last executing test programs:

4.475975609s ago: executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000010000000000000000000000711211000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vxcan0\x00'})
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x3, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x98, 0x48, 0x800, 0x70bd27, 0x25dfdbfe, {0xa, 0x0, 0x8, 0x0, r3, 0x1}, [@IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_ADDRESS={0x14, 0x1, @private2}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}, @IFAL_LABEL={0x8, 0x2, 0xb}, @IFAL_ADDRESS={0x14, 0x1, @empty}, @IFAL_LABEL={0x8, 0x2, 0x4}, @IFAL_LABEL={0x8, 0x2, 0x2}, @IFAL_ADDRESS={0x14, 0x1, @mcast1}]}, 0x98}}, 0x0)

4.33811278s ago: executing program 4:
ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={<r0=>0xffffffffffffffff, 0x1, 0x7f, 0x10001})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=@newqdisc={0x58, 0x24, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, r1, {0xfff2, 0xb}, {0x2, 0x10}, {0x3, 0x1}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0x3f, 0x1, 0xb2, 0x62c, 0x9, 0x6, 0x1, 0x7ff, 0x800}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20000080}, 0x4005)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r3 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r2, &(0x7f0000000580)=ANY=[@ANYBLOB="034886dd040032000300300000006000000001002f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120086dd"], 0xfdef)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000680)={0x40, r5, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x2c, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @random="f7ab87594b3f"}, 0x0, 0x0, @random, @val, @void, [{0xdd, 0x6, "8b7668a21729"}]}}]}, 0x40}}, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8953, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0)
socket$packet(0x11, 0x0, 0x300)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000005c0))
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000010900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a320000000070000000060a010400000000000000000100000008000b4000000000400004803c0001800b000100736f636b657400002c000280080002400000000d080001400000000108000300000000f408000300000000e0080003000000009e0900010073797a30"], 0x140}}, 0x0)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000004c0)={@loopback, @local, @dev, 0x0, 0x7})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)

2.947897507s ago: executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), 0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x13, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1}}, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1d, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x50)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xd)
socket$packet(0x11, 0x0, 0x300)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0)
syz_genetlink_get_family_id$l2tp(&(0x7f0000002100), 0xffffffffffffffff)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, 0x0, 0x0)
r4 = socket$packet(0x11, 0x0, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, 0x0, 0x0)

2.784656519s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xd, 0x5, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x0, 0x10}, @jmp={0x5, 0x0, 0x4, 0x8, 0xa, 0xc, 0x1}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0xa}, 0x1c)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{0x0}], 0x1}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = socket(0xb, 0x1, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="9feb0100180000000000000000000000000000000900000000616100515a338d2e2e2e00"], &(0x7f0000000440)=""/61, 0x21, 0x3d}, 0x20)
r3 = socket(0x200000100000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00'})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="800000000001000000000000000000000700000000200004801c000a80080003400000000005000100000000000500011e0000000008001a40000000004400018006000340000000000c00028005000100000000000c000280050001000000000006000340000000000c00026bff963ac981050001"], 0x80}}, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000380)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYBLOB="18799d774ec3567886f81901fb80b10d06205955ee4c499777e2bb593e4bfa99ca5369ddd001587939f7d600f83d", @ANYBLOB="14000200fe8000000000000000000000000000aa14000600"], 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
bind$unix(0xffffffffffffffff, &(0x7f0000000180), 0x6e)
setsockopt$PNPIPE_HANDLE(r3, 0x113, 0x3, &(0x7f0000000200)=0x200, 0x4)
listen(0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r5=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r6, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c)
close(0xffffffffffffffff)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="08c15964", @ANYRES16=r8, @ANYBLOB="010000000000000000000a00000008000300", @ANYRES32=r9, @ANYBLOB="180050800400050010000880040002000500020000000000", @ANYRESHEX=0x0], 0x34}}, 0x0)
sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f00000007c0)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x60, r8, 0x100, 0x70bd2a, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0x9, 0x55}}}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x37d}, @NL80211_ATTR_STA_SUPPORTED_RATES={0x1d, 0x13, [{0x12}, {0x1}, {0x5c}, {0x11, 0x1}, {0x3, 0x1}, {0xc}, {0xb, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {0xc, 0x1}, {0x2}, {0x24}, {0x2, 0x1}, {0x24, 0x1}, {0x4, 0x1}, {0xb}, {0x24, 0x1}, {0x9}, {0xc, 0x1}, {0x5, 0x1}, {0xb, 0x1}, {0x6c, 0x1}, {0x6c, 0x1}, {0x36, 0x1}, {0x18}]}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x952a}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x4db}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x4c000)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000800)=ANY=[@ANYRESDEC, @ANYRES16=r4, @ANYBLOB="010025bd7000000000000800000008000300f6bbe1847b7128feeb8f4542f4cf6dbc44c365132f783f4e63dbcf72d0c562cc853662bc9f7a07e209e9c65c860000004f5c5e9b36ca8ea80aa7a90fc9fcef7d50767b6c0f848b35c722222f8254386f55ff27efb13e70a700000000000000", @ANYRES32=r5, @ANYBLOB="0c0099002000000025000000"], 0x28}, 0x1, 0x0, 0x0, 0x840}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="4400000010003b150000000000000000000000008b511fe812f247dcb8decd06195a4f5b084747eac3f3bc71e5bc4c3d1d24408c2b87d4b7fdba0756991d2fb2cd09bcda160eefbd3593bb14c1", @ANYRES32=0x0, @ANYBLOB="00000000000000002400128009000100626f6e64000000001400028008000500080000000800040005000000"], 0x44}}, 0x0)

1.95111559s ago: executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000280)=ANY=[], 0x78)
socket$inet(0x2, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f00000001c0))
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000011c0)={'vxcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000001200)={0x1d, r3}, 0x18)
sendmsg$can_j1939(r2, &(0x7f0000000440)={&(0x7f0000000140)={0x1d, 0x0, 0x0, {}, 0x2}, 0x18, &(0x7f0000000180)={&(0x7f0000000340)="aed76e2ee868d29636", 0x9}, 0x1, 0x0, 0x0, 0x408d5}, 0x0)
connect$can_j1939(r2, &(0x7f0000000080)={0x1d, r3}, 0x18)
writev(r2, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x45}}, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000240)={'vxcan0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001d00), 0xffffffffffffffff)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r9, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r8, 0x0)
r10 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r10, 0x6b, 0x4, 0x0, &(0x7f00000007c0))
r11 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r11, 0x8946, &(0x7f0000000100)={'batadv0\x00', &(0x7f0000000080)=@ethtool_gstrings={0x1b, 0x1}})
sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000000740)={0x3c, r7, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x1c}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x999}]]}, 0x3c}}, 0x0)

1.832413516s ago: executing program 4:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x4}}}]}, 0x40}}, 0x0)
setsockopt$SO_J1939_FILTER(r0, 0x6b, 0x1, &(0x7f0000000280)=[{0x2, 0x3, {0x1}, {0x2, 0xfe}, 0x2, 0xfd}, {0x2, 0x2, {0x0, 0xff, 0x4}, {0x1, 0x0, 0x1}, 0xfe, 0x2}, {0x0, 0x1, {0x0, 0xff, 0x3}, {0x1, 0xf, 0x2}, 0xfe, 0x2}, {0x2, 0x3, {0x1, 0xf0, 0x2}, {0x1, 0xff}, 0xfd}, {0x3, 0x2, {0x1, 0x0, 0x1}, {0x0, 0xff, 0x6}, 0xfe, 0x2}, {0x3, 0x0, {0x0, 0x0, 0x2}, {0x1, 0xf0, 0x2}, 0xfd, 0xff}, {0x0, 0x2, {0x0, 0xff, 0x4}, {0x1, 0x1, 0x3}, 0xfd, 0xff}, {0x3, 0x0, {0x1, 0x0, 0x4}, {0x1, 0xff, 0x1}, 0xfe, 0x2}], 0x100)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r3, 0x107, 0xd, &(0x7f0000000100)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000002400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000e00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='jbd2_handle_stats\x00', r5}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes\x00', 0x26e1, 0x0)
mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x7fa962bfffff, 0x13012, r3, 0x0)
ppoll(&(0x7f0000000140)=[{r3}], 0x1, 0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x16, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x53}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x90)

1.603099336s ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
socket(0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'wp384-generic\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000004a40)=[{{0x0, 0x0, &(0x7f0000002d00)=[{&(0x7f00000008c0)="78597553acacc5bfed260a5e9af01c949c6c876c386509b03e85ffdb64f7f18c2572d60d75dbeaf7626803bad07d4646a1e9d994017fe0fe2842713bf4d100fce0744424f9c7a1525963fae66f0f53f23806850542bb31353ee56b9a18e1b45578f20c842ed3dc83afee6b251e5babd7683cffee41379e4105d385946384002ae951c1411849516c871dfef258746b57c9985d643bc01546607f293bbf2d075920554ebc3cac364d149eae0404b9eebdbbfa5f1801bdfa93475f2205c59bbaa185b38e679c0ec32f32de19fb4be0791c7900d7746b6be4ff", 0xd8}, {&(0x7f00000038c0)="aefeea9acc3ac40c6b28380dda21933a8b0ccf13cc37b8e69c3e4693909c1635eca5a35138e231909c65ed197d2f4ad1d5358cb8bf93f0ec379a36bdc47be231071d480dbae1135fd0681c9bdb98e05ee2ccffe9a7ef2ae54cefc7d1c7fb9b7035a99506bc37b1f2cf4268a1b438792dc4a0bcea2be85a3baccc8eef2f91a88be5dfc475a97e31de6760dd3ebf34e2491f8170c1fa763d2b72ae6dd254cfb914f13fd572dbaab60e19774888ea2a46eac0ba421368f558d1dc1ad0afb542f5a20a2f66377435b1a7b9d1ddeadbf8a5a0dbe0cdedbf8283af3b5b74d3aaa087f78da64d6a3182c0", 0xe7}, {&(0x7f0000001a00)="d1b0", 0x7fffee41}], 0x3, &(0x7f0000003cc0)=ANY=[], 0x80, 0x2}}], 0x1, 0x0)

1.365311117s ago: executing program 2:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0xadf962c4cf3ba0ef)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="880000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000006800128009000100766c616e000000005800028006000100ffff"], 0x88}}, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
sendmmsg$inet(r3, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000880)="2085fbf258e8629e7804dcaa83e163cab84944ac7ab76749842a16036ce0e0878be2315141c29a9d4fee13e7f8a642b0ac26de5d54b5abd30ef81ebb43efae8cb5684e7a2123c1186e9cecc4aaaa7c22b617ed8d0e69de96fdac7f625b7b562a01f4e452034e54ed8b0db9d7103979ceba9ed608c6da425e086f2f7908fca1439685e2e182a3e67d5a30b905c1f424ad2de4ce15172d537ed80bc687b5d31948127730b60688aeed2d50ecf942708671a24f052c6b052177f7dce95b32bf4875773eeda5d405c99524", 0xc9}], 0x1, &(0x7f0000000980)=ANY=[], 0x1e8}}, {{0x0, 0x0, &(0x7f0000002e40)=[{&(0x7f0000000cc0)="bbaff3a703cb1a169755fd1fd36f397e77e94a34c57bd25d4abef85a9fd8", 0x1e}], 0x1}}], 0x2, 0x0)
ioctl$SIOCGETSGCNT(r1, 0x89e1, &(0x7f0000000000)={@multicast2, @multicast2})

1.300611529s ago: executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
setsockopt$inet_dccp_int(0xffffffffffffffff, 0x21, 0xa, 0x0, 0x0)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000740)={'team0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x5c, r1, 0x9, 0x0, 0x0, {0x11}, [{{0x8, 0x1, r4}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}]}}]}, 0x5c}}, 0x0)

1.213622072s ago: executing program 2:
socket$nl_route(0x10, 0x3, 0x0) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000500)=@bpf_ext={0x1c, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="c8577be3", @ANYRES32], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x0, 0x20000001}, 0x8, 0x10, 0x0, 0x0, 0x2eaf3, 0xffffffffffffffff, 0x0, 0x0, &(0x7f00000004c0)}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x42}], {0x95, 0x0, 0x700}}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x22}, 0x80)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xb, &(0x7f0000000080), 0x4)
r0 = socket$tipc(0x1e, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000005c0)={0x40}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.events\x00', 0x7a05, 0x1700) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080), 0x4) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) (async)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
unshare(0x69a04c8e98d914be) (async)
setsockopt$packet_add_memb(r2, 0x107, 0xa, 0x0, 0x0) (async)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000180))
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001040)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'lo\x00'}}]}, 0x38}}, 0x0)
write$cgroup_type(r3, &(0x7f0000000000), 0x180000)
ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, 0x0) (async)
r5 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'xfrm0\x00', <r6=>0x0}) (async)
r7 = socket$packet(0x11, 0x3, 0x300) (async)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10) (async)
sendto$packet(r7, &(0x7f00000000c0)='`', 0x1, 0x0, &(0x7f0000000240)={0x6, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14)

1.033045451s ago: executing program 2:
poll(&(0x7f0000000180)=[{}], 0x1, 0x80000001)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000000)={<r0=>0x0, 0x7, 0x9, 0x200, 0x1}, &(0x7f0000000040)=0x14)
getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000080)={r0, 0x911060e}, &(0x7f00000000c0)=0x8)

903.627918ms ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYRES32, @ANYBLOB='\x00'], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000e80)=ANY=[@ANYBLOB="240000000214010009020000000000000903020073797a310000040008000100"], 0x24}}, 0x0)

804.966108ms ago: executing program 3:
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
socket$packet(0x11, 0x0, 0x300)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x31, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose}, [@null, @default, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040), 0x4)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000200), 0x8)
socket$inet_sctp(0x2, 0x0, 0x84)
shutdown(0xffffffffffffffff, 0x0)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x8, [@enum={0x1, 0x1, 0x0, 0x6, 0x4, [{0xe, 0x6}]}]}, {0x0, [0x5f, 0x0, 0x5f, 0x0, 0x0, 0x0]}}, &(0x7f00000005c0)=""/4096, 0x34, 0x1000, 0x1, 0x7ff}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x17, 0x5, 0x1, 0x7, 0x400, 0x1, 0x18, '\x00', 0x0, r3, 0x3, 0x3, 0x3}, 0x48)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@netrom={'nr', 0x0}, 0x10)
ioctl$sock_netdev_private(r2, 0x89fb, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000002400)={{}, 0x0, 0x0, @inherit={0x70, &(0x7f0000000180)=ANY=[@ANYBLOB="000000000000000005000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000004"]}, @devid})
r4 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0x800, 0x0, 0xfffffffd, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbq={{0x8}, {0x1c, 0x2, [@TCA_CBS_PARMS={0x18, 0x1, {0x8, '\x00', 0x1, 0x3, 0x4, 0x1f}}]}}]}, 0x48}}, 0x0)

762.775666ms ago: executing program 4:
unshare(0x20020480)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0xa, 0x3, 0x2000, 0x8}, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000080)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f0000000040)='%pS    \x00'}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000280)={r1, &(0x7f00000000c0), &(0x7f0000000180)=""/232}, 0x20)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={@cgroup, 0xffffffffffffffff, 0x13, 0x0, 0xffffffffffffffff, @prog_id}, 0x20)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0xd, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x2, 0x1, 0x80}], {0x95, 0x0, 0x700}}, &(0x7f0000000000)='syzkaller\x00', 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xc}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xa, 0x4, 0x3, 0x8}, 0x48)
close(r4)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x0, 0xb3, 0x7f}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x60, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x2}, @IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}]}, 0x60}}, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="300000001a0001000000002b9bc800000a000005000000000000000008000400", @ANYRES32], 0x30}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800003d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r2}, 0xfffffffffffffeb7)
write$cgroup_type(r3, &(0x7f0000000140), 0x9)
r7 = socket$inet6(0xa, 0x6, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r8, &(0x7f0000000200)=ANY=[@ANYBLOB="4a00ffff07"], 0xd)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c)
socketpair(0x22, 0x2, 0x2, &(0x7f0000000000))
listen(r7, 0x80080400)
r9 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r9, &(0x7f0000e5c000)={0x2, 0x4e20, @empty}, 0x10)

634.143844ms ago: executing program 1:
syz_emit_ethernet(0x3b6, &(0x7f00000020c0)={@multicast, @random="caf6e222e6aa", @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "430093", 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0xc00, 0x0, 0x0, [{0x19, 0xa, "a78ce5400659808000ffffc0fe4023493b87aafaffffffffffffff2373247202fa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2602"}, {0x0, 0x1, "ffffffffff6000000800ee00"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23a5026e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x0, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f019"}, {0x21, 0x7, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e4163ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d52cfb3f27fafa40845f90b6dfc87c6905bbc94d33e4575c853105f543e8e8a8a73b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb1fdc5fd020000000000006ae88c001a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbfeb532188b196e213408c"}, {0x0, 0x5, "d517fb2cf1a4ffdc1b7e018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

629.206995ms ago: executing program 0:
socketpair(0x5, 0x6, 0xfffffff9, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x7, @mcast2, 0x4}, 0x1c)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000080)={<r2=>0x0, 0x7, 0x9, 0x1, 0xffffffff, 0x4}, &(0x7f00000000c0)=0x14)
setsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={r2, 0x100}, 0x8)
setsockopt$netlink_NETLINK_RX_RING(r0, 0x10e, 0x6, &(0x7f0000000140)={0x9e, 0x5, 0x40, 0x750}, 0x10)
writev(r1, &(0x7f0000002440)=[{&(0x7f0000000180)="be005a6373e1a7b87f425600b9f853260111ceb026455c6219", 0x19}, {&(0x7f00000001c0)="f878938c13a248b2c275cba9971dab65d57e7aada3bb43a1530f18dd0682105473cd2aa09438bd86097b339b6e15cd7a63f6530700b699ed34dda3e68f37631cd63ee3269bf74fee8c3948372871fd28f358575911ea2331ac729e584ac9f730eba7e072788bc5b5878f8d7728e2424894c37288008a0fd9fe440cb10bb5c26b458d51e46a57f3ac10c025bba41bdb94e16d87d5b01cc4ca6a45d37786951bb35b", 0xa1}, {&(0x7f0000000280)="b39935a7a55b61540b213d32e12de8e97f60693d2931f301406df8ad45eca2b12f527c4cd04736391864fd5442c8200a817b44408e7c7422b2ee8d01c8437db48fe06ced419bd836d69a2c2822f8f37d0b2843de113ae1480d47cda24f96f496a7fcbf4a4ae0bc66c5e180eb3d21624df6b10015ef858ae0582eae6a7ad9f3910e181637b8a8cfe29daba6f1c8dba6a7a50fa83fd6c4d4f7f0f7a055e9c4c9258b3729d031755c7ad72b055474af09a0271eae164acbd404ca249ac5f6c4aee899b9c9d78241ce057013a783ea88ae31caa68d97a63fd0928880aeb5b97c60515c5185fe7271d1c70519d2db009a8b35c9544683cd9e4c68b1f5e5686ffbde5c00ceb9a9d41a7345d77b6c58abc62461187f4323b066911a1a9c1bb622aa024a8ccc8d09b0b9a5550142fff5cc75325e2e804aed50f0eaea0af0f3f81681ff994e25d21ec325c4233e5904e59684d29dce938c14bf53b4f0427a5ebd00f60ed19e74ffead9b76dade2e34e5309e83457b10efa8618b5da3f6aade206df447d6f5cfc51ad9dafb4800027f78df6ea82b64f24bbeb91ed94e6a39e25e9e016f464a800721b207d7c543946f85a4e3cebcb3759e74f158dd7766b2eccfdcc073c1d4370d0718b15746b21768a6f43707152a3dd5a1de79b1ed58881681b5114284369872d9712d9db3ea855fb12ab0c846108f63eb9db155860ff6936a819e4c1272c1943d3bd16d674d9ae1dd8c0c654f0462300661c7372be0fcfab57008b399decde34cbb23eddbafd5ce5af7a953303d49ba58c4dbd6ab00ac4ae45821d599cb5212d5bad75ab8e05e584d5659d56b0b513ef3c63979c4ab85a0d5f23b6928536043a327020a7bf117fad40eae8df8d3108b1291cccb8ae1adb909440ac9963aa2e5acace4eeff3a4670124ceff4fffeba13de02a12d1676e8e28c0d0739e1297bb12fc8769246b81d0c747e1d494008decde835602c68a9b07e847f043d293c8f7a3322fd1f39d57eb19091f2f5533cf4485c0f616f6cd9ad0e005493702806aba1412c5b67ebc802f7230f6f7bcce5211c6035be6d1cb3648abe4d775320f9831c6702f388f308c04bdab582384e946db2f8e9f911aa1997474149c6fafeda910fa82a7ea78e3d2b75395dfaebc03437a75db0a82d1653aab129e2cdae68f545a9a17fe1f846fcadd9fafe00e5223f1fca5fafaf9dd5d83ea4df3d044f9577f6fbcc457d7dd74c525b3b8264817ab047927eb98023bc15c2c35cfeaed336b59be1162e2c121baf11ad05d09720ac7e4f51caabbb838f9e3985f17a5ce989d24bdbf0105ee3510c07373bf44a2106ca523d0d1503b5966e6df8dc73defa532748cd7b73bc4afa96ee95bf22f259b84a1c27dbbe80a115e4a3af1f84e9c9fb12f20f1236fab96f7f4915dd6efcbed51a425a5a6005a9d225aa6185347eb5c64cec52de780d83b0a122ea2f921c34069687f81dcfd07aefa5e580289b29440c859164cbba314fd3c1723e3b7850ec252cb042de11dc6bf01643ad2a5aa08f1268b701188b5e6c17aba36bebeaab03bef869313752d578084d90085b893a1357f3c34d06210d16eb70ba1c30eba2434407b7fd5d837ca96ec43717db3435fe504893945d92a75bc381e41dcb0641df00807ff4b5f1f4c712c7e9f60537a630fc0e91151c92067473edf686dc5b5fc7f4eb114fa2298a238ee6acdd39676d7274670df5541f2f8fb6ae6932078b01d7dd73a26b5f383f473ca84ff7e9b9ec98846b3fc8d4b0ad8feb5c54b5ec0f89d9c8a536d001b35401205851d512d498ddd850db7222d0f24c51ef221eefa27dbebe950ac4884e94762d612fb75933df45608610cb2b1adf1a406e6786221b907c70f0cdfd643d19ae1970cf7292def878e2c0ce017f3989b824030d76ac99c66d6433752746d6f86b1f7c3661a9533ddc0d3214d0343adbc870c8996abdedc188b7b5a6cc26ff32b72072b7fb6607e6912de5176027dc3afad68a396075d610063287eff14505bfbdbf7e431df088a4bad4562a117497ea3bc3c091d4f4061cd8600bd8e0c4bc3fec4cb282d5c3d09af54febd6dd851fa7516fe141d86f9df8e832cc097cbee432eb957971c620b65e388d7964c8897b4a5ae64e4555c870da8906d3bcfa6480343d1e24e2563048f913bc047126e060a6b50d378f8dc96cf5af983a8de897368698bacfe80e92ceacd0e60762863834898f0d0c06deda5b8d879f8cadec79abbbf4fee40d871b0be58b9f730fe0246ef6891d52869ce18f9ddd93352b286184e36bddce6492ab2b4f9cba4086539f546aa91c425655f3c5873462853a229014a5cb7e6648b205e721de0e492a7276683f067892b0f373b6e40bcdde37e58204383b012a2763bb1655326ee999087c9361d76962da2ef8ab8c63a34d9761644a0ff28953c8fd6e2e2974dc3358df01c1c31b5d06dec3b16623defcf7e93460f1c90615a6f91d1ca59c4920d660570f564ff67d89973ccc72856ec8fd6e1aba8e326d22c0444a9d6ea1c69797e8c99c7af4b81b14abbea19000edfecd5413506a84359bba14b8f536ef7a16963fe1f7b6b64d4713f1ef8994968a448862b1be778bc6275cf3e088c6e411e2cf4582ad272ba75153a9f98694e5ae20c6431193786016d16f27a9718a5d762e6ea75df963d1454b0fed444528d9fe31c5151e9233ca881a3bf9bf99d30af7ca8340554d7f3ee629e5fc7add9663a2cedc469eaf90064877381543c26c3fd6dc8befa72f1bbc5c3e1e90d3fd8183b975e400dfef64fe81439fc48382267789a5b81dcb9c401280bb12be86eb2fb6d12a830f8fce4488e39e050234cba80741c4046811009bfc9f905f076ee33cabced110c7a56ccf13ff64b0a797c5713d69b4f30ee2a2a4ca062dc4a53850aa4711d26078bd85dc57316aadea7f9f4c8550d9d5aad932f7cbe416dd827456ee1f12462012eed62aa25bc6b8da2295e7dd13f3a940fc3cf8d262047cb2cc61634ffaf5afc9ba02e15449cc33b9da327fa8a1b291fd33724a2d7d5e60fcf1166729f5a0bc473e848ffc8c05330e7002e209bff5944b4d532bb2d794111ad41b275aaa74686fca0109643dca276d0786b3120325debc6afda62923ab0dd4f6d35039c30bf7b4413c02779a2a92a14c0f3d2e3e0a0c37a0244a0e1ac3a9f5c849196aea1edfeaade0320b90e703d4b47e0d0dc51a54f585e80d5af1864f0875fbafa3c52ffbf9ea1548d70db9c7b2c285386f1ab86a293448ce967d524eefa04351d4d0b74c54732ca2974359f6c213667a2f13552b3f7a8f48f7b4383961abd5b32b8248c30a0bdafc0dd18b1feaaf19e3373ff8a687123516211fe55df596952b56961161c40b8a7f65f52248c7402b1339e782ee795624f7996f6e77e26b6a436da76f06b54dadf67fc9276329e23805e1409bd09e3ef53acd43aff7129814996c5e486855f9c4dee1ea249801a39b0f494d69b9eb1cf13ca0c5917420e39c6c6132c978e05fe36dbd0a82d2b7468120c66831b345bdb50d47c2aa17d6e674d93b50031f1ad9d3fed21846bd698f9b5411256d6f35282d2f282576e37ea24ad1bfcc9160e3a515fe55c2399b92dae22b7670510f9328f5d195051c5a9ba05408f1d4fec94a0899474fea1d26c271d6badb7a98d517f0b34f234256088dad431d4b59a654ab0dcf083c85c93a6e2d43ed04ef86a0d41aa7c79b9e20927ecddbc5a20850b05be3e1590595d08cf5bb07c2950b89204466a0447583c9d78117fa72250c480b9bff328c38f40d48e781a7ff94377d09dff84569ea96a6b9e770d047283760aebf7469a78693fc7a19b88fe1bd6007996492f2a730f666d7547306eafa3eed3373fdfe45766cf94b4e5363350e13d4b6ac52aa10db1b6b7fd3cdbdbb26771478f1da3da1994cf5b897d9d87e9930e45e6c7e0596c66639618184b6f5fe859ddd394621916cf25cd3eaf5656cd4d5ab5dcbe14b4f11f0d01e92662b2bfe82781550df2b6d6bcf97cd969aed7246fbe136697e52a752038402ef0b8b31a4fa5a73730832bed01a563accfbaa40d265ae9bda930b1a09c2d4c1b069dce7b234db809ae9537ed55555e36504064ae05a7279f494a277d667d4c02d390ceca34c57ed9371094787cf8a8beae79219957a2777861b482a30713d7ee4cd44c371ecfa8715aaf4434b75a691590154078710ede7c0f48a9ab77bf1f210bee3d687cec1cb94ef0268ac634f3e278f8640c28d1d668998f597a4d4d4ebb6b896c0ec7d2a9a044a5919e9f27e95620bc3aefbc247b2b7f7150af539441840ac7344dce1a94a48314cf780fb0e4b052c83f033584f88ea2a72c256fe667dc77761c6afae4e8bbdbf4f0849a4d387552396f1842045bdc305dc732015d77eb40b7418d24a1afc104d6d24bfa8c0fd928a5fac6712699f9ba0375ad446fdc4dd17dd6a1d63c69240f08160ec336e679ca295536813447ea980baf873f1aff183c90cf82fdf23bc828ddbe251e39e9731f3f3e8673c116fde56b03c99edd808292df4ed633bdec285451384aff9bb9b9c28aa59a3089ddea1cd729fe17c18255f24c7061fe7c149cbb24d902097f8e7ad288178e200ef0622452387ec664ac04611f1ab4d0a88a955cc252e9bb22dbc6d5eb83b0859870a9249b443a080bc66063252ebd65c70f727219eab9ef1b35dd0d09e20a4d47b0ddd4ad88dede7d252be1c078e3f208bb376e86ff93f4049b4d13abc7fea8464faee57c01a23a514a75512decd78a8a93797f0b765c025ce7f488c8a1d49c698776a15d4339af90a527249704e31f4ef92d5bd31944d312ad8ca4274b24fb8c192739c3fa361bc51f0ddc7de93e5d028954dc4ee26c81bbf469c614b43f401158d2ae5353df5e5e67da2cd35a8e2c1bf947801058056e0189503d37ec75311d7a965805f1d4774cb6c0579106c8e8e8928b7f53c47e5475f8d29656fb7608261b5de6e2a13f805582620ba1534c539fe82773b8cbb4776e225a7e82b972574821eb4ade655afc9210279b2222a1802e09cb5869cffc9571205676a49d9fcc43431fba1bc461780e3c41cb4a715ef66901ffcefa374f12d15f9e2345cca1b4c87155c6c7014ce042bf07d780b98ed051e69453761aa1c924a86b318b1ca8fb05b612ead0bac9f043e1f1bbbc156fef300e0a8b71d553e99340f7f0649a3a6717dd9bd588f8892b3bee2503c0924609e347f51c2a479483543a72464c962c42b9debab1a481e3c9f8a6342108a1d9e0efd35ca9809f4d6b6d378f7f2799cbb4c614b44af6be9d754b4e5acd13d8c3b29a42899e6f13b50a5ec581e9acc787fc2fd22b962fdb0399548d346266d8f96843ee443ba508c0796ac9a1a14927c60e6a9ccd9277816992f7f1b539cc59ec2f4470753d822865f5b64cd3b240bc522b5d1825a28167e6bd17c713a3e7059c1ce0e0fe44931ecee007890fc9e3d9926de6cc25520679fdb3bed6c0be3ef99c493f5ecd1719b1bc6fbc0995f25a303f2640fa0b2f97b123ad90840b906049816f0b77292bd489a9e52621eefa9ec662b79f0de3b8144fb4d00fbe21b768478d43234f4c22d41bec8dc68801d1cabf3a8c58912c721ecc82e6cec98c9f322320b6d6325dc52800843fb1ed2ffdc2dd3d42686674baedba4edd10955c27840ab81aadf47087643b92af22d7f3821938d34fcbc27b4c99a52f7a2a6ba1fed2ea24898683af7a789b5cbf8dbd544917a5180ac1169c978f84671ee044f674fbd754e108b11dddeb7cef6a1b472eec26418a09aada", 0x1000}, {&(0x7f0000001280)="56a0b1ab76a365b808a43bbde898796700bc5bb6ea5d699e5d0dc2383ec6e1e6d39f24626994b01c302c31550e40", 0x2e}, {&(0x7f00000012c0)="f06cd619554377b051e46a2ba8ac7d73ad4f80e4a4b714fcb16e300b5374fe944794cde6fbb02e0015c5b32a3245f03502b82268ec396cfcbcccb89fdbdef063628530ade1668409fc55b57916142321fc2f4dcd5f818b58908b73ede5a38dbf96a68e3afb17bbda1e256de91c2d80f2f1c720a2a9eb1232cc6d5173f2e58f40a3e11d0885c0c1bf71d0f849c9f97fed66cd9e48dab4145f41b697c1dea6942d2983b59cb1ee94fe2cde67403554fb5c655566c2de5deaf08608", 0xba}, {&(0x7f0000001380)="1d37dcefd55670c41d0dc78c1af6bdfc139c88f13ab9761542c5eaf3254b3378388ee360ff772d60502c3f05d40de97fc7556b9a10e9eb4dc44297c651b17c796ceaa64c09ee040bded8e33f97cd22a1b75f874ce85d8c53219c63e09555e0682ad5e369639b5396e57367270f8656aed5dce5515e5be08ae2b6ca1cf5a5b16ec563be1509413131cf12fe69a399ddf1e157ed17215cf16c206021533bb4839130c5e090b839e2bfbab2ca7fd1867e1c7d55b06d262b9acb5c613d492a9d9615f1b72ad717e80f9d47b275e96c7b352c06354411b3a03fc0ed074f02951f446c9d146c7b2c55a019a5734eeb9a48c333fc731614f74d413be411b5b50310c5065d547f9b164295bfa13b2833ef6f52d8add785ba006ab2974928c6e13a0e6744604e2e371412acf82e7a9839bfe7c78011ddbd5e8a6a192b333a51c88b58bd63f862b22b28cd3e3464695ba287684e1409f051c42d4ee47806b62dc54749eb008c344ff1682f8b797963266d8a6f1e5b9681759415d93fb94eed18a2e5f81fd016d698410849b94a2840c48d55336c93549903e37873d5e24e003f2fbeb2d9bb0f9c485aee3ab134e3d0b105be665c2f0ea4722f109cdd99d4b66438b0dcd9f31b119c453a0d264bf95c7603fc54cfdc0526bae2f97fd54809446f42a10b57131c6a97ca416181a644f703a5b80f36598fbe119cc8fab422a4fe03da5f872d67c0bc09bda2314959f7bf30db23ec2df386504547bcb9ec81d2d407968562613868ed7b67d808ef7259089a96da83d760c44eb4fbd65ded600d8dbb4fd080c56d153f064113261c07c031672f30cb8d115e54c80791eaac9b1f55f06380a5286b4be5e0261a9e120286ce4247bc0445fe9c14268aabde45ce3e63564bb8bee856e97ae1750c423a8fe58ef3edb0ce77e7258170a82af3967d8cc006153ed1add87efbe60dd17c7eb4bb323fd6fde153911b96e930b77a8dd3d046b1465b9ece8704f20dd6cb6433c30d3cde73bf068baed00062fba01b970901c4796ca8aec3953fc43cc3232bb1a55b08ad13db7efd396b0982b92632cda206654a3f593ba0661e704fc9d5abb96ed46f7dd460dea3aabc712930e83dfca5ba35085a78ba011eabb0275d30cc57333447bd7411ba8e686eacfe2f0717c9dd7aa90b2fb61eef757530c9e150767792d45c79559894b3c2e02b53fe8e5562001976e76a40f5d1eb66deefde4a27aa4ed64788e0d2d37ed643d19fe191cd365c2b4caf7c562449a64dcb4c3b9d58d77348d69d16337f3ffa34a6d96cdf256e6dca37567e456d326f4ad7ac98766827fae7e7628e7e8ce6b6c9d0bf145bb6f5856ae8f88720e9e1dfc66b88526043f30736f7b33bb679f965097a8722b00b1d81b026dec46bdfd6a18568426a445a65c049c552ce9f1442182e43a8b437f90d00a59b386cc5b53a0cd6b36470f3d866b072b86b09a6b56aaf0a91a06066b3448e2539a82db13ad1bfbb58b6643d0e88f602303805af47960744659321dc06146178a3895e8069cdaad30676409089bd0dd47e4ec33fec787f3387cc92db05981c90d836d8ddc5fb747eeae8f630d7ae59bf49510a576de9583bab26ac9736a87d22dedd0d42340ce6c4bf3877ea803f9064c5e389002e850df402c622988ab9e50104266e96f9ed54393be7ec93fc2d2f9f3167874ad27f90c312df3e832304474fd84be334a6f7329ca9f6dab26eb97b53ac30b48c65e77ef4ecf53331a611326a8c436cf99ed0e2e0eaef9365ea9b030fa4138e93e3c6fb23f5116c5edad8f28050da90a04dedc01315507931b5adc932e571354e184755a3bfe31beb81ab37f723ffc6a7753d6fa118676cc4997652ca04ac68343de9a1c01e53577fd51889bb7c9de0b473dcd6cc8129b74c8eab706925b665dd7da238b455bf9d725e2bc4721fbda7ffdf5396f08350a23d95746d8b0ead97b68170b8e5a81ad0332d7d688fc8a4c9c5598b940963085778ee6adcc4df52efc8d19c7a93c2ee3f8fb35eba3970f59aa8f0a3fa3ebee417990f1d8d417b5abe034abbce7f8d3a7641f5fd46a5869ca77c1cbee56fb3f029652e72db8ed8b81eb6b37d3b033c8b88a8e9cae4c8022987d8d50c35494127928b08195a0908a376ec38980589b957cfb9d357653b662358fcc55210d3d08e88d586d5c0dae3df591c8604b690d329ab2f263a18b22a6c911e2ff80dc12b12445edf88e12fab5fb540a1da46e9293a1777e21b2778a9c917470bde6e0a028997b1e595624e0d4a3cf5f78c0b19743660b05a8e510ba1927c1b188a78ec18c6b275d90f9e7ddd29645d6a8f5e2890e3b75582249aa6333b5ed188402c109b0c58dfbb247f99c7ce54115b60d0f99c84e55d8d50e2804e3ed258957c708109037fc84dc03338873434862070d7810b50bf1d312bad6577543784febf3ab968836a4ef04fbd90f791f3146674fa91966088600eab94ba6ce6fb52c39941fb3cb47508e7792fa9ac8c2ab55de301381064c01d44ed1b5f2f763970da8dd24171a6ebcbe602f696a2ee6d2b7b561623b20e12acdacd259825c614ff14b9a06087aedc1ae8a28dc4e2dff9f706aeedf9b65e43ea7011f36e721859541084bb31d9bc9f0213e62bcb8b375dfb0d0701631c6fe7728ad815b3299deb8ae3b8a0206aee67155e23c1367dd7e095626e2d38d034b134211107c27ca4d0d99ad9317690fda851ccd4ee9f529b709bba2a014b63f28c2df845dffc36a883c8ed312d512253d17408fdb90837b41c50fbce31c540a775def4113353f62f3314dab7605ad2ad8e55929eb7bb130e0bb8f4b6a4e2d439b798cb59df8535c0564ca0fa7e5e9aedd977cbeb70740c5caecdef3d2d04ea7b432867a2b39f9e46351a595821bf1c28fdd03ad22e97baee79842ba80d607be7e8e1c82da87d33496a8ae961c6ca13db74401eb55cfd51437dc77d50bcdceb0f56c5e5cd6b90ee6ab8ce043cf72f2149ea4b04cb1afb11e90492ec160e7589a875735a782192eee334234d1edad1f2a4446d474ab2f99282ba728e99487449151e8e5076d5eca20ff5108e6f2f584a149390bc0340b32131e472b3e1c35ab1a8758b6df34d97686ae37b7a283403d5fba471c35a93ed47739e7a54f94ba28882042b025a095a9bb3cf34da73ba4a8cf31c4fee928e117c5a8c9da438e0f13e8a0311792c45ebf771df93f921c740ef2c1973bc4bf3a6548ad2b2ad70f41ae37f4a66c7ad6cbfb3dfb5444a5fbf37076a4490e99ada3bd3d3cd568b31da2d10db462efce738a6ebf2727843666175e3e636d93085be9f0e265dd1ffe4f25c2a9c3c83ecb270c8e44c964061be4bf99061183e3e1477181d181f16b205740893e1672e39202a4a724b59de1fbf577f1c74735c76510fc3805c0eaf7964418ce004501f3b6de2d8bfa682ce2b2efad02225300631de3bb8cb9c07fcbe7b69e6b78dff03a1af71b3cb7b85f5f76f139c1751aa887198bfd8cfc565f0827b8c5072bc6d2e4ad90dbd8b32fd8132f519b590f098624fc49086317c4931a308ac8a7e3d273e60f5540bb54d332777d5ae70eee6dccfe567cb9787670d9abdfa6c2b337b5a11b89b472a4fd752c0e4dac2166eb4f4536481b6a373cf30b0137b25ffde7d4839a21cedd16a07e7a70eeb8cadda9e31d8cdb3a34bb5f6ab672fe84835af9b7e0132100bf3606573fdcb7d428c490414076f5d277c259319857e8ec23574d38a80e0f2b4155e5233796ed4c5903191b2a10168b7e438ebcf85872c1fd36704553b891ece420cebe6f810402f556854456fd5976a331c3c6dff1fe80ae6e079eb15d49d6e2922836a0b38b6ab8a2fa1d903cfbcab839cd00d720b05e49c448cc40400922baebc03e9b30f5c4d7ef5b72ab578fcd2a03f45a58b1b7b6963cbae7fe9d925b03395278cd7a1d260f79f12cee441a1a8753d9abfe7093a305f18637149c333ff34026ae288c2f2fe4127d8ed1e6c4b898e9ded51a7b92f7d4a9972e0f7ad6edb515743040a24cec6b1f3fbcc36cb312e692bf6a58bdfeeddca38deafaa05129f9bbd958aa489f6293862c80e3a4c25b6607e3217206ebf97250c946adcb5db1cda5cdad763e53dc5ca9fb964731abb2d88e92ca9beaa4901d56c77c0ae89390ea2d7aa6413ebe9a203b99ddd86c147bedd696abce6dc039c59f2a5d8322145604f80b27dcfbe6ae19b47f9b82a2a4bb58c42429a1d11adbf3f6c97d01323f9061dcff6ae2d3263850010b8e93a551056ab0bcab3621850e92d8246d666225bd59146c214d0ba164c8c89fbb5b0c714de7ccf9d244a530ab918859e167093b35474f1c390b6571cd747b0c2ebe3e2830bcefa685b65034e4370fe940737f7790914c09b6f849cd3e50e3a32d530bb3df40dcda075a813d05845ef1b392d2c1f3ce3b65f1e1c618e5ecbb014ae9512d1aa2602cb2f489ff5225db3bddac6d6944f0537d0f2fbfb30d606da00e8cf5d6b7f90aa8c8aebdf0a3da347e7f30790088c978fd0d3b7a936f6dc749d508d622d85c499821293fc341e519e379f1096cd3b1e43dd6888631f8fe65e06ac478f49c285e29a38fb5d809f566fd179981cde6114df75bc08f1d63ef0d01f38d17bdbde3e089f7b35595136ec0566f4725924526397f1c3c3a347a65282c8b5acfd8d8ff1ceb4c233b9c5fc2c0674118a4e363e01003aa85c01fe95e9b95ea2e52c3e36f144fe359bbb3bb81cd375c7ec750d31c7d2e31c6ac151cd3928294a8034c91a495a66278aff0637b0bcb91baf556b718a355a78167b74c7f857bdff7aced495797e7647275791ed762f225d72c81105ad91e553f13a9d374935a0db46125f22edf38978ab2b797b7079bbf7953d39bdd6d3af97aeb9a5bc309f131ebe38be72b88e345cb3a587002fba244755a001c8425923269b8a266d811aac72ec364d2db9505afed747fb459c7bc8e36122ab231e5fbafd1d38234a3e10d345945449674a4088336652f2acaa6890cdc20b8a7eb6e96cb2671ffc54f08ae3ecb5ba1701bccd54d89fc740a198f75afad7f15ddc0fa44b83809e9b604426be9e3bd504c280449a57ba0ac03d02808972c6df335b05e7f22c67ff403cc9d4bcb01cfcccb93c92854634bbab7f507fff8f6cdc095b600b6f36e1a14b93c0ac726ae2c334e7402759a5cb20348c4c966d2e922d2348863c0e2c9e442fd89e391b053ff5d4e00015ec4a57407e0e36de3dd7d2c01b74e388620d147f1087b6a24febb3d332468a774858aa7e12eaab4bd8414ade75a22918ac51be410352b14368ba59264a28ca0d886bc590ac83203ff47348808652648a4256fa071e01209c639840cda23bceabeaa5dd2776c7922603dad59ce1e0f61b143fdd9d49ce2148b81d2fef904e1738fb00af9c3d4df32829f38283f636449936dc3bbf5626ff9fa4a28920b3e3bfaadc47e1013df1cf15a057bb193618a1f500a3499148b10d21b85beda1be7164a5632885b9352d422fc82f09414f2f502e5549e97c61fd011835ab8dfa6bfb2915cda3f0a69d789935bdfcb9190235e87bd0b6a6c9b61d45ab38525bd164148d8572aae8dafc4bac1401077b4d269cb3e432570ca80eb7366028bd0c9bda64cf49afed0c1bb6c0446fbefe411e44bd7ce5ef5ed31e460a42694a530f1f74ef209f60d4a84f2f7a82d4a0db836b2cf7b9b0617aa663c8f5b9c11a3b85a8a37346ee02ee8173838e7adb94f9d6798a790f7e42995e82e3a666a645c113930f996f2b78c7e4649e788946900ebd31b7d3a73b5f968ad509bf", 0x1000}, {&(0x7f0000002380)="162acfb0af869f970d243604f2a2c88205c43544d24279a7f980044c7c02a35b34ac04808158292967f53c3ef3199dee7b66781f745bd057cb47820d26b8251c7eea21420bfda506f5102a1dfaf45c130c9dead77ba075994e418b07e19e58d4f8d2bddb827982d38ac06607b89dcf1dfe328e2d6afb7fb1daa92917c61f69c41e034706632e382a6613b7275e3736ef959915f73b703f80918e", 0x9a}], 0x7)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f00000024c0)={'wg0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000025c0)={'sit0\x00', &(0x7f0000002500)={'gre0\x00', <r4=>r3, 0x7800, 0xf8af, 0x1, 0x0, {{0x1d, 0x4, 0x3, 0x10, 0x74, 0x67, 0x0, 0x7f, 0x2f, 0x0, @empty, @multicast1, {[@ra={0x94, 0x4, 0x1}, @cipso={0x86, 0xf, 0x0, [{0x7, 0x9, "ff5c13e396b022"}]}, @ssrr={0x89, 0xb, 0x89, [@multicast2, @private=0xa010102]}, @timestamp_prespec={0x44, 0x2c, 0xfa, 0x3, 0xb, [{@dev={0xac, 0x14, 0x14, 0x33}, 0x3}, {@private=0xa010101, 0x2}, {@local, 0x80}, {@local, 0x2}, {@multicast1, 0x8}]}, @lsrr={0x83, 0x13, 0xc4, [@multicast1, @multicast1, @broadcast, @empty]}, @noop]}}}}})
sendmsg(r1, &(0x7f0000002980)={&(0x7f0000002600)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @empty}, 0x1, 0x1, 0x4, 0x4}}, 0x80, &(0x7f0000002900)=[{&(0x7f0000002680)="e270372cd147ac2ab393bac4abee01b58b30843524f03ed902f3aee547f5809ed8b5d91523d4e2b5a4552df7f4ff113ffd0660c9dca75ffbb4a589d605", 0x3d}, {&(0x7f00000026c0)="97083223533fa9eec7096611c53cfae0b6a90b5e7aaff83d91f7af147755d712f02585396339245ccd845661ff123341aa4d88f02b12eb1997998b392369033cb7770598d0b2ff24fe363c5de08091bfc67c08049d3184e8c791c4e02754a314344d6aa3b794a6cce0794f22ca6e720bed5bdc714537a1e8f8436eb190de273d40a678b85af3e51b9ec3d27122100fcd763d7e9bfc7f7a53735b94938a2da6a1e21b5859fb31b2c8d19083bf", 0xac}, {&(0x7f0000002780)="672af0b9a1050f7f126683f0a25f74fc9878923e006ea98589797e676680b196ea8b24fc3e0e6f9f8123865095462571d43f4b968beec2bf5bd83481db504275327982def0db423da7d3a89d335a22383ca611be882714dd4f914dbb8012752b513d", 0x62}, {&(0x7f0000002800)="9ac0f68490897f6d97aa12849b36b1b5f11b5f901a122a180fa384a41108fdad0817d6fe3d9ddca28e0cb82efa6572f9efff098407933aa9c02012fe53250900d2017cc76bcb3ffd73d1d868acdeed759490706c78681af918d9701f4b3d3521f47387a7b61581a8a5ab9e19301491369c4493b5cc8ef391c6caa71ccf56e8b0dce9f846dd722a4385a03d2d5297344a7a9f85f88344e8790a279a0fa8e75a63b937036ee63c874af611b2336e927589a353f198b06864472904a77eda2cf98f1d08428426a6cf35fda62e5365dba3791506ae4f11358f2612bfa096f05b54aea0", 0xe1}], 0x4, &(0x7f0000002940)=[{0x20, 0xff, 0x4, "623649d12bd67532fb148bed"}], 0x20}, 0x240000c0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000029c0)={0x1, 'wg2\x00', 0x3}, 0x18)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002a40)=@o_path={&(0x7f0000002a00)='./file0\x00', 0x0, 0x18, r0}, 0x18)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000002d80)={&(0x7f0000002c40)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3c, 0x3c, 0x6, [@typedef={0x5, 0x0, 0x0, 0x8, 0x4}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x1, 0x2, 0x401}}, @ptr={0x1, 0x0, 0x0, 0x2, 0x5}, @ptr={0x9, 0x0, 0x0, 0x2, 0x2}]}, {0x0, [0x61, 0x30, 0x61, 0x61]}}, &(0x7f0000002cc0)=""/133, 0x5a, 0x85, 0x1, 0x200}, 0x20)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000002e00)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x3, '\x00', r4, 0xffffffffffffffff, 0x4, 0x5, 0x4}, 0x48)
r8 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000002ec0)=@o_path={&(0x7f0000002e80)='./file0\x00', 0x0, 0x0, r0}, 0x18)
r9 = bpf$ITER_CREATE(0x21, &(0x7f0000002f00), 0x8)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000002f40)={0x1, <r10=>0xffffffffffffffff}, 0x4)
r11 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002f80)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
r12 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000002fc0)={0x0, 0x6, 0x8}, 0xc)
r13 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000003000)={0x1b, 0x0, 0x0, 0x20, 0x0, 0x1, 0x3, '\x00', r3, 0xffffffffffffffff, 0x1, 0x4, 0x5}, 0x48)
r14 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000030c0)=@generic={&(0x7f0000003080)='./file0\x00', 0x0, 0x8}, 0x18)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000031c0)={0x18, 0x9, &(0x7f0000002a80)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, [@map_val={0x18, 0x1, 0x2, 0x0, r5}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @map_idx={0x18, 0x7, 0x5, 0x0, 0x10}, @func={0x85, 0x0, 0x1, 0x0, 0x6}]}, &(0x7f0000002b00)='syzkaller\x00', 0x4, 0xdc, &(0x7f0000002b40)=""/220, 0x40f00, 0x62, '\x00', r3, 0x0, r6, 0x8, 0x0, 0x0, 0x10, &(0x7f0000002dc0)={0x0, 0x2, 0xc48b, 0xfffffffe}, 0x10, 0x0, 0x0, 0x7, &(0x7f0000003100)=[r7, r8, r9, r10, r11, r12, 0x1, r13, r14], &(0x7f0000003140)=[{0x3, 0x1, 0x1, 0x7}, {0x0, 0x3, 0x5, 0x8}, {0x0, 0x3, 0x10, 0xa}, {0x3, 0x2, 0x10, 0x8}, {0x1, 0x4, 0x3, 0xb}, {0x0, 0x5, 0x0, 0x4}, {0x5, 0x4, 0x7, 0xb}], 0x10, 0x3}, 0x90)
sendmsg$SOCK_DIAG_BY_FAMILY(r9, &(0x7f00000034c0)={&(0x7f0000003280)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000003480)={&(0x7f00000032c0)={0x184, 0x14, 0x10, 0x70bd26, 0x25dfdbfc, {0x1f, 0x83}, [@INET_DIAG_REQ_BYTECODE={0xdd, 0x1, "e3acb47315a6af8cd9a0b29bc9dd7e4365e26f21af4f77a9b4edb01ff06da97b8db162b9e0bd044282cd1cde7d9f35302feb30aa026233823d58f5161181aab0cb687aaed2f11a8b3078e9457ba65855b3d1dd341126c181c5bffc1fd15c1578cd2b81ccf32f26328ad3e145191a09a78158fd0d853846b2194b3e2cf2c38b15719da2dcf053314e8279db18035c6abd6e65c3d20656d602ddc2af61c73a7575790fe5d14cc1b9ad9a1c34c440d362ca1fb7721eb2a0bcef824742c5368133665a9c33fe6a7bf109f8965bc881b865ca8d2a4f03c9b95173a2"}, @INET_DIAG_REQ_BYTECODE={0x90, 0x1, "8c51441905e3b104023fc39001990e64f470a1bcb55737b8f3d71ef021937684589232cbb48ee1c584b6b0e29dda57a0e01ad276bedc21531d14bc6329c2cb12adddf5e5a67f33fcc965eb4f4519ae1ba7dbbdb7c30526ddaa3fe18a6c808b08baaadc76e4c5d99afde98e71d05ad2109d04bbccd7a80feb67ade1c7dc8b352e6bfd097209fd5395e64d5355"}]}, 0x184}, 0x1, 0x0, 0x0, 0x24048041}, 0x8000)
sendmsg$NL80211_CMD_GET_STATION(r9, &(0x7f0000003600)={&(0x7f0000003500)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000035c0)={&(0x7f0000003540)={0x58, 0x0, 0x100, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_STA_TX_POWER_SETTING={0x5, 0x113, 0x2}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x545}, @NL80211_ATTR_MESH_PEER_AID={0x6, 0xed, 0x529}, @NL80211_ATTR_MGMT_SUBTYPE={0x5, 0x29, 0xc}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x1}, @NL80211_ATTR_VLAN_ID={0x6, 0x11a, 0x1}, @NL80211_ATTR_OPMODE_NOTIF={0x5}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x58}}, 0x20008000)
setsockopt$packet_fanout(r6, 0x107, 0x12, &(0x7f0000003640)={0x4, 0x1000}, 0x4)
r15 = socket$inet6(0xa, 0x6, 0xfff)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r15, 0x6, 0x23, &(0x7f0000003800)={&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000003680)=""/156, 0x9c, 0x0, &(0x7f0000003740)=""/185, 0xb9}, &(0x7f0000003840)=0x40)
write$cgroup_type(r9, &(0x7f0000003880), 0x9)
setsockopt$inet6_mreq(r9, 0x29, 0x15, &(0x7f00000038c0)={@mcast1, r3}, 0x14)
r16 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_LIST(r16, &(0x7f0000003a40)={&(0x7f0000003900)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000003a00)={&(0x7f0000003980)={0x4c, 0x0, 0x10, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x1}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x7}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x4)

563.513763ms ago: executing program 3:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="20000000030101ac7d4af176a12dbfe94f73010000000000000000000000000c00198008000100597e17d1"], 0x20}}, 0x0)
unshare(0x400)
r2 = socket(0x23, 0x80805, 0x0)
connect$inet(r2, 0x0, 0x0) (async, rerun: 64)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) (async, rerun: 64)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000300)=0x44, 0x4)
write$binfmt_misc(r0, &(0x7f0000000300)=ANY=[], 0x6) (async, rerun: 64)
r3 = socket$netlink(0x10, 0x3, 0x0) (async, rerun: 64)
r4 = socket$packet(0x11, 0x2, 0x300) (async)
r5 = socket(0x200000000000011, 0x4000000000080002, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a0101006e8d8eb4c22222ffa7ef39c8e6eee14500000000000000010000000900010073797a300000000020000000050a01040000000000000000010000000900010073797a300000000014000000100001000000be7d000000000000000af3c73fd7b8a391cbcc17d80681e60818681457fba1e31f6e419183ea43d66fe23a6c9809ca23dd4a617dc93c9ad52f8b146db6a8ee41a0a73ef3452fe5678217b0152663e4927864db44c92b1c0c8ec60e2ab800f4d9fa2ff0d2e96124ba578c82097f955dca91d485151a9a506c6f4f886c83a6e88e163fcddb8cb1290d6b8deaa25305d3823b4e0cc60bdeb4c2312ffe46d234b30787be044fb7767d6eaf439ef2d718f699430eb10e6057993fa7f94390b1bde4db482c22ae825e15784e3a23ad46d871da64bb6a2a18a9ab"], 0x68}}, 0x0) (async)
r7 = socket$rds(0x15, 0x5, 0x0) (async)
r8 = epoll_create(0x3ff)
epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000040)={0x6000000c}) (async)
epoll_wait(r8, &(0x7f0000000080)=[{}], 0x1, 0xfffffe4e) (async)
socket$key(0xf, 0x3, 0x2)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'lo\x00'}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0xd, 0xf, &(0x7f0000000180)=ANY=[@ANYRES8=r3, @ANYRES32], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x90)
unshare(0x28000400) (async)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'wg2\x00', <r10=>0x0})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f00000002c0)={'syztnl0\x00', &(0x7f0000000500)={'syztnl0\x00', r10, 0x4, 0xff, 0xde, 0x3, 0x9, @remote, @private0, 0x8, 0x758, 0x5, 0x80000001}})
socket$inet_mptcp(0x2, 0x1, 0x106) (async)
socket$nl_route(0x10, 0x3, 0x0)
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r12, {}, {}, {0x2}}}, 0x24}, 0x1, 0x0, 0x0, 0x2000c041}, 0x0)

560.074723ms ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x6, 0x9, &(0x7f0000000680)=@framed={{0x18, 0x8, 0x0, 0x0, 0x0, 0xb}, [@func={0x85, 0x0, 0x1, 0x0, 0x5}, @call={0x85, 0x0, 0x0, 0x54}, @generic={0xa7}, @initr0, @exit]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13}, 0x90)

494.050339ms ago: executing program 1:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3c, 0x0, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad4dace0f5119b54c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c78e7756bf4fcaff0c2337", 0x89}, {0x0}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336", 0x1c}], 0x3}, 0xffffff7f}], 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce347c7b623dd3140cfb2326fa1bf9f1dc2375eeba25df45aefdb3c49a4e7ffab4ed7181180bde98af644d11f", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672dbecde54535371af01e67576ef51", 0x1a}, {&(0x7f0000000580)="c3e361cabaa484b0c035139c64932a377f926342f6b052b6a3b273c187a5e0c26fe049092a54eb9b6be2ac2df69e6a36fad43d88851aa162b6aa0d4734e36aad318ea99586ca9f642920068473af2e996703149f0c13bcfae9beeb8d", 0x5c}, {&(0x7f0000000800)="8434335f698d91a2a3efe5291f7ebbc2424bb7ee30459376efe5541dc546f93c4ad4f9343e", 0x25}], 0x4}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100))
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$inet6(0xa, 0x0, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000900)="e4", 0x9}], 0x1}}], 0x1, 0x24004040)
accept$alg(0xffffffffffffffff, 0x0, 0x0)

469.094642ms ago: executing program 0:
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000002c80)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x0, 0x0, @rand_addr, 0xc00}, 0x1c)

444.053918ms ago: executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x6, 0x10, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x8}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, 0x1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7fff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @map_val={0x18, 0x9, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x5}, @map_fd={0x18, 0x5}]}, &(0x7f0000000080)='syzkaller\x00', 0x1, 0xcd, &(0x7f0000000180)=""/205, 0x40f00, 0x1b, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x4, 0x4}, 0x8, 0x10, &(0x7f00000002c0)={0x9, 0xb, 0xd4, 0x362}, 0x10, 0x0, 0x0, 0x6, &(0x7f0000000300)=[0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000340)=[{0x4, 0x4, 0x6, 0x8}, {0x3, 0x1, 0x3, 0x5}, {0x1, 0x3, 0x9, 0x9}, {0x1, 0x1, 0x3, 0xe}, {0x2, 0x2, 0x0, 0x7}, {0x3, 0x4, 0xf, 0x3}], 0x10, 0x7}, 0x90)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000580)={0x1, {{0xa, 0x4e22, 0x7fffffff, @private0, 0xfffffc00}}, 0x0, 0x6, [{{0xa, 0x4e20, 0x7ff, @remote, 0x1}}, {{0xa, 0x4e23, 0x5, @loopback, 0xfffffe00}}, {{0xa, 0x4e24, 0x7fff, @dev={0xfe, 0x80, '\x00', 0x14}, 0x5}}, {{0xa, 0x4e22, 0x8000, @rand_addr=' \x01\x00', 0x2}}, {{0xa, 0x4e20, 0x400, @local, 0x2}}, {{0xa, 0x4e24, 0x5, @private0, 0xffffffff}}]}, 0x390)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00'}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, 0x0, &(0x7f00000000c0))
splice(r1, &(0x7f0000000000)=0x9, r0, &(0x7f00000003c0)=0x2, 0x6, 0x3)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x7, 0x1, 0xb, 0x0, 0xa}]}, &(0x7f0000000000)='GPL\x00'}, 0x90)
ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r1, 0x80089419, &(0x7f0000000040))
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@getnexthop={0x20, 0x76, 0xd11, 0x0, 0x0, {0x3}, [@NHA_MASTER={0x8}]}, 0x20}}, 0x0)

436.228399ms ago: executing program 3:
socket$inet6(0xa, 0x6, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @rand_addr, 0x7ff}, 0x1c)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0xdd, &(0x7f0000000000), &(0x7f0000000240)=0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x84, @private, 0x300, 0x0, 'sh\x00'}, 0x2c)

387.884475ms ago: executing program 0:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
socket$packet(0x11, 0x2, 0x300)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x47, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x11, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "d9005f7550"}}}}}}}, 0x0)

344.426635ms ago: executing program 3:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
shutdown(0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="240000002400010000000000000000002f00000023adbcdebe6598cfd40600040000000000060003"], 0x24}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x0, 0x84)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x17, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000280)='syzkaller\x00', 0x7, 0xb8, &(0x7f000000cf3d)=""/184, 0x40f00, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x1}, 0x8, 0x10, &(0x7f0000000100)={0x0, 0x0, 0x1}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@map=r3, r2, 0x26}, 0x10)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r5, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r3, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
r6 = socket$inet6_sctp(0xa, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r6, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
setsockopt$inet_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000003c0)=@ccm_128={{0x303}, "70de588d00000004", "5b0000000000000000000000ffffffe4", '\x00', "85852c5d0901078a"}, 0x28)
socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socketpair(0x1f, 0x5, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
pipe(&(0x7f00000002c0)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
ioctl$int_in(r8, 0x5452, &(0x7f0000000180)=0x48000)
splice(r7, 0x0, r9, 0x0, 0x7, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r9, 0x400c6615, &(0x7f00000000c0)={0x0, @adiantum, 0x0, @desc2})
close(r8)
ioctl$int_in(0xffffffffffffffff, 0x5421, 0x0)

336.31025ms ago: executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(0xffffffffffffffff, 0x10f, 0x81, &(0x7f0000000480), 0x4)
sendmsg$tipc(r1, &(0x7f0000000200)={&(0x7f0000000500)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x4}}, 0x10, 0x0}, 0x0)
recvmmsg(r1, &(0x7f0000000080)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/188, 0xbc}], 0x1, &(0x7f0000000240)=""/69, 0x45}}], 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000500)='\x00', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000300), &(0x7f0000000240)=0x8)
sendto$packet(r0, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000140)=ANY=[@ANYRES32=r2], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="5000000002060d0000000000000000000000000005000400000000000900020073797a32000000000500010007000000050005000a00000016000300686173683a6e65742c706f72742c6e"], 0x50}}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000000)=0x1, 0x4)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f00000001c0)=0x8)
r8 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r8, &(0x7f0000003b40)=[{{&(0x7f0000000080)={0x2, 0x0, @private=0xa010101}, 0x10, &(0x7f0000001400)=[{&(0x7f00000000c0)="fe", 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r8, 0x84, 0x10, &(0x7f00000077c0)={r7}, 0x8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r4}, 0x10)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r9, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)

325.80093ms ago: executing program 0:
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0xadf962c4cf3ba0ef)
socket$nl_route(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
socket$inet_mptcp(0x2, 0x1, 0x106)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="880000001000090600"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000006800128009000100766c616e000000005800028006000100ffff"], 0x88}}, 0x0)
r1 = socket$igmp(0x2, 0x3, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000100000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r2}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r3 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r3, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10)
connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e21, @empty}, 0x10)
ioctl$SIOCGETSGCNT(r1, 0x89e1, &(0x7f0000000000)={@multicast2, @multicast2})

241.352622ms ago: executing program 0:
syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[@ANYBLOB="ffffffffbfff00400000000086dd600489f1009c1100fc010000000008000025030000000000ff020000000000000000000000000001"], 0x0)

171.890649ms ago: executing program 0:
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000040)={'team0\x00', <r4=>0x0})
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x2c, 0x4, 0x6, 0x801, 0x0, 0x5000000, {0x0, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48084}, 0x4000040)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)=@setlink={0x28, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_CARRIER={0x5}]}, 0x28}}, 0x0)
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="60000000020601036c0000000e77000000000000050005000a000000050001000600000205000400000000000900020073797a320000000013000300686173683a6e65742c6966616365000014000780080006400000000008000840"], 0x60}}, 0x0)
syz_emit_ethernet(0xf2, &(0x7f0000000000)=ANY=[@ANYBLOB="0180c20000008e25900ee8d386dd60b085a200bc2f00ff020000000000000000000000000001fc010000000000000000000000000000000e000000000000006edb02680a2534d7b6925506e677ef428e86355cb7124ea4c6d77071c5b6d984eab8e76fe191da2f33a8da153382acf990ef99e54d62a55fd3b46e7457ca78ba847619c89a7aa776413db1e55d07be58fb29390e1dd52ab7e4ad5daef396ddc5128520b694edbbc7654508c1951ba60420880b000000000000dbcf000086dd080088be00000000100000000100000000000000080022eb00000000200000000200000000000000000000000800655800000000"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010100000100000000000200fffc0900010073797a30000000000800024000000001cc000000030a01020000000000000000020000000900010073797a3000000000aa000300"], 0x1e4}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x0)
getsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x23, &(0x7f0000000040)=""/40, &(0x7f0000000080)=0x28)
syz_extract_tcp_res$synack(&(0x7f0000000100), 0x1, 0x0)

98.131574ms ago: executing program 2:
socket(0x25, 0x6, 0xfffff7fb)
socketpair(0x8000000000001e, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
close(r0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r1, @ANYRESHEX=r2], 0x3c}, 0x1, 0x0, 0x0, 0x8145}, 0x41)
getsockname$inet(0xffffffffffffffff, &(0x7f0000000000), 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000), 0x1e6}], 0x1038)
r3 = socket$inet6(0xa, 0x3, 0x9)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0xffff, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r7, 0x0)
getsockopt$bt_BT_SECURITY(r4, 0x111, 0x2, 0x0, 0x20001100)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x6, &(0x7f0000000140)={0x11, {{0x29, 0x0, 0x4000000, @private0={0xfc, 0x0, '\x00', 0x1}}}}, 0x88)
r8 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0)
ioctl$PPPIOCNEWUNIT(r8, 0xc004743e, &(0x7f0000000140))
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
ioctl$PPPIOCSPASS(r8, 0x40107447, &(0x7f0000000180)={0x1, &(0x7f00000000c0)=[{0x6}]})
ioctl$PPPIOCSDEBUG(r8, 0x40047440, &(0x7f0000000080)=0xffffffff)
r9 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r9, 0x6, 0xd, &(0x7f0000000000)='veno\x00', 0x5)
connect$inet6(r9, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000100), 0xfffffd9d)
sendfile(r9, r10, 0x0, 0x8000002e)

0s ago: executing program 2:
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
unshare(0x20000400)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2}, 0x90)
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='rxrpc_tx_packet\x00', r0}, 0x10)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
bind$vsock_stream(r1, &(0x7f0000000440), 0x10)
listen(r1, 0x0)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000100)={0x28, 0x0, 0x0, @local}, 0x10)
writev(r2, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x1}], 0x1)
r3 = accept4$unix(r1, 0x0, 0x0, 0x0)
recvmsg(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/68, 0x44}], 0x1}, 0x0)
r4 = socket$packet(0x11, 0x0, 0x300)
ioctl$FS_IOC_GETVERSION(r4, 0x80087601, &(0x7f0000000040))
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x101, 0x8, 0x2}, 0x48)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r6, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000280)={r5, &(0x7f00000004c0), &(0x7f0000000180)=@tcp6=r6}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r5, &(0x7f00000002c0), 0x0}, 0x20)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000002c0)="17710e46445e13317f215df99ed39e8a1575849cd0957e4471b2a0dcd80b34538633af250a467536462ffdc22ec3a1e14900fbcd585f6572e9364ef56f6f0717d982fcbe5170d70f5c0333cfa68a1b118abd72e0710ec450e976308437afbda1313180dfb5dd70337cc9a5bb2b14c9c74a4b06", &(0x7f0000000340)=@buf="a9f284673a61e7b26671f46fcc74a9bdbe99c2b73fb565cbe16644c738abb1338e7b269a2dd016c206167e0c33d5ddc81ebb8c291c1e995e20c138bdf4034dda9486b519b719db5b2198fc2eb7018ab6995ec268b83cd3cf495b73ad7eb92ee968a5a3310a25dc31abb5076d3f8851"}, 0x20)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

e
[   91.247991][   T35] veth0_vlan: left promiscuous mode
[   91.642563][   T35] team0 (unregistering): Port device team_slave_1 removed
[   91.677119][   T35] team0 (unregistering): Port device team_slave_0 removed
[   92.009843][ T6399] netem: incorrect gi model size
[   92.015429][ T6399] netem: change failed
[   92.133315][ T2476] wlan1: Trigger new scan to find an IBSS to join
[   92.145431][ T6408] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   92.158264][ T6409] FAULT_INJECTION: forcing a failure.
[   92.158264][ T6409] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.193582][ T5122] Bluetooth: hci1: command tx timeout
[   92.204455][ T6409] CPU: 0 PID: 6409 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   92.214885][ T6409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   92.225027][ T6409] Call Trace:
[   92.228298][ T6409]  <TASK>
[   92.231220][ T6409]  dump_stack_lvl+0x241/0x360
[   92.235899][ T6409]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.241094][ T6409]  ? __pfx__printk+0x10/0x10
[   92.245682][ T6409]  ? __pfx_lock_release+0x10/0x10
[   92.250704][ T6409]  should_fail_ex+0x3b0/0x4e0
[   92.255383][ T6409]  _copy_from_user+0x2f/0xe0
[   92.259966][ T6409]  generic_map_update_batch+0x567/0x900
[   92.265522][ T6409]  ? __pfx_generic_map_update_batch+0x10/0x10
[   92.271592][ T6409]  ? __pfx_generic_map_update_batch+0x10/0x10
[   92.277658][ T6409]  bpf_map_do_batch+0x3e0/0x690
[   92.282508][ T6409]  __sys_bpf+0x377/0x810
[   92.286752][ T6409]  ? __pfx___sys_bpf+0x10/0x10
[   92.291525][ T6409]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   92.297500][ T6409]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   92.303822][ T6409]  __x64_sys_bpf+0x7c/0x90
[   92.308234][ T6409]  do_syscall_64+0xf3/0x230
[   92.312730][ T6409]  ? clear_bhb_loop+0x35/0x90
[   92.317406][ T6409]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.323291][ T6409] RIP: 0033:0x7f8a0ce7d0a9
[   92.327695][ T6409] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.347288][ T6409] RSP: 002b:00007f8a0db660c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[   92.355694][ T6409] RAX: ffffffffffffffda RBX: 00007f8a0cfb3f80 RCX: 00007f8a0ce7d0a9
[   92.363655][ T6409] RDX: 0000000000000038 RSI: 0000000020000200 RDI: 000000000000001a
[   92.371611][ T6409] RBP: 00007f8a0db66120 R08: 0000000000000000 R09: 0000000000000000
[   92.379570][ T6409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   92.387531][ T6409] R13: 000000000000000b R14: 00007f8a0cfb3f80 R15: 00007fffb5b83cd8
[   92.395506][ T6409]  </TASK>
[   92.496051][ T6415] bridge0: port 3(bond1) entered blocking state
[   92.508831][ T6415] bridge0: port 3(bond1) entered disabled state
[   92.550125][ T6415] bond1: entered allmulticast mode
[   92.565214][ T6415] bond1: entered promiscuous mode
[   92.702813][ T6422] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   92.751010][ T6421] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   92.954526][ T6214] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   92.984462][ T6214] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   93.032284][ T6214] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   93.047047][ T6214] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   93.319679][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   93.327837][ T6214] 8021q: adding VLAN 0 to HW filter on device bond0
[   93.359373][ T6455] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[   93.392879][ T6214] 8021q: adding VLAN 0 to HW filter on device team0
[   93.455283][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   93.462414][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   93.508333][ T6465] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   93.515146][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.523486][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   93.717669][ T6472] syzkaller1: entered promiscuous mode
[   93.736624][ T6472] syzkaller1: entered allmulticast mode
[   93.948478][ T6484] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[   93.987766][ T6487] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.049137][ T6214] 8021q: adding VLAN 0 to HW filter on device batadv0
[   94.056177][ T6487] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.201403][ T6499] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   94.275384][ T5122] Bluetooth: hci1: command tx timeout
[   94.581558][ T6521] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[   94.584353][ T6214] veth0_vlan: entered promiscuous mode
[   94.592784][ T6521] sctp: [Deprecated]: syz-executor.1 (pid 6521) Use of int in max_burst socket option deprecated.
[   94.592784][ T6521] Use struct sctp_assoc_value instead
[   94.639093][ T6214] veth1_vlan: entered promiscuous mode
[   94.698371][ T6214] veth0_macvtap: entered promiscuous mode
[   94.744857][ T6214] veth1_macvtap: entered promiscuous mode
[   94.805856][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.816947][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.828594][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.842216][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.852143][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.862672][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.872745][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   94.886140][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.898126][ T6214] batman_adv: batadv0: Interface activated: batadv_slave_0
[   94.933999][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.949484][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.960746][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.972077][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   94.985687][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   94.998553][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.008437][ T6214] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   95.019246][ T6214] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   95.031523][ T6214] batman_adv: batadv0: Interface activated: batadv_slave_1
[   95.048416][ T6214] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   95.061733][ T6214] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   95.093461][ T6214] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   95.102177][ T6214] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   95.332517][ T1109] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.349165][ T1109] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.427287][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   95.463499][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   95.650236][ T6563] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   95.750302][ T6566] x_tables: ip6_tables: icmp6 match: only valid for protocol 58
[   96.016553][ T6582] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[   96.019184][ T6584] FAULT_INJECTION: forcing a failure.
[   96.019184][ T6584] name failslab, interval 1, probability 0, space 0, times 0
[   96.040418][ T6584] CPU: 0 PID: 6584 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   96.050855][ T6584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   96.060919][ T6584] Call Trace:
[   96.064214][ T6584]  <TASK>
[   96.067158][ T6584]  dump_stack_lvl+0x241/0x360
[   96.071857][ T6584]  ? __pfx_dump_stack_lvl+0x10/0x10
[   96.073407][ T6586] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.3'.
[   96.077053][ T6584]  ? __pfx__printk+0x10/0x10
[   96.077095][ T6584]  should_fail_ex+0x3b0/0x4e0
[   96.077123][ T6584]  ? ioctl_standard_iw_point+0x4ae/0xcb0
[   96.101400][ T6584]  should_failslab+0x9/0x20
[   96.105912][ T6584]  __kmalloc_noprof+0xd8/0x400
[   96.110781][ T6584]  ioctl_standard_iw_point+0x4ae/0xcb0
[   96.116267][ T6584]  ? do_raw_spin_unlock+0x13c/0x8b0
[   96.121475][ T6584]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[   96.127282][ T6584]  ? __pfx_ioctl_standard_iw_point+0x10/0x10
[   96.133272][ T6584]  ? __mutex_lock+0x527/0xd70
[   96.137953][ T6584]  ? wext_ioctl_dispatch+0x106/0x640
[   96.143238][ T6584]  ? __pfx___mutex_lock+0x10/0x10
[   96.148268][ T6584]  ? full_name_hash+0x93/0xe0
[   96.152938][ T6584]  ioctl_standard_call+0xc7/0x290
[   96.157958][ T6584]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[   96.163759][ T6584]  ? __pfx_cfg80211_wext_giwscan+0x10/0x10
[   96.169570][ T6584]  wext_ioctl_dispatch+0x58e/0x640
[   96.174684][ T6584]  ? __pfx_ioctl_standard_call+0x10/0x10
[   96.180323][ T6584]  ? __pfx_ioctl_private_call+0x10/0x10
[   96.185871][ T6584]  ? __pfx_wext_ioctl_dispatch+0x10/0x10
[   96.191505][ T6584]  ? __might_fault+0xc6/0x120
[   96.196208][ T6584]  wext_handle_ioctl+0x15f/0x270
[   96.201149][ T6584]  ? __pfx_wext_handle_ioctl+0x10/0x10
[   96.206622][ T6584]  sock_ioctl+0x17f/0x8e0
[   96.210952][ T6584]  ? __pfx_sock_ioctl+0x10/0x10
[   96.215801][ T6584]  ? __fget_files+0x29/0x470
[   96.220390][ T6584]  ? __fget_files+0x3f6/0x470
[   96.225068][ T6584]  ? __fget_files+0x29/0x470
[   96.229663][ T6584]  ? bpf_lsm_file_ioctl+0x9/0x10
[   96.234593][ T6584]  ? security_file_ioctl+0x87/0xb0
[   96.239697][ T6584]  ? __pfx_sock_ioctl+0x10/0x10
[   96.244547][ T6584]  __se_sys_ioctl+0xfc/0x170
[   96.249142][ T6584]  do_syscall_64+0xf3/0x230
[   96.253643][ T6584]  ? clear_bhb_loop+0x35/0x90
[   96.258316][ T6584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   96.264202][ T6584] RIP: 0033:0x7f8ba167d0a9
[   96.268613][ T6584] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   96.288211][ T6584] RSP: 002b:00007f8ba11ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   96.296619][ T6584] RAX: ffffffffffffffda RBX: 00007f8ba17b3f80 RCX: 00007f8ba167d0a9
[   96.304579][ T6584] RDX: 0000000020000000 RSI: 0000000000008b19 RDI: 0000000000000003
[   96.312537][ T6584] RBP: 00007f8ba11ff120 R08: 0000000000000000 R09: 0000000000000000
[   96.320511][ T6584] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   96.328479][ T6584] R13: 000000000000000b R14: 00007f8ba17b3f80 R15: 00007ffe424e4978
[   96.336455][ T6584]  </TASK>
[   96.426381][ T6580] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   96.499503][ T6580] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98
[   96.511842][ T6596] xt_CT: You must specify a L4 protocol and not use inversions on it
[   96.550626][ T6602] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[   96.562449][ T6599] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   96.974989][ T6635] openvswitch: netlink: Key type 7982 is out of range max 32
[   97.169090][ T6645] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[   97.298140][ T6652] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   97.429878][ T6661] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[   97.457491][ T6662] x_tables: ip_tables: ah match: only valid for protocol 51
[   97.577539][ T6671] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.3'.
[   97.828163][ T6685] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   97.963603][ T6700] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[   98.032029][ T6703] syzkaller0: entered promiscuous mode
[   98.038969][ T6703] syzkaller0: entered allmulticast mode
[   98.125431][ T6709] netlink: 'syz-executor.2': attribute type 15 has an invalid length.
[   98.285638][ T6719] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[   98.297686][ T6719] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[   98.309526][ T6719] netlink: 181400 bytes leftover after parsing attributes in process `syz-executor.2'.
[   98.356989][ T6719] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   98.419144][ T6725] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[   98.432475][ T6719] can: request_module (can-proto-0) failed.
[   98.685136][ T6733] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   98.878657][ T6742] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.2'.
[   99.792467][ T6797] debugfs: Directory '!!ô' with parent 'ieee80211' already present!
[  100.178195][ T6824] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  100.651581][ T6861] FAULT_INJECTION: forcing a failure.
[  100.651581][ T6861] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  100.684184][ T6861] CPU: 1 PID: 6861 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  100.694634][ T6861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  100.704704][ T6861] Call Trace:
[  100.707993][ T6861]  <TASK>
[  100.710934][ T6861]  dump_stack_lvl+0x241/0x360
[  100.715631][ T6861]  ? __pfx_dump_stack_lvl+0x10/0x10
[  100.720850][ T6861]  ? __pfx__printk+0x10/0x10
[  100.725458][ T6861]  ? __pfx_lock_release+0x10/0x10
[  100.730509][ T6861]  should_fail_ex+0x3b0/0x4e0
[  100.735214][ T6861]  _copy_from_user+0x2f/0xe0
[  100.739827][ T6861]  copy_msghdr_from_user+0xae/0x680
[  100.745055][ T6861]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  100.750897][ T6861]  __sys_sendmsg+0x23d/0x3a0
[  100.755510][ T6861]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.760641][ T6861]  ? vfs_write+0x7c4/0xc90
[  100.765114][ T6861]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  100.771456][ T6861]  ? do_syscall_64+0x100/0x230
[  100.776249][ T6861]  ? do_syscall_64+0xb6/0x230
[  100.780952][ T6861]  do_syscall_64+0xf3/0x230
[  100.785473][ T6861]  ? clear_bhb_loop+0x35/0x90
[  100.790173][ T6861]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  100.796086][ T6861] RIP: 0033:0x7f8a0ce7d0a9
[  100.800516][ T6861] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  100.820133][ T6861] RSP: 002b:00007f8a0db240c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  100.824788][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  100.828542][ T6861] RAX: ffffffffffffffda RBX: 00007f8a0cfb4120 RCX: 00007f8a0ce7d0a9
[  100.828561][ T6861] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 000000000000000b
[  100.828573][ T6861] RBP: 00007f8a0db24120 R08: 0000000000000000 R09: 0000000000000000
[  100.828586][ T6861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  100.828597][ T6861] R13: 000000000000006e R14: 00007f8a0cfb4120 R15: 00007fffb5b83cd8
[  100.828625][ T6861]  </TASK>
[  101.088078][ T6875] __nla_validate_parse: 6 callbacks suppressed
[  101.088096][ T6875] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.167483][ T6868] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  101.183708][ T6879] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  101.470861][ T6893] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  101.492226][ T6893] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  101.607874][ T6899] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'.
[  101.630648][ T6899] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes.
[  102.057688][ T6921] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  102.100783][ T6924] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  102.180491][ T6926] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  102.986282][   T29] audit: type=1804 audit(1719142382.751:3): pid=6933 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2717372593/syzkaller.KHj5mU/132/cgroup.controllers" dev="sda1" ino=1956 res=1 errno=0
[  103.004788][ T6960] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.222853][ T6966] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  103.364509][ T6977] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  103.565071][ T6987] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  103.812036][ T7007] dccp_invalid_packet: pskb_may_pull failed
[  103.834078][ T7008] Bluetooth: MGMT ver 1.22
[  104.235088][ T7034] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  105.080750][ T7084] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  105.506249][ T5134] IPVS: starting estimator thread 0...
[  105.614016][ T7121] IPVS: using max 17 ests per chain, 40800 per kthread
[  105.761562][ T7127] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.937870][ T7127] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.966450][ T7152] FAULT_INJECTION: forcing a failure.
[  105.966450][ T7152] name failslab, interval 1, probability 0, space 0, times 0
[  106.005173][ T7152] CPU: 0 PID: 7152 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  106.015627][ T7152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  106.025695][ T7152] Call Trace:
[  106.028987][ T7152]  <TASK>
[  106.031929][ T7152]  dump_stack_lvl+0x241/0x360
[  106.036634][ T7152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  106.041852][ T7152]  ? __pfx__printk+0x10/0x10
[  106.046473][ T7152]  ? ref_tracker_alloc+0x332/0x490
[  106.051614][ T7152]  should_fail_ex+0x3b0/0x4e0
[  106.056318][ T7152]  ? skb_clone+0x20c/0x390
[  106.060754][ T7152]  should_failslab+0x9/0x20
[  106.065279][ T7152]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  106.070685][ T7152]  skb_clone+0x20c/0x390
[  106.074959][ T7152]  __netlink_deliver_tap+0x3cc/0x7c0
[  106.080270][ T7152]  ? netlink_deliver_tap+0x2e/0x1b0
[  106.085488][ T7152]  netlink_deliver_tap+0x19d/0x1b0
[  106.090617][ T7152]  netlink_unicast+0x7be/0x990
[  106.095411][ T7152]  ? __pfx_netlink_unicast+0x10/0x10
[  106.100717][ T7152]  ? __virt_addr_valid+0x183/0x520
[  106.105852][ T7152]  ? __check_object_size+0x49c/0x900
[  106.111159][ T7152]  ? bpf_lsm_netlink_send+0x9/0x10
[  106.116294][ T7152]  netlink_sendmsg+0x8e4/0xcb0
[  106.121090][ T7152]  ? __pfx_netlink_sendmsg+0x10/0x10
[  106.126396][ T7152]  ? __import_iovec+0x536/0x820
[  106.131270][ T7152]  ? aa_sock_msg_perm+0x91/0x160
[  106.136229][ T7152]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  106.141526][ T7152]  ? security_socket_sendmsg+0x87/0xb0
[  106.147003][ T7152]  ? __pfx_netlink_sendmsg+0x10/0x10
[  106.152301][ T7152]  __sock_sendmsg+0x221/0x270
[  106.156997][ T7152]  ____sys_sendmsg+0x525/0x7d0
[  106.161793][ T7152]  ? __pfx_____sys_sendmsg+0x10/0x10
[  106.167114][ T7152]  __sys_sendmsg+0x2b0/0x3a0
[  106.171727][ T7152]  ? __pfx___sys_sendmsg+0x10/0x10
[  106.176857][ T7152]  ? vfs_write+0x7c4/0xc90
[  106.181335][ T7152]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  106.187684][ T7152]  ? do_syscall_64+0x100/0x230
[  106.192472][ T7152]  ? do_syscall_64+0xb6/0x230
[  106.197173][ T7152]  do_syscall_64+0xf3/0x230
[  106.201694][ T7152]  ? clear_bhb_loop+0x35/0x90
[  106.206397][ T7152]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  106.212312][ T7152] RIP: 0033:0x7f950f87d0a9
[  106.216739][ T7152] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  106.236354][ T7152] RSP: 002b:00007f95105ed0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  106.244782][ T7152] RAX: ffffffffffffffda RBX: 00007f950f9b3f80 RCX: 00007f950f87d0a9
[  106.252764][ T7152] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003
[  106.260743][ T7152] RBP: 00007f95105ed120 R08: 0000000000000000 R09: 0000000000000000
[  106.268725][ T7152] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  106.276708][ T7152] R13: 000000000000000b R14: 00007f950f9b3f80 R15: 00007ffd81cc8848
[  106.284706][ T7152]  </TASK>
[  106.298713][ T7154] __nla_validate_parse: 7 callbacks suppressed
[  106.298728][ T7154] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  106.324297][ T7154] gretap0: entered promiscuous mode
[  106.329729][ T7154] gretap0: entered allmulticast mode
[  106.424578][ T7127] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.648582][ T7127] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.822841][ T7127] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.858370][ T7184] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  106.898972][ T7127] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.923851][ T7127] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.932413][ T7187] tipc: Started in network mode
[  106.941676][ T7187] tipc: Node identity 5f1414aa, cluster identity 4711
[  106.956805][ T7187] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  106.978485][ T7127] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  107.160645][ T7199] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  107.324680][ T7207] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  107.352794][ T7207] netlink: 3657 bytes leftover after parsing attributes in process `syz-executor.3'.
[  107.435590][ T7215] FAULT_INJECTION: forcing a failure.
[  107.435590][ T7215] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  107.459974][ T7215] CPU: 1 PID: 7215 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  107.470422][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  107.480486][ T7215] Call Trace:
[  107.483779][ T7215]  <TASK>
[  107.486725][ T7215]  dump_stack_lvl+0x241/0x360
[  107.491430][ T7215]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.494430][ T7220] vlan2: entered promiscuous mode
[  107.496630][ T7215]  ? __pfx__printk+0x10/0x10
[  107.496671][ T7215]  should_fail_ex+0x3b0/0x4e0
[  107.503595][ T7220] bridge0: port 4(vlan2) entered blocking state
[  107.506246][ T7215]  _copy_from_user+0x2f/0xe0
[  107.506275][ T7215]  move_addr_to_kernel+0x82/0x150
[  107.511097][ T7220] bridge0: port 4(vlan2) entered disabled state
[  107.517136][ T7215]  copy_msghdr_from_user+0x43e/0x680
[  107.517159][ T7215]  ? _parse_integer_limit+0x1b5/0x200
[  107.517187][ T7215]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  107.517219][ T7215]  __sys_sendmmsg+0x374/0x740
[  107.517251][ T7215]  ? __pfx___sys_sendmmsg+0x10/0x10
[  107.517305][ T7215]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  107.517351][ T7215]  ? ksys_write+0x23e/0x2c0
[  107.517375][ T7215]  ? __pfx_lock_release+0x10/0x10
[  107.517402][ T7215]  ? vfs_write+0x7c4/0xc90
[  107.517425][ T7215]  ? __mutex_unlock_slowpath+0x21d/0x750
[  107.517444][ T7215]  ? __pfx_vfs_write+0x10/0x10
[  107.517488][ T7215]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  107.517511][ T7215]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  107.517532][ T7215]  ? do_syscall_64+0x100/0x230
[  107.517557][ T7215]  __x64_sys_sendmmsg+0xa0/0xb0
[  107.517582][ T7215]  do_syscall_64+0xf3/0x230
[  107.517605][ T7215]  ? clear_bhb_loop+0x35/0x90
[  107.517632][ T7215]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.517656][ T7215] RIP: 0033:0x7f8a0ce7d0a9
[  107.517674][ T7215] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  107.517689][ T7215] RSP: 002b:00007f8a0db660c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  107.517709][ T7215] RAX: ffffffffffffffda RBX: 00007f8a0cfb3f80 RCX: 00007f8a0ce7d0a9
[  107.517724][ T7215] RDX: 0000000000000001 RSI: 00000000200032c0 RDI: 0000000000000003
[  107.517736][ T7215] RBP: 00007f8a0db66120 R08: 0000000000000000 R09: 0000000000000000
[  107.517749][ T7215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  107.517761][ T7215] R13: 000000000000000b R14: 00007f8a0cfb3f80 R15: 00007fffb5b83cd8
[  107.517789][ T7215]  </TASK>
[  107.748681][ T7220] vlan2: entered allmulticast mode
[  107.759308][ T7220] bridge0: entered allmulticast mode
[  107.792035][ T7220] vlan2: left allmulticast mode
[  107.811500][ T7220] bridge0: left allmulticast mode
[  107.893824][ T7223] netlink: 152 bytes leftover after parsing attributes in process `syz-executor.3'.
[  107.922775][ T7223] tc_dump_action: action bad kind
[  107.951947][ T7239] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  108.625407][ T7279] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  108.887989][ T7301] dccp_invalid_packet: P.CsCov 4 exceeds packet length 28
[  108.922401][ T7302] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  108.951170][ T7302] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  108.962571][ T7302] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  109.011233][ T7309] Bluetooth: MGMT ver 1.22
[  109.018583][ T7309] Bluetooth: hci3: invalid length 0, exp 2 for type 18
[  109.175165][ T7321] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  109.187811][ T7322] FAULT_INJECTION: forcing a failure.
[  109.187811][ T7322] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  109.206539][ T7322] CPU: 0 PID: 7322 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  109.217155][ T7322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  109.227227][ T7322] Call Trace:
[  109.230521][ T7322]  <TASK>
[  109.233461][ T7322]  dump_stack_lvl+0x241/0x360
[  109.238221][ T7322]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.243456][ T7322]  ? __pfx__printk+0x10/0x10
[  109.248068][ T7322]  ? __pfx_lock_release+0x10/0x10
[  109.253114][ T7322]  should_fail_ex+0x3b0/0x4e0
[  109.257818][ T7322]  _copy_from_user+0x2f/0xe0
[  109.262427][ T7322]  copy_msghdr_from_user+0xae/0x680
[  109.267649][ T7322]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  109.273482][ T7322]  __sys_recvmsg+0x252/0x3e0
[  109.278098][ T7322]  ? __pfx___sys_recvmsg+0x10/0x10
[  109.283245][ T7322]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  109.289583][ T7322]  ? do_syscall_64+0x100/0x230
[  109.294373][ T7322]  ? do_syscall_64+0xb6/0x230
[  109.299068][ T7322]  do_syscall_64+0xf3/0x230
[  109.303586][ T7322]  ? clear_bhb_loop+0x35/0x90
[  109.308294][ T7322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  109.314205][ T7322] RIP: 0033:0x7f950f87d0a9
[  109.318797][ T7322] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  109.338485][ T7322] RSP: 002b:00007f95105ed0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  109.346894][ T7322] RAX: ffffffffffffffda RBX: 00007f950f9b3f80 RCX: 00007f950f87d0a9
[  109.354858][ T7322] RDX: 0000000040000122 RSI: 0000000020000340 RDI: 0000000000000003
[  109.362819][ T7322] RBP: 00007f95105ed120 R08: 0000000000000000 R09: 0000000000000000
[  109.370865][ T7322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  109.378825][ T7322] R13: 000000000000000b R14: 00007f950f9b3f80 R15: 00007ffd81cc8848
[  109.386802][ T7322]  </TASK>
[  109.563308][ T7335] FAULT_INJECTION: forcing a failure.
[  109.563308][ T7335] name failslab, interval 1, probability 0, space 0, times 0
[  109.576240][ T7335] CPU: 0 PID: 7335 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  109.586675][ T7335] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  109.596839][ T7335] Call Trace:
[  109.600135][ T7335]  <TASK>
[  109.603077][ T7335]  dump_stack_lvl+0x241/0x360
[  109.607791][ T7335]  ? __pfx_dump_stack_lvl+0x10/0x10
[  109.613012][ T7335]  ? __pfx__printk+0x10/0x10
[  109.617625][ T7335]  ? __pfx_lock_acquire+0x10/0x10
[  109.622680][ T7335]  should_fail_ex+0x3b0/0x4e0
[  109.627386][ T7335]  ? inet_frag_find+0x984/0x2230
[  109.632339][ T7335]  should_failslab+0x9/0x20
[  109.636863][ T7335]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  109.642295][ T7335]  inet_frag_find+0x984/0x2230
[  109.647074][ T7335]  ? __pfx_ip4_obj_cmpfn+0x10/0x10
[  109.652222][ T7335]  ? inet_frag_find+0x13c/0x2230
[  109.657188][ T7335]  ? __pfx_inet_frag_find+0x10/0x10
[  109.662404][ T7335]  ? mark_lock+0x9a/0x350
[  109.666748][ T7335]  ? unwind_get_return_address+0x91/0xc0
[  109.672402][ T7335]  ? __lock_acquire+0x1346/0x1fd0
[  109.677450][ T7335]  ? mark_lock+0x9a/0x350
[  109.681799][ T7335]  ip_defrag+0x3b5/0x2900
[  109.686147][ T7335]  ? __lock_acquire+0x1346/0x1fd0
[  109.691218][ T7335]  ? __pfx_ip_defrag+0x10/0x10
[  109.696004][ T7335]  ? __pfx_lock_acquire+0x10/0x10
[  109.701058][ T7335]  ? lockdep_hardirqs_on+0x99/0x150
[  109.706264][ T7335]  ? ipv4_conntrack_defrag+0x3c4/0x5a0
[  109.711717][ T7335]  ipv4_conntrack_defrag+0x3de/0x5a0
[  109.717001][ T7335]  ? __pfx_ipv4_conntrack_defrag+0x10/0x10
[  109.722798][ T7335]  nf_hook_slow+0xc3/0x220
[  109.727210][ T7335]  ? __pfx_dst_output+0x10/0x10
[  109.732058][ T7335]  nf_hook+0x2c4/0x450
[  109.736125][ T7335]  ? nf_hook+0x9e/0x450
[  109.740270][ T7335]  ? __pfx_nf_hook+0x10/0x10
[  109.744857][ T7335]  ? __pfx_dst_output+0x10/0x10
[  109.749698][ T7335]  ? lockdep_hardirqs_on+0x99/0x150
[  109.754893][ T7335]  ? ip_fast_csum+0x1f0/0x2b0
[  109.759566][ T7335]  __ip_local_out+0x3d9/0x4e0
[  109.764234][ T7335]  ? __pfx_dst_output+0x10/0x10
[  109.769079][ T7335]  ip_local_out+0x26/0x70
[  109.773413][ T7335]  iptunnel_xmit+0x540/0x9b0
[  109.778012][ T7335]  ip_tunnel_xmit+0x2119/0x2950
[  109.782852][ T7335]  ? deref_stack_reg+0x1c7/0x260
[  109.787807][ T7335]  ? __pfx_ip_tunnel_xmit+0x10/0x10
[  109.793004][ T7335]  ? gre_build_header+0x341/0xb30
[  109.798030][ T7335]  ? __pfx_gre_build_header+0x10/0x10
[  109.803402][ T7335]  ? iptunnel_handle_offloads+0x31b/0x650
[  109.809134][ T7335]  ipgre_xmit+0x958/0xd40
[  109.813465][ T7335]  ? __pfx_ipgre_xmit+0x10/0x10
[  109.818336][ T7335]  ? validate_xmit_skb+0x9f9/0x1120
[  109.823545][ T7335]  dev_hard_start_xmit+0x27a/0x7e0
[  109.828846][ T7335]  __dev_queue_xmit+0x1b0e/0x3d30
[  109.833876][ T7335]  ? __dev_queue_xmit+0x2d2/0x3d30
[  109.839156][ T7335]  ? rcu_is_watching+0x15/0xb0
[  109.843914][ T7335]  ? __pfx___dev_queue_xmit+0x10/0x10
[  109.849374][ T7335]  ? pskb_expand_head+0xc89/0x1390
[  109.854492][ T7335]  ? __bpf_redirect+0x51c/0xe40
[  109.859344][ T7335]  __bpf_tx_skb+0x18e/0x260
[  109.863848][ T7335]  bpf_clone_redirect+0x26f/0x3d0
[  109.868866][ T7335]  ? bpf_test_run+0x31e/0x910
[  109.873536][ T7335]  bpf_prog_bfe5a48586383403+0x5e/0x63
[  109.878984][ T7335]  ? debug_mutex_free_waiter+0xe0/0x100
[  109.884531][ T7335]  ? timekeeping_get_ns+0x5c/0x420
[  109.889639][ T7335]  ? bpf_test_run+0x31e/0x910
[  109.894308][ T7335]  ? __pfx_lockdep_softirqs_off+0x10/0x10
[  109.900021][ T7335]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  109.906338][ T7335]  ? ktime_get+0x3c/0xb0
[  109.910576][ T7335]  ? bpf_test_run+0x31e/0x910
[  109.915242][ T7335]  ? __pfx___cant_migrate+0x10/0x10
[  109.920430][ T7335]  ? bpf_test_run+0x31e/0x910
[  109.925097][ T7335]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  109.930809][ T7335]  ? bpf_test_timer_continue+0x11a/0x350
[  109.936429][ T7335]  ? bpf_test_run+0x31e/0x910
[  109.941116][ T7335]  bpf_test_run+0x409/0x910
[  109.945648][ T7335]  ? __pfx_bpf_test_run+0x10/0x10
[  109.950680][ T7335]  ? eth_type_trans+0x3d1/0x7a0
[  109.955547][ T7335]  ? __pfx_eth_type_trans+0x10/0x10
[  109.960752][ T7335]  ? convert___skb_to_skb+0x41/0x620
[  109.966044][ T7335]  bpf_prog_test_run_skb+0xafa/0x13b0
[  109.971415][ T7335]  ? __pfx_lock_release+0x10/0x10
[  109.976468][ T7335]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  109.982295][ T7335]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  109.988114][ T7335]  bpf_prog_test_run+0x33a/0x3b0
[  109.993051][ T7335]  __sys_bpf+0x48d/0x810
[  109.997304][ T7335]  ? __pfx___sys_bpf+0x10/0x10
[  110.002262][ T7335]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  110.008250][ T7335]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  110.014576][ T7335]  ? do_syscall_64+0x100/0x230
[  110.019349][ T7335]  __x64_sys_bpf+0x7c/0x90
[  110.023765][ T7335]  do_syscall_64+0xf3/0x230
[  110.028264][ T7335]  ? clear_bhb_loop+0x35/0x90
[  110.032937][ T7335]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.038828][ T7335] RIP: 0033:0x7f8ba167d0a9
[  110.043239][ T7335] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  110.062840][ T7335] RSP: 002b:00007f8ba11ff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  110.071245][ T7335] RAX: ffffffffffffffda RBX: 00007f8ba17b3f80 RCX: 00007f8ba167d0a9
[  110.079204][ T7335] RDX: 000000000000002c RSI: 0000000020000080 RDI: 000000000000000a
[  110.087167][ T7335] RBP: 00007f8ba11ff120 R08: 0000000000000000 R09: 0000000000000000
[  110.095130][ T7335] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  110.103091][ T7335] R13: 000000000000000b R14: 00007f8ba17b3f80 R15: 00007ffe424e4978
[  110.111067][ T7335]  </TASK>
[  110.185483][ T7330] sctp: [Deprecated]: syz-executor.4 (pid 7330) Use of struct sctp_assoc_value in delayed_ack socket option.
[  110.185483][ T7330] Use struct sctp_sack_info instead
[  110.275467][ T7350] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'.
[  110.450840][ T7358] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.462982][ T7359] IPVS: length: 96 != 8
[  110.465689][ T7358] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.472647][ T7359] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  110.832159][ T7381] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  111.172919][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  111.268856][ T7405] nbd: must specify at least one socket
[  111.344826][ T7407] __nla_validate_parse: 1 callbacks suppressed
[  111.344845][ T7407] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  111.472778][ T7410] dummy0: entered promiscuous mode
[  111.502816][ T7410] dummy0: left promiscuous mode
[  111.580007][ T7413] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  111.810470][ T7401] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  112.035478][ T7403] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  112.336262][ T7435] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  112.475400][ T7445] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  112.502116][ T7444] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  112.563972][ T7444] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  112.745925][ T7463] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'.
[  112.799718][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  112.877899][ T7470] FAULT_INJECTION: forcing a failure.
[  112.877899][ T7470] name failslab, interval 1, probability 0, space 0, times 0
[  112.920700][ T7470] CPU: 0 PID: 7470 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  112.931153][ T7470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  112.941221][ T7470] Call Trace:
[  112.944508][ T7470]  <TASK>
[  112.947451][ T7470]  dump_stack_lvl+0x241/0x360
[  112.952153][ T7470]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.957372][ T7470]  ? __pfx__printk+0x10/0x10
[  112.961991][ T7470]  ? __pfx___might_resched+0x10/0x10
[  112.967296][ T7470]  ? _raw_spin_unlock_irq+0x2e/0x50
[  112.972514][ T7470]  ? acct_collect+0x64c/0x830
[  112.977210][ T7470]  should_fail_ex+0x3b0/0x4e0
[  112.981908][ T7470]  ? taskstats_exit+0x360/0xa60
[  112.986772][ T7470]  should_failslab+0x9/0x20
[  112.991292][ T7470]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  112.996687][ T7470]  taskstats_exit+0x360/0xa60
[  113.001381][ T7470]  ? lockdep_hardirqs_on+0x99/0x150
[  113.006593][ T7470]  do_exit+0x9a5/0x27e0
[  113.010750][ T7470]  ? __pfx_do_exit+0x10/0x10
[  113.015335][ T7470]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  113.020709][ T7470]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  113.026682][ T7470]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  113.032998][ T7470]  ? _raw_spin_lock_irq+0xdf/0x120
[  113.038106][ T7470]  do_group_exit+0x207/0x2c0
[  113.042690][ T7470]  ? _raw_spin_unlock_irq+0x23/0x50
[  113.047880][ T7470]  ? lockdep_hardirqs_on+0x99/0x150
[  113.053069][ T7470]  get_signal+0x16a1/0x1740
[  113.058099][ T7470]  ? __pfx___sys_sendto+0x10/0x10
[  113.063115][ T7470]  ? __pfx_get_signal+0x10/0x10
[  113.067971][ T7470]  arch_do_signal_or_restart+0x96/0x860
[  113.073527][ T7470]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  113.079681][ T7470]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  113.085662][ T7470]  ? syscall_exit_to_user_mode+0xa3/0x370
[  113.091376][ T7470]  syscall_exit_to_user_mode+0xc9/0x370
[  113.096919][ T7470]  do_syscall_64+0x100/0x230
[  113.101503][ T7470]  ? clear_bhb_loop+0x35/0x90
[  113.106175][ T7470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.112060][ T7470] RIP: 0033:0x7f950f87d0a9
[  113.116464][ T7470] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  113.136057][ T7470] RSP: 002b:00007f95105ed0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  113.144458][ T7470] RAX: ffffffffffffffe0 RBX: 00007f950f9b3f80 RCX: 00007f950f87d0a9
[  113.152416][ T7470] RDX: 0000000000000070 RSI: 00000000200001c0 RDI: 0000000000000003
[  113.160380][ T7470] RBP: 00007f95105ed120 R08: 0000000000000000 R09: 0000000000000000
[  113.168339][ T7470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.176308][ T7470] R13: 000000000000000b R14: 00007f950f9b3f80 R15: 00007ffd81cc8848
[  113.184284][ T7470]  </TASK>
[  113.301457][ T7476] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  113.464329][ T7480] bond0: entered promiscuous mode
[  113.469400][ T7480] bond_slave_0: entered promiscuous mode
[  113.493565][ T7480] bond_slave_1: entered promiscuous mode
[  113.503671][ T7480] macvlan2: entered promiscuous mode
[  113.509149][ T7480] bond0: entered allmulticast mode
[  113.516829][ T7480] bond_slave_0: entered allmulticast mode
[  113.522580][ T7480] bond_slave_1: entered allmulticast mode
[  113.543354][ T7480] macvlan2: entered allmulticast mode
[  113.554270][ T7480] batadv0: entered allmulticast mode
[  113.561386][ T7483] netlink: 'syz-executor.0': attribute type 309 has an invalid length.
[  113.584569][ T7484] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  113.605838][ T7466] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  113.609068][ T7483] macsec0: entered promiscuous mode
[  113.618566][ T7471] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  113.630484][ T7483] macsec1: entered promiscuous mode
[  114.176810][ T7514] ieee802154 phy0 wpan0: encryption failed: -22
[  114.371110][ T7529] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  114.537893][ T7537] sock: sock_timestamping_bind_phc: sock not bind to device
[  115.199902][ T7560] xt_bpf: check failed: parse error
[  115.212341][ T7562] xt_bpf: check failed: parse error
[  115.410229][ T7576] IPv6: NLM_F_REPLACE set, but no existing node found!
[  115.589000][ T7587] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  116.085741][ T7623] bridge0: port 3(gretap0) entered blocking state
[  116.095625][ T7623] bridge0: port 3(gretap0) entered disabled state
[  116.102283][ T7623] gretap0: entered allmulticast mode
[  116.109347][ T7623] gretap0: entered promiscuous mode
[  116.123676][ T7626] macvlan2: entered promiscuous mode
[  116.129206][ T7619] gretap0: left allmulticast mode
[  116.134578][ T7619] gretap0: left promiscuous mode
[  116.141397][ T7619] bridge0: port 3(gretap0) entered disabled state
[  116.159587][ T7627] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  116.235738][ T7631] IPv6: Can't replace route, no match found
[  116.337094][ T7635] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  116.393658][ T7637] Bluetooth: hci3: invalid length 0, exp 2 for type 0
[  116.456575][ T7646] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes.
[  116.801622][ T1097] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  116.982187][ T1097] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.066349][ T7663] __nla_validate_parse: 6 callbacks suppressed
[  117.066369][ T7663] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  117.105631][ T7656] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  117.153291][ T7663] netlink: 'syz-executor.3': attribute type 12 has an invalid length.
[  117.282245][ T7663] vxlan1: entered promiscuous mode
[  117.322219][ T7675] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  117.369913][ T1097] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.406978][ T7677] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  117.454704][ T1097] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  117.522517][ T7683] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[  117.542298][ T7683] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.4'.
[  117.665737][ T1097] bridge_slave_1: left allmulticast mode
[  117.678275][ T1097] bridge_slave_1: left promiscuous mode
[  117.684816][ T5118] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  117.685058][ T1097] bridge0: port 2(bridge_slave_1) entered disabled state
[  117.699731][ T5118] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  117.708106][ T5118] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  117.719273][ T5118] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  117.728864][ T5118] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  117.736488][ T5118] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  117.755768][ T1097] bridge_slave_0: left allmulticast mode
[  117.772042][ T1097] bridge_slave_0: left promiscuous mode
[  117.789052][ T1097] bridge0: port 1(bridge_slave_0) entered disabled state
[  118.323848][ T1097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  118.345489][ T1097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  118.369025][ T1097] bond0 (unregistering): Released all slaves
[  118.386232][ T1097] bond1 (unregistering): Released all slaves
[  118.529144][ T7720] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  118.723039][ T7729] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  118.744252][ T7729] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  118.757456][ T7717] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  118.771974][ T7729] syz-executor.2[7729] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  118.772124][ T7729] syz-executor.2[7729] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  119.234362][ T7742] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  119.515193][ T7756] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[  119.579331][ T7756] team0: Device netdevsim0 failed to register rx_handler
[  119.784076][ T1097] hsr_slave_0: left promiscuous mode
[  119.794374][ T5118] Bluetooth: hci0: command tx timeout
[  119.801903][ T1097] hsr_slave_1: left promiscuous mode
[  119.808135][ T7775] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  119.871310][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  119.888810][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  119.917355][ T1097] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  119.945526][ T1097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  119.992380][ T1097] veth1_macvtap: left promiscuous mode
[  119.999195][ T1097] veth0_macvtap: left promiscuous mode
[  120.005042][ T1097] veth1_vlan: left promiscuous mode
[  120.010634][ T1097] veth0_vlan: left promiscuous mode
[  120.511194][ T1097] team0 (unregistering): Port device team_slave_1 removed
[  120.568873][ T1097] team0 (unregistering): Port device team_slave_0 removed
[  121.190018][ T7690] chnl_net:caif_netlink_parms(): no params data found
[  121.405029][ T7690] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.412298][ T7690] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.430524][ T7690] bridge_slave_0: entered allmulticast mode
[  121.439739][ T7690] bridge_slave_0: entered promiscuous mode
[  121.448363][ T7690] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.457848][ T7690] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.465572][ T7690] bridge_slave_1: entered allmulticast mode
[  121.473535][ T7690] bridge_slave_1: entered promiscuous mode
[  121.572777][ T7690] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  121.617413][ T7690] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  121.771240][ T7690] team0: Port device team_slave_0 added
[  121.784972][ T7690] team0: Port device team_slave_1 added
[  121.844636][ T7853] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  121.862573][ T7690] batman_adv: batadv0: Adding interface: batadv_slave_0
[  121.872164][ T7690] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.899538][ T5118] Bluetooth: hci0: command tx timeout
[  121.920336][ T7690] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  121.945101][ T7690] batman_adv: batadv0: Adding interface: batadv_slave_1
[  121.963062][ T7690] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.997355][ T7690] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  122.016499][ T7861] vlan3: entered promiscuous mode
[  122.022466][ T7861] syz_tun: entered promiscuous mode
[  122.031663][ T7861] syz_tun: left promiscuous mode
[  122.144653][ T7869] nbd: must specify at least one socket
[  122.248389][ T7690] hsr_slave_0: entered promiscuous mode
[  122.268234][ T7690] hsr_slave_1: entered promiscuous mode
[  122.297852][ T7690] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  122.312532][ T7690] Cannot create hsr debugfs directory
[  122.383953][ T7884] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  122.522024][ T7893] netlink: 'syz-executor.4': attribute type 30 has an invalid length.
[  122.651734][ T7899] tipc: New replicast peer: 0.0.0.0
[  122.658840][ T7899] tipc: Enabled bearer <udp:syz2>, priority 10
[  122.665845][ T7898] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  122.974027][ T7920] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[  122.984864][ T7920] netlink: 'syz-executor.3': attribute type 39 has an invalid length.
[  123.048429][ T7923] tipc: Started in network mode
[  123.053736][ T7923] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  123.061076][ T7923] tipc: Enabled bearer <eth:ipvlan0>, priority 0
[  123.068831][ T7923] tipc: Enabled bearer <ib:caif0>, priority 0
[  123.081180][ T7923] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.2'.
[  123.283828][ T7690] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  123.301875][ T7934] trusted_key: syz-executor.2 sent an empty control message without MSG_MORE.
[  123.325840][ T7690] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  123.347604][ T7690] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  123.363135][ T7690] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  123.387129][ T7937] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  123.567287][ T7690] 8021q: adding VLAN 0 to HW filter on device bond0
[  123.601640][ T7690] 8021q: adding VLAN 0 to HW filter on device team0
[  123.617744][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  123.624961][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  123.662197][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  123.669410][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  123.701402][ T7945] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  123.736030][ T7945] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  123.953897][ T5118] Bluetooth: hci0: command tx timeout
[  124.065246][ T5223] tipc: Node number set to 10136234
[  124.071621][ T7941] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  124.238947][ T7690] 8021q: adding VLAN 0 to HW filter on device batadv0
[  124.400623][ T7971] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  124.421664][ T7690] veth0_vlan: entered promiscuous mode
[  124.447814][ T7690] veth1_vlan: entered promiscuous mode
[  124.521568][ T7690] veth0_macvtap: entered promiscuous mode
[  124.551964][ T7690] veth1_macvtap: entered promiscuous mode
[  124.600846][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.613163][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.642241][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.663141][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.683497][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.704374][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.729067][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  124.741851][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.761328][ T7690] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.798963][ T7994] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  124.801823][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.807280][ T7994] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.3'.
[  124.827346][ T7994] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  124.836768][ T7994] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.3'.
[  124.861876][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.883300][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.894359][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.915368][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.932686][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.947897][ T8002] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  124.957443][ T7690] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.970334][ T7690] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.995034][ T8003] netlink: 210120 bytes leftover after parsing attributes in process `syz-executor.3'.
[  125.014454][ T7690] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.036857][ T7690] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.052128][ T7690] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.069155][ T7690] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.079583][ T7690] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.095373][ T7999] hsr0: entered promiscuous mode
[  125.110962][ T8005] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  125.121425][ T7995] hsr0: left promiscuous mode
[  125.325996][ T1097] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.351121][ T1097] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.576520][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  125.601984][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  125.686171][ T8029] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  125.712581][ T8029] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  125.771253][ T8029] bond0: entered allmulticast mode
[  125.785567][ T8029] bond_slave_0: entered allmulticast mode
[  125.791340][ T8029] bond_slave_1: entered allmulticast mode
[  126.035781][ T5118] Bluetooth: hci0: command tx timeout
[  126.247784][ T8067] bridge1: port 1(bridge_slave_1) entered forwarding state
[  126.632651][ T8097] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  126.674079][ T8101] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  127.551415][ T8141] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  127.645967][ T8146] __nla_validate_parse: 13 callbacks suppressed
[  127.645988][ T8146] netlink: 210620 bytes leftover after parsing attributes in process `syz-executor.0'.
[  127.737381][   T29] audit: type=1804 audit(1719142407.501:4): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/226/memory.events" dev="sda1" ino=1964 res=1 errno=0
[  127.776169][ T8155] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  127.801184][   T29] audit: type=1804 audit(1719142407.541:5): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/226/memory.events" dev="sda1" ino=1964 res=1 errno=0
[  127.852560][ T8160] netlink: 9412 bytes leftover after parsing attributes in process `syz-executor.1'.
[  127.856743][   T29] audit: type=1804 audit(1719142407.561:6): pid=8154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/226/memory.events" dev="sda1" ino=1964 res=1 errno=0
[  127.951321][ T8164] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  127.964282][ T8164] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.2'.
[  128.001641][   T29] audit: type=1804 audit(1719142407.761:7): pid=8164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2717372593/syzkaller.KHj5mU/226/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0
[  128.310128][ T8182] IPv6: sit1: Disabled Multicast RS
[  128.320708][ T8182] netlink: 54 bytes leftover after parsing attributes in process `syz-executor.2'.
[  128.484774][ T8194] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  128.498311][ T8194] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'.
[  129.232180][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  129.239201][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  129.245917][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  129.252557][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  129.259267][    C1] vxcan0: j1939_xtp_rx_dat: no tx connection found
[  129.291351][ T8218] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'.
[  129.314617][ T8219] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  129.405187][ T8225] FAULT_INJECTION: forcing a failure.
[  129.405187][ T8225] name failslab, interval 1, probability 0, space 0, times 0
[  129.443461][ T8225] CPU: 1 PID: 8225 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  129.453945][ T8225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  129.464007][ T8225] Call Trace:
[  129.467279][ T8225]  <TASK>
[  129.470201][ T8225]  dump_stack_lvl+0x241/0x360
[  129.474896][ T8225]  ? __pfx_dump_stack_lvl+0x10/0x10
[  129.480100][ T8225]  ? __pfx__printk+0x10/0x10
[  129.484692][ T8225]  ? netlink_insert+0x10b7/0x14b0
[  129.489720][ T8225]  should_fail_ex+0x3b0/0x4e0
[  129.494394][ T8225]  ? __alloc_skb+0x1c3/0x440
[  129.498982][ T8225]  should_failslab+0x9/0x20
[  129.503504][ T8225]  kmem_cache_alloc_node_noprof+0x71/0x320
[  129.509313][ T8225]  __alloc_skb+0x1c3/0x440
[  129.513727][ T8225]  ? __pfx___alloc_skb+0x10/0x10
[  129.518657][ T8225]  ? netlink_autobind+0xd6/0x2f0
[  129.523584][ T8225]  ? netlink_autobind+0x2b0/0x2f0
[  129.528602][ T8225]  netlink_sendmsg+0x638/0xcb0
[  129.533364][ T8225]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.538642][ T8225]  ? __import_iovec+0x536/0x820
[  129.543483][ T8225]  ? aa_sock_msg_perm+0x91/0x160
[  129.548417][ T8225]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  129.553701][ T8225]  ? security_socket_sendmsg+0x87/0xb0
[  129.559174][ T8225]  ? __pfx_netlink_sendmsg+0x10/0x10
[  129.564458][ T8225]  __sock_sendmsg+0x221/0x270
[  129.569130][ T8225]  ____sys_sendmsg+0x525/0x7d0
[  129.573894][ T8225]  ? __pfx_____sys_sendmsg+0x10/0x10
[  129.579196][ T8225]  __sys_sendmsg+0x2b0/0x3a0
[  129.583780][ T8225]  ? __pfx___sys_sendmsg+0x10/0x10
[  129.588880][ T8225]  ? vfs_write+0x7c4/0xc90
[  129.593319][ T8225]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  129.599658][ T8225]  ? do_syscall_64+0x100/0x230
[  129.604418][ T8225]  ? do_syscall_64+0xb6/0x230
[  129.609090][ T8225]  do_syscall_64+0xf3/0x230
[  129.613584][ T8225]  ? clear_bhb_loop+0x35/0x90
[  129.618258][ T8225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.624145][ T8225] RIP: 0033:0x7f8ba167d0a9
[  129.628561][ T8225] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  129.648159][ T8225] RSP: 002b:00007f8ba11ff0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  129.656580][ T8225] RAX: ffffffffffffffda RBX: 00007f8ba17b3f80 RCX: 00007f8ba167d0a9
[  129.664544][ T8225] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  129.672505][ T8225] RBP: 00007f8ba11ff120 R08: 0000000000000000 R09: 0000000000000000
[  129.680463][ T8225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  129.688419][ T8225] R13: 000000000000000b R14: 00007f8ba17b3f80 R15: 00007ffe424e4978
[  129.696391][ T8225]  </TASK>
[  129.773809][ T8236] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  129.909792][ T8244] bridge0: port 2(bridge_slave_1) entered listening state
[  130.015896][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805d542000: rx timeout, send abort
[  130.336713][   T29] audit: type=1804 audit(1719142410.101:8): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir593039157/syzkaller.dMwaXx/212/memory.events" dev="sda1" ino=1948 res=1 errno=0
[  130.400455][   T29] audit: type=1804 audit(1719142410.101:9): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir593039157/syzkaller.dMwaXx/212/memory.events" dev="sda1" ino=1948 res=1 errno=0
[  130.428307][   T29] audit: type=1804 audit(1719142410.101:10): pid=8273 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir593039157/syzkaller.dMwaXx/212/memory.events" dev="sda1" ino=1948 res=1 errno=0
[  130.525503][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805d542000: abort rx timeout. Force session deactivation
[  131.109603][ T8294] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  131.197494][ T8292] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  131.239909][ T8292] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  131.688134][ T8328] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  131.749800][ T8328] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  132.113486][ T5118] Bluetooth: hci0: command 0x0c1a tx timeout
[  132.558530][ T8371] sctp: [Deprecated]: syz-executor.2 (pid 8371) Use of struct sctp_assoc_value in delayed_ack socket option.
[  132.558530][ T8371] Use struct sctp_sack_info instead
[  132.773899][ T8379] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0)
[  133.046062][ T8388] netlink: 'syz-executor.0': attribute type 21 has an invalid length.
[  133.076556][ T1239] ieee802154 phy0 wpan0: encryption failed: -22
[  133.084484][ T1239] ieee802154 phy1 wpan1: encryption failed: -22
[  133.189438][ T8392] vlan2: entered promiscuous mode
[  133.228854][ T8396] __nla_validate_parse: 3 callbacks suppressed
[  133.228873][ T8396] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  133.237516][ T8392] ip6gretap0: entered promiscuous mode
[  133.364430][ T8398] netlink: zone id is out of range
[  133.371650][ T8398] netlink: zone id is out of range
[  133.422556][ T8398] netlink: zone id is out of range
[  133.494749][ T8398] netlink: zone id is out of range
[  133.533751][ T8398] netlink: set zone limit has 4 unknown bytes
[  133.784269][ T8414] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  134.110075][ T8434] sctp: [Deprecated]: syz-executor.2 (pid 8434) Use of struct sctp_assoc_value in delayed_ack socket option.
[  134.110075][ T8434] Use struct sctp_sack_info instead
[  134.291261][ T8440] sctp: [Deprecated]: syz-executor.3 (pid 8440) Use of int in max_burst socket option.
[  134.291261][ T8440] Use struct sctp_assoc_value instead
[  134.389453][ T8443] netlink: 112 bytes leftover after parsing attributes in process `syz-executor.4'.
[  135.045360][ T8475] netlink: 'syz-executor.4': attribute type 21 has an invalid length.
[  135.069009][ T8464] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  135.342849][ T8488] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  135.365075][ T8488] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  135.419633][ T8490] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  135.440580][ T8490] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.1'.
[  135.700709][ T8504] sctp: [Deprecated]: syz-executor.3 (pid 8504) Use of struct sctp_assoc_value in delayed_ack socket option.
[  135.700709][ T8504] Use struct sctp_sack_info instead
[  135.844739][ T8505] sctp: [Deprecated]: syz-executor.1 (pid 8505) Use of struct sctp_assoc_value in delayed_ack socket option.
[  135.844739][ T8505] Use struct sctp_sack_info instead
[  136.779748][ T5122] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  136.792878][ T5122] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  136.801687][ T5122] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  136.811429][ T5122] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  136.821417][ T5122] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  136.831992][ T5122] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  136.899613][ T8519] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  137.228791][ T5115] syz-executor.2 (5115) used greatest stack depth: 17712 bytes left
[  137.399737][ T8552] FAULT_INJECTION: forcing a failure.
[  137.399737][ T8552] name failslab, interval 1, probability 0, space 0, times 0
[  137.432547][ T8552] CPU: 0 PID: 8552 Comm: syz-executor.3 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  137.442999][ T8552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  137.453066][ T8552] Call Trace:
[  137.456347][ T8552]  <TASK>
[  137.459270][ T8552]  dump_stack_lvl+0x241/0x360
[  137.463950][ T8552]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.469142][ T8552]  ? __pfx__printk+0x10/0x10
[  137.473729][ T8552]  ? ref_tracker_alloc+0x332/0x490
[  137.478842][ T8552]  should_fail_ex+0x3b0/0x4e0
[  137.483520][ T8552]  ? skb_clone+0x20c/0x390
[  137.487931][ T8552]  should_failslab+0x9/0x20
[  137.492432][ T8552]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  137.497811][ T8552]  skb_clone+0x20c/0x390
[  137.502055][ T8552]  __netlink_deliver_tap+0x3cc/0x7c0
[  137.507348][ T8552]  ? netlink_deliver_tap+0x2e/0x1b0
[  137.512535][ T8552]  netlink_deliver_tap+0x19d/0x1b0
[  137.517639][ T8552]  netlink_unicast+0x7be/0x990
[  137.522412][ T8552]  ? __pfx_netlink_unicast+0x10/0x10
[  137.527694][ T8552]  ? __virt_addr_valid+0x183/0x520
[  137.532803][ T8552]  ? __check_object_size+0x49c/0x900
[  137.538131][ T8552]  ? bpf_lsm_netlink_send+0x9/0x10
[  137.543265][ T8552]  netlink_sendmsg+0x8e4/0xcb0
[  137.548087][ T8552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.553376][ T8552]  ? __import_iovec+0x536/0x820
[  137.558227][ T8552]  ? aa_sock_msg_perm+0x91/0x160
[  137.563166][ T8552]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  137.568445][ T8552]  ? security_socket_sendmsg+0x87/0xb0
[  137.573919][ T8552]  ? __pfx_netlink_sendmsg+0x10/0x10
[  137.579196][ T8552]  __sock_sendmsg+0x221/0x270
[  137.583890][ T8552]  ____sys_sendmsg+0x525/0x7d0
[  137.588667][ T8552]  ? __pfx_____sys_sendmsg+0x10/0x10
[  137.593965][ T8552]  __sys_sendmsg+0x2b0/0x3a0
[  137.598562][ T8552]  ? __pfx___sys_sendmsg+0x10/0x10
[  137.603670][ T8552]  ? vfs_write+0x7c4/0xc90
[  137.608161][ T8552]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  137.614503][ T8552]  ? do_syscall_64+0x100/0x230
[  137.619268][ T8552]  ? do_syscall_64+0xb6/0x230
[  137.623992][ T8552]  do_syscall_64+0xf3/0x230
[  137.628494][ T8552]  ? clear_bhb_loop+0x35/0x90
[  137.633176][ T8552]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.639070][ T8552] RIP: 0033:0x7f969487d0a9
[  137.643486][ T8552] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  137.663087][ T8552] RSP: 002b:00007f96956750c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  137.671496][ T8552] RAX: ffffffffffffffda RBX: 00007f96949b3f80 RCX: 00007f969487d0a9
[  137.679457][ T8552] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003
[  137.687418][ T8552] RBP: 00007f9695675120 R08: 0000000000000000 R09: 0000000000000000
[  137.695382][ T8552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.703341][ T8552] R13: 000000000000000b R14: 00007f96949b3f80 R15: 00007ffeda529368
[  137.711315][ T8552]  </TASK>
[  137.839473][ T8562] FAULT_INJECTION: forcing a failure.
[  137.839473][ T8562] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  137.861276][ T8562] CPU: 1 PID: 8562 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  137.871729][ T8562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  137.881807][ T8562] Call Trace:
[  137.885102][ T8562]  <TASK>
[  137.888046][ T8562]  dump_stack_lvl+0x241/0x360
[  137.892747][ T8562]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.897951][ T8562]  ? __pfx__printk+0x10/0x10
[  137.902538][ T8562]  ? __pfx_lock_release+0x10/0x10
[  137.907562][ T8562]  should_fail_ex+0x3b0/0x4e0
[  137.912240][ T8562]  _copy_from_user+0x2f/0xe0
[  137.916836][ T8562]  copy_msghdr_from_user+0xae/0x680
[  137.922035][ T8562]  ? __pfx___might_resched+0x10/0x10
[  137.927338][ T8562]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  137.933156][ T8562]  ? __might_fault+0xaa/0x120
[  137.937835][ T8562]  do_recvmmsg+0x40f/0xae0
[  137.942263][ T8562]  ? __pfx_lock_release+0x10/0x10
[  137.947304][ T8562]  ? __pfx_do_recvmmsg+0x10/0x10
[  137.952258][ T8562]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  137.958152][ T8562]  ? ksys_write+0x23e/0x2c0
[  137.962654][ T8562]  ? __pfx_lock_release+0x10/0x10
[  137.967693][ T8562]  ? vfs_write+0x7c4/0xc90
[  137.972134][ T8562]  ? __mutex_unlock_slowpath+0x21d/0x750
[  137.977780][ T8562]  ? __fget_files+0x3f6/0x470
[  137.982467][ T8562]  __x64_sys_recvmmsg+0x199/0x250
[  137.987495][ T8562]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  137.993063][ T8562]  ? do_syscall_64+0x100/0x230
[  137.997834][ T8562]  ? do_syscall_64+0xb6/0x230
[  138.002507][ T8562]  do_syscall_64+0xf3/0x230
[  138.007008][ T8562]  ? clear_bhb_loop+0x35/0x90
[  138.011687][ T8562]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  138.017579][ T8562] RIP: 0033:0x7fe93527d0a9
[  138.021984][ T8562] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  138.041585][ T8562] RSP: 002b:00007fe934dff0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  138.049994][ T8562] RAX: ffffffffffffffda RBX: 00007fe9353b3f80 RCX: 00007fe93527d0a9
[  138.057963][ T8562] RDX: 0204083acb88ff8b RSI: 0000000020000600 RDI: 0000000000000004
[  138.065928][ T8562] RBP: 00007fe934dff120 R08: 0000000000000000 R09: 0000000000000000
[  138.073891][ T8562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  138.081853][ T8562] R13: 000000000000000b R14: 00007fe9353b3f80 R15: 00007ffe10aed5a8
[  138.089826][ T8562]  </TASK>
[  138.234402][ T8528] chnl_net:caif_netlink_parms(): no params data found
[  138.368691][ T8528] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.383540][ T8528] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.390739][ T8528] bridge_slave_0: entered allmulticast mode
[  138.399548][ T8528] bridge_slave_0: entered promiscuous mode
[  138.409333][ T8528] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.416576][ T8528] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.427757][ T8528] bridge_slave_1: entered allmulticast mode
[  138.440207][ T8528] bridge_slave_1: entered promiscuous mode
[  138.492798][ T8528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  138.515902][ T8528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  138.580402][ T8528] team0: Port device team_slave_0 added
[  138.609800][ T8528] team0: Port device team_slave_1 added
[  138.760944][ T8528] batman_adv: batadv0: Adding interface: batadv_slave_0
[  138.783146][ T8528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.836360][ T8528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  138.866392][ T8528] batman_adv: batadv0: Adding interface: batadv_slave_1
[  138.877331][ T8528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  138.913507][ T5122] Bluetooth: hci5: command tx timeout
[  138.921154][ T8528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  139.022382][ T8584] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  139.282583][ T8528] hsr_slave_0: entered promiscuous mode
[  139.297206][ T8528] hsr_slave_1: entered promiscuous mode
[  139.348935][ T8528] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  139.367577][ T8528] Cannot create hsr debugfs directory
[  139.410424][ T8619] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  139.442096][ T8621] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  139.772057][ T8633] team_slave_0: entered allmulticast mode
[  139.782571][ T8633] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  139.930680][ T8639] netlink: 19 bytes leftover after parsing attributes in process `syz-executor.3'.
[  139.980700][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  140.014153][ T8639] caif0: entered allmulticast mode
[  140.095302][ T8639] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  140.115229][ T8639] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  140.126863][ T8528] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.142692][ T8528] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.330906][ T8528] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.342969][ T8528] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.354486][ T8655] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  140.382365][ T8652] IPv6: Can't replace route, no match found
[  140.538391][ T8664] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  140.569421][ T8528] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.595162][ T8528] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.674412][ T8644] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  140.742684][ T8528] team0: Port device netdevsim0 removed
[  140.757653][ T8528] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  140.774150][ T8528] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.994377][ T5122] Bluetooth: hci5: command tx timeout
[  141.208044][ T8528] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  141.235789][ T8528] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  141.256651][ T8528] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  141.273836][ T8528] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  141.400805][ T8691] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  141.444441][ T8528] 8021q: adding VLAN 0 to HW filter on device bond0
[  141.476897][ T8528] 8021q: adding VLAN 0 to HW filter on device team0
[  141.491546][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.498723][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.513092][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.520263][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  142.118138][ T8528] 8021q: adding VLAN 0 to HW filter on device batadv0
[  142.120186][ T8711] sctp: [Deprecated]: syz-executor.3 (pid 8711) Use of int in max_burst socket option.
[  142.120186][ T8711] Use struct sctp_assoc_value instead
[  142.239196][ T8719] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  142.321009][ T8528] veth0_vlan: entered promiscuous mode
[  142.370072][ T8528] veth1_vlan: entered promiscuous mode
[  142.580405][ T8528] veth0_macvtap: entered promiscuous mode
[  142.656375][ T8528] veth1_macvtap: entered promiscuous mode
[  142.696632][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.716258][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.745508][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.763228][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.773168][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.783700][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.793594][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.804154][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.814043][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  142.825545][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.837835][ T8528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  142.871488][ T8749] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  142.881171][ T8749] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  142.894258][ T8749] macvlan0: entered promiscuous mode
[  142.900589][ T8749] batadv_slave_0: entered promiscuous mode
[  142.910320][ T8749] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  142.919720][ T8749] Cannot create hsr debugfs directory
[  142.939115][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.950762][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.961081][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.974530][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  142.984724][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  142.995526][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.010747][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.030536][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.041649][ T8528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  143.062081][ T8528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  143.074478][ T5122] Bluetooth: hci5: command tx timeout
[  143.075770][ T8528] batman_adv: batadv0: Interface activated: batadv_slave_1
[  143.099097][ T8528] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  143.108472][ T8528] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  143.118326][ T8528] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  143.127448][ T8528] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  143.177927][ T8760] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  143.315315][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.328683][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.399576][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  143.436102][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  143.525578][ T8774] xt_TCPMSS: Only works on TCP SYN packets
[  143.752655][ T8788] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[  143.778097][ T8788] macsec1: entered promiscuous mode
[  143.794712][ T8788] macsec1: entered allmulticast mode
[  143.810440][ T8788] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[  143.830161][ T8788] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[  143.854106][ T8796] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  143.862575][ T8788] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[  144.182396][ T8814] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  144.319676][ T8819] mac80211_hwsim hwsim14 wlan0: entered promiscuous mode
[  144.329510][ T8819] macvlan4: entered allmulticast mode
[  144.335182][ T8819] mac80211_hwsim hwsim14 wlan0: entered allmulticast mode
[  144.346897][ T8819] mac80211_hwsim hwsim14 wlan0: left promiscuous mode
[  144.647355][ T8837] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  145.155712][ T5122] Bluetooth: hci5: command tx timeout
[  145.170431][ T8864] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  145.230329][ T8864] bond1: entered promiscuous mode
[  145.300007][ T8864] bridge1: entered promiscuous mode
[  145.332284][ T8864] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  145.359192][ T8873] 
@ÿ: renamed from veth0_vlan (while UP)
[  145.400089][ T8875] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  145.478820][ T8877] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  145.655939][ T8886] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  145.723898][ T8868] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  145.735685][ T8888] syzkaller1: entered promiscuous mode
[  145.741485][ T8888] syzkaller1: entered allmulticast mode
[  145.778453][ T5159] IPVS: starting estimator thread 0...
[  145.878635][ T8892] IPVS: using max 16 ests per chain, 38400 per kthread
[  146.046651][ T8900] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 4095 (only 8 groups)
[  146.193699][ T8908] x_tables: ip6_tables: sctp match: only valid for protocol 132
[  146.319565][ T8917] netlink: 134312 bytes leftover after parsing attributes in process `syz-executor.4'.
[  146.337250][ T8917] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  146.360339][ T8917] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  146.455389][ T8924] FAULT_INJECTION: forcing a failure.
[  146.455389][ T8924] name failslab, interval 1, probability 0, space 0, times 0
[  146.476844][ T8924] CPU: 1 PID: 8924 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  146.487316][ T8924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  146.497388][ T8924] Call Trace:
[  146.500685][ T8924]  <TASK>
[  146.503629][ T8924]  dump_stack_lvl+0x241/0x360
[  146.508347][ T8924]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.513580][ T8924]  ? __pfx__printk+0x10/0x10
[  146.518217][ T8924]  should_fail_ex+0x3b0/0x4e0
[  146.522936][ T8924]  ? sctp_add_bind_addr+0x89/0x3a0
[  146.528082][ T8924]  should_failslab+0x9/0x20
[  146.532622][ T8924]  kmalloc_trace_noprof+0x6c/0x2c0
[  146.537771][ T8924]  sctp_add_bind_addr+0x89/0x3a0
[  146.542743][ T8924]  sctp_copy_local_addr_list+0x311/0x500
[  146.548406][ T8924]  ? sctp_copy_local_addr_list+0xab/0x500
[  146.554166][ T8924]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  146.560367][ T8924]  ? sctp_v6_is_any+0x60/0x70
[  146.565081][ T8924]  sctp_bind_addr_copy+0xad/0x3b0
[  146.570137][ T8924]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  146.576507][ T8924]  sctp_connect_new_asoc+0x2f3/0x6c0
[  146.581827][ T8924]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  146.587669][ T8924]  ? __ipv6_addr_type+0x23c/0x2f0
[  146.592729][ T8924]  ? sctp_endpoint_lookup_assoc+0xc9/0x250
[  146.598576][ T8924]  __sctp_connect+0x66d/0xe30
[  146.603295][ T8924]  ? __local_bh_enable_ip+0x168/0x200
[  146.608707][ T8924]  ? __pfx___sctp_connect+0x10/0x10
[  146.613932][ T8924]  ? sctp_inet_connect+0xa7/0x1f0
[  146.618982][ T8924]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  146.624727][ T8924]  ? do_raw_spin_unlock+0x13c/0x8b0
[  146.629970][ T8924]  sctp_inet_connect+0x149/0x1f0
[  146.634944][ T8924]  __sys_connect+0x2df/0x310
[  146.639569][ T8924]  ? __pfx___sys_connect+0x10/0x10
[  146.644727][ T8924]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  146.646211][ T8933] netlink: 292 bytes leftover after parsing attributes in process `syz-executor.1'.
[  146.651066][ T8924]  ? do_syscall_64+0x100/0x230
[  146.651155][ T8924]  __x64_sys_connect+0x7a/0x90
[  146.651180][ T8924]  do_syscall_64+0xf3/0x230
[  146.651204][ T8924]  ? clear_bhb_loop+0x35/0x90
[  146.651230][ T8924]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.651255][ T8924] RIP: 0033:0x7fe93527d0a9
[  146.651274][ T8924] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  146.651291][ T8924] RSP: 002b:00007fe934dff0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[  146.651321][ T8924] RAX: ffffffffffffffda RBX: 00007fe9353b3f80 RCX: 00007fe93527d0a9
[  146.651337][ T8924] RDX: 000000000000001c RSI: 0000000020000100 RDI: 0000000000000003
[  146.651350][ T8924] RBP: 00007fe934dff120 R08: 0000000000000000 R09: 0000000000000000
[  146.651363][ T8924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  146.651375][ T8924] R13: 000000000000000b R14: 00007fe9353b3f80 R15: 00007ffe10aed5a8
[  146.651407][ T8924]  </TASK>
[  146.779379][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  146.812305][ T8935] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  146.859347][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  146.895265][ T8935] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  146.945719][ T8944] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  146.962217][   T29] audit: type=1800 audit(1719142426.721:11): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1965 res=0 errno=0
[  147.001548][   T29] audit: type=1804 audit(1719142426.721:12): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/289/memory.events" dev="sda1" ino=1965 res=1 errno=0
[  147.028333][   T29] audit: type=1804 audit(1719142426.761:13): pid=8950 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/289/memory.events" dev="sda1" ino=1965 res=1 errno=0
[  147.202971][ T8961] FAULT_INJECTION: forcing a failure.
[  147.202971][ T8961] name failslab, interval 1, probability 0, space 0, times 0
[  147.228781][ T8961] CPU: 0 PID: 8961 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  147.239248][ T8961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  147.249329][ T8961] Call Trace:
[  147.252631][ T8961]  <TASK>
[  147.255580][ T8961]  dump_stack_lvl+0x241/0x360
[  147.260296][ T8961]  ? __pfx_dump_stack_lvl+0x10/0x10
[  147.265525][ T8961]  ? __pfx__printk+0x10/0x10
[  147.270145][ T8961]  ? __pfx___might_resched+0x10/0x10
[  147.275466][ T8961]  should_fail_ex+0x3b0/0x4e0
[  147.280177][ T8961]  should_failslab+0x9/0x20
[  147.284712][ T8961]  __kmalloc_node_noprof+0xdf/0x440
[  147.289938][ T8961]  ? qdisc_alloc+0x97/0xa80
[  147.294473][ T8961]  qdisc_alloc+0x97/0xa80
[  147.298832][ T8961]  ? taprio_init+0x2ff/0xc80
[  147.303442][ T8961]  ? rcu_is_watching+0x15/0xb0
[  147.308233][ T8961]  qdisc_create_dflt+0x62/0x4b0
[  147.313118][ T8961]  taprio_init+0x424/0xc80
[  147.317557][ T8961]  ? ____sys_sendmsg+0x525/0x7d0
[  147.322522][ T8961]  ? __sys_sendmsg+0x2b0/0x3a0
[  147.327312][ T8961]  ? do_syscall_64+0xf3/0x230
[  147.332037][ T8961]  ? __pfx_taprio_init+0x10/0x10
[  147.337005][ T8961]  ? lockdep_rtnl_is_held+0x26/0x40
[  147.342231][ T8961]  ? qdisc_lookup+0x350/0x6b0
[  147.346945][ T8961]  ? __pfx_taprio_init+0x10/0x10
[  147.351907][ T8961]  qdisc_create+0x9d4/0x11a0
[  147.356536][ T8961]  ? __pfx_qdisc_create+0x10/0x10
[  147.361595][ T8961]  tc_modify_qdisc+0xa26/0x1e40
[  147.366463][ T8961]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  147.371775][ T8961]  ? __pfx_tc_modify_qdisc+0x10/0x10
[  147.377082][ T8961]  rtnetlink_rcv_msg+0x89b/0x1180
[  147.382128][ T8961]  ? rtnetlink_rcv_msg+0x208/0x1180
[  147.387334][ T8961]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  147.392801][ T8961]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  147.398792][ T8961]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  147.405131][ T8961]  ? __local_bh_enable_ip+0x168/0x200
[  147.410499][ T8961]  ? lockdep_hardirqs_on+0x99/0x150
[  147.415696][ T8961]  ? __local_bh_enable_ip+0x168/0x200
[  147.421061][ T8961]  ? dev_hard_start_xmit+0x773/0x7e0
[  147.426343][ T8961]  ? __dev_queue_xmit+0x2d2/0x3d30
[  147.431454][ T8961]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  147.437184][ T8961]  ? __dev_queue_xmit+0x2d2/0x3d30
[  147.442292][ T8961]  ? __dev_queue_xmit+0x16c9/0x3d30
[  147.447499][ T8961]  ? __dev_queue_xmit+0x2d2/0x3d30
[  147.452611][ T8961]  ? ref_tracker_free+0x643/0x7e0
[  147.457639][ T8961]  netlink_rcv_skb+0x1e3/0x430
[  147.462397][ T8961]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  147.467854][ T8961]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  147.473149][ T8961]  ? netlink_deliver_tap+0x2e/0x1b0
[  147.478396][ T8961]  netlink_unicast+0x7f0/0x990
[  147.483171][ T8961]  ? __pfx_netlink_unicast+0x10/0x10
[  147.488455][ T8961]  ? __virt_addr_valid+0x183/0x520
[  147.493568][ T8961]  ? __check_object_size+0x49c/0x900
[  147.498852][ T8961]  ? bpf_lsm_netlink_send+0x9/0x10
[  147.503964][ T8961]  netlink_sendmsg+0x8e4/0xcb0
[  147.508754][ T8961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.514052][ T8961]  ? __import_iovec+0x536/0x820
[  147.518912][ T8961]  ? aa_sock_msg_perm+0x91/0x160
[  147.523900][ T8961]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  147.529182][ T8961]  ? security_socket_sendmsg+0x87/0xb0
[  147.534643][ T8961]  ? __pfx_netlink_sendmsg+0x10/0x10
[  147.539922][ T8961]  __sock_sendmsg+0x221/0x270
[  147.544599][ T8961]  ____sys_sendmsg+0x525/0x7d0
[  147.549362][ T8961]  ? __pfx_____sys_sendmsg+0x10/0x10
[  147.554656][ T8961]  __sys_sendmsg+0x2b0/0x3a0
[  147.559244][ T8961]  ? __pfx___sys_sendmsg+0x10/0x10
[  147.564352][ T8961]  ? vfs_write+0x7c4/0xc90
[  147.568796][ T8961]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  147.575129][ T8961]  ? do_syscall_64+0x100/0x230
[  147.579896][ T8961]  ? do_syscall_64+0xb6/0x230
[  147.584577][ T8961]  do_syscall_64+0xf3/0x230
[  147.589080][ T8961]  ? clear_bhb_loop+0x35/0x90
[  147.593757][ T8961]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  147.599648][ T8961] RIP: 0033:0x7fb029e7d0a9
[  147.604057][ T8961] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  147.623669][ T8961] RSP: 002b:00007fb02ab950c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  147.632081][ T8961] RAX: ffffffffffffffda RBX: 00007fb029fb3f80 RCX: 00007fb029e7d0a9
[  147.640044][ T8961] RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004
[  147.648006][ T8961] RBP: 00007fb02ab95120 R08: 0000000000000000 R09: 0000000000000000
[  147.656009][ T8961] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  147.663973][ T8961] R13: 000000000000000b R14: 00007fb029fb3f80 R15: 00007ffe64c48f18
[  147.671960][ T8961]  </TASK>
[  147.755314][ T8977] xt_TCPMSS: Only works on TCP SYN packets
[  147.793621][ T8977] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
[  148.121417][ T8988] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  148.158009][ T8990] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  148.188378][ T8986] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  148.325964][ T8997] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  148.358404][ T8997] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  148.826513][ T9016] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  149.257755][ T9028] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  149.333347][ T9030] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  149.470738][ T9038] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  150.159757][ T9057] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  150.550120][ T9071] __nla_validate_parse: 7 callbacks suppressed
[  150.550140][ T9071] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'.
[  150.584275][ T9077] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'.
[  150.895468][ T9089] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  151.610879][ T9121] Illegal XDP return value 4294967294 on prog  (id 416) dev N/A, expect packet loss!
[  151.854652][ T9132] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  152.027722][ T9141] netlink: 134312 bytes leftover after parsing attributes in process `syz-executor.1'.
[  152.074693][ T9141] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  152.097172][ T9141] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  152.221343][ T9151] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  152.240628][ T9151] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  152.248037][ T9151] IPv6: NLM_F_CREATE should be set when creating new route
[  152.255334][ T9151] IPv6: NLM_F_CREATE should be set when creating new route
[  152.278941][ T9152] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  152.323089][ T9152] vlan2: entered promiscuous mode
[  152.329127][ T9152] team0: entered promiscuous mode
[  152.335993][ T9152] team_slave_0: entered promiscuous mode
[  152.342079][ T9152] team_slave_1: entered promiscuous mode
[  152.368877][ T9149] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  152.384277][ T9151] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  152.412477][ T9151] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  152.531823][ T9167] FAULT_INJECTION: forcing a failure.
[  152.531823][ T9167] name failslab, interval 1, probability 0, space 0, times 0
[  152.564286][ T9167] CPU: 1 PID: 9167 Comm: syz-executor.3 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  152.574749][ T9167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  152.584822][ T9167] Call Trace:
[  152.588118][ T9167]  <TASK>
[  152.591064][ T9167]  dump_stack_lvl+0x241/0x360
[  152.595760][ T9167]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.600952][ T9167]  ? __pfx__printk+0x10/0x10
[  152.605535][ T9167]  ? netlink_insert+0x10b7/0x14b0
[  152.610562][ T9167]  should_fail_ex+0x3b0/0x4e0
[  152.615245][ T9167]  ? __alloc_skb+0x1c3/0x440
[  152.619845][ T9167]  should_failslab+0x9/0x20
[  152.624353][ T9167]  kmem_cache_alloc_node_noprof+0x71/0x320
[  152.630189][ T9167]  __alloc_skb+0x1c3/0x440
[  152.634622][ T9167]  ? __pfx___alloc_skb+0x10/0x10
[  152.639571][ T9167]  ? netlink_autobind+0xd6/0x2f0
[  152.644503][ T9167]  ? netlink_autobind+0x2b0/0x2f0
[  152.649524][ T9167]  netlink_sendmsg+0x638/0xcb0
[  152.654293][ T9167]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.659576][ T9167]  ? __import_iovec+0x536/0x820
[  152.664427][ T9167]  ? aa_sock_msg_perm+0x91/0x160
[  152.669386][ T9167]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  152.674679][ T9167]  ? security_socket_sendmsg+0x87/0xb0
[  152.680145][ T9167]  ? __pfx_netlink_sendmsg+0x10/0x10
[  152.685424][ T9167]  __sock_sendmsg+0x221/0x270
[  152.690100][ T9167]  ____sys_sendmsg+0x525/0x7d0
[  152.694879][ T9167]  ? __pfx_____sys_sendmsg+0x10/0x10
[  152.700178][ T9167]  __sys_sendmsg+0x2b0/0x3a0
[  152.704767][ T9167]  ? __pfx___sys_sendmsg+0x10/0x10
[  152.709872][ T9167]  ? vfs_write+0x7c4/0xc90
[  152.714316][ T9167]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  152.720641][ T9167]  ? do_syscall_64+0x100/0x230
[  152.725405][ T9167]  ? do_syscall_64+0xb6/0x230
[  152.730083][ T9167]  do_syscall_64+0xf3/0x230
[  152.734585][ T9167]  ? clear_bhb_loop+0x35/0x90
[  152.739259][ T9167]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.745148][ T9167] RIP: 0033:0x7f969487d0a9
[  152.749555][ T9167] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  152.769155][ T9167] RSP: 002b:00007f96956750c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  152.777564][ T9167] RAX: ffffffffffffffda RBX: 00007f96949b3f80 RCX: 00007f969487d0a9
[  152.785526][ T9167] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003
[  152.793489][ T9167] RBP: 00007f9695675120 R08: 0000000000000000 R09: 0000000000000000
[  152.801456][ T9167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  152.809443][ T9167] R13: 000000000000000b R14: 00007f96949b3f80 R15: 00007ffeda529368
[  152.817424][ T9167]  </TASK>
[  152.823773][ T9170] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  152.921626][ T9175] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  153.015552][ T9180] netlink: 144316 bytes leftover after parsing attributes in process `syz-executor.1'.
[  153.074433][ T9181] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  153.107859][ T9189] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.2'.
[  153.252914][ T9194] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.3'.
[  153.297532][ T9197] FAULT_INJECTION: forcing a failure.
[  153.297532][ T9197] name failslab, interval 1, probability 0, space 0, times 0
[  153.311823][ T9194] netlink: 'syz-executor.3': attribute type 21 has an invalid length.
[  153.357504][ T9197] CPU: 1 PID: 9197 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  153.367968][ T9197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  153.378041][ T9197] Call Trace:
[  153.381332][ T9197]  <TASK>
[  153.384272][ T9197]  dump_stack_lvl+0x241/0x360
[  153.388975][ T9197]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.394203][ T9197]  ? __pfx__printk+0x10/0x10
[  153.398835][ T9197]  should_fail_ex+0x3b0/0x4e0
[  153.403543][ T9197]  ? __alloc_skb+0x1c3/0x440
[  153.408238][ T9197]  should_failslab+0x9/0x20
[  153.412767][ T9197]  kmem_cache_alloc_node_noprof+0x71/0x320
[  153.418617][ T9197]  __alloc_skb+0x1c3/0x440
[  153.423066][ T9197]  ? __pfx___alloc_skb+0x10/0x10
[  153.428035][ T9197]  ? bpf_lsm_file_permission+0x9/0x10
[  153.433433][ T9197]  ? security_file_permission+0x7f/0xa0
[  153.439000][ T9197]  ppp_write+0xbd/0x2a0
[  153.443176][ T9197]  vfs_writev+0x733/0xbe0
[  153.447545][ T9197]  ? __pfx_ppp_write+0x10/0x10
[  153.452335][ T9197]  ? __pfx_vfs_writev+0x10/0x10
[  153.457219][ T9197]  ? __fget_files+0x29/0x470
[  153.461846][ T9197]  __x64_sys_pwritev+0x1c7/0x2d0
[  153.466809][ T9197]  ? __pfx___x64_sys_pwritev+0x10/0x10
[  153.472294][ T9197]  ? rcu_is_watching+0x15/0xb0
[  153.477078][ T9197]  ? trace_sys_enter+0x1f/0xd0
[  153.481861][ T9197]  do_syscall_64+0xf3/0x230
[  153.486380][ T9197]  ? clear_bhb_loop+0x35/0x90
[  153.491078][ T9197]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.496995][ T9197] RIP: 0033:0x7fb029e7d0a9
[  153.501426][ T9197] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  153.521054][ T9197] RSP: 002b:00007fb02ab950c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000128
[  153.529496][ T9197] RAX: ffffffffffffffda RBX: 00007fb029fb3f80 RCX: 00007fb029e7d0a9
[  153.537485][ T9197] RDX: 0000000000000002 RSI: 0000000020000040 RDI: 000000000000000a
[  153.545482][ T9197] RBP: 00007fb02ab95120 R08: 0000000000000000 R09: 0000000000000000
[  153.553467][ T9197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  153.561458][ T9197] R13: 000000000000000b R14: 00007fb029fb3f80 R15: 00007ffe64c48f18
[  153.569463][ T9197]  </TASK>
[  153.735133][ T9204] team0: entered promiscuous mode
[  153.740296][ T9204] team_slave_0: entered promiscuous mode
[  153.753665][ T9204] team_slave_1: entered promiscuous mode
[  153.809949][ T9211] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check.
[  153.867828][ T9218] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw'
[  153.977796][ T9221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  153.990313][ T9221] batadv0: entered promiscuous mode
[  153.997258][ T9221] team0: Port device batadv0 added
[  154.065227][ T9225] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  154.081820][ T9225] bridge0: port 3(team0) entered blocking state
[  154.088382][ T9229] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  154.088398][ T9225] bridge0: port 3(team0) entered forwarding state
[  154.103694][ T9225] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.110882][ T9225] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.121215][ T9225] bridge0: entered promiscuous mode
[  154.135968][ T9225] bridge0: entered allmulticast mode
[  154.142288][ T9225] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  154.402625][ T9248] x_tables: duplicate underflow at hook 4
[  154.548962][ T9203] team0: left promiscuous mode
[  154.554898][ T9203] team_slave_0: left promiscuous mode
[  154.561934][ T9203] team_slave_1: left promiscuous mode
[  154.571296][ T9203] batadv0: left promiscuous mode
[  154.732121][ T9274] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  154.745467][ T9274] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.753229][ T9274] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.810774][ T9274] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.818048][ T9274] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.825608][ T9274] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.832783][ T9274] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.874386][ T9274] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  155.405948][ T9304] netlink: 'syz-executor.0': attribute type 9 has an invalid length.
[  155.670666][ T9322] netlink: 'syz-executor.3': attribute type 21 has an invalid length.
[  155.704408][ T9322] __nla_validate_parse: 9 callbacks suppressed
[  155.704427][ T9322] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
[  155.895803][ T9333] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.4'.
[  155.919262][ T9333] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  156.062510][   T29] audit: type=1804 audit(1719142435.821:14): pid=9347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir4283236906/syzkaller.u2eWOf/304/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0
[  156.326722][ T9359] ieee802154 phy0 wpan0: encryption failed: -90
[  156.397270][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  156.521865][ T9375] team0: Device ip6_vti0 is of different type
[  156.546115][ T9377] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  156.949668][ T9403] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  157.092757][ T9412] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'.
[  157.118654][ T9416] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'.
[  157.303140][ T9425] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.3'.
[  157.370218][ T9425] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  157.466463][ T9440] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  157.557079][ T9444] syzkaller1: entered promiscuous mode
[  157.564931][ T9444] syzkaller1: entered allmulticast mode
[  157.687757][ T9453] Bluetooth: MGMT ver 1.22
[  158.388456][ T9489] netlink: 'syz-executor.0': attribute type 11 has an invalid length.
[  158.430356][ T9495] FAULT_INJECTION: forcing a failure.
[  158.430356][ T9495] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.464155][ T9495] CPU: 0 PID: 9495 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  158.474702][ T9495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  158.484782][ T9495] Call Trace:
[  158.488076][ T9495]  <TASK>
[  158.491016][ T9495]  dump_stack_lvl+0x241/0x360
[  158.495719][ T9495]  ? __pfx_dump_stack_lvl+0x10/0x10
[  158.500945][ T9495]  ? __pfx__printk+0x10/0x10
[  158.505559][ T9495]  ? __pfx_lock_release+0x10/0x10
[  158.510611][ T9495]  should_fail_ex+0x3b0/0x4e0
[  158.515315][ T9495]  _copy_from_iter+0x1f6/0x1960
[  158.520183][ T9495]  ? __virt_addr_valid+0x183/0x520
[  158.525320][ T9495]  ? __pfx_lock_release+0x10/0x10
[  158.530374][ T9495]  ? __alloc_skb+0x28f/0x440
[  158.534982][ T9495]  ? __pfx__copy_from_iter+0x10/0x10
[  158.540286][ T9495]  ? __virt_addr_valid+0x183/0x520
[  158.545422][ T9495]  ? __virt_addr_valid+0x183/0x520
[  158.550551][ T9495]  ? __virt_addr_valid+0x44e/0x520
[  158.555685][ T9495]  ? __check_object_size+0x49c/0x900
[  158.561002][ T9495]  netlink_sendmsg+0x73d/0xcb0
[  158.565805][ T9495]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.571109][ T9495]  ? __import_iovec+0x536/0x820
[  158.575974][ T9495]  ? aa_sock_msg_perm+0x91/0x160
[  158.580941][ T9495]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  158.586248][ T9495]  ? security_socket_sendmsg+0x87/0xb0
[  158.591730][ T9495]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.597041][ T9495]  __sock_sendmsg+0x221/0x270
[  158.601758][ T9495]  ____sys_sendmsg+0x525/0x7d0
[  158.606557][ T9495]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.611883][ T9495]  __sys_sendmsg+0x2b0/0x3a0
[  158.616507][ T9495]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.621643][ T9495]  ? vfs_write+0x7c4/0xc90
[  158.626125][ T9495]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  158.632487][ T9495]  ? do_syscall_64+0x100/0x230
[  158.637286][ T9495]  ? do_syscall_64+0xb6/0x230
[  158.641996][ T9495]  do_syscall_64+0xf3/0x230
[  158.646531][ T9495]  ? clear_bhb_loop+0x35/0x90
[  158.651239][ T9495]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  158.657153][ T9495] RIP: 0033:0x7f7bdaa7d0a9
[  158.661582][ T9495] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  158.681207][ T9495] RSP: 002b:00007f7bdb74e0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  158.689647][ T9495] RAX: ffffffffffffffda RBX: 00007f7bdabb3f80 RCX: 00007f7bdaa7d0a9
[  158.697639][ T9495] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003
[  158.705625][ T9495] RBP: 00007f7bdb74e120 R08: 0000000000000000 R09: 0000000000000000
[  158.713614][ T9495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  158.721602][ T9495] R13: 000000000000000b R14: 00007f7bdabb3f80 R15: 00007fff24d1b568
[  158.729609][ T9495]  </TASK>
[  158.791958][    C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805e3f6c00: 0x00000: (2) System resources were needed for another task so this connection managed session was terminated.
[  158.848319][ T9507] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[  159.075143][ T9522] FAULT_INJECTION: forcing a failure.
[  159.075143][ T9522] name failslab, interval 1, probability 0, space 0, times 0
[  159.107662][ T9522] CPU: 0 PID: 9522 Comm: syz-executor.3 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  159.118134][ T9522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  159.128209][ T9522] Call Trace:
[  159.131508][ T9522]  <TASK>
[  159.134456][ T9522]  dump_stack_lvl+0x241/0x360
[  159.139166][ T9522]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.144389][ T9522]  ? __pfx__printk+0x10/0x10
[  159.149017][ T9522]  should_fail_ex+0x3b0/0x4e0
[  159.153724][ T9522]  ? __alloc_skb+0x1c3/0x440
[  159.158338][ T9522]  should_failslab+0x9/0x20
[  159.162864][ T9522]  kmem_cache_alloc_node_noprof+0x71/0x320
[  159.168698][ T9522]  __alloc_skb+0x1c3/0x440
[  159.173143][ T9522]  ? __pfx___alloc_skb+0x10/0x10
[  159.178101][ T9522]  ? netlink_has_listeners+0x2ea/0x3a0
[  159.183573][ T9522]  ? netlink_has_listeners+0x73/0x3a0
[  159.188984][ T9522]  nf_tables_setelem_notify+0xdc/0x340
[  159.194471][ T9522]  ? kfree+0x149/0x360
[  159.198573][ T9522]  nf_tables_commit+0x4166/0x7e80
[  159.203644][ T9522]  ? __pfx_nf_tables_commit+0x10/0x10
[  159.209057][ T9522]  ? __pfx_lock_acquire+0x10/0x10
[  159.214114][ T9522]  ? nfnl_pernet+0x23/0x240
[  159.218647][ T9522]  ? __pfx_lock_release+0x10/0x10
[  159.223721][ T9522]  ? __nla_parse+0x40/0x60
[  159.228165][ T9522]  nfnetlink_rcv+0x1e44/0x2a90
[  159.232950][ T9522]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  159.239315][ T9522]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  159.244454][ T9522]  ? __dev_queue_xmit+0x2d2/0x3d30
[  159.249619][ T9522]  ? netlink_deliver_tap+0x2e/0x1b0
[  159.254833][ T9522]  ? skb_clone+0x240/0x390
[  159.259269][ T9522]  ? __pfx_lock_release+0x10/0x10
[  159.264322][ T9522]  ? netlink_deliver_tap+0x2e/0x1b0
[  159.269544][ T9522]  netlink_unicast+0x7f0/0x990
[  159.274343][ T9522]  ? __pfx_netlink_unicast+0x10/0x10
[  159.279653][ T9522]  ? __virt_addr_valid+0x183/0x520
[  159.284815][ T9522]  ? __check_object_size+0x49c/0x900
[  159.290100][ T9522]  ? bpf_lsm_netlink_send+0x9/0x10
[  159.295211][ T9522]  netlink_sendmsg+0x8e4/0xcb0
[  159.299978][ T9522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.305262][ T9522]  ? __import_iovec+0x536/0x820
[  159.310107][ T9522]  ? aa_sock_msg_perm+0x91/0x160
[  159.315053][ T9522]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  159.320342][ T9522]  ? security_socket_sendmsg+0x87/0xb0
[  159.325807][ T9522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  159.331088][ T9522]  __sock_sendmsg+0x221/0x270
[  159.335765][ T9522]  ____sys_sendmsg+0x525/0x7d0
[  159.340532][ T9522]  ? __pfx_____sys_sendmsg+0x10/0x10
[  159.345826][ T9522]  __sys_sendmsg+0x2b0/0x3a0
[  159.350415][ T9522]  ? __pfx___sys_sendmsg+0x10/0x10
[  159.355520][ T9522]  ? vfs_write+0x7c4/0xc90
[  159.359964][ T9522]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  159.366285][ T9522]  ? do_syscall_64+0x100/0x230
[  159.371042][ T9522]  ? do_syscall_64+0xb6/0x230
[  159.375716][ T9522]  do_syscall_64+0xf3/0x230
[  159.380210][ T9522]  ? clear_bhb_loop+0x35/0x90
[  159.384904][ T9522]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.390793][ T9522] RIP: 0033:0x7f969487d0a9
[  159.395199][ T9522] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  159.414806][ T9522] RSP: 002b:00007f96956750c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  159.423218][ T9522] RAX: ffffffffffffffda RBX: 00007f96949b3f80 RCX: 00007f969487d0a9
[  159.431189][ T9522] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000004
[  159.439153][ T9522] RBP: 00007f9695675120 R08: 0000000000000000 R09: 0000000000000000
[  159.447121][ T9522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  159.455089][ T9522] R13: 000000000000000b R14: 00007f96949b3f80 R15: 00007ffeda529368
[  159.463065][ T9522]  </TASK>
[  159.477061][   T35] wlan1: Trigger new scan to find an IBSS to join
[  159.924009][ T9555] netlink: 'syz-executor.1': attribute type 13 has an invalid length.
[  159.938264][ T9555] digital: digital_start_poll: Unknown protocol
[  160.206159][ T9574] IPVS: Error joining to the multicast group
[  160.736778][ T9594] FAULT_INJECTION: forcing a failure.
[  160.736778][ T9594] name failslab, interval 1, probability 0, space 0, times 0
[  160.767170][ T9594] CPU: 0 PID: 9594 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  160.777630][ T9594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  160.785587][ T9599] __nla_validate_parse: 8 callbacks suppressed
[  160.785605][ T9599] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  160.787681][ T9594] Call Trace:
[  160.787694][ T9594]  <TASK>
[  160.809254][ T9594]  dump_stack_lvl+0x241/0x360
[  160.813962][ T9594]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.819183][ T9594]  ? __pfx__printk+0x10/0x10
[  160.823801][ T9594]  should_fail_ex+0x3b0/0x4e0
[  160.828485][ T9594]  ? sctp_add_bind_addr+0x89/0x3a0
[  160.833605][ T9594]  should_failslab+0x9/0x20
[  160.838121][ T9594]  kmalloc_trace_noprof+0x6c/0x2c0
[  160.843232][ T9594]  sctp_add_bind_addr+0x89/0x3a0
[  160.848175][ T9594]  sctp_copy_local_addr_list+0x311/0x500
[  160.853805][ T9594]  ? sctp_copy_local_addr_list+0xab/0x500
[  160.859534][ T9594]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  160.865694][ T9594]  ? sctp_v6_is_any+0x60/0x70
[  160.870390][ T9594]  sctp_bind_addr_copy+0xad/0x3b0
[  160.875420][ T9594]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  160.881749][ T9594]  sctp_connect_new_asoc+0x2f3/0x6c0
[  160.887040][ T9594]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  160.892845][ T9594]  ? sctp_sendmsg+0xbb9/0x3520
[  160.897636][ T9594]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  160.903179][ T9594]  ? security_sctp_bind_connect+0x90/0xb0
[  160.908903][ T9594]  sctp_sendmsg+0x219a/0x3520
[  160.913590][ T9594]  ? __pfx_sctp_sendmsg+0x10/0x10
[  160.918608][ T9594]  ? __pfx_aa_sk_perm+0x10/0x10
[  160.923461][ T9594]  ? inet_sendmsg+0x330/0x390
[  160.928136][ T9594]  __sock_sendmsg+0x1a6/0x270
[  160.932806][ T9594]  __sys_sendto+0x3a4/0x4f0
[  160.937307][ T9594]  ? __pfx___sys_sendto+0x10/0x10
[  160.942363][ T9594]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  160.948347][ T9594]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  160.954679][ T9594]  __x64_sys_sendto+0xde/0x100
[  160.959450][ T9594]  do_syscall_64+0xf3/0x230
[  160.963955][ T9594]  ? clear_bhb_loop+0x35/0x90
[  160.968632][ T9594]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.974522][ T9594] RIP: 0033:0x7fe93527d0a9
[  160.978934][ T9594] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  160.998584][ T9594] RSP: 002b:00007fe934dff0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  161.006998][ T9594] RAX: ffffffffffffffda RBX: 00007fe9353b3f80 RCX: 00007fe93527d0a9
[  161.014961][ T9594] RDX: 0000000000034000 RSI: 0000000020000580 RDI: 0000000000000003
[  161.022922][ T9594] RBP: 00007fe934dff120 R08: 0000000020000100 R09: 000000000000001c
[  161.030884][ T9594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  161.038846][ T9594] R13: 000000000000000b R14: 00007fe9353b3f80 R15: 00007ffe10aed5a8
[  161.046823][ T9594]  </TASK>
[  161.053640][ T9601] hsr_slave_0: left promiscuous mode
[  161.091302][ T9601] hsr_slave_1: left promiscuous mode
[  161.287017][ T9599] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.317453][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  161.498082][ T9599] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.657699][ T9599] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  161.759117][   T29] audit: type=1800 audit(1719142441.521:15): pid=9631 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1953 res=0 errno=0
[  161.856293][ T9599] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.035843][ T9647] netlink: 277 bytes leftover after parsing attributes in process `syz-executor.4'.
[  162.056726][ T9599] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  162.083739][ T9599] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  162.127887][ T9599] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  162.217543][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  162.277916][ T9599] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.345963][ T9663] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  162.385515][ T9599] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.455106][ T9599] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  162.914233][ T9692] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  163.039704][ T9697] geneve0: entered allmulticast mode
[  163.085740][  T995] wlan1: Trigger new scan to find an IBSS to join
[  163.454485][ T9710] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[  163.553596][ T5122] Bluetooth: hci1: command tx timeout
[  163.619501][ T9723] netlink: 192 bytes leftover after parsing attributes in process `syz-executor.3'.
[  163.629962][ T9723] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  163.764949][ T9731] netlink: 'syz-executor.4': attribute type 23 has an invalid length.
[  163.883160][ T9734] syzkaller0: entered promiscuous mode
[  163.904481][ T9734] syzkaller0: entered allmulticast mode
[  163.911587][ T9735] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  164.020172][ T9740] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  164.042213][ T7103] wlan1: Creating new IBSS network, BSSID 92:ff:27:06:cb:00
[  165.569191][ T7097] bond1: left allmulticast mode
[  165.601920][ T7097] bond1: left promiscuous mode
[  165.618889][ T7097] bridge0: port 3(bond1) entered disabled state
[  165.647311][ T7097] bridge_slave_1: left allmulticast mode
[  165.661810][ T7097] bridge_slave_1: left promiscuous mode
[  165.670092][ T7097] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.681809][ T7097] bridge_slave_0: left allmulticast mode
[  165.695609][ T7097] bridge_slave_0: left promiscuous mode
[  165.704249][ T7097] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.844926][ T7097] ip6gretap0 (unregistering): left promiscuous mode
[  166.088610][ T7097] bridge0 (unregistering): left promiscuous mode
[  166.234175][ T7097] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  166.243582][ T7097] bond_slave_0: left allmulticast mode
[  166.254310][ T7097] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  166.263722][ T7097] bond_slave_1: left allmulticast mode
[  166.271910][ T7097] bond0 (unregistering): Released all slaves
[  166.286287][ T7097] bond1 (unregistering): Released all slaves
[  166.299845][ T7097] bond2 (unregistering): Released all slaves
[  166.313012][ T7097] bond3 (unregistering): Released all slaves
[  166.330417][ T9771] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  166.349254][ T9781] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.1'.
[  166.429076][ T7097] tipc: Disabling bearer <eth:ipvlan0>
[  166.472633][ T7097] tipc: Disabling bearer <ib:caif0>
[  166.487093][ T7097] tipc: Left network mode
[  166.600397][ T9786] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.715669][ T9795] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'.
[  166.809233][ T9786] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  166.862537][ T9797] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  167.010973][ T9786] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  167.116021][   T29] audit: type=1804 audit(1719142446.881:16): pid=9811 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2088185683/syzkaller.Kcvtv6/161/cgroup.controllers" dev="sda1" ino=1964 res=1 errno=0
[  167.141443][ T9816] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  167.152631][ T7097] hsr_slave_0: left promiscuous mode
[  167.177586][ T7097] hsr_slave_1: left promiscuous mode
[  167.191991][ T7097] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  167.200497][ T7097] batman_adv: batadv0: Removing interface: batadv_slave_0
[  167.216510][ T7097] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  167.224898][ T7097] batman_adv: batadv0: Removing interface: batadv_slave_1
[  167.253034][ T7097] veth1_macvtap: left promiscuous mode
[  167.264217][ T7097] veth0_macvtap: left promiscuous mode
[  167.269862][ T7097] veth1_vlan: left promiscuous mode
[  167.278927][ T7097] veth0_vlan: left promiscuous mode
[  167.776633][ T7097] team0 (unregistering): Port device team_slave_1 removed
[  167.824756][ T7097] team0 (unregistering): Port device team_slave_0 removed
[  167.986832][ T9825] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  168.251103][ T9786] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  168.271561][ T9818] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'.
[  168.388805][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  168.439670][ T9786] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  168.482968][   T29] audit: type=1804 audit(1719142448.241:17): pid=9829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2088185683/syzkaller.Kcvtv6/164/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  168.530673][ T9786] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  168.571485][   T29] audit: type=1804 audit(1719142448.241:18): pid=9829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2088185683/syzkaller.Kcvtv6/164/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  168.633740][ T9786] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  168.672477][   T29] audit: type=1804 audit(1719142448.241:19): pid=9829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2088185683/syzkaller.Kcvtv6/164/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  168.676210][ T9786] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  168.717953][ T9842] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  168.746788][ T9840] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'.
[  168.829546][ T9845] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  169.013876][ T7097] IPVS: stop unused estimator thread 0...
[  169.068688][ T9853] xt_CONNSECMARK: invalid mode: 0
[  169.082879][ T9856] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  169.102806][ T9852] x_tables: ip6_tables: DNPT target: used from hooks FORWARD, but only usable from PREROUTING/OUTPUT
[  169.283061][ T9861] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  169.304467][ T9862] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  169.429321][ T9871] ip6t_rpfilter: unknown options
[  169.533896][   T29] audit: type=1804 audit(1719142449.281:20): pid=9873 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir593039157/syzkaller.dMwaXx/333/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0
[  169.872218][ T9899] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  170.319905][ T9918] gtp0: entered promiscuous mode
[  170.325711][ T9918] gtp0: entered allmulticast mode
[  170.774335][ T9942] Bluetooth: MGMT ver 1.22
[  170.886631][ T5159] IPVS: starting estimator thread 0...
[  170.983567][ T9956] IPVS: using max 18 ests per chain, 43200 per kthread
[  171.189475][ T9972] sctp: [Deprecated]: syz-executor.1 (pid 9972) Use of struct sctp_assoc_value in delayed_ack socket option.
[  171.189475][ T9972] Use struct sctp_sack_info instead
[  171.283526][ T1097] ==================================================================
[  171.291620][ T1097] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[  171.299714][ T1097] Read of size 8 at addr ffff88802c47f0b8 by task kworker/u8:6/1097
[  171.307699][ T1097] 
[  171.310028][ T1097] CPU: 0 PID: 1097 Comm: kworker/u8:6 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  171.320263][ T1097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  171.330310][ T1097] Workqueue: l2tp l2tp_tunnel_del_work
[  171.335778][ T1097] Call Trace:
[  171.339064][ T1097]  <TASK>
[  171.342021][ T1097]  dump_stack_lvl+0x241/0x360
[  171.346700][ T1097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  171.351908][ T1097]  ? __pfx__printk+0x10/0x10
[  171.356496][ T1097]  ? _printk+0xd5/0x120
[  171.360650][ T1097]  ? __virt_addr_valid+0x183/0x520
[  171.365759][ T1097]  ? __virt_addr_valid+0x183/0x520
[  171.370865][ T1097]  print_report+0x169/0x550
[  171.375379][ T1097]  ? __virt_addr_valid+0x183/0x520
[  171.380502][ T1097]  ? __virt_addr_valid+0x183/0x520
[  171.385612][ T1097]  ? __virt_addr_valid+0x44e/0x520
[  171.390721][ T1097]  ? __phys_addr+0xba/0x170
[  171.395223][ T1097]  ? l2tp_tunnel_del_work+0xe5/0x330
[  171.400503][ T1097]  kasan_report+0x143/0x180
[  171.405001][ T1097]  ? l2tp_tunnel_del_work+0xe5/0x330
[  171.410283][ T1097]  l2tp_tunnel_del_work+0xe5/0x330
[  171.415392][ T1097]  ? process_scheduled_works+0x945/0x1830
[  171.421098][ T1097]  process_scheduled_works+0xa2c/0x1830
[  171.426642][ T1097]  ? __pfx_process_scheduled_works+0x10/0x10
[  171.432613][ T1097]  ? assign_work+0x364/0x3d0
[  171.437198][ T1097]  worker_thread+0x86d/0xd70
[  171.441781][ T1097]  ? __kthread_parkme+0x169/0x1d0
[  171.446796][ T1097]  ? __pfx_worker_thread+0x10/0x10
[  171.451893][ T1097]  kthread+0x2f0/0x390
[  171.455952][ T1097]  ? __pfx_worker_thread+0x10/0x10
[  171.461050][ T1097]  ? __pfx_kthread+0x10/0x10
[  171.465629][ T1097]  ret_from_fork+0x4b/0x80
[  171.470034][ T1097]  ? __pfx_kthread+0x10/0x10
[  171.474618][ T1097]  ret_from_fork_asm+0x1a/0x30
[  171.479381][ T1097]  </TASK>
[  171.482384][ T1097] 
[  171.484693][ T1097] Allocated by task 9979:
[  171.489002][ T1097]  kasan_save_track+0x3f/0x80
[  171.493669][ T1097]  __kasan_kmalloc+0x98/0xb0
[  171.498246][ T1097]  __kmalloc_noprof+0x1f9/0x400
[  171.503078][ T1097]  l2tp_session_create+0x3b/0xc20
[  171.508094][ T1097]  pppol2tp_connect+0xca3/0x17a0
[  171.513019][ T1097]  __sys_connect+0x2df/0x310
[  171.517595][ T1097]  __x64_sys_connect+0x7a/0x90
[  171.522344][ T1097]  do_syscall_64+0xf3/0x230
[  171.526839][ T1097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.532719][ T1097] 
[  171.535028][ T1097] Freed by task 8528:
[  171.538988][ T1097]  kasan_save_track+0x3f/0x80
[  171.543651][ T1097]  kasan_save_free_info+0x40/0x50
[  171.548659][ T1097]  poison_slab_object+0xe0/0x150
[  171.553586][ T1097]  __kasan_slab_free+0x37/0x60
[  171.558337][ T1097]  kfree+0x149/0x360
[  171.562220][ T1097]  __sk_destruct+0x58/0x5f0
[  171.566712][ T1097]  rcu_core+0xafd/0x1830
[  171.570940][ T1097]  handle_softirqs+0x2c4/0x970
[  171.575689][ T1097]  __irq_exit_rcu+0xf4/0x1c0
[  171.580261][ T1097]  irq_exit_rcu+0x9/0x30
[  171.584488][ T1097]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  171.590105][ T1097]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  171.596078][ T1097] 
[  171.598384][ T1097] Last potentially related work creation:
[  171.604078][ T1097]  kasan_save_stack+0x3f/0x60
[  171.608738][ T1097]  __kasan_record_aux_stack+0xac/0xc0
[  171.614091][ T1097]  call_rcu+0x167/0xa70
[  171.618233][ T1097]  pppol2tp_release+0x24b/0x350
[  171.623074][ T1097]  sock_close+0xbc/0x240
[  171.627309][ T1097]  __fput+0x406/0x8b0
[  171.631275][ T1097]  task_work_run+0x24f/0x310
[  171.635856][ T1097]  syscall_exit_to_user_mode+0x168/0x370
[  171.641480][ T1097]  do_syscall_64+0x100/0x230
[  171.646062][ T1097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.651949][ T1097] 
[  171.654260][ T1097] The buggy address belongs to the object at ffff88802c47f000
[  171.654260][ T1097]  which belongs to the cache kmalloc-1k of size 1024
[  171.668295][ T1097] The buggy address is located 184 bytes inside of
[  171.668295][ T1097]  freed 1024-byte region [ffff88802c47f000, ffff88802c47f400)
[  171.682164][ T1097] 
[  171.684475][ T1097] The buggy address belongs to the physical page:
[  171.690873][ T1097] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2c478
[  171.699623][ T1097] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  171.708108][ T1097] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  171.715642][ T1097] page_type: 0xffffefff(slab)
[  171.720307][ T1097] raw: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122
[  171.728874][ T1097] raw: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000
[  171.737448][ T1097] head: 00fff00000000040 ffff888015041dc0 dead000000000100 dead000000000122
[  171.746102][ T1097] head: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000
[  171.754758][ T1097] head: 00fff00000000003 ffffea0000b11e01 ffffffffffffffff 0000000000000000
[  171.763416][ T1097] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  171.772064][ T1097] page dumped because: kasan: bad access detected
[  171.778461][ T1097] page_owner tracks the page as allocated
[  171.784156][ T1097] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5113, tgid 5113 (syz-executor.3), ts 58536732540, free_ts 58517423338
[  171.805064][ T1097]  post_alloc_hook+0x1f3/0x230
[  171.809820][ T1097]  get_page_from_freelist+0x2e43/0x2f00
[  171.815351][ T1097]  __alloc_pages_noprof+0x256/0x6c0
[  171.820529][ T1097]  alloc_slab_page+0x5f/0x120
[  171.825194][ T1097]  allocate_slab+0x5a/0x2f0
[  171.829682][ T1097]  ___slab_alloc+0xcd1/0x14b0
[  171.834344][ T1097]  __slab_alloc+0x58/0xa0
[  171.838658][ T1097]  kmalloc_node_track_caller_noprof+0x281/0x440
[  171.844887][ T1097]  kmalloc_reserve+0x111/0x2a0
[  171.849642][ T1097]  __alloc_skb+0x1f3/0x440
[  171.854046][ T1097]  inet6_rt_notify+0xdf/0x290
[  171.858710][ T1097]  fib6_add+0x1e33/0x4430
[  171.863021][ T1097]  ip6_route_add+0x8b/0x160
[  171.867509][ T1097]  add_v4_addrs+0xb5a/0x1160
[  171.872103][ T1097]  addrconf_init_auto_addrs+0x208/0xeb0
[  171.877636][ T1097]  addrconf_notify+0xaff/0x1020
[  171.882475][ T1097] page last free pid 5110 tgid 5110 stack trace:
[  171.888787][ T1097]  free_unref_page+0xd22/0xea0
[  171.893543][ T1097]  __put_partials+0xeb/0x130
[  171.898121][ T1097]  put_cpu_partial+0x17c/0x250
[  171.902866][ T1097]  __slab_free+0x2ea/0x3d0
[  171.907270][ T1097]  qlist_free_all+0x9e/0x140
[  171.911846][ T1097]  kasan_quarantine_reduce+0x14f/0x170
[  171.917290][ T1097]  __kasan_slab_alloc+0x23/0x80
[  171.922131][ T1097]  kmem_cache_alloc_node_noprof+0x16b/0x320
[  171.928016][ T1097]  __alloc_skb+0x1c3/0x440
[  171.932420][ T1097]  inet_netconf_notify_devconf+0x15a/0x220
[  171.938210][ T1097]  inetdev_event+0xefe/0x15c0
[  171.942872][ T1097]  notifier_call_chain+0x19f/0x3e0
[  171.947970][ T1097]  dev_change_name+0x5df/0x920
[  171.952726][ T1097]  do_setlink+0xa4b/0x41f0
[  171.957127][ T1097]  rtnl_newlink+0x180d/0x20a0
[  171.961792][ T1097]  rtnetlink_rcv_msg+0x89b/0x1180
[  171.966800][ T1097] 
[  171.969107][ T1097] Memory state around the buggy address:
[  171.974720][ T1097]  ffff88802c47ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  171.982764][ T1097]  ffff88802c47f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.990807][ T1097] >ffff88802c47f080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  171.998848][ T1097]                                         ^
[  172.004720][ T1097]  ffff88802c47f100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  172.012765][ T1097]  ffff88802c47f180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  172.020806][ T1097] ==================================================================
[  172.028909][ T1097] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  172.036108][ T1097] CPU: 0 PID: 1097 Comm: kworker/u8:6 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  172.046353][ T1097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  172.056419][ T1097] Workqueue: l2tp l2tp_tunnel_del_work
[  172.061898][ T1097] Call Trace:
[  172.065177][ T1097]  <TASK>
[  172.068096][ T1097]  dump_stack_lvl+0x241/0x360
[  172.072770][ T1097]  ? __pfx_dump_stack_lvl+0x10/0x10
[  172.077960][ T1097]  ? __pfx__printk+0x10/0x10
[  172.082544][ T1097]  ? vscnprintf+0x5d/0x90
[  172.086864][ T1097]  panic+0x349/0x860
[  172.090749][ T1097]  ? check_panic_on_warn+0x21/0xb0
[  172.095853][ T1097]  ? __pfx_panic+0x10/0x10
[  172.100254][ T1097]  ? mark_lock+0x9a/0x350
[  172.104572][ T1097]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  172.110455][ T1097]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  172.116345][ T1097]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  172.122662][ T1097]  ? print_report+0x502/0x550
[  172.127329][ T1097]  check_panic_on_warn+0x86/0xb0
[  172.132256][ T1097]  ? l2tp_tunnel_del_work+0xe5/0x330
[  172.137531][ T1097]  end_report+0x77/0x160
[  172.141761][ T1097]  kasan_report+0x154/0x180
[  172.146273][ T1097]  ? l2tp_tunnel_del_work+0xe5/0x330
[  172.151869][ T1097]  l2tp_tunnel_del_work+0xe5/0x330
[  172.157004][ T1097]  ? process_scheduled_works+0x945/0x1830
[  172.162733][ T1097]  process_scheduled_works+0xa2c/0x1830
[  172.168292][ T1097]  ? __pfx_process_scheduled_works+0x10/0x10
[  172.174269][ T1097]  ? assign_work+0x364/0x3d0
[  172.178847][ T1097]  worker_thread+0x86d/0xd70
[  172.183429][ T1097]  ? __kthread_parkme+0x169/0x1d0
[  172.188445][ T1097]  ? __pfx_worker_thread+0x10/0x10
[  172.193552][ T1097]  kthread+0x2f0/0x390
[  172.197637][ T1097]  ? __pfx_worker_thread+0x10/0x10
[  172.202748][ T1097]  ? __pfx_kthread+0x10/0x10
[  172.207395][ T1097]  ret_from_fork+0x4b/0x80
[  172.211833][ T1097]  ? __pfx_kthread+0x10/0x10
[  172.216419][ T1097]  ret_from_fork_asm+0x1a/0x30
[  172.221185][ T1097]  </TASK>
[  172.224297][ T1097] Kernel Offset: disabled
[  172.228609][ T1097] Rebooting in 86400 seconds..