last executing test programs:

4.118125758s ago: executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
socket(0x0, 0x0, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x28, 0x5, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, 0x1c)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000140))
socket$kcm(0x2, 0x0, 0x106)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba399654"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc44, 0x0, 0x0}, &(0x7f0000000380)=0x40)

3.507283951s ago: executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001800)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c, &(0x7f0000001600)=[{&(0x7f0000000140)="87", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000400)=[{{&(0x7f0000000040)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000180)="d7", 0x1}], 0x1}}], 0x1, 0x0)
shutdown(r0, 0x1)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, 0x0, &(0x7f0000000b80)=0x98)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value, 0x8)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x200000, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000003000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_free_blocks\x00', r4}, 0x10)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
write$cgroup_pid(r5, &(0x7f0000000140), 0x12)
ioctl$SIOCSIFHWADDR(r5, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x0, 0x2, 0xc2, 0x0, 0x87}})
ioctl$PPPIOCSMAXCID(r2, 0x40047451, &(0x7f0000000200)=0x5)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000080)=@assoc_value, &(0x7f00000000c0)=0x8)
ioctl$PPPIOCSFLAGS1(r2, 0x40047459, &(0x7f0000000240)=0x20)

3.137066642s ago: executing program 2:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r0, 0x1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x401)
listen(r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=@base={0x7, 0x4, 0x18, 0x28e, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1a000000}, 0x48)
syz_emit_ethernet(0x6e, &(0x7f0000000a40)=ANY=[], 0x0)
socket$inet(0x2, 0x4, 0x5)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
accept4$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, @multicast1}, 0x0, 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4841}, 0x4008040)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'lo\x00'})
sendto$unix(0xffffffffffffffff, &(0x7f0000000000)="ba", 0x1, 0x0, 0x0, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_80211_inject_frame(&(0x7f0000000580), &(0x7f00000005c0)=@mgmt_frame=@deauth={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, {0x7fe1}, @device_b, @broadcast, @initial, {0x6, 0xff2}}, 0x4, @val={0x8c, 0x10, {0xcda, "03ea8fab3993", @short="8cdb61da7a44de6a"}}}, 0x2c)
syz_80211_inject_frame(&(0x7f0000000600), &(0x7f0000000640)=@mgmt_frame=@reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @random="63be324a0fcc", {0x4, 0x5}, @value=@ver_80211n={0x0, 0x3, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}}, 0x2401, 0x400, @broadcast, {0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x7, [{0x2, 0x1}, {0x30, 0x1}, {0x5}, {0x9}, {0x48, 0x1}, {0x1, 0x1}, {0x1b, 0x1}]}, @void, [{0xdd, 0x3b, "594a797e30d1dd375a826be7e47ace4143197d9dc217675a04b829c465bdbe8c762478c852e9243a0ba66925b9c9ff47ed51466d0664f9bd5263f5"}, {0xdd, 0xff, "dd562850524ad635e5eb558ef673b7411f02bd1a6bc1bb95e2a1d5f8c74a0493f26f0833379c597a51ae6c2f8889a2ec01be9e2b9d69873d7cad79eb89ac7b2574a79a7cc8325b1ff4f06d755ee04db036bd30b7865d936a760c92da2f12eea62b8f60338c1edf3073c7b524531180168c354f3bff42c59a1982862cf457164f91c747d22ae23f033246095db6405d4bd2c0366cf6ac7c29840490bd17347141d820bb067b9d5495cedef1c0a43f49a1b3f7d009b43fd65cd37a3c96c8612c3969ce455f32de13388ac2b2f1031a6e5b9b6a05613754c43a5d95121e361a0bd5ab6f11bf7cce86c796142e1ec734ca2213f15f6dd9857b463983529d0cd2fa"}, {0xdd, 0xf7, "e81294f3e1f9c818c01e1cf19b9a56ba8890d432f9e71fbd63d06d50e4b37b5b88e763bfce2be85bbfa09a761419c89611f63a7fe6356de1968268f52707635417f856a5ca85c34bf46db4edcc493cd1ecfa6ba1df0124ce54310e1ce673779bc2151777d04de6ecc7a53f8776f191ba3a99c62af3223200a317ffce555f80c2c258b86e221aa527bee3791317fa2cbdcb6f8c157bd55710a4d69784b41ead2b0acb63aeed98d39920484189a1a88580bf1ec5ade86362080b9f62720daf77e552b68dace1797e9eeb161322fe7c91bbdbe7f341b94ea217d1cadcb060901cf3084f0a69c2894ecfa850a45a2bd5f89e486fe7cb6fbbf5"}, {0xdd, 0x96, "5a14f31bed0c4d8268205654d3cefac1853382a597e60f54bde924024e43057259baf30ca5af04020e0504d61f793fceb851cbb2f4bf74068425d73686ec13e8650034d3a63fba8abe8d690a6f798800a821be264e50a55d655c0ac34315aeea1a81ffaaa065223e4442d7c5ed7a5c4aa5c55d067635b52dd7d20db2efbce48fef431b686199ed723620a545d19f302ba1a2bb561d1f"}, {0xdd, 0x1a, "3fab9fc81e124890f4388ca2c73a93a2e7356fc6c58603b6e534"}, {0xdd, 0x92, "e29028f61963a56574505b2f2fcc37e5b44c3da5dd5b2b182d5eb0e38899e4c62151f85246fafc04cae06e2a719044d98e05c93345eb94ac75870a39fc32505360fefc8793468ede8cc085169b04f6b3a5c40c3b613d99e7a85a3ba3b6a712be1502c13e7d2acf0f64c223b16cec73dd454132d022aec40135098dc8168e76ab113c56d240616c319876e9c4277622067ef1"}]}, 0x3b6)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000001f80)={@remote, @broadcast, <r3=>0x0}, &(0x7f0000001fc0)=0xc)
sendmsg$inet(r2, &(0x7f00000020c0)={&(0x7f0000000a80)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10, &(0x7f0000001f00)=[{&(0x7f0000000ac0)="21c9a91eaa341744058cc56feabc8bc6365d3e755d8ec1a63581e95a3d1af795209c58ac879ef4fa08f844004f6c0bb4d7d221c187727e7b7631c8105cce2f2c2d0642095ca71edac01b6dec21bae844f386259e4d0f491a1b45089dfc39820c0bbf57a95d5b1ec3ade91f66e0ae27ce4926be2085b5d26a71f49fc346a5870bcd48522d8d6474a3aea2b8fbc9ba2678e5212dfea84fc539", 0x98}, {&(0x7f0000000b80)="c4c695cb11baed5933827ffb1ca5185c8e3114823cd0159a1f156b7565bc", 0x1e}, {&(0x7f0000000bc0)="5600b165f0104b1154128715b5668fa77088849bc95548278d358b20237549a416e1768d84cfc2c206682b04fc75144870c21f031b673c6e98d605a13ec5dc84e22197c27f3ad70322bafd4eb65a27c58caf68cab9dfeff76f50927da10f4f098599a7a6483507deda80cc06e80c46d6d49a659c5b7ea3cee13ccccbcc15ab33bc34fbfbf7f23a835a74e4b59c1c7699b08cfad0cfe85d5f294a07e01a6cbb350a340378392c12c76588a3eb0251b5cf63823d39f140aa338840ec47bac74dc4cb55ff82fe79f3f605390110104f50cbdb740437ee56e237f4afb66df6f59db4ff949a95a257b272d736558f6cc9d7b3703b1dd54bb620a987e27ef7a3395eea6dbed507526c1990d3bb2f82a11e8260caff5aed08a7b85ecf6a14495432915eb7d54ba74d3641bc04d377bef145240da54bea03569b5e396d17a581d73dd7807a083808c742dd5e7417c7daac2b332639edfcb4f3a3839b09cf4e0d898bfdb688a3443b6c4987152ed38ae3c3f7e22b0cb963835c648c6b07cf773e431203c9261f640126d45704cdfd55b971ca0bb9e11ab301ff54d63af5ea9dd6d2f1309c00d2241b9978070794418e0c6cdfdba5f295fb39d677a27055272ed86cebabf3ea5a185dd54aec32d27c3af440ffc89d31d609d7551f3a7a6884b57841d860ad9a0ba1313e305f3ede1289778864e1bf6fe7d88e1bc8f50081205171d47566d4ecf3482994a2607e05a5a62ce1c39f3f99948c1e2e118d9e46a626a17741e1c906510a27365bd545c3440dc2ec0c2d5a18dd4d30c97a34e90bca0cfaaa0f0aeaa3715da5f1afcee0b968334b9a33cc0895fc45091d6262f3c9ea7d841e730e8a27eb52edc43eb4d7ad91e4037418336d3f0c3e0d90b570144bbaf4ad590c9cf80c8347e8531f2692d433d474b4585b738b45227f686242f0dad29f947f4e4eedda78dc333cd658f9f4f3395431fab7bc4c699cdefb8970775727be2f1cbce8603f9a3c436fdd567cf0222d17e5b3c27f8d4ff773db7919cd6f9e48070aeb3285d12dd100ca8fa395ef4d395195b771103994db70199b908988e5f3a3e34399ebf4726011bb2e8f5b88240b54c28945c957292c3a693fd6e8bff1ed61f32f886a9499178a97210793d847b636f1c80cbd3d0a89f97d1993c9f47ab104b889c12deeb373f0877bec0b20615979c482c27a26c047a85b115956c33760d684f91e39c66b03977637f236aef96c1ea2a0d4d88a81d95b947d9d8341c1da38360576ea428ab38c44d27175e8c279e5f37e1a4244f7879d83b15994a97ab5abb18bd9d57cc44eeac145c1b607a2ac4bc0b27488dad72ccfd6c07162c84200c2df2eb03f5f90a40928829f9e4ae10a8126fee7f519a21d99a8fb495e4c6761702ae97ce99ff1501e47337de7cbc457b9d215a5149f852fd155a0c998808d230c43c55472e35eaf75e821a325ca16f26083bee98c81efac36895d9ee582b7fd78406e7c2f246f8702855572a865fae62d60bcccb9419d706caad29c70178dc0f70e5175a6c8de3bc729dd5772dc7ef1396899493115c7418eb97d7b6e2c72d22def2a56af6d6fe9db4bbc905efb696342992338b8ce538931a803d638dcd49be4608469da2995a90fb769c260c74f84c64563608fc890bb7c0778bc7d3ff5bd23f5fd69bdb3a19c784c529212fcdcc54fdf7d946fd1c1ce6c4c24398ba18426cbbfce3d9c732cc4f10e8a971ff3ac4675db129bf04c9e9e35bf9897ea593e8f648ec2f7f479608a70b9cf8e1e9120db15c9855d082fc170b9808a2358b96a59d60720027f8d7cb86ba7ae99be8bb9e15506fa82a0db803dabff5898fb4c88460e1d6b1f2826be331c14e0da8e08afcfe32c02ee0a7e1ce2627b9f23e146ad01f01992419ee6139e3afc4d678bbd51de55af7f62af3ba44e5563ba66df58d021d47d02853da476d9fcbc49d8049238c694b734f4add99aaa521b21a54f50e9ca5771218ecd51e5de2153b096ae80930a8cac6d41a7e4b28e27284a33b7da78543c5006914f433b8143f8f484dcde986e81a5b8788f7efa49f88aa6a8564a5db34a48fdb75bdad55944a43e5ae7840da3c96b93a7c71e4c87596eac0dd9e0cde47c7b52fcde7a002be208300e7facd22482e2a9053bec00fe0e221263379846cc8ca1a25bd9cd7dab32ff41402afa66b619897ca9dc57b94c8f2b181061008c7cc083b73ae231808a652d9ef7e2dd570a6d0d046139cb4457dc175e3e26f66a20f9cca9ec8dfccf3a2995f886eea69e67d305bea7e02415e4f4dac6e6e718e15d211b03f2460deb19377606df30f64a30a493678f072d50ad625a5b2f5bbc90b107033463181c609c2fa88eca0a4936172b133edbd06ac15288f3ef20ae3c418b19de22130a85207ab80580bd0f36ccb2bdd69938a71684ca3ac17462b14fb0c65eacfc67e6ff67d694b41a05a4bfae9f4c6e81b685ae630701477a7737bc1ff2034dd56ed05cc75c3fc2310cd528659429e0dbe2c56f367d325bc4ad4e756af619804b67b8dd88784b61b52560145e96ab0a36112d9b9beaf85738cce2ae213175e7c7191d091bab5a19c337040e470158d31fa78781cfb649fec58951216cbb983004f9da9a56b510aba67dd047d17fe97f29b21b4e6c88bab3b8514058ff756ff4083e345ddd818ba3748472a1fa37641c9da4cdc64a9618900e012bb93d594d10b38fb5c5616cc24334ea370a8b73dd09f13fe235ffc317cecb6f11b74a2630be55ddc1e409fb4fd65a7bdeff1a963a9941d14faed475dd726b6015df57a130bf5cd7dc1def8187839978f5e915457e92a0aa4180a9baf2b65a69558e8a05116efc4e076b8d845ab2dd29f8cac6ac9f708f7c5283ebef8589f6e9e74e7da1e430712a2500f17a7526dfa18be7e3eb9cd1f8dbe5b2268102f10a0b70bdc7a8dfa9c191eb03f4df8e37b12051f051ea9d098e8e376991741a06279c18d2f2c37caad0fe2287acb2be790c45362445ef9d423540e5db9864d8230edd1516135e208cda037f98fa9f87fcf4e34ca60e18ffec9de595eea96cada4b4d585ff1ebbbb1b577fd54e50afc4b788f1de83c3aa665271ec5bfa1c3d8420815ae0a12b854087f57e3bb26f28580f55ba15b01f1e2cef653601d7c8fdd615bd4294c05d3cb13e8b87de3ac80bece4529c576010fb35974e63052cca52dbe2b3f535859a1d48b3f5b9c7a11cd963808164b38ca5b5194f4acdb9c9bd16784ad28b653955e08ac184990273fea3f40546051fb4003a787e681841a9cb2c3be98890f03cae41979839deda4d89bb361df7afcb1e5d1416605f46404f0af62708aee9dc71e2543873775febffc6d0374c13fdc57d661ca3588d956e5804de0d83275bbaa01a5f6fe9a9ed1d6e53e3c68d496ef174acbf69579d089f1a83f2f6c0c9d6916dd78400c605baeeb19a048670dcb8e4cc01768edac3de00a5049aad8940d9134b3e5cda6b4c4c87b1af2de92a9d51a2b12114046a3911cda83a2adc1161951214258e12342d9993de5954a14a9a30e38ef7c1584ee3584e29d0e19bfae57e5694b95e0ce826042866998c9510cceaffc0f8782639f2d8eec66433a72fef931cfdb3d6736e2c0cb1c2c40decd2c5b18b7fd09079cb92d348d6e9db1660655ce5775530f9d4564536302b52b0d5627d7a06812cd438437a5e84087b7290864c3d55246e8213af66b1cdd465a80532a6b3a31d81c5c7efcae3d7ee4b5a2d36fb4b421f4b4d1582b2965fd27904ed24b2429d8cb63167c48fa044ef56d5d199b92cb91c8c692ae8890b94fa1129a8e01ac6e258758d8f553c248026b40bad0df58ad78f7e215ed9e565ac57c314bace76fd583adc9e0fab31271f168751f808b368b61042a1df6db8aac747c227d1f5ad3b212d247ab019c3873c4b06f955201f2f0249b3ddafceb8a79fd8949824ecc401193e20b17ed581ff45a41dad176bac8c2a4639ff1cb82d8a5eefbd43fce904433b1cdfc5d8a52ee37ac09b22aa145a72e9bc81ce0453710d11e2d5bf69fdbdbcf5738ac748375b710083073563ca98031423c9e0caf10a1c7b5d6bfcf4f43ad8e20b3ebdcce0692f6fe34caf7b9197e00983a7434961f23de17ae251a13355af4c7c97cab62ec35c618b0d638c7e15eef1df234f6a469edc29ff2673cc8064d889cd33edc87129d8158a221ad891bc8ba93791e804ef403beb505d001eaad272f1f333d6aef4473d698a65463b15881717b8a9c547fcc89f7b03dc159a66fa27157579993ee70dd32db93e82f0a8861b13a52eea7f6b08742140d177d60d05eb3079d88da08dce5eac39851ed9fdff0f4075188cfdca5c32af728d484b680d5eae3f4aa3382d85d6c589cccfa491fb1968c92f14f372380d3ccf62e6bddaf8e86aab14d0b15da19adef27ed0a5e7535176537f73ee4d60c20b8d1917014dc958fc8d4a03d2a2e0d080ae049aeb8711378bb97fadead9922cf47dd01f752d1d17b099fd73d51caac926bd9142b7fd18cd047d766c21fb64f487b43be3c60af81b701eb45c92e5a522e5a572b6fa19bdbafdf850469c2f23f7ad7a33274c7f455fa92afc59d7ced2172937aa8b3719f615923d414859618aa710e38e536aee5826a3cee9118ad79d0d8fd1d8adaf5493b344a1dea382c8f2a1ce3ee3e7630b6f69738832bd3fbc90889ad64c7e84cb98dc7baf9a366785f37ab56f4d40ed4ffb584a1c1328372ef27c4836c38551ffd1c36ef0e02911f1d84c1e88b09dc451cd1d468d44df2db6fa755843c9b707dc09fa321d88c49e6a054072738ba2bc69e86c8f9704fd49704ca567293b3083aedaf49e358c67bb002c3ebf3ef20184f0cb4c546b7f585218bc0ded90a07a34cf9f06d3326801c6462abbabfb7cfb4074b90d408f45bfa37c6d65788fe99fad5e0d0d3f3afe7e4d9c01207f51a167ab34f2a0c63bb61d27065f93dbf92aafb9e45f4fe3506e46bbca0cb4920c884bbe8cc942912907f8761dbdec331e471bd17fdd4906c71d545829b4c60db545a52d142d1d81778ea714aba0082cf158bb791f9618a0057037ad80f87bd8f8d76a29563e8ad0ae85492aafc35c051bb5895575671310f3e25b2500ce6e7f254c5eec4b26e639e7891f111ec505065c0ba0464a6ce0c27478c34b362b1cb629ba9fc50cc73a730aab29516dc8b179f89164a0bc7828e1a82302c8a5a3fb18f4718799900c8834e9d8c59541d6f1c78b0d96937f0a3415837f72ca8b26f9dd4f775d552cb80ab1e8021a5f68e109ae29cc22e293c63061c003330d043f78f391a7ebed77b7099a893dd0202d6d82cf84ec8defbc6c7e5946e8a0f6ba325410ab19a0dcd6fb0fe9e0c4436365933271244f4049d75acebf089528f4db1245a06f010d26ca9b4d67ba23af39fd4b996c7f6c40beebce2a15d1be2bd638a34e836018a53abf7f3f439d5e48067f9822b283830e841f6cd0c711f7dfaab556d440946e2077ae9c0ae1fa056c32c20d5e3f57d3fbb280ff6b88188b0ce704c09343e9446eacb5b4e068f532b780dbbec6f202a83e6b5de843ea0e4112af44e87e20c7387eb49b15c245f5d05b31bb21ec32dc7ac3866a547b791513e9b66d8ef47a7829d1e8609d50c15963ad29c5007e3ca6067e395e27eb2739aca18564a8547c3acc898bcbff55c766be4ca459aaa6a22fc22a99c76b563e27f1f9d14d6c2dc0c186707dba08c0e9d89e3bb9b2c71fe4b0264d6f7cdccf4152e18b8a8d213f2eed1f8fb503e59b5d04c739a561408ad58a0eaf6b33d8da876538704c3b1ecb", 0x1000}, {&(0x7f0000001bc0)="1875b08c9565cbeee53135cb7e48ad0fd189990e6290b1e3191212332b2e3bcf429b4e62fdface0a6dfc68a189f387b0409f55f7a3d1ff4e5d95e6891a1485fd0110df9d80e216bfa0b7880cec849ca4bd8d43ce55e5d82ddf38785697bec96dd195a9e7b8f170586bc173a1ed9ad5508ef41baf25b62750f55cff29a1117f3b660fad518e62023524077c72945185196f1c554060c5391daee355e1b7a7f646cc8b01999bf6d263fd0f4e15224c0e9f6c4504f4e1feea6887f24755c39b14b65bbba650a03f17ec863ba73f34b9ce5819f087ee1e44694b69c6dfaca46f5b0d7b7a28868db744", 0xe7}, {&(0x7f0000001cc0)="6b97d069fa0f02237b33465b6138d43ee4da341c7c75fb26233d7364c536599ebabeee50d79ad6d4e22ee6db4e6ce49f6489db2a614deca885a8f84255f5477ea645a44f7e7b1819f51c210690f7fe490fae42f9f495d60b3ba35e5ef4af885be180f59a80c6bbecdf0ab352a04296d85bd68f4d9d42df7d0c8312f24420335fd09a091b42d8f1f1017aaecae84f02211847e28208f6c83c9126901fbc9383b8695e69f9e57beee70e18d9a6ee0f1d28c710b67e95f3c525d036a955f8f19e8aa21bd4b94f35b129744483a937e51242f7cc36ea858c54075ac739d6cf469a421334889f15d73cc61021c9b65300a3f3c99cb9", 0xf3}, {&(0x7f0000001dc0)="417a8dd8b078a717752ec75ee84a75da47daa213aec763e5f1a69bbf130a35839bcd22d1faad19addc2ee88b7c63dfa70fc291797c9a55bf07a60ae77fafd6481891dda218bf798a269766836e8c50afbd688454ea4a24e080d4a0e673926f0d311bfe907a26ceca9c608a9a83cc07a3000ae3152bc49765fcc47aad6b0382983b6c79746f7f408673cba3d91e3d5c6fcb788c6f13c4d65d334592fbc944ea85", 0xa0}, {&(0x7f0000001e80)="ff747dd4564c6bc2a23a693249961d3435f7906e1a286a418472eff6e68bce848ffbf0668ec7a535b4945323538108f3261c8282d72917e03ad99e2621ca5a112d36f401a3a685e4e5670b3a14816fb6807e61", 0x53}], 0x7, &(0x7f0000002000)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @local}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0xb8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @local, @dev={0xac, 0x14, 0x14, 0xc}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xbd}}], 0x88}, 0x20040000)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000002100)={0x0, @multicast1, @local}, &(0x7f0000002140)=0xc)
syz_80211_inject_frame(&(0x7f0000002180)=@broadcast, &(0x7f0000002840)=@data_frame={@a_msdu=@type01={{0x0, 0x2, 0x7, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x6}, @broadcast, @initial, @from_mac, {0x9, 0x2}, "", @void, @value=@ver_80211n={0x0, 0x7, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, @a_msdu=[{@device_a, @broadcast, 0xf3, "5211ccb16bb9380ff226e84e2637ddfc58611c368dc46ab8ea3a91266a27c87880d34495e15d737d547d0f48f04e7a1d25f98544031e5a3ab60ac521ff0f4260e4d11c252b5eef9b21f83061339e686141ba1e7b744e79d1013011f2842f6d0022ad362896c230db53bd7c738810249c679957a4d1448aa2213c6ea7883bc5b58e62a57825be64d192b43cfc6026d658ecd158efd15369e857dcb21bf48212e1d800e1ec43ef5b858c36ec0eba2b0f9410a0218c97fb8557998de584a7950511012b072bb989107f48d13397ec258e4811633ba5546b9bb6ac8311b332093f6f65f6ff8ee69e02a1252a3f41c2e3b7979e5a81"}, {@broadcast, @device_a, 0x1000, "1e430a00904481ab069b7645f9b1703a70f65182bc503084faaaf5ea36a0503b7da9177eef0eba3c064671c85267d20680760e206e0d129dd88dc1b1427e53b4c53106f082231b712090b0f7cb00e8b21f8d3571319b914e997d3913ef5c4b3b15caf3dd5dd18343c6fac3762a92a06370376e6065af5151ee42b1984405f070bac97c9493013fcab743fceb9d2c2fc48992a780c2a68d3269abe6a7781c0f7f93a073c3f88bd7b10448526e0752778833de6a4172c051d1a30ca96b6bde67c7d715fcda27cce51c6c602933369282f308ff0037c602affa5a76c7a2ac3f1bef6049cf6452dd549c8ddfc923286bc3d57eb0fb5b868cf03a23e2d673ae2d371ae8091dfefff408764dbbd6db160fbc9d1e34d04110f3a57709000f4ae71e59ae43b7bffc6b5f36321caea5aa0a48232c1d9257542b7a006ce2412c4f56385ac31fd324cec5a600962332fcf6c133aca7bd82eaa97044488d85e920ccc34bd5c7ee814ad3102f8fe360662ea4cd276b3e62fe181a143acedba5e231513a944b8a9d015ed9882d28d12532d792f6b88345edca126de20d1e64c33c870009f867e6ce4fb3a7900507720386d0120567b73178c401a76261ec186c22c3c6bd812478b844d0ee70dfc1747ed9343f2e9cb9ba85538885ea4c684db5c305fa77c034a43077a788738cb73e5cffefec611110ada39c462f8b2835406ee6cf9b7692531bb231ccefdd996dc93b04cf1a6209b3c450d517d82a0f8919176f486ed79c67562b03b978d71604a6a2102cc9d3f89da17f774eac22faa748965753f916a5fed0af2e45895e6bea6563e2d013ed58d97fed5f14e7b27d3e9ef1a51a0c233f2ecbebc8837bedf1f04f28fc2f197d348546be3f03062441b38a8e555164451e62e8e77a7c0828cf76d42116aa83b90d9bcc01ab22cce69bcb005ee7e41911496c4976f4ba9490fe7f3ef574345300f2ab877303c0e5422153a1ef3c9ac06e51a3cdfc6ca15e78e5a4b2133098ee595de494b027a5369ec131b0b62f7178451f0d738401e81b8629161f91b2aea327a785be36d7f8692f01be21e943a768087191a44d175f3fbb62da3989c154d7edee1a86f91d723eb02f6a11d5e4703bf8c9d18ad94daf3fa4102bf57940a37e005a9070552b3b7f7b86105f1d69b3d808eee7fdeb4fdca189769735275f7b7c64da7b7d81aa89cc164ea60d4839557e412573c2890b5d14dcbaf48b5ac880311bdfdd4cffbc09946f9369f95037461637d6e3c9fd7e3b6f665b73cf3833005bac694a7f7a3fcea882293c59164e6500bb13d0ba9f267ae773e631ef335bdda54cbef12acb619e2bd9d98b05281540f89ed6ba9908bed7d014d205b3071ee168e7d98f05cb1586b69947c049954481d382a5e881960e002e64c69357e38dc26730c865fa3d966fcb29a48eda5c18b3b89b8e8d530dea7e896e3774c2a7b955adcfc0a309684fbec2a0a77b475c4d8812591267d3cbca0ce21e71a3e9ea09249ed8b28456de62d2998b0c5de0b97f3b1a3f34fec0e7fdb4af0b33c46d5f0d5614ea199b8b9a327e67c9bfb6051bf7faf10fb8f52eae4d9a67658317e1121854b887f4eac397a0e3882365d30bfba23657cd82350850b834e1aa743a0c097c011a0ed57863404c2a5d6a0ea309278b2d1601ab39faaec0c82c146d8f9f3be66153599593be19b30d2c65b18523944e6701e57b89ddf34edc8b1dc928b402572fbe2c241c78d80bc4fc12c85c9409598327864ac2777f481daf850f1be2603fc73be11e71ea2db9dbe7c930c7f13fc7a6d4b19d11dbeff82affc9a8e3834e916cb4aa46150157cdd0c1abc2d864ff427ac3fe728e9f750aad37a7455a8e77f43be1703da617fa7101aaa3502159195c8269bde5250857c67d59c2a22cee93682362c1c4f33598e066e3b0ca54adb007755f857bbde9a2fa713ac9a4f940c770cee8df293eef4b208c4a97d095edc682534c81587fc31147e088984e5b4d4c9e2137b15df28b338c38b067bbd35876bd550908f6d363b21cedb4d40143cb68a20891f17d28baa5378cde7bba7ad7d99064a378cd581cca77c8e9e7593ddfec157f83e0c2c7899afce34b1f87c279ec486e679410ed1af6147b2a57859894c80ab52f90d1ca3db64ef0a0d8c2683230c540834eb2d81110a8a14ecdfb1ffa4d1d6df393a3c8dd3d8d2404d955ae0b998f890a8a64e01dbf2f9ee594b076e082e1aa629d8e7759b5fcc1467e688fefd2f9c8be8758bf3d25fa9f657137a704e7dbc4b33122e0639fc791a6fd517c89074620bef14f1800201669d51b248cfc6705b4441f2884263861bc12e145eb558d4f8327fa46fc09b95702aabc3bb97ff7ea202bff06ae5d26e3e06c94f52f14cd88b9606cb01dda89e73b43e32c283365ccd13f22a4816d953183b7748b075fc363941749e6abd7083f9ff262939c8df02d49ec976290f0bdae00eb4fbb643882226d4d0616ca1842cfdd8dc05993ccf5ed627d3c0c732d662172e538fb8fc020f521b6dbcacb78fd7e7a040d6761a41892189a19e170f2c41dd506ff521eb448b41e526e1d81bb2c1a1942cd0209b063c84db62ea6dcb929832bb0adf0458039050830ac6005f7a2d2ac47569a4aef2f9a34a9dcf842edf601e168953829e7cb8db0755143fecf5ccac75b4fe1d4ca1a73faca0507506fcef0d81498f3898c3ee2c9b3b7aec8fa31e69863573cd3634ac930f365a15ef77aba02a6fbdd95d2dc7a53de10240f0624a33ca30ec1e4c27cf0eb7a255fe5b6bbf0cbec0d37dad83adb2c57bae08e2468066b4d5b6dcbced0924b744088d5f6f7948a36c2f780620f437acb451626a2379d36983aaa08b1d7a3591eabf9a2fea47a7f454894b209894af66b731070254a54d546e67cc7f86328871234038571b08a5df6bf883f3a357d35916771fd3b6a8d07bc5f3c320ac9c838ff1436a61bb80f6638c9907bf5f9d12fe2c61cc0d3cda4ae833646840d8aee359901769dbb4592728409bfcc7bb5701e825cb5095295974faf64b5337604388144191a203c5c80cea0b0fdec6e5aa37e842ee5250f9f6cd56dc50fd40b6de84466412f077df7f32d17cce72ba65c1287b84b25de83f21a2073dda3e27caea02d8501f088aecdb54a3af48a4aeb099cafdcc93d5f06cc25c5e6119a3441ddef204c803f07c78524184d9347c2591d53b945bb3d928f4efa3f46717b77784d306f79d1f4744d851709cb8e69bed5399004c5cfc9d42be6dfbd627170c718d65b8a190ff57d0656ce0c49d1eedc8b5bf73fd1f9dfda8db14f7dc0895b152f677e69cdf4f861bae96a785677c475b42d36153e16df4ee8eb969c26925d5c71e25c4e6cef394927f4408ae77fc606a502aba51063cdef9b3abf9780ec6a63e40ece0a3764cda8ce706b9d4f02836a7b2b228bef619bd64c5675c39ba2baae5036a85aac2b0b9e4e93cb1d835d0a8f0e117619f0c64626aa50a33a83b116d75b4190bc63b08e12d584d383b6ac068aae095e167fc8ffc0e47994109a1cc855655f0367b4e319ad2ef6a53a5eda9a267224a6a2d7fa493a38ad1d88708966aa0c224e461fe619340d4a50a03a23064d54f2a00e7f9ee1fb98f0c2ba178c722c3ac6240b2925b57f8f1bb1cbcb9a4c4902f302b245fa9e19e60dc21b68b69cbdac1da66b8059cfd6d2223b853fb80abe2472e249aee41b9a99581f03b30180754c588755c138b9ddf2636adce5ba4467e6bcd9c7c27c5f5f937cc986706346be69cd89bed914e93f9f2698b657082ba59862446072a86208125b7827fd8b348e344463229f2508b78e5bbcae8c2b1eb0a721668a21c8ecde6cf3414e54cae2171afd460f1b6764016b3dc32844437d928ccb5f131819bae0a86cd483e76bdf7d8ee78ba22f9ae83c1d654735c1980936af09dd88969a08294c9bcc12ff6dafa6945b680de30602c6312bdb345458b40d061fa9079244c59c26276ac47edd0682fbf420260f702690c84e3bfdafa2d75e35d77500d46684bb4cb5e198dc66ce8e26f1134e338401659f0b260faeaf79f6da00d6ec26beeb5e24cc6181f7bb30820b54e25b1ba3596820b062eb911cc056aedd5c4d258a0ce5c3d120cd4e56825d3d4246f3d7b8fa66b6618813575f40d119610d5bb7b9ee76f0eea35840b31d5b0c17cb11546a0a1df17dd4ce9fc101e9bb6b5aa2387e74f1a225f8e341ea888f930370d2795a1214d2ac7d28cd1ad0871ac6a25773e956ff3c2bd54314afa662a05bd59678e5c18951130a23856ad55ba8b1727a04ca7034929328e2d87c46596d58638ab3a13957bc17b850700afdbdb70a7559d42a2cac17d5665fe66b2f0f4e97db0db820579a21faab20708467b48c5a0a9fee0f310b095d5fd51978f73cbd393e29e4ee14b2b2f2ef4073778d41b2cd94ea487cbf3a13bd939698155a85182946f6d33ff3f9a8756c9ba5fd098475ac6362f9fc9ef159e36b7a770349fa1cd2e88572da0a9c01759dec679a9f845040f58bed75d2e073787df0caf41ceceebfcc8eb4868fc1982b74e2114a7142ceee607af67005a375118087d020364e4143c01bdaf15c66540c01dd9d86516f4b6dcb334fd9baa6909c33ee8c14d83a55a4847c6b5c28f525d4e12c4b40543fc4e4bb473fdaedd3e5c93b07afbaf8099f0cd412a00c81fe904f41b50ef62ced7ad4e284539f7fa64bfe660d1a522217bafe1a90c0382c98e9dafdaba263fdbcdaaeabf42672010007f67e928c4f02f69b17fd3a3ad74b4e705093206d23afa7459bc1d4c4ec17614d7e05eeae221d219c1ada78f14a43f066eef1e8ef4c2361a4c231d93b98dc1a201339eb79ab80047895d372d2208c663f94e11b1c4f627fd291d3bcecf7955651e30d7a523528c676638e2810efda71eb99872ca044eaf7edc5acf34ca0e5b48dfaad6b9d41cd7d96b04a7b1d4fd82554d8fc11a49076e42b9e90e5a6e6d71f3875d94f341fe38eb19260a2ec493f700819b08a4dcce6f29b62ff3b355ad318e4c92c21df699b615690f60fb24af7df51ba98dbc8b1a3b475f9ae0c9014fe24248832829f9686c0f1eba65cdf65b45252c8263427ebda3cdd5d558d79173868c3be1d125a48c69e17b04523d9e8fc5214111903fd62aaaaa80d920105aa0cdee199336b9db37c1cffa9257576fd44d37906cf75f9abe0d42c1273aea21ef75ac6cd4dd8541e5c72f880d0e9f99233fe14cb34a970e0600d5f8335c182042b95c49f69fa93148b1fb910bbb7ab00aa4749402381f1df76da930a4ed7a4cf29ee2e7f301f42fac9032133bc7f3340998e29fa965369a6c6422afa124377bb403209c0527415ee8b93b7142303c0b183d894d66141e9d4a433cfa61d4e17be2ab2e886097b7f6ab9d5b168f1b4c2c51b6c4459ab3e6c51ab6950b60aec80b7ee6df0d14268fbfeffe5f7351589feed7b52312566d008f005d22dbc1ef636990c44ef85b7b34900252fe162d9c1e9a20d5e3ca5ea6952af888a82d2f884fec7bce21c4f18c9bdf66c49b67c1f330e87a99c2d224f4162caa1f7f0e22d7815f6a38fd1df14e9c81bc29ad347a234e7ceb6e034c378f03c51da3720a474f75bfa933af4935ec1f972d7fc255cbd6f98cd529ce657c0d71e42bcd1bb7ae57fa4c262f8c64e2ed1a40e0113f56e823f22e7bf8fdc20681f6c655b6ec5520df717105abaa163e50fffeaab3fd7fd6ce563042280c6eadb6ec3776d5d248ad010fa5508d4bba250b476119a1a965ece2d3df230154c70b3a9bf6a61a69b5d5c3e54a779a966"}, {@device_a, @device_a, 0x80, "3ace42199a32283b59dd4345ede3e6f972e32a83881bbb70d50cb3c70a749befec7fb7648d5e0a3f750a145d9f1005802ff2c192e19e0f1bbcbbf12769c6cad3ed11de1a78e2aacff5a70d9cb42be17a61aae1436589b0470dabcd255fa5eed7e98a92e2973f0ddec948f658f8143cd4a258a0f728d41c4c1f36799e52d5d339"}, {@device_b, @device_a, 0xe8, "65c74edf584da74c0e965b23a31c7f09b75ec319a4ab333619c35d8b9a5ebc7ae1f05b7de896dbfe95c4287d84e32d25691d255d1941865c2af8bc3ec9d854ef953b068a4b0f6f86d60c55ef5ff70bc20dbeefe98f9ae71f30e56f834f97266ee0427c11a59d5114de244293edec2e25e53673fc67e05f957c8ff5a4886d82da57dd8f7eed35a3a3fc462ef0467cf83c2bdeaae37c8be6049761f9d584059a3fa78bdc6df3ada189294b5e6f931f4f5d82db76c96a28f39b671a906f3905a429839560d53629004bd2a7331b7e56619525656262bd6398dfde1d27e07946a21758ee889dc25fdcf3"}, {@device_b, @broadcast, 0xdd, "bbb74e018d75a7ea0e377c0fac5d3cfad23902d1eabebf597d731f89bb2882c18d72c4e0eac5159b3a69f765d7545290edd3fc29ea6d4ac341d956855a26272c914f9ea85a0551217768ba127f8d433f1fb674c89d04f314fa764ad51a350e1800f8f8638d97011d850302e49705c7c75b1c68807c57bc3b2b803fe00803b13f2053a1545fe73f739d64a043b0c8509400e19da824585bbcf6bd80fd9cfc5bfff733d4e74ff4a0d8a8d706890b45199c8554f5a91042ae06fd52d0e006247142e12a250fb7863175c76944daddc2700aaeb6ad2cb01969f97f74634e11"}, {@broadcast, @broadcast, 0x2, "85c1"}]}, 0x13b4)
socket$nl_route(0x10, 0x3, 0x0)
syz_80211_inject_frame(&(0x7f0000002780)=@broadcast, &(0x7f00000027c0)=@mgmt_frame=@action={{{0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1}, {0x7}, @broadcast, @device_a, @initial, {0x4, 0x2}, @value=@ver_80211n={0x0, 0x3f, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, @addba_resp={0x3, 0x1, {0x1, 0xd, {0x0, 0x1, 0xe, 0x8}, 0x9}}}, 0x25)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000002800)={'bridge0\x00'})
socket$inet_sctp(0x2, 0x5, 0x84)

2.506716133s ago: executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x28, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2000}, [@IFLA_GSO_MAX_SEGS={0x8, 0x28, 0x9dad}]}, 0x28}, 0x1, 0xffffffea}, 0x0)

2.424268191s ago: executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000008c0)=ANY=[@ANYBLOB="680000001800010000000000000000000a00000000000000000000000c00090008000000", @ANYRES32, @ANYBLOB="14000500fe8000000000000000000000000000000800060009"], 0x68}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0))
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r2, &(0x7f0000000100)={0x0, 0x600, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000008000000faffff010202001400020065857370616e30000000000000000000090001"], 0x34}, 0x1, 0x40030000000000}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x0, 0x8, 0xc}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
pipe(0x0)
socket$inet_udp(0x2, 0x2, 0x0)
close(0xffffffffffffffff)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
socket$key(0xf, 0x3, 0x2)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xe)

2.40706828s ago: executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x4}, 0x90) (async)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14) (async)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) (async)
r2 = socket(0xa, 0x6, 0x0)
getsockopt$inet6_mreq(r2, 0x10d, 0x96, 0x0, &(0x7f0000000000)) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2000000011140100000700000000000008"], 0x20}}, 0x0) (async)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)

2.33429166s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000095"], &(0x7f0000000280)='syzkaller\x00', 0x4}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x4, 0x3}, 0x90)

2.29269424s ago: executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
socket(0x0, 0x0, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x28, 0x5, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, 0x1c)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000140))
socket$kcm(0x2, 0x0, 0x106)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c34"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc44, 0x0, 0x0}, &(0x7f0000000380)=0x40)

2.227891253s ago: executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
socket(0x0, 0x0, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x28, 0x5, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, 0x1c)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000140))
socket$kcm(0x2, 0x0, 0x106)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b32"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc44, 0x0, 0x0}, &(0x7f0000000380)=0x40)

1.977068574s ago: executing program 0:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r2, &(0x7f0000000080)={0x1d, r1}, 0x18)
sendmsg$can_j1939(r2, &(0x7f00000001c0)={&(0x7f0000000040), 0x18, &(0x7f0000000180)={&(0x7f00000000c0)="92", 0x1a000}}, 0xee)
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r1, 0x0, {0x2, 0x0, 0x4}, 0xfd}, 0x18)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
bind$can_j1939(r0, &(0x7f0000000200)={0x1d, r1, 0xfffffffffffffffe, {0x1, 0xf0}, 0x100}, 0x18)
r4 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r5=>0x0})
socket$kcm(0xa, 0x3, 0x3a)
sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000f00)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r5}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)

1.47868934s ago: executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa"], 0xfe1b)
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x900, &(0x7f0000000380)=[{&(0x7f0000000080)="5c00000013006bcd9e3fe3dc6e48aa31086b876c1d0000007ea6020af3653c000a003f00f8ff07001309686ce77df7edd6c3a0e69ee517d34488b26906a247f76c6f8dd5b59960bc24eab556a7050a84c9f5d1938037e786a6d0bdd7", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000006c0), r1)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000540)=ANY=[@ANYBLOB="fad67003626e51b2bf7a20b901d5910609d2e99c03ade5db317a996eb05df691f98af9af8d287e01f5d0195c616f806fa4d705fc776a5feb", @ANYRES16=r2, @ANYBLOB="010000000000000000002800000005002b000300000005002e00000000000a0001007770616e30000000"], 0x30}}, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write(r0, &(0x7f0000000140)="91c9221729d1b6c2ea683a0626152b", 0xf)
socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
r5 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
setsockopt$WPAN_SECURITY(r5, 0x0, 0x1, &(0x7f00000002c0)=0x2, 0x4)
r6 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cgroup.stat\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
getsockopt$WPAN_SECURITY(r5, 0x0, 0x1, 0x0, &(0x7f0000001300))
r7 = socket$rxrpc(0x21, 0x2, 0xa)
poll(&(0x7f0000000180)=[{r7}, {r7}], 0x2, 0xf49)
setsockopt$sock_int(r7, 0x1, 0x7, &(0x7f0000000240), 0x4)
bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
accept(r4, 0x0, 0x0)
r8 = socket$phonet(0x23, 0x2, 0x1)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r8)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r9, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @multicast1}, {0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0xde, {0x2, 0x0, @multicast1=0xe000cc02}})

1.299418521s ago: executing program 3:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r0, 0x6, 0x19, &(0x7f0000000040)=0xfffe, 0x4)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r1, &(0x7f0000000500)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r3=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r1, 0x29, 0x32, &(0x7f0000000140)={@mcast1, r3}, 0x14)
bind$inet(r0, &(0x7f0000003900)={0x2, 0x4e24, @multicast1}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x58, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x58}}, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e24, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000100)="f4188a9876a9431deeb98e3edfaafa03a11300e3aebb4102000000000034c5d2af03a5f261a35c07d07d371a4402394549d78c3f511bb4793daf4b4e28410e598769487fb27044ece0b4e738bcc7e1ce3aa7a3df2572a082809f406467bc0f0b47872a2ecc399861b90da1ffcfb35a8f5579b72e3cde817a2a78ff205c6fee57f9177bbeeb2f3d121b9c508660c2d90b0dc3f2412b62e7d99a7dfa6960b663bb8e14764efb33f9465c242b84b75a436ef9af2492b19a15bb9108656d828553e1719de91aa29cb5bf187a0162d50e234b6207725486c9e828d756ff9b6d4f5c4960469dd3a48b4e525f0cbf7158f95d603a37c272f874ee3b5c6e56", 0xfffffffffffffdb0, 0x4040004, 0x0, 0xfffffffb)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00'}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x19, 0x4, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x4, &(0x7f0000001600)={r5, 0x0}, 0x20)
r6 = socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x0, 0x0)
writev(r6, &(0x7f0000000300)=[{&(0x7f0000000000)="65ce1679fef6e81890b6a881167d90778f97b521a1742ba0e9b2f812a012e5b05e08621cc184c8f8dfe61e9b94", 0x2d}, {&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x2)
writev(r6, &(0x7f0000000240)=[{&(0x7f0000000080)="390000001300034700bb5be1c3fbfeff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.270634658s ago: executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0xc3ff, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006272696467655f736c6176655f3100000a000100be"], 0x40}}, 0x0)

1.21093147s ago: executing program 1:
syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a06034011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x5, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}, "000088beffff0000"}}}}}, 0x0)

1.171681482s ago: executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$kcm(0x29, 0x7, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x2a, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1400000024000900000000000000000007"], 0x14}}, 0x0)

1.149528811s ago: executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1e}, 0x90)
write$tun(r0, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x8, 0x0, 0x0, 0x0, 0x8, {[@window={0x9, 0x3}, @generic={0x0, 0x8, "d58838068b91"}]}}}}}}, 0x42)

1.07962138s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x4, 0x7, 0x4}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_ext_remove_space_done\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980), &(0x7f0000002d80), 0x4, r0}, 0x38)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
unshare(0x62040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000440)=@generic={0x0}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40a01, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="001c86dd0700100000001000000060ec97000fc83c00fe8000000000000000000000000000aaff020000000000000000000000000001"], 0xffe)
write$cgroup_int(r2, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x8}})

964.603813ms ago: executing program 1:
r0 = socket$key(0xf, 0x3, 0x2) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r1, 0x29, 0x8, &(0x7f00000000c0)=0x4d, 0x4) (async)
getsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000440)=""/17, &(0x7f0000000240)=0x11) (async)
sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x2, 0x7, 0x0, 0x6, 0x7, 0x0, 0x0, 0x25dfdbfd, [@sadb_x_nat_t_port={0x1, 0x16, 0x4e21}, @sadb_sa={0x2, 0x1, 0x4d6, 0x2, 0x20, 0x81, 0x1, 0xa0000000}, @sadb_sa={0x2, 0x1, 0x4d4, 0x81, 0xff, 0xcd, 0x0, 0x60000001}]}, 0x38}, 0x1, 0x7}, 0x0)

894.461466ms ago: executing program 0:
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @rand_addr=0x64010102}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={r2, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x5a1}, 0x9c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000002c0)={r2, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f00000003c0)=0x9c)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'hsr0\x00'})
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0xf, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000), 0x12)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, 0x0)
setsockopt(r3, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
r4 = socket$inet6(0xa, 0x0, 0x3a)
setsockopt$inet6_int(r4, 0x29, 0x11, &(0x7f0000000140)=0x2, 0x4)
setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0)
sendto$inet6(r4, &(0x7f0000000000)="800037bbfa9ba1ce", 0x5dc, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast2}, 0x56)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, &(0x7f0000000040), 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x5, 0x8, 0x2}, 0x48)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendto$inet6(r3, &(0x7f0000000500)="a4", 0x1a00e, 0xe0ffffff, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000004c0)={&(0x7f0000000380)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x9, [@typedef={0x7, 0x0, 0x0, 0x7}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3}}, @typedef={0x6, 0x0, 0x0, 0x12, 0x1}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x5f]}}, 0x0, 0x51}, 0x20)

833.58418ms ago: executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'erspan0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x200, 0x4)
sendto$packet(r0, &(0x7f00000000c0)="3f050e002be6120306001e0089e9aaa911d7c2290f0086dd1327c9167c64734a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe94f, 0x0, &(0x7f0000000540)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

759.519373ms ago: executing program 1:
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000500)={&(0x7f00000004c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@restrict={0x7, 0x0, 0x0, 0xb, 0x4}]}, {0x0, [0x2e]}}, &(0x7f00000005c0)=""/210, 0x27, 0xd2, 0x0, 0x20}, 0x20)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x20000000000003ca, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, r0, 0x8, 0x0, 0xfffffffffffffee7}, 0x90)
r2 = accept$packet(0xffffffffffffffff, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x14)
accept$packet(r2, &(0x7f0000000340)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000380)=0x14) (async)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000000c0)='percpu_alloc_percpu\x00', r1}, 0x10) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)={0x28, 0x3b, 0x107, 0x0, 0x0, {0x2}, [@typed={0x4}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x59, 0x0, 0x0, @u32}]}, @typed={0x4, 0x8, 0x0, 0x0, @binary}]}, 0x28}}, 0x0) (async, rerun: 32)
r5 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r6=>0x0})
r7 = socket(0x18, 0x800, 0x3) (async, rerun: 32)
getsockopt$inet_sctp_SCTP_RTOINFO(r3, 0x84, 0x0, &(0x7f00000003c0)={<r8=>0x0, 0xfff, 0x9, 0x1}, &(0x7f0000000400)=0x10) (rerun: 32)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000440)=@sack_info={r8, 0x81, 0x40}, &(0x7f0000000480)=0xc)
sendmsg$NL80211_CMD_JOIN_IBSS(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x54, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x20, 0x51, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@NL80211_KEY_IDX={0x5}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "adff360dad"}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x54}}, 0x0) (async, rerun: 32)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6) (rerun: 32)
sendmsg$nl_xfrm(r9, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)=@getspdinfo={0x14, 0x25, 0x100, 0x70bd2a, 0x25dfdbfc, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x5}, 0xc010)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0xc, 0x0, 0x0}, 0x90)

647.179347ms ago: executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
socket(0x0, 0x0, 0x6)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket(0x28, 0x5, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000008200000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, 0x1c)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000140))
socket$kcm(0x2, 0x0, 0x106)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b32"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r5, r4, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r5, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20)
sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000340)={&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc44, 0x0, 0x0}, &(0x7f0000000380)=0x40)

555.47653ms ago: executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0)
close(r1)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
listen(r2, 0xfffffffc)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={<r3=>0x0, 0xfe7d, &(0x7f0000000000)=[@in]}, &(0x7f00000002c0)=0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000200)={r3, 0x80}, &(0x7f0000000240)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r4, 0x84, 0x1, &(0x7f0000000040)={r3, 0xffff, 0x1000, 0x80, 0x7f, 0x7ff}, &(0x7f0000000100)=0x14)
write$cgroup_int(r4, &(0x7f0000000000), 0x12)
close(r4)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000140)=0x2, 0x4)
ioctl$BTRFS_IOC_QGROUP_LIMIT(0xffffffffffffffff, 0x8030942b, &(0x7f00000001c0)={0x3ff, {0x8, 0x1f, 0xffffffffffffffff, 0x58fa1c17, 0x3}})
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="c00000000001010400000000000000000a0000003c0001802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000000c00028005000100000000003c0002800c00028005000100000000002c000180140003000000000000000000000000000000000100000400fe8000000000000000000000000000aa08000740000000002c00068014000500000000000000000000000000000000001400040000000000000000000000000000000001"], 0xc0}}, 0x0)
socketpair(0x2, 0x0, 0x1, &(0x7f0000000300))

532.601216ms ago: executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0) (async)
socket$inet6_mptcp(0xa, 0x1, 0x106) (async)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r0, 0x8000)
close(0xffffffffffffffff) (async)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_udp_int(r1, 0x11, 0x1, &(0x7f0000000240)=0x225, 0x4) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000001c0), r3)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB='p\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000000000000000037400062c00070073797374656d5f753a6f626a6563745f723a756465765f68656c7065725f657865635f743a733000080002000000000014000600626f6e643000000400000000000000000000000000000a00"/106], 0x70}, 0x1, 0xffffffff00000003}, 0x0) (async)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x48, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_REPLY={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_ZONE={0x6}]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x4}]}, 0x48}}, 0x0) (async)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="460000000206030000000000000100000000000005000100070000000900020073797a30001c00000c0007800800134000000000050005000000000005000400000000000d000300686173683a6d616300000000"], 0x54}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IPSET_CMD_FLUSH(r6, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x204}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x4, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x20000000) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async)
r7 = socket$packet(0x11, 0x2, 0x300)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r8, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_IE={0x4}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x24}}, 0x0)
setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) (async)
setsockopt$packet_fanout_data(r7, 0x107, 0x16, &(0x7f00000000c0)={0x3, &(0x7f0000000180)=[{0x28, 0x1, 0x0, 0xfffff034}, {0x54}, {0x8}]}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000080)=ANY=[@ANYBLOB="0380c2000000bbbbbbbbbbbb08004500001c0065000000429078ac1e0001ac1414aa00009078ac1414bb"], 0x0)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = openat$cgroup_int(r11, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x8)

334.460976ms ago: executing program 3:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7d, &(0x7f0000000080), &(0x7f00000000c0)=0x8)

299.394012ms ago: executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0xb000000, &(0x7f0000000200)={&(0x7f00000002c0)={0x64, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac}, 0x0, @default, 0x0, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}], @crypto_settings=[@NL80211_ATTR_PMK={0x4}, @NL80211_ATTR_SOCKET_OWNER={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}, @NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x64}}, 0x0)

193.501227ms ago: executing program 3:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x24, r0, 0x8, 0x70bd2a, 0x25dfdbfe, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}]}, 0x24}}, 0x4000000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000001010000000000000800000018110090a3001afb0020e20e492639c79cfdd4afe197e6316b542c8b2cd34259bb8caefeb6d1dad65a949af8816d4d22097ae13a1b841e6a84d77c741a86ea7623fbf1108a2d75a68e588ed5e7d632d13b71f739c262b3a0164ab90f46288777e02bfc6cffc393203ea9be07c0fcf9345e6d8d09bfa7972dc3", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018000000c700000000000000060000008182fe0fff0000001f705700090000007b46f8ff0c000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x8}, 0x90)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e000000080000000000180003801400038010000180"], 0x44}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$pppl2tp(0x18, 0x1, 0x1)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r5, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r6, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz1\x00', 0x1ff)
connect$pppl2tp(r4, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private}, 0x1, 0x2}}, 0x26)
getsockopt$bt_BT_SECURITY(r4, 0x111, 0x5, 0x0, 0x20001f00)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b0f, 0x0)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r7 = socket(0x200000100000011, 0x803, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'xfrm0\x00', <r9=>0x0})
sendto$packet(r7, &(0x7f00000000c0)="4dcdc7d96a760000002f00050000000000060000450b21e9e89291df563213e9152234f5623c526156de8ae4ae9150d3d2dd194a", 0x34, 0x0, &(0x7f0000000000)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @dev}, 0x14)

129.190029ms ago: executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'netdevsim0\x00', <r2=>0x0})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='contention_end\x00', r3}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000080)={@cgroup=r4, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000840)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10b}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}, @IFLA_MACVLAN_FLAGS={0x6, 0x2, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x4c}}, 0x0)

124.865522ms ago: executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x4800, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000000203030000000000000000000000000208000340000000000800054000000000080003400000003f08000340000000080800010001000023090002000000100000000000080004"], 0x58}}, 0x0)

0s ago: executing program 3:
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00'})
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000440)={@val={0x6}, @void, @eth={@multicast, @remote, @val={@val, {0x810a}}, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @remote, @remote}}}}}}, 0x72)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.182' (ED25519) to the list of known hosts.
2024/06/23 00:29:08 fuzzer started
2024/06/23 00:29:08 dialing manager at 10.128.0.169:30018
[   55.129121][ T5092] cgroup: Unknown subsys name 'net'
[   55.285609][ T5092] cgroup: Unknown subsys name 'rlimit'
2024/06/23 00:29:10 starting 5 executor processes
[   56.373670][ T5094] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   56.386002][ T5094] syz-executor (5094) used greatest stack depth: 18968 bytes left
[   57.424201][ T5114] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   57.436219][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   57.445540][   T53] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   57.467194][ T5120] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   57.475114][ T5120] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   57.479494][ T5123] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   57.483929][ T5120] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   57.490515][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   57.497488][ T5120] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   57.505715][ T5123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   57.513002][ T5120] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   57.526229][ T5125] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   57.527014][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   57.534148][ T5125] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   57.544025][ T5123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   57.549003][ T5125] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   57.555278][ T5123] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   57.562642][ T5125] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   57.568952][ T5123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   57.575618][ T5125] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   57.583853][ T5123] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   57.589529][ T5125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   57.597439][ T5123] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   57.622280][ T5123] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   57.666154][ T5123] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   57.683249][ T5123] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   57.692816][ T5123] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   57.716192][ T5123] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   57.725676][ T5123] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   57.738916][ T5123] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   58.091315][ T5112] chnl_net:caif_netlink_parms(): no params data found
[   58.215418][ T5117] chnl_net:caif_netlink_parms(): no params data found
[   58.345879][ T5119] chnl_net:caif_netlink_parms(): no params data found
[   58.371354][ T5112] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.379262][ T5112] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.386878][ T5112] bridge_slave_0: entered allmulticast mode
[   58.393820][ T5112] bridge_slave_0: entered promiscuous mode
[   58.428273][ T5112] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.435563][ T5112] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.442974][ T5112] bridge_slave_1: entered allmulticast mode
[   58.449708][ T5112] bridge_slave_1: entered promiscuous mode
[   58.456785][ T5111] chnl_net:caif_netlink_parms(): no params data found
[   58.564381][ T5112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.577332][ T5112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.614598][ T5117] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.622012][ T5117] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.629182][ T5117] bridge_slave_0: entered allmulticast mode
[   58.637349][ T5117] bridge_slave_0: entered promiscuous mode
[   58.649255][ T5117] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.656480][ T5117] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.664062][ T5117] bridge_slave_1: entered allmulticast mode
[   58.671312][ T5117] bridge_slave_1: entered promiscuous mode
[   58.701224][ T5124] chnl_net:caif_netlink_parms(): no params data found
[   58.746456][ T5112] team0: Port device team_slave_0 added
[   58.798121][ T5112] team0: Port device team_slave_1 added
[   58.833723][ T5117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   58.846693][ T5117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   58.856406][ T5119] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.864500][ T5119] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.871663][ T5119] bridge_slave_0: entered allmulticast mode
[   58.878923][ T5119] bridge_slave_0: entered promiscuous mode
[   58.897626][ T5111] bridge0: port 1(bridge_slave_0) entered blocking state
[   58.904903][ T5111] bridge0: port 1(bridge_slave_0) entered disabled state
[   58.912463][ T5111] bridge_slave_0: entered allmulticast mode
[   58.919238][ T5111] bridge_slave_0: entered promiscuous mode
[   58.953459][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state
[   58.960677][ T5119] bridge0: port 2(bridge_slave_1) entered disabled state
[   58.968489][ T5119] bridge_slave_1: entered allmulticast mode
[   58.975957][ T5119] bridge_slave_1: entered promiscuous mode
[   58.994366][ T5112] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.001332][ T5112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.027636][ T5112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.039758][ T5111] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.046987][ T5111] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.054280][ T5111] bridge_slave_1: entered allmulticast mode
[   59.061132][ T5111] bridge_slave_1: entered promiscuous mode
[   59.082380][ T5117] team0: Port device team_slave_0 added
[   59.100361][ T5112] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.107495][ T5112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.133608][ T5112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.164974][ T5117] team0: Port device team_slave_1 added
[   59.188258][ T5119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.209000][ T5111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.243826][ T5119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.269332][ T5111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.304483][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.311452][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.337998][ T5117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.387681][ T5124] bridge0: port 1(bridge_slave_0) entered blocking state
[   59.395247][ T5124] bridge0: port 1(bridge_slave_0) entered disabled state
[   59.402664][ T5124] bridge_slave_0: entered allmulticast mode
[   59.409473][ T5124] bridge_slave_0: entered promiscuous mode
[   59.418708][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.426173][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.454057][ T5117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.468032][ T5119] team0: Port device team_slave_0 added
[   59.478539][ T5112] hsr_slave_0: entered promiscuous mode
[   59.485855][ T5112] hsr_slave_1: entered promiscuous mode
[   59.501711][ T5124] bridge0: port 2(bridge_slave_1) entered blocking state
[   59.509986][ T5124] bridge0: port 2(bridge_slave_1) entered disabled state
[   59.517370][ T5124] bridge_slave_1: entered allmulticast mode
[   59.524913][ T5124] bridge_slave_1: entered promiscuous mode
[   59.551479][ T5119] team0: Port device team_slave_1 added
[   59.574011][ T5111] team0: Port device team_slave_0 added
[   59.606473][ T5119] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.614017][ T5119] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.641014][ T5119] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.666285][ T5111] team0: Port device team_slave_1 added
[   59.682695][ T5123] Bluetooth: hci3: command tx timeout
[   59.688524][ T5125] Bluetooth: hci0: command tx timeout
[   59.694259][ T5123] Bluetooth: hci1: command tx timeout
[   59.700165][ T5123] Bluetooth: hci2: command tx timeout
[   59.710251][ T5124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   59.720500][ T5119] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.727797][ T5119] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.753752][ T5119] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.764460][ T5125] Bluetooth: hci4: command tx timeout
[   59.805150][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_0
[   59.812320][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.838432][ T5111] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   59.859854][ T5124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   59.903941][ T5124] team0: Port device team_slave_0 added
[   59.910593][ T5111] batman_adv: batadv0: Adding interface: batadv_slave_1
[   59.918271][ T5111] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   59.945358][ T5111] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   59.960895][ T5117] hsr_slave_0: entered promiscuous mode
[   59.967416][ T5117] hsr_slave_1: entered promiscuous mode
[   59.974380][ T5117] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   59.984020][ T5117] Cannot create hsr debugfs directory
[   60.002286][ T5124] team0: Port device team_slave_1 added
[   60.088535][ T5119] hsr_slave_0: entered promiscuous mode
[   60.095101][ T5119] hsr_slave_1: entered promiscuous mode
[   60.101176][ T5119] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.108859][ T5119] Cannot create hsr debugfs directory
[   60.117549][ T5124] batman_adv: batadv0: Adding interface: batadv_slave_0
[   60.124673][ T5124] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.150674][ T5124] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   60.206711][ T5124] batman_adv: batadv0: Adding interface: batadv_slave_1
[   60.213849][ T5124] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   60.239964][ T5124] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   60.338611][ T5111] hsr_slave_0: entered promiscuous mode
[   60.347891][ T5111] hsr_slave_1: entered promiscuous mode
[   60.354245][ T5111] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.362038][ T5111] Cannot create hsr debugfs directory
[   60.428635][ T5124] hsr_slave_0: entered promiscuous mode
[   60.435192][ T5124] hsr_slave_1: entered promiscuous mode
[   60.441389][ T5124] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   60.449728][ T5124] Cannot create hsr debugfs directory
[   60.811462][ T5112] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   60.851072][ T5112] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   60.879640][ T5112] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   60.891077][ T5112] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   60.926679][ T5117] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   60.951479][ T5117] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   60.967646][ T5117] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   60.998894][ T5117] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   61.063891][ T5119] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   61.076363][ T5119] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   61.087805][ T5119] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   61.101381][ T5119] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   61.210768][ T5111] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   61.224346][ T5111] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   61.252566][ T5111] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   61.263286][ T5111] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   61.357985][ T5124] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   61.374883][ T5124] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   61.387177][ T5124] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   61.398020][ T5124] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   61.455226][ T5112] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.548911][ T5117] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.579309][ T5112] 8021q: adding VLAN 0 to HW filter on device team0
[   61.608771][ T5163] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.616045][ T5163] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.628262][ T5163] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.635446][ T5163] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.692883][ T5119] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.715378][ T5117] 8021q: adding VLAN 0 to HW filter on device team0
[   61.759096][ T5164] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.766361][ T5164] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.776761][ T5125] Bluetooth: hci0: command tx timeout
[   61.776820][ T5123] Bluetooth: hci2: command tx timeout
[   61.783445][ T5114] Bluetooth: hci1: command tx timeout
[   61.788286][ T5118] Bluetooth: hci3: command tx timeout
[   61.805331][ T5119] 8021q: adding VLAN 0 to HW filter on device team0
[   61.824359][ T5111] 8021q: adding VLAN 0 to HW filter on device bond0
[   61.842277][ T5118] Bluetooth: hci4: command tx timeout
[   61.856179][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.863393][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.902282][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.909461][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.922089][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.929203][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.971019][ T5112] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   61.982868][ T5112] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.029869][ T5111] 8021q: adding VLAN 0 to HW filter on device team0
[   62.069910][ T5124] 8021q: adding VLAN 0 to HW filter on device bond0
[   62.095100][ T5161] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.102333][ T5161] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.145679][ T5161] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.152906][ T5161] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.241265][ T5124] 8021q: adding VLAN 0 to HW filter on device team0
[   62.268701][ T5117] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.330523][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   62.337838][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   62.349846][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   62.356995][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   62.397332][ T5119] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.413014][ T5111] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   62.448919][ T5112] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.615589][ T5112] veth0_vlan: entered promiscuous mode
[   62.630424][ T5112] veth1_vlan: entered promiscuous mode
[   62.757383][ T5112] veth0_macvtap: entered promiscuous mode
[   62.764683][ T5119] veth0_vlan: entered promiscuous mode
[   62.785799][ T5112] veth1_macvtap: entered promiscuous mode
[   62.821522][ T5111] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.849527][ T5119] veth1_vlan: entered promiscuous mode
[   62.875449][ T5117] 8021q: adding VLAN 0 to HW filter on device batadv0
[   62.913924][ T5112] batman_adv: batadv0: Interface activated: batadv_slave_0
[   62.949029][ T5112] batman_adv: batadv0: Interface activated: batadv_slave_1
[   62.970510][ T5112] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.980019][ T5112] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.994323][ T5112] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.003515][ T5112] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.081669][ T5119] veth0_macvtap: entered promiscuous mode
[   63.120617][ T5119] veth1_macvtap: entered promiscuous mode
[   63.170652][ T5124] 8021q: adding VLAN 0 to HW filter on device batadv0
[   63.197525][ T5119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.231781][ T5119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.246743][ T5119] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.260494][ T5119] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.272811][ T5119] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.286572][ T5119] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.301672][ T5119] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.311205][ T5119] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   63.321549][ T5119] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   63.330568][ T5119] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   63.347253][ T5117] veth0_vlan: entered promiscuous mode
[   63.380516][ T5117] veth1_vlan: entered promiscuous mode
[   63.467916][ T2853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.486100][ T2853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.546272][ T5117] veth0_macvtap: entered promiscuous mode
[   63.587179][ T5117] veth1_macvtap: entered promiscuous mode
[   63.598074][ T5124] veth0_vlan: entered promiscuous mode
[   63.618162][ T5111] veth0_vlan: entered promiscuous mode
[   63.635236][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.649695][ T5124] veth1_vlan: entered promiscuous mode
[   63.655426][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.671610][ T5111] veth1_vlan: entered promiscuous mode
[   63.696287][ T2822] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   63.729019][ T2822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   63.745404][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.757695][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.767891][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   63.778593][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.790341][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_0
[   63.820766][ T5124] veth0_macvtap: entered promiscuous mode
[   63.839515][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.851657][ T5118] Bluetooth: hci3: command tx timeout
[   63.855241][ T5125] Bluetooth: hci0: command tx timeout
[   63.858065][ T5118] Bluetooth: hci1: command tx timeout
[   63.864414][ T5123] Bluetooth: hci2: command tx timeout
[   63.868840][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.884353][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   63.895192][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   63.908372][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_1
[   63.922245][ T5123] Bluetooth: hci4: command tx timeout
[   63.978596][ T5117] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   63.988477][ T5117] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.000857][ T5117] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.010382][ T5117] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.035401][ T5111] veth0_macvtap: entered promiscuous mode
[   64.048474][ T5124] veth1_macvtap: entered promiscuous mode
[   64.064722][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   64.070825][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.084494][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   64.086989][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.102663][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.113751][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.125751][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.136666][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.147794][ T5124] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.176886][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.187598][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.198456][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.208958][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.219244][ T5124] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.230049][ T5124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.245481][ T5124] batman_adv: batadv0: Interface activated: batadv_slave_1
[   64.260395][ T5111] veth1_macvtap: entered promiscuous mode
[   64.285834][ T5124] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   64.294902][ T5124] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   64.309172][ T5124] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   64.333427][ T5124] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   64.356377][ T5199] Cannot find del_set index 0 as target
[   64.366334][ T5199] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[   64.371108][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.387363][ T5199] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   64.395236][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.407920][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.420261][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.430728][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.442523][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.455526][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   64.466806][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.479132][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_0
[   64.587206][ T5204] FAULT_INJECTION: forcing a failure.
[   64.587206][ T5204] name failslab, interval 1, probability 0, space 0, times 1
[   64.600880][ T5204] CPU: 0 PID: 5204 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   64.611333][ T5204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   64.621408][ T5204] Call Trace:
[   64.624714][ T5204]  <TASK>
[   64.627738][ T5204]  dump_stack_lvl+0x241/0x360
[   64.632542][ T5204]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.637743][ T5204]  ? __pfx__printk+0x10/0x10
[   64.642339][ T5204]  ? ref_tracker_alloc+0x332/0x490
[   64.647488][ T5204]  should_fail_ex+0x3b0/0x4e0
[   64.652195][ T5204]  ? skb_clone+0x20c/0x390
[   64.656705][ T5204]  should_failslab+0x9/0x20
[   64.661315][ T5204]  kmem_cache_alloc_noprof+0x6c/0x2a0
[   64.666733][ T5204]  skb_clone+0x20c/0x390
[   64.670999][ T5204]  __netlink_deliver_tap+0x3cc/0x7c0
[   64.676297][ T5204]  ? netlink_deliver_tap+0x2e/0x1b0
[   64.681520][ T5204]  netlink_deliver_tap+0x19d/0x1b0
[   64.686737][ T5204]  netlink_unicast+0x7be/0x990
[   64.691516][ T5204]  ? __pfx_netlink_unicast+0x10/0x10
[   64.696802][ T5204]  ? __virt_addr_valid+0x183/0x520
[   64.701925][ T5204]  ? __check_object_size+0x49c/0x900
[   64.707243][ T5204]  ? bpf_lsm_netlink_send+0x9/0x10
[   64.712389][ T5204]  netlink_sendmsg+0x8e4/0xcb0
[   64.717269][ T5204]  ? __pfx_netlink_sendmsg+0x10/0x10
[   64.722571][ T5204]  ? __import_iovec+0x536/0x820
[   64.727457][ T5204]  ? aa_sock_msg_perm+0x91/0x160
[   64.732501][ T5204]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   64.737812][ T5204]  ? security_socket_sendmsg+0x87/0xb0
[   64.743288][ T5204]  ? __pfx_netlink_sendmsg+0x10/0x10
[   64.748576][ T5204]  __sock_sendmsg+0x221/0x270
[   64.753256][ T5204]  ____sys_sendmsg+0x525/0x7d0
[   64.758030][ T5204]  ? __pfx_____sys_sendmsg+0x10/0x10
[   64.763351][ T5204]  __sys_sendmsg+0x2b0/0x3a0
[   64.767977][ T5204]  ? __pfx___sys_sendmsg+0x10/0x10
[   64.773091][ T5204]  ? vfs_write+0x7c4/0xc90
[   64.777541][ T5204]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   64.783873][ T5204]  ? do_syscall_64+0x100/0x230
[   64.788725][ T5204]  ? do_syscall_64+0xb6/0x230
[   64.793406][ T5204]  do_syscall_64+0xf3/0x230
[   64.797911][ T5204]  ? clear_bhb_loop+0x35/0x90
[   64.802594][ T5204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.808506][ T5204] RIP: 0033:0x7fa61f67d0a9
[   64.812929][ T5204] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   64.833239][ T5204] RSP: 002b:00007fa6203cc0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   64.841658][ T5204] RAX: ffffffffffffffda RBX: 00007fa61f7b3f80 RCX: 00007fa61f67d0a9
[   64.849633][ T5204] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003
[   64.857602][ T5204] RBP: 00007fa6203cc120 R08: 0000000000000000 R09: 0000000000000000
[   64.865569][ T5204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   64.873538][ T5204] R13: 000000000000000b R14: 00007fa61f7b3f80 R15: 00007ffd35068608
[   64.881532][ T5204]  </TASK>
[   64.926516][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.948283][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.977333][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   64.987989][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   64.998340][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.010828][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.021212][ T5111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   65.032929][ T5111] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   65.051104][ T5111] batman_adv: batadv0: Interface activated: batadv_slave_1
[   65.067145][ T5204] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   65.078662][ T5111] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   65.087810][ T5111] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   65.098833][ T5111] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   65.111253][ T5111] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   65.204829][ T5213] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   65.251068][ T5215] x_tables: ip6_tables: udp match: only valid for protocol 17
[   65.271253][ T5212] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   65.356013][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.370146][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.410007][ T2822] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.442071][ T2822] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.446705][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.465785][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.557558][ T2853] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.575074][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.588366][ T2853] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.604879][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.697064][ T5223] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   65.707254][ T5219] (unnamed net_device) (uninitialized): option lacp_rate: invalid value (64)
[   65.708303][ T2853] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   65.732328][ T2853] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   65.921951][ T5123] Bluetooth: hci2: command tx timeout
[   65.922989][ T5118] Bluetooth: hci0: command tx timeout
[   65.927584][ T5125] Bluetooth: hci3: command tx timeout
[   65.927630][ T5125] Bluetooth: hci1: command tx timeout
[   66.002737][ T5118] Bluetooth: hci4: command tx timeout
[   66.030051][ T5235] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   66.672181][ T5263] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.733394][ T5258] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[   66.824376][ T5268] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[   66.859758][ T5258] batman_adv: batadv0: Adding interface: team0
[   66.867985][ T5258] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.952440][ T5258] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   67.346795][ T5289] syz-executor.1 uses obsolete (PF_INET,SOCK_PACKET)
[   67.447813][ T5295] Κό: entered promiscuous mode
[   67.658471][ T5303] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   67.963616][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88802c41ac00: rx timeout, send abort
[   68.226090][ T5321] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   68.464779][   T29] audit: type=1800 audit(1719102562.349:2): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1942 res=0 errno=0
[   68.473036][    C0] vxcan0: j1939_tp_rxtimer: 0xffff88802c41ac00: abort rx timeout. Force session deactivation
[   68.557713][   T29] audit: type=1800 audit(1719102562.439:3): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1942 res=0 errno=0
[   69.078408][ T5363] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[   69.371000][ T5377] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[   69.447536][ T5390] FAULT_INJECTION: forcing a failure.
[   69.447536][ T5390] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   69.480418][ T5390] CPU: 1 PID: 5390 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   69.490888][ T5390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   69.500972][ T5390] Call Trace:
[   69.504257][ T5390]  <TASK>
[   69.507198][ T5390]  dump_stack_lvl+0x241/0x360
[   69.511903][ T5390]  ? __pfx_dump_stack_lvl+0x10/0x10
[   69.517110][ T5390]  ? __pfx__printk+0x10/0x10
[   69.521698][ T5390]  ? __pfx_lock_release+0x10/0x10
[   69.526732][ T5390]  should_fail_ex+0x3b0/0x4e0
[   69.531415][ T5390]  _copy_from_user+0x2f/0xe0
[   69.536019][ T5390]  do_ipt_set_ctl+0x731/0x1250
[   69.540791][ T5390]  ? __pfx___might_resched+0x10/0x10
[   69.546075][ T5390]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[   69.551274][ T5390]  ? __pfx_lock_release+0x10/0x10
[   69.556301][ T5390]  ? __mutex_unlock_slowpath+0x21d/0x750
[   69.562029][ T5390]  ? __pfx_do_ip_setsockopt+0x10/0x10
[   69.567427][ T5390]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   69.573417][ T5390]  ? __pfx_aa_sk_perm+0x10/0x10
[   69.578263][ T5390]  ? module_put+0x13a/0x2d0
[   69.582766][ T5390]  nf_setsockopt+0x295/0x2c0
[   69.587356][ T5390]  ? __pfx_sock_common_setsockopt+0x10/0x10
[   69.593241][ T5390]  do_sock_setsockopt+0x3af/0x720
[   69.598263][ T5390]  ? __pfx_do_sock_setsockopt+0x10/0x10
[   69.603801][ T5390]  ? __fget_files+0x29/0x470
[   69.608393][ T5390]  ? __fget_files+0x3f6/0x470
[   69.613069][ T5390]  __sys_setsockopt+0x1ae/0x250
[   69.618091][ T5390]  __x64_sys_setsockopt+0xb5/0xd0
[   69.623119][ T5390]  do_syscall_64+0xf3/0x230
[   69.627619][ T5390]  ? clear_bhb_loop+0x35/0x90
[   69.632301][ T5390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   69.638223][ T5390] RIP: 0033:0x7f918407d0a9
[   69.642764][ T5390] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   69.662372][ T5390] RSP: 002b:00007f9184e020c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[   69.670868][ T5390] RAX: ffffffffffffffda RBX: 00007f91841b4050 RCX: 00007f918407d0a9
[   69.678934][ T5390] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000009
[   69.686932][ T5390] RBP: 00007f9184e02120 R08: 0000000000000450 R09: 0000000000000000
[   69.695007][ T5390] R10: 0000000020000480 R11: 0000000000000246 R12: 0000000000000001
[   69.702966][ T5390] R13: 000000000000006e R14: 00007f91841b4050 R15: 00007ffc9885ccf8
[   69.710941][ T5390]  </TASK>
[   69.900775][ T5400] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.926928][ T5400] batman_adv: batadv0: Removing interface: batadv_slave_0
[   70.805826][ T5444] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[   70.847949][ T5444] bridge0: port 2(bridge_slave_1) entered disabled state
[   71.091315][ T5489] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[   71.293688][ T5501] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[   71.316906][ T5501] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[   71.337647][ T5504] Cannot find add_set index 0 as target
[   71.350146][ T5502] veth0_vlan: entered allmulticast mode
[   71.815155][ T5518] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   71.850436][ T5518] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   71.906714][ T5519] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   71.916671][ T1251] ieee802154 phy0 wpan0: encryption failed: -22
[   71.932175][ T1251] ieee802154 phy1 wpan1: encryption failed: -22
[   72.002946][ T5518] Cannot find add_set index 0 as target
[   72.101404][ T5523] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[   72.376008][ T5527] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.4'.
[   72.907110][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888020580000: rx timeout, send abort
[   72.915742][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888020580000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[   73.089784][ T5548] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[   73.165052][ T5548] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[   73.490187][ T5558] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[   73.573269][ T5560] trusted_key: syz-executor.2 sent an empty control message without MSG_MORE.
[   73.628432][ T5557] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode
[   73.679298][ T5564] veth0_vlan: entered allmulticast mode
[   73.746321][ T5568] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[   73.797960][ T5570] Zero length message leads to an empty skb
[   74.155243][ T5582] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[   74.289168][ T5595] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.2'.
[   74.584936][ T5605] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   74.622478][ T5605] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   74.664892][ T5610] netem: incorrect ge model size
[   74.670133][ T5610] netem: change failed
[   74.703481][ T5612] netlink: 'syz-executor.4': attribute type 29 has an invalid length.
[   74.747795][ T5614] Driver unsupported XDP return value 0 on prog  (id 37) dev N/A, expect packet loss!
[   74.878957][ T5622] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[   74.894014][ T5621] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[   75.046018][ T5627] mac80211_hwsim hwsim9 wlan0: entered promiscuous mode
[   75.066150][ T5627] macvlan2: entered allmulticast mode
[   75.084533][ T5627] mac80211_hwsim hwsim9 wlan0: entered allmulticast mode
[   75.122674][ T5627] mac80211_hwsim hwsim9 wlan0: left promiscuous mode
[   75.826438][ T5642] __nla_validate_parse: 2 callbacks suppressed
[   75.826460][ T5642] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'.
[   75.989016][ T5647] tap0: tun_chr_ioctl cmd 1074025680
[   76.044183][ T5651] tun0: tun_chr_ioctl cmd 1074025675
[   76.056836][ T5651] tun0: persist enabled
[   76.105240][ T5651] tun0: tun_chr_ioctl cmd 1074025675
[   76.129613][ T5651] tun0: persist enabled
[   76.725537][ T5683] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[   76.971037][ T5694] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.4'.
[   77.173620][ T5696] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[   77.259651][ T5701] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   77.301858][ T5701] netlink: 'syz-executor.1': attribute type 20 has an invalid length.
[   77.396543][ T5701] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   77.398639][ T5709] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[   77.405649][ T5701] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   77.405703][ T5701] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   77.405731][ T5701] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   77.412478][ T5708] netlink: 'syz-executor.3': attribute type 8 has an invalid length.
[   77.478338][ T5701] vxlan0: entered promiscuous mode
[   78.355365][ T5729] pim6reg1: entered promiscuous mode
[   78.369428][ T5729] pim6reg1: entered allmulticast mode
[   78.792154][ T5749] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.0'.
[   79.246717][ T5761] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[   79.330168][ T5764] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[   79.345142][ T5766] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[   79.637777][ T5780] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[   81.061161][ T5819] __nla_validate_parse: 2 callbacks suppressed
[   81.061181][ T5819] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   81.130969][ T5831] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   81.135265][ T5824] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[   81.342280][ T5832] netlink: 188 bytes leftover after parsing attributes in process `syz-executor.4'.
[   81.533033][ T5841] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   81.549935][ T5841] macvlan2: entered allmulticast mode
[   81.557292][ T5841] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[   81.572525][ T5841] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[   81.602165][ T5841] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[   81.835474][ T5862] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   82.088139][   T25] cfg80211: failed to load regulatory.db
[   82.360341][ T5886] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[   82.410108][ T5890] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   82.418388][ T5890] macvlan2: entered allmulticast mode
[   82.426830][ T5890] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode
[   82.618306][ T5890] mac80211_hwsim hwsim4 wlan0: left allmulticast mode
[   82.633530][ T5890] mac80211_hwsim hwsim4 wlan0: left promiscuous mode
[   82.778418][ T5894] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[   82.854962][ T5896] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[   82.896388][ T5896] netlink: 'syz-executor.0': attribute type 11 has an invalid length.
[   82.919694][ T5896] netlink: 128512 bytes leftover after parsing attributes in process `syz-executor.0'.
[   82.982092][ T5902] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[   82.982982][ T5899] x_tables: duplicate underflow at hook 2
[   83.034569][ T5896] Bluetooth: MGMT ver 1.22
[   83.985497][ T5946] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   84.209625][ T5954] syzkaller1: entered promiscuous mode
[   84.249873][ T5954] syzkaller1: entered allmulticast mode
[   84.267988][ T5959] sock: sock_timestamping_bind_phc: sock not bind to device
[   84.621459][ T5977] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
[   84.984099][ T5992] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[   84.997262][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   86.209345][ T6040] __nla_validate_parse: 5 callbacks suppressed
[   86.209363][ T6040] netlink: 816 bytes leftover after parsing attributes in process `syz-executor.1'.
[   86.276812][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   86.558440][ T6053] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[   86.642381][ T6053] netdevsim netdevsim4 netdevsim0: left promiscuous mode
[   86.818420][ T6066] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[   87.002221][ T6075] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.1'.
[   87.016570][ T6075] bridge_slave_1: left allmulticast mode
[   87.029280][ T6075] bridge_slave_1: left promiscuous mode
[   87.053225][ T6075] bridge0: port 2(bridge_slave_1) entered disabled state
[   87.119966][ T6075] bridge_slave_0: left allmulticast mode
[   87.142540][ T6075] bridge_slave_0: left promiscuous mode
[   87.156662][ T6075] bridge0: port 1(bridge_slave_0) entered disabled state
[   87.290508][ T6084] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[   87.485321][ T6085] bond1 (unregistering): Released all slaves
[   88.555508][ T6123] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[   88.593355][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[   88.807657][ T6140] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   88.888349][ T6143] ip6t_REJECT: TCP_RESET illegal for non-tcp
[   89.349900][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802e86d400: rx timeout, send abort
[   89.858302][    C0] vcan0: j1939_tp_rxtimer: 0xffff88802e86d400: abort rx timeout. Force session deactivation
[   90.162803][ T6190] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[   90.218090][ T6176] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   90.329575][ T6201] sctp: [Deprecated]: syz-executor.1 (pid 6201) Use of int in max_burst socket option deprecated.
[   90.329575][ T6201] Use struct sctp_assoc_value instead
[   90.343290][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[   90.825642][ T6213] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[   91.235303][ T6230] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.4'.
[   91.287121][ T6230] gretap0: entered promiscuous mode
[   91.507708][ T6239] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   91.720970][ T6246] tipc: Started in network mode
[   91.737454][ T6246] tipc: Node identity 2d2d14aa, cluster identity 4711
[   91.747656][ T6246] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   91.926254][ T6249] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   92.002628][ T6249] bond1: entered promiscuous mode
[   92.115174][ T6253] 8021q: adding VLAN 0 to HW filter on device bond2
[   92.144728][ T6253] bond2: entered promiscuous mode
[   92.171875][ T6253] bond1: (slave bond2): Enslaving as an active interface with an up link
[   92.199190][ T6256] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[   92.229807][ T6256] bond1 (unregistering): (slave bond2): Releasing backup interface
[   92.241218][ T6256] bond2: left promiscuous mode
[   92.342101][ T6256] bond1 (unregistering): Released all slaves
[   92.423879][ T6263] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   92.450579][ T6278] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[   92.747744][ T6293] FAULT_INJECTION: forcing a failure.
[   92.747744][ T6293] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   92.768945][ T6293] CPU: 0 PID: 6293 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   92.779516][ T6293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   92.789597][ T6293] Call Trace:
[   92.792903][ T6293]  <TASK>
[   92.795860][ T6293]  dump_stack_lvl+0x241/0x360
[   92.800576][ T6293]  ? __pfx_dump_stack_lvl+0x10/0x10
[   92.805812][ T6293]  ? __pfx__printk+0x10/0x10
[   92.810440][ T6293]  ? __pfx_lock_release+0x10/0x10
[   92.815505][ T6293]  should_fail_ex+0x3b0/0x4e0
[   92.820225][ T6293]  _copy_from_user+0x2f/0xe0
[   92.824847][ T6293]  copy_msghdr_from_user+0xae/0x680
[   92.830080][ T6293]  ? __pfx___might_resched+0x10/0x10
[   92.835402][ T6293]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   92.841254][ T6293]  ? __might_fault+0xaa/0x120
[   92.845967][ T6293]  do_recvmmsg+0x40f/0xae0
[   92.850437][ T6293]  ? __pfx_lock_release+0x10/0x10
[   92.855509][ T6293]  ? __pfx_do_recvmmsg+0x10/0x10
[   92.860502][ T6293]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   92.866435][ T6293]  ? ksys_write+0x23e/0x2c0
[   92.871000][ T6293]  ? __pfx_lock_release+0x10/0x10
[   92.876072][ T6293]  ? vfs_write+0x7c4/0xc90
[   92.880534][ T6293]  ? __mutex_unlock_slowpath+0x21d/0x750
[   92.886223][ T6293]  ? __fget_files+0x3f6/0x470
[   92.890948][ T6293]  __x64_sys_recvmmsg+0x199/0x250
[   92.896029][ T6293]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[   92.901615][ T6293]  ? do_syscall_64+0x100/0x230
[   92.906415][ T6293]  ? do_syscall_64+0xb6/0x230
[   92.911126][ T6293]  do_syscall_64+0xf3/0x230
[   92.915658][ T6293]  ? clear_bhb_loop+0x35/0x90
[   92.920374][ T6293]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.926322][ T6293] RIP: 0033:0x7fa61f67d0a9
[   92.930765][ T6293] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.950400][ T6293] RSP: 002b:00007fa6203cc0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[   92.958850][ T6293] RAX: ffffffffffffffda RBX: 00007fa61f7b3f80 RCX: 00007fa61f67d0a9
[   92.966855][ T6293] RDX: 0000000000000a0d RSI: 00000000200066c0 RDI: 0000000000000007
[   92.974858][ T6293] RBP: 00007fa6203cc120 R08: 0000000000000000 R09: 0000000000000000
[   92.982864][ T6293] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   92.990862][ T6293] R13: 000000000000000b R14: 00007fa61f7b3f80 R15: 00007ffd35068608
[   92.998883][ T6293]  </TASK>
[   93.192493][ T6299] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[   93.245555][ T6299] batman_adv: batadv0: Adding interface: team0
[   93.280778][ T6299] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.399341][ T6299] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[   93.449982][ T6311] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[   93.736243][ T6324] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.330563][ T6351] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.398177][ T6343] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
[   94.487661][ T6360] tipc: Started in network mode
[   94.496487][ T6360] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[   94.515494][ T6360] tipc: Enabled bearer <eth:vlan0>, priority 10
[   94.719264][ T6368] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[   94.869529][ T6376] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[   94.904156][ T6376] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[   95.089242][ T6388] bridge0: port 2(bridge_slave_1) entered forwarding state
[   95.468702][ T6399] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[   95.655047][  T932] tipc: Node number set to 10005162
[   95.857590][ T6421] netdevsim netdevsim0: loading /lib/firmware/. failed with error -22
[   95.867344][ T6421] netdevsim netdevsim0: Direct firmware load for . failed with error -22
[   95.882265][ T6421] netdevsim netdevsim0: Falling back to sysfs fallback for: .
[   96.267213][ T6432] netlink: 'syz-executor.2': attribute type 15 has an invalid length.
[   96.289122][ T6432] __nla_validate_parse: 2 callbacks suppressed
[   96.289141][ T6432] netlink: 666 bytes leftover after parsing attributes in process `syz-executor.2'.
[   96.305805][ T6433] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[   96.974412][ T6461] FAULT_INJECTION: forcing a failure.
[   96.974412][ T6461] name failslab, interval 1, probability 0, space 0, times 0
[   97.003786][ T6461] CPU: 1 PID: 6461 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   97.014252][ T6461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   97.024329][ T6461] Call Trace:
[   97.027627][ T6461]  <TASK>
[   97.030581][ T6461]  dump_stack_lvl+0x241/0x360
[   97.035290][ T6461]  ? __pfx_dump_stack_lvl+0x10/0x10
[   97.040520][ T6461]  ? __pfx__printk+0x10/0x10
[   97.045219][ T6461]  ? __asan_memset+0x23/0x50
[   97.049809][ T6461]  ? lockdep_init_map_type+0xa1/0x910
[   97.055173][ T6461]  should_fail_ex+0x3b0/0x4e0
[   97.059848][ T6461]  ? hsr_create_self_node+0x5a/0x340
[   97.065143][ T6461]  should_failslab+0x9/0x20
[   97.069670][ T6461]  kmalloc_trace_noprof+0x6c/0x2c0
[   97.074803][ T6461]  ? __asan_memset+0x23/0x50
[   97.079436][ T6461]  hsr_create_self_node+0x5a/0x340
[   97.084603][ T6461]  hsr_dev_finalize+0x268/0x970
[   97.089494][ T6461]  ? __asan_memset+0x23/0x50
[   97.094121][ T6461]  hsr_newlink+0x7ee/0x970
[   97.098577][ T6461]  ? __pfx_hsr_newlink+0x10/0x10
[   97.103551][ T6461]  ? rtnl_create_link+0x91c/0xc20
[   97.108606][ T6461]  ? __pfx_hsr_newlink+0x10/0x10
[   97.113578][ T6461]  rtnl_newlink+0x1591/0x20a0
[   97.118310][ T6461]  ? __pfx_rtnl_newlink+0x10/0x10
[   97.123366][ T6461]  ? do_raw_spin_unlock+0x13c/0x8b0
[   97.129033][ T6461]  ? __mutex_lock+0x9a5/0xd70
[   97.133735][ T6461]  ? __mutex_lock+0x527/0xd70
[   97.138452][ T6461]  ? __pfx_rtnl_newlink+0x10/0x10
[   97.143494][ T6461]  rtnetlink_rcv_msg+0x89b/0x1180
[   97.148544][ T6461]  ? rtnetlink_rcv_msg+0x208/0x1180
[   97.153746][ T6461]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   97.159196][ T6461]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[   97.165177][ T6461]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   97.167779][ T6472] netlink: 38 bytes leftover after parsing attributes in process `syz-executor.3'.
[   97.171519][ T6461]  ? __local_bh_enable_ip+0x168/0x200
[   97.186191][ T6461]  ? lockdep_hardirqs_on+0x99/0x150
[   97.191411][ T6461]  ? __local_bh_enable_ip+0x168/0x200
[   97.196832][ T6461]  ? dev_hard_start_xmit+0x773/0x7e0
[   97.202154][ T6461]  ? __dev_queue_xmit+0x2d2/0x3d30
[   97.207299][ T6461]  ? __pfx___local_bh_enable_ip+0x10/0x10
[   97.213054][ T6461]  ? __dev_queue_xmit+0x2d2/0x3d30
[   97.218198][ T6461]  ? __dev_queue_xmit+0x16c9/0x3d30
[   97.223441][ T6461]  ? __dev_queue_xmit+0x2d2/0x3d30
[   97.228586][ T6461]  ? ref_tracker_free+0x643/0x7e0
[   97.233642][ T6461]  netlink_rcv_skb+0x1e3/0x430
[   97.238425][ T6461]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   97.243898][ T6461]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   97.249205][ T6461]  ? netlink_deliver_tap+0x2e/0x1b0
[   97.254459][ T6461]  netlink_unicast+0x7f0/0x990
[   97.259242][ T6461]  ? __pfx_netlink_unicast+0x10/0x10
[   97.264548][ T6461]  ? __virt_addr_valid+0x183/0x520
[   97.269678][ T6461]  ? __check_object_size+0x49c/0x900
[   97.274969][ T6461]  ? bpf_lsm_netlink_send+0x9/0x10
[   97.280093][ T6461]  netlink_sendmsg+0x8e4/0xcb0
[   97.284856][ T6461]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.290137][ T6461]  ? __import_iovec+0x536/0x820
[   97.294980][ T6461]  ? aa_sock_msg_perm+0x91/0x160
[   97.299915][ T6461]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   97.305194][ T6461]  ? security_socket_sendmsg+0x87/0xb0
[   97.310699][ T6461]  ? __pfx_netlink_sendmsg+0x10/0x10
[   97.315986][ T6461]  __sock_sendmsg+0x221/0x270
[   97.320677][ T6461]  ____sys_sendmsg+0x525/0x7d0
[   97.325453][ T6461]  ? __pfx_____sys_sendmsg+0x10/0x10
[   97.330765][ T6461]  __sys_sendmsg+0x2b0/0x3a0
[   97.335359][ T6461]  ? __pfx___sys_sendmsg+0x10/0x10
[   97.340545][ T6461]  ? vfs_write+0x7c4/0xc90
[   97.344973][ T6461]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   97.351292][ T6461]  ? do_syscall_64+0x100/0x230
[   97.356055][ T6461]  ? do_syscall_64+0xb6/0x230
[   97.360738][ T6461]  do_syscall_64+0xf3/0x230
[   97.365245][ T6461]  ? clear_bhb_loop+0x35/0x90
[   97.369946][ T6461]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   97.375940][ T6461] RIP: 0033:0x7fa61f67d0a9
[   97.380349][ T6461] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   97.400038][ T6461] RSP: 002b:00007fa6203cc0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   97.408450][ T6461] RAX: ffffffffffffffda RBX: 00007fa61f7b3f80 RCX: 00007fa61f67d0a9
[   97.416426][ T6461] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[   97.424520][ T6461] RBP: 00007fa6203cc120 R08: 0000000000000000 R09: 0000000000000000
[   97.432500][ T6461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   97.440474][ T6461] R13: 000000000000000b R14: 00007fa61f7b3f80 R15: 00007ffd35068608
[   97.448446][ T6461]  </TASK>
[   97.468897][ T6464] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   97.497836][ T6471] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[   97.588844][ T6475] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[   97.738460][ T6480] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   97.881094][ T6489] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[   98.004945][ T6498] FAULT_INJECTION: forcing a failure.
[   98.004945][ T6498] name failslab, interval 1, probability 0, space 0, times 0
[   98.020617][ T6498] CPU: 1 PID: 6498 Comm: syz-executor.3 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[   98.031150][ T6498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[   98.041199][ T6498] Call Trace:
[   98.044507][ T6498]  <TASK>
[   98.047429][ T6498]  dump_stack_lvl+0x241/0x360
[   98.052106][ T6498]  ? __pfx_dump_stack_lvl+0x10/0x10
[   98.057293][ T6498]  ? __pfx__printk+0x10/0x10
[   98.061875][ T6498]  ? netlink_insert+0x10b7/0x14b0
[   98.066896][ T6498]  should_fail_ex+0x3b0/0x4e0
[   98.071575][ T6498]  ? __alloc_skb+0x1c3/0x440
[   98.076172][ T6498]  should_failslab+0x9/0x20
[   98.080702][ T6498]  kmem_cache_alloc_node_noprof+0x71/0x320
[   98.086539][ T6498]  __alloc_skb+0x1c3/0x440
[   98.090983][ T6498]  ? __pfx___alloc_skb+0x10/0x10
[   98.095945][ T6498]  ? netlink_autobind+0xd6/0x2f0
[   98.100901][ T6498]  ? netlink_autobind+0x2b0/0x2f0
[   98.105948][ T6498]  netlink_sendmsg+0x638/0xcb0
[   98.110741][ T6498]  ? __pfx_netlink_sendmsg+0x10/0x10
[   98.116052][ T6498]  ? __import_iovec+0x536/0x820
[   98.120922][ T6498]  ? aa_sock_msg_perm+0x91/0x160
[   98.125882][ T6498]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   98.131167][ T6498]  ? security_socket_sendmsg+0x87/0xb0
[   98.136623][ T6498]  ? __pfx_netlink_sendmsg+0x10/0x10
[   98.141913][ T6498]  __sock_sendmsg+0x221/0x270
[   98.146608][ T6498]  ____sys_sendmsg+0x525/0x7d0
[   98.151399][ T6498]  ? __pfx_____sys_sendmsg+0x10/0x10
[   98.156869][ T6498]  __sys_sendmsg+0x2b0/0x3a0
[   98.161460][ T6498]  ? __pfx___sys_sendmsg+0x10/0x10
[   98.166583][ T6498]  ? vfs_write+0x7c4/0xc90
[   98.171025][ T6498]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[   98.177354][ T6498]  ? do_syscall_64+0x100/0x230
[   98.182126][ T6498]  ? do_syscall_64+0xb6/0x230
[   98.186798][ T6498]  do_syscall_64+0xf3/0x230
[   98.191296][ T6498]  ? clear_bhb_loop+0x35/0x90
[   98.195996][ T6498]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.201901][ T6498] RIP: 0033:0x7ff41e67d0a9
[   98.206327][ T6498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   98.225942][ T6498] RSP: 002b:00007ff41f3520c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   98.234356][ T6498] RAX: ffffffffffffffda RBX: 00007ff41e7b3f80 RCX: 00007ff41e67d0a9
[   98.242319][ T6498] RDX: 000000001000c004 RSI: 00000000200002c0 RDI: 0000000000000005
[   98.250280][ T6498] RBP: 00007ff41f352120 R08: 0000000000000000 R09: 0000000000000000
[   98.258250][ T6498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   98.266297][ T6498] R13: 000000000000004d R14: 00007ff41e7b3f80 R15: 00007ffdfeccd398
[   98.274272][ T6498]  </TASK>
[   98.358925][ T6506] IPVS: set_ctl: invalid protocol: 26467 117.112.0.170:0
[   98.367198][ T5162] IPVS: starting estimator thread 0...
[   98.462136][ T6509] IPVS: using max 19 ests per chain, 45600 per kthread
[   98.730998][ T6527] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   98.933211][ T6536] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   99.046444][ T6536] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[   99.246051][ T6550] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[   99.280196][ T6553] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[   99.408564][ T6553] syzkaller1: entered promiscuous mode
[   99.416682][ T6553] syzkaller1: entered allmulticast mode
[   99.945741][ T6588] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  100.318656][ T6607] xt_TCPMSS: Only works on TCP SYN packets
[  100.431908][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.722924][   T29] audit: type=1804 audit(1719102594.599:4): pid=6628 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir651325836/syzkaller.SbEyji/81/cgroup.controllers" dev="sda1" ino=1955 res=1 errno=0
[  101.359902][ T6663] __nla_validate_parse: 10 callbacks suppressed
[  101.359921][ T6663] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  101.502785][ T6669] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  101.911907][ T6690] FAULT_INJECTION: forcing a failure.
[  101.911907][ T6690] name failslab, interval 1, probability 0, space 0, times 0
[  101.959036][ T6690] CPU: 1 PID: 6690 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  101.969505][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  101.979594][ T6690] Call Trace:
[  101.982894][ T6690]  <TASK>
[  101.985857][ T6690]  dump_stack_lvl+0x241/0x360
[  101.990579][ T6690]  ? __pfx_dump_stack_lvl+0x10/0x10
[  101.995824][ T6690]  ? __pfx__printk+0x10/0x10
[  102.000463][ T6690]  ? netlink_insert+0x10b7/0x14b0
[  102.005612][ T6690]  should_fail_ex+0x3b0/0x4e0
[  102.010326][ T6690]  ? __alloc_skb+0x1c3/0x440
[  102.015039][ T6690]  should_failslab+0x9/0x20
[  102.019585][ T6690]  kmem_cache_alloc_node_noprof+0x71/0x320
[  102.025445][ T6690]  __alloc_skb+0x1c3/0x440
[  102.029904][ T6690]  ? __pfx___alloc_skb+0x10/0x10
[  102.034879][ T6690]  ? netlink_autobind+0xd6/0x2f0
[  102.039846][ T6690]  ? netlink_autobind+0x2b0/0x2f0
[  102.044911][ T6690]  netlink_sendmsg+0x638/0xcb0
[  102.049711][ T6690]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.055027][ T6690]  ? __import_iovec+0x536/0x820
[  102.059907][ T6690]  ? aa_sock_msg_perm+0x91/0x160
[  102.064874][ T6690]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  102.070213][ T6690]  ? security_socket_sendmsg+0x87/0xb0
[  102.075990][ T6690]  ? __pfx_netlink_sendmsg+0x10/0x10
[  102.081310][ T6690]  __sock_sendmsg+0x221/0x270
[  102.086116][ T6690]  ____sys_sendmsg+0x525/0x7d0
[  102.090924][ T6690]  ? __pfx_____sys_sendmsg+0x10/0x10
[  102.096260][ T6690]  __sys_sendmmsg+0x3b2/0x740
[  102.100979][ T6690]  ? __pfx___sys_sendmmsg+0x10/0x10
[  102.106260][ T6690]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  102.112191][ T6690]  ? ksys_write+0x23e/0x2c0
[  102.116719][ T6690]  ? __pfx_lock_release+0x10/0x10
[  102.121767][ T6690]  ? vfs_write+0x7c4/0xc90
[  102.126214][ T6690]  ? __mutex_unlock_slowpath+0x21d/0x750
[  102.131876][ T6690]  ? __pfx_vfs_write+0x10/0x10
[  102.136694][ T6690]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  102.142720][ T6690]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  102.149328][ T6690]  ? do_syscall_64+0x100/0x230
[  102.154218][ T6690]  __x64_sys_sendmmsg+0xa0/0xb0
[  102.159090][ T6690]  do_syscall_64+0xf3/0x230
[  102.163612][ T6690]  ? clear_bhb_loop+0x35/0x90
[  102.168400][ T6690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  102.174419][ T6690] RIP: 0033:0x7fe72347d0a9
[  102.178867][ T6690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  102.198679][ T6690] RSP: 002b:00007fe722fff0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  102.207125][ T6690] RAX: ffffffffffffffda RBX: 00007fe7235b3f80 RCX: 00007fe72347d0a9
[  102.215128][ T6690] RDX: 04000000000001f2 RSI: 0000000020000000 RDI: 0000000000000003
[  102.223133][ T6690] RBP: 00007fe722fff120 R08: 0000000000000000 R09: 0000000000000000
[  102.231122][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  102.239116][ T6690] R13: 000000000000004d R14: 00007fe7235b3f80 R15: 00007ffcf5845648
[  102.247113][ T6690]  </TASK>
[  102.259233][   T29] audit: type=1800 audit(1719102596.139:5): pid=6684 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1965 res=0 errno=0
[  102.846282][ T6723] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.3'.
[  102.908155][ T6719] vxcan0: Master is either lo or non-ether device
[  102.953662][ T6719] team_slave_1: mtu less than device minimum
[  103.161958][ T6735] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  103.352049][ T6738] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  104.133170][ T6785] syz-executor.2[6785] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.133418][ T6785] syz-executor.2[6785] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  104.284512][ T6792] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  104.983716][ T6831] sit0: entered promiscuous mode
[  105.016178][ T6831] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  105.044433][ T6831] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'.
[  105.072339][ T6835] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  105.454370][ T6854] Bluetooth: MGMT ver 1.22
[  105.580818][ T6857] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  105.775644][ T6877] Dead loop on virtual device ip6_vti0, fix it urgently!
[  105.837912][ T6861] bond2: (slave bridge1): Enslaving as a backup interface with an up link
[  106.186230][ T6895] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  106.235097][ T6895] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  106.302570][ T6895] vlan2: entered promiscuous mode
[  106.337751][ T6895] vlan2: entered allmulticast mode
[  106.408615][ T6905] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  106.426545][ T6905] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  106.496728][ T6911] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  106.510494][ T6911] bond0: entered allmulticast mode
[  106.517287][ T6911] bond_slave_0: entered allmulticast mode
[  106.523332][ T6911] bond_slave_1: entered allmulticast mode
[  106.557627][ T6909] syzkaller0: entered allmulticast mode
[  106.597524][ T6911] macvlan2: entered allmulticast mode
[  106.623214][ T6909] syzkaller0 (unregistering): left allmulticast mode
[  106.796721][ T6917] pim6reg: entered allmulticast mode
[  106.847274][ T6919] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  106.992414][ T6926] netlink: 209848 bytes leftover after parsing attributes in process `syz-executor.4'.
[  107.021963][ T6923] pim6reg: left allmulticast mode
[  107.461910][ T6947] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  107.593092][ T6947] sctp: [Deprecated]: syz-executor.2 (pid 6947) Use of int in max_burst socket option deprecated.
[  107.593092][ T6947] Use struct sctp_assoc_value instead
[  107.615720][ T6955] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  107.702628][ T6958] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0)
[  107.821884][ T6967] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[  107.891976][ T6964] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.4'.
[  107.920949][ T6967] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.4'.
[  107.998117][ T6979] netlink: 134824 bytes leftover after parsing attributes in process `syz-executor.1'.
[  108.044374][ T6979] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  108.065616][ T6979] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  108.545411][ T7002] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  108.978341][ T7022] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  108.999574][ T7024] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  109.889653][   T29] audit: type=1804 audit(1719102603.769:6): pid=7044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir2472587991/syzkaller.XibI3t/109/cgroup.controllers" dev="sda1" ino=1946 res=1 errno=0
[  110.217493][ T7049] can: request_module (can-proto-0) failed.
[  111.181420][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  111.187944][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  111.194536][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  111.200979][    C1] vcan0: j1939_xtp_rx_dat: no rx connection found
[  111.207564][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.215641][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.223598][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.231427][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.239447][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.247418][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.255414][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.263286][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.271212][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.279117][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.287081][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.294962][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.303025][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.310858][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.318829][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.326796][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.334800][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.342672][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.350613][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.358509][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.366485][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.374384][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.382362][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.390193][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.398229][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.406116][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.414074][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.421969][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.430154][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.438044][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.446009][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.453899][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.461856][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.469691][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.477674][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.485548][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.493515][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.501355][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.509323][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.517193][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.525176][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  111.533074][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  111.815368][ T7094] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  111.817122][ T7093] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  111.886106][ T7093] __nla_validate_parse: 4 callbacks suppressed
[  111.886124][ T7093] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  111.968880][ T7093] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  111.989291][ T7093] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  112.159586][ T7102] sctp: [Deprecated]: syz-executor.0 (pid 7102) Use of struct sctp_assoc_value in delayed_ack socket option.
[  112.159586][ T7102] Use struct sctp_sack_info instead
[  112.174294][ T7111] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  112.246840][ T7102] sctp: [Deprecated]: syz-executor.0 (pid 7102) Use of struct sctp_assoc_value in delayed_ack socket option.
[  112.246840][ T7102] Use struct sctp_sack_info instead
[  112.257555][ T7114] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  112.329453][ T7116] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  112.339252][ T7116] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.2'.
[  112.841254][ T7102] syz-executor.0 (7102) used greatest stack depth: 18064 bytes left
[  112.872286][ T7130] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  113.119816][ T7142] xt_connbytes: Forcing CT accounting to be enabled
[  113.136664][ T7142] xt_CT: You must specify a L4 protocol and not use inversions on it
[  113.719565][ T7173] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.0'.
[  113.722579][ T7167] sctp: [Deprecated]: syz-executor.1 (pid 7167) Use of struct sctp_assoc_value in delayed_ack socket option.
[  113.722579][ T7167] Use struct sctp_sack_info instead
[  113.858835][ T7167] sctp: [Deprecated]: syz-executor.1 (pid 7167) Use of struct sctp_assoc_value in delayed_ack socket option.
[  113.858835][ T7167] Use struct sctp_sack_info instead
[  113.968890][ T7182] netlink: 105108 bytes leftover after parsing attributes in process `syz-executor.3'.
[  113.997444][ T7182] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  114.017200][ T7182] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  114.044132][ T7184] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  114.062061][ T7184] macvlan2: entered promiscuous mode
[  114.072633][ T7184] mac80211_hwsim hwsim2 wlan0: left promiscuous mode
[  114.426968][ T7201] syz-executor.4[7201] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.427128][ T7201] syz-executor.4[7201] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  114.528903][ T7204] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  114.900331][ T7221] batadv_slave_1: entered promiscuous mode
[  115.146785][ T7220] batadv_slave_1: left promiscuous mode
[  115.459239][ T7238] sctp: [Deprecated]: syz-executor.4 (pid 7238) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.459239][ T7238] Use struct sctp_sack_info instead
[  115.574674][ T7238] sctp: [Deprecated]: syz-executor.4 (pid 7238) Use of struct sctp_assoc_value in delayed_ack socket option.
[  115.574674][ T7238] Use struct sctp_sack_info instead
[  115.719968][ T7266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  115.749884][ T7266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  115.797802][ T7266] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  115.966673][ T7278] vlan1: entered promiscuous mode
[  116.093512][ T7278] vlan1 (unregistering): left promiscuous mode
[  116.939406][ T7313] __nla_validate_parse: 2 callbacks suppressed
[  116.939420][ T7313] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  117.537231][ T7334] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  118.256254][ T7366] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  118.300408][ T7367] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.658895][ T7388] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.675293][ T5483] ==================================================================
[  118.683393][ T5483] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[  118.691494][ T5483] Read of size 8 at addr ffff88801e4d40b8 by task kworker/u8:40/5483
[  118.699669][ T5483] 
2024/06/23 00:30:12 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  118.701999][ T5483] CPU: 0 PID: 5483 Comm: kworker/u8:40 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  118.712334][ T5483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  118.722402][ T5483] Workqueue: l2tp l2tp_tunnel_del_work
[  118.727896][ T5483] Call Trace:
[  118.731182][ T5483]  <TASK>
[  118.734115][ T5483]  dump_stack_lvl+0x241/0x360
[  118.738808][ T5483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  118.744016][ T5483]  ? __pfx__printk+0x10/0x10
[  118.748626][ T5483]  ? _printk+0xd5/0x120
[  118.752805][ T5483]  ? __virt_addr_valid+0x183/0x520
[  118.757935][ T5483]  ? __virt_addr_valid+0x183/0x520
[  118.763070][ T5483]  print_report+0x169/0x550
[  118.767587][ T5483]  ? __virt_addr_valid+0x183/0x520
[  118.772718][ T5483]  ? __virt_addr_valid+0x183/0x520
[  118.777841][ T5483]  ? __virt_addr_valid+0x44e/0x520
[  118.782964][ T5483]  ? __phys_addr+0xba/0x170
[  118.787484][ T5483]  ? l2tp_tunnel_del_work+0xe5/0x330
[  118.792791][ T5483]  kasan_report+0x143/0x180
[  118.797310][ T5483]  ? l2tp_tunnel_del_work+0xe5/0x330
[  118.802620][ T5483]  l2tp_tunnel_del_work+0xe5/0x330
[  118.807742][ T5483]  ? process_scheduled_works+0x945/0x1830
[  118.813471][ T5483]  process_scheduled_works+0xa2c/0x1830
[  118.819044][ T5483]  ? __pfx_process_scheduled_works+0x10/0x10
[  118.825033][ T5483]  ? assign_work+0x364/0x3d0
[  118.829637][ T5483]  worker_thread+0x86d/0xd70
[  118.834248][ T5483]  ? __kthread_parkme+0x169/0x1d0
[  118.839304][ T5483]  ? __pfx_worker_thread+0x10/0x10
[  118.844426][ T5483]  kthread+0x2f0/0x390
[  118.848504][ T5483]  ? __pfx_worker_thread+0x10/0x10
[  118.853623][ T5483]  ? __pfx_kthread+0x10/0x10
[  118.858218][ T5483]  ret_from_fork+0x4b/0x80
[  118.862632][ T5483]  ? __pfx_kthread+0x10/0x10
[  118.867213][ T5483]  ret_from_fork_asm+0x1a/0x30
[  118.871975][ T5483]  </TASK>
[  118.874981][ T5483] 
[  118.877288][ T5483] Allocated by task 7384:
[  118.881597][ T5483]  kasan_save_track+0x3f/0x80
[  118.886269][ T5483]  __kasan_kmalloc+0x98/0xb0
[  118.890849][ T5483]  __kmalloc_noprof+0x1f9/0x400
[  118.895686][ T5483]  l2tp_session_create+0x3b/0xc20
[  118.900700][ T5483]  pppol2tp_connect+0xca3/0x17a0
[  118.905628][ T5483]  __sys_connect+0x2df/0x310
[  118.910206][ T5483]  __x64_sys_connect+0x7a/0x90
[  118.914957][ T5483]  do_syscall_64+0xf3/0x230
[  118.919450][ T5483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  118.925336][ T5483] 
[  118.927669][ T5483] Freed by task 24:
[  118.931456][ T5483]  kasan_save_track+0x3f/0x80
[  118.936124][ T5483]  kasan_save_free_info+0x40/0x50
[  118.941137][ T5483]  poison_slab_object+0xe0/0x150
[  118.946062][ T5483]  __kasan_slab_free+0x37/0x60
[  118.950810][ T5483]  kfree+0x149/0x360
[  118.954695][ T5483]  __sk_destruct+0x58/0x5f0
[  118.959189][ T5483]  rcu_core+0xafd/0x1830
[  118.963430][ T5483]  handle_softirqs+0x2c4/0x970
[  118.968180][ T5483]  run_ksoftirqd+0xca/0x130
[  118.972669][ T5483]  smpboot_thread_fn+0x544/0xa30
[  118.977590][ T5483]  kthread+0x2f0/0x390
[  118.981650][ T5483]  ret_from_fork+0x4b/0x80
[  118.986057][ T5483]  ret_from_fork_asm+0x1a/0x30
[  118.990815][ T5483] 
[  118.993124][ T5483] Last potentially related work creation:
[  118.998819][ T5483]  kasan_save_stack+0x3f/0x60
[  119.003484][ T5483]  __kasan_record_aux_stack+0xac/0xc0
[  119.008842][ T5483]  call_rcu+0x167/0xa70
[  119.012983][ T5483]  pppol2tp_release+0x24b/0x350
[  119.017823][ T5483]  sock_close+0xbc/0x240
[  119.022055][ T5483]  __fput+0x406/0x8b0
[  119.026021][ T5483]  task_work_run+0x24f/0x310
[  119.030604][ T5483]  syscall_exit_to_user_mode+0x168/0x370
[  119.036226][ T5483]  do_syscall_64+0x100/0x230
[  119.040808][ T5483]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.046696][ T5483] 
[  119.049005][ T5483] The buggy address belongs to the object at ffff88801e4d4000
[  119.049005][ T5483]  which belongs to the cache kmalloc-1k of size 1024
[  119.063059][ T5483] The buggy address is located 184 bytes inside of
[  119.063059][ T5483]  freed 1024-byte region [ffff88801e4d4000, ffff88801e4d4400)
[  119.076932][ T5483] 
[  119.079242][ T5483] The buggy address belongs to the physical page:
[  119.085647][ T5483] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1e4d0
[  119.094400][ T5483] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  119.102883][ T5483] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  119.110764][ T5483] page_type: 0xffffefff(slab)
[  119.115448][ T5483] raw: 00fff00000000040 ffff888015041dc0 ffffea0000c12800 dead000000000003
[  119.124022][ T5483] raw: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000
[  119.132610][ T5483] head: 00fff00000000040 ffff888015041dc0 ffffea0000c12800 dead000000000003
[  119.141278][ T5483] head: 0000000000000000 0000000080100010 00000001ffffefff 0000000000000000
[  119.149956][ T5483] head: 00fff00000000003 ffffea0000793401 ffffffffffffffff 0000000000000000
[  119.158614][ T5483] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  119.167264][ T5483] page dumped because: kasan: bad access detected
[  119.173675][ T5483] page_owner tracks the page as allocated
[  119.179412][ T5483] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 11, tgid 11 (kworker/u8:0), ts 66260976028, free_ts 66237047883
[  119.199977][ T5483]  post_alloc_hook+0x1f3/0x230
[  119.204742][ T5483]  get_page_from_freelist+0x2e43/0x2f00
[  119.210278][ T5483]  __alloc_pages_noprof+0x256/0x6c0
[  119.215463][ T5483]  alloc_slab_page+0x5f/0x120
[  119.220131][ T5483]  allocate_slab+0x5a/0x2f0
[  119.224621][ T5483]  ___slab_alloc+0xcd1/0x14b0
[  119.229284][ T5483]  __slab_alloc+0x58/0xa0
[  119.233602][ T5483]  __kmalloc_noprof+0x257/0x400
[  119.238449][ T5483]  ieee802_11_parse_elems_full+0xdb/0x2880
[  119.244246][ T5483]  ieee80211_inform_bss+0x15f/0x1080
[  119.249519][ T5483]  cfg80211_inform_single_bss_data+0x1121/0x2360
[  119.255841][ T5483]  cfg80211_inform_bss_data+0x3dd/0x5a70
[  119.261462][ T5483]  cfg80211_inform_bss_frame_data+0x3bc/0x720
[  119.267519][ T5483]  ieee80211_bss_info_update+0x8a7/0xbc0
[  119.273150][ T5483]  ieee80211_ibss_rx_queued_mgmt+0x1962/0x2d70
[  119.279289][ T5483]  ieee80211_iface_work+0x8a5/0xf20
[  119.284476][ T5483] page last free pid 4549 tgid 4549 stack trace:
[  119.290789][ T5483]  free_unref_page+0xd22/0xea0
[  119.295631][ T5483]  __put_partials+0xeb/0x130
[  119.300207][ T5483]  put_cpu_partial+0x17c/0x250
[  119.304964][ T5483]  __slab_free+0x2ea/0x3d0
[  119.309369][ T5483]  qlist_free_all+0x9e/0x140
[  119.313951][ T5483]  kasan_quarantine_reduce+0x14f/0x170
[  119.319399][ T5483]  __kasan_slab_alloc+0x23/0x80
[  119.324250][ T5483]  __kmalloc_noprof+0x1a3/0x400
[  119.329096][ T5483]  tomoyo_encode+0x26f/0x540
[  119.333680][ T5483]  tomoyo_realpath_from_path+0x59e/0x5e0
[  119.339308][ T5483]  tomoyo_check_open_permission+0x255/0x500
[  119.345198][ T5483]  security_file_open+0x6a/0x730
[  119.350124][ T5483]  do_dentry_open+0x36c/0x1720
[  119.354875][ T5483]  path_openat+0x289f/0x3280
[  119.359451][ T5483]  do_filp_open+0x235/0x490
[  119.363976][ T5483]  do_sys_openat2+0x13e/0x1d0
[  119.368640][ T5483] 
[  119.370949][ T5483] Memory state around the buggy address:
[  119.376565][ T5483]  ffff88801e4d3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  119.384611][ T5483]  ffff88801e4d4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.392659][ T5483] >ffff88801e4d4080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.400699][ T5483]                                         ^
[  119.406571][ T5483]  ffff88801e4d4100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.414616][ T5483]  ffff88801e4d4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  119.422657][ T5483] ==================================================================
[  119.430747][ T5483] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  119.437941][ T5483] CPU: 0 PID: 5483 Comm: kworker/u8:40 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  119.448278][ T5483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  119.458356][ T5483] Workqueue: l2tp l2tp_tunnel_del_work
[  119.463843][ T5483] Call Trace:
[  119.467123][ T5483]  <TASK>
[  119.470053][ T5483]  dump_stack_lvl+0x241/0x360
[  119.474752][ T5483]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.479960][ T5483]  ? __pfx__printk+0x10/0x10
[  119.484565][ T5483]  ? vscnprintf+0x5d/0x90
[  119.488907][ T5483]  panic+0x349/0x860
[  119.492814][ T5483]  ? check_panic_on_warn+0x21/0xb0
[  119.497936][ T5483]  ? __pfx_panic+0x10/0x10
[  119.502361][ T5483]  ? mark_lock+0x9a/0x350
[  119.506698][ T5483]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  119.512604][ T5483]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  119.518648][ T5483]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  119.524997][ T5483]  ? print_report+0x502/0x550
[  119.529689][ T5483]  check_panic_on_warn+0x86/0xb0
[  119.534637][ T5483]  ? l2tp_tunnel_del_work+0xe5/0x330
[  119.539930][ T5483]  end_report+0x77/0x160
[  119.544180][ T5483]  kasan_report+0x154/0x180
[  119.548692][ T5483]  ? l2tp_tunnel_del_work+0xe5/0x330
[  119.553988][ T5483]  l2tp_tunnel_del_work+0xe5/0x330
[  119.559110][ T5483]  ? process_scheduled_works+0x945/0x1830
[  119.564837][ T5483]  process_scheduled_works+0xa2c/0x1830
[  119.570400][ T5483]  ? __pfx_process_scheduled_works+0x10/0x10
[  119.576389][ T5483]  ? assign_work+0x364/0x3d0
[  119.580984][ T5483]  worker_thread+0x86d/0xd70
[  119.585591][ T5483]  ? __kthread_parkme+0x169/0x1d0
[  119.590628][ T5483]  ? __pfx_worker_thread+0x10/0x10
[  119.595752][ T5483]  kthread+0x2f0/0x390
[  119.599833][ T5483]  ? __pfx_worker_thread+0x10/0x10
[  119.604949][ T5483]  ? __pfx_kthread+0x10/0x10
[  119.609547][ T5483]  ret_from_fork+0x4b/0x80
[  119.613972][ T5483]  ? __pfx_kthread+0x10/0x10
[  119.618567][ T5483]  ret_from_fork_asm+0x1a/0x30
[  119.623346][ T5483]  </TASK>
[  119.626507][ T5483] Kernel Offset: disabled
[  119.630814][ T5483] Rebooting in 86400 seconds..