa0 R15: 00007fff9b221b58 [ 267.939886][T12686] [ 268.185985][T12661] tipc: Resetting bearer [ 268.275276][T12661] tipc: Disabling bearer [ 268.427903][T12695] wg1 speed is unknown, defaulting to 1000 [ 268.487206][T12712] __nla_validate_parse: 4 callbacks suppressed [ 268.487223][T12712] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1996'. [ 268.529971][T12704] IPVS: Scheduler module ip_vs_sip not found [ 268.639295][T12720] netlink: 'syz.4.2000': attribute type 1 has an invalid length. [ 268.653377][ T5832] Bluetooth: hci4: link tx timeout [ 268.658724][ T5832] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 268.687122][T12720] 8021q: adding VLAN 0 to HW filter on device bond6 [ 268.711722][T12720] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2000'. [ 268.841080][T12731] batadv1: entered promiscuous mode [ 268.920610][T12734] wg1 speed is unknown, defaulting to 1000 [ 269.031271][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 269.039331][ C1] lec:lec_tx_timeout: lec0 [ 269.043940][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 269.231537][ T5832] Bluetooth: hci4: command 0x0406 tx timeout [ 269.337303][T12746] sysfs: cannot create duplicate filename '/class/ieee80211/π,xb)% ]3DL̥!!b.>nS#^' [ 269.385035][T12746] CPU: 1 UID: 0 PID: 12746 Comm: syz.0.2008 Not tainted syzkaller #0 PREEMPT(full) [ 269.385062][T12746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 269.385073][T12746] Call Trace: [ 269.385080][T12746] [ 269.385089][T12746] dump_stack_lvl+0x189/0x250 [ 269.385121][T12746] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.385145][T12746] ? __pfx__printk+0x10/0x10 [ 269.385179][T12746] ? kernfs_path_from_node+0x2f/0x290 [ 269.385201][T12746] ? kernfs_path_from_node+0x250/0x290 [ 269.385222][T12746] ? kernfs_path_from_node+0x2f/0x290 [ 269.385249][T12746] sysfs_warn_dup+0x8e/0xa0 [ 269.385272][T12746] sysfs_do_create_link_sd+0xc0/0x110 [ 269.385296][T12746] device_add_class_symlinks+0x1cf/0x240 [ 269.385322][T12746] device_add+0x475/0xb50 [ 269.385348][T12746] wiphy_register+0x1d2e/0x2d20 [ 269.385393][T12746] ? __pfx_wiphy_register+0x10/0x10 [ 269.385418][T12746] ? __pfx_netdev_run_todo+0x10/0x10 [ 269.385441][T12746] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 269.385471][T12746] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 269.385495][T12746] ieee80211_register_hw+0x3473/0x40d0 [ 269.385532][T12746] ? ieee80211_register_hw+0x14b1/0x40d0 [ 269.385563][T12746] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 269.385583][T12746] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 269.385611][T12746] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 269.385636][T12746] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 269.385669][T12746] ? __hrtimer_setup+0x187/0x210 [ 269.385686][T12746] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 269.385707][T12746] mac80211_hwsim_new_radio+0x2f9a/0x5260 [ 269.385768][T12746] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 269.385788][T12746] ? trace_kmalloc+0x1f/0xd0 [ 269.385808][T12746] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 269.385831][T12746] ? kstrndup+0xbf/0x160 [ 269.385861][T12746] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 269.385883][T12746] ? __pfx___nla_validate_parse+0x10/0x10 [ 269.385919][T12746] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 269.385944][T12746] ? rcu_is_watching+0x15/0xb0 [ 269.385964][T12746] ? __nla_parse+0x40/0x60 [ 269.385986][T12746] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 269.386019][T12746] genl_family_rcv_msg_doit+0x215/0x300 [ 269.386055][T12746] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 269.386093][T12746] ? bpf_lsm_capable+0x9/0x20 [ 269.386114][T12746] ? security_capable+0x7e/0x2e0 [ 269.386146][T12746] genl_rcv_msg+0x60e/0x790 [ 269.386184][T12746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.386206][T12746] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 269.386240][T12746] netlink_rcv_skb+0x208/0x470 [ 269.386257][T12746] ? __lock_acquire+0xab9/0xd20 [ 269.386274][T12746] ? __pfx_genl_rcv_msg+0x10/0x10 [ 269.386299][T12746] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 269.386335][T12746] ? down_read+0x1ad/0x2e0 [ 269.386359][T12746] genl_rcv+0x28/0x40 [ 269.386380][T12746] netlink_unicast+0x82f/0x9e0 [ 269.386409][T12746] ? __pfx_netlink_unicast+0x10/0x10 [ 269.386434][T12746] ? netlink_sendmsg+0x642/0xb30 [ 269.386447][T12746] ? skb_put+0x11b/0x210 [ 269.386467][T12746] netlink_sendmsg+0x805/0xb30 [ 269.386493][T12746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.386513][T12746] ? aa_sock_msg_perm+0xf1/0x1d0 [ 269.386541][T12746] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 269.386557][T12746] ? __pfx_netlink_sendmsg+0x10/0x10 [ 269.386576][T12746] __sock_sendmsg+0x21c/0x270 [ 269.386605][T12746] ____sys_sendmsg+0x505/0x830 [ 269.386632][T12746] ? __pfx_____sys_sendmsg+0x10/0x10 [ 269.386661][T12746] ? import_iovec+0x74/0xa0 [ 269.386687][T12746] ___sys_sendmsg+0x21f/0x2a0 [ 269.386709][T12746] ? __pfx____sys_sendmsg+0x10/0x10 [ 269.386766][T12746] ? __fget_files+0x2a/0x420 [ 269.386782][T12746] ? __fget_files+0x3a0/0x420 [ 269.386809][T12746] __x64_sys_sendmsg+0x19b/0x260 [ 269.386831][T12746] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 269.386868][T12746] ? do_syscall_64+0xbe/0xfa0 [ 269.386889][T12746] do_syscall_64+0xfa/0xfa0 [ 269.386905][T12746] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.386923][T12746] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.386941][T12746] ? clear_bhb_loop+0x60/0xb0 [ 269.386963][T12746] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.386979][T12746] RIP: 0033:0x7f126238f6c9 [ 269.386995][T12746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.387010][T12746] RSP: 002b:00007f1263310038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 269.387029][T12746] RAX: ffffffffffffffda RBX: 00007f12625e5fa0 RCX: 00007f126238f6c9 [ 269.387044][T12746] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 269.387056][T12746] RBP: 00007f1262411f91 R08: 0000000000000000 R09: 0000000000000000 [ 269.387068][T12746] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 269.387079][T12746] R13: 00007f12625e6038 R14: 00007f12625e5fa0 R15: 00007fff8476ab58 [ 269.387109][T12746] [ 270.000811][T12763] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.2016'. [ 270.396615][T12780] batadv1: entered promiscuous mode [ 270.513570][T12788] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2019'. [ 270.518836][T12787] wg1 speed is unknown, defaulting to 1000 [ 270.640912][T12796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2019'. [ 270.950059][T12806] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2026'. [ 270.983469][T12805] x_tables: duplicate underflow at hook 1 [ 271.295115][T12816] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 271.312748][T12819] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2031'. [ 271.382979][T12816] bond7: option lp_interval: invalid value (0) [ 271.389312][T12816] bond7: option lp_interval: allowed values 1 - 2147483647 [ 271.426084][T12816] bond7 (unregistering): Released all slaves [ 271.532907][T12831] batadv0: entered promiscuous mode [ 271.689302][T12838] wg1 speed is unknown, defaulting to 1000 [ 272.025192][T12849] syzkaller0: entered promiscuous mode [ 272.030863][T12849] syzkaller0: entered allmulticast mode [ 272.734485][T12877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'. [ 272.746699][T12877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2045'. [ 272.760226][T12874] wg1 speed is unknown, defaulting to 1000 [ 272.777993][T12874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2048'. [ 272.946275][T12886] syzkaller0: entered promiscuous mode [ 272.962482][T12886] syzkaller0: entered allmulticast mode [ 273.065424][T12894] sctp: [Deprecated]: syz.4.2053 (pid 12894) Use of int in max_burst socket option. [ 273.065424][T12894] Use struct sctp_assoc_value instead [ 273.494398][T12906] sysfs: cannot create duplicate filename '/class/ieee80211/π,xb)% ]3DL̥!!b.>nS#^' [ 273.535528][T12906] CPU: 1 UID: 0 PID: 12906 Comm: syz.4.2058 Not tainted syzkaller #0 PREEMPT(full) [ 273.535553][T12906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 273.535564][T12906] Call Trace: [ 273.535572][T12906] [ 273.535579][T12906] dump_stack_lvl+0x189/0x250 [ 273.535612][T12906] ? __pfx_dump_stack_lvl+0x10/0x10 [ 273.535635][T12906] ? __pfx__printk+0x10/0x10 [ 273.535658][T12906] ? kernfs_path_from_node+0x2f/0x290 [ 273.535680][T12906] ? kernfs_path_from_node+0x250/0x290 [ 273.535700][T12906] ? kernfs_path_from_node+0x2f/0x290 [ 273.535724][T12906] sysfs_warn_dup+0x8e/0xa0 [ 273.535746][T12906] sysfs_do_create_link_sd+0xc0/0x110 [ 273.535770][T12906] device_add_class_symlinks+0x1cf/0x240 [ 273.535796][T12906] device_add+0x475/0xb50 [ 273.535818][T12906] wiphy_register+0x1d2e/0x2d20 [ 273.535859][T12906] ? __pfx_wiphy_register+0x10/0x10 [ 273.535881][T12906] ? __pfx_netdev_run_todo+0x10/0x10 [ 273.535902][T12906] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 273.535934][T12906] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 273.535991][T12906] ieee80211_register_hw+0x3473/0x40d0 [ 273.536041][T12906] ? ieee80211_register_hw+0x14b1/0x40d0 [ 273.536083][T12906] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 273.536106][T12906] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 273.536142][T12906] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 273.536177][T12906] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 273.536217][T12906] ? __hrtimer_setup+0x187/0x210 [ 273.536241][T12906] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 273.536265][T12906] mac80211_hwsim_new_radio+0x2f9a/0x5260 [ 273.536336][T12906] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 273.536360][T12906] ? trace_kmalloc+0x1f/0xd0 [ 273.536382][T12906] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 273.536407][T12906] ? kstrndup+0xbf/0x160 [ 273.536437][T12906] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 273.536462][T12906] ? __pfx___nla_validate_parse+0x10/0x10 [ 273.536499][T12906] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 273.536522][T12906] ? rcu_is_watching+0x15/0xb0 [ 273.536544][T12906] ? __nla_parse+0x40/0x60 [ 273.536563][T12906] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 273.536594][T12906] genl_family_rcv_msg_doit+0x215/0x300 [ 273.536624][T12906] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 273.536661][T12906] ? bpf_lsm_capable+0x9/0x20 [ 273.536678][T12906] ? security_capable+0x7e/0x2e0 [ 273.536707][T12906] genl_rcv_msg+0x60e/0x790 [ 273.536735][T12906] ? __pfx_genl_rcv_msg+0x10/0x10 [ 273.536756][T12906] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 273.536786][T12906] netlink_rcv_skb+0x208/0x470 [ 273.536801][T12906] ? __lock_acquire+0xab9/0xd20 [ 273.536819][T12906] ? __pfx_genl_rcv_msg+0x10/0x10 [ 273.536841][T12906] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 273.536875][T12906] ? down_read+0x1ad/0x2e0 [ 273.536897][T12906] genl_rcv+0x28/0x40 [ 273.536917][T12906] netlink_unicast+0x82f/0x9e0 [ 273.536952][T12906] ? __pfx_netlink_unicast+0x10/0x10 [ 273.536987][T12906] ? netlink_sendmsg+0x642/0xb30 [ 273.537003][T12906] ? skb_put+0x11b/0x210 [ 273.537026][T12906] netlink_sendmsg+0x805/0xb30 [ 273.537056][T12906] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.537078][T12906] ? aa_sock_msg_perm+0xf1/0x1d0 [ 273.537103][T12906] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 273.537119][T12906] ? __pfx_netlink_sendmsg+0x10/0x10 [ 273.537137][T12906] __sock_sendmsg+0x21c/0x270 [ 273.537164][T12906] ____sys_sendmsg+0x505/0x830 [ 273.537187][T12906] ? __pfx_____sys_sendmsg+0x10/0x10 [ 273.537216][T12906] ? import_iovec+0x74/0xa0 [ 273.537242][T12906] ___sys_sendmsg+0x21f/0x2a0 [ 273.537263][T12906] ? __pfx____sys_sendmsg+0x10/0x10 [ 273.537321][T12906] ? __fget_files+0x2a/0x420 [ 273.537337][T12906] ? __fget_files+0x3a0/0x420 [ 273.537364][T12906] __x64_sys_sendmsg+0x19b/0x260 [ 273.537388][T12906] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 273.537425][T12906] ? do_syscall_64+0xbe/0xfa0 [ 273.537447][T12906] do_syscall_64+0xfa/0xfa0 [ 273.537464][T12906] ? lockdep_hardirqs_on+0x9c/0x150 [ 273.537480][T12906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.537498][T12906] ? clear_bhb_loop+0x60/0xb0 [ 273.537519][T12906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 273.537537][T12906] RIP: 0033:0x7fa76c18f6c9 [ 273.537553][T12906] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 273.537568][T12906] RSP: 002b:00007fa76d0d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 273.537587][T12906] RAX: ffffffffffffffda RBX: 00007fa76c3e5fa0 RCX: 00007fa76c18f6c9 [ 273.537601][T12906] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 273.537612][T12906] RBP: 00007fa76c211f91 R08: 0000000000000000 R09: 0000000000000000 [ 273.537622][T12906] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 273.537631][T12906] R13: 00007fa76c3e6038 R14: 00007fa76c3e5fa0 R15: 00007fff0258faf8 [ 273.537665][T12906] [ 274.061256][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 274.069681][ C1] lec:lec_tx_timeout: lec0 [ 274.074700][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 274.185114][T12918] wg1 speed is unknown, defaulting to 1000 [ 274.273873][T12929] netlink: 212368 bytes leftover after parsing attributes in process `syz.1.2065'. [ 274.536149][T12946] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2072'. [ 274.933224][T12964] vxcan0: entered allmulticast mode [ 275.882402][T12990] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2085'. [ 275.919525][T12990] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2085'. [ 275.993162][T12997] FAULT_INJECTION: forcing a failure. [ 275.993162][T12997] name failslab, interval 1, probability 0, space 0, times 0 [ 276.035550][T12997] CPU: 0 UID: 0 PID: 12997 Comm: syz.3.2087 Not tainted syzkaller #0 PREEMPT(full) [ 276.035576][T12997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 276.035586][T12997] Call Trace: [ 276.035593][T12997] [ 276.035600][T12997] dump_stack_lvl+0x189/0x250 [ 276.035627][T12997] ? __pfx____ratelimit+0x10/0x10 [ 276.035651][T12997] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.035673][T12997] ? __pfx__printk+0x10/0x10 [ 276.035697][T12997] ? __pfx___might_resched+0x10/0x10 [ 276.035723][T12997] ? fs_reclaim_acquire+0x7d/0x100 [ 276.035745][T12997] should_fail_ex+0x414/0x560 [ 276.035773][T12997] should_failslab+0xa8/0x100 [ 276.035791][T12997] kmem_cache_alloc_node_noprof+0x77/0x710 [ 276.035814][T12997] ? __alloc_skb+0x112/0x2d0 [ 276.035830][T12997] ? netlink_autobind+0xdb/0x300 [ 276.035852][T12997] __alloc_skb+0x112/0x2d0 [ 276.035873][T12997] netlink_sendmsg+0x5c6/0xb30 [ 276.035899][T12997] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.035919][T12997] ? aa_sock_msg_perm+0xf1/0x1d0 [ 276.035944][T12997] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 276.035961][T12997] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.035980][T12997] __sock_sendmsg+0x21c/0x270 [ 276.036006][T12997] ____sys_sendmsg+0x505/0x830 [ 276.036030][T12997] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.036056][T12997] ? import_iovec+0x74/0xa0 [ 276.036078][T12997] ___sys_sendmsg+0x21f/0x2a0 [ 276.036099][T12997] ? __pfx____sys_sendmsg+0x10/0x10 [ 276.036153][T12997] ? __fget_files+0x2a/0x420 [ 276.036168][T12997] ? __fget_files+0x3a0/0x420 [ 276.036194][T12997] __x64_sys_sendmsg+0x19b/0x260 [ 276.036215][T12997] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 276.036242][T12997] ? __pfx_ksys_write+0x10/0x10 [ 276.036268][T12997] ? do_syscall_64+0xbe/0xfa0 [ 276.036288][T12997] do_syscall_64+0xfa/0xfa0 [ 276.036303][T12997] ? lockdep_hardirqs_on+0x9c/0x150 [ 276.036319][T12997] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.036336][T12997] ? clear_bhb_loop+0x60/0xb0 [ 276.036355][T12997] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.036370][T12997] RIP: 0033:0x7f5771d8f6c9 [ 276.036385][T12997] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.036398][T12997] RSP: 002b:00007f5772c50038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.036416][T12997] RAX: ffffffffffffffda RBX: 00007f5771fe5fa0 RCX: 00007f5771d8f6c9 [ 276.036427][T12997] RDX: 000000000000c144 RSI: 0000200000000040 RDI: 0000000000000005 [ 276.036438][T12997] RBP: 00007f5772c50090 R08: 0000000000000000 R09: 0000000000000000 [ 276.036447][T12997] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 276.036456][T12997] R13: 00007f5771fe6038 R14: 00007f5771fe5fa0 R15: 00007ffccb839708 [ 276.036483][T12997] [ 276.340539][T13002] netlink: 'syz.0.2089': attribute type 1 has an invalid length. [ 276.350416][T13002] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2089'. [ 276.412421][T13004] wg1 speed is unknown, defaulting to 1000 [ 276.417995][T13007] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2091'. [ 276.434918][T13007] FAULT_INJECTION: forcing a failure. [ 276.434918][T13007] name failslab, interval 1, probability 0, space 0, times 0 [ 276.459158][T13007] CPU: 0 UID: 0 PID: 13007 Comm: syz.4.2091 Not tainted syzkaller #0 PREEMPT(full) [ 276.459183][T13007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 276.459195][T13007] Call Trace: [ 276.459202][T13007] [ 276.459211][T13007] dump_stack_lvl+0x189/0x250 [ 276.459238][T13007] ? __pfx____ratelimit+0x10/0x10 [ 276.459263][T13007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 276.459284][T13007] ? __pfx__printk+0x10/0x10 [ 276.459309][T13007] ? __pfx___might_resched+0x10/0x10 [ 276.459326][T13007] ? fs_reclaim_acquire+0x7d/0x100 [ 276.459349][T13007] should_fail_ex+0x414/0x560 [ 276.459379][T13007] should_failslab+0xa8/0x100 [ 276.459399][T13007] __kvmalloc_node_noprof+0x158/0x910 [ 276.459421][T13007] ? __kmalloc_cache_noprof+0x3d5/0x6f0 [ 276.459443][T13007] ? alloc_netdev_mqs+0xc89/0x11b0 [ 276.459463][T13007] ? alloc_netdev_mqs+0xbf8/0x11b0 [ 276.459490][T13007] alloc_netdev_mqs+0xc89/0x11b0 [ 276.459519][T13007] rtnl_create_link+0x31f/0xd10 [ 276.459548][T13007] rtnl_newlink_create+0x25c/0xb00 [ 276.459572][T13007] ? __mutex_lock+0x5bb/0x1350 [ 276.459597][T13007] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 276.459620][T13007] ? __pfx___mutex_lock+0x10/0x10 [ 276.459649][T13007] ? ns_capable+0x8a/0xf0 [ 276.459677][T13007] rtnl_newlink+0x16e4/0x1c80 [ 276.459711][T13007] ? __pfx_rtnl_newlink+0x10/0x10 [ 276.459734][T13007] ? is_bpf_text_address+0x26/0x2b0 [ 276.459758][T13007] ? is_bpf_text_address+0x292/0x2b0 [ 276.459776][T13007] ? is_bpf_text_address+0x26/0x2b0 [ 276.459800][T13007] ? __lock_acquire+0xab9/0xd20 [ 276.459830][T13007] ? __lock_acquire+0xab9/0xd20 [ 276.459869][T13007] ? is_bpf_text_address+0x26/0x2b0 [ 276.459893][T13007] ? is_bpf_text_address+0x292/0x2b0 [ 276.459910][T13007] ? is_bpf_text_address+0x26/0x2b0 [ 276.459937][T13007] ? __lock_acquire+0xab9/0xd20 [ 276.459980][T13007] ? __pfx_rtnl_newlink+0x10/0x10 [ 276.459997][T13007] rtnetlink_rcv_msg+0x7cf/0xb70 [ 276.460014][T13007] ? __lock_acquire+0xab9/0xd20 [ 276.460033][T13007] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 276.460049][T13007] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 276.460085][T13007] netlink_rcv_skb+0x208/0x470 [ 276.460102][T13007] ? __lock_acquire+0xab9/0xd20 [ 276.460119][T13007] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 276.460138][T13007] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 276.460173][T13007] ? netlink_deliver_tap+0x2e/0x1b0 [ 276.460200][T13007] netlink_unicast+0x82f/0x9e0 [ 276.460234][T13007] ? __pfx_netlink_unicast+0x10/0x10 [ 276.460261][T13007] ? netlink_sendmsg+0x642/0xb30 [ 276.460277][T13007] ? skb_put+0x11b/0x210 [ 276.460299][T13007] netlink_sendmsg+0x805/0xb30 [ 276.460328][T13007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.460350][T13007] ? aa_sock_msg_perm+0xf1/0x1d0 [ 276.460376][T13007] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 276.460393][T13007] ? __pfx_netlink_sendmsg+0x10/0x10 [ 276.460413][T13007] __sock_sendmsg+0x21c/0x270 [ 276.460439][T13007] ____sys_sendmsg+0x505/0x830 [ 276.460465][T13007] ? __pfx_____sys_sendmsg+0x10/0x10 [ 276.460495][T13007] ? import_iovec+0x74/0xa0 [ 276.460520][T13007] ___sys_sendmsg+0x21f/0x2a0 [ 276.460542][T13007] ? __pfx____sys_sendmsg+0x10/0x10 [ 276.460599][T13007] ? __fget_files+0x2a/0x420 [ 276.460615][T13007] ? __fget_files+0x3a0/0x420 [ 276.460643][T13007] __x64_sys_sendmsg+0x19b/0x260 [ 276.460672][T13007] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 276.460702][T13007] ? __pfx_ksys_write+0x10/0x10 [ 276.460729][T13007] ? do_syscall_64+0xbe/0xfa0 [ 276.460751][T13007] do_syscall_64+0xfa/0xfa0 [ 276.460766][T13007] ? lockdep_hardirqs_on+0x9c/0x150 [ 276.460783][T13007] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.460800][T13007] ? clear_bhb_loop+0x60/0xb0 [ 276.460822][T13007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.460839][T13007] RIP: 0033:0x7fa76c18f6c9 [ 276.460855][T13007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 276.460870][T13007] RSP: 002b:00007fa76d0d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 276.460890][T13007] RAX: ffffffffffffffda RBX: 00007fa76c3e5fa0 RCX: 00007fa76c18f6c9 [ 276.460903][T13007] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000015 [ 276.460915][T13007] RBP: 00007fa76d0d1090 R08: 0000000000000000 R09: 0000000000000000 [ 276.460926][T13007] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 276.460937][T13007] R13: 00007fa76c3e6038 R14: 00007fa76c3e5fa0 R15: 00007fff0258faf8 [ 276.460970][T13007] [ 277.149000][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2092'. [ 277.279265][T13031] x_tables: unsorted entry at hook 1 [ 277.943103][T13063] FAULT_INJECTION: forcing a failure. [ 277.943103][T13063] name failslab, interval 1, probability 0, space 0, times 0 [ 277.956857][T13063] CPU: 0 UID: 0 PID: 13063 Comm: syz.1.2106 Not tainted syzkaller #0 PREEMPT(full) [ 277.956883][T13063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 277.956892][T13063] Call Trace: [ 277.956899][T13063] [ 277.956906][T13063] dump_stack_lvl+0x189/0x250 [ 277.956934][T13063] ? __pfx____ratelimit+0x10/0x10 [ 277.956958][T13063] ? __pfx_dump_stack_lvl+0x10/0x10 [ 277.956980][T13063] ? __pfx__printk+0x10/0x10 [ 277.957004][T13063] ? __pfx___might_resched+0x10/0x10 [ 277.957021][T13063] ? fs_reclaim_acquire+0x7d/0x100 [ 277.957043][T13063] should_fail_ex+0x414/0x560 [ 277.957073][T13063] should_failslab+0xa8/0x100 [ 277.957093][T13063] __kmalloc_noprof+0xcb/0x7f0 [ 277.957115][T13063] ? tomoyo_encode+0x28b/0x550 [ 277.957145][T13063] tomoyo_encode+0x28b/0x550 [ 277.957175][T13063] tomoyo_realpath_from_path+0x58d/0x5d0 [ 277.957201][T13063] ? tomoyo_domain+0xd9/0x130 [ 277.957224][T13063] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 277.957245][T13063] tomoyo_path_number_perm+0x1e8/0x5a0 [ 277.957276][T13063] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 277.957337][T13063] ? __fget_files+0x2a/0x420 [ 277.957358][T13063] ? __fget_files+0x3a0/0x420 [ 277.957373][T13063] ? __fget_files+0x2a/0x420 [ 277.957394][T13063] security_file_ioctl+0xcb/0x2d0 [ 277.957417][T13063] __se_sys_ioctl+0x47/0x170 [ 277.957441][T13063] do_syscall_64+0xfa/0xfa0 [ 277.957457][T13063] ? lockdep_hardirqs_on+0x9c/0x150 [ 277.957474][T13063] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.957492][T13063] ? clear_bhb_loop+0x60/0xb0 [ 277.957513][T13063] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 277.957530][T13063] RIP: 0033:0x7fb017b8f6c9 [ 277.957545][T13063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 277.957561][T13063] RSP: 002b:00007fb018981038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 277.957580][T13063] RAX: ffffffffffffffda RBX: 00007fb017de5fa0 RCX: 00007fb017b8f6c9 [ 277.957593][T13063] RDX: 0000200000000000 RSI: 00000000000089e1 RDI: 0000000000000003 [ 277.957605][T13063] RBP: 00007fb018981090 R08: 0000000000000000 R09: 0000000000000000 [ 277.957615][T13063] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 277.957626][T13063] R13: 00007fb017de6038 R14: 00007fb017de5fa0 R15: 00007fff9b221b58 [ 277.957658][T13063] [ 277.957678][T13063] ERROR: Out of memory at tomoyo_realpath_from_path. [ 278.040473][T13065] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2107'. [ 278.274132][T13065] 8021q: adding VLAN 0 to HW filter on device bond7 [ 278.347290][T13081] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2111'. [ 278.689706][T13102] siw: device registration error -23 [ 278.717418][T13102] wg1 speed is unknown, defaulting to 1000 [ 278.747708][T13102] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2118'. [ 278.883294][T13113] siw: device registration error -23 [ 278.890398][T13113] wg1 speed is unknown, defaulting to 1000 [ 279.018276][T13118] syzkaller0: entered promiscuous mode [ 279.024650][T13118] syzkaller0: entered allmulticast mode [ 279.081267][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 279.089590][ C1] lec:lec_tx_timeout: lec0 [ 279.094186][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 280.251006][T13154] netlink: 'syz.2.2132': attribute type 1 has an invalid length. [ 280.273677][T13157] FAULT_INJECTION: forcing a failure. [ 280.273677][T13157] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 280.298656][T13154] __nla_validate_parse: 3 callbacks suppressed [ 280.298674][T13154] netlink: 232 bytes leftover after parsing attributes in process `syz.2.2132'. [ 280.334883][T13157] CPU: 0 UID: 0 PID: 13157 Comm: syz.0.2133 Not tainted syzkaller #0 PREEMPT(full) [ 280.334910][T13157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 280.334920][T13157] Call Trace: [ 280.334926][T13157] [ 280.334933][T13157] dump_stack_lvl+0x189/0x250 [ 280.334960][T13157] ? __pfx____ratelimit+0x10/0x10 [ 280.334983][T13157] ? __pfx_dump_stack_lvl+0x10/0x10 [ 280.335013][T13157] ? __pfx__printk+0x10/0x10 [ 280.335043][T13157] should_fail_ex+0x414/0x560 [ 280.335073][T13157] _copy_to_user+0x31/0xb0 [ 280.335096][T13157] simple_read_from_buffer+0xe1/0x170 [ 280.335125][T13157] proc_fail_nth_read+0x1b3/0x220 [ 280.335149][T13157] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.335171][T13157] ? rw_verify_area+0x2a6/0x4d0 [ 280.335190][T13157] ? __lock_acquire+0xab9/0xd20 [ 280.335205][T13157] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 280.335228][T13157] vfs_read+0x200/0xa30 [ 280.335248][T13157] ? fdget_pos+0x247/0x320 [ 280.335267][T13157] ? __pfx___mutex_lock+0x10/0x10 [ 280.335286][T13157] ? __pfx_vfs_read+0x10/0x10 [ 280.335307][T13157] ? __fget_files+0x2a/0x420 [ 280.335329][T13157] ? __fget_files+0x3a0/0x420 [ 280.335344][T13157] ? __fget_files+0x2a/0x420 [ 280.335370][T13157] ksys_read+0x145/0x250 [ 280.335394][T13157] ? __pfx_ksys_read+0x10/0x10 [ 280.335420][T13157] ? do_syscall_64+0xbe/0xfa0 [ 280.335440][T13157] do_syscall_64+0xfa/0xfa0 [ 280.335454][T13157] ? lockdep_hardirqs_on+0x9c/0x150 [ 280.335472][T13157] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.335489][T13157] ? clear_bhb_loop+0x60/0xb0 [ 280.335510][T13157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 280.335527][T13157] RIP: 0033:0x7f126238e0dc [ 280.335543][T13157] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 280.335556][T13157] RSP: 002b:00007f1263310030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 280.335576][T13157] RAX: ffffffffffffffda RBX: 00007f12625e5fa0 RCX: 00007f126238e0dc [ 280.335590][T13157] RDX: 000000000000000f RSI: 00007f12633100a0 RDI: 0000000000000004 [ 280.335601][T13157] RBP: 00007f1263310090 R08: 0000000000000000 R09: 0000000000000000 [ 280.335612][T13157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 280.335622][T13157] R13: 00007f12625e6038 R14: 00007f12625e5fa0 R15: 00007fff8476ab58 [ 280.335653][T13157] [ 280.708496][T13167] tipc: Enabled bearer , priority 0 [ 280.719837][T13167] syzkaller0: entered promiscuous mode [ 280.726618][T13167] syzkaller0: entered allmulticast mode [ 280.751092][T13167] syzkaller0: mtu less than device minimum [ 280.776853][T13166] tipc: Resetting bearer [ 280.794565][T13166] tipc: Disabling bearer [ 280.917363][T13180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2138'. [ 281.010770][T13186] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2142'. [ 281.056004][T13184] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2141'. [ 281.126427][T13193] wg1 speed is unknown, defaulting to 1000 [ 281.138622][T13193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2145'. [ 281.219775][T13197] wg1 speed is unknown, defaulting to 1000 [ 281.886528][T13228] : renamed from wg2 [ 282.078796][T13242] netlink: 'syz.3.2158': attribute type 13 has an invalid length. [ 282.109017][T13242] netlink: 'syz.3.2158': attribute type 17 has an invalid length. [ 282.179430][T13242] gretap0: refused to change device tx_queue_len [ 282.188873][T13242] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 282.616039][T13271] FAULT_INJECTION: forcing a failure. [ 282.616039][T13271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 282.658504][T13271] CPU: 1 UID: 0 PID: 13271 Comm: syz.2.2167 Not tainted syzkaller #0 PREEMPT(full) [ 282.658530][T13271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 282.658540][T13271] Call Trace: [ 282.658548][T13271] [ 282.658556][T13271] dump_stack_lvl+0x189/0x250 [ 282.658583][T13271] ? __pfx____ratelimit+0x10/0x10 [ 282.658608][T13271] ? __pfx_dump_stack_lvl+0x10/0x10 [ 282.658630][T13271] ? __pfx__printk+0x10/0x10 [ 282.658648][T13271] ? __might_fault+0xb0/0x130 [ 282.658682][T13271] should_fail_ex+0x414/0x560 [ 282.658712][T13271] _copy_from_user+0x2d/0xb0 [ 282.658733][T13271] ___sys_sendmsg+0x158/0x2a0 [ 282.658757][T13271] ? __pfx____sys_sendmsg+0x10/0x10 [ 282.658827][T13271] ? __might_fault+0xb0/0x130 [ 282.658853][T13271] __sys_sendmmsg+0x227/0x430 [ 282.658879][T13271] ? __pfx___sys_sendmmsg+0x10/0x10 [ 282.658907][T13271] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 282.658943][T13271] ? ksys_write+0x22a/0x250 [ 282.658969][T13271] ? __pfx_ksys_write+0x10/0x10 [ 282.658996][T13271] __x64_sys_sendmmsg+0xa0/0xc0 [ 282.659017][T13271] do_syscall_64+0xfa/0xfa0 [ 282.659035][T13271] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.659051][T13271] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 282.659067][T13271] ? clear_bhb_loop+0x60/0xb0 [ 282.659088][T13271] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 282.659104][T13271] RIP: 0033:0x7f27f278f6c9 [ 282.659120][T13271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 282.659135][T13271] RSP: 002b:00007f27f3688038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 282.659153][T13271] RAX: ffffffffffffffda RBX: 00007f27f29e5fa0 RCX: 00007f27f278f6c9 [ 282.659167][T13271] RDX: 0400000000000077 RSI: 0000200000000180 RDI: 0000000000000003 [ 282.659179][T13271] RBP: 00007f27f3688090 R08: 0000000000000000 R09: 0000000000000000 [ 282.659190][T13271] R10: 0000000000007600 R11: 0000000000000246 R12: 0000000000000002 [ 282.659201][T13271] R13: 00007f27f29e6038 R14: 00007f27f29e5fa0 R15: 00007fff08946a88 [ 282.659231][T13271] [ 283.248491][T13299] netlink: 'syz.0.2178': attribute type 3 has an invalid length. [ 283.386567][T13306] wg1 speed is unknown, defaulting to 1000 [ 283.670852][T13315] netlink: 'syz.0.2181': attribute type 6 has an invalid length. [ 283.790175][T13324] tipc: Enabling of bearer rejected, failed to enable media [ 284.094750][T13340] siw: device registration error -23 [ 284.104131][T13340] wg1 speed is unknown, defaulting to 1000 [ 284.111290][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 284.119320][ C1] lec:lec_tx_timeout: lec0 [ 284.119440][T13340] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2194'. [ 284.123999][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 284.185723][T13343] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 284.319767][T13348] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2196'. [ 284.345701][T13345] wg1 speed is unknown, defaulting to 1000 [ 284.510984][T13354] syzkaller0: entered promiscuous mode [ 284.517466][T13354] syzkaller0: entered allmulticast mode [ 284.736361][T13361] Cannot find del_set index 0 as target [ 284.914434][T13371] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2208'. [ 284.971049][T13375] syzkaller1: entered promiscuous mode [ 285.001319][T13375] syzkaller1: entered allmulticast mode [ 285.609073][T13425] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2225'. [ 285.943831][T13443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2232'. [ 285.958131][T13443] netlink: 'syz.2.2232': attribute type 12 has an invalid length. [ 285.976559][ T1113] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 285.985724][T13443] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2232'. [ 285.995117][ T1113] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.005554][ T1113] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.014087][T13443] netlink: 'syz.2.2232': attribute type 12 has an invalid length. [ 286.022279][ T1113] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 286.373301][T13456] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2236'. [ 286.473993][T13462] xt_hashlimit: size too large, truncated to 1048576 [ 286.803436][T13476] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2243'. [ 286.833568][T13477] wg1 speed is unknown, defaulting to 1000 [ 287.213989][T13494] tipc: Cannot configure node identity twice [ 287.459354][T13508] netlink: 'syz.1.2252': attribute type 2 has an invalid length. [ 287.474361][T13508] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2252'. [ 287.598358][T13516] netlink: 'syz.4.2256': attribute type 1 has an invalid length. [ 287.694648][T13520] netlink: 'syz.4.2257': attribute type 1 has an invalid length. [ 287.715198][T13520] netlink: 'syz.4.2257': attribute type 4 has an invalid length. [ 287.736240][T13520] netlink: 14962 bytes leftover after parsing attributes in process `syz.4.2257'. [ 287.856048][T13526] netlink: 'syz.4.2259': attribute type 1 has an invalid length. [ 287.943690][T13530] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2260'. [ 288.028338][T13539] batadv2: entered promiscuous mode [ 288.060602][T13541] netlink: 'syz.0.2265': attribute type 6 has an invalid length. [ 288.071030][T13541] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2265'. [ 288.088071][T13541] nbd: must specify at least one socket [ 288.095857][T13541] syzkaller0: entered promiscuous mode [ 288.101507][T13541] syzkaller0: entered allmulticast mode [ 288.121126][T13541] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2265'. [ 288.175641][T13539] wg1 speed is unknown, defaulting to 1000 [ 288.894613][T13590] batadv2: entered promiscuous mode [ 289.015919][T13594] wg1 speed is unknown, defaulting to 1000 [ 289.772793][T13632] batadv1: entered promiscuous mode [ 289.951244][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5820 ms [ 289.959374][ C1] lec:lec_tx_timeout: lec0 [ 289.964098][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 290.031121][T13641] syzkaller0: entered promiscuous mode [ 290.040814][T13641] syzkaller0: entered allmulticast mode [ 290.064653][T13642] wg1 speed is unknown, defaulting to 1000 [ 290.752005][T13649] FAULT_INJECTION: forcing a failure. [ 290.752005][T13649] name failslab, interval 1, probability 0, space 0, times 0 [ 290.764847][T13649] CPU: 0 UID: 0 PID: 13649 Comm: syz.0.2299 Not tainted syzkaller #0 PREEMPT(full) [ 290.764873][T13649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 290.764883][T13649] Call Trace: [ 290.764891][T13649] [ 290.764898][T13649] dump_stack_lvl+0x189/0x250 [ 290.764934][T13649] ? __pfx____ratelimit+0x10/0x10 [ 290.764960][T13649] ? __pfx_dump_stack_lvl+0x10/0x10 [ 290.764982][T13649] ? __pfx__printk+0x10/0x10 [ 290.765006][T13649] ? __lock_acquire+0xab9/0xd20 [ 290.765030][T13649] should_fail_ex+0x414/0x560 [ 290.765059][T13649] should_failslab+0xa8/0x100 [ 290.765078][T13649] kmem_cache_alloc_noprof+0x74/0x6e0 [ 290.765103][T13649] ? skb_clone+0x212/0x3a0 [ 290.765129][T13649] skb_clone+0x212/0x3a0 [ 290.765153][T13649] __netlink_deliver_tap+0x404/0x850 [ 290.765183][T13649] ? netlink_deliver_tap+0x2e/0x1b0 [ 290.765203][T13649] netlink_deliver_tap+0x19c/0x1b0 [ 290.765223][T13649] netlink_unicast+0x7fa/0x9e0 [ 290.765258][T13649] ? __pfx_netlink_unicast+0x10/0x10 [ 290.765285][T13649] ? netlink_sendmsg+0x642/0xb30 [ 290.765301][T13649] ? skb_put+0x11b/0x210 [ 290.765318][T13649] netlink_sendmsg+0x805/0xb30 [ 290.765343][T13649] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.765363][T13649] ? aa_sock_msg_perm+0xf1/0x1d0 [ 290.765389][T13649] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 290.765407][T13649] ? __pfx_netlink_sendmsg+0x10/0x10 [ 290.765427][T13649] __sock_sendmsg+0x21c/0x270 [ 290.765453][T13649] ____sys_sendmsg+0x505/0x830 [ 290.765477][T13649] ? __pfx_____sys_sendmsg+0x10/0x10 [ 290.765506][T13649] ? import_iovec+0x74/0xa0 [ 290.765531][T13649] ___sys_sendmsg+0x21f/0x2a0 [ 290.765553][T13649] ? __pfx____sys_sendmsg+0x10/0x10 [ 290.765611][T13649] ? __fget_files+0x2a/0x420 [ 290.765627][T13649] ? __fget_files+0x3a0/0x420 [ 290.765655][T13649] __x64_sys_sendmsg+0x19b/0x260 [ 290.765678][T13649] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 290.765707][T13649] ? __pfx_ksys_write+0x10/0x10 [ 290.765734][T13649] ? do_syscall_64+0xbe/0xfa0 [ 290.765756][T13649] do_syscall_64+0xfa/0xfa0 [ 290.765772][T13649] ? lockdep_hardirqs_on+0x9c/0x150 [ 290.765788][T13649] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.765806][T13649] ? clear_bhb_loop+0x60/0xb0 [ 290.765826][T13649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.765843][T13649] RIP: 0033:0x7f126238f6c9 [ 290.765859][T13649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 290.765872][T13649] RSP: 002b:00007f12632ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 290.765892][T13649] RAX: ffffffffffffffda RBX: 00007f12625e6090 RCX: 00007f126238f6c9 [ 290.765905][T13649] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 290.765915][T13649] RBP: 00007f12632ef090 R08: 0000000000000000 R09: 0000000000000000 [ 290.765933][T13649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 290.765944][T13649] R13: 00007f12625e6128 R14: 00007f12625e6090 R15: 00007fff8476ab58 [ 290.765977][T13649] [ 292.698182][T13684] __nla_validate_parse: 7 callbacks suppressed [ 292.698198][T13684] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2309'. [ 292.808891][T13690] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2310'. [ 293.186996][T13717] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2318'. [ 293.834515][T13737] syzkaller0: entered promiscuous mode [ 293.840260][T13737] syzkaller0: entered allmulticast mode [ 294.563554][T13755] siw: device registration error -23 [ 294.635617][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2329'. [ 294.975404][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 294.983512][ C1] lec:lec_tx_timeout: lec0 [ 294.988097][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 295.742240][T13755] wg1 speed is unknown, defaulting to 1000 [ 296.073584][T13774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2335'. [ 296.244070][T13784] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2337'. [ 296.393654][T13791] siw: device registration error -23 [ 296.411811][T13791] wg1 speed is unknown, defaulting to 1000 [ 296.420762][T13791] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2341'. [ 296.483428][T13795] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2339'. [ 296.646189][T13794] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2340'. [ 296.840324][T13811] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2345'. [ 297.168547][T13827] sysfs: cannot create duplicate filename '/class/ieee80211/π,xb)% ]3DL̥!!b.>nS#^' [ 297.184848][T13827] CPU: 0 UID: 0 PID: 13827 Comm: syz.4.2351 Not tainted syzkaller #0 PREEMPT(full) [ 297.184875][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 297.184886][T13827] Call Trace: [ 297.184894][T13827] [ 297.184902][T13827] dump_stack_lvl+0x189/0x250 [ 297.184935][T13827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.184959][T13827] ? __pfx__printk+0x10/0x10 [ 297.184983][T13827] ? kernfs_path_from_node+0x2f/0x290 [ 297.185005][T13827] ? kernfs_path_from_node+0x250/0x290 [ 297.185025][T13827] ? kernfs_path_from_node+0x2f/0x290 [ 297.185049][T13827] sysfs_warn_dup+0x8e/0xa0 [ 297.185069][T13827] sysfs_do_create_link_sd+0xc0/0x110 [ 297.185091][T13827] device_add_class_symlinks+0x1cf/0x240 [ 297.185117][T13827] device_add+0x475/0xb50 [ 297.185141][T13827] wiphy_register+0x1d2e/0x2d20 [ 297.185183][T13827] ? __pfx_wiphy_register+0x10/0x10 [ 297.185207][T13827] ? __pfx_netdev_run_todo+0x10/0x10 [ 297.185230][T13827] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 297.185258][T13827] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 297.185284][T13827] ieee80211_register_hw+0x3473/0x40d0 [ 297.185321][T13827] ? ieee80211_register_hw+0x14b1/0x40d0 [ 297.185352][T13827] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 297.185371][T13827] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 297.185400][T13827] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 297.185424][T13827] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 297.185456][T13827] ? __hrtimer_setup+0x187/0x210 [ 297.185473][T13827] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 297.185503][T13827] mac80211_hwsim_new_radio+0x2f9a/0x5260 [ 297.185562][T13827] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 297.185585][T13827] ? trace_kmalloc+0x1f/0xd0 [ 297.185606][T13827] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 297.185631][T13827] ? kstrndup+0xbf/0x160 [ 297.185661][T13827] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 297.185685][T13827] ? __pfx___nla_validate_parse+0x10/0x10 [ 297.185719][T13827] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 297.185743][T13827] ? rcu_is_watching+0x15/0xb0 [ 297.185767][T13827] ? __nla_parse+0x40/0x60 [ 297.185790][T13827] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 297.185822][T13827] genl_family_rcv_msg_doit+0x215/0x300 [ 297.185854][T13827] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 297.185891][T13827] ? bpf_lsm_capable+0x9/0x20 [ 297.185910][T13827] ? security_capable+0x7e/0x2e0 [ 297.185939][T13827] genl_rcv_msg+0x60e/0x790 [ 297.185969][T13827] ? __pfx_genl_rcv_msg+0x10/0x10 [ 297.185990][T13827] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 297.186023][T13827] netlink_rcv_skb+0x208/0x470 [ 297.186039][T13827] ? __lock_acquire+0xab9/0xd20 [ 297.186057][T13827] ? __pfx_genl_rcv_msg+0x10/0x10 [ 297.186081][T13827] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 297.186120][T13827] ? down_read+0x1ad/0x2e0 [ 297.186141][T13827] genl_rcv+0x28/0x40 [ 297.186162][T13827] netlink_unicast+0x82f/0x9e0 [ 297.186196][T13827] ? __pfx_netlink_unicast+0x10/0x10 [ 297.186223][T13827] ? netlink_sendmsg+0x642/0xb30 [ 297.186239][T13827] ? skb_put+0x11b/0x210 [ 297.186261][T13827] netlink_sendmsg+0x805/0xb30 [ 297.186290][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.186313][T13827] ? aa_sock_msg_perm+0xf1/0x1d0 [ 297.186338][T13827] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 297.186355][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 297.186374][T13827] __sock_sendmsg+0x21c/0x270 [ 297.186401][T13827] ____sys_sendmsg+0x505/0x830 [ 297.186426][T13827] ? __pfx_____sys_sendmsg+0x10/0x10 [ 297.186456][T13827] ? import_iovec+0x74/0xa0 [ 297.186481][T13827] ___sys_sendmsg+0x21f/0x2a0 [ 297.186508][T13827] ? __pfx____sys_sendmsg+0x10/0x10 [ 297.186567][T13827] ? __fget_files+0x2a/0x420 [ 297.186583][T13827] ? __fget_files+0x3a0/0x420 [ 297.186611][T13827] __x64_sys_sendmsg+0x19b/0x260 [ 297.186634][T13827] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 297.186672][T13827] ? do_syscall_64+0xbe/0xfa0 [ 297.186694][T13827] do_syscall_64+0xfa/0xfa0 [ 297.186709][T13827] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.186726][T13827] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.186742][T13827] ? clear_bhb_loop+0x60/0xb0 [ 297.186764][T13827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.186780][T13827] RIP: 0033:0x7fa76c18f6c9 [ 297.186795][T13827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 297.186809][T13827] RSP: 002b:00007fa76d0d1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 297.186828][T13827] RAX: ffffffffffffffda RBX: 00007fa76c3e5fa0 RCX: 00007fa76c18f6c9 [ 297.186840][T13827] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 297.186851][T13827] RBP: 00007fa76c211f91 R08: 0000000000000000 R09: 0000000000000000 [ 297.186862][T13827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 297.186873][T13827] R13: 00007fa76c3e6038 R14: 00007fa76c3e5fa0 R15: 00007fff0258faf8 [ 297.186906][T13827] [ 297.192199][T13832] siw: device registration error -23 [ 297.271041][T13836] wg1 speed is unknown, defaulting to 1000 [ 297.425579][T13845] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 297.582677][T13848] FAULT_INJECTION: forcing a failure. [ 297.582677][T13848] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 297.588188][T13846] wg1 speed is unknown, defaulting to 1000 [ 297.592353][T13848] CPU: 0 UID: 0 PID: 13848 Comm: syz.4.2356 Not tainted syzkaller #0 PREEMPT(full) [ 297.592376][T13848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 297.592387][T13848] Call Trace: [ 297.592393][T13848] [ 297.592400][T13848] dump_stack_lvl+0x189/0x250 [ 297.592426][T13848] ? __pfx____ratelimit+0x10/0x10 [ 297.592456][T13848] ? __pfx_dump_stack_lvl+0x10/0x10 [ 297.592478][T13848] ? __pfx__printk+0x10/0x10 [ 297.592508][T13848] should_fail_ex+0x414/0x560 [ 297.592536][T13848] _copy_to_user+0x31/0xb0 [ 297.592559][T13848] simple_read_from_buffer+0xe1/0x170 [ 297.592589][T13848] proc_fail_nth_read+0x1b3/0x220 [ 297.592613][T13848] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 297.592636][T13848] ? rw_verify_area+0x2a6/0x4d0 [ 297.592656][T13848] ? __lock_acquire+0xab9/0xd20 [ 297.592672][T13848] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 297.592693][T13848] vfs_read+0x200/0xa30 [ 297.592714][T13848] ? fdget_pos+0x247/0x320 [ 297.592734][T13848] ? __pfx___mutex_lock+0x10/0x10 [ 297.592753][T13848] ? __pfx_vfs_read+0x10/0x10 [ 297.592776][T13848] ? __fget_files+0x2a/0x420 [ 297.592795][T13848] ? __fget_files+0x3a0/0x420 [ 297.592810][T13848] ? __fget_files+0x2a/0x420 [ 297.592834][T13848] ksys_read+0x145/0x250 [ 297.592858][T13848] ? __pfx_ksys_read+0x10/0x10 [ 297.592884][T13848] ? do_syscall_64+0xbe/0xfa0 [ 297.592904][T13848] do_syscall_64+0xfa/0xfa0 [ 297.592918][T13848] ? lockdep_hardirqs_on+0x9c/0x150 [ 297.592934][T13848] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.592951][T13848] ? clear_bhb_loop+0x60/0xb0 [ 297.592971][T13848] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 297.592987][T13848] RIP: 0033:0x7fa76c18e0dc [ 297.593002][T13848] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 297.593019][T13848] RSP: 002b:00007fa76d08f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 297.593037][T13848] RAX: ffffffffffffffda RBX: 00007fa76c3e6180 RCX: 00007fa76c18e0dc [ 297.593050][T13848] RDX: 000000000000000f RSI: 00007fa76d08f0a0 RDI: 000000000000000f [ 297.593060][T13848] RBP: 00007fa76d08f090 R08: 0000000000000000 R09: 0000000000000000 [ 297.593071][T13848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 297.593080][T13848] R13: 00007fa76c3e6218 R14: 00007fa76c3e6180 R15: 00007fff0258faf8 [ 297.593110][T13848] [ 297.950907][T13851] batadv_slave_0: entered promiscuous mode [ 297.976385][T13851] batman_adv: batadv0: Adding interface: macsec2 [ 297.983388][T13851] batman_adv: batadv0: The MTU of interface macsec2 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 298.019333][T13851] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 298.039849][T13851] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 298.050427][T13851] batman_adv: batadv0: Interface activated: macsec2 [ 299.007615][T13903] syzkaller0: entered promiscuous mode [ 299.013410][T13903] syzkaller0: entered allmulticast mode [ 299.142275][T13912] syzkaller0: entered promiscuous mode [ 299.148088][T13912] syzkaller0: entered allmulticast mode [ 299.175258][T13910] wg1 speed is unknown, defaulting to 1000 [ 299.382672][T13918] __nla_validate_parse: 1 callbacks suppressed [ 299.382691][T13918] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2379'. [ 299.529468][T13920] netlink: 'syz.0.2380': attribute type 6 has an invalid length. [ 299.543698][T13920] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2380'. [ 299.555397][T13920] nbd: must specify at least one socket [ 299.565657][T13924] netlink: 'syz.1.2381': attribute type 9 has an invalid length. [ 299.566983][T13920] syzkaller0: entered promiscuous mode [ 299.580016][T13920] syzkaller0: entered allmulticast mode [ 299.593483][T13920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2380'. [ 299.606005][T13920] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2380'. [ 299.625925][T13920] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2380'. [ 299.749247][T13931] FAULT_INJECTION: forcing a failure. [ 299.749247][T13931] name failslab, interval 1, probability 0, space 0, times 0 [ 299.764553][T13932] Bluetooth: MGMT ver 1.23 [ 299.777695][T13931] CPU: 1 UID: 0 PID: 13931 Comm: syz.2.2383 Not tainted syzkaller #0 PREEMPT(full) [ 299.777720][T13931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 299.777730][T13931] Call Trace: [ 299.777737][T13931] [ 299.777745][T13931] dump_stack_lvl+0x189/0x250 [ 299.777774][T13931] ? __pfx____ratelimit+0x10/0x10 [ 299.777800][T13931] ? __pfx_dump_stack_lvl+0x10/0x10 [ 299.777822][T13931] ? __pfx__printk+0x10/0x10 [ 299.777846][T13931] ? __pfx___might_resched+0x10/0x10 [ 299.777864][T13931] ? fs_reclaim_acquire+0x7d/0x100 [ 299.777886][T13931] should_fail_ex+0x414/0x560 [ 299.777917][T13931] should_failslab+0xa8/0x100 [ 299.777937][T13931] kmem_cache_alloc_node_noprof+0x77/0x710 [ 299.777961][T13931] ? __alloc_skb+0x112/0x2d0 [ 299.777992][T13931] __alloc_skb+0x112/0x2d0 [ 299.778015][T13931] sctp_packet_transmit+0x2cc/0x2bb0 [ 299.778041][T13931] ? __sctp_packet_append_chunk+0x912/0xd00 [ 299.778076][T13931] ? sctp_packet_append_chunk+0x9b4/0xfe0 [ 299.778105][T13931] sctp_packet_singleton+0x233/0x330 [ 299.778132][T13931] ? __pfx_sctp_packet_singleton+0x10/0x10 [ 299.778164][T13931] ? sctp_outq_select_transport+0x462/0x570 [ 299.778187][T13931] ? sctp_transport_burst_limited+0x19c/0x280 [ 299.778214][T13931] sctp_outq_flush+0x4f0/0x3140 [ 299.778235][T13931] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 299.778265][T13931] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 299.778289][T13931] ? rcu_is_watching+0x15/0xb0 [ 299.778313][T13931] ? __pfx_sctp_outq_flush+0x10/0x10 [ 299.778342][T13931] ? sctp_outq_tail+0x612/0x8c0 [ 299.778363][T13931] ? sctp_outq_uncork+0x4d/0xa0 [ 299.778386][T13931] sctp_do_sm+0x5332/0x5a20 [ 299.778414][T13931] ? ____sys_sendmsg+0x52d/0x830 [ 299.778431][T13931] ? ___sys_sendmsg+0x21f/0x2a0 [ 299.778447][T13931] ? __sys_sendmmsg+0x227/0x430 [ 299.778463][T13931] ? __x64_sys_sendmmsg+0xa0/0xc0 [ 299.778488][T13931] ? __pfx_sctp_do_sm+0x10/0x10 [ 299.778551][T13931] ? __sk_mem_raise_allocated+0x708/0x1280 [ 299.778570][T13931] ? __genradix_ptr+0x1e1/0x220 [ 299.778600][T13931] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 299.778625][T13931] sctp_sendmsg_to_asoc+0x1028/0x1810 [ 299.778642][T13931] ? __asan_memcpy+0x40/0x70 [ 299.778671][T13931] ? sctp_assoc_add_peer+0xcfa/0x13b0 [ 299.778709][T13931] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 299.778729][T13931] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 299.778749][T13931] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 299.778768][T13931] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 299.778786][T13931] ? sctp_endpoint_lookup_assoc+0x7b/0x260 [ 299.778805][T13931] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 299.778823][T13931] ? security_sctp_bind_connect+0x7e/0x2e0 [ 299.778846][T13931] sctp_sendmsg+0x1941/0x2810 [ 299.778878][T13931] ? __pfx_sctp_sendmsg+0x10/0x10 [ 299.778900][T13931] ? aa_sk_perm+0x81e/0x950 [ 299.778922][T13931] ? __lock_acquire+0xab9/0xd20 [ 299.778942][T13931] ? __pfx_aa_sk_perm+0x10/0x10 [ 299.778975][T13931] ? sock_rps_record_flow+0x19/0x410 [ 299.778997][T13931] ? inet_sendmsg+0x2f4/0x370 [ 299.779013][T13931] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 299.779034][T13931] __sock_sendmsg+0x19c/0x270 [ 299.779060][T13931] ____sys_sendmsg+0x52d/0x830 [ 299.779086][T13931] ? __pfx_____sys_sendmsg+0x10/0x10 [ 299.779116][T13931] ? import_iovec+0x74/0xa0 [ 299.779140][T13931] ___sys_sendmsg+0x21f/0x2a0 [ 299.779163][T13931] ? __pfx____sys_sendmsg+0x10/0x10 [ 299.779221][T13931] ? __fget_files+0x2a/0x420 [ 299.779237][T13931] ? __fget_files+0x3a0/0x420 [ 299.779265][T13931] __sys_sendmmsg+0x227/0x430 [ 299.779291][T13931] ? __pfx___sys_sendmmsg+0x10/0x10 [ 299.779321][T13931] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 299.779358][T13931] ? ksys_write+0x22a/0x250 [ 299.779382][T13931] ? __pfx_ksys_write+0x10/0x10 [ 299.779410][T13931] __x64_sys_sendmmsg+0xa0/0xc0 [ 299.779433][T13931] do_syscall_64+0xfa/0xfa0 [ 299.779448][T13931] ? lockdep_hardirqs_on+0x9c/0x150 [ 299.779465][T13931] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.779482][T13931] ? clear_bhb_loop+0x60/0xb0 [ 299.779503][T13931] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 299.779520][T13931] RIP: 0033:0x7f27f278f6c9 [ 299.779536][T13931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 299.779550][T13931] RSP: 002b:00007f27f3646038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 299.779568][T13931] RAX: ffffffffffffffda RBX: 00007f27f29e6180 RCX: 00007f27f278f6c9 [ 299.779581][T13931] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000006 [ 299.779592][T13931] RBP: 00007f27f3646090 R08: 0000000000000000 R09: 0000000000000000 [ 299.779603][T13931] R10: 0000000020008050 R11: 0000000000000246 R12: 0000000000000002 [ 299.779613][T13931] R13: 00007f27f29e6218 R14: 00007f27f29e6180 R15: 00007fff08946a88 [ 299.779646][T13931] [ 300.248238][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5250 ms [ 300.256299][ C1] lec:lec_tx_timeout: lec0 [ 300.261470][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 300.338154][T13937] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2386'. [ 301.706876][T13949] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2391'. [ 303.836328][T13968] FAULT_INJECTION: forcing a failure. [ 303.836328][T13968] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 303.867519][T13968] CPU: 0 UID: 0 PID: 13968 Comm: syz.4.2396 Not tainted syzkaller #0 PREEMPT(full) [ 303.867545][T13968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 303.867556][T13968] Call Trace: [ 303.867564][T13968] [ 303.867572][T13968] dump_stack_lvl+0x189/0x250 [ 303.867599][T13968] ? __pfx____ratelimit+0x10/0x10 [ 303.867623][T13968] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.867645][T13968] ? __pfx__printk+0x10/0x10 [ 303.867676][T13968] should_fail_ex+0x414/0x560 [ 303.867706][T13968] _copy_to_user+0x31/0xb0 [ 303.867730][T13968] tipc_ioctl+0x233/0x2e0 [ 303.867756][T13968] ? __pfx_tipc_ioctl+0x10/0x10 [ 303.867782][T13968] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 303.867814][T13968] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 303.867843][T13968] sock_do_ioctl+0xdc/0x300 [ 303.867870][T13968] ? __pfx_sock_do_ioctl+0x10/0x10 [ 303.867908][T13968] sock_ioctl+0x576/0x790 [ 303.867933][T13968] ? __pfx_sock_ioctl+0x10/0x10 [ 303.867958][T13968] ? __fget_files+0x3a0/0x420 [ 303.867974][T13968] ? __fget_files+0x2a/0x420 [ 303.867994][T13968] ? bpf_lsm_file_ioctl+0x9/0x20 [ 303.868014][T13968] ? __pfx_sock_ioctl+0x10/0x10 [ 303.868035][T13968] __se_sys_ioctl+0xfc/0x170 [ 303.868059][T13968] do_syscall_64+0xfa/0xfa0 [ 303.868075][T13968] ? lockdep_hardirqs_on+0x9c/0x150 [ 303.868093][T13968] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.868110][T13968] ? clear_bhb_loop+0x60/0xb0 [ 303.868132][T13968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.868149][T13968] RIP: 0033:0x7fa76c18f6c9 [ 303.868165][T13968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.868180][T13968] RSP: 002b:00007fa76d0d1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 303.868200][T13968] RAX: ffffffffffffffda RBX: 00007fa76c3e5fa0 RCX: 00007fa76c18f6c9 [ 303.868213][T13968] RDX: 0000200000000000 RSI: 00000000000089e1 RDI: 0000000000000003 [ 303.868224][T13968] RBP: 00007fa76d0d1090 R08: 0000000000000000 R09: 0000000000000000 [ 303.868236][T13968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.868246][T13968] R13: 00007fa76c3e6038 R14: 00007fa76c3e5fa0 R15: 00007fff0258faf8 [ 303.868276][T13968] [ 304.274739][T13987] FAULT_INJECTION: forcing a failure. [ 304.274739][T13987] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 304.299080][T13987] CPU: 0 UID: 0 PID: 13987 Comm: syz.3.2402 Not tainted syzkaller #0 PREEMPT(full) [ 304.299107][T13987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.299117][T13987] Call Trace: [ 304.299125][T13987] [ 304.299133][T13987] dump_stack_lvl+0x189/0x250 [ 304.299161][T13987] ? __pfx____ratelimit+0x10/0x10 [ 304.299187][T13987] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.299210][T13987] ? __pfx__printk+0x10/0x10 [ 304.299228][T13987] ? __might_fault+0xb0/0x130 [ 304.299264][T13987] should_fail_ex+0x414/0x560 [ 304.299295][T13987] _copy_from_user+0x2d/0xb0 [ 304.299317][T13987] kstrtouint_from_user+0xc4/0x170 [ 304.299339][T13987] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 304.299376][T13987] proc_fail_nth_write+0x88/0x200 [ 304.299398][T13987] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 304.299426][T13987] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 304.299448][T13987] vfs_write+0x27e/0xb30 [ 304.299478][T13987] ? __pfx_vfs_write+0x10/0x10 [ 304.299500][T13987] ? __fget_files+0x2a/0x420 [ 304.299521][T13987] ? __fget_files+0x3a0/0x420 [ 304.299536][T13987] ? __fget_files+0x2a/0x420 [ 304.299562][T13987] ksys_write+0x145/0x250 [ 304.299587][T13987] ? __pfx_ksys_write+0x10/0x10 [ 304.299614][T13987] ? do_syscall_64+0xbe/0xfa0 [ 304.299637][T13987] do_syscall_64+0xfa/0xfa0 [ 304.299653][T13987] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.299671][T13987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.299688][T13987] ? clear_bhb_loop+0x60/0xb0 [ 304.299710][T13987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.299728][T13987] RIP: 0033:0x7f5771d8e17f [ 304.299751][T13987] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 304.299766][T13987] RSP: 002b:00007f5772c50030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 304.299786][T13987] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5771d8e17f [ 304.299799][T13987] RDX: 0000000000000001 RSI: 00007f5772c500a0 RDI: 0000000000000006 [ 304.299811][T13987] RBP: 00007f5772c50090 R08: 0000000000000000 R09: 0000000000000000 [ 304.299822][T13987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 304.299833][T13987] R13: 00007f5771fe6038 R14: 00007f5771fe5fa0 R15: 00007ffccb839708 [ 304.299867][T13987] [ 304.307689][T13990] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2397'. [ 304.571602][T13984] veth1_to_batadv: left promiscuous mode [ 304.577427][T13984] veth1_to_batadv: left allmulticast mode [ 304.612269][T14000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2404'. [ 304.693686][T14002] FAULT_INJECTION: forcing a failure. [ 304.693686][T14002] name failslab, interval 1, probability 0, space 0, times 0 [ 304.718077][T14002] CPU: 1 UID: 0 PID: 14002 Comm: syz.3.2404 Not tainted syzkaller #0 PREEMPT(full) [ 304.718104][T14002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 304.718115][T14002] Call Trace: [ 304.718123][T14002] [ 304.718132][T14002] dump_stack_lvl+0x189/0x250 [ 304.718159][T14002] ? __pfx____ratelimit+0x10/0x10 [ 304.718184][T14002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 304.718207][T14002] ? __pfx__printk+0x10/0x10 [ 304.718229][T14002] ? __pfx___might_resched+0x10/0x10 [ 304.718249][T14002] ? fs_reclaim_acquire+0x7d/0x100 [ 304.718273][T14002] should_fail_ex+0x414/0x560 [ 304.718305][T14002] should_failslab+0xa8/0x100 [ 304.718326][T14002] __kmalloc_cache_noprof+0x6f/0x6f0 [ 304.718351][T14002] ? cgroup_pidlist_start+0x8e8/0x10c0 [ 304.718382][T14002] cgroup_pidlist_start+0x8e8/0x10c0 [ 304.718416][T14002] ? __pfx_cgroup_pidlist_start+0x10/0x10 [ 304.718464][T14002] kernfs_seq_start+0x1c9/0x420 [ 304.718490][T14002] traverse+0x164/0x580 [ 304.718528][T14002] seq_read_iter+0xd08/0xe20 [ 304.718578][T14002] do_iter_readv_writev+0x623/0x8c0 [ 304.718612][T14002] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 304.718649][T14002] ? rw_verify_area+0x2a6/0x4d0 [ 304.718680][T14002] vfs_readv+0x253/0x850 [ 304.718712][T14002] ? __pfx_vfs_readv+0x10/0x10 [ 304.718749][T14002] ? __fget_files+0x2a/0x420 [ 304.718772][T14002] ? __fget_files+0x3a0/0x420 [ 304.718789][T14002] ? __fget_files+0x2a/0x420 [ 304.718817][T14002] do_readv+0x14d/0x2d0 [ 304.718840][T14002] ? __pfx_do_readv+0x10/0x10 [ 304.718863][T14002] ? do_syscall_64+0xbe/0xfa0 [ 304.718887][T14002] do_syscall_64+0xfa/0xfa0 [ 304.718903][T14002] ? lockdep_hardirqs_on+0x9c/0x150 [ 304.718921][T14002] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.718940][T14002] ? clear_bhb_loop+0x60/0xb0 [ 304.718963][T14002] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 304.718980][T14002] RIP: 0033:0x7f5771d8f6c9 [ 304.719015][T14002] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.719033][T14002] RSP: 002b:00007f5772c2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 304.719057][T14002] RAX: ffffffffffffffda RBX: 00007f5771fe6090 RCX: 00007f5771d8f6c9 [ 304.719070][T14002] RDX: 0000000000000004 RSI: 0000200000001800 RDI: 000000000000000b [ 304.719082][T14002] RBP: 00007f5772c2f090 R08: 0000000000000000 R09: 0000000000000000 [ 304.719094][T14002] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 304.719105][T14002] R13: 00007f5771fe6128 R14: 00007f5771fe6090 R15: 00007ffccb839708 [ 304.719140][T14002] [ 304.987748][T13984] bond4: left promiscuous mode [ 304.993867][T13984] dummy0: left promiscuous mode [ 305.465918][T13984] bond4: left allmulticast mode [ 305.485352][T13984] dummy0: left allmulticast mode [ 305.588327][T14007] IPVS: Scheduler module ip_vs_ not found [ 305.596500][T14009] IPVS: length: 24 != 12792 [ 305.619836][T14007] netlink: 'syz.4.2405': attribute type 9 has an invalid length. [ 305.692688][T13982] wg1 speed is unknown, defaulting to 1000 [ 305.746639][T14011] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2407'. [ 305.892568][T14017] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2408'. [ 305.913665][T14011] wg1 speed is unknown, defaulting to 1000 [ 305.949061][T14019] netlink: 'syz.0.2409': attribute type 1 has an invalid length. [ 305.950250][T14017] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2408'. [ 305.976795][T14019] netlink: 228 bytes leftover after parsing attributes in process `syz.0.2409'. [ 306.216292][T14028] syzkaller0: mtu greater than device maximum [ 306.351266][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 6090 ms [ 306.359353][ C1] lec:lec_tx_timeout: lec0 [ 306.364135][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 306.849870][T14074] tipc: Enabled bearer , priority 0 [ 306.904307][T14074] syzkaller0: entered promiscuous mode [ 306.909824][T14074] syzkaller0: entered allmulticast mode [ 306.914863][T14079] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2430'. [ 306.916900][T14074] tipc: Resetting bearer [ 306.939848][T14072] tipc: Resetting bearer [ 307.426600][T14095] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2432'. [ 307.652523][T14097] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2433'. [ 308.369893][T14072] tipc: Disabling bearer [ 308.392961][T14084] batadv1: entered promiscuous mode [ 308.430179][T14095] FAULT_INJECTION: forcing a failure. [ 308.430179][T14095] name failslab, interval 1, probability 0, space 0, times 0 [ 308.450915][T14103] FAULT_INJECTION: forcing a failure. [ 308.450915][T14103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 308.462466][ T9989] tipc: Node number set to 2834967260 [ 308.471354][T14095] CPU: 1 UID: 0 PID: 14095 Comm: syz.0.2432 Not tainted syzkaller #0 PREEMPT(full) [ 308.471382][T14095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 308.471393][T14095] Call Trace: [ 308.471401][T14095] [ 308.471410][T14095] dump_stack_lvl+0x189/0x250 [ 308.471439][T14095] ? __pfx____ratelimit+0x10/0x10 [ 308.471465][T14095] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.471487][T14095] ? __pfx__printk+0x10/0x10 [ 308.471513][T14095] ? __pfx___might_resched+0x10/0x10 [ 308.471540][T14095] should_fail_ex+0x414/0x560 [ 308.471571][T14095] should_failslab+0xa8/0x100 [ 308.471592][T14095] kmem_cache_alloc_node_noprof+0x77/0x710 [ 308.471617][T14095] ? __alloc_skb+0x112/0x2d0 [ 308.471641][T14095] __alloc_skb+0x112/0x2d0 [ 308.471664][T14095] netlink_ack+0x146/0xa50 [ 308.471682][T14095] ? __pfx_genl_rcv_msg+0x10/0x10 [ 308.471703][T14095] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 308.471725][T14095] ? __pfx_nl80211_post_doit+0x10/0x10 [ 308.471761][T14095] netlink_rcv_skb+0x28c/0x470 [ 308.471779][T14095] ? __lock_acquire+0xab9/0xd20 [ 308.471797][T14095] ? __pfx_genl_rcv_msg+0x10/0x10 [ 308.471821][T14095] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 308.471859][T14095] ? down_read+0x1ad/0x2e0 [ 308.471882][T14095] genl_rcv+0x28/0x40 [ 308.471903][T14095] netlink_unicast+0x82f/0x9e0 [ 308.471937][T14095] ? __pfx_netlink_unicast+0x10/0x10 [ 308.471963][T14095] ? netlink_sendmsg+0x642/0xb30 [ 308.471980][T14095] ? skb_put+0x11b/0x210 [ 308.472002][T14095] netlink_sendmsg+0x805/0xb30 [ 308.472031][T14095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 308.472054][T14095] ? aa_sock_msg_perm+0xf1/0x1d0 [ 308.472081][T14095] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 308.472100][T14095] ? __pfx_netlink_sendmsg+0x10/0x10 [ 308.472128][T14095] __sock_sendmsg+0x21c/0x270 [ 308.472155][T14095] ____sys_sendmsg+0x505/0x830 [ 308.472182][T14095] ? __pfx_____sys_sendmsg+0x10/0x10 [ 308.472212][T14095] ? import_iovec+0x74/0xa0 [ 308.472238][T14095] ___sys_sendmsg+0x21f/0x2a0 [ 308.472261][T14095] ? __pfx____sys_sendmsg+0x10/0x10 [ 308.472318][T14095] ? __fget_files+0x2a/0x420 [ 308.472335][T14095] ? __fget_files+0x3a0/0x420 [ 308.472362][T14095] __x64_sys_sendmsg+0x19b/0x260 [ 308.472385][T14095] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 308.472416][T14095] ? __pfx_ksys_write+0x10/0x10 [ 308.472444][T14095] ? do_syscall_64+0xbe/0xfa0 [ 308.472466][T14095] do_syscall_64+0xfa/0xfa0 [ 308.472482][T14095] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.472500][T14095] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.472517][T14095] ? clear_bhb_loop+0x60/0xb0 [ 308.472539][T14095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.472556][T14095] RIP: 0033:0x7f126238f6c9 [ 308.472573][T14095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.472588][T14095] RSP: 002b:00007f1263310038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 308.472608][T14095] RAX: ffffffffffffffda RBX: 00007f12625e5fa0 RCX: 00007f126238f6c9 [ 308.472622][T14095] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 0000000000000003 [ 308.472634][T14095] RBP: 00007f1263310090 R08: 0000000000000000 R09: 0000000000000000 [ 308.472646][T14095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.472657][T14095] R13: 00007f12625e6038 R14: 00007f12625e5fa0 R15: 00007fff8476ab58 [ 308.472689][T14095] [ 308.481891][T14086] wg1 speed is unknown, defaulting to 1000 [ 308.490813][T14103] CPU: 1 UID: 0 PID: 14103 Comm: syz.3.2434 Not tainted syzkaller #0 PREEMPT(full) [ 308.490838][T14103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 308.490849][T14103] Call Trace: [ 308.490859][T14103] [ 308.490885][T14103] dump_stack_lvl+0x189/0x250 [ 308.490913][T14103] ? __pfx____ratelimit+0x10/0x10 [ 308.490945][T14103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 308.490966][T14103] ? __pfx__printk+0x10/0x10 [ 308.490996][T14103] should_fail_ex+0x414/0x560 [ 308.491025][T14103] strncpy_from_user+0x36/0x290 [ 308.491061][T14103] getname_flags+0xf3/0x540 [ 308.491083][T14103] do_sys_openat2+0xbc/0x1c0 [ 308.491124][T14103] ? __pfx_do_sys_openat2+0x10/0x10 [ 308.491147][T14103] ? ksys_write+0x22a/0x250 [ 308.491172][T14103] ? __pfx_ksys_write+0x10/0x10 [ 308.491195][T14103] __x64_sys_openat+0x138/0x170 [ 308.491223][T14103] do_syscall_64+0xfa/0xfa0 [ 308.491240][T14103] ? lockdep_hardirqs_on+0x9c/0x150 [ 308.491257][T14103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.491274][T14103] ? clear_bhb_loop+0x60/0xb0 [ 308.491294][T14103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 308.491310][T14103] RIP: 0033:0x7f5771d8f6c9 [ 308.491326][T14103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 308.491341][T14103] RSP: 002b:00007f5772c50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 308.491359][T14103] RAX: ffffffffffffffda RBX: 00007f5771fe5fa0 RCX: 00007f5771d8f6c9 [ 308.491372][T14103] RDX: 00000000000000eb RSI: 0000200000000000 RDI: ffffffffffffff9c [ 308.491384][T14103] RBP: 00007f5772c50090 R08: 0000000000000000 R09: 0000000000000000 [ 308.491394][T14103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 308.491405][T14103] R13: 00007f5771fe6038 R14: 00007f5771fe5fa0 R15: 00007ffccb839708 [ 308.491434][T14103] [ 309.097519][T14121] siw: device registration error -23 [ 309.119815][T14121] wg1 speed is unknown, defaulting to 1000 [ 309.153110][T14121] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2441'. [ 309.238778][T14125] netlink: 'syz.3.2443': attribute type 11 has an invalid length. [ 309.328631][T14107] team0: Port device bridge3 added [ 309.343423][T14110] bridge0: port 1(team0) entered blocking state [ 309.374280][T14110] bridge0: port 1(team0) entered disabled state [ 309.382595][T14110] team0: entered allmulticast mode [ 309.389282][T14110] bridge3: entered allmulticast mode [ 309.398267][T14110] team0: entered promiscuous mode [ 309.403566][T14110] bridge3: entered promiscuous mode [ 309.735442][T14149] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2452'. [ 309.773392][T14149] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2452'. [ 309.824996][T14149] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 309.873807][T14165] sysfs: cannot create duplicate filename '/class/ieee80211/π,xb)% ]3DL̥!!b.>nS#^' [ 309.886497][T14165] CPU: 1 UID: 0 PID: 14165 Comm: syz.1.2457 Not tainted syzkaller #0 PREEMPT(full) [ 309.886546][T14165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 309.886556][T14165] Call Trace: [ 309.886565][T14165] [ 309.886574][T14165] dump_stack_lvl+0x189/0x250 [ 309.886608][T14165] ? __pfx_dump_stack_lvl+0x10/0x10 [ 309.886633][T14165] ? __pfx__printk+0x10/0x10 [ 309.886660][T14165] ? kernfs_path_from_node+0x2f/0x290 [ 309.886683][T14165] ? kernfs_path_from_node+0x250/0x290 [ 309.886704][T14165] ? kernfs_path_from_node+0x2f/0x290 [ 309.886731][T14165] sysfs_warn_dup+0x8e/0xa0 [ 309.886754][T14165] sysfs_do_create_link_sd+0xc0/0x110 [ 309.886779][T14165] device_add_class_symlinks+0x1cf/0x240 [ 309.886806][T14165] device_add+0x475/0xb50 [ 309.886832][T14165] wiphy_register+0x1d2e/0x2d20 [ 309.886874][T14165] ? __pfx_wiphy_register+0x10/0x10 [ 309.886896][T14165] ? __pfx_netdev_run_todo+0x10/0x10 [ 309.886918][T14165] ? minstrel_ht_alloc+0x6e0/0x7e0 [ 309.886945][T14165] ? ieee80211_init_rate_ctrl_alg+0x56d/0x5f0 [ 309.886971][T14165] ieee80211_register_hw+0x3473/0x40d0 [ 309.887010][T14165] ? ieee80211_register_hw+0x14b1/0x40d0 [ 309.887042][T14165] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 309.887061][T14165] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 309.887092][T14165] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 309.887118][T14165] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 309.887152][T14165] ? __hrtimer_setup+0x187/0x210 [ 309.887181][T14165] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 309.887206][T14165] mac80211_hwsim_new_radio+0x2f9a/0x5260 [ 309.887268][T14165] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 309.887293][T14165] ? trace_kmalloc+0x1f/0xd0 [ 309.887326][T14165] ? __kmalloc_node_track_caller_noprof+0x587/0x800 [ 309.887359][T14165] ? kstrndup+0xbf/0x160 [ 309.887391][T14165] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 309.887421][T14165] ? __pfx___nla_validate_parse+0x10/0x10 [ 309.887458][T14165] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 309.887485][T14165] ? rcu_is_watching+0x15/0xb0 [ 309.887511][T14165] ? __nla_parse+0x40/0x60 [ 309.887536][T14165] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 309.887571][T14165] genl_family_rcv_msg_doit+0x215/0x300 [ 309.887604][T14165] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 309.887643][T14165] ? bpf_lsm_capable+0x9/0x20 [ 309.887664][T14165] ? security_capable+0x7e/0x2e0 [ 309.887696][T14165] genl_rcv_msg+0x60e/0x790 [ 309.887728][T14165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 309.887751][T14165] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 309.887786][T14165] netlink_rcv_skb+0x208/0x470 [ 309.887804][T14165] ? __lock_acquire+0xab9/0xd20 [ 309.887823][T14165] ? __pfx_genl_rcv_msg+0x10/0x10 [ 309.887848][T14165] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 309.887886][T14165] ? down_read+0x1ad/0x2e0 [ 309.887908][T14165] genl_rcv+0x28/0x40 [ 309.887927][T14165] netlink_unicast+0x82f/0x9e0 [ 309.887960][T14165] ? __pfx_netlink_unicast+0x10/0x10 [ 309.887985][T14165] ? netlink_sendmsg+0x642/0xb30 [ 309.888001][T14165] ? skb_put+0x11b/0x210 [ 309.888023][T14165] netlink_sendmsg+0x805/0xb30 [ 309.888052][T14165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.888075][T14165] ? aa_sock_msg_perm+0xf1/0x1d0 [ 309.888101][T14165] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 309.888119][T14165] ? __pfx_netlink_sendmsg+0x10/0x10 [ 309.888138][T14165] __sock_sendmsg+0x21c/0x270 [ 309.888172][T14165] ____sys_sendmsg+0x505/0x830 [ 309.888194][T14165] ? __pfx_____sys_sendmsg+0x10/0x10 [ 309.888219][T14165] ? import_iovec+0x74/0xa0 [ 309.888240][T14165] ___sys_sendmsg+0x21f/0x2a0 [ 309.888259][T14165] ? __pfx____sys_sendmsg+0x10/0x10 [ 309.888305][T14165] ? __fget_files+0x2a/0x420 [ 309.888318][T14165] ? __fget_files+0x3a0/0x420 [ 309.888340][T14165] __x64_sys_sendmsg+0x19b/0x260 [ 309.888358][T14165] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 309.888388][T14165] ? do_syscall_64+0xbe/0xfa0 [ 309.888405][T14165] do_syscall_64+0xfa/0xfa0 [ 309.888418][T14165] ? lockdep_hardirqs_on+0x9c/0x150 [ 309.888432][T14165] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.888446][T14165] ? clear_bhb_loop+0x60/0xb0 [ 309.888462][T14165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 309.888476][T14165] RIP: 0033:0x7fb017b8f6c9 [ 309.888490][T14165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 309.888503][T14165] RSP: 002b:00007fb018981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 309.888520][T14165] RAX: ffffffffffffffda RBX: 00007fb017de5fa0 RCX: 00007fb017b8f6c9 [ 309.888530][T14165] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004 [ 309.888540][T14165] RBP: 00007fb017c11f91 R08: 0000000000000000 R09: 0000000000000000 [ 309.888549][T14165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 309.888558][T14165] R13: 00007fb017de6038 R14: 00007fb017de5fa0 R15: 00007fff9b221b58 [ 309.888584][T14165] [ 310.406950][T14167] wg1 speed is unknown, defaulting to 1000 [ 310.509661][T14174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2461'. [ 310.519332][T14174] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2461'. [ 310.537921][T14171] wg1 speed is unknown, defaulting to 1000 [ 310.767491][T14171] netlink: 'syz.0.2459': attribute type 6 has an invalid length. [ 311.471683][T14198] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2466'. [ 311.572766][T14192] batadv1: entered promiscuous mode [ 311.876951][T14201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2467'. [ 312.056380][T14214] syzkaller1: entered promiscuous mode [ 312.062134][T14214] syzkaller1: entered allmulticast mode [ 312.112194][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5750 ms [ 312.120242][ C1] lec:lec_tx_timeout: lec0 [ 312.124950][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 312.312098][T14219] syzkaller0: entered promiscuous mode [ 312.317605][T14219] syzkaller0: entered allmulticast mode [ 312.599603][T14227] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2476'. [ 312.613179][T14230] bond4: option arp_interval: mode dependency failed, not supported in mode 802.3ad(4) [ 312.641823][T14227] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2476'. [ 312.653235][T14230] bond4 (unregistering): Released all slaves [ 313.135602][T14258] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2485'. [ 313.143765][T14254] syzkaller0: entered promiscuous mode [ 313.150014][T14254] syzkaller0: entered allmulticast mode [ 313.392346][T14174] Set syz1 is full, maxelem 65536 reached [ 313.620372][T14277] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2493'. [ 313.643809][T14279] xt_HMARK: proto mask must be zero with L3 mode [ 313.686142][T14277] syz_tun: entered allmulticast mode [ 313.772421][T14285] x_tables: duplicate underflow at hook 3 [ 313.877717][T14281] netlink: 'syz.2.2496': attribute type 7 has an invalid length. [ 315.382453][T14311] FAULT_INJECTION: forcing a failure. [ 315.382453][T14311] name failslab, interval 1, probability 0, space 0, times 0 [ 315.393328][T14309] __nla_validate_parse: 2 callbacks suppressed [ 315.393347][T14309] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2501'. [ 315.431388][T14311] CPU: 0 UID: 0 PID: 14311 Comm: syz.2.2502 Not tainted syzkaller #0 PREEMPT(full) [ 315.431415][T14311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 315.431427][T14311] Call Trace: [ 315.431435][T14311] [ 315.431444][T14311] dump_stack_lvl+0x189/0x250 [ 315.431472][T14311] ? __pfx____ratelimit+0x10/0x10 [ 315.431498][T14311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 315.431521][T14311] ? __pfx__printk+0x10/0x10 [ 315.431546][T14311] ? __pfx___might_resched+0x10/0x10 [ 315.431572][T14311] should_fail_ex+0x414/0x560 [ 315.431608][T14311] should_failslab+0xa8/0x100 [ 315.431629][T14311] kmem_cache_alloc_node_noprof+0x77/0x710 [ 315.431654][T14311] ? __alloc_skb+0x112/0x2d0 [ 315.431678][T14311] __alloc_skb+0x112/0x2d0 [ 315.431698][T14311] netlink_ack+0x146/0xa50 [ 315.431715][T14311] ? is_bpf_text_address+0x26/0x2b0 [ 315.431738][T14311] ? kernel_text_address+0xa5/0xe0 [ 315.431768][T14311] ? __kernel_text_address+0xd/0x40 [ 315.431804][T14311] audit_receive+0x2ea/0x2a90 [ 315.431881][T14311] ? __pfx_audit_receive+0x10/0x10 [ 315.431905][T14311] ? __lock_acquire+0xab9/0xd20 [ 315.431950][T14311] ? __lock_acquire+0xab9/0xd20 [ 315.431979][T14311] ? netlink_deliver_tap+0x2e/0x1b0 [ 315.432005][T14311] ? netlink_deliver_tap+0x2e/0x1b0 [ 315.432033][T14311] netlink_unicast+0x82f/0x9e0 [ 315.432068][T14311] ? __pfx_netlink_unicast+0x10/0x10 [ 315.432095][T14311] ? netlink_sendmsg+0x642/0xb30 [ 315.432113][T14311] ? skb_put+0x11b/0x210 [ 315.432135][T14311] netlink_sendmsg+0x805/0xb30 [ 315.432165][T14311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.432189][T14311] ? aa_sock_msg_perm+0xf1/0x1d0 [ 315.432215][T14311] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 315.432234][T14311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 315.432254][T14311] __sock_sendmsg+0x21c/0x270 [ 315.432282][T14311] ____sys_sendmsg+0x505/0x830 [ 315.432309][T14311] ? __pfx_____sys_sendmsg+0x10/0x10 [ 315.432339][T14311] ? import_iovec+0x74/0xa0 [ 315.432365][T14311] ___sys_sendmsg+0x21f/0x2a0 [ 315.432388][T14311] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.432448][T14311] ? __fget_files+0x2a/0x420 [ 315.432464][T14311] ? __fget_files+0x3a0/0x420 [ 315.432492][T14311] __x64_sys_sendmsg+0x19b/0x260 [ 315.432516][T14311] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 315.432546][T14311] ? __pfx_ksys_write+0x10/0x10 [ 315.432575][T14311] ? do_syscall_64+0xbe/0xfa0 [ 315.432602][T14311] do_syscall_64+0xfa/0xfa0 [ 315.432618][T14311] ? lockdep_hardirqs_on+0x9c/0x150 [ 315.432636][T14311] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.432655][T14311] ? clear_bhb_loop+0x60/0xb0 [ 315.432676][T14311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 315.432693][T14311] RIP: 0033:0x7f27f278f6c9 [ 315.432710][T14311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 315.432726][T14311] RSP: 002b:00007f27f3688038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 315.432747][T14311] RAX: ffffffffffffffda RBX: 00007f27f29e5fa0 RCX: 00007f27f278f6c9 [ 315.432760][T14311] RDX: 000000000000c144 RSI: 0000200000000040 RDI: 0000000000000005 [ 315.432773][T14311] RBP: 00007f27f3688090 R08: 0000000000000000 R09: 0000000000000000 [ 315.432784][T14311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 315.432795][T14311] R13: 00007f27f29e6038 R14: 00007f27f29e5fa0 R15: 00007fff08946a88 [ 315.432828][T14311] [ 315.886099][T14324] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2508'. [ 316.181791][T14339] syzkaller0: entered promiscuous mode [ 316.187655][T14339] syzkaller0: entered allmulticast mode [ 316.305312][T14348] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2517'. [ 317.132713][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5010 ms [ 317.140813][ C1] lec:lec_tx_timeout: lec0 [ 317.145398][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 317.724449][T14359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2522'. [ 319.011078][T14370] FAULT_INJECTION: forcing a failure. [ 319.011078][T14370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.028042][T14370] CPU: 1 UID: 0 PID: 14370 Comm: syz.0.2526 Not tainted syzkaller #0 PREEMPT(full) [ 319.028069][T14370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 319.028080][T14370] Call Trace: [ 319.028088][T14370] [ 319.028097][T14370] dump_stack_lvl+0x189/0x250 [ 319.028126][T14370] ? __pfx____ratelimit+0x10/0x10 [ 319.028148][T14370] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.028168][T14370] ? __pfx__printk+0x10/0x10 [ 319.028186][T14370] ? __might_fault+0xb0/0x130 [ 319.028229][T14370] should_fail_ex+0x414/0x560 [ 319.028260][T14370] _copy_from_user+0x2d/0xb0 [ 319.028282][T14370] kstrtouint_from_user+0xc4/0x170 [ 319.028305][T14370] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 319.028342][T14370] proc_fail_nth_write+0x88/0x200 [ 319.028365][T14370] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 319.028393][T14370] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 319.028417][T14370] vfs_write+0x27e/0xb30 [ 319.028450][T14370] ? __pfx_vfs_write+0x10/0x10 [ 319.028476][T14370] ? __fget_files+0x2a/0x420 [ 319.028499][T14370] ? __fget_files+0x3a0/0x420 [ 319.028515][T14370] ? __fget_files+0x2a/0x420 [ 319.028542][T14370] ksys_write+0x145/0x250 [ 319.028564][T14370] ? __fget_files+0x2a/0x420 [ 319.028582][T14370] ? __pfx_ksys_write+0x10/0x10 [ 319.028610][T14370] ? do_syscall_64+0xbe/0xfa0 [ 319.028632][T14370] do_syscall_64+0xfa/0xfa0 [ 319.028648][T14370] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.028666][T14370] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.028684][T14370] ? clear_bhb_loop+0x60/0xb0 [ 319.028707][T14370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.028724][T14370] RIP: 0033:0x7f126238e17f [ 319.028741][T14370] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 319.028756][T14370] RSP: 002b:00007f1263310030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 319.028775][T14370] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f126238e17f [ 319.028786][T14370] RDX: 0000000000000001 RSI: 00007f12633100a0 RDI: 0000000000000004 [ 319.028797][T14370] RBP: 00007f1263310090 R08: 0000000000000000 R09: 0000000000000000 [ 319.028808][T14370] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 319.028817][T14370] R13: 00007f12625e6038 R14: 00007f12625e5fa0 R15: 00007fff8476ab58 [ 319.028848][T14370] [ 319.442748][T14387] netlink: 672 bytes leftover after parsing attributes in process `syz.2.2530'. [ 319.655286][T14374] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 319.670433][T14374] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 319.717782][T14374] veth1_vlan: left allmulticast mode [ 319.901666][T14374] batman_adv: batadv0: Interface deactivated: macsec2 [ 319.950326][ T2998] netdevsim netdevsim1 netdevsim0: unset [0, 0] type 1 family 0 port 2816 - 0 [ 319.995829][ T2998] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.011403][ T2998] netdevsim netdevsim1 netdevsim1: unset [0, 0] type 1 family 0 port 2816 - 0 [ 320.061505][ T2998] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.088586][ T2998] netdevsim netdevsim1 netdevsim2: unset [0, 0] type 1 family 0 port 2816 - 0 [ 320.104815][ T2998] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.131703][ T2998] netdevsim netdevsim1 netdevsim3: unset [0, 0] type 1 family 0 port 2816 - 0 [ 320.140811][ T2998] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 320.337363][T14416] netlink: 'syz.3.2543': attribute type 5 has an invalid length. [ 320.346796][T14416] netlink: 'syz.3.2543': attribute type 17 has an invalid length. [ 320.360224][T14416] netlink: 'syz.3.2543': attribute type 27 has an invalid length. [ 320.391996][T14412] syzkaller0: entered promiscuous mode [ 320.401678][T14412] syzkaller0: entered allmulticast mode [ 320.444962][T14416] wg1 speed is unknown, defaulting to 1000 [ 320.655633][T14429] siw: device registration error -23 [ 320.668989][T14429] wg1 speed is unknown, defaulting to 1000 [ 320.676999][T14429] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2547'. [ 320.700807][T14431] batadv1: entered promiscuous mode [ 320.999428][T14440] x_tables: ip_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 321.086115][T14444] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2553'. [ 322.191594][T14460] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2558'. [ 322.738555][T14464] batadv1: entered promiscuous mode [ 322.972177][T14484] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2566'. [ 322.991256][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5840 ms [ 322.999356][ C1] lec:lec_tx_timeout: lec0 [ 323.004661][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 323.100169][T14493] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2569'. [ 323.737488][T14528] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2584'. [ 323.927842][T14534] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2586'. [ 324.420759][T14561] netlink: 'syz.0.2599': attribute type 17 has an invalid length. [ 324.435802][T14561] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2599'. [ 324.445994][T14561] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 324.579423][T14564] netlink: 'syz.3.2600': attribute type 25 has an invalid length. [ 324.884241][T14576] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2606'. [ 325.013958][T14585] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2609'. [ 325.253540][T14594] bridge0: port 1(batadv0) entered blocking state [ 325.261480][T14594] bridge0: port 1(batadv0) entered disabled state [ 325.268168][T14594] batadv0: entered allmulticast mode [ 325.284614][T14594] batadv0: entered promiscuous mode [ 325.492725][T14599] tipc: New replicast peer: 255.255.255.255 [ 325.508348][T14599] tipc: Enabled bearer , priority 10 [ 325.540552][T14599] netlink: 'syz.2.2613': attribute type 11 has an invalid length. [ 325.560351][T14599] netlink: 'syz.2.2613': attribute type 11 has an invalid length. [ 325.751434][ T2998] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 325.760842][ T2998] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 325.928864][T14614] x_tables: ip_tables: osf match: only valid for protocol 6 [ 325.957448][T14620] erspan0: left promiscuous mode [ 325.980111][T14620] erspan0: left allmulticast mode [ 326.017771][T14611] __nla_validate_parse: 3 callbacks suppressed [ 326.017789][T14611] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2618'. [ 326.065113][T14620] bond1: left allmulticast mode [ 326.097934][T14620] bond3: left promiscuous mode [ 326.185154][ T1157] netdevsim netdevsim2 eth0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.194065][ T1157] netdevsim netdevsim2 eth1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.217711][ T1157] netdevsim netdevsim2 eth2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.244808][ T1157] netdevsim netdevsim2 eth3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 326.301728][T14625] wg1 speed is unknown, defaulting to 1000 [ 326.351331][T14634] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2625'. [ 326.795121][T14647] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2630'. [ 326.828843][T14647] 8021q: VLANs not supported on caif0 [ 326.992144][T14656] bond1: option mode: unable to set because the bond device has slaves [ 327.027948][T14656] bond1: (slave veth5): Enslaving as an active interface with an up link [ 327.295574][T14668] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2638'. [ 327.316141][T14667] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2638'. [ 327.360585][T14670] wg1 speed is unknown, defaulting to 1000 [ 327.385475][T14673] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2639'. [ 327.930975][T14699] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2649'. [ 327.937760][T14703] FAULT_INJECTION: forcing a failure. [ 327.937760][T14703] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 327.958505][T14703] CPU: 0 UID: 0 PID: 14703 Comm: syz.1.2652 Not tainted syzkaller #0 PREEMPT(full) [ 327.958532][T14703] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 327.958543][T14703] Call Trace: [ 327.958551][T14703] [ 327.958559][T14703] dump_stack_lvl+0x189/0x250 [ 327.958587][T14703] ? __pfx____ratelimit+0x10/0x10 [ 327.958611][T14703] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.958632][T14703] ? __pfx__printk+0x10/0x10 [ 327.958651][T14703] ? __might_fault+0xb0/0x130 [ 327.958684][T14703] should_fail_ex+0x414/0x560 [ 327.958714][T14703] _copy_from_user+0x2d/0xb0 [ 327.958737][T14703] ___sys_sendmsg+0x158/0x2a0 [ 327.958760][T14703] ? __pfx____sys_sendmsg+0x10/0x10 [ 327.958813][T14703] ? __fget_files+0x2a/0x420 [ 327.958828][T14703] ? __fget_files+0x3a0/0x420 [ 327.958853][T14703] __x64_sys_sendmsg+0x19b/0x260 [ 327.958873][T14703] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 327.958901][T14703] ? __pfx_ksys_write+0x10/0x10 [ 327.958928][T14703] ? do_syscall_64+0xbe/0xfa0 [ 327.958949][T14703] do_syscall_64+0xfa/0xfa0 [ 327.958965][T14703] ? lockdep_hardirqs_on+0x9c/0x150 [ 327.958982][T14703] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.958998][T14703] ? clear_bhb_loop+0x60/0xb0 [ 327.959017][T14703] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.959032][T14703] RIP: 0033:0x7fb017b8f6c9 [ 327.959048][T14703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.959062][T14703] RSP: 002b:00007fb018981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 327.959081][T14703] RAX: ffffffffffffffda RBX: 00007fb017de5fa0 RCX: 00007fb017b8f6c9 [ 327.959094][T14703] RDX: 0000000000008000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 327.959106][T14703] RBP: 00007fb018981090 R08: 0000000000000000 R09: 0000000000000000 [ 327.959117][T14703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.959127][T14703] R13: 00007fb017de6038 R14: 00007fb017de5fa0 R15: 00007fff9b221b58 [ 327.959157][T14703] [ 328.021577][ C1] lec0: NETDEV WATCHDOG: CPU: 1: transmit queue 0 timed out 5020 ms [ 328.035996][T14706] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2651'. [ 328.039330][ C1] lec:lec_tx_timeout: lec0 [ 328.183188][ C1] lec:lec_start_xmit: lec0:No lecd attached [ 328.290573][ T3029] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 328.302865][ T3029] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 328.434059][ C1] ------------[ cut here ]------------ [ 328.439893][ C1] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0x0 with flags 0x0 [ 328.450657][ C1] WARNING: CPU: 1 PID: 5834 at net/mac80211/rate.c:406 __rate_control_send_low+0x5e2/0x820 [ 328.460723][ C1] Modules linked in: [ 328.465192][ C1] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 328.474830][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 328.484937][ C1] RIP: 0010:__rate_control_send_low+0x5e2/0x820 [ 328.491359][ C1] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 00 97 89 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 6f 39 c5 f6 90 <0f> 0b 90 90 e9 70 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c [ 328.511143][ C1] RSP: 0000:ffffc90000a08758 EFLAGS: 00010246 [ 328.517273][ C1] RAX: 896bc0436b80da00 RBX: 000000000000000c RCX: ffff888032e93c80 [ 328.525509][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 328.533541][ C1] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 328.541556][ C1] R10: dffffc0000000000 R11: fffffbfff1bba684 R12: ffff888079a66b68 [ 328.549538][ C1] R13: 0000000000000000 R14: ffff8880276d0e80 R15: ffff8880276d3138 [ 328.557573][ C1] FS: 0000555583288500(0000) GS:ffff888126238000(0000) knlGS:0000000000000000 [ 328.566543][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 328.573191][ C1] CR2: 00007f27f3518704 CR3: 00000000768b4000 CR4: 00000000003526f0 [ 328.581190][ C1] Call Trace: [ 328.584877][ C1] [ 328.587754][ C1] rate_control_send_low+0x1a7/0x7b0 [ 328.593174][ C1] ? rcu_is_watching+0x15/0xb0 [ 328.597968][ C1] rate_control_get_rate+0x20b/0x5d0 [ 328.603300][ C1] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 328.609133][ C1] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 328.615592][ C1] ? __pfx___netdev_alloc_skb+0x10/0x10 [ 328.621150][ C1] ? __ieee80211_beacon_get+0xce1/0x1880 [ 328.626828][ C1] __ieee80211_beacon_get+0xd3d/0x1880 [ 328.632352][ C1] ? __ieee80211_beacon_get+0x36/0x1880 [ 328.638024][ C1] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 328.643544][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 328.649739][ C1] mac80211_hwsim_beacon_tx+0x3ce/0x860 [ 328.655344][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 328.662605][ C1] __iterate_interfaces+0x2ab/0x590 [ 328.667873][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 328.674008][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 328.681273][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 328.687376][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 328.694462][ C1] mac80211_hwsim_beacon+0xbb/0x180 [ 328.699691][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 328.705535][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 328.710748][ C1] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 328.716884][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 328.722641][ C1] ? read_tsc+0x9/0x20 [ 328.726739][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 328.732593][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 328.737729][ C1] handle_softirqs+0x286/0x870 [ 328.742553][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 328.747346][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 328.752691][ C1] __irq_exit_rcu+0xca/0x1f0 [ 328.757307][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 328.762575][ C1] irq_exit_rcu+0x9/0x30 [ 328.766849][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 328.772566][ C1] [ 328.775535][ C1] [ 328.778487][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 328.784519][ C1] RIP: 0010:clear_page_erms+0xb/0x20 [ 328.789822][ C1] Code: 48 8d 7f 40 75 d9 90 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 00 10 00 00 31 c0 aa e9 be 42 04 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 328.804499][T14726] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2655'. [ 328.809541][ C1] RSP: 0000:ffffc90004a0f4f0 EFLAGS: 00010246 [ 328.809575][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000c40 [ 328.833352][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880bff653c0 [ 328.841537][ C1] RBP: 1ffffffff1b24ea6 R08: ffffffff8f7cfd77 R09: 0000000000000000 [ 328.849509][ C1] R10: ffffed1017feca00 R11: fffffbfff1ef9faf R12: fffa8000bff65000 [ 328.857519][ C1] R13: fffa800000000000 R14: 1ffffffff1b24ea4 R15: 0000000000000001 [ 328.865576][ C1] post_alloc_hook+0x1bd/0x2a0 [ 328.870486][ C1] get_page_from_freelist+0x2365/0x2440 [ 328.876317][ C1] ? __pfx_get_page_from_freelist+0x10/0x10 [ 328.882257][ C1] ? prepare_alloc_pages+0x213/0x610 [ 328.887543][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 328.893395][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 328.899721][ C1] ? policy_nodemask+0x27c/0x720 [ 328.904685][ C1] alloc_pages_mpol+0x232/0x4a0 [ 328.909542][ C1] vma_alloc_folio_noprof+0xe4/0x200 [ 328.914854][ C1] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 328.920830][ C1] folio_prealloc+0x30/0x180 [ 328.925454][ C1] do_wp_page+0x1231/0x5800 [ 328.930061][ C1] ? __pfx_do_wp_page+0x10/0x10 [ 328.934968][ C1] ? do_raw_spin_lock+0x121/0x290 [ 328.940006][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 328.945488][ C1] __handle_mm_fault+0x1033/0x5400 [ 328.950785][ C1] ? lock_vma_under_rcu+0x1a3/0x450 [ 328.956011][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 328.961512][ C1] ? lock_vma_under_rcu+0x3d2/0x450 [ 328.966734][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 328.972308][ C1] handle_mm_fault+0x40a/0x8e0 [ 328.977098][ C1] do_user_addr_fault+0xa7c/0x1380 [ 328.982284][ C1] ? rcu_is_watching+0x15/0xb0 [ 328.987068][ C1] ? trace_page_fault_user+0x84/0x1e0 [ 328.992462][ C1] exc_page_fault+0x82/0x100 [ 328.997080][ C1] asm_exc_page_fault+0x26/0x30 [ 329.001972][ C1] RIP: 0033:0x7f27f2745259 [ 329.006379][ C1] Code: dd 00 01 5b c3 0f 1f 40 00 48 8d 3d c1 34 dd 00 e8 6c 0a 00 00 eb de 66 2e 0f 1f 84 00 00 00 00 00 8b 05 ae 34 dd 00 83 e8 01 <89> 05 a5 34 dd 00 75 16 48 c7 05 9c 34 dd 00 00 00 00 00 87 05 8e [ 329.026099][ C1] RSP: 002b:00007fff08946d08 EFLAGS: 00010246 [ 329.032203][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f27f2785e13 [ 329.040177][ C1] RDX: 0000000000000597 RSI: 0000000000000000 RDI: 0000000001200011 [ 329.048167][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 329.056170][ C1] R10: 00005555832887d0 R11: 0000000000000246 R12: 0000000000000597 [ 329.064206][ C1] R13: ffffffffffffffa8 R14: 0000000000000006 R15: 00007fff08946ea0 [ 329.072250][ C1] [ 329.075278][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 329.082545][ C1] CPU: 1 UID: 0 PID: 5834 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 329.092100][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 329.102235][ C1] Call Trace: [ 329.105506][ C1] [ 329.108340][ C1] dump_stack_lvl+0x99/0x250 [ 329.112924][ C1] ? __asan_memcpy+0x40/0x70 [ 329.117598][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 329.122791][ C1] ? __pfx__printk+0x10/0x10 [ 329.127384][ C1] vpanic+0x237/0x6d0 [ 329.131364][ C1] ? __pfx_vpanic+0x10/0x10 [ 329.135889][ C1] panic+0xb9/0xc0 [ 329.139606][ C1] ? __pfx_panic+0x10/0x10 [ 329.144019][ C1] __warn+0x31b/0x4b0 [ 329.147987][ C1] ? __rate_control_send_low+0x5e2/0x820 [ 329.153612][ C1] ? __rate_control_send_low+0x5e2/0x820 [ 329.159231][ C1] report_bug+0x2be/0x4f0 [ 329.163547][ C1] ? __rate_control_send_low+0x5e2/0x820 [ 329.169168][ C1] ? __rate_control_send_low+0x5e2/0x820 [ 329.174790][ C1] ? __rate_control_send_low+0x5e4/0x820 [ 329.180413][ C1] handle_bug+0x84/0x160 [ 329.184651][ C1] exc_invalid_op+0x1a/0x50 [ 329.189149][ C1] asm_exc_invalid_op+0x1a/0x20 [ 329.194023][ C1] RIP: 0010:__rate_control_send_low+0x5e2/0x820 [ 329.200263][ C1] Code: 38 0f b6 04 28 84 c0 0f 85 d7 01 00 00 41 8b 0f 48 c7 c7 00 97 89 8c 48 8b 74 24 18 44 8b 44 24 2c 45 89 e9 e8 6f 39 c5 f6 90 <0f> 0b 90 90 e9 70 fe ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c [ 329.219951][ C1] RSP: 0000:ffffc90000a08758 EFLAGS: 00010246 [ 329.226019][ C1] RAX: 896bc0436b80da00 RBX: 000000000000000c RCX: ffff888032e93c80 [ 329.233981][ C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 329.241947][ C1] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004 [ 329.249913][ C1] R10: dffffc0000000000 R11: fffffbfff1bba684 R12: ffff888079a66b68 [ 329.257979][ C1] R13: 0000000000000000 R14: ffff8880276d0e80 R15: ffff8880276d3138 [ 329.265957][ C1] ? __rate_control_send_low+0x5e1/0x820 [ 329.271599][ C1] rate_control_send_low+0x1a7/0x7b0 [ 329.276972][ C1] ? rcu_is_watching+0x15/0xb0 [ 329.281811][ C1] rate_control_get_rate+0x20b/0x5d0 [ 329.287088][ C1] ieee80211_beacon_get_finish+0x39a/0x6c0 [ 329.292892][ C1] ? __pfx_ieee80211_beacon_get_finish+0x10/0x10 [ 329.299247][ C1] ? __pfx___netdev_alloc_skb+0x10/0x10 [ 329.304801][ C1] ? __ieee80211_beacon_get+0xce1/0x1880 [ 329.310434][ C1] __ieee80211_beacon_get+0xd3d/0x1880 [ 329.315892][ C1] ? __ieee80211_beacon_get+0x36/0x1880 [ 329.321445][ C1] ieee80211_beacon_get_tim+0xb4/0x2b0 [ 329.326901][ C1] ? __pfx_ieee80211_beacon_get_tim+0x10/0x10 [ 329.333060][ C1] mac80211_hwsim_beacon_tx+0x3ce/0x860 [ 329.338600][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 329.345786][ C1] __iterate_interfaces+0x2ab/0x590 [ 329.351066][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 329.357124][ C1] ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180 [ 329.364313][ C1] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 329.370368][ C1] ieee80211_iterate_active_interfaces_atomic+0xdb/0x180 [ 329.377394][ C1] mac80211_hwsim_beacon+0xbb/0x180 [ 329.382604][ C1] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 329.388411][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 329.393694][ C1] ? ktime_get_update_offsets_now+0x67/0x3d0 [ 329.399689][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 329.405395][ C1] ? read_tsc+0x9/0x20 [ 329.409468][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 329.415273][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 329.420378][ C1] handle_softirqs+0x286/0x870 [ 329.425133][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 329.429889][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 329.435167][ C1] __irq_exit_rcu+0xca/0x1f0 [ 329.439758][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 329.444950][ C1] irq_exit_rcu+0x9/0x30 [ 329.449176][ C1] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 329.454802][ C1] [ 329.457718][ C1] [ 329.460631][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 329.466603][ C1] RIP: 0010:clear_page_erms+0xb/0x20 [ 329.471891][ C1] Code: 48 8d 7f 40 75 d9 90 c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa b9 00 10 00 00 31 c0 aa e9 be 42 04 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 329.491590][ C1] RSP: 0000:ffffc90004a0f4f0 EFLAGS: 00010246 [ 329.497656][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000c40 [ 329.505621][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8880bff653c0 [ 329.513583][ C1] RBP: 1ffffffff1b24ea6 R08: ffffffff8f7cfd77 R09: 0000000000000000 [ 329.521549][ C1] R10: ffffed1017feca00 R11: fffffbfff1ef9faf R12: fffa8000bff65000 [ 329.529509][ C1] R13: fffa800000000000 R14: 1ffffffff1b24ea4 R15: 0000000000000001 [ 329.537482][ C1] post_alloc_hook+0x1bd/0x2a0 [ 329.542243][ C1] get_page_from_freelist+0x2365/0x2440 [ 329.547810][ C1] ? __pfx_get_page_from_freelist+0x10/0x10 [ 329.553692][ C1] ? prepare_alloc_pages+0x213/0x610 [ 329.558974][ C1] __alloc_frozen_pages_noprof+0x181/0x370 [ 329.564770][ C1] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 329.571091][ C1] ? policy_nodemask+0x27c/0x720 [ 329.576017][ C1] alloc_pages_mpol+0x232/0x4a0 [ 329.580972][ C1] vma_alloc_folio_noprof+0xe4/0x200 [ 329.586263][ C1] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 329.592161][ C1] folio_prealloc+0x30/0x180 [ 329.596763][ C1] do_wp_page+0x1231/0x5800 [ 329.601287][ C1] ? __pfx_do_wp_page+0x10/0x10 [ 329.606147][ C1] ? do_raw_spin_lock+0x121/0x290 [ 329.611196][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 329.616594][ C1] __handle_mm_fault+0x1033/0x5400 [ 329.621727][ C1] ? lock_vma_under_rcu+0x1a3/0x450 [ 329.626927][ C1] ? __pfx___handle_mm_fault+0x10/0x10 [ 329.632396][ C1] ? lock_vma_under_rcu+0x3d2/0x450 [ 329.637618][ C1] ? __pfx_lock_vma_under_rcu+0x10/0x10 [ 329.643172][ C1] handle_mm_fault+0x40a/0x8e0 [ 329.647939][ C1] do_user_addr_fault+0xa7c/0x1380 [ 329.653044][ C1] ? rcu_is_watching+0x15/0xb0 [ 329.657798][ C1] ? trace_page_fault_user+0x84/0x1e0 [ 329.663256][ C1] exc_page_fault+0x82/0x100 [ 329.667839][ C1] asm_exc_page_fault+0x26/0x30 [ 329.672679][ C1] RIP: 0033:0x7f27f2745259 [ 329.677082][ C1] Code: dd 00 01 5b c3 0f 1f 40 00 48 8d 3d c1 34 dd 00 e8 6c 0a 00 00 eb de 66 2e 0f 1f 84 00 00 00 00 00 8b 05 ae 34 dd 00 83 e8 01 <89> 05 a5 34 dd 00 75 16 48 c7 05 9c 34 dd 00 00 00 00 00 87 05 8e [ 329.696672][ C1] RSP: 002b:00007fff08946d08 EFLAGS: 00010246 [ 329.702742][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f27f2785e13 [ 329.710790][ C1] RDX: 0000000000000597 RSI: 0000000000000000 RDI: 0000000001200011 [ 329.718760][ C1] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000001 [ 329.726716][ C1] R10: 00005555832887d0 R11: 0000000000000246 R12: 0000000000000597 [ 329.734674][ C1] R13: ffffffffffffffa8 R14: 0000000000000006 R15: 00007fff08946ea0 [ 329.742646][ C1] [ 329.746011][ C1] Kernel Offset: disabled [ 329.750319][ C1] Rebooting in 86400 seconds..