last executing test programs:

7.371767256s ago: executing program 0 (id=4538):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0xa420, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

7.197733441s ago: executing program 0 (id=4541):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ffd, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x2f}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)

7.054783546s ago: executing program 0 (id=4550):
socket$kcm(0x11, 0xa, 0x300)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, 0x0}, 0x0)

6.912819731s ago: executing program 0 (id=4553):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x4, 0xd, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x8008, 0x0, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x2f}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x7}}]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41000, 0x21, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002280)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="0000100000000300000a6e000000", 0x0, 0x57af, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.873781212s ago: executing program 0 (id=4546):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @remote}}}], 0x20}, 0x40000)

6.756956985s ago: executing program 0 (id=4549):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
r1 = perf_event_open(&(0x7f00000012c0)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0xa420, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r2, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.836635918s ago: executing program 1 (id=4571):
perf_event_open(&(0x7f0000000440)={0x5, 0x80, 0xec, 0x0, 0x0, 0xfe, 0x0, 0x0, 0x2208f, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x1, 0xffff}, 0xa5b3, 0x4, 0x0, 0x2, 0x8178, 0x0, 0x1, 0x0, 0xb, 0x0, 0xbf}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x1)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000780)={'pim6reg0\x00', 0x400})
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000080))
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000140)={0x5, &(0x7f0000000100)=[{0x2, 0x6, 0x5, 0xffffffff}, {0xa437, 0x2, 0x9, 0xfffffffa}, {0x6, 0xf7, 0x48, 0xe267}, {0xd, 0xca, 0x1, 0x9}, {0x40, 0xff, 0xec, 0x9}]})
write$cgroup_int(r0, &(0x7f00000000c0)=0x7, 0x12)

1.956057528s ago: executing program 3 (id=4580):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x5, 0x8, 0x40, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, 0x0, &(0x7f0000001580)=""/92}, 0x20)

1.955072858s ago: executing program 2 (id=4587):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x5, 0x7, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000280), &(0x7f0000000240)=r2}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

1.936300099s ago: executing program 1 (id=4581):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0xa38, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000040)={'vlan0\x00', @random="02000000e29b"})
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r3 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r4 = bpf$ITER_CREATE(0xb, &(0x7f00000002c0)={r3}, 0x8)
write$cgroup_int(r4, &(0x7f00000001c0), 0xfffffdef)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r5}, 0x8)
ioctl$SIOCSIFHWADDR(r6, 0x541b, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

1.713173506s ago: executing program 1 (id=4582):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r2 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xa)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000001540)=@tipc, 0x80, 0x0}, 0x0)

1.665034008s ago: executing program 2 (id=4583):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ffd, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x2f}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x8, 0x0, &(0x7f0000000300)=""/8, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.504660833s ago: executing program 3 (id=4584):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000200), 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f00000001c0)=ANY=[], 0x5)

1.501347183s ago: executing program 2 (id=4585):
socket$kcm(0xa, 0x1, 0x106)
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1946}, 0x0, 0x30ae, 0x0, 0x8, 0x3fe, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x9c75}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x5, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000001200000000000000000095"], &(0x7f0000000c00)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000002c0)={r0, 0x4, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0}, 0x50)
r1 = socket$kcm(0x2, 0x2, 0x73)
sendmsg$inet(r1, &(0x7f0000000500)={&(0x7f0000000300)={0x2, 0x0, @empty}, 0x10, &(0x7f0000000400)=[{&(0x7f0000000340)='+', 0x34000}], 0x1}, 0x900000000000000)

1.376684447s ago: executing program 3 (id=4586):
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000440)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x80000005}, {0x2}]}, 0x94)
sendmsg$inet(r0, &(0x7f00000029c0)={&(0x7f0000000100)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000002780)=[{&(0x7f00000006c0)='{', 0x1}], 0x1}, 0x4000040)
sendmsg$inet(r0, &(0x7f00000000c0)={&(0x7f0000001040)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000080)="88", 0x1}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x7b, &(0x7f0000000000)=r3, 0x8)

1.319800189s ago: executing program 1 (id=4588):
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20040, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x0, 0x1, 0x5, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
r3 = bpf$ITER_CREATE(0xb, &(0x7f00000002c0)={r2}, 0x8)
write$cgroup_int(r3, &(0x7f00000001c0), 0xfffffdef)
write$cgroup_subtree(r3, 0x0, 0xfdef)

1.237444251s ago: executing program 3 (id=4589):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x0, 0x5c}, 0x28)
r0 = socket$kcm(0x2, 0x5, 0x84)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000003c0)=[{0x0, 0x0, 0x1, 0xb}, {0x10000002}]}, 0x94)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
close(r2)
recvmsg$unix(r1, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r0, 0x84, 0x6e, &(0x7f0000000000)=r3, 0x10)
r4 = socket$kcm(0x2, 0x5, 0x84)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
recvmsg$unix(r5, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [<r7=>0xffffffffffffffff]}}], 0x18}, 0x0)
setsockopt$sock_attach_bpf(r4, 0x84, 0x71, &(0x7f0000000000)=r7, 0x8)

1.172649253s ago: executing program 2 (id=4590):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, @perf_config_ext={0x7, 0xffffffffffffffff}, 0xa38, 0x0, 0x0, 0x0, 0x9, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8916, &(0x7f0000000040)={'vlan0\x00', @random="02000000e29b"})

257.147922ms ago: executing program 1 (id=4591):
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x5, 0x7, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000700)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000040)={{r5}, &(0x7f0000000280), &(0x7f0000000240)=r2}, 0x20)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f00000000c0)=r6, 0x4)
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0)

257.046882ms ago: executing program 2 (id=4592):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x5, 0x8, 0x40, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100), &(0x7f0000000580), 0x1000, r0}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, 0x0, &(0x7f0000001580)=""/92}, 0x20)

185.674254ms ago: executing program 3 (id=4593):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x1, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ffd, 0x0, 0x0, 0x0, 0x9}, [@call={0x85, 0x0, 0x0, 0x2f}]}, &(0x7f0000000080)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x8, &(0x7f00000002c0), &(0x7f0000000300)=""/8, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

88.300168ms ago: executing program 1 (id=4594):
perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x4, 0x3fe, 0x7ffffffc, 0x400}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
r0 = socket$kcm(0x1e, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000000)=""/59, 0x3b}], 0x1, 0x0, 0xc00}, 0x80)
r1 = socket$kcm(0x1e, 0x4, 0x0)
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[], 0xfdef)

198.24µs ago: executing program 3 (id=4595):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd)
r2 = socket$kcm(0x1e, 0x4, 0x0)
setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
r3 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xec, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0, 0xa}, 0x114905, 0x4, 0x9, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0xa)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r3, 0x40042408, r4)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, &(0x7f00000008c0), 0x43)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000001540)=@tipc, 0x80, 0x0}, 0x0)

0s ago: executing program 2 (id=4596):
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x4a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x80102, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x5, 0x4}, 0x8000, 0x0, 0x0, 0x4, 0x3fe, 0x7ffffffa, 0x400, 0x0, 0x0, 0x0, 0xfffffffffffffff7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, 0x0, 0x0}, 0x94)
perf_event_open(&(0x7f0000000440)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x8, 0x830d}, 0x8, 0x7, 0xfffffffe, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
ioctl$PERF_EVENT_IOC_QUERY_BPF(r0, 0xc008240a, &(0x7f0000000380)={0x1, 0x0, [0x0]})

kernel console output (not intermixed with test programs):

 entered promiscuous mode
[  563.251266][T14916] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  563.716595][T14928] netlink: 'syz.2.3313': attribute type 10 has an invalid length.
[  563.849316][T14932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3315'.
[  564.937732][T14955] delete_channel: no stack
[  564.987927][T14955] delete_channel: no stack
[  565.004253][T14955] netlink: 'syz.2.3322': attribute type 21 has an invalid length.
[  565.543728][T14965] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  565.565222][T14965] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  565.614792][T14966] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  565.644743][T14966] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  565.682737][T14968] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3327'.
[  566.140915][T14971] netlink: 'syz.2.3328': attribute type 10 has an invalid length.
[  566.267831][T14976] FAULT_INJECTION: forcing a failure.
[  566.267831][T14976] name failslab, interval 1, probability 0, space 0, times 0
[  566.310108][T14976] CPU: 1 PID: 14976 Comm: syz.3.3329 Not tainted syzkaller #0
[  566.317606][T14976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  566.327673][T14976] Call Trace:
[  566.330966][T14976]  <TASK>
[  566.333908][T14976]  dump_stack_lvl+0x18c/0x250
[  566.338611][T14976]  ? show_regs_print_info+0x20/0x20
[  566.343825][T14976]  ? load_image+0x420/0x420
[  566.348344][T14976]  ? __might_sleep+0xe0/0xe0
[  566.352949][T14976]  ? __lock_acquire+0x7d40/0x7d40
[  566.357994][T14976]  ? prepend_path+0x4b/0x960
[  566.362602][T14976]  should_fail_ex+0x39d/0x4d0
[  566.367305][T14976]  should_failslab+0x9/0x20
[  566.371824][T14976]  slab_pre_alloc_hook+0x59/0x310
[  566.376865][T14976]  ? __asan_memcpy+0x40/0x70
[  566.381466][T14976]  ? tomoyo_encode+0x28b/0x540
[  566.386239][T14976]  ? tomoyo_encode+0x28b/0x540
[  566.391019][T14976]  __kmem_cache_alloc_node+0x53/0x250
[  566.396411][T14976]  ? prepend_path+0x4b/0x960
[  566.401020][T14976]  ? tomoyo_encode+0x28b/0x540
[  566.405795][T14976]  __kmalloc+0xa4/0x230
[  566.409969][T14976]  tomoyo_encode+0x28b/0x540
[  566.414562][T14976]  tomoyo_realpath_from_path+0x592/0x5d0
[  566.420210][T14976]  tomoyo_path_number_perm+0x248/0x620
[  566.425668][T14976]  ? tomoyo_path_number_perm+0x217/0x620
[  566.431297][T14976]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  566.436757][T14976]  ? trace_call_bpf+0xc3/0x6c0
[  566.441520][T14976]  ? trace_call_bpf+0xc3/0x6c0
[  566.446285][T14976]  ? trace_call_bpf+0x5e9/0x6c0
[  566.451169][T14976]  ? __fget_files+0x28/0x4b0
[  566.455756][T14976]  ? __fget_files+0x28/0x4b0
[  566.460349][T14976]  security_file_ioctl+0x70/0xa0
[  566.465285][T14976]  __se_sys_ioctl+0x48/0x170
[  566.469874][T14976]  do_syscall_64+0x55/0xa0
[  566.474281][T14976]  ? clear_bhb_loop+0x40/0x90
[  566.478960][T14976]  ? clear_bhb_loop+0x40/0x90
[  566.483648][T14976]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  566.489551][T14976] RIP: 0033:0x7fc69299ce59
[  566.493957][T14976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  566.513550][T14976] RSP: 002b:00007fc6938dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  566.521954][T14976] RAX: ffffffffffffffda RBX: 00007fc692c15fa0 RCX: 00007fc69299ce59
[  566.529915][T14976] RDX: 0000200000000040 RSI: 0000000040305828 RDI: 0000000000000007
[  566.537887][T14976] RBP: 00007fc6938dc090 R08: 0000000000000000 R09: 0000000000000000
[  566.545853][T14976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  566.553816][T14976] R13: 00007fc692c16038 R14: 00007fc692c15fa0 R15: 00007fff981bc8c8
[  566.561793][T14976]  </TASK>
[  566.575070][T14976] ERROR: Out of memory at tomoyo_realpath_from_path.
[  566.839428][T14993] delete_channel: no stack
[  566.844101][T14993] delete_channel: no stack
[  566.850811][T14993] netlink: 'syz.3.3337': attribute type 21 has an invalid length.
[  567.468523][ T1145] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  567.677553][T14997] syzkaller0: entered promiscuous mode
[  567.701862][T14997] syzkaller0: entered allmulticast mode
[  567.933485][T14997] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.3338'.
[  568.006214][T15001] netlink: 'syz.0.3341': attribute type 10 has an invalid length.
[  569.157199][T15008] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3342'.
[  570.453650][T15012] netlink: 'syz.3.3343': attribute type 10 has an invalid length.
[  571.401160][T15034] delete_channel: no stack
[  571.418491][T15034] delete_channel: no stack
[  571.476881][T15034] netlink: 'syz.0.3351': attribute type 21 has an invalid length.
[  571.784420][T15038] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3352'.
[  572.871381][T15057] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3360'.
[  573.007189][T15060] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3368'.
[  574.317124][T15079] netlink: 'syz.2.3365': attribute type 10 has an invalid length.
[  574.343200][T15086] delete_channel: no stack
[  574.351195][T15086] delete_channel: no stack
[  574.383544][T15086] netlink: 'syz.1.3366': attribute type 21 has an invalid length.
[  574.942853][T15090] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  574.996272][T15090] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  575.822088][T15104] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3374'.
[  576.374388][T15111] netlink: 'syz.0.3378': attribute type 10 has an invalid length.
[  576.464458][T15114] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  576.484943][T15114] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  576.535095][T15116] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  576.542180][T15116] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  576.716220][T15126] delete_channel: no stack
[  576.741256][T15126] delete_channel: no stack
[  576.775287][T15126] netlink: 'syz.2.3381': attribute type 21 has an invalid length.
[  577.871174][T15140] FAULT_INJECTION: forcing a failure.
[  577.871174][T15140] name failslab, interval 1, probability 0, space 0, times 0
[  578.030168][T15140] CPU: 0 PID: 15140 Comm: syz.3.3384 Not tainted syzkaller #0
[  578.037672][T15140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  578.047742][T15140] Call Trace:
[  578.051027][T15140]  <TASK>
[  578.053960][T15140]  dump_stack_lvl+0x18c/0x250
[  578.058658][T15140]  ? show_regs_print_info+0x20/0x20
[  578.063877][T15140]  ? load_image+0x420/0x420
[  578.068402][T15140]  ? __lock_acquire+0x7d40/0x7d40
[  578.073449][T15140]  should_fail_ex+0x39d/0x4d0
[  578.078150][T15140]  should_failslab+0x9/0x20
[  578.082672][T15140]  slab_pre_alloc_hook+0x59/0x310
[  578.087721][T15140]  ? iovec_from_user+0x87/0x240
[  578.092675][T15140]  ? iovec_from_user+0x87/0x240
[  578.097540][T15140]  __kmem_cache_alloc_node+0x53/0x250
[  578.102934][T15140]  ? iovec_from_user+0x87/0x240
[  578.107799][T15140]  __kmalloc+0xa4/0x230
[  578.111974][T15140]  iovec_from_user+0x87/0x240
[  578.116673][T15140]  __import_iovec+0x13d/0x850
[  578.121373][T15140]  import_iovec+0x73/0xa0
[  578.125728][T15140]  ___sys_sendmsg+0x256/0x360
[  578.130430][T15140]  ? get_pid_task+0x20/0x1e0
[  578.135047][T15140]  ? __sys_sendmsg+0x2a0/0x2a0
[  578.139845][T15140]  ? __lock_acquire+0x7d40/0x7d40
[  578.144900][T15140]  __se_sys_sendmsg+0x1c2/0x2b0
[  578.149754][T15140]  ? __x64_sys_sendmsg+0x80/0x80
[  578.154707][T15140]  ? lockdep_hardirqs_on+0x98/0x150
[  578.159933][T15140]  do_syscall_64+0x55/0xa0
[  578.164344][T15140]  ? clear_bhb_loop+0x40/0x90
[  578.169024][T15140]  ? clear_bhb_loop+0x40/0x90
[  578.173703][T15140]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  578.179595][T15140] RIP: 0033:0x7fc69299ce59
[  578.184002][T15140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  578.203605][T15140] RSP: 002b:00007fc6938bb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  578.212018][T15140] RAX: ffffffffffffffda RBX: 00007fc692c16090 RCX: 00007fc69299ce59
[  578.219982][T15140] RDX: 00000000000012cd RSI: 0000200000000040 RDI: 0000000000000003
[  578.227951][T15140] RBP: 00007fc6938bb090 R08: 0000000000000000 R09: 0000000000000000
[  578.235916][T15140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  578.243877][T15140] R13: 00007fc692c16128 R14: 00007fc692c16090 R15: 00007fff981bc8c8
[  578.251855][T15140]  </TASK>
[  578.568247][T15142] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  578.597983][T15142] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  578.675218][T15147] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  578.698127][T15147] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  578.721537][T15152] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3389'.
[  579.424738][T15155] netlink: 'syz.3.3390': attribute type 10 has an invalid length.
[  579.475433][T15160] syzkaller0: entered promiscuous mode
[  579.480961][T15160] syzkaller0: entered allmulticast mode
[  579.693906][T15162] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3391'.
[  579.749418][T15162] debugfs: Directory 'ô!ô' with parent 'ieee80211' already present!
[  581.095747][T15181] FAULT_INJECTION: forcing a failure.
[  581.095747][T15181] name failslab, interval 1, probability 0, space 0, times 0
[  581.133758][T15181] CPU: 0 PID: 15181 Comm: syz.1.3398 Not tainted syzkaller #0
[  581.141253][T15181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  581.151323][T15181] Call Trace:
[  581.154612][T15181]  <TASK>
[  581.157550][T15181]  dump_stack_lvl+0x18c/0x250
[  581.162247][T15181]  ? show_regs_print_info+0x20/0x20
[  581.167466][T15181]  ? load_image+0x420/0x420
[  581.171986][T15181]  ? __might_sleep+0xe0/0xe0
[  581.176588][T15181]  ? __lock_acquire+0x7d40/0x7d40
[  581.181624][T15181]  ? prepend_path+0x4b/0x960
[  581.186235][T15181]  should_fail_ex+0x39d/0x4d0
[  581.190933][T15181]  should_failslab+0x9/0x20
[  581.195454][T15181]  slab_pre_alloc_hook+0x59/0x310
[  581.200494][T15181]  ? __asan_memcpy+0x40/0x70
[  581.205099][T15181]  ? tomoyo_encode+0x28b/0x540
[  581.209891][T15181]  ? tomoyo_encode+0x28b/0x540
[  581.214659][T15181]  __kmem_cache_alloc_node+0x53/0x250
[  581.220043][T15181]  ? prepend_path+0x4b/0x960
[  581.224648][T15181]  ? tomoyo_encode+0x28b/0x540
[  581.229424][T15181]  __kmalloc+0xa4/0x230
[  581.233599][T15181]  tomoyo_encode+0x28b/0x540
[  581.238207][T15181]  tomoyo_realpath_from_path+0x592/0x5d0
[  581.243863][T15181]  tomoyo_path_number_perm+0x248/0x620
[  581.249343][T15181]  ? tomoyo_path_number_perm+0x217/0x620
[  581.254996][T15181]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  581.260475][T15181]  ? ksys_write+0x1c4/0x260
[  581.265023][T15181]  ? __fget_files+0x28/0x4b0
[  581.269627][T15181]  ? __fget_files+0x28/0x4b0
[  581.274239][T15181]  security_file_ioctl+0x70/0xa0
[  581.279205][T15181]  __se_sys_ioctl+0x48/0x170
[  581.283817][T15181]  do_syscall_64+0x55/0xa0
[  581.288241][T15181]  ? clear_bhb_loop+0x40/0x90
[  581.292931][T15181]  ? clear_bhb_loop+0x40/0x90
[  581.297628][T15181]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  581.303541][T15181] RIP: 0033:0x7f921199ce59
[  581.307967][T15181] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  581.327588][T15181] RSP: 002b:00007f921287b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  581.336018][T15181] RAX: ffffffffffffffda RBX: 00007f9211c15fa0 RCX: 00007f921199ce59
[  581.344003][T15181] RDX: 0000200000000040 RSI: 0000000040305829 RDI: 0000000000000005
[  581.351981][T15181] RBP: 00007f921287b090 R08: 0000000000000000 R09: 0000000000000000
[  581.359964][T15181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  581.367941][T15181] R13: 00007f9211c16038 R14: 00007f9211c15fa0 R15: 00007ffe4050cb28
[  581.375942][T15181]  </TASK>
[  581.418404][T15181] ERROR: Out of memory at tomoyo_realpath_from_path.
[  581.449349][T15185] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3400'.
[  581.507727][T15188] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3401'.
[  582.130569][T15194] netlink: 'syz.2.3404': attribute type 10 has an invalid length.
[  582.878053][T15205] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3406'.
[  582.919834][T15205] debugfs: Directory 'ô!ô' with parent 'ieee80211' already present!
[  583.002459][T15210] syzkaller0: entered promiscuous mode
[  583.075847][T15210] syzkaller0: entered allmulticast mode
[  583.927757][T15230] netlink: 'syz.0.3415': attribute type 10 has an invalid length.
[  584.632965][T15242] FAULT_INJECTION: forcing a failure.
[  584.632965][T15242] name failslab, interval 1, probability 0, space 0, times 0
[  584.660933][T15242] CPU: 0 PID: 15242 Comm: syz.2.3417 Not tainted syzkaller #0
[  584.668424][T15242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  584.678491][T15242] Call Trace:
[  584.681776][T15242]  <TASK>
[  584.684720][T15242]  dump_stack_lvl+0x18c/0x250
[  584.689421][T15242]  ? show_regs_print_info+0x20/0x20
[  584.694637][T15242]  ? load_image+0x420/0x420
[  584.699167][T15242]  ? __lock_acquire+0x7d40/0x7d40
[  584.704213][T15242]  should_fail_ex+0x39d/0x4d0
[  584.708916][T15242]  should_failslab+0x9/0x20
[  584.713435][T15242]  slab_pre_alloc_hook+0x59/0x310
[  584.718477][T15242]  ? kvmalloc_node+0x70/0x180
[  584.723160][T15242]  ? kvmalloc_node+0x70/0x180
[  584.727828][T15242]  __kmem_cache_alloc_node+0x53/0x250
[  584.733200][T15242]  ? kvmalloc_node+0x70/0x180
[  584.737870][T15242]  __kmalloc_node+0xa4/0x230
[  584.742459][T15242]  kvmalloc_node+0x70/0x180
[  584.746957][T15242]  map_get_next_key+0x295/0x620
[  584.751797][T15242]  ? __might_fault+0xc6/0x120
[  584.756468][T15242]  __sys_bpf+0x715/0x890
[  584.760702][T15242]  ? bpf_link_show_fdinfo+0x390/0x390
[  584.766082][T15242]  ? lock_chain_count+0x20/0x20
[  584.770929][T15242]  __x64_sys_bpf+0x7c/0x90
[  584.775335][T15242]  do_syscall_64+0x55/0xa0
[  584.779738][T15242]  ? clear_bhb_loop+0x40/0x90
[  584.784404][T15242]  ? clear_bhb_loop+0x40/0x90
[  584.789071][T15242]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  584.794952][T15242] RIP: 0033:0x7f8ef939ce59
[  584.799359][T15242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  584.818952][T15242] RSP: 002b:00007f8efa1ac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  584.827358][T15242] RAX: ffffffffffffffda RBX: 00007f8ef9616090 RCX: 00007f8ef939ce59
[  584.835319][T15242] RDX: 0000000000000020 RSI: 0000200000000b80 RDI: 0000000000000004
[  584.843279][T15242] RBP: 00007f8efa1ac090 R08: 0000000000000000 R09: 0000000000000000
[  584.851238][T15242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  584.859196][T15242] R13: 00007f8ef9616128 R14: 00007f8ef9616090 R15: 00007ffd03626a08
[  584.867177][T15242]  </TASK>
[  585.026586][T15246] netlink: 'syz.2.3419': attribute type 17 has an invalid length.
[  585.044996][T15246] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3419'.
[  585.054253][T15246] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  585.637997][T15261] netlink: 'syz.0.3426': attribute type 10 has an invalid length.
[  585.803803][T15263] netlink: 'syz.2.3427': attribute type 10 has an invalid length.
[  586.068018][T15263] team0: Port device wlan1 added
[  586.393260][T15288] delete_channel: no stack
[  586.421694][T15288] delete_channel: no stack
[  586.441290][T15288] netlink: 'syz.0.3433': attribute type 21 has an invalid length.
[  586.979884][T15303] netlink: 'syz.2.3438': attribute type 10 has an invalid length.
[  587.036765][T15305] FAULT_INJECTION: forcing a failure.
[  587.036765][T15305] name failslab, interval 1, probability 0, space 0, times 0
[  587.061267][T15305] CPU: 0 PID: 15305 Comm: syz.1.3439 Not tainted syzkaller #0
[  587.068759][T15305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  587.078832][T15305] Call Trace:
[  587.082126][T15305]  <TASK>
[  587.085069][T15305]  dump_stack_lvl+0x18c/0x250
[  587.089797][T15305]  ? show_regs_print_info+0x20/0x20
[  587.095016][T15305]  ? load_image+0x420/0x420
[  587.099542][T15305]  ? __might_sleep+0xe0/0xe0
[  587.104156][T15305]  ? __lock_acquire+0x7d40/0x7d40
[  587.109204][T15305]  should_fail_ex+0x39d/0x4d0
[  587.113905][T15305]  should_failslab+0x9/0x20
[  587.118430][T15305]  slab_pre_alloc_hook+0x59/0x310
[  587.123478][T15305]  kmem_cache_alloc_node+0x60/0x320
[  587.128680][T15305]  ? __alloc_skb+0x103/0x2c0
[  587.133277][T15305]  __alloc_skb+0x103/0x2c0
[  587.137697][T15305]  netlink_sendmsg+0x66a/0xbf0
[  587.142466][T15305]  ? netlink_getsockopt+0x590/0x590
[  587.147663][T15305]  ? aa_sock_msg_perm+0x94/0x150
[  587.152596][T15305]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  587.157873][T15305]  ? security_socket_sendmsg+0x80/0xa0
[  587.163327][T15305]  ? netlink_getsockopt+0x590/0x590
[  587.168524][T15305]  ____sys_sendmsg+0x5ba/0x960
[  587.173291][T15305]  ? __asan_memset+0x22/0x40
[  587.177884][T15305]  ? __sys_sendmsg_sock+0x30/0x30
[  587.182898][T15305]  ? __import_iovec+0x5f2/0x850
[  587.187753][T15305]  ? import_iovec+0x73/0xa0
[  587.192250][T15305]  ___sys_sendmsg+0x2a6/0x360
[  587.196924][T15305]  ? __sys_sendmsg+0x2a0/0x2a0
[  587.201712][T15305]  __se_sys_sendmsg+0x1c2/0x2b0
[  587.206559][T15305]  ? __x64_sys_sendmsg+0x80/0x80
[  587.211497][T15305]  ? syscall_enter_from_user_mode+0x2e/0x80
[  587.217391][T15305]  do_syscall_64+0x55/0xa0
[  587.221800][T15305]  ? clear_bhb_loop+0x40/0x90
[  587.226470][T15305]  ? clear_bhb_loop+0x40/0x90
[  587.231140][T15305]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  587.237027][T15305] RIP: 0033:0x7f921199ce59
[  587.241435][T15305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  587.261035][T15305] RSP: 002b:00007f921287b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  587.269443][T15305] RAX: ffffffffffffffda RBX: 00007f9211c15fa0 RCX: 00007f921199ce59
[  587.277407][T15305] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000008
[  587.285366][T15305] RBP: 00007f921287b090 R08: 0000000000000000 R09: 0000000000000000
[  587.293329][T15305] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  587.301287][T15305] R13: 00007f9211c16038 R14: 00007f9211c15fa0 R15: 00007ffe4050cb28
[  587.309262][T15305]  </TASK>
[  587.329499][T15308] netlink: 164 bytes leftover after parsing attributes in process `syz.3.3440'.
[  587.449569][T15305] sit0: entered allmulticast mode
[  587.975591][T15331] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3447'.
[  588.038312][T15339] delete_channel: no stack
[  588.057659][T15339] delete_channel: no stack
[  588.113553][T15338] netlink: 'syz.3.3449': attribute type 10 has an invalid length.
[  588.122602][T15339] netlink: 'syz.0.3450': attribute type 21 has an invalid length.
[  588.267321][T15343] FAULT_INJECTION: forcing a failure.
[  588.267321][T15343] name failslab, interval 1, probability 0, space 0, times 0
[  588.284960][T15343] CPU: 0 PID: 15343 Comm: syz.3.3451 Not tainted syzkaller #0
[  588.292450][T15343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  588.302524][T15343] Call Trace:
[  588.305815][T15343]  <TASK>
[  588.308761][T15343]  dump_stack_lvl+0x18c/0x250
[  588.313468][T15343]  ? show_regs_print_info+0x20/0x20
[  588.318680][T15343]  ? load_image+0x420/0x420
[  588.323182][T15343]  ? __might_sleep+0xe0/0xe0
[  588.327767][T15343]  ? __lock_acquire+0x7d40/0x7d40
[  588.332786][T15343]  should_fail_ex+0x39d/0x4d0
[  588.337463][T15343]  should_failslab+0x9/0x20
[  588.341964][T15343]  slab_pre_alloc_hook+0x59/0x310
[  588.346996][T15343]  ? tomoyo_encode+0x28b/0x540
[  588.351758][T15343]  ? tomoyo_encode+0x28b/0x540
[  588.356515][T15343]  __kmem_cache_alloc_node+0x53/0x250
[  588.361889][T15343]  ? tomoyo_encode+0x28b/0x540
[  588.366648][T15343]  __kmalloc+0xa4/0x230
[  588.370808][T15343]  tomoyo_encode+0x28b/0x540
[  588.375393][T15343]  tomoyo_realpath_from_path+0x592/0x5d0
[  588.381028][T15343]  tomoyo_path_number_perm+0x248/0x620
[  588.386487][T15343]  ? tomoyo_path_number_perm+0x217/0x620
[  588.392116][T15343]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  588.397572][T15343]  ? ksys_write+0x1c4/0x260
[  588.402095][T15343]  ? __fget_files+0x28/0x4b0
[  588.406682][T15343]  ? __fget_files+0x28/0x4b0
[  588.411276][T15343]  security_file_ioctl+0x70/0xa0
[  588.416211][T15343]  __se_sys_ioctl+0x48/0x170
[  588.420795][T15343]  do_syscall_64+0x55/0xa0
[  588.425204][T15343]  ? clear_bhb_loop+0x40/0x90
[  588.429878][T15343]  ? clear_bhb_loop+0x40/0x90
[  588.434557][T15343]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  588.440444][T15343] RIP: 0033:0x7fc69299ce59
[  588.444857][T15343] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  588.464463][T15343] RSP: 002b:00007fc6938dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  588.472884][T15343] RAX: ffffffffffffffda RBX: 00007fc692c15fa0 RCX: 00007fc69299ce59
[  588.480916][T15343] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 0000000000000004
[  588.488885][T15343] RBP: 00007fc6938dc090 R08: 0000000000000000 R09: 0000000000000000
[  588.496848][T15343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.504817][T15343] R13: 00007fc692c16038 R14: 00007fc692c15fa0 R15: 00007fff981bc8c8
[  588.512793][T15343]  </TASK>
[  588.557558][T15345] FAULT_INJECTION: forcing a failure.
[  588.557558][T15345] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  588.572212][T15343] ERROR: Out of memory at tomoyo_realpath_from_path.
[  588.580288][T15345] CPU: 0 PID: 15345 Comm: syz.1.3452 Not tainted syzkaller #0
[  588.587775][T15345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  588.597846][T15345] Call Trace:
[  588.601141][T15345]  <TASK>
[  588.604083][T15345]  dump_stack_lvl+0x18c/0x250
[  588.608781][T15345]  ? show_regs_print_info+0x20/0x20
[  588.614003][T15345]  ? load_image+0x420/0x420
[  588.618528][T15345]  ? __lock_acquire+0x7d40/0x7d40
[  588.623575][T15345]  should_fail_ex+0x39d/0x4d0
[  588.628282][T15345]  _copy_from_user+0x2f/0xe0
[  588.632899][T15345]  __copy_msghdr+0x3bb/0x580
[  588.637511][T15345]  ___sys_sendmsg+0x214/0x360
[  588.642207][T15345]  ? get_pid_task+0x20/0x1e0
[  588.646836][T15345]  ? __sys_sendmsg+0x2a0/0x2a0
[  588.651623][T15345]  ? __lock_acquire+0x7d40/0x7d40
[  588.656668][T15345]  __se_sys_sendmsg+0x1c2/0x2b0
[  588.661511][T15345]  ? __x64_sys_sendmsg+0x80/0x80
[  588.666450][T15345]  ? lockdep_hardirqs_on+0x98/0x150
[  588.671643][T15345]  do_syscall_64+0x55/0xa0
[  588.676053][T15345]  ? clear_bhb_loop+0x40/0x90
[  588.680721][T15345]  ? clear_bhb_loop+0x40/0x90
[  588.685394][T15345]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  588.691277][T15345] RIP: 0033:0x7f921199ce59
[  588.695684][T15345] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  588.715292][T15345] RSP: 002b:00007f921287b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  588.723701][T15345] RAX: ffffffffffffffda RBX: 00007f9211c15fa0 RCX: 00007f921199ce59
[  588.731669][T15345] RDX: 7e8166965e22236a RSI: 0000200000007940 RDI: 0000000000000015
[  588.739631][T15345] RBP: 00007f921287b090 R08: 0000000000000000 R09: 0000000000000000
[  588.747600][T15345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  588.755564][T15345] R13: 00007f9211c16038 R14: 00007f9211c15fa0 R15: 00007ffe4050cb28
[  588.763535][T15345]  </TASK>
[  589.283005][T15365] netlink: 'syz.2.3459': attribute type 10 has an invalid length.
[  589.669690][T15371] netlink: 'syz.2.3462': attribute type 10 has an invalid length.
[  589.901955][T15384] delete_channel: no stack
[  589.906749][T15384] delete_channel: no stack
[  589.912597][T15384] netlink: 'syz.2.3466': attribute type 21 has an invalid length.
[  590.122821][T15389] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3469'.
[  590.151483][T15389] openvswitch: netlink: IP tunnel attribute has 3040 unknown bytes.
[  590.659651][T15393] netlink: 'syz.1.3471': attribute type 10 has an invalid length.
[  590.906647][T15398] FAULT_INJECTION: forcing a failure.
[  590.906647][T15398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.954859][T15398] CPU: 1 PID: 15398 Comm: syz.3.3473 Not tainted syzkaller #0
[  590.962366][T15398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  590.972434][T15398] Call Trace:
[  590.975726][T15398]  <TASK>
[  590.978662][T15398]  dump_stack_lvl+0x18c/0x250
[  590.983351][T15398]  ? show_regs_print_info+0x20/0x20
[  590.988550][T15398]  ? load_image+0x420/0x420
[  590.993055][T15398]  ? __might_fault+0xaa/0x120
[  590.997723][T15398]  ? __lock_acquire+0x7d40/0x7d40
[  591.002745][T15398]  should_fail_ex+0x39d/0x4d0
[  591.007427][T15398]  _copy_from_user+0x2f/0xe0
[  591.012011][T15398]  sk_setsockopt+0x2b2/0x2bc0
[  591.016692][T15398]  ? sockopt_capable+0x60/0x60
[  591.021454][T15398]  ? aa_sk_perm+0x83c/0x970
[  591.025969][T15398]  ? __fget_files+0x28/0x4b0
[  591.030569][T15398]  ? aa_af_perm+0x330/0x330
[  591.035075][T15398]  ? __fget_files+0x28/0x4b0
[  591.039663][T15398]  ? __fget_files+0x28/0x4b0
[  591.044249][T15398]  ? aa_sock_opt_perm+0x74/0x100
[  591.049188][T15398]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  591.054731][T15398]  ? security_socket_setsockopt+0x7e/0xa0
[  591.060448][T15398]  do_sock_setsockopt+0x11b/0x1a0
[  591.065473][T15398]  __x64_sys_setsockopt+0x182/0x200
[  591.070673][T15398]  do_syscall_64+0x55/0xa0
[  591.075084][T15398]  ? clear_bhb_loop+0x40/0x90
[  591.079753][T15398]  ? clear_bhb_loop+0x40/0x90
[  591.084422][T15398]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  591.090309][T15398] RIP: 0033:0x7fc69299ce59
[  591.094720][T15398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  591.114315][T15398] RSP: 002b:00007fc6938dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  591.122722][T15398] RAX: ffffffffffffffda RBX: 00007fc692c15fa0 RCX: 00007fc69299ce59
[  591.130861][T15398] RDX: 0000000000000042 RSI: 0000000000000001 RDI: 0000000000000003
[  591.138823][T15398] RBP: 00007fc6938dc090 R08: 000000000000003b R09: 0000000000000000
[  591.146788][T15398] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001
[  591.154752][T15398] R13: 00007fc692c16038 R14: 00007fc692c15fa0 R15: 00007fff981bc8c8
[  591.162723][T15398]  </TASK>
[  591.445102][T15408] netlink: 'syz.3.3478': attribute type 10 has an invalid length.
[  592.332870][T15422] delete_channel: no stack
[  592.343271][T15419] netlink: 'syz.3.3482': attribute type 10 has an invalid length.
[  592.383454][T15422] delete_channel: no stack
[  592.422153][T15425] netlink: 'syz.1.3483': attribute type 21 has an invalid length.
[  593.100534][T15439] netlink: 164 bytes leftover after parsing attributes in process `syz.1.3490'.
[  593.140184][T15447] delete_channel: no stack
[  593.148427][T15447] delete_channel: no stack
[  593.159137][T15447] netlink: 'syz.2.3493': attribute type 21 has an invalid length.
[  593.304724][T15449] netlink: 'syz.0.3494': attribute type 10 has an invalid length.
[  593.328089][T15455] FAULT_INJECTION: forcing a failure.
[  593.328089][T15455] name failslab, interval 1, probability 0, space 0, times 0
[  593.370606][T15455] CPU: 1 PID: 15455 Comm: syz.2.3495 Not tainted syzkaller #0
[  593.378117][T15455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  593.388187][T15455] Call Trace:
[  593.391481][T15455]  <TASK>
[  593.394422][T15455]  dump_stack_lvl+0x18c/0x250
[  593.399130][T15455]  ? show_regs_print_info+0x20/0x20
[  593.404363][T15455]  ? load_image+0x420/0x420
[  593.408891][T15455]  ? __lock_acquire+0x7d40/0x7d40
[  593.413934][T15455]  ? mark_lock+0x94/0x320
[  593.418287][T15455]  should_fail_ex+0x39d/0x4d0
[  593.422979][T15455]  should_failslab+0x9/0x20
[  593.427476][T15455]  slab_pre_alloc_hook+0x59/0x310
[  593.432494][T15455]  ? iovec_from_user+0x87/0x240
[  593.437341][T15455]  ? iovec_from_user+0x87/0x240
[  593.442191][T15455]  __kmem_cache_alloc_node+0x53/0x250
[  593.447562][T15455]  ? iovec_from_user+0x87/0x240
[  593.452399][T15455]  __kmalloc+0xa4/0x230
[  593.456560][T15455]  iovec_from_user+0x87/0x240
[  593.461240][T15455]  __import_iovec+0x13d/0x850
[  593.465915][T15455]  import_iovec+0x73/0xa0
[  593.470241][T15455]  ___sys_sendmsg+0x256/0x360
[  593.474915][T15455]  ? __sys_sendmsg+0x2a0/0x2a0
[  593.479687][T15455]  ? trace_call_bpf+0xc3/0x6c0
[  593.484472][T15455]  __se_sys_sendmsg+0x1c2/0x2b0
[  593.489318][T15455]  ? __x64_sys_sendmsg+0x80/0x80
[  593.494257][T15455]  ? lockdep_hardirqs_on+0x98/0x150
[  593.499456][T15455]  do_syscall_64+0x55/0xa0
[  593.503863][T15455]  ? clear_bhb_loop+0x40/0x90
[  593.508533][T15455]  ? clear_bhb_loop+0x40/0x90
[  593.513204][T15455]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  593.519091][T15455] RIP: 0033:0x7f8ef939ce59
[  593.523496][T15455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  593.543095][T15455] RSP: 002b:00007f8efa1ac028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  593.551504][T15455] RAX: ffffffffffffffda RBX: 00007f8ef9616090 RCX: 00007f8ef939ce59
[  593.559470][T15455] RDX: 00000000000012cd RSI: 0000200000000040 RDI: 0000000000000003
[  593.567432][T15455] RBP: 00007f8efa1ac090 R08: 0000000000000000 R09: 0000000000000000
[  593.575398][T15455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.583358][T15455] R13: 00007f8ef9616128 R14: 00007f8ef9616090 R15: 00007ffd03626a08
[  593.591356][T15455]  </TASK>
[  593.612215][T15460] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  593.628555][T15460] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  593.831873][T15471] delete_channel: no stack
[  593.837575][T15471] delete_channel: no stack
[  593.843795][T15471] netlink: 'syz.0.3503': attribute type 21 has an invalid length.
[  593.977720][T15477] netlink: 164 bytes leftover after parsing attributes in process `syz.0.3505'.
[  594.322435][T15486] netlink: 'syz.0.3509': attribute type 10 has an invalid length.
[  594.348047][ T3560] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  594.448660][T15490] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  594.475002][T15490] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  594.504288][T15493] delete_channel: no stack
[  594.512225][T15493] delete_channel: no stack
[  594.540761][T15493] netlink: 'syz.0.3513': attribute type 21 has an invalid length.
[  595.269935][T15521] delete_channel: no stack
[  595.274998][T15521] delete_channel: no stack
[  595.280410][T15521] netlink: 'syz.0.3522': attribute type 21 has an invalid length.
[  595.452556][T15529] netlink: 'syz.1.3525': attribute type 10 has an invalid length.
[  595.476536][T15526] netlink: 'syz.0.3524': attribute type 10 has an invalid length.
[  595.556337][T15526] team0: Port device wlan1 added
[  595.673453][T15534] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  595.683653][T15534] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  596.199248][T15550] delete_channel: no stack
[  596.200109][T15552] FAULT_INJECTION: forcing a failure.
[  596.200109][T15552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  596.203783][T15550] delete_channel: no stack
[  596.220950][T15552] CPU: 1 PID: 15552 Comm: syz.2.3533 Not tainted syzkaller #0
[  596.228644][T15552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  596.238707][T15552] Call Trace:
[  596.241998][T15552]  <TASK>
[  596.244943][T15552]  dump_stack_lvl+0x18c/0x250
[  596.249642][T15552]  ? show_regs_print_info+0x20/0x20
[  596.254857][T15552]  ? load_image+0x420/0x420
[  596.259379][T15552]  ? __might_fault+0xaa/0x120
[  596.262682][T15550] netlink: 'syz.3.3532': attribute type 21 has an invalid length.
[  596.264056][T15552]  ? __lock_acquire+0x7d40/0x7d40
[  596.276885][T15552]  should_fail_ex+0x39d/0x4d0
[  596.281585][T15552]  _copy_from_user+0x2f/0xe0
[  596.286194][T15552]  ___sys_sendmsg+0x1c7/0x360
[  596.290885][T15552]  ? get_pid_task+0x20/0x1e0
[  596.295500][T15552]  ? __sys_sendmsg+0x2a0/0x2a0
[  596.296588][T15554] FAULT_INJECTION: forcing a failure.
[  596.296588][T15554] name failslab, interval 1, probability 0, space 0, times 0
[  596.300279][T15552]  ? __lock_acquire+0x7d40/0x7d40
[  596.317867][T15552]  __se_sys_sendmsg+0x1c2/0x2b0
[  596.322719][T15552]  ? __x64_sys_sendmsg+0x80/0x80
[  596.327666][T15552]  ? lockdep_hardirqs_on+0x98/0x150
[  596.332868][T15552]  do_syscall_64+0x55/0xa0
[  596.337279][T15552]  ? clear_bhb_loop+0x40/0x90
[  596.341952][T15552]  ? clear_bhb_loop+0x40/0x90
[  596.346630][T15552]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  596.352525][T15552] RIP: 0033:0x7f8ef939ce59
[  596.356943][T15552] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  596.376553][T15552] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  596.384965][T15552] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  596.392934][T15552] RDX: 0000000000000000 RSI: 0000200000000b00 RDI: 0000000000000005
[  596.400911][T15552] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  596.408894][T15552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  596.416875][T15552] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  596.424862][T15552]  </TASK>
[  596.427878][T15554] CPU: 0 PID: 15554 Comm: syz.0.3534 Not tainted syzkaller #0
[  596.435390][T15554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  596.445449][T15554] Call Trace:
[  596.448719][T15554]  <TASK>
[  596.451649][T15554]  dump_stack_lvl+0x18c/0x250
[  596.456329][T15554]  ? show_regs_print_info+0x20/0x20
[  596.461523][T15554]  ? load_image+0x420/0x420
[  596.466022][T15554]  ? __might_sleep+0xe0/0xe0
[  596.470605][T15554]  ? __lock_acquire+0x7d40/0x7d40
[  596.475622][T15554]  ? get_random_u64+0x170/0x8d0
[  596.480473][T15554]  should_fail_ex+0x39d/0x4d0
[  596.485148][T15554]  should_failslab+0x9/0x20
[  596.489646][T15554]  slab_pre_alloc_hook+0x59/0x310
[  596.494669][T15554]  kmem_cache_alloc+0x5a/0x2d0
[  596.499426][T15554]  ? prepare_creds+0x30/0x5d0
[  596.504099][T15554]  prepare_creds+0x30/0x5d0
[  596.508604][T15554]  copy_creds+0x105/0xa70
[  596.512931][T15554]  copy_process+0x953/0x3d80
[  596.517510][T15554]  ? __might_fault+0xaa/0x120
[  596.522193][T15554]  ? get_pid_task+0x20/0x1e0
[  596.526782][T15554]  ? __pidfd_prepare+0x140/0x140
[  596.531717][T15554]  kernel_clone+0x24b/0x8a0
[  596.536215][T15554]  ? create_io_thread+0x190/0x190
[  596.541249][T15554]  __x64_sys_clone+0x1b7/0x230
[  596.546007][T15554]  ? __fget_files+0x43d/0x4b0
[  596.550679][T15554]  ? __ia32_sys_vfork+0x140/0x140
[  596.555705][T15554]  ? lock_chain_count+0x20/0x20
[  596.560552][T15554]  ? lockdep_hardirqs_on+0x98/0x150
[  596.565745][T15554]  do_syscall_64+0x55/0xa0
[  596.570151][T15554]  ? clear_bhb_loop+0x40/0x90
[  596.574823][T15554]  ? clear_bhb_loop+0x40/0x90
[  596.579493][T15554]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  596.585378][T15554] RIP: 0033:0x7fcc7319ce59
[  596.589786][T15554] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  596.609408][T15554] RSP: 002b:00007fcc73f90fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[  596.617831][T15554] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  596.625812][T15554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000164000
[  596.633772][T15554] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  596.641745][T15554] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[  596.649714][T15554] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  596.657689][T15554]  </TASK>
[  596.804367][T15558] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  596.818496][T15558] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  596.852669][T15564] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  596.875103][T15564] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  597.312851][T15575] netlink: 'syz.0.3541': attribute type 10 has an invalid length.
[  597.356234][T15577] delete_channel: no stack
[  597.360825][T15577] delete_channel: no stack
[  597.367423][T15575] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3541'.
[  597.411305][T15575] veth0_vlan: left promiscuous mode
[  597.451806][T15575] veth0_vlan: entered promiscuous mode
[  597.503263][T15575] batman_adv: batadv0: Adding interface: veth0_vlan
[  597.528060][T15575] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  597.581688][T15575] batman_adv: batadv0: Interface activated: veth0_vlan
[  597.629097][T15579] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  597.648174][T15579] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  597.945604][   T11] wlan1: Trigger new scan to find an IBSS to join
[  598.042205][T15591] FAULT_INJECTION: forcing a failure.
[  598.042205][T15591] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  598.065352][T15591] CPU: 1 PID: 15591 Comm: syz.0.3550 Not tainted syzkaller #0
[  598.072850][T15591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  598.082914][T15591] Call Trace:
[  598.086187][T15591]  <TASK>
[  598.089112][T15591]  dump_stack_lvl+0x18c/0x250
[  598.093795][T15591]  ? show_regs_print_info+0x20/0x20
[  598.098991][T15591]  ? load_image+0x420/0x420
[  598.103500][T15591]  ? __might_fault+0xaa/0x120
[  598.108168][T15591]  ? __lock_acquire+0x7d40/0x7d40
[  598.113189][T15591]  should_fail_ex+0x39d/0x4d0
[  598.117863][T15591]  _copy_from_user+0x2f/0xe0
[  598.122446][T15591]  ___sys_sendmsg+0x1c7/0x360
[  598.127112][T15591]  ? get_pid_task+0x20/0x1e0
[  598.131696][T15591]  ? __sys_sendmsg+0x2a0/0x2a0
[  598.136461][T15591]  ? __lock_acquire+0x7d40/0x7d40
[  598.141492][T15591]  __se_sys_sendmsg+0x1c2/0x2b0
[  598.146338][T15591]  ? __x64_sys_sendmsg+0x80/0x80
[  598.151274][T15591]  ? lockdep_hardirqs_on+0x98/0x150
[  598.156469][T15591]  do_syscall_64+0x55/0xa0
[  598.160874][T15591]  ? clear_bhb_loop+0x40/0x90
[  598.165544][T15591]  ? clear_bhb_loop+0x40/0x90
[  598.170213][T15591]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  598.176097][T15591] RIP: 0033:0x7fcc7319ce59
[  598.180503][T15591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  598.200102][T15591] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  598.208507][T15591] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  598.216466][T15591] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000006
[  598.224424][T15591] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  598.232384][T15591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.240343][T15591] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  598.248315][T15591]  </TASK>
[  598.326297][T15597] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  598.347259][T15597] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  598.426734][T15600] validate_nla: 1 callbacks suppressed
[  598.426750][T15600] netlink: 'syz.0.3553': attribute type 21 has an invalid length.
[  598.472939][T15602] netlink: 'syz.2.3554': attribute type 10 has an invalid length.
[  598.737992][T15609] FAULT_INJECTION: forcing a failure.
[  598.737992][T15609] name failslab, interval 1, probability 0, space 0, times 0
[  598.765387][T15609] CPU: 0 PID: 15609 Comm: syz.3.3556 Not tainted syzkaller #0
[  598.772876][T15609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  598.782940][T15609] Call Trace:
[  598.786216][T15609]  <TASK>
[  598.789142][T15609]  dump_stack_lvl+0x18c/0x250
[  598.793821][T15609]  ? show_regs_print_info+0x20/0x20
[  598.799021][T15609]  ? load_image+0x420/0x420
[  598.803521][T15609]  ? __might_sleep+0xe0/0xe0
[  598.808105][T15609]  ? __lock_acquire+0x7d40/0x7d40
[  598.813125][T15609]  should_fail_ex+0x39d/0x4d0
[  598.817802][T15609]  should_failslab+0x9/0x20
[  598.822299][T15609]  slab_pre_alloc_hook+0x59/0x310
[  598.827324][T15609]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  598.833039][T15609]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  598.838753][T15609]  __kmem_cache_alloc_node+0x53/0x250
[  598.844141][T15609]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  598.849861][T15609]  __kmalloc+0xa4/0x230
[  598.854037][T15609]  tomoyo_realpath_from_path+0xe3/0x5d0
[  598.859585][T15609]  tomoyo_path_number_perm+0x248/0x620
[  598.865055][T15609]  ? tomoyo_path_number_perm+0x217/0x620
[  598.870684][T15609]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  598.876139][T15609]  ? trace_call_bpf+0xc3/0x6c0
[  598.880899][T15609]  ? trace_call_bpf+0xc3/0x6c0
[  598.885657][T15609]  ? trace_call_bpf+0x5e9/0x6c0
[  598.890523][T15609]  ? __fget_files+0x28/0x4b0
[  598.895103][T15609]  ? __fget_files+0x28/0x4b0
[  598.899693][T15609]  security_file_ioctl+0x70/0xa0
[  598.904649][T15609]  __se_sys_ioctl+0x48/0x170
[  598.909241][T15609]  do_syscall_64+0x55/0xa0
[  598.913664][T15609]  ? clear_bhb_loop+0x40/0x90
[  598.918344][T15609]  ? clear_bhb_loop+0x40/0x90
[  598.923017][T15609]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  598.928901][T15609] RIP: 0033:0x7fc69299ce59
[  598.933319][T15609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  598.952936][T15609] RSP: 002b:00007fc6938dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  598.961346][T15609] RAX: ffffffffffffffda RBX: 00007fc692c15fa0 RCX: 00007fc69299ce59
[  598.969314][T15609] RDX: 0000000000000000 RSI: 0000000000008907 RDI: 0000000000000003
[  598.977273][T15609] RBP: 00007fc6938dc090 R08: 0000000000000000 R09: 0000000000000000
[  598.985238][T15609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  598.993197][T15609] R13: 00007fc692c16038 R14: 00007fc692c15fa0 R15: 00007fff981bc8c8
[  599.001172][T15609]  </TASK>
[  599.029934][T15609] ERROR: Out of memory at tomoyo_realpath_from_path.
[  599.045319][T15610] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  599.052361][T15610] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  599.105533][T15617] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  599.123593][T15617] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  599.475974][   T11] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  600.068382][T15641] netlink: 'syz.1.3567': attribute type 10 has an invalid length.
[  600.113011][T15643] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  600.165877][T15643] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  601.154861][T15661] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  601.180615][T15661] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  601.250077][T15663] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  601.276834][T15663] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  601.954293][ T1145] wlan1: Trigger new scan to find an IBSS to join
[  602.060355][T15675] netlink: 'syz.0.3577': attribute type 10 has an invalid length.
[  602.192109][T15680] netlink: 'syz.3.3576': attribute type 28 has an invalid length.
[  602.260714][T15680] netlink: 'syz.3.3576': attribute type 29 has an invalid length.
[  602.320160][T15680] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3576'.
[  602.875856][ T3560] wlan1: Creating new IBSS network, BSSID 00:8d:8d:ff:00:00
[  604.153796][T15712] netlink: 'syz.2.3589': attribute type 10 has an invalid length.
[  605.466499][T15738] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  605.474907][T15738] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  605.513446][T15742] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  605.554702][T15742] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  605.632166][T15745] netlink: 'syz.2.3600': attribute type 10 has an invalid length.
[  605.654675][T15745] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3600'.
[  605.700490][T15745] batman_adv: batadv0: Adding interface: veth0_vlan
[  605.734875][T15745] batman_adv: batadv0: The MTU of interface veth0_vlan is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  605.802705][T15745] batman_adv: batadv0: Interface activated: veth0_vlan
[  605.896150][T15751] FAULT_INJECTION: forcing a failure.
[  605.896150][T15751] name failslab, interval 1, probability 0, space 0, times 0
[  606.015380][T15751] CPU: 1 PID: 15751 Comm: syz.1.3601 Not tainted syzkaller #0
[  606.022891][T15751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  606.032963][T15751] Call Trace:
[  606.036255][T15751]  <TASK>
[  606.039197][T15751]  dump_stack_lvl+0x18c/0x250
[  606.043898][T15751]  ? show_regs_print_info+0x20/0x20
[  606.049118][T15751]  ? load_image+0x420/0x420
[  606.053650][T15751]  ? __might_sleep+0xe0/0xe0
[  606.058258][T15751]  ? __lock_acquire+0x7d40/0x7d40
[  606.063299][T15751]  ? lock_chain_count+0x20/0x20
[  606.068171][T15751]  should_fail_ex+0x39d/0x4d0
[  606.072875][T15751]  should_failslab+0x9/0x20
[  606.077400][T15751]  slab_pre_alloc_hook+0x59/0x310
[  606.082444][T15751]  ? _raw_spin_unlock+0x40/0x40
[  606.087311][T15751]  ? string+0x26d/0x2b0
[  606.091483][T15751]  ? __request_module+0x2d1/0x600
[  606.096533][T15751]  __kmem_cache_alloc_node+0x53/0x250
[  606.101934][T15751]  ? __request_module+0x2d1/0x600
[  606.106977][T15751]  kmalloc_trace+0x2a/0xe0
[  606.111417][T15751]  __request_module+0x2d1/0x600
[  606.116290][T15751]  ? module_enforce_rwx_sections+0x150/0x150
[  606.122289][T15751]  ? tcp_ca_find_autoload+0x115/0x240
[  606.127683][T15751]  ? bpf_lsm_capable+0x9/0x10
[  606.132389][T15751]  ? tcp_ca_find_autoload+0x115/0x240
[  606.137775][T15751]  tcp_ca_find_autoload+0x138/0x240
[  606.142984][T15751]  ? tcp_set_congestion_control+0x73/0xad0
[  606.148803][T15751]  tcp_set_congestion_control+0x120/0xad0
[  606.154542][T15751]  ? tcp_set_congestion_control+0x73/0xad0
[  606.160369][T15751]  mptcp_setsockopt+0x2643/0x3390
[  606.165420][T15751]  ? __fget_files+0x28/0x4b0
[  606.170029][T15751]  ? pm_nl_exit_net+0x230/0x230
[  606.174897][T15751]  ? aa_af_perm+0x330/0x330
[  606.179423][T15751]  ? __fget_files+0x28/0x4b0
[  606.184027][T15751]  ? __fget_files+0x28/0x4b0
[  606.188632][T15751]  ? aa_sock_opt_perm+0x74/0x100
[  606.193591][T15751]  ? sock_common_setsockopt+0x36/0xc0
[  606.198983][T15751]  ? sock_common_recvmsg+0x190/0x190
[  606.204289][T15751]  do_sock_setsockopt+0x175/0x1a0
[  606.209328][T15751]  ? __fdget+0x180/0x210
[  606.213594][T15751]  __x64_sys_setsockopt+0x182/0x200
[  606.218814][T15751]  do_syscall_64+0x55/0xa0
[  606.223244][T15751]  ? clear_bhb_loop+0x40/0x90
[  606.227939][T15751]  ? clear_bhb_loop+0x40/0x90
[  606.232632][T15751]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  606.238542][T15751] RIP: 0033:0x7f921199ce59
[  606.242968][T15751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  606.262588][T15751] RSP: 002b:00007f921285a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  606.271023][T15751] RAX: ffffffffffffffda RBX: 00007f9211c16090 RCX: 00007f921199ce59
[  606.279007][T15751] RDX: 000000000000000d RSI: 0000000000000006 RDI: 0000000000000004
[  606.286990][T15751] RBP: 00007f921285a090 R08: 0000000000000004 R09: 0000000000000000
[  606.294973][T15751] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001
[  606.302957][T15751] R13: 00007f9211c16128 R14: 00007f9211c16090 R15: 00007ffe4050cb28
[  606.310962][T15751]  </TASK>
[  606.811775][T15765] netlink: 'syz.0.3608': attribute type 28 has an invalid length.
[  606.835389][T15765] netlink: 'syz.0.3608': attribute type 29 has an invalid length.
[  606.843232][T15765] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3608'.
[  607.637780][T15776] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  607.661737][T15776] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  608.170485][T15782] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  608.185202][T15782] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  608.249750][T15783] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  608.280070][T15783] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  608.711662][T15788] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  608.741510][T15788] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  608.867684][T15796] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  608.894637][T15796] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  609.958021][T15810] netlink: 'syz.2.3621': attribute type 10 has an invalid length.
[  610.026829][T15812] netlink: 'syz.0.3620': attribute type 10 has an invalid length.
[  610.077356][T15805] netlink: 'syz.3.3619': attribute type 10 has an invalid length.
[  610.155330][T15805] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3619'.
[  610.206298][T15805] batadv_slave_1: entered promiscuous mode
[  610.232363][T15805] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  610.287336][T15805] batman_adv: batadv0: Removing interface: batadv_slave_1
[  610.605492][T15819] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  610.612459][T15819] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  610.689116][T15823] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  610.711490][T15823] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  611.032868][T15835] netlink: 'syz.3.3628': attribute type 10 has an invalid length.
[  611.097736][T15835] team0: Device wg1 is of different type
[  611.148018][T15837] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  611.172968][T15837] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  611.224796][T15839] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  611.232086][T15839] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  611.568086][T15846] netlink: 'syz.3.3630': attribute type 10 has an invalid length.
[  611.691112][T15846] team0: Device hsr_slave_0 failed to register rx_handler
[  611.731531][T15848] FAULT_INJECTION: forcing a failure.
[  611.731531][T15848] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  611.760671][T15848] CPU: 0 PID: 15848 Comm: syz.2.3631 Not tainted syzkaller #0
[  611.768173][T15848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  611.778241][T15848] Call Trace:
[  611.781534][T15848]  <TASK>
[  611.784476][T15848]  dump_stack_lvl+0x18c/0x250
[  611.789189][T15848]  ? show_regs_print_info+0x20/0x20
[  611.794409][T15848]  ? load_image+0x420/0x420
[  611.798947][T15848]  ? __might_fault+0xaa/0x120
[  611.803642][T15848]  ? __lock_acquire+0x7d40/0x7d40
[  611.808690][T15848]  should_fail_ex+0x39d/0x4d0
[  611.813393][T15848]  _copy_from_user+0x2f/0xe0
[  611.818001][T15848]  ___sys_sendmsg+0x1c7/0x360
[  611.822692][T15848]  ? get_pid_task+0x20/0x1e0
[  611.827311][T15848]  ? __sys_sendmsg+0x2a0/0x2a0
[  611.832103][T15848]  ? __lock_acquire+0x7d40/0x7d40
[  611.837181][T15848]  __se_sys_sendmsg+0x1c2/0x2b0
[  611.842053][T15848]  ? __x64_sys_sendmsg+0x80/0x80
[  611.847022][T15848]  ? lockdep_hardirqs_on+0x98/0x150
[  611.852237][T15848]  do_syscall_64+0x55/0xa0
[  611.856667][T15848]  ? clear_bhb_loop+0x40/0x90
[  611.861360][T15848]  ? clear_bhb_loop+0x40/0x90
[  611.866057][T15848]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  611.871970][T15848] RIP: 0033:0x7f8ef939ce59
[  611.876397][T15848] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  611.896015][T15848] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  611.904442][T15848] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  611.912426][T15848] RDX: 0000000000000000 RSI: 0000200000000600 RDI: 0000000000000008
[  611.920405][T15848] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  611.928380][T15848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  611.936343][T15848] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  611.944330][T15848]  </TASK>
[  612.108490][T15850] netlink: 'syz.0.3632': attribute type 10 has an invalid length.
[  612.175683][T15852] netlink: 'syz.3.3633': attribute type 10 has an invalid length.
[  612.693703][T15871] netlink: 'syz.2.3640': attribute type 10 has an invalid length.
[  612.738388][T15871] team0: Device wg1 is of different type
[  612.801926][T15867] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  612.853292][T15867] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  612.904769][T15873] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  612.911867][T15873] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  613.447602][T15884] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  613.468172][T15884] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  613.554887][T15886] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  613.562012][T15886] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  613.883350][T15890] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  613.934994][T15890] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  614.011203][T15893] netlink: 'syz.3.3647': attribute type 10 has an invalid length.
[  614.047065][T15896] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  614.154744][T15896] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  614.429311][T15903] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  614.504840][T15903] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  614.601399][T15904] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  614.627549][T15904] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  614.794843][T15911] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3652'.
[  616.002507][T15930] netlink: 'syz.2.3656': attribute type 10 has an invalid length.
[  616.205789][T15924] delete_channel: no stack
[  616.264791][T11961] Bluetooth: hci3: command 0x0406 tx timeout
[  616.786329][T15937] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  616.804918][T15937] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  616.869459][T15942] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  616.927875][T15942] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  617.029013][T15949] netlink: 'syz.2.3661': attribute type 10 has an invalid length.
[  617.078356][T15949] team0: Device wg1 is of different type
[  617.545853][T15953] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  617.633916][T15953] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  617.720021][T15955] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  617.801901][T15955] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  617.876724][T15965] netlink: 'syz.1.3665': attribute type 28 has an invalid length.
[  617.897169][T15966] netlink: 'syz.0.3666': attribute type 10 has an invalid length.
[  617.926159][T15965] netlink: 'syz.1.3665': attribute type 29 has an invalid length.
[  617.971143][T15965] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3665'.
[  618.442892][T15957] netlink: 'syz.2.3664': attribute type 10 has an invalid length.
[  618.450955][T15957] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3664'.
[  618.474840][T15957] batadv_slave_1: entered promiscuous mode
[  618.480925][T15957] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  618.524863][T15957] batman_adv: batadv0: Removing interface: batadv_slave_1
[  619.895125][T15992] netlink: 'syz.3.3672': attribute type 10 has an invalid length.
[  620.692405][T15992] team0: Device wg1 is of different type
[  620.876318][T15997] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  620.883405][T15997] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  620.986838][T15998] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  621.018236][T15998] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  621.156360][T16004] netlink: 'syz.0.3675': attribute type 10 has an invalid length.
[  621.692328][T16010] netlink: 'syz.3.3676': attribute type 10 has an invalid length.
[  622.452473][T16030] netlink: 'syz.0.3684': attribute type 10 has an invalid length.
[  623.506615][T16030] team0: Device wg1 is of different type
[  623.670221][T16034] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  623.677136][T16034] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  623.703551][T16038] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  623.713773][T16038] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  624.037612][T16045] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  624.074782][T16045] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  624.144828][T16049] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  624.198178][T16049] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  624.285051][T16048] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3688'.
[  624.434128][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  624.441652][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  625.571005][T16080] netlink: 'syz.1.3697': attribute type 10 has an invalid length.
[  626.004846][T16084] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3700'.
[  626.270085][T16092] netlink: 'syz.1.3701': attribute type 10 has an invalid length.
[  627.219993][T16086] delete_channel: no stack
[  628.238668][T16130] netlink: 'syz.0.3711': attribute type 10 has an invalid length.
[  628.275202][T16126] netlink: 'syz.3.3710': attribute type 10 has an invalid length.
[  628.496922][T16134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3712'.
[  630.558604][T16167] netlink: 'syz.2.3722': attribute type 10 has an invalid length.
[  630.848221][T16178] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3726'.
[  632.365271][T16204] netlink: 'syz.0.3737': attribute type 10 has an invalid length.
[  633.056294][T16209] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  633.070426][T16209] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  633.126767][T16211] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  633.133887][T16211] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  633.293807][T16222] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3741'.
[  634.280447][T16240] netlink: 'syz.1.3748': attribute type 10 has an invalid length.
[  634.302214][T16242] netlink: 'syz.0.3749': attribute type 10 has an invalid length.
[  634.857418][T16244] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  634.864460][T16244] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  634.962830][T16247] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  634.982762][T16247] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  634.992188][T16254] netlink: 'syz.3.3753': attribute type 10 has an invalid length.
[  635.447819][T16263] delete_channel: no stack
[  635.995289][T16278] netlink: 'syz.3.3759': attribute type 10 has an invalid length.
[  636.650644][T16287] netlink: 'syz.0.3763': attribute type 10 has an invalid length.
[  636.980955][T16293] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  637.037826][T16293] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  637.114710][T16298] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  637.121824][T16298] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  637.232636][T16296] netlink: 'syz.3.3766': attribute type 10 has an invalid length.
[  637.773362][T16314] netlink: 'syz.2.3771': attribute type 10 has an invalid length.
[  638.058144][T16310] delete_channel: no stack
[  638.469810][T16329] netlink: 'syz.1.3776': attribute type 10 has an invalid length.
[  639.125885][T16341] netlink: 'syz.3.3781': attribute type 10 has an invalid length.
[  639.205507][T16343] netlink: 'syz.2.3780': attribute type 10 has an invalid length.
[  639.835339][T16356] netlink: 'syz.3.3787': attribute type 10 has an invalid length.
[  640.287170][T16368] netlink: 'syz.3.3792': attribute type 10 has an invalid length.
[  640.505504][T16369] delete_channel: no stack
[  641.191725][T16384] netlink: 'syz.1.3799': attribute type 10 has an invalid length.
[  641.401888][T16385] netlink: 'syz.0.3798': attribute type 10 has an invalid length.
[  641.627546][T16392] netlink: 'syz.2.3804': attribute type 10 has an invalid length.
[  642.119866][T16409] netlink: 'syz.2.3810': attribute type 10 has an invalid length.
[  642.353560][T16410] delete_channel: no stack
[  642.834508][T16416] netlink: 'syz.1.3811': attribute type 10 has an invalid length.
[  643.164401][T16429] netlink: 'syz.0.3816': attribute type 10 has an invalid length.
[  643.587634][T16438] FAULT_INJECTION: forcing a failure.
[  643.587634][T16438] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  643.614691][T16438] CPU: 0 PID: 16438 Comm: syz.0.3820 Not tainted syzkaller #0
[  643.622191][T16438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  643.632259][T16438] Call Trace:
[  643.635552][T16438]  <TASK>
[  643.638498][T16438]  dump_stack_lvl+0x18c/0x250
[  643.643209][T16438]  ? show_regs_print_info+0x20/0x20
[  643.648436][T16438]  ? load_image+0x420/0x420
[  643.652965][T16438]  ? __might_fault+0xaa/0x120
[  643.657670][T16438]  ? __lock_acquire+0x7d40/0x7d40
[  643.662717][T16438]  should_fail_ex+0x39d/0x4d0
[  643.667419][T16438]  _copy_from_user+0x2f/0xe0
[  643.672026][T16438]  bpf_prog_test_run_skb+0x266/0x12b0
[  643.677415][T16438]  ? __fget_files+0x28/0x4b0
[  643.682024][T16438]  ? __fget_files+0x28/0x4b0
[  643.686637][T16438]  ? __fget_files+0x43d/0x4b0
[  643.691345][T16438]  ? cpu_online+0x60/0x60
[  643.695696][T16438]  bpf_prog_test_run+0x321/0x390
[  643.700654][T16438]  __sys_bpf+0x49d/0x890
[  643.704917][T16438]  ? bpf_link_show_fdinfo+0x390/0x390
[  643.710324][T16438]  ? lock_chain_count+0x20/0x20
[  643.715204][T16438]  __x64_sys_bpf+0x7c/0x90
[  643.719637][T16438]  do_syscall_64+0x55/0xa0
[  643.724072][T16438]  ? clear_bhb_loop+0x40/0x90
[  643.728768][T16438]  ? clear_bhb_loop+0x40/0x90
[  643.733464][T16438]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  643.739380][T16438] RIP: 0033:0x7fcc7319ce59
[  643.743810][T16438] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  643.763433][T16438] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  643.771867][T16438] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  643.779853][T16438] RDX: 0000000000000050 RSI: 0000200000000900 RDI: 000000000000000a
[  643.787836][T16438] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  643.795820][T16438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  643.803801][T16438] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  643.811794][T16438]  </TASK>
[  644.121949][T16444] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3822'.
[  644.265665][T16447] netlink: 'syz.0.3823': attribute type 10 has an invalid length.
[  644.997719][T16457] netlink: 'syz.3.3827': attribute type 10 has an invalid length.
[  645.105738][T16461] netlink: 'syz.2.3829': attribute type 10 has an invalid length.
[  645.146491][T16462] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3828'.
[  645.959896][T16474] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  645.967985][T16474] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  646.018093][T16475] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  646.032658][T16475] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  646.065255][T16477] netlink: 'syz.1.3835': attribute type 19 has an invalid length.
[  646.126938][T16477] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3835'.
[  646.572145][T16484] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  646.585032][T16484] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  646.623308][T16483] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  646.665148][T16483] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  646.780704][T16488] netlink: 'syz.1.3837': attribute type 10 has an invalid length.
[  647.002475][T16499] netlink: 'syz.0.3841': attribute type 10 has an invalid length.
[  647.037727][T16495] netlink: 'syz.2.3839': attribute type 10 has an invalid length.
[  647.432289][T16508] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3846'.
[  647.520630][T16511] FAULT_INJECTION: forcing a failure.
[  647.520630][T16511] name failslab, interval 1, probability 0, space 0, times 0
[  647.564813][T16511] CPU: 0 PID: 16511 Comm: syz.0.3847 Not tainted syzkaller #0
[  647.572325][T16511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  647.582396][T16511] Call Trace:
[  647.585689][T16511]  <TASK>
[  647.588630][T16511]  dump_stack_lvl+0x18c/0x250
[  647.593333][T16511]  ? show_regs_print_info+0x20/0x20
[  647.598552][T16511]  ? load_image+0x420/0x420
[  647.603081][T16511]  ? __might_sleep+0xe0/0xe0
[  647.607690][T16511]  ? __lock_acquire+0x7d40/0x7d40
[  647.612735][T16511]  should_fail_ex+0x39d/0x4d0
[  647.617440][T16511]  should_failslab+0x9/0x20
[  647.621961][T16511]  slab_pre_alloc_hook+0x59/0x310
[  647.627010][T16511]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  647.632746][T16511]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  647.638470][T16511]  __kmem_cache_alloc_node+0x53/0x250
[  647.643841][T16511]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  647.649554][T16511]  __kmalloc+0xa4/0x230
[  647.653707][T16511]  tomoyo_realpath_from_path+0xe3/0x5d0
[  647.659254][T16511]  tomoyo_path_number_perm+0x248/0x620
[  647.664709][T16511]  ? tomoyo_path_number_perm+0x217/0x620
[  647.670335][T16511]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  647.675789][T16511]  ? trace_call_bpf+0xc3/0x6c0
[  647.680550][T16511]  ? trace_call_bpf+0xc3/0x6c0
[  647.685313][T16511]  ? trace_call_bpf+0x5e9/0x6c0
[  647.690180][T16511]  ? __fget_files+0x28/0x4b0
[  647.694762][T16511]  ? __fget_files+0x28/0x4b0
[  647.699356][T16511]  security_file_ioctl+0x70/0xa0
[  647.704292][T16511]  __se_sys_ioctl+0x48/0x170
[  647.708878][T16511]  do_syscall_64+0x55/0xa0
[  647.713297][T16511]  ? clear_bhb_loop+0x40/0x90
[  647.717976][T16511]  ? clear_bhb_loop+0x40/0x90
[  647.722649][T16511]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  647.728537][T16511] RIP: 0033:0x7fcc7319ce59
[  647.732945][T16511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  647.752542][T16511] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  647.760952][T16511] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  647.768921][T16511] RDX: 0000200000000080 RSI: 0000000000008946 RDI: 000000000000003d
[  647.776891][T16511] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  647.784859][T16511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  647.792828][T16511] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  647.800803][T16511]  </TASK>
[  647.828965][T16511] ERROR: Out of memory at tomoyo_realpath_from_path.
[  647.931272][T16517] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  647.938749][T16517] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  647.973821][T16520] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  647.980857][T16520] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  647.991594][T16517] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  648.000898][T16517] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  648.013165][T16520] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  648.020450][T16520] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  648.297731][T16525] netlink: 'syz.0.3851': attribute type 10 has an invalid length.
[  648.439807][T16529] netlink: 'syz.1.3853': attribute type 10 has an invalid length.
[  648.756854][T16527] netlink: 'syz.2.3852': attribute type 10 has an invalid length.
[  648.774734][T16527] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3852'.
[  648.868910][T16539] netlink: 'syz.1.3864': attribute type 10 has an invalid length.
[  649.277864][T16542] netlink: 'syz.2.3857': attribute type 10 has an invalid length.
[  649.326812][T16542] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3857'.
[  649.449849][T16554] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  649.484690][T16554] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  649.530387][T16555] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  649.569975][T16555] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  649.992390][T16562] netlink: 'syz.0.3862': attribute type 10 has an invalid length.
[  650.171944][T16566] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  650.186326][T16566] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  650.241299][T16571] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  650.285074][T16571] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  650.325585][T16573] netlink: 'syz.0.3868': attribute type 10 has an invalid length.
[  650.480192][T16570] netlink: 'syz.3.3867': attribute type 10 has an invalid length.
[  650.495751][T16570] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3867'.
[  650.666050][T16578] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3869'.
[  650.851883][T16582] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  650.880731][T16582] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  650.949394][T16584] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  650.972454][T16584] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  651.317867][T16587] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3873'.
[  651.575465][T16594] netlink: 'syz.0.3875': attribute type 10 has an invalid length.
[  652.015273][T16604] netlink: 'syz.0.3877': attribute type 10 has an invalid length.
[  652.269409][T16605] delete_channel: no stack
[  652.394940][T16608] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3879'.
[  652.440883][T16614] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  652.455397][T16614] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  652.497338][T16616] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  652.504447][T16616] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  653.523779][T16639] validate_nla: 2 callbacks suppressed
[  653.523810][T16639] netlink: 'syz.3.3889': attribute type 10 has an invalid length.
[  653.675524][T16636] delete_channel: no stack
[  654.031223][T16644] delete_channel: no stack
[  654.407836][T16658] netlink: 'syz.0.3896': attribute type 10 has an invalid length.
[  654.493496][T16650] netlink: 'syz.3.3894': attribute type 10 has an invalid length.
[  654.513332][T16650] netlink: 2 bytes leftover after parsing attributes in process `syz.3.3894'.
[  654.900482][T16667] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3901'.
[  655.167937][T16671] netlink: 'syz.1.3900': attribute type 10 has an invalid length.
[  655.538991][T16674] netlink: 'syz.0.3911': attribute type 10 has an invalid length.
[  655.721670][T16675] delete_channel: no stack
[  655.958728][T16687] netlink: 'syz.0.3907': attribute type 10 has an invalid length.
[  655.969319][T16677] delete_channel: no stack
[  656.541602][T16699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3914'.
[  656.683074][T16703] netlink: 'syz.3.3915': attribute type 10 has an invalid length.
[  657.299049][T16711] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.3918'.
[  657.355007][T16708] delete_channel: no stack
[  657.397265][T16717] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3918'.
[  657.570338][T16714] netlink: 'syz.1.3919': attribute type 10 has an invalid length.
[  657.694474][T16719] delete_channel: no stack
[  658.096740][T16730] netlink: 'syz.0.3925': attribute type 10 has an invalid length.
[  658.627609][T16737] netlink: 'syz.0.3935': attribute type 10 has an invalid length.
[  659.012665][T16745] netlink: 'syz.0.3931': attribute type 10 has an invalid length.
[  659.155697][T16742] delete_channel: no stack
[  659.211742][T16749] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3932'.
[  659.507362][T16753] netlink: 'syz.3.3933': attribute type 10 has an invalid length.
[  661.027566][T16770] netlink: 'syz.2.3941': attribute type 10 has an invalid length.
[  661.182324][T16772] netlink: 'syz.1.3942': attribute type 10 has an invalid length.
[  661.499331][T16777] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  661.535782][T16777] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  661.620243][T16780] netlink: 'syz.1.3946': attribute type 10 has an invalid length.
[  661.669762][T16781] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  661.754704][T16781] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  662.523731][T16775] delete_channel: no stack
[  663.380494][T16799] netlink: 'syz.0.3952': attribute type 10 has an invalid length.
[  663.423149][T16799] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3952'.
[  663.457627][T16799] batadv_slave_1: entered promiscuous mode
[  663.463820][T16799] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  663.473584][T16799] batman_adv: batadv0: Removing interface: batadv_slave_1
[  663.485124][T16806] netlink: 'syz.1.3953': attribute type 10 has an invalid length.
[  663.643431][T16808] netlink: 'syz.2.3954': attribute type 10 has an invalid length.
[  664.026360][T16817] delete_channel: no stack
[  664.726539][T16828] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  664.743895][T16828] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  664.774109][T16831] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  664.804211][T16831] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  664.873237][T16830] netlink: 'syz.1.3963': attribute type 10 has an invalid length.
[  665.061970][T16834] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3965'.
[  666.176989][T16846] netlink: 'syz.1.3967': attribute type 27 has an invalid length.
[  666.220002][T16846] netlink: 'syz.1.3967': attribute type 4 has an invalid length.
[  666.314778][T16846] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3967'.
[  666.386445][T16850] netlink: 'syz.2.3969': attribute type 10 has an invalid length.
[  666.778770][T16867] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3974'.
[  666.863058][T16865] netlink: 'syz.1.3981': attribute type 10 has an invalid length.
[  667.782134][T16875] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  667.847377][T16875] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  667.936768][T16870] netlink: 'syz.0.3975': attribute type 10 has an invalid length.
[  667.993476][T16879] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  668.013217][T16879] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  668.071668][T16872] netlink: 'syz.2.3977': attribute type 10 has an invalid length.
[  668.081238][T16872] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3977'.
[  668.141161][T16881] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  668.173348][T16881] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  668.838665][T16892] netlink: 'syz.2.3982': attribute type 10 has an invalid length.
[  668.894809][T16892] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3982'.
[  669.037874][T16907] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3987'.
[  669.073106][T16908] netlink: 'syz.0.3986': attribute type 10 has an invalid length.
[  669.440276][T16912] netlink: 'syz.0.3989': attribute type 10 has an invalid length.
[  669.847893][T16916] netlink: 'syz.2.3990': attribute type 10 has an invalid length.
[  669.913079][T16916] netlink: 2 bytes leftover after parsing attributes in process `syz.2.3990'.
[  670.264913][T16920] delete_channel: no stack
[  670.626082][T16935] netlink: 'syz.1.3997': attribute type 10 has an invalid length.
[  670.856925][T16941] netlink: 'syz.3.4001': attribute type 10 has an invalid length.
[  671.068134][T16944] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4000'.
[  671.561690][T16937] netlink: 'syz.0.3998': attribute type 10 has an invalid length.
[  671.707130][T16937] netlink: 2 bytes leftover after parsing attributes in process `syz.0.3998'.
[  672.207731][T16951] netlink: 'syz.2.4002': attribute type 10 has an invalid length.
[  672.229620][T16951] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4002'.
[  672.607886][T16969] netlink: 'syz.2.4008': attribute type 10 has an invalid length.
[  673.220740][T16972] delete_channel: no stack
[  673.352654][T16980] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  673.363294][T16980] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  673.424357][T16982] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  673.445044][T16982] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  674.466482][T16999] netlink: 'syz.3.4014': attribute type 10 has an invalid length.
[  674.571083][T16999] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4014'.
[  675.135386][T17001] netlink: 'syz.2.4016': attribute type 10 has an invalid length.
[  675.144042][T17001] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4016'.
[  676.425840][T17023] delete_channel: no stack
[  677.430457][T17041] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  677.484210][T17041] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  677.615200][T17044] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  677.756428][T17044] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  678.066236][T17049] netlink: 'syz.2.4032': attribute type 10 has an invalid length.
[  678.194315][T17049] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4032'.
[  679.759923][T17064] netlink: 'syz.0.4045': attribute type 10 has an invalid length.
[  679.803783][T17064] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4045'.
[  681.044880][T17082] netlink: 'syz.3.4042': attribute type 10 has an invalid length.
[  681.646026][T17090] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  681.653177][T17090] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  681.879745][T17093] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  681.948744][T17093] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  683.251062][T17115] netlink: 'syz.0.4051': attribute type 10 has an invalid length.
[  683.359899][T17115] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4051'.
[  683.693538][T17117] netlink: 'syz.3.4052': attribute type 10 has an invalid length.
[  683.804634][T17117] netlink: 2 bytes leftover after parsing attributes in process `syz.3.4052'.
[  684.515611][T17130] netlink: 'syz.0.4061': attribute type 10 has an invalid length.
[  684.554961][T17130] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4061'.
[  684.656777][T17123] delete_channel: no stack
[  684.919891][T17136] wlan0: mtu greater than device maximum
[  685.596343][T17139] netlink: 'syz.0.4056': attribute type 10 has an invalid length.
[  685.873009][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  685.879493][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  686.338432][T17148] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  686.354794][T17148] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  686.387884][T17146] delete_channel: no stack
[  686.435931][T17150] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  686.443035][T17150] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  687.405029][T17159] delete_channel: no stack
[  687.418933][T17163] netlink: 'syz.0.4065': attribute type 10 has an invalid length.
[  687.444871][T17163] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4065'.
[  687.525222][T17169] FAULT_INJECTION: forcing a failure.
[  687.525222][T17169] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  687.582725][T17169] CPU: 1 PID: 17169 Comm: syz.2.4066 Not tainted syzkaller #0
[  687.590221][T17169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  687.600273][T17169] Call Trace:
[  687.603546][T17169]  <TASK>
[  687.606480][T17169]  dump_stack_lvl+0x18c/0x250
[  687.611162][T17169]  ? show_regs_print_info+0x20/0x20
[  687.616357][T17169]  ? load_image+0x420/0x420
[  687.620859][T17169]  ? __lock_acquire+0x7d40/0x7d40
[  687.625880][T17169]  ? snprintf+0xe9/0x140
[  687.630118][T17169]  should_fail_ex+0x39d/0x4d0
[  687.634796][T17169]  _copy_to_user+0x2f/0xa0
[  687.639207][T17169]  simple_read_from_buffer+0xe7/0x150
[  687.644583][T17169]  proc_fail_nth_read+0x1e8/0x260
[  687.649605][T17169]  ? proc_fault_inject_write+0x360/0x360
[  687.655234][T17169]  ? fsnotify_perm+0x271/0x5e0
[  687.660001][T17169]  ? proc_fault_inject_write+0x360/0x360
[  687.665629][T17169]  vfs_read+0x28b/0x970
[  687.669783][T17169]  ? kernel_read+0x1e0/0x1e0
[  687.674366][T17169]  ? __fget_files+0x28/0x4b0
[  687.678947][T17169]  ? __fget_files+0x28/0x4b0
[  687.683618][T17169]  ? __fget_files+0x43d/0x4b0
[  687.688302][T17169]  ? __fdget_pos+0x2a3/0x330
[  687.692886][T17169]  ? ksys_read+0x75/0x260
[  687.697211][T17169]  ksys_read+0x150/0x260
[  687.701447][T17169]  ? vfs_write+0x990/0x990
[  687.705859][T17169]  ? lockdep_hardirqs_on+0x98/0x150
[  687.711053][T17169]  do_syscall_64+0x55/0xa0
[  687.715461][T17169]  ? clear_bhb_loop+0x40/0x90
[  687.720131][T17169]  ? clear_bhb_loop+0x40/0x90
[  687.724802][T17169]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  687.730686][T17169] RIP: 0033:0x7f8ef935d68e
[  687.735092][T17169] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 <c3> 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[  687.754688][T17169] RSP: 002b:00007f8efa1ccfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  687.763092][T17169] RAX: ffffffffffffffda RBX: 00007f8efa1cd6c0 RCX: 00007f8ef935d68e
[  687.771054][T17169] RDX: 000000000000000f RSI: 00007f8efa1cd0a0 RDI: 0000000000000004
[  687.779014][T17169] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  687.786974][T17169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  687.794935][T17169] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  687.802912][T17169]  </TASK>
[  688.336141][T17176] netlink: 'syz.2.4069': attribute type 10 has an invalid length.
[  688.527757][T17170] delete_channel: no stack
[  688.925493][T17187] wlan0: mtu greater than device maximum
[  689.195640][T17189] netlink: 'syz.1.4081': attribute type 10 has an invalid length.
[  690.206710][T17190] delete_channel: no stack
[  690.260175][T17202] FAULT_INJECTION: forcing a failure.
[  690.260175][T17202] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  690.334956][T17202] CPU: 1 PID: 17202 Comm: syz.2.4076 Not tainted syzkaller #0
[  690.342460][T17202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  690.352531][T17202] Call Trace:
[  690.355822][T17202]  <TASK>
[  690.358765][T17202]  dump_stack_lvl+0x18c/0x250
[  690.363471][T17202]  ? show_regs_print_info+0x20/0x20
[  690.368692][T17202]  ? load_image+0x420/0x420
[  690.373223][T17202]  ? __might_fault+0xaa/0x120
[  690.377921][T17202]  should_fail_ex+0x39d/0x4d0
[  690.382629][T17202]  copyin+0x1a/0x90
[  690.386460][T17202]  _copy_from_iter+0x404/0x12e0
[  690.391345][T17202]  ? copyout_mc+0x70/0x70
[  690.395701][T17202]  ? verify_lock_unused+0x140/0x140
[  690.400922][T17202]  ? dev_get_by_index+0x22/0x2d0
[  690.405875][T17202]  ? dev_get_by_index+0x22/0x2d0
[  690.410831][T17202]  packet_sendmsg+0x2cd5/0x4c30
[  690.415725][T17202]  ? __might_sleep+0xe0/0xe0
[  690.420332][T17202]  ? verify_lock_unused+0x140/0x140
[  690.425546][T17202]  ? mark_lock+0x94/0x320
[  690.429896][T17202]  ? __lock_acquire+0x1273/0x7d40
[  690.434936][T17202]  ? verify_lock_unused+0x140/0x140
[  690.440153][T17202]  ? aa_sk_perm+0x83c/0x970
[  690.444678][T17202]  ? packet_getsockopt+0xad0/0xad0
[  690.449812][T17202]  ? tomoyo_gc_thread+0x680/0x1410
[  690.454944][T17202]  ? aa_sock_msg_perm+0x94/0x150
[  690.459900][T17202]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  690.465206][T17202]  ? security_socket_sendmsg+0x80/0xa0
[  690.470682][T17202]  ? packet_getsockopt+0xad0/0xad0
[  690.475825][T17202]  ____sys_sendmsg+0x5ba/0x960
[  690.480628][T17202]  ? __lock_acquire+0x7d40/0x7d40
[  690.485679][T17202]  ? __asan_memset+0x22/0x40
[  690.490290][T17202]  ? __sys_sendmsg_sock+0x30/0x30
[  690.495331][T17202]  ? __import_iovec+0x3fa/0x850
[  690.500206][T17202]  ? import_iovec+0x73/0xa0
[  690.504729][T17202]  ___sys_sendmsg+0x2a6/0x360
[  690.509423][T17202]  ? get_pid_task+0x20/0x1e0
[  690.514038][T17202]  ? __sys_sendmsg+0x2a0/0x2a0
[  690.518841][T17202]  ? __lock_acquire+0x7d40/0x7d40
[  690.523904][T17202]  __se_sys_sendmsg+0x1c2/0x2b0
[  690.528772][T17202]  ? __x64_sys_sendmsg+0x80/0x80
[  690.533737][T17202]  ? lockdep_hardirqs_on+0x98/0x150
[  690.538958][T17202]  do_syscall_64+0x55/0xa0
[  690.543394][T17202]  ? clear_bhb_loop+0x40/0x90
[  690.548087][T17202]  ? clear_bhb_loop+0x40/0x90
[  690.552781][T17202]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  690.558690][T17202] RIP: 0033:0x7f8ef939ce59
[  690.563119][T17202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  690.582738][T17202] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  690.591165][T17202] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  690.599146][T17202] RDX: 0000000000008080 RSI: 00002000000001c0 RDI: 0000000000000003
[  690.607128][T17202] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  690.615112][T17202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  690.623092][T17202] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  690.631090][T17202]  </TASK>
[  690.654017][T17204] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  690.693614][T17204] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  690.743166][T17205] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  690.765179][T17205] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  690.829210][T17212] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  690.888897][T17212] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  690.925972][T17215] netlink: 'syz.2.4079': attribute type 10 has an invalid length.
[  691.080888][T17215] team0: Port device macvlan0 added
[  691.107970][T17218] netlink: 'syz.1.4080': attribute type 10 has an invalid length.
[  691.141307][T17218] team0: Port device macvlan0 added
[  691.415340][T17226] netlink: 'syz.2.4084': attribute type 10 has an invalid length.
[  692.282833][T17227] delete_channel: no stack
[  692.501830][T17235] delete_channel: no stack
[  692.522329][T17239] wlan0: mtu greater than device maximum
[  692.777333][T17240] delete_channel: no stack
[  692.845497][T17248] FAULT_INJECTION: forcing a failure.
[  692.845497][T17248] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  692.858867][T17248] CPU: 1 PID: 17248 Comm: syz.0.4092 Not tainted syzkaller #0
[  692.866351][T17248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  692.876419][T17248] Call Trace:
[  692.879709][T17248]  <TASK>
[  692.882651][T17248]  dump_stack_lvl+0x18c/0x250
[  692.887352][T17248]  ? show_regs_print_info+0x20/0x20
[  692.892573][T17248]  ? load_image+0x420/0x420
[  692.897094][T17248]  ? __might_fault+0xaa/0x120
[  692.901778][T17248]  ? __lock_acquire+0x7d40/0x7d40
[  692.906819][T17248]  should_fail_ex+0x39d/0x4d0
[  692.911522][T17248]  _copy_from_user+0x2f/0xe0
[  692.916134][T17248]  ___sys_sendmsg+0x1c7/0x360
[  692.920834][T17248]  ? get_pid_task+0x20/0x1e0
[  692.925445][T17248]  ? __sys_sendmsg+0x2a0/0x2a0
[  692.930233][T17248]  ? __lock_acquire+0x7d40/0x7d40
[  692.935301][T17248]  __se_sys_sendmsg+0x1c2/0x2b0
[  692.940178][T17248]  ? __x64_sys_sendmsg+0x80/0x80
[  692.945153][T17248]  ? lockdep_hardirqs_on+0x98/0x150
[  692.950382][T17248]  do_syscall_64+0x55/0xa0
[  692.954810][T17248]  ? clear_bhb_loop+0x40/0x90
[  692.959494][T17248]  ? clear_bhb_loop+0x40/0x90
[  692.964181][T17248]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  692.970083][T17248] RIP: 0033:0x7fcc7319ce59
[  692.974508][T17248] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  692.994136][T17248] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  693.002568][T17248] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  693.010550][T17248] RDX: 0000000020000800 RSI: 0000200000000600 RDI: 0000000000000003
[  693.018528][T17248] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  693.026505][T17248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  693.034484][T17248] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  693.042481][T17248]  </TASK>
[  693.295162][T17255] netlink: 'syz.1.4095': attribute type 10 has an invalid length.
[  693.764328][T17261] netlink: 'syz.2.4107': attribute type 10 has an invalid length.
[  694.167167][T17266] delete_channel: no stack
[  694.323716][T17273] netlink: 128 bytes leftover after parsing attributes in process `syz.3.4103'.
[  694.334481][T17273] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  694.419046][T17277] wlan0: mtu greater than device maximum
[  694.731661][T17288] netlink: 'syz.0.4111': attribute type 10 has an invalid length.
[  695.090896][T17291] FAULT_INJECTION: forcing a failure.
[  695.090896][T17291] name failslab, interval 1, probability 0, space 0, times 0
[  695.114666][T17291] CPU: 1 PID: 17291 Comm: syz.1.4115 Not tainted syzkaller #0
[  695.122162][T17291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  695.132231][T17291] Call Trace:
[  695.135519][T17291]  <TASK>
[  695.138469][T17291]  dump_stack_lvl+0x18c/0x250
[  695.143172][T17291]  ? show_regs_print_info+0x20/0x20
[  695.148393][T17291]  ? load_image+0x420/0x420
[  695.152911][T17291]  ? __might_sleep+0xe0/0xe0
[  695.157513][T17291]  ? __lock_acquire+0x7d40/0x7d40
[  695.162549][T17291]  should_fail_ex+0x39d/0x4d0
[  695.167242][T17291]  should_failslab+0x9/0x20
[  695.171753][T17291]  slab_pre_alloc_hook+0x59/0x310
[  695.176791][T17291]  ? sock_kmalloc+0x96/0xf0
[  695.181308][T17291]  ? sock_kmalloc+0x96/0xf0
[  695.185816][T17291]  __kmem_cache_alloc_node+0x53/0x250
[  695.191199][T17291]  ? sock_kmalloc+0x96/0xf0
[  695.195713][T17291]  __kmalloc+0xa4/0x230
[  695.199884][T17291]  sock_kmalloc+0x96/0xf0
[  695.204221][T17291]  ____sys_sendmsg+0x1be/0x960
[  695.208989][T17291]  ? __lock_acquire+0x7d40/0x7d40
[  695.214022][T17291]  ? __asan_memset+0x22/0x40
[  695.218621][T17291]  ? __sys_sendmsg_sock+0x30/0x30
[  695.223645][T17291]  ? __import_iovec+0x3fa/0x850
[  695.228508][T17291]  ? import_iovec+0x73/0xa0
[  695.233018][T17291]  ___sys_sendmsg+0x2a6/0x360
[  695.237703][T17291]  ? get_pid_task+0x20/0x1e0
[  695.242312][T17291]  ? __sys_sendmsg+0x2a0/0x2a0
[  695.247102][T17291]  ? __lock_acquire+0x7d40/0x7d40
[  695.252155][T17291]  __se_sys_sendmsg+0x1c2/0x2b0
[  695.257013][T17291]  ? __x64_sys_sendmsg+0x80/0x80
[  695.261972][T17291]  ? lockdep_hardirqs_on+0x98/0x150
[  695.267180][T17291]  do_syscall_64+0x55/0xa0
[  695.271602][T17291]  ? clear_bhb_loop+0x40/0x90
[  695.276291][T17291]  ? clear_bhb_loop+0x40/0x90
[  695.280983][T17291]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  695.286881][T17291] RIP: 0033:0x7f921199ce59
[  695.291302][T17291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  695.310912][T17291] RSP: 002b:00007f921287b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  695.319335][T17291] RAX: ffffffffffffffda RBX: 00007f9211c15fa0 RCX: 00007f921199ce59
[  695.327310][T17291] RDX: 0000000000000000 RSI: 0000200000001180 RDI: 0000000000000003
[  695.335287][T17291] RBP: 00007f921287b090 R08: 0000000000000000 R09: 0000000000000000
[  695.343261][T17291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  695.351234][T17291] R13: 00007f9211c16038 R14: 00007f9211c15fa0 R15: 00007ffe4050cb28
[  695.359222][T17291]  </TASK>
[  695.396784][T17299] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4114'.
[  695.903414][T17312] netlink: 'syz.2.4118': attribute type 2 has an invalid length.
[  695.913835][T17312] netlink: 'syz.2.4118': attribute type 8 has an invalid length.
[  695.922203][T17312] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4118'.
[  695.963559][T17315] FAULT_INJECTION: forcing a failure.
[  695.963559][T17315] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  695.965613][T17312] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4118'.
[  695.991384][T17315] CPU: 0 PID: 17315 Comm: syz.1.4119 Not tainted syzkaller #0
[  695.998881][T17315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  696.008964][T17315] Call Trace:
[  696.012258][T17315]  <TASK>
[  696.015201][T17315]  dump_stack_lvl+0x18c/0x250
[  696.019908][T17315]  ? show_regs_print_info+0x20/0x20
[  696.025130][T17315]  ? load_image+0x420/0x420
[  696.029655][T17315]  ? __might_fault+0xaa/0x120
[  696.034346][T17315]  ? __lock_acquire+0x7d40/0x7d40
[  696.039395][T17315]  should_fail_ex+0x39d/0x4d0
[  696.044097][T17315]  _copy_from_user+0x2f/0xe0
[  696.048706][T17315]  vmemdup_user+0xac/0x1e0
[  696.053129][T17315]  map_get_next_key+0x228/0x620
[  696.057985][T17315]  ? __might_fault+0xc6/0x120
[  696.062657][T17315]  ? __might_fault+0xaa/0x120
[  696.067326][T17315]  ? bpf_lsm_bpf+0x9/0x10
[  696.071655][T17315]  __sys_bpf+0x715/0x890
[  696.075891][T17315]  ? bpf_link_show_fdinfo+0x390/0x390
[  696.081269][T17315]  ? lock_chain_count+0x20/0x20
[  696.086127][T17315]  __x64_sys_bpf+0x7c/0x90
[  696.090538][T17315]  do_syscall_64+0x55/0xa0
[  696.094952][T17315]  ? clear_bhb_loop+0x40/0x90
[  696.099626][T17315]  ? clear_bhb_loop+0x40/0x90
[  696.104309][T17315]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  696.110213][T17315] RIP: 0033:0x7f921199ce59
[  696.114632][T17315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  696.134236][T17315] RSP: 002b:00007f921287b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  696.142649][T17315] RAX: ffffffffffffffda RBX: 00007f9211c15fa0 RCX: 00007f921199ce59
[  696.150616][T17315] RDX: 0000000000000020 RSI: 00002000000006c0 RDI: 0000000000000004
[  696.158584][T17315] RBP: 00007f921287b090 R08: 0000000000000000 R09: 0000000000000000
[  696.166547][T17315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  696.174511][T17315] R13: 00007f9211c16038 R14: 00007f9211c15fa0 R15: 00007ffe4050cb28
[  696.182490][T17315]  </TASK>
[  696.354936][T17316] netlink: 'syz.0.4120': attribute type 10 has an invalid length.
[  697.219094][T17334] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  697.260262][T17334] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  697.310051][T17336] netlink: 'syz.2.4128': attribute type 10 has an invalid length.
[  697.358593][T17336] team0: Device wg1 is of different type
[  697.883691][T17339] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  697.910460][T17339] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  697.920338][T17344] netlink: 'syz.3.4131': attribute type 2 has an invalid length.
[  697.930729][T17344] netlink: 'syz.3.4131': attribute type 8 has an invalid length.
[  697.939059][T17344] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4131'.
[  697.956279][T17347] netlink: 'syz.3.4131': attribute type 11 has an invalid length.
[  698.049239][T17354] netlink: 'syz.2.4132': attribute type 10 has an invalid length.
[  698.214414][T17354] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  698.883114][T17357] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  698.892396][T17357] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  698.924480][T17358] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  698.939504][T17358] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  699.323437][T17385] FAULT_INJECTION: forcing a failure.
[  699.323437][T17385] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  699.363936][T17383] mac80211_hwsim hwsim21 wlan0: left promiscuous mode
[  699.372450][T17385] CPU: 1 PID: 17385 Comm: syz.0.4143 Not tainted syzkaller #0
[  699.372474][T17385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  699.372485][T17385] Call Trace:
[  699.372493][T17385]  <TASK>
[  699.372502][T17385]  dump_stack_lvl+0x18c/0x250
[  699.372535][T17385]  ? show_regs_print_info+0x20/0x20
[  699.372557][T17385]  ? load_image+0x420/0x420
[  699.372580][T17385]  ? __might_fault+0xaa/0x120
[  699.372601][T17385]  ? __lock_acquire+0x7d40/0x7d40
[  699.372625][T17385]  should_fail_ex+0x39d/0x4d0
[  699.372655][T17385]  _copy_from_user+0x2f/0xe0
[  699.372678][T17385]  ___sys_recvmsg+0x176/0x590
[  699.372702][T17385]  ? __sys_recvmsg+0x2a0/0x2a0
[  699.372725][T17385]  ? ksys_write+0x1c4/0x260
[  699.372758][T17385]  ? __fget_files+0x43d/0x4b0
[  699.372805][T17385]  __x64_sys_recvmsg+0x20c/0x2e0
[  699.372827][T17385]  ? ___sys_recvmsg+0x590/0x590
[  699.372860][T17385]  ? lockdep_hardirqs_on+0x98/0x150
[  699.372884][T17385]  do_syscall_64+0x55/0xa0
[  699.372900][T17385]  ? clear_bhb_loop+0x40/0x90
[  699.372920][T17385]  ? clear_bhb_loop+0x40/0x90
[  699.372942][T17385]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  699.372963][T17385] RIP: 0033:0x7fcc7319ce59
[  699.372980][T17385] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  699.372996][T17385] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  699.373016][T17385] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  699.373029][T17385] RDX: 0000000000002002 RSI: 0000200000000380 RDI: 0000000000000003
[  699.373041][T17385] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  699.373053][T17385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  699.373064][T17385] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  699.373092][T17385]  </TASK>
[  699.592480][T17383] mac80211_hwsim hwsim21 wlan0: left allmulticast mode
[  699.615187][T17380] delete_channel: no stack
[  699.633749][T17386] mac80211_hwsim hwsim21 wlan0: entered promiscuous mode
[  699.654759][T17386] mac80211_hwsim hwsim21 wlan0: entered allmulticast mode
[  700.625426][T17401] mac80211_hwsim hwsim18 wlan0: left promiscuous mode
[  700.632654][T17401] mac80211_hwsim hwsim18 wlan0: left allmulticast mode
[  700.666620][T17403] mac80211_hwsim hwsim18 wlan0: entered promiscuous mode
[  700.673716][T17403] mac80211_hwsim hwsim18 wlan0: entered allmulticast mode
[  701.382052][T17423] wlan0: mtu greater than device maximum
[  702.676418][T17433] delete_channel: no stack
[  702.971087][T17441] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  702.997238][T17441] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  703.063393][T17448] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  703.096035][T17448] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  703.724925][T17459] wlan0: mtu greater than device maximum
[  703.799168][T17461] FAULT_INJECTION: forcing a failure.
[  703.799168][T17461] name failslab, interval 1, probability 0, space 0, times 0
[  703.842866][T17461] CPU: 1 PID: 17461 Comm: syz.0.4166 Not tainted syzkaller #0
[  703.850383][T17461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  703.860451][T17461] Call Trace:
[  703.863741][T17461]  <TASK>
[  703.866686][T17461]  dump_stack_lvl+0x18c/0x250
[  703.871397][T17461]  ? show_regs_print_info+0x20/0x20
[  703.876616][T17461]  ? load_image+0x420/0x420
[  703.881147][T17461]  ? __might_sleep+0xe0/0xe0
[  703.885756][T17461]  ? __lock_acquire+0x7d40/0x7d40
[  703.890804][T17461]  should_fail_ex+0x39d/0x4d0
[  703.895516][T17461]  should_failslab+0x9/0x20
[  703.900034][T17461]  slab_pre_alloc_hook+0x59/0x310
[  703.905086][T17461]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  703.910822][T17461]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  703.916554][T17461]  __kmem_cache_alloc_node+0x53/0x250
[  703.921980][T17461]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  703.927722][T17461]  __kmalloc+0xa4/0x230
[  703.931904][T17461]  tomoyo_realpath_from_path+0xe3/0x5d0
[  703.937496][T17461]  tomoyo_path_number_perm+0x248/0x620
[  703.942976][T17461]  ? tomoyo_path_number_perm+0x217/0x620
[  703.948630][T17461]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  703.954113][T17461]  ? ksys_write+0x1c4/0x260
[  703.958712][T17461]  ? __fget_files+0x28/0x4b0
[  703.963317][T17461]  ? __fget_files+0x28/0x4b0
[  703.967954][T17461]  security_file_ioctl+0x70/0xa0
[  703.972923][T17461]  __se_sys_ioctl+0x48/0x170
[  703.977538][T17461]  do_syscall_64+0x55/0xa0
[  703.981970][T17461]  ? clear_bhb_loop+0x40/0x90
[  703.986666][T17461]  ? clear_bhb_loop+0x40/0x90
[  703.991363][T17461]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  703.997288][T17461] RIP: 0033:0x7fcc7319ce59
[  704.001719][T17461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  704.021340][T17461] RSP: 002b:00007fcc73f91028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  704.029776][T17461] RAX: ffffffffffffffda RBX: 00007fcc73415fa0 RCX: 00007fcc7319ce59
[  704.037759][T17461] RDX: 0000200000000000 RSI: 0000000000008924 RDI: 0000000000000004
[  704.045743][T17461] RBP: 00007fcc73f91090 R08: 0000000000000000 R09: 0000000000000000
[  704.053722][T17461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  704.061700][T17461] R13: 00007fcc73416038 R14: 00007fcc73415fa0 R15: 00007ffe72334888
[  704.069719][T17461]  </TASK>
[  704.137923][T17461] ERROR: Out of memory at tomoyo_realpath_from_path.
[  704.146716][T17465] FAULT_INJECTION: forcing a failure.
[  704.146716][T17465] name failslab, interval 1, probability 0, space 0, times 0
[  704.175364][T17465] CPU: 1 PID: 17465 Comm: syz.2.4168 Not tainted syzkaller #0
[  704.182875][T17465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  704.192969][T17465] Call Trace:
[  704.196286][T17465]  <TASK>
[  704.199257][T17465]  dump_stack_lvl+0x18c/0x250
[  704.203993][T17465]  ? show_regs_print_info+0x20/0x20
[  704.209239][T17465]  ? load_image+0x420/0x420
[  704.213814][T17465]  ? __might_sleep+0xe0/0xe0
[  704.218453][T17465]  ? __lock_acquire+0x7d40/0x7d40
[  704.223511][T17465]  ? perf_trace_lock+0xfc/0x3b0
[  704.228413][T17465]  should_fail_ex+0x39d/0x4d0
[  704.233155][T17465]  should_failslab+0x9/0x20
[  704.237704][T17465]  slab_pre_alloc_hook+0x59/0x310
[  704.242776][T17465]  ? __get_vm_area_node+0x125/0x370
[  704.248022][T17465]  __kmem_cache_alloc_node+0x53/0x250
[  704.253453][T17465]  ? __get_vm_area_node+0x125/0x370
[  704.258699][T17465]  kmalloc_node_trace+0x26/0xe0
[  704.263603][T17465]  __get_vm_area_node+0x125/0x370
[  704.268693][T17465]  __vmalloc_node_range+0x36e/0x1330
[  704.274025][T17465]  ? netlink_sendmsg+0x602/0xbf0
[  704.279010][T17465]  ? netlink_insert+0x109f/0x13a0
[  704.284144][T17465]  ? netlink_data_ready+0x10/0x10
[  704.289231][T17465]  ? free_vm_area+0x50/0x50
[  704.293819][T17465]  ? netlink_sendmsg+0x602/0xbf0
[  704.298803][T17465]  vmalloc+0x79/0x90
[  704.302743][T17465]  ? netlink_sendmsg+0x602/0xbf0
[  704.307724][T17465]  netlink_sendmsg+0x602/0xbf0
[  704.312567][T17465]  ? netlink_getsockopt+0x590/0x590
[  704.317820][T17465]  ? aa_sock_msg_perm+0x94/0x150
[  704.322807][T17465]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  704.328136][T17465]  ? security_socket_sendmsg+0x80/0xa0
[  704.333647][T17465]  sock_write_iter+0x2df/0x420
[  704.338465][T17465]  ? sock_read_iter+0x3e0/0x3e0
[  704.343394][T17465]  ? common_file_perm+0x198/0x1f0
[  704.348492][T17465]  vfs_write+0x46c/0x990
[  704.352799][T17465]  ? file_end_write+0x250/0x250
[  704.357713][T17465]  ? __fget_files+0x43d/0x4b0
[  704.362461][T17465]  ? __fdget_pos+0x1d8/0x330
[  704.367093][T17465]  ? ksys_write+0x75/0x260
[  704.371564][T17465]  ksys_write+0x150/0x260
[  704.375949][T17465]  ? __ia32_sys_read+0x90/0x90
[  704.380771][T17465]  ? lockdep_hardirqs_on+0x98/0x150
[  704.386032][T17465]  do_syscall_64+0x55/0xa0
[  704.390485][T17465]  ? clear_bhb_loop+0x40/0x90
[  704.395202][T17465]  ? clear_bhb_loop+0x40/0x90
[  704.399933][T17465]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  704.405865][T17465] RIP: 0033:0x7f8ef939ce59
[  704.410320][T17465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  704.429963][T17465] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  704.438428][T17465] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  704.446440][T17465] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003
[  704.454447][T17465] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  704.462452][T17465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  704.470459][T17465] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  704.478524][T17465]  </TASK>
[  704.552196][T17465] syz.2.4168: vmalloc error: size 65408, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  704.590606][T17465] CPU: 0 PID: 17465 Comm: syz.2.4168 Not tainted syzkaller #0
[  704.598130][T17465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  704.608224][T17465] Call Trace:
[  704.611539][T17465]  <TASK>
[  704.614510][T17465]  dump_stack_lvl+0x18c/0x250
[  704.619260][T17465]  ? show_regs_print_info+0x20/0x20
[  704.624513][T17465]  ? load_image+0x420/0x420
[  704.629075][T17465]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  704.635537][T17465]  ? cpuset_print_current_mems_allowed+0x2e7/0x360
[  704.642090][T17465]  warn_alloc+0x246/0x340
[  704.646454][T17465]  ? __get_vm_area_node+0x125/0x370
[  704.651683][T17465]  ? zone_watermark_ok_safe+0x230/0x230
[  704.657252][T17465]  ? rcu_is_watching+0x15/0xb0
[  704.662043][T17465]  ? __get_vm_area_node+0x356/0x370
[  704.667277][T17465]  __vmalloc_node_range+0x393/0x1330
[  704.672572][T17465]  ? netlink_insert+0x109f/0x13a0
[  704.677662][T17465]  ? netlink_data_ready+0x10/0x10
[  704.682709][T17465]  ? free_vm_area+0x50/0x50
[  704.687252][T17465]  ? netlink_sendmsg+0x602/0xbf0
[  704.692203][T17465]  vmalloc+0x79/0x90
[  704.696115][T17465]  ? netlink_sendmsg+0x602/0xbf0
[  704.701067][T17465]  netlink_sendmsg+0x602/0xbf0
[  704.705872][T17465]  ? netlink_getsockopt+0x590/0x590
[  704.711093][T17465]  ? aa_sock_msg_perm+0x94/0x150
[  704.716051][T17465]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  704.721348][T17465]  ? security_socket_sendmsg+0x80/0xa0
[  704.726825][T17465]  sock_write_iter+0x2df/0x420
[  704.731608][T17465]  ? sock_read_iter+0x3e0/0x3e0
[  704.736502][T17465]  ? common_file_perm+0x198/0x1f0
[  704.741561][T17465]  vfs_write+0x46c/0x990
[  704.745833][T17465]  ? file_end_write+0x250/0x250
[  704.750710][T17465]  ? __fget_files+0x43d/0x4b0
[  704.755422][T17465]  ? __fdget_pos+0x1d8/0x330
[  704.760023][T17465]  ? ksys_write+0x75/0x260
[  704.764460][T17465]  ksys_write+0x150/0x260
[  704.768815][T17465]  ? __ia32_sys_read+0x90/0x90
[  704.773604][T17465]  ? lockdep_hardirqs_on+0x98/0x150
[  704.778822][T17465]  do_syscall_64+0x55/0xa0
[  704.783244][T17465]  ? clear_bhb_loop+0x40/0x90
[  704.787935][T17465]  ? clear_bhb_loop+0x40/0x90
[  704.792629][T17465]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  704.798536][T17465] RIP: 0033:0x7f8ef939ce59
[  704.802965][T17465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  704.822579][T17465] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  704.831010][T17465] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  704.838995][T17465] RDX: 000000000000fe33 RSI: 0000200000000000 RDI: 0000000000000003
[  704.846980][T17465] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  704.854959][T17465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  704.862936][T17465] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  704.870954][T17465]  </TASK>
[  705.015968][T17465] Mem-Info:
[  705.019135][T17465] active_anon:22271 inactive_anon:0 isolated_anon:0
[  705.019135][T17465]  active_file:19637 inactive_file:40197 isolated_file:0
[  705.019135][T17465]  unevictable:768 dirty:182 writeback:0
[  705.019135][T17465]  slab_reclaimable:11062 slab_unreclaimable:94639
[  705.019135][T17465]  mapped:34129 shmem:10554 pagetables:594
[  705.019135][T17465]  sec_pagetables:0 bounce:0
[  705.019135][T17465]  kernel_misc_reclaimable:0
[  705.019135][T17465]  free:1327392 free_pcp:8331 free_cma:0
[  705.095421][T17471] netlink: 14 bytes leftover after parsing attributes in process `syz.0.4169'.
[  705.125699][T17469] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4169'.
[  705.145185][T17471] hsr_slave_0: left promiscuous mode
[  705.154654][T17471] hsr_slave_1: left promiscuous mode
[  705.174833][T17465] Node 0 active_anon:94084kB inactive_anon:0kB active_file:78548kB inactive_file:160580kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139316kB dirty:728kB writeback:0kB shmem:45580kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10076kB pagetables:2476kB sec_pagetables:0kB all_unreclaimable? no
[  705.214197][T17465] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  705.254337][T17465] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  705.286493][T17465] lowmem_reserve[]: 0 2521 2522 2522 2522
[  705.292367][T17465] Node 0 DMA32 free:1393984kB boost:0kB min:34644kB low:43304kB high:51964kB reserved_highatomic:0KB active_anon:96944kB inactive_anon:0kB active_file:78548kB inactive_file:159760kB unevictable:1536kB writepending:728kB present:3129332kB managed:2586952kB mlocked:0kB bounce:0kB free_pcp:10708kB local_pcp:1668kB free_cma:0kB
[  705.329509][T17469] netlink: 60 bytes leftover after parsing attributes in process `syz.0.4169'.
[  705.333364][T17465] lowmem_reserve[]: 0 0 0 0 0
[  705.343269][T17465] Node 0 Normal free:0kB boost:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:820kB unevictable:0kB writepending:0kB present:1048576kB managed:872kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:0kB free_cma:0kB
[  705.393156][T17465] lowmem_reserve[]: 0 0 0 0 0
[  705.404689][T17465] Node 1 Normal free:3892412kB boost:0kB min:55244kB low:69052kB high:82860kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117312kB mlocked:0kB bounce:0kB free_pcp:22344kB local_pcp:12768kB free_cma:0kB
[  705.451307][T17476] netlink: 'syz.3.4170': attribute type 3 has an invalid length.
[  705.459244][T17465] lowmem_reserve[]: 0 0 0 0 0
[  705.463982][T17465] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  705.481298][T17476] netlink: 132 bytes leftover after parsing attributes in process `syz.3.4170'.
[  705.500658][T17465] Node 0 DMA32: 1*4kB (U) 30*8kB (UME) 4*16kB (UME) 908*32kB (UME) 370*64kB (UME) 326*128kB (UME) 175*256kB (UME) 97*512kB (UM) 43*1024kB (UME) 27*2048kB (UME) 267*4096kB (UM) = 1382196kB
[  705.549044][T17465] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  705.567958][T17465] Node 1 Normal: 273*4kB (UME) 67*8kB (UME) 48*16kB (UME) 59*32kB (UME) 20*64kB (UME) 6*128kB (UME) 2*256kB (UM) 1*512kB (U) 0*1024kB 1*2048kB (U) 948*4096kB (ME) = 3892412kB
[  705.590240][T17465] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  705.601879][T17465] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  705.616489][T17465] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  705.629545][T17465] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  705.640279][T17465] 77313 total pagecache pages
[  705.648423][T17465] 0 pages in swap cache
[  705.652692][T17465] Free swap  = 124996kB
[  705.658347][T17465] Total swap = 124996kB
[  705.662647][T17465] 2097051 pages RAM
[  705.671660][T17465] 0 pages HighMem/MovableOnly
[  705.678412][T17465] 416927 pages reserved
[  705.682809][T17465] 0 pages cma reserved
[  706.640329][T17481] delete_channel: no stack
[  706.646566][T17484] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  706.663952][T17484] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  706.712551][T17486] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  706.757209][T17486] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  707.168394][T17504] netlink: 'syz.1.4177': attribute type 10 has an invalid length.
[  707.220790][T17507] netlink: 'syz.3.4180': attribute type 10 has an invalid length.
[  707.466400][T17513] wlan0: mtu greater than device maximum
[  707.667679][T17517] netlink: 'syz.1.4184': attribute type 10 has an invalid length.
[  708.831517][T17539] FAULT_INJECTION: forcing a failure.
[  708.831517][T17539] name failslab, interval 1, probability 0, space 0, times 0
[  708.858767][T17537] netlink: 'syz.0.4192': attribute type 10 has an invalid length.
[  708.887481][T17539] CPU: 0 PID: 17539 Comm: syz.2.4191 Not tainted syzkaller #0
[  708.894966][T17539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  708.905037][T17539] Call Trace:
[  708.908339][T17539]  <TASK>
[  708.911289][T17539]  dump_stack_lvl+0x18c/0x250
[  708.915997][T17539]  ? show_regs_print_info+0x20/0x20
[  708.921221][T17539]  ? load_image+0x420/0x420
[  708.925751][T17539]  ? __might_sleep+0xe0/0xe0
[  708.930358][T17539]  ? __lock_acquire+0x7d40/0x7d40
[  708.935403][T17539]  should_fail_ex+0x39d/0x4d0
[  708.940105][T17539]  should_failslab+0x9/0x20
[  708.944631][T17539]  slab_pre_alloc_hook+0x59/0x310
[  708.949676][T17539]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  708.955410][T17539]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  708.961142][T17539]  __kmem_cache_alloc_node+0x53/0x250
[  708.966540][T17539]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[  708.972274][T17539]  __kmalloc+0xa4/0x230
[  708.976451][T17539]  tomoyo_realpath_from_path+0xe3/0x5d0
[  708.982023][T17539]  tomoyo_path_number_perm+0x248/0x620
[  708.987504][T17539]  ? tomoyo_path_number_perm+0x217/0x620
[  708.993136][T17539]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  708.998591][T17539]  ? trace_call_bpf+0xc3/0x6c0
[  709.003352][T17539]  ? trace_call_bpf+0xc3/0x6c0
[  709.008114][T17539]  ? trace_call_bpf+0x5e9/0x6c0
[  709.012987][T17539]  ? __fget_files+0x28/0x4b0
[  709.017572][T17539]  ? __fget_files+0x28/0x4b0
[  709.022165][T17539]  security_file_ioctl+0x70/0xa0
[  709.027105][T17539]  __se_sys_ioctl+0x48/0x170
[  709.031691][T17539]  do_syscall_64+0x55/0xa0
[  709.036098][T17539]  ? clear_bhb_loop+0x40/0x90
[  709.040768][T17539]  ? clear_bhb_loop+0x40/0x90
[  709.045440][T17539]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  709.051325][T17539] RIP: 0033:0x7f8ef939ce59
[  709.055732][T17539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  709.075331][T17539] RSP: 002b:00007f8efa1cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  709.083741][T17539] RAX: ffffffffffffffda RBX: 00007f8ef9615fa0 RCX: 00007f8ef939ce59
[  709.091708][T17539] RDX: 0000000000000000 RSI: 00000000000089e0 RDI: 0000000000000003
[  709.099672][T17539] RBP: 00007f8efa1cd090 R08: 0000000000000000 R09: 0000000000000000
[  709.107635][T17539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  709.115597][T17539] R13: 00007f8ef9616038 R14: 00007f8ef9615fa0 R15: 00007ffd03626a08
[  709.123572][T17539]  </TASK>
[  709.150772][T17539] ERROR: Out of memory at tomoyo_realpath_from_path.
[  709.192415][T17541] netlink: 'syz.1.4193': attribute type 10 has an invalid length.
[  709.343884][T17543] wlan0: mtu greater than device maximum
[  711.030058][T17564] netlink: 'syz.1.4199': attribute type 10 has an invalid length.
[  711.040292][T17564] netlink: 2 bytes leftover after parsing attributes in process `syz.1.4199'.
[  711.049708][T17564] batadv_slave_1: entered promiscuous mode
[  711.059655][T17564] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  711.069625][T17564] batman_adv: batadv0: Removing interface: batadv_slave_1
[  711.199261][T17568] netlink: 188 bytes leftover after parsing attributes in process `syz.0.4203'.
[  711.366058][T17572] netlink: 'syz.3.4205': attribute type 10 has an invalid length.
[  711.558507][T17572] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  711.690181][T17581] netlink: 'syz.2.4208': attribute type 10 has an invalid length.
[  712.387155][T17585] wlan0: mtu greater than device maximum
[  714.532433][T17613] mac80211_hwsim hwsim16 wlan0: left promiscuous mode
[  714.556500][T17613] mac80211_hwsim hwsim16 wlan0: left allmulticast mode
[  714.638891][T17606] netlink: 'syz.0.4215': attribute type 10 has an invalid length.
[  714.650116][T17606] netlink: 2 bytes leftover after parsing attributes in process `syz.0.4215'.
[  714.695132][T17618] mac80211_hwsim hwsim16 wlan0: entered promiscuous mode
[  714.750788][T17618] mac80211_hwsim hwsim16 wlan0: entered allmulticast mode
[  715.824935][T17627] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  715.832095][T17627] mac80211_hwsim hwsim14 wlan0: left allmulticast mode
[  715.972411][T17630] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  715.997772][T17630] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  720.301807][T17712] syzkaller0: entered promiscuous mode
[  720.307315][T17712] syzkaller0: entered allmulticast mode
[  721.724734][T17730] netlink: 3 bytes leftover after parsing attributes in process `syz.0.4264'.
[  723.598602][T17814] netlink: 'syz.1.4302': attribute type 10 has an invalid length.
[  723.658967][T17814] 8021q: adding VLAN 0 to HW filter on device team0
[  723.683259][T17814] bond0: (slave team0): Enslaving as an active interface with an up link
[  726.862344][T17873] netlink: 'syz.3.4330': attribute type 10 has an invalid length.
[  726.878187][T17873] 8021q: adding VLAN 0 to HW filter on device team0
[  726.896948][T17873] bond0: (slave team0): Enslaving as an active interface with an up link
[  727.524740][T17934] netlink: 'syz.0.4358': attribute type 10 has an invalid length.
[  727.596393][T17934] 8021q: adding VLAN 0 to HW filter on device team0
[  727.609302][T17934] bond0: (slave team0): Enslaving as an active interface with an up link
[  730.330110][T18010] syzkaller0: entered promiscuous mode
[  730.335784][T18010] syzkaller0: entered allmulticast mode
[  733.746971][T18143] netlink: 'syz.0.4458': attribute type 10 has an invalid length.
[  736.600060][T18147] netlink: 'syz.3.4460': attribute type 29 has an invalid length.
[  736.608747][T18147] netlink: 'syz.3.4460': attribute type 29 has an invalid length.
[  736.618958][T18147] netlink: 'syz.3.4460': attribute type 29 has an invalid length.
[  737.067505][T18171] netlink: 'syz.2.4471': attribute type 29 has an invalid length.
[  737.081402][T18171] netlink: 'syz.2.4471': attribute type 29 has an invalid length.
[  737.152532][T18175] netlink: 'syz.2.4473': attribute type 29 has an invalid length.
[  737.190294][T18175] netlink: 'syz.2.4473': attribute type 29 has an invalid length.
[  737.218320][T18175] netlink: 'syz.2.4473': attribute type 29 has an invalid length.
[  737.240404][T18175] netlink: 'syz.2.4473': attribute type 29 has an invalid length.
[  737.702919][T18200] netlink: 164 bytes leftover after parsing attributes in process `syz.2.4486'.
[  739.144124][T18265] IPv6: Can't replace route, no match found
[  740.433702][T18328] syzkaller0: entered promiscuous mode
[  740.439481][T18328] syzkaller0: entered allmulticast mode
[  741.299971][T11961] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  741.320770][T11961] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  741.329687][T11961] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  741.338726][T11961] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  741.347124][T11961] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  741.353174][T18351] netlink: 'syz.1.4557': attribute type 28 has an invalid length.
[  741.362551][T11961] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  741.369308][T18351] netlink: 'syz.1.4557': attribute type 4 has an invalid length.
[  741.377692][T18351] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4557'.
[  742.746118][T18363] IPv6: Can't replace route, no match found
[  743.008864][ T1145] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.041893][T18376] netlink: 'syz.2.4566': attribute type 29 has an invalid length.
[  743.051721][T18376] netlink: 'syz.2.4566': attribute type 29 has an invalid length.
[  743.068360][T18376] netlink: 'syz.2.4566': attribute type 29 has an invalid length.
[  743.151798][ T1145] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.203331][T18349] chnl_net:caif_netlink_parms(): no params data found
[  743.307682][ T1145] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.323155][T18384] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4569'.
[  743.425478][ T1145] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  743.464939][ T5088] Bluetooth: hci2: command tx timeout
[  743.483770][T18349] bridge0: port 1(bridge_slave_0) entered blocking state
[  743.493906][T18349] bridge0: port 1(bridge_slave_0) entered disabled state
[  743.509218][T18349] bridge_slave_0: entered allmulticast mode
[  743.518673][T18349] bridge_slave_0: entered promiscuous mode
[  743.591193][T18392] syzkaller0: entered promiscuous mode
[  743.596859][T18392] syzkaller0: entered allmulticast mode
[  743.604046][T18349] bridge0: port 2(bridge_slave_1) entered blocking state
[  743.612151][T18349] bridge0: port 2(bridge_slave_1) entered disabled state
[  743.635070][T18349] bridge_slave_1: entered allmulticast mode
[  743.648175][T18349] bridge_slave_1: entered promiscuous mode
[  745.221993][T18349] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  745.255740][T18349] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  745.458382][T18349] team0: Port device team_slave_0 added
[  745.487245][T18349] team0: Port device team_slave_1 added
[  745.545615][ T5088] Bluetooth: hci2: command tx timeout
[  745.691989][T18349] batman_adv: batadv0: Adding interface: batadv_slave_0
[  745.709980][T18349] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.745472][T18349] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  745.769345][T18349] batman_adv: batadv0: Adding interface: batadv_slave_1
[  745.791034][T18349] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  745.861910][T18349] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  746.307516][T18349] hsr_slave_0: entered promiscuous mode
[  746.333095][T18349] hsr_slave_1: entered promiscuous mode
[  747.276993][ T1145] 
[  747.279360][ T1145] ======================================================
[  747.286373][ T1145] WARNING: possible circular locking dependency detected
[  747.293386][ T1145] syzkaller #0 Not tainted
[  747.297788][ T1145] ------------------------------------------------------
[  747.304792][ T1145] kworker/u4:8/1145 is trying to acquire lock:
[  747.310932][ T1145] ffff888024758d00 (team->team_lock_key#7){+.+.}-{3:3}, at: team_del_slave+0x32/0x1c0
[  747.320505][ T1145] 
[  747.320505][ T1145] but task is already holding lock:
[  747.327851][ T1145] ffff8880641b8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  747.338189][ T1145] 
[  747.338189][ T1145] which lock already depends on the new lock.
[  747.338189][ T1145] 
[  747.348576][ T1145] 
[  747.348576][ T1145] the existing dependency chain (in reverse order) is:
[  747.357572][ T1145] 
[  747.357572][ T1145] -> #1 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  747.365291][ T1145]        __mutex_lock+0x136/0xcc0
[  747.370306][ T1145]        ieee80211_open+0x144/0x200
[  747.375493][ T1145]        __dev_open+0x2cb/0x430
[  747.380329][ T1145]        dev_open+0xab/0x190
[  747.384909][ T1145]        team_add_slave+0x75f/0x29a0
[  747.390182][ T1145]        do_setlink+0xdfe/0x4130
[  747.395105][ T1145]        rtnl_newlink+0x17da/0x20a0
[  747.400286][ T1145]        rtnetlink_rcv_msg+0x869/0xfa0
[  747.405732][ T1145]        netlink_rcv_skb+0x241/0x4d0
[  747.411005][ T1145]        netlink_unicast+0x751/0x8d0
[  747.416277][ T1145]        netlink_sendmsg+0x8d0/0xbf0
[  747.421553][ T1145]        ____sys_sendmsg+0x5ba/0x960
[  747.426823][ T1145]        ___sys_sendmsg+0x2a6/0x360
[  747.432009][ T1145]        __se_sys_sendmsg+0x1c2/0x2b0
[  747.437366][ T1145]        do_syscall_64+0x55/0xa0
[  747.442287][ T1145]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  747.448691][ T1145] 
[  747.448691][ T1145] -> #0 (team->team_lock_key#7){+.+.}-{3:3}:
[  747.456850][ T1145]        __lock_acquire+0x2df1/0x7d40
[  747.462208][ T1145]        lock_acquire+0x19e/0x420
[  747.467219][ T1145]        __mutex_lock+0x136/0xcc0
[  747.472232][ T1145]        team_del_slave+0x32/0x1c0
[  747.477328][ T1145]        team_device_event+0x28d/0xa20
[  747.482769][ T1145]        notifier_call_chain+0x197/0x380
[  747.488388][ T1145]        unregister_netdevice_many_notify+0x100d/0x1900
[  747.495308][ T1145]        unregister_netdevice_queue+0x32c/0x370
[  747.501532][ T1145]        _cfg80211_unregister_wdev+0x16b/0x580
[  747.507669][ T1145]        ieee80211_remove_interfaces+0x49e/0x690
[  747.513980][ T1145]        ieee80211_unregister_hw+0x5d/0x2a0
[  747.519857][ T1145]        mac80211_hwsim_del_radio+0x289/0x480
[  747.525907][ T1145]        hwsim_exit_net+0x58d/0x650
[  747.531093][ T1145]        cleanup_net+0x70a/0xbb0
[  747.536021][ T1145]        process_scheduled_works+0xa5d/0x15d0
[  747.542076][ T1145]        worker_thread+0xa55/0xfc0
[  747.547178][ T1145]        kthread+0x2fa/0x390
[  747.551751][ T1145]        ret_from_fork+0x48/0x80
[  747.556674][ T1145]        ret_from_fork_asm+0x11/0x20
[  747.561950][ T1145] 
[  747.561950][ T1145] other info that might help us debug this:
[  747.561950][ T1145] 
[  747.572161][ T1145]  Possible unsafe locking scenario:
[  747.572161][ T1145] 
[  747.579594][ T1145]        CPU0                    CPU1
[  747.584943][ T1145]        ----                    ----
[  747.590290][ T1145]   lock(&rdev->wiphy.mtx);
[  747.594785][ T1145]                                lock(team->team_lock_key#7);
[  747.602231][ T1145]                                lock(&rdev->wiphy.mtx);
[  747.609239][ T1145]   lock(team->team_lock_key#7);
[  747.614169][ T1145] 
[  747.614169][ T1145]  *** DEADLOCK ***
[  747.614169][ T1145] 
[  747.622295][ T1145] 5 locks held by kworker/u4:8/1145:
[  747.627562][ T1145]  #0: ffff888140048938 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  747.638426][ T1145]  #1: ffffc9000490fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  747.648945][ T1145]  #2: ffffffff8e3b5a90 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x14c/0xbb0
[  747.658333][ T1145]  #3: ffffffff8e3c2ac8 (rtnl_mutex){+.+.}-{3:3}, at: ieee80211_unregister_hw+0x55/0x2a0
[  747.668148][ T1145]  #4: ffff8880641b8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_remove_interfaces+0x29a/0x690
[  747.678919][ T1145] 
[  747.678919][ T1145] stack backtrace:
[  747.684790][ T1145] CPU: 1 PID: 1145 Comm: kworker/u4:8 Not tainted syzkaller #0
[  747.692318][ T1145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  747.702360][ T1145] Workqueue: netns cleanup_net
[  747.707120][ T1145] Call Trace:
[  747.710388][ T1145]  <TASK>
[  747.713310][ T1145]  dump_stack_lvl+0x18c/0x250
[  747.717979][ T1145]  ? load_image+0x420/0x420
[  747.722474][ T1145]  ? show_regs_print_info+0x20/0x20
[  747.727665][ T1145]  ? print_circular_bug+0x12b/0x1a0
[  747.732852][ T1145]  check_noncircular+0x2fc/0x400
[  747.737784][ T1145]  ? print_deadlock_bug+0x5d0/0x5d0
[  747.742970][ T1145]  ? lockdep_lock+0xf5/0x230
[  747.747550][ T1145]  ? __lock_acquire+0x1273/0x7d40
[  747.752561][ T1145]  ? _find_first_zero_bit+0xd3/0x100
[  747.757833][ T1145]  __lock_acquire+0x2df1/0x7d40
[  747.762679][ T1145]  ? verify_lock_unused+0x140/0x140
[  747.767867][ T1145]  ? verify_lock_unused+0x140/0x140
[  747.773055][ T1145]  lock_acquire+0x19e/0x420
[  747.777551][ T1145]  ? team_del_slave+0x32/0x1c0
[  747.782304][ T1145]  ? __might_sleep+0xe0/0xe0
[  747.786890][ T1145]  ? read_lock_is_recursive+0x20/0x20
[  747.792252][ T1145]  __mutex_lock+0x136/0xcc0
[  747.796745][ T1145]  ? team_del_slave+0x32/0x1c0
[  747.801493][ T1145]  ? __lock_acquire+0x7d40/0x7d40
[  747.806508][ T1145]  ? rcu_is_watching+0x15/0xb0
[  747.811263][ T1145]  ? trace_contention_end+0x39/0xe0
[  747.816452][ T1145]  ? __mutex_lock+0x315/0xcc0
[  747.821114][ T1145]  ? team_del_slave+0x32/0x1c0
[  747.825866][ T1145]  ? mutex_lock_nested+0x20/0x20
[  747.830786][ T1145]  ? bond_netdev_event+0xeb/0xf20
[  747.835803][ T1145]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  747.841425][ T1145]  team_del_slave+0x32/0x1c0
[  747.846009][ T1145]  team_device_event+0x28d/0xa20
[  747.850935][ T1145]  notifier_call_chain+0x197/0x380
[  747.856038][ T1145]  unregister_netdevice_many_notify+0x100d/0x1900
[  747.862448][ T1145]  ? lock_chain_count+0x20/0x20
[  747.867291][ T1145]  ? unregister_netdevice_many+0x20/0x20
[  747.872911][ T1145]  ? kernfs_remove_by_name_ns+0x117/0x150
[  747.878623][ T1145]  ? __lock_acquire+0x7d40/0x7d40
[  747.883657][ T1145]  unregister_netdevice_queue+0x32c/0x370
[  747.889377][ T1145]  ? list_netdevice+0x730/0x730
[  747.894219][ T1145]  ? kernfs_remove_by_name_ns+0x117/0x150
[  747.899935][ T1145]  _cfg80211_unregister_wdev+0x16b/0x580
[  747.905563][ T1145]  ieee80211_remove_interfaces+0x49e/0x690
[  747.911362][ T1145]  ? ieee80211_do_stop+0x1e20/0x1e20
[  747.916635][ T1145]  ? rcu_is_watching+0x15/0xb0
[  747.921396][ T1145]  ieee80211_unregister_hw+0x5d/0x2a0
[  747.926759][ T1145]  mac80211_hwsim_del_radio+0x289/0x480
[  747.932294][ T1145]  ? rhashtable_remove_fast+0xc00/0xc00
[  747.937831][ T1145]  hwsim_exit_net+0x58d/0x650
[  747.942499][ T1145]  ? hwsim_init_net+0x90/0x90
[  747.947171][ T1145]  ? __ip_vs_dev_cleanup_batch+0x238/0x250
[  747.952971][ T1145]  cleanup_net+0x70a/0xbb0
[  747.957384][ T1145]  ? ops_free_list+0x3b0/0x3b0
[  747.962143][ T1145]  ? _raw_spin_unlock_irq+0x23/0x50
[  747.967332][ T1145]  ? process_scheduled_works+0x96f/0x15d0
[  747.973043][ T1145]  ? process_scheduled_works+0x96f/0x15d0
[  747.978752][ T1145]  process_scheduled_works+0xa5d/0x15d0
[  747.984302][ T1145]  ? worker_attach_to_pool+0x380/0x380
[  747.989754][ T1145]  ? assign_work+0x3d2/0x5d0
[  747.994344][ T1145]  worker_thread+0xa55/0xfc0
[  747.998937][ T1145]  kthread+0x2fa/0x390
[  748.002995][ T1145]  ? pr_cont_work+0x560/0x560
[  748.007664][ T1145]  ? kthread_blkcg+0xd0/0xd0
[  748.012244][ T1145]  ret_from_fork+0x48/0x80
[  748.016654][ T1145]  ? kthread_blkcg+0xd0/0xd0
[  748.021232][ T1145]  ret_from_fork_asm+0x11/0x20
[  748.025992][ T1145]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  748.029450][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  748.039536][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  748.052325][ T1145] team0: Port device wlan1 removed
[  748.147823][ T5088] Bluetooth: hci2: command tx timeout
[  748.649236][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  748.672317][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  748.680839][ T1145] batman_adv: batadv0: Interface deactivated: veth0_vlan
[  748.704936][ T1145] batman_adv: batadv0: Removing interface: veth0_vlan
[  748.723382][ T1145] veth1_macvtap: left promiscuous mode
[  748.739353][ T1145] veth0_macvtap: left promiscuous mode
[  748.753066][ T1145] veth1_vlan: left promiscuous mode
[  748.758828][ T1145] veth0_vlan: left promiscuous mode
[  748.853268][ T1145] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  749.009744][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  749.032351][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  749.053675][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  749.076638][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  749.179386][ T1145] bond0 (unregistering): (slave team0): Releasing backup interface
[  749.200298][ T1145] bond0 (unregistering): Released all slaves
[  749.827080][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): left allmulticast mode
[  749.844612][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): left promiscuous mode
[  749.853109][ T1145] @: port 1(netdevsim3) entered disabled state
[  749.880094][ T1145] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.942387][ T1145] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.009310][ T1145] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.051497][ T1145] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.194303][ T1145] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.262839][ T1145] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.332286][ T1145] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.389962][ T1145] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.508877][ T1145] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.560257][ T1145] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.601217][ T1145] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.650271][ T1145] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  751.703598][ T1145] team0: Port device wlan1 removed
[  752.230106][ T1145] hsr_slave_0: left promiscuous mode
[  752.236870][ T1145] hsr_slave_1: left promiscuous mode
[  752.244426][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  752.252609][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_1
[  752.261512][ T1145] bridge_slave_1: left allmulticast mode
[  752.271842][ T1145] bridge_slave_1: left promiscuous mode
[  752.287382][ T1145] bridge0: port 2(bridge_slave_1) entered disabled state
[  752.295850][ T1145] bridge_slave_0: left allmulticast mode
[  752.301498][ T1145] bridge_slave_0: left promiscuous mode
[  752.307619][ T1145] bridge0: port 1(bridge_slave_0) entered disabled state
[  752.320142][ T1145] hsr_slave_0: left promiscuous mode
[  752.326248][ T1145] hsr_slave_1: left promiscuous mode
[  752.332064][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  752.339767][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  752.352639][ T1145] batman_adv: batadv0: Interface deactivated: veth0_vlan
[  752.359906][ T1145] batman_adv: batadv0: Removing interface: veth0_vlan
[  752.368567][ T1145] hsr_slave_0: left promiscuous mode
[  752.374162][ T1145] hsr_slave_1: left promiscuous mode
[  752.380089][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  752.387511][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  752.397844][ T1145] hsr_slave_0: left promiscuous mode
[  752.403425][ T1145] hsr_slave_1: left promiscuous mode
[  752.409163][ T1145] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  752.416764][ T1145] batman_adv: batadv0: Removing interface: batadv_slave_0
[  752.427974][ T1145] veth1_macvtap: left promiscuous mode
[  752.433475][ T1145] veth0_macvtap: left promiscuous mode
[  752.439082][ T1145] veth1_vlan: left promiscuous mode
[  752.444318][ T1145] veth0_vlan: left promiscuous mode
[  752.450313][ T1145] veth1_macvtap: left promiscuous mode
[  752.455825][ T1145] veth0_macvtap: left promiscuous mode
[  752.461904][ T1145] veth1_macvtap: left promiscuous mode
[  752.467520][ T1145] veth0_macvtap: left promiscuous mode
[  752.473044][ T1145] veth1_vlan: left promiscuous mode
[  752.663426][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  752.684183][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  752.695511][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  752.719761][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  752.769413][ T1145] bond0 (unregistering): Released all slaves
[  752.879356][ T1145] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  752.912728][ T1145] team0 (unregistering): Port device macvlan0 removed
[  752.974874][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  753.010569][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  753.030678][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  753.052897][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  753.078066][ T1145] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  753.139203][ T1145] bond0 (unregistering): Released all slaves
[  753.198006][ T1145] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  753.278388][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  753.299903][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  753.321077][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  753.343723][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  753.367702][ T1145] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface
[  753.425589][ T1145] bond0 (unregistering): (slave team0): Releasing backup interface
[  753.448031][ T1145] bond0 (unregistering): Released all slaves
[  753.499949][ T1145] bond0 (unregistering): (slave geneve0): Releasing backup interface
[  753.554081][ T1145] team0 (unregistering): Port device macvlan0 removed
[  753.644308][ T1145] team0 (unregistering): Port device team_slave_1 removed
[  753.668368][ T1145] team0 (unregistering): Port device team_slave_0 removed
[  753.688355][ T1145] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  753.710238][ T1145] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  753.782812][ T1145] bond0 (unregistering): (slave team0): Releasing backup interface
[  753.801851][ T1145] bond0 (unregistering): Released all slaves
[  754.429565][T11965] page_pool_release_retry() stalled pool shutdown 1 inflight 60 sec