last executing test programs:

1m22.156213297s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

1m10.064718554s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

54.703097257s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

36.877952813s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

25.608208165s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

13.326599539s ago: executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)={0x7c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x7}]}, 0x7c}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x2012, r1, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b28, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x200000000000011, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0), 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008009776b7040000000000008500000033"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680), 0xa)
setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=r4, @ANYBLOB="0000000000800200380012800b0001006272696467650000280002800c002300fbffffffffffffff05002400000000010500240001000000060027"], 0x58}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18010000000000000000000000000000850000002e00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r5}, 0xc)
setsockopt$inet6_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x6}}, 0x0, 0x0, 0x44, 0x0, "30433db4f0dcb89838e1e63502a7099b424361a3ef812f4648c33dafd22d84b132d0cce825c2487c980ad8a9aaaadc882345a7e77247c8c833f13c401c2bc162e25597ff4b5cf7afba41a9a668176833"}, 0xd8)
accept4(r1, 0x0, &(0x7f0000000000), 0x800)

13.094577053s ago: executing program 1:
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x26, 0x0, 0x14)
sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x3f5, 0x10, 0x70bd29, 0x255fdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000600)=0x4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000002c0)={r3}, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)={r3, 0x5de, 0xef, "0401e7135edb2602a224d3dfbc47b417aa15ba3eb9b1c46ea2fa2d5e002c5ae3142174e9c5f4b4dc553fda4e65d90dd9f116d2deeb31e0597031d6ba317d310875b79d27d2c84020860061b16d20e7382ffe40a58670e711a36f8cf156678761cedff9e9c9f0be7670f662472c42429d340476775b7b59cdf0c29b0ec7763ad43fc8dd278ea633c0d20cccc589452e06e9a03f5ea2c672f75657fd5da760a1dfe9dbe2ab187462f48464497e948553fe76b0be67e45da9a2886e87d8a259de83c2415ac345d64b33e8cc709f605492115d8ac4b2f704f94c8f8d63cff02b64ef67e3652efc9b9c0adb111fc7698cad"}, 0xf7)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000700)={'#! ', './file0', [], 0xa, "05aeb0c9a9ffd587a1b645995ed347e840e5786bc6858abc8027e8a3859ee478923670723147572eb177fdbd3403eb0c7779cb1ad4e3781012244a125c61408f6709587da377dab3fe6c51e60fdf97558a1bc1c316bd8aa1fc01188b4ceadac2830b082b0649fcf009e6b680d5350fab331cc89816fdd8c2080dc0feca943d63f13f"}, 0x8d)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f0000002e80)={0x1a, 0x30f, 0x1, 0xff, 0x4, 0x3f, @random="64067040a1f8"}, 0x10)
connect$llc(r7, &(0x7f0000000040)={0x1a, 0x11d, 0x80, 0x9b, 0x40, 0xf2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, 0x10)
sendto$llc(r7, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x1a, 0x331, 0x1, 0x0, 0x7, 0x3, @random="9bed3aeb1d3e"}, 0x10)
setsockopt$sock_timeval(r7, 0x1, 0x14, &(0x7f0000002ec0), 0x10)
connect$llc(r7, &(0x7f0000000000)={0x1a, 0x204, 0x0, 0x9b, 0x2, 0x5, @local}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f00000002c0)=""/179, 0xb3, <r8=>0x0, &(0x7f0000000380)=""/138, 0x8a}}, 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x77}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4f, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000032c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000003340)={0x3, 0x1d, &(0x7f0000003000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @exit, @map_fd={0x18, 0xe}, @exit, @call={0x85, 0x0, 0x0, 0x2b}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000003100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x0, 0xa, 0xffff, 0x6}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000003300)=[r9, r7, r10]}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x7, 0x12, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, [@jmp={0x5, 0x1, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x8}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20}}, @map_fd={0x18, 0x9, 0x1, 0x0, r4}, @alu={0x0, 0x0, 0x3, 0x5, 0x9, 0xfffffffffffffff8, 0xffffffffffffffeb}, @jmp={0x5, 0x1, 0x6, 0x2, 0xb, 0x50, 0xfffffffffffffffc}, @alu={0x4, 0x0, 0x0, 0x1, 0x2, 0x4, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x5, 0x2, 0x1, 0x18}]}, &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, r6, 0x8, &(0x7f0000000440)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x8, 0x5, 0x10000}, 0x10, r8, r5, 0x5, &(0x7f00000004c0)=[r4, r4, r4], &(0x7f0000000500)=[{0x5, 0x3, 0x7, 0xb}, {0x5, 0x5, 0xd, 0x8}, {0x3, 0x4, 0xc}, {0x5, 0x0, 0xe, 0x6}, {0x1, 0x4, 0x6, 0x8}], 0x10, 0x81}, 0x90)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x64, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x0, 0x0, @broadcast}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

12.223521451s ago: executing program 1:
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x26, 0x0, 0x14)
sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x3f5, 0x10, 0x70bd29, 0x255fdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000600)=0x4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000002c0)={r3}, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)={r3, 0x5de, 0xef, "0401e7135edb2602a224d3dfbc47b417aa15ba3eb9b1c46ea2fa2d5e002c5ae3142174e9c5f4b4dc553fda4e65d90dd9f116d2deeb31e0597031d6ba317d310875b79d27d2c84020860061b16d20e7382ffe40a58670e711a36f8cf156678761cedff9e9c9f0be7670f662472c42429d340476775b7b59cdf0c29b0ec7763ad43fc8dd278ea633c0d20cccc589452e06e9a03f5ea2c672f75657fd5da760a1dfe9dbe2ab187462f48464497e948553fe76b0be67e45da9a2886e87d8a259de83c2415ac345d64b33e8cc709f605492115d8ac4b2f704f94c8f8d63cff02b64ef67e3652efc9b9c0adb111fc7698cad"}, 0xf7)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000700)={'#! ', './file0', [], 0xa, "05aeb0c9a9ffd587a1b645995ed347e840e5786bc6858abc8027e8a3859ee478923670723147572eb177fdbd3403eb0c7779cb1ad4e3781012244a125c61408f6709587da377dab3fe6c51e60fdf97558a1bc1c316bd8aa1fc01188b4ceadac2830b082b0649fcf009e6b680d5350fab331cc89816fdd8c2080dc0feca943d63f13f"}, 0x8d)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f0000002e80)={0x1a, 0x30f, 0x1, 0xff, 0x4, 0x3f, @random="64067040a1f8"}, 0x10)
connect$llc(r7, &(0x7f0000000040)={0x1a, 0x11d, 0x80, 0x9b, 0x40, 0xf2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, 0x10)
sendto$llc(r7, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x1a, 0x331, 0x1, 0x0, 0x7, 0x3, @random="9bed3aeb1d3e"}, 0x10)
setsockopt$sock_timeval(r7, 0x1, 0x14, &(0x7f0000002ec0), 0x10)
connect$llc(r7, &(0x7f0000000000)={0x1a, 0x204, 0x0, 0x9b, 0x2, 0x5, @local}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f00000002c0)=""/179, 0xb3, <r8=>0x0, &(0x7f0000000380)=""/138, 0x8a}}, 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x77}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4f, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000032c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000003340)={0x3, 0x1d, &(0x7f0000003000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @exit, @map_fd={0x18, 0xe}, @exit, @call={0x85, 0x0, 0x0, 0x2b}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000003100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x0, 0xa, 0xffff, 0x6}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000003300)=[0xffffffffffffffff, r7, r10], 0x0, 0x10, 0x20}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x7, 0x12, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, [@jmp={0x5, 0x1, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x8}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x20}}, @map_fd={0x18, 0x9, 0x1, 0x0, r4}, @alu={0x0, 0x0, 0x3, 0x5, 0x9, 0xfffffffffffffff8, 0xffffffffffffffeb}, @jmp={0x5, 0x1, 0x6, 0x2, 0xb, 0x50, 0xfffffffffffffffc}, @alu={0x4, 0x0, 0x0, 0x1, 0x2, 0x4, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x5, 0x2, 0x1, 0x18}]}, &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, r6, 0x8, &(0x7f0000000440)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x8, 0x5, 0x10000}, 0x10, r8, r5, 0x5, &(0x7f00000004c0)=[r4, r4, r4], &(0x7f0000000500)=[{0x5, 0x3, 0x7, 0xb}, {0x5, 0x5, 0xd, 0x8}, {0x3, 0x4, 0xc}, {0x5, 0x0, 0xe, 0x6}, {0x1, 0x4, 0x6, 0x8}], 0x10, 0x81}, 0x90)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x64, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x0, 0x0, @broadcast}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

11.386054541s ago: executing program 1:
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x16, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="7400000056512f3e000000010000000007000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008000c00040007004c001a804800048014000700ff01000000000000000000000000000114000700fc01000000000000000000000000000014000700fe80000000000000000000000000000005000b"], 0x74}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
sendmmsg$inet(r1, &(0x7f0000001540)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000dc0)=[{&(0x7f0000000a40)='o', 0x1}, {0x0, 0x2}], 0x2}}], 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003b000b05d25a806c8c6394f90224fc60100005000a000200053582c137153e37000c0180fc0b10001100", 0x33fe0}], 0x1}, 0x0)

11.169450554s ago: executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000007c0)=ANY=[@ANYBLOB="2c0000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000000c001a80080004ae9a000280"], 0x2c}}, 0x0)

11.141321484s ago: executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000100), 0x1c)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x11, 0x80a, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'bond0\x00', <r4=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="3c0000b1df427800"/19, @ANYRES32=r4, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028005000c0000000000"], 0x3c}}, 0x0)
sendmsg$NL80211_CMD_TDLS_CHANNEL_SWITCH(r3, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000340)={0x90, 0x0, 0x100, 0x70bd29, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x8811, 0x3}}}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0xef63af1d1be6b4ed}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x28}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x9}, @NL80211_ATTR_CENTER_FREQ2={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x22}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8b4a}], @NL80211_ATTR_OPER_CLASS={0x5, 0xd6, 0x4}]}, 0x90}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@bloom_filter={0x1e, 0x5, 0xff3, 0x80000000, 0x181, 0x1, 0x6, '\x00', r4, r0, 0x4, 0x3, 0x5}, 0x48)
listen(r5, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f00000012c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x0, 0x34, 0x0, "0c9e089c1b4a04000bde79f04103c458187eb46c2d996aff287154e786455261c425a7519cc275d04e6205abd307a0c4fa3838bf399ad5bd35f21907c7988d1300"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r5, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @private1}}, 0x0, 0x0, 0xc, 0x0, "a1c1dd75a6843e10951cd4b347113e55eb499519becf7542da0bc21470e441225642855b5f2f4bb561dc9363aed4a18d67efd5f2fdf98328de9441031348589b763d46d14810acc5f700"}, 0xd8)
r6 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r6, 0x0)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r7, 0x0)
listen(0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4e22, @remote}, {0x2, 0x4e20, @empty}, {0x2, 0x4e23, @remote}, 0x225, 0x0, 0x0, 0x0, 0x800, 0x0, 0x7ff, 0x7fff, 0x70e})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, &(0x7f00000004c0)={'pim6reg1\x00', @link_local})
r8 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r8, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000020000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100080c10000000000000000000", 0x58}], 0x1)

10.86280781s ago: executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00'})
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x4c}, [@call={0x85, 0x0, 0x0, 0x2}]}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)

2.867637831s ago: executing program 3:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000010473ca7501003fc400925e4a44", @ANYRES32=<r0=>0xffffffffffffffff, @ANYBLOB="0d01140016000000240012000c00040062720064676500000c0002f60800000001080000080001"], 0x44}}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x6e22, 0x0, @empty}, 0x1c)
listen(r2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r3, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008000f0fffeffe809000000fff5dd0000001000010006080800418e00000004fcff", 0x58}], 0x1)
socket(0x10, 0x803, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000025c0)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, 0x0}}], 0x1, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r6}, 0x10)
pipe(&(0x7f0000001a80)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff})
bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r5, &(0x7f0000000000)=ANY=[@ANYBLOB='\"\x00\x00\x00\a'], 0xd)
r10 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="140100000000b2000500000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r11 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000140)='contention_end\x00', r11}, 0x10)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000001ac0)=ANY=[@ANYRES32=r4, @ANYRES8=r5, @ANYRES16=r9, @ANYRES16=r0, @ANYRES64=r10, @ANYBLOB="1c2b74760238bcd494f140aaa8d1e17b77e01fdcce6ecfd6471bce4d0ce9b4b3c1479e3859b25df647441661d00a77601b15bb46c5e23d10733d13ebb1e5f1fd1411218dcc6070edb9e390123af23dbf834c00696cd72c0d384ccb882c51c3e33847c3a74603e6b02161aadb7c5f0f3e9a954ca7739040cde70cc262878ff725af19e9d2f607723c6be60db9bea20678e34e47e0b6dd52c79c14f6246dfd6feedcb3ac7d9e59e81e1ebd8d96327e0b8047b985fc39f89f1bdd59e08a9c72fdc71268d4df7cd963166e298cb117f7b0da16d30de1df5701951aa60cf04c7b4b84bbb7b6fc36ac448f898929f1f6806d4d1f8f7c8fa64abdf63b", @ANYRES16=r7, @ANYRESHEX], 0x58}}, 0x0)
r12 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r12, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000008"], 0x24d8}], 0x1}, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000640), 0xffffffffffffffff)
ioctl$INCFS_IOC_FILL_BLOCKS(r4, 0x80106720, &(0x7f0000001940)={0xa, &(0x7f0000001800)=[{0x1, 0x1b, &(0x7f0000000080)="23a8486ca28f1d41f34c923a230adc1fcca97bf2924b7fce934e2c", 0x1}, {0x6, 0x67, &(0x7f0000000180)="57ffce496e1a57f49faf77fee89b44bab0e69e4e3852029bb88448a6b50619af1c5b618e5ee033afb8ba2ad1e6a51a6ff999d34e93758cbd3987277b774b8e10b931e3c6abd670b54ca9ba832296ceed121b794c11d82d1a76835705eac1972136ae8752d07dd0"}, {0x10, 0x6b, &(0x7f0000000300)="421340a1256a150ad20c4a45ff3bbb1bd3bc8a677532de0cef9f8b5b1c767fe0dc4aa293319327e118986577e8dd77a7dc1c93ded5a36a8ce20d7eebb2b3790057f5d546ff8eeed4dd7cae2a621ac4961185b5ee0fb6d58ea05cd81039a01f9f3e074510c02dfe6bf45df1", 0x1}, {0x7ff, 0xe8, &(0x7f0000000380)="1552696a62e6de46d808cb547bbc130724e64819c7b13fd8f55a0683244db749b3be384e0cdabe5dbbd3cf2ab28e5ba128fbf27519a004604d0055e78f842d523e39a08e560488c99e27049bda7b398beff4e9e71ed861f2e2c683d81adb5e3d98814cade91ce8792c470ac653babd2ac5bffa5e5d94b559e45136190bb934647ed493af1b0163bacf3c71190841f64b1dfdad0c707a59de49966a2f155a2b9fe9d3bf84ddb6430791d819ccd652223d548da900cd130ff949edcc7b6d773eae2e924c98f4f731e675911115bf3a27d7caba7ed5386c37896d9a810194e1e38eb4b69add1a9ca10f"}, {0x7, 0x74, &(0x7f0000000480)="27f2b1054119ead5b9cacc34d3898859e13b8937697cdb09b6eac9c90cedc5bd6508f7e28ce7ba791d5b3b326ceaeb2104f5eabcf1d4b6e81acf564f2e3927e22912bbb9b25a28147bbc4ca33be2bb3021a2404ce722b38f0a720ae21c81e8500898317531aca44352387088e5d2a980bc22682d"}, {0x9, 0x70, &(0x7f0000000500)="01baadf109f67cc75ab2e2a63a6b5ffd0152746d479244b2834c6946d24960e9ac6bb2db9089c1a9bae69398f5d12ad7a62361f921d7755a890c2e973a669d5fc52be74f9e331582a720842419fabae10f0329f4c90e2bff28ba416ac53923f40e8be1b930eb860725c1e9790e5cf483", 0x1, 0x1}, {0x3, 0x42, &(0x7f0000000680)="3b3a21d37a8c66c35631c30937f7a5ba19931dd97f62be96427311f01d662f84a5161976fbc6bc6a63c92101c30cbcf4f6cbbf0995e5dc371fd243f1a0d930baca79", 0x0, 0x1}, {0x4, 0x11, &(0x7f0000000600)="26ad0f4c69051952341d8ef8a964663f47", 0x1}, {0xfff, 0x1000, &(0x7f0000000700)="eec0ab6739818a50971281751729eb51288f32d88c903d82c71cbed6a3e59bb349089332f16e3d7453e606886bb5e590d7a2c086cbe541da50f10f7171658586e6eb677f7daa90d9bff58ad897adb0c1fec036b959c2077328161166ada82519e6a47a64f210e005b4397dfd4bf0fa1bbd5d5848e2beae44bba4259576940d17cdd7044de83313953b435757f35eb2baaf397e11b789f4af24ddac95ef5b071173f6b8e0f46c57fed71930409387940095172d9151e3da68082203dcc195bbd5549ed39176e839028d394c7a5775f760a1ec249992d1fcecdf93af365fecff688d97fa9d73a2ad8af2aaa62a545c524098e50534d24d26bda5e8d9e4ed9da8c4fef89f856e26e7620ac0c43720f3f06dac67de06a26ced753cb9167660d31ac00711a9012edbbf77aaa946d1915c97f6dc5e844f7f95a91f2f8308a8c9b79c074367ac3290ae01c2c2a1f9a8a2e696322a2a3e9fef069063823fb1ac40c58887aa238d8ea8cfae65d443e626d7af63d30bf09bf62c4dc2c2abefa5ddfb4d436f8805ef9dfb660a188a8eee867f2200c0f25d60c5f6a21aa72d3114822f9a8214b3d110f46b409623475e4349f4b587ef611229ce629b8cdb23f013eb22a38abdf55f255990799d1cd2cd5c27d0d0209c8f848959989ba9227b9b9641fdfcca053fc8d0ee09643f9691e3aaf1729a0dd3e219febdf3a565b6c2e9506143e77a2bbffba39c77455e16da0c185e8a03b71fbfc5b409e83747e925177cb82debb3f9029143152574afde1515ead041d930696dce3464f02469f6f7e24b9de2b80aa74245649da1b3b23818d9e76ee811db8bf0de0c090d05f30422f1ca0a0c28d885f2d59178207a57287503b5c8d62b17b117ddfb191fe652758193198a0b7363addc9e238d656ac115a9b2771093e1dd1b11488bbb833c405b099aff5feb04a9e7ac59dcde70877bd99cb809ac2fdf5b81d4ea8a69b673b4bf3a58c4f1f21acf6e94db771cde43a14115a0ee5fdc1cbe471b4ea808173ebd59c0f862d3bbdee7ed7493d2728dac31e565d3f3899fafb67a3fbeda8778fe1463743d799a4d7aab80c99bf9f2294ba33cd0f32ae3e9d8e81043ed8cf57f51ad6739dee8d9f345d90bbe93562af2223ad4227291d42e254b54e6272bd6e722618f72c54c49bd4141bd00676ca8079eaf5ba09e0da0fa35f9a28c487a36ebc7705820f2bed50c91d5da8390637b2ff568fec5e629eafdfc9584ecd1dc34e40df093e18c79159cf1eb1fc2c1df2af5df5efc1fc764abe7a3693f0b60eda2230f8af199b15b41c830e82083bd7b1b6984ff03fc0342a1468236d311eaf8cce401ebfd194e654972b76706a46279333865d88902217f9ca056edda5f2fd2a369a1054d30bb7ee9ac208b474c0beca36f225748e7af7ee1f5bb9ed94ad559c914a7545f167a56222422c46a4b4fb245c80e215bc1b7876d50d46a0d93f3695c8eb626c62de3de4c867396dd6f69461c6e1d6d80349505b9aa13e2689048ecefc69c45b670b8b38ed0f92b8b1db615343b26b9f2731cb7bfe3ca1424d7ff25604d6c557144f1ff51877561b99e30e4f17c4ade4b64385048d9c3b095a037994cb376de8d15419f57d6b0f5981530e602a893ec06a9cb5dbbeecd5a59eef726d04f5ed555df6b644663f14aab8570fe8f56d547a2ca801f4352a4bbd9ff8fc688215d8921f5c60e4ec91e0829a9a26319463c296100ce173b7589687fe4a07b98198adb5a1c1bab8b0f0303c97982bc370e2bb6aeffa8cb12ca8a3c9d90d8c66fe0af7e61e2e70e6ae69ea34a3226b3ca508f81f017202785027fa39855d5b969b97ccd5cb486a87a881f42fee80a0f489f2ff73c671b43bb6945bbb12b17715e5b2c772e799769c197910156fc62ba7a9cf781ab8a6342533e87736b4af73d8d334f8a2d30ecb7053a8f4bdebfd1f14eabf1a925646fd4e9296f85a4a62a25644329b117294d12438eb3cf6f28f7628c6eed4b0000a716ce7d2205dbbf4107ce250a235ecbf6151afc308a5bc15aa02d6efeb976f3ec0b5f7c5c94d7f4ffa6e956c62e689588552cd4287e3f69630bf67d895b4e081eb10c4b5fa2f4fa85d6482637cf0bed7ae3b32c60a92b40c3ca71787887fa2180c6922e78420f296725df46981c4f605ae99442b3aabf5b0bf430f4e0b27a64248854ed1c72b4352bf398cb3c8d9a3f7c6a993c698647fbce09f2cf9106d07d342348d075faa12dbaae79e9a57c28f7e605efdbf48c08bc18bbe081b2745edef8795e7d366b4b2b562bcf22f0579825e086667502f1bebafc3d059c55ab4be5b75a07d9a49cded1292d7f05d2b7d60943bc5b5dbf4df50dec479482b1aae6ad2e06bc57711b5fb715e62828b4a3bcb9b335e6c7a8ae2292d57542f5defc967b83b5f9e41155625ae6baed9ac36ffe67f33e93d4dd153207d9f12234341292a1e5d12fef85bd1f7702afbe6c5c177190a87588bc41f8b825e1877fdc133d78d64a36d28086ba972266931acf4dcd666586c72a847924c77f27f67bb58e3be6d0809e3c38fd8caa4f2294158e7d01a74173735273f5461b5799443ad4f49d8e6956b8df22a5e96ae87767237daaeb22eb28bf324cd33e7324eaf2bca5a0547bd1c3f8d07917911ce083879c90ff135745ec625ffd20819d72df207c5fa3e16fb84c6588e6199b46947466f6826ab160d28d31e2261ca285e9e171ccaefd0e1ff14cfe25a01870790c7f4ba2c1f9e0247d16f09e4e58c718c2728f8320a95f2e20fb07746e3b13f81acf63a9927f0c2d823288f08930ef14334b3565df43e9d46d3cdc67025a82bc5d2d3d344ce54c3bdfb4295fe2bef4e616d98e1eabb85c1718a677f2abc21db7f92cb0ac89ff72086eec6432030be17bf1c394011888c3c15371e54486195018c725114c42e3f7d06f26ac7264b73df50d5a18129eeacc0ac6f37fbeb216ea41a12ee16b71a3ff8a084c0ae440cbd0292eb3e8df9b04a50da3b2bbeeab8ee268da4ac93955c1efb4d6bb573b8324d6ed27d4b47b7c4379787bce41507c70d4b6c96577ebb8ec3e21ec23e6a2f26c6196159d673588883a2e94f5d6015720bed040975a5a722b250606f73bd9192c212d91c860cc553658be1cf7756dd5b9a4f36eee41b1747841850ea6627d7760facef557d5fffe3dcbf1e4dc3a6294260fc03e60ca3a37971af21729973a27504f8fa9a4c2c0e5f7ccfa6ae67080d0fe1eacfbfd02b6d24f7416cb4e8d3e9b59e4af8c6f6fa58b8695ed8c24e64944586e3b61acb12ec588862bb59104ba219c4c58f2b8484581547599b640559cf822d6b4f8bd18846eb55b5db23b7b3cffaacf0f2329adbe7fae1cd6d53e1f8b6bfa63f390c1cdb72d696b0b936bdc4068cf56618fd1c57fc890a8c03474f7903910cf260fbcea42f97eebbbebee21b445c28b2b500d9f4be0567aa777a4030847dcd7490e7cc0e4e074ab2657542723d59694e3ba3354fffac6a6f7cafec7b5f1ab4902b01964f0cb698d9eab7f56738d565717d28f6ba15556e7fad2742f489613a78e435b4d586aaf9e9d7f16bf607e37abf8a1af2d793746b60b3e164e375298c95c0ef44783b9c61b4a105a85bed99816e11f8b802360327d9411d2c3fb7aaf52ff7ff018012497b3182014146f79336da18797129072ae5df46792f90714a458a9862fec942bcd90554de0a0385bec08ec8d87dbc43dcbcd7403292e27fe1c62c83cd3d637bef1b78ac33a7122974c7655b625c3e640f02abf7c79af635ab8e81d87a11d0863bf6117e7e1e75c477606dc8027ce882cc688b1ae6aadd3ca2f042d59327910efdfe183f4828843d4170506fcf65c5be985814ed81243d3b1b7fe6f2d846ca9c1ea7a7db2213a4bdac89871d66495e03445e1086decd0d2e3620d207d4a7a238d9477d31eb81622b5f8aabc2caa91d5e0a5dd3292561816813d07ec90fc099fa45d4dbc027af0686474c55b246fc09cba1184384186c85a787e8c85d0613df59ba2b88c3b73503a5c747e475655ef173fef8898f55a77a99589f4ab0151d14a278ca0751dfecc20576433014e48efd28cf7c7fb3cbd617136799904ea903eae13b1e198c29168ca80e3ccef38ac7861bd54df43afa984b57b0588d8016753896ec61ce0518133d1ffa611dad6cfe69f5dd85818573c7ddf7e1e2afe9998ac3c3e88233aed29a7ad7d993f275607f0f8bf0bb6b6c2140df33e380b96c8caad89c4559114b9b453aba308198e40f303343a69aaaff2aab2735ba9eea72dc0a78f5e1f00cdf78ea115956f8d5d2e1c955b7a083cee7721c15dfe8d41b839ec8f71498bcb3587ba79edad1520c21fe4fc03654b5517bbca30e114ae767674885f8c0547b02fb898f955b1cf955f153b02924b839d8a006bbce74e0302c2a3a3ad5ac6dd8d08afb4bbf5e04181965a2fcb0990dd97df8b6c361fb821c042f695cca998a741d856c17c3a094d5bb9906ab39ee19146f26b858de279d3e24bdf51ad9df9716cff58c418fde9e9a60f6f13f7c537cbbb83724a8948755850970ac364116dee2ea5f8f775d8cc870bb886755ce9070cfc27641b51a5c9e0627cfb2c3eaee9769579f13437a440b58dc1bb8cb0ee79ef140e8e6817ad648b25a12f5efb66f49b809191da06f9e961856ecefb49d355e6d0ae38a5626b459a9ce790a72d853a5b8b31700065967504933eae954878f7cbdaa347cb8d2aa5ab844e468c8dbdeee0c90739f5150aa9ac1f4dda096993d1e7501d1c886bddb7bfef12a9905f9027c256bb43168e71dff8bf2f6c35798dffa410205ec8ca3c33e82e119264ce6f66de9a9a5a7bd59b937e7ce5b1b63186bb1de0835f1e1cf4b996d22b1acd5f4e41991d8266bbc0e957f81b38a0cf68ed8d820a615acf6dae87dd94a861405d1f51d841d9823e6be1aca8599ee0fa95f00835e96a635968ab52668cf548c423709be8a4beb9cde5d18895cf9b28748efc02c8ba452275eab3a9c98d8e290f151eb596cf658fc13917537566fc7015fd583f4db4d8ce0eb9851714601f077b37885c7921bdd8df52e00585c2f2ee809fed90f0124e457ef4a3ce809b5b085c1e0dcd89e093589b763033bf3ac5414ac0c8279990bbb2eb6970b498544c0e8298c8b3d1b448acbd9e004c451d1d2f3febd99863b1cedc05748cfe20b0f81bfba7c319cad998dad7b6775154aa4df58f6834babbf556648a5de94909f4f06d114337ce6b4d981b5973cdc44ef5e8661d60abd1de241ded22a20eec5ababfdc4d292fcb1b8ab91515c54ef00873efd72c4aeefce9b8cc45b85e23026deb4f34aca32e984a0e3f2ce09472f8ae1f1c60fb630502e2db104446af5fa56ae1aeecd611876e6fc812093b73d39c50d8fda221d44dea701942b0190aaf6fa40d71bfd5276a466ef3accf43e7860c23cce69464643f9558a086d929841cc06802bd1f2d2f8963266903827d2235595b4256e7b84a98fde1976efc7048dbbc596169233db1b563a72a2195b8e552d2390623485855eeae837feded0e29e39be82cadc55dc42534249421cf419bea91925e5f8d64749f8ef36e216368025c23d6a2f1d9834d561583c32f4c799507956856cefad7a5141e1f89692186362b8db3619f78c6ad876d289967347b938107ac8926f456db28d3db3be882e051f8361e1a0653a69cb1cd978412481b54f1a27f529d0665335e4b78cd6d5e48d54d08cbd93ae9c04aa49e1f6441cc05300757c0a3817d55c39f0978d122e276eafab130f83a3d004026262b499b811bfab757c943ed"}, {0x2b8a, 0xd4, &(0x7f0000001700)="00273a175953bffb0db28f032a31ad2932521e6b8c786c30ccfee6ea6b65fdd7ff2ecc47273036879c512355d17f2196f102187ff9304f3efd6632590d9e80e1b267d04157cc40ee2e695ddb1b2e654a55164672daa0c3e5696b2ded66bcac7242286e87c7bcda98351b5d9be33b9a4b74efa53f751ab5ea499feab56551929f58e5d3673526bf878370aad191de639f45eb1ef7766da80892a2b8a5a5229c19f4f3ad7415bf3858a34de16c1095bcdb566dc3eee89da5049dfb966fc0ae4a9d02ca9911e8c6d116999cfeb340574a6b1b82c33d", 0x0, 0x1}]})
r13 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r14 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0xffffffff}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r13}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x1c}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r14, 0xfffff000, 0xe, 0x0, &(0x7f0000000300)="61df712bc884fed5722780b605a7", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.674620904s ago: executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=@base={0xe, 0x4, 0x8, 0xb}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0xf, &(0x7f0000000100)={'TPROXY\x00'}, &(0x7f0000000140)=0x1e)
getsockopt$inet_opts(r2, 0x0, 0x0, 0x0, 0x0)

2.529130803s ago: executing program 3:
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000200)={0x0, 0x1, 0x6}, 0x10)
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000140)={0x0, 0x1, 0x2, @dev}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wg2\x00'})
socket$netlink(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007"], 0x6c}}, 0x0)

1.21407315s ago: executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x41, 0x3, 0x200, 0x98, 0x0, 0x0, 0x0, 0x0, 0x168, 0x1f0, 0x1f0, 0x168, 0x1f0, 0x3, 0x0, {[{{@ip={@dev, @broadcast, 0x0, 0x0, 'wlan1\x00', 'virt_wifi0\x00', {}, {}, 0x6, 0x0, 0x4c}, 0x0, 0x70, 0x98, 0x0, {0x0, 0xffffffffa0028000}}, @common=@inet=@SYNPROXY={0x28}}, {{@ip={@rand_addr, @multicast2, 0x0, 0x0, 'vlan0\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x260)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000040)={'filter\x00', 0x7, 0x4, 0x3e8, 0x0, 0x0, 0x0, 0x300, 0x300, 0x300, 0x4, 0x0, {[{{@arp={@multicast1, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'team_slave_0\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0xbd9d9eaf964b94b0}, 0xc0, 0x130}, @unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "15000cb63cee987195f4be33780dffcf592eeea7755477082f732a619d4b0c2b60df25d75aed4df4d2a40d7813991e28e52ee6801f82080566fcaae05f01ae1a"}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}, {{@arp={@dev, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@dev}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6gretap0\x00', 'ipvlan0\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x438)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
write$binfmt_script(r3, 0x0, 0xb)
splice(r5, 0x0, r6, 0x0, 0xf3a, 0x0)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$int_in(r7, 0x5421, &(0x7f00000000c0)=0x10000)
connect$inet(r7, &(0x7f0000001fc0)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r7, 0x6, 0xd, 0x0, 0x10)
r8 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$SO_TIMESTAMPING(r8, 0x1, 0x25, &(0x7f0000000000)=0x190, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000002f000000d4020001200000009500000000000000"], &(0x7f0000000240)='GPL\x00', 0x1, 0x473, &(0x7f0000000280)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000ac0)={'vxcan1\x00', <r9=>0x0})
bind$can_raw(r2, &(0x7f00000005c0)={0x1d, r9}, 0x10)
r10 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r10, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r10, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@mask_cswp={0x58, 0x114, 0x9, {{}, &(0x7f0000000080), 0x0}}, @fadd={0x58, 0x114, 0x6, {{}, 0x0, 0x0}}], 0xb0}, 0x0)
recvmsg(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000480)=""/238, 0xee}, {0x0}], 0x2}, 0x0)
sendmsg$can_raw(r8, &(0x7f0000000440)={&(0x7f0000000780)={0x1d, r9}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "5b7b00008f28aaf0"}, 0x10}}, 0x0)
write$binfmt_misc(r6, &(0x7f0000000240)=ANY=[], 0xfdef)
splice(r2, 0x0, r6, 0x0, 0x80, 0x2)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r6, 0x84, 0xa, &(0x7f0000000380)={0x40, 0x6, 0x0, 0xffffffff, 0x80, 0x1, 0x7ff, 0x10001}, &(0x7f00000003c0)=0x20)
write(r4, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

1.107356448s ago: executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES16], 0x50}}, 0x0)
write$binfmt_script(r1, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)

1.008662491s ago: executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000440)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000000)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2c, 0x0, "6970db5e1a5e59ab54053861b182c1aa5bfa09d21b699379ab04eb29ee95bfd4aa2e83662eefcca878e3677208de36650006bfdf10d35ddf3148573cbc274287f6f94c55fc2a25f51f91b69e87873ea1"}, 0xd8)
syz_emit_ethernet(0x17b, &(0x7f0000001480)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd6005000001450600fe8000000000000000000000000000bbff02000000000000000000000000000100004e22", @ANYBLOB="e4fcae3af3dbe890a728eb3379857d1cbf"], 0x0)

931.667908ms ago: executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=r1, @ANYRES8=r0], 0x20}, 0x1, 0xc00000000000000}, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
socket(0x1a, 0x80000, 0x1ff)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd)

929.89628ms ago: executing program 0:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}) (async)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x1b, &(0x7f00000000c0)=0x7c, 0x4) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000180)='cdg\x00', 0x9) (async)
r4 = accept$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14)
sendto$packet(r4, &(0x7f00000001c0)="63a75571fd9dd8b45c973bc0399b558ccd0b8b7833e055946153879bd89e1ee66089e261219069c18712effa6abf7079171c65053bb9437637a47fbf497cecf680e53fb8edfad9d3feafc8c3def05898e9c913f9d3bee91bb2f0ee697b8814818a5a5283034475e387c9b9e1352e87dfdd15af46b4f18e399982207986a35ca6fdca39dab6b7e0ba380795b36f9388d29f33c0fdae82bbbb2eca657c7f1ffae3768ea378fe446ac4bd0f7a088fd21d180c2da5a1044aac5665b59b2d7a4645cfa75cdbfad4e4bd306f6a5bfb23880260831e03272e64ebd0831743", 0xdb, 0x20044086, &(0x7f00000002c0)={0x11, 0xf5, 0x0, 0x1, 0xff, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, 0x14)
bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e23}, 0x10) (async)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @empty}, 0x10) (async)
setsockopt$sock_int(r3, 0x1, 0x7, &(0x7f0000000600), 0x4)
sendto$inet(r3, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27) (async)
close(r2) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_rx_ring(r5, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) (async)
write$binfmt_misc(r1, &(0x7f0000000000)=ANY=[], 0xfffffecc) (async)
splice(r0, 0x0, r2, 0x0, 0x8000, 0x0)

823.846117ms ago: executing program 0:
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="0401020028000b05d25a806f8c6394f90524fc600d00030009000100ff3582c137153e370248018058650000d1bd", 0x33fe0}], 0x1}, 0x0) (fail_nth: 8)

817.315714ms ago: executing program 4:
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000000)=0x6040, 0x4)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @mcast1}, 0xfffffffffffffe2e)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@bloom_filter={0x1e, 0x0, 0x7bff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x48)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0xc, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000140)={r4, 0x4000}, 0x14)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000280)={r4, @in={{0x2, 0x4e20, @multicast2}}, 0xfff9, 0x3f}, &(0x7f0000000080)=0x90)
sendmsg$inet(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)="a39af4e226e54bfa19d54248a90379683674910b9e66ff5e0db6a535ff2183121ab9d8310bb9ea1a1c712c7d0aa1ce8fa1783eb6003354f4e05f2f6c9d5af6522511d6fef959", 0x46}, {&(0x7f0000000200)}, {0x0}], 0x3}, 0x0)

712.50447ms ago: executing program 4:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, @fixed}, 0xe)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x3, &(0x7f0000000000)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) (async)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000340)=0x8)
socket(0x10, 0x0, 0x0) (async)
socket$packet(0x11, 0x0, 0x300) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00'}) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, &(0x7f00000002c0)) (async, rerun: 64)
connect$can_bcm(0xffffffffffffffff, &(0x7f0000000300), 0x10) (rerun: 64)
bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) (async, rerun: 64)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async, rerun: 64)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_procs(r1, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000140), 0x12) (async, rerun: 32)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (rerun: 32)
openat$cgroup_int(r3, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0) (async, rerun: 64)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async, rerun: 64)
socket$inet6_sctp(0xa, 0x1, 0x84) (async, rerun: 64)
socket$inet6(0xa, 0x2, 0x0) (rerun: 64)
socket$nl_sock_diag(0x10, 0x3, 0x4) (async)
socket$inet6(0xa, 0x40000080806, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) (async, rerun: 32)
socket$kcm(0x10, 0x2, 0x0) (async, rerun: 32)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)

580.399528ms ago: executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001180)={'wg0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000a00)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000000100000024000300000000000000000000000000000000000000000000000000000000000000000008000100", @ANYRES32=r1], 0x40}}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000200)={0x0, 0x41, &(0x7f00000002c0)={&(0x7f00000006c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000006000000009000100000008000100", @ANYRES32=r1, @ANYBLOB="24000300a0"], 0x40}, 0x1, 0x6000}, 0x0)

517.425149ms ago: executing program 4:
sendmsg$BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_add_memb(r0, 0x107, 0x1, 0x0, 0x0)
setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000200)={0x0, 0x1, 0x6}, 0x10)
setsockopt$packet_drop_memb(r0, 0x107, 0x2, &(0x7f0000000140)={0x0, 0x1, 0x2, @dev}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wg2\x00'})
socket$netlink(0x10, 0x3, 0x0)
socket$inet(0x2, 0x3, 0x2)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x3, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
socket$igmp6(0xa, 0x3, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r1, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007"], 0x6c}}, 0x0)

377.021803ms ago: executing program 0:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000040)=""/87, &(0x7f00000000c0)=0x57)
setsockopt(r0, 0x10d, 0xf, &(0x7f0000000000)="0302", 0x2)
setsockopt$netrom_NETROM_IDLE(r0, 0x103, 0x7, &(0x7f0000000100)=0x80000001, 0x4)

323.417975ms ago: executing program 4:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="640000000206030300000000000000000000000005000100070000000900020073797a31000000001400078008001340000000000800124000000000050005000a000000050004000000000016000300686173683a6e65742c706f72742c6e6574"], 0x64}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x4)
close(r0)
socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x5865, &(0x7f00000011c0)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac00800020007000200060006000364bc24eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00'})
bind$can_raw(r1, &(0x7f00000005c0), 0x10)
recvmmsg(r1, &(0x7f0000003080)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000002c0)=""/83, 0x53}], 0x1}}], 0x1, 0x0, 0x0)
setsockopt$SO_TIMESTAMP(r1, 0x1, 0x23, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4)
sendmsg$can_raw(r1, &(0x7f0000000340)={&(0x7f0000000780), 0x10, 0x0}, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'\x00', 0x1})
ioctl$TUNSETOFFLOAD(r2, 0x400454c9, 0x17)
ioctl$TUNGETVNETBE(r2, 0x800454df, &(0x7f0000000500))
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="b80000000001010400000000000000000a0000003c0001802c000180140003000009000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c00018014000300fe8000000000000000000000000000aa14000400fe8000000000000000000000000000aa0c000280050001000000000008000740000000002400068014000400200100000000800600010000000000e76f8017d3edf14bd8b25cb67f82db603f55a985ad408c69ec69776b1b5dbb321d019f5c64ff837470f36d4dac4dd2361d98a4e5110a58cf04a004425796d5e0787f4478c1c3444cad8b84084fb6e1f246e125f76690485c5f0020cfae9225"], 0xb8}}, 0x0)
socket(0x10, 0x3, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000"], 0x0}, 0x90)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x1e, &(0x7f0000000300)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [@map_idx_val={0x18, 0x2, 0x6, 0x0, 0x8, 0x0, 0x0, 0x0, 0x100}, @func={0x85, 0x0, 0x1, 0x0, 0x8}, @ldst={0x0, 0x0, 0x0, 0x9, 0xa, 0xfffffffffffffffc, 0x4}, @ldst={0x2, 0x3, 0x1, 0x3, 0x5, 0x8, 0xfffffffffffffff0}, @alu={0x4, 0x0, 0x4, 0x0, 0x9, 0x4, 0x4}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffff8}, @map_val={0x18, 0x9, 0x2, 0x0, r4, 0x0, 0x0, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r5}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x23000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

239.021711ms ago: executing program 3:
r0 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x26, 0x0, 0x14)
sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0x10, 0x3f5, 0x10, 0x70bd29, 0x255fdbfd, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r3=>0x0}, &(0x7f0000000600)=0x4)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f00000002c0)={r3}, 0x8)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000280)={r3, 0x5de, 0xef, "0401e7135edb2602a224d3dfbc47b417aa15ba3eb9b1c46ea2fa2d5e002c5ae3142174e9c5f4b4dc553fda4e65d90dd9f116d2deeb31e0597031d6ba317d310875b79d27d2c84020860061b16d20e7382ffe40a58670e711a36f8cf156678761cedff9e9c9f0be7670f662472c42429d340476775b7b59cdf0c29b0ec7763ad43fc8dd278ea633c0d20cccc589452e06e9a03f5ea2c672f75657fd5da760a1dfe9dbe2ab187462f48464497e948553fe76b0be67e45da9a2886e87d8a259de83c2415ac345d64b33e8cc709f605492115d8ac4b2f704f94c8f8d63cff02b64ef67e3652efc9b9c0adb111fc7698cad"}, 0xf7)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000700)={'#! ', './file0', [], 0xa, "05aeb0c9a9ffd587a1b645995ed347e840e5786bc6858abc8027e8a3859ee478923670723147572eb177fdbd3403eb0c7779cb1ad4e3781012244a125c61408f6709587da377dab3fe6c51e60fdf97558a1bc1c316bd8aa1fc01188b4ceadac2830b082b0649fcf009e6b680d5350fab331cc89816fdd8c2080dc0feca943d63f13f"}, 0x8d)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r7, &(0x7f0000002e80)={0x1a, 0x30f, 0x1, 0xff, 0x4, 0x3f, @random="64067040a1f8"}, 0x10)
connect$llc(r7, &(0x7f0000000040)={0x1a, 0x11d, 0x80, 0x9b, 0x40, 0xf2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}}, 0x10)
sendto$llc(r7, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x1a, 0x331, 0x1, 0x0, 0x7, 0x3, @random="9bed3aeb1d3e"}, 0x10)
setsockopt$sock_timeval(r7, 0x1, 0x14, &(0x7f0000002ec0), 0x10)
connect$llc(r7, &(0x7f0000000000)={0x1a, 0x204, 0x0, 0x9b, 0x2, 0x5, @local}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f00000002c0)=""/179, 0xb3, <r8=>0x0, &(0x7f0000000380)=""/138, 0x8a}}, 0x10)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x2, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x77}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff4f, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000032c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000003340)={0x3, 0x1d, &(0x7f0000003000)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x7}, {}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}, @exit, @map_fd={0x18, 0xe}, @exit, @call={0x85, 0x0, 0x0, 0x2b}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}}}, &(0x7f0000003100)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x1, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000003280)={0x0, 0xa, 0xffff, 0x6}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f0000003300)=[r9, r7, r10], 0x0, 0x10, 0x20}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x7, 0x0, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x14, r6, 0x8, &(0x7f0000000440)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000480)={0x0, 0x8, 0x5, 0x10000}, 0x10, r8, r5, 0x5, &(0x7f00000004c0)=[r4, r4, r4], &(0x7f0000000500)=[{0x5, 0x3, 0x7, 0xb}, {0x5, 0x5, 0xd, 0x8}, {0x3, 0x4, 0xc}, {0x5, 0x0, 0xe, 0x6}, {0x1, 0x4, 0x6, 0x8}], 0x10, 0x81}, 0x90)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)={0x64, 0x2, 0x6, 0x1, 0x6000000, 0x0, {}, [@IPSET_ATTR_TYPENAME={0xe, 0x3, 'bitmap:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x0, 0x0, @broadcast}}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x41}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

223.021457ms ago: executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001280), 0x48)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000600)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f0000000140)={0xa, 0x4e20, 0x0, @private0}, 0x18, 0x0}, 0x0)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001740)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000001000000000006040000000000f2ecef2d0d7d1fda58fb56bdfdd38ee52032c5e9f5f7245075220eeace8dfb40cbcf9712914a7513c8d429e46b4f44633cb51fffe2155098e883a1380efe1d75b938a9c7dd864afd3b391388f2524894c67ab67dd70968ca9f15b2c3418daddbfe688b6ae6deb703c75037a74cda528de85d40621722d1a5a591d611cfcbaa6354652b62355b6ba1646c64e436ca8cf74d325e0fff7303777c85de81e2abefd448d7ca5fb33b0781954bcc9fc80ae3519f5111fdd186b7572e5b2c18cf8a703c6550f974f69f8f572ba4a9d014a690143361ae654c60fa9547bb5762eec38cef33a70f7e51d2e3ec0771ade302b2918f82f92116f3840a63cb51e74d0d56b024dd421486b845895547808637b83cb144d2fdaa58da023ecb321bee1d967c956b21fe804d7f9c3366317268d755dbb9c0cc90f51f69f78ea03488cc13eba6f84b437bee2c9076c66600e6dca46f924a5999710018a50f4337e029131198849fef7de777a27923673d8c5db23f4b529113e25dece66ab37cf2259f3b63defc3b07008e2eede37a27c71ce5c8c8830710d2c9de"], 0x0, 0x26}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1, 0x0, 0xfffffffb}, 0x48)
socket$can_raw(0x1d, 0x3, 0x1)
r2 = socket$inet_dccp(0x2, 0x6, 0x0)
ioctl$BTRFS_IOC_WAIT_SYNC(r2, 0x40089416, &(0x7f0000000000))
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x9)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in=@multicast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@dev}, 0x0, @in=@private}}, &(0x7f0000000140)=0xe8)
ioctl$SIOCAX25DELUID(r3, 0x89e2, &(0x7f0000000180)={0x3, @default, r4})
r5 = socket$netlink(0x10, 0x3, 0x12)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r5, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xdc, r6, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_PAUSE_HEADER={0x54, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_batadv\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvtap0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}]}, @ETHTOOL_A_PAUSE_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dummy0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xdb0fcd9855b40357}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv_slave_0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}, @ETHTOOL_A_PAUSE_AUTONEG={0x5, 0x2, 0x1}]}, 0xdc}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
setsockopt$ax25_SO_BINDTODEVICE(r3, 0x101, 0x19, &(0x7f00000003c0)=@bpq0, 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_AEAD_AUTHSIZE(r7, 0x117, 0x5, 0x0, 0x40)
sendmsg$TIPC_CMD_SHOW_PORTS(r5, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x1c, 0x0, 0x300, 0x70bd2d, 0x25dfdbfb, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x10040000}, 0x14)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r5, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x50, 0x140c, 0x8, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x2}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_CQN={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x40}, 0x80)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000640)={0x1f, 0x0, 0x2}, 0x6)
r8 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netdev_private(r8, 0x89f7, &(0x7f0000000680)="ecfb3a4f3bfaf8c9fa9269373e269cbec35cc3eece26eca22ff5ee8d6b77ed2932486c7122fcb84ff20711a1970e841b149392929924a9657fe50e404525d02c7a90ae98d48de9b7f3bfe124a6f6f646bb913a5170fccdd765193f36aa53bb4b27273da54ac75af9e4339b5f735534b65959c499b6f9f7219a0072e42c80de9fa5f138bd0f699ffef59bb096613e2c94e158b8c6eb0f73682b2e5ab96f95dfa1d25c28246229e0367edd9401e85cfb477a1d3ae152fc474ce0814042ebc60b97ec81e6d2d9b50bdd7fcea957031f590a5a8c7f848775b8a602b41711a08f")
r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl802154(&(0x7f00000007c0), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_INTERFACE(r9, &(0x7f0000000880)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000840)={&(0x7f0000000940)=ANY=[@ANYBLOB="204052ae1b2bb5b5a34500", @ANYRES16=r10, @ANYBLOB="01002bbd7000ffdbdf25050000000c0006000200000002000000"], 0x20}, 0x1, 0x0, 0x0, 0x10}, 0x4000004)
syz_genetlink_get_family_id$nl802154(&(0x7f00000008c0), r9)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r11, &(0x7f0000000900)={0x1f, 0x2}, 0x6)

0s ago: executing program 3:
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b5c4383036d32dadd2e144d8645ca8d1b230e105614396838da83c754887e7bea2f35d4ea667817d90d532af065f2e398dd9081ea16f8b371a202a6f9e505bbc964a0d3880bf0104a0a0a2f0d311efee1637e85a0125b38f961918f99bf9c2c146e42327f178dc2b3d4936e7f7f0a79f74ba464d83ab41742d1186776dc1779b5c50ac82d0fa8f9e42074b5b6079207fb21e718080907964669be539791e3e98687ee059853", 0xfffffffffffffcc1, 0x840, 0x0, 0x56)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f00000000c0)={&(0x7f0000ffe000/0x1000)=nil, 0xb00, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0}, &(0x7f0000000180)=0x40)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
r3 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c0000005e00010000d9da7ee200000000000001", @ANYRES32=r2, @ANYRES32], 0x1c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x6, 0x6, &(0x7f00000005c0)=@framed={{0x18, 0x0, 0x3, 0x0, 0x200, 0x0, 0x0, 0x0, 0x3}, [@map_idx_val={0x18, 0x8, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0xf539}, @exit]}, &(0x7f0000000600)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', r2}, 0x90)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
sendmsg$can_bcm(r4, 0x0, 0x0)
ioctl$SIOCGSTAMPNS(r4, 0x8907, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
write$cgroup_pid(r8, &(0x7f0000000080), 0x12)
r10 = openat$cgroup_procs(r9, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
r11 = openat$cgroup_procs(r9, &(0x7f0000000300)='tasks\x00', 0x2, 0x0)
sendfile(r10, r10, 0x0, 0x401)
sendfile(r11, r11, 0x0, 0x2)
sendfile(r8, r8, 0x0, 0x401)
sendmsg$NL80211_CMD_SET_QOS_MAP(r5, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x14000200}, 0xc, &(0x7f0000000380)={&(0x7f00000004c0)={0xec, r6, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@void, @void}}, [@NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0xff, 0x1}, {0xe7, 0x5}, {0xfe, 0x7}, {0x1, 0x7}, {0x4, 0x1}, {0x3, 0x6}, {0x1f, 0x6}, {0x20, 0x2}, {0x4, 0x6}, {0x7f, 0x5}, {0x9, 0x3}, {0x4, 0x1}, {}, {0x8, 0x1}, {0x9, 0x3}, {0x81, 0x6}, {0x40, 0x7}, {0x1}, {0x4, 0x2}, {0x5d, 0x4}, {0x8, 0x6}], "19f73f3797d7c31b"}}, @NL80211_ATTR_QOS_MAP={0x1a, 0xc7, {[{0x51, 0x2}, {0x6, 0x5}, {0xff, 0x6}, {0x6}, {0x4, 0x6}, {0x1f, 0x7}, {0x40, 0x3}], "7ecd0ee0c597e2c7"}}, @NL80211_ATTR_QOS_MAP={0x16, 0xc7, {[{0xac, 0x2}, {0x0, 0x5}, {0x6, 0x1}, {0x80, 0x3}, {0x75, 0x2}], "5d1925e5b1494e46"}}, @NL80211_ATTR_QOS_MAP={0xc, 0xc7, {[], "0b42d53b3bb8077d"}}, @NL80211_ATTR_QOS_MAP={0x32, 0xc7, {[{0xb3, 0x3}, {0x2, 0x7}, {0x6, 0x4}, {0x2, 0x6}, {0x1, 0x3}, {0x6, 0x5}, {0x6, 0x6}, {0x40, 0x6}, {0x9, 0x1}, {0x2e, 0x4}, {0xe1, 0x2}, {0x3, 0x1}, {0xff, 0x3}, {0xcd, 0x3}, {0x1}, {0x0, 0x3}, {0x1, 0x4}, {0x8a, 0x7}, {0x40, 0x6}], "56e67b7e5b57363c"}}, @NL80211_ATTR_QOS_MAP={0x2a, 0xc7, {[{0x0, 0x1}, {0x5, 0x5}, {0x7, 0x5}, {0xf6, 0x1}, {0x5, 0x6}, {0xc2, 0x7}, {0x8, 0x6}, {0x40, 0x4}, {0x3f, 0x7}, {0x0, 0x5}, {0x81, 0x4}, {0x1, 0x1}, {0x8, 0x3}, {0x5, 0x3}, {0x8, 0x7}], "221ca8588f0224ce"}}]}, 0xec}, 0x1, 0x0, 0x0, 0x80}, 0x2802c080)
sendmsg$can_bcm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)={0x7, 0x0, 0x0, {}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "38d99b8156a98263"}}, 0x48}}, 0x0)

kernel console output (not intermixed with test programs):


[  321.301272][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  321.374629][T16274] batman_adv: batadv0: Adding interface: batadv_slave_0
[  321.390849][T16274] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.470275][T16274] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  321.503040][T16274] batman_adv: batadv0: Adding interface: batadv_slave_1
[  321.513680][T16274] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  321.547125][T16274] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  321.624200][ T5119] Bluetooth: hci1: command tx timeout
[  321.684288][T16274] hsr_slave_0: entered promiscuous mode
[  321.692694][T16274] hsr_slave_1: entered promiscuous mode
[  321.701653][T16274] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  321.712299][T16274] Cannot create hsr debugfs directory
[  321.722973][T16382] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  321.750194][T16382] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  321.759534][T16381] __nla_validate_parse: 6 callbacks suppressed
[  321.759550][T16381] netlink: 18 bytes leftover after parsing attributes in process `syz-executor.1'.
[  321.781238][T16381] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  322.071734][   T51] bridge_slave_1: left allmulticast mode
[  322.088193][   T51] bridge_slave_1: left promiscuous mode
[  322.104283][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  322.113122][T16406] netlink: 'syz-executor.0': attribute type 6 has an invalid length.
[  322.136618][   T51] bridge_slave_0: left allmulticast mode
[  322.156643][   T51] bridge_slave_0: left promiscuous mode
[  322.182376][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.734810][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  322.768113][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  322.789764][   T51] bond0 (unregistering): Released all slaves
[  322.876216][T16417] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'.
[  323.414019][T16446] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  323.572053][T16456] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  323.637122][T16459] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  323.665893][T16459] netlink: 244 bytes leftover after parsing attributes in process `syz-executor.4'.
[  323.706230][ T5119] Bluetooth: hci1: command tx timeout
[  323.823887][T16274] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  323.894565][T16274] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  323.991527][T16274] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  324.038293][   T51] hsr_slave_0: left promiscuous mode
[  324.059058][   T51] hsr_slave_1: left promiscuous mode
[  324.066339][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  324.083250][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  324.096682][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  324.112397][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  324.145743][   T51] veth1_macvtap: left promiscuous mode
[  324.151498][   T51] veth0_macvtap: left promiscuous mode
[  324.157602][   T51] veth1_vlan: left promiscuous mode
[  324.162900][   T51] veth0_vlan: left promiscuous mode
[  324.761640][   T51] team0 (unregistering): Port device team_slave_1 removed
[  324.809803][   T51] team0 (unregistering): Port device team_slave_0 removed
[  324.996226][T16488] netlink: 196 bytes leftover after parsing attributes in process `syz-executor.3'.
[  325.018798][T16488] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  325.408160][T16274] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  325.584784][T16503] tun0: tun_chr_ioctl cmd 2147767519
[  325.594774][T16503] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  325.662205][T16505] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  325.765115][T16274] 8021q: adding VLAN 0 to HW filter on device bond0
[  325.784066][ T5119] Bluetooth: hci1: command tx timeout
[  325.815006][T16274] 8021q: adding VLAN 0 to HW filter on device team0
[  325.841577][T14557] bridge0: port 1(bridge_slave_0) entered blocking state
[  325.848773][T14557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  325.889656][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  325.896941][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.131558][T16274] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.256920][T16274] veth0_vlan: entered promiscuous mode
[  326.493181][T16274] veth1_vlan: entered promiscuous mode
[  326.871764][T16274] veth0_macvtap: entered promiscuous mode
[  326.957438][T16274] veth1_macvtap: entered promiscuous mode
[  327.081226][T16537] __nla_validate_parse: 1 callbacks suppressed
[  327.081246][T16537] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  327.086055][T16274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.116171][T16274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.137618][T16274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  327.160548][T16274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.173114][T16274] batman_adv: batadv0: Interface activated: batadv_slave_0
[  327.192394][   T29] audit: type=1800 audit(1717863346.686:45): pid=16543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="blkio.bfq.time" dev="sda1" ino=1960 res=0 errno=0
[  327.221805][T16545] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  327.276787][T16540] 8021q: adding VLAN 0 to HW filter on device bond2
[  327.326628][T16274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.358827][T16274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.371383][T16274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.387312][T16274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.399746][T16274] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  327.411411][T16274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  327.422676][T16274] batman_adv: batadv0: Interface activated: batadv_slave_1
[  327.433052][T16555] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  327.444655][T16555] mac80211_hwsim hwsim5 wlan1: default FDB implementation only supports local addresses
[  327.469781][T16274] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  327.481950][T16274] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  327.491190][T16274] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  327.500354][T16274] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  327.626067][ T6551] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.651497][ T6551] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.683567][ T6558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  327.709286][ T6558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  327.939349][T16572] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[  327.966737][T16574] netlink: 10 bytes leftover after parsing attributes in process `syz-executor.0'.
[  328.044852][T16578] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  328.130867][T16581] FAULT_INJECTION: forcing a failure.
[  328.130867][T16581] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  328.158701][T16581] CPU: 1 PID: 16581 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  328.169255][T16581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  328.179332][T16581] Call Trace:
[  328.182632][T16581]  <TASK>
[  328.185583][T16581]  dump_stack_lvl+0x241/0x360
[  328.190294][T16581]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.195492][T16581]  ? __pfx__printk+0x10/0x10
[  328.200092][T16581]  ? __pfx_lock_release+0x10/0x10
[  328.205242][T16581]  should_fail_ex+0x3b0/0x4e0
[  328.209947][T16581]  _copy_from_iter+0x1f6/0x1960
[  328.214820][T16581]  ? __virt_addr_valid+0x183/0x520
[  328.219961][T16581]  ? __pfx_lock_release+0x10/0x10
[  328.225026][T16581]  ? __pfx__copy_from_iter+0x10/0x10
[  328.227216][T16586] syz-executor.4[16586] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  328.230322][T16581]  ? __virt_addr_valid+0x183/0x520
[  328.230356][T16581]  ? __virt_addr_valid+0x183/0x520
[  328.230377][T16581]  ? __virt_addr_valid+0x44e/0x520
[  328.243319][T16586] syz-executor.4[16586] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  328.247508][T16581]  ? __check_object_size+0x49c/0x900
[  328.247544][T16581]  netlink_sendmsg+0x743/0xcb0
[  328.247580][T16581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.247601][T16581]  ? __import_iovec+0x536/0x820
[  328.247622][T16581]  ? aa_sock_msg_perm+0x91/0x160
[  328.247643][T16581]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  328.247659][T16581]  ? security_socket_sendmsg+0x87/0xb0
[  328.247686][T16581]  ? __pfx_netlink_sendmsg+0x10/0x10
[  328.247702][T16581]  __sock_sendmsg+0x221/0x270
[  328.247727][T16581]  ____sys_sendmsg+0x525/0x7d0
[  328.247753][T16581]  ? __pfx_____sys_sendmsg+0x10/0x10
[  328.247787][T16581]  __sys_sendmsg+0x2b0/0x3a0
[  328.247807][T16581]  ? __pfx___sys_sendmsg+0x10/0x10
[  328.247822][T16581]  ? vfs_write+0x7c4/0xc90
[  328.247878][T16581]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  328.247900][T16581]  ? do_syscall_64+0x100/0x230
[  328.350643][T16581]  ? do_syscall_64+0xb6/0x230
[  328.355325][T16581]  do_syscall_64+0xf3/0x230
[  328.359820][T16581]  ? clear_bhb_loop+0x35/0x90
[  328.364496][T16581]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.370382][T16581] RIP: 0033:0x7f91d007cf69
[  328.374797][T16581] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  328.394487][T16581] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  328.402894][T16581] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  328.410859][T16581] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  328.418834][T16581] RBP: 00007f91d0e13120 R08: 0000000000000000 R09: 0000000000000000
[  328.426803][T16581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.434767][T16581] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  328.442745][T16581]  </TASK>
[  328.493075][T16586] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  328.549400][T16592] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  328.572029][T16592] vlan2: entered promiscuous mode
[  328.577724][T16592] vlan2: entered allmulticast mode
[  328.709009][T16603] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'.
[  328.727969][T16602] netlink: 'syz-executor.4': attribute type 21 has an invalid length.
[  328.742161][T16606] FAULT_INJECTION: forcing a failure.
[  328.742161][T16606] name failslab, interval 1, probability 0, space 0, times 0
[  328.764574][T16602] netlink: 128 bytes leftover after parsing attributes in process `syz-executor.4'.
[  328.780574][T16606] CPU: 1 PID: 16606 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  328.791123][T16606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  328.801231][T16606] Call Trace:
[  328.804525][T16606]  <TASK>
[  328.807468][T16606]  dump_stack_lvl+0x241/0x360
[  328.812154][T16606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  328.817349][T16606]  ? __pfx__printk+0x10/0x10
[  328.821942][T16606]  ? __pfx___might_resched+0x10/0x10
[  328.827225][T16606]  ? dynamic_dname+0x141/0x1b0
[  328.831994][T16606]  should_fail_ex+0x3b0/0x4e0
[  328.836680][T16606]  ? tomoyo_encode+0x26f/0x540
[  328.841437][T16606]  should_failslab+0x9/0x20
[  328.845938][T16606]  __kmalloc_noprof+0xd8/0x400
[  328.850714][T16606]  tomoyo_encode+0x26f/0x540
[  328.855314][T16606]  ? __pfx_sockfs_dname+0x10/0x10
[  328.860334][T16606]  tomoyo_realpath_from_path+0x59e/0x5e0
[  328.865974][T16606]  tomoyo_path_number_perm+0x23a/0x880
[  328.871429][T16606]  ? tomoyo_path_number_perm+0x208/0x880
[  328.877052][T16606]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  328.883087][T16606]  ? __fget_files+0x29/0x470
[  328.887675][T16606]  ? __fget_files+0x3f6/0x470
[  328.892345][T16606]  ? __fget_files+0x29/0x470
[  328.896937][T16606]  security_file_ioctl+0x75/0xb0
[  328.901868][T16606]  __se_sys_ioctl+0x47/0x170
[  328.906456][T16606]  do_syscall_64+0xf3/0x230
[  328.910953][T16606]  ? clear_bhb_loop+0x35/0x90
[  328.915628][T16606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  328.921516][T16606] RIP: 0033:0x7f91d007cf69
[  328.925924][T16606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  328.945522][T16606] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  328.953929][T16606] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  328.961891][T16606] RDX: 0000000020000900 RSI: 00000000000089f0 RDI: 0000000000000006
[  328.969854][T16606] RBP: 00007f91d0e13120 R08: 0000000000000000 R09: 0000000000000000
[  328.977815][T16606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  328.985777][T16606] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  328.993752][T16606]  </TASK>
[  328.999012][T16602] netlink: 'syz-executor.4': attribute type 5 has an invalid length.
[  329.007984][T16602] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[  329.038747][T16606] ERROR: Out of memory at tomoyo_realpath_from_path.
[  329.074556][T16606] bridge0: port 1(hsr0) entered blocking state
[  329.080948][T16606] bridge0: port 1(hsr0) entered disabled state
[  329.097989][T16606] hsr0: entered allmulticast mode
[  329.103333][T16606] hsr_slave_0: entered allmulticast mode
[  329.109135][T16606] hsr_slave_1: entered allmulticast mode
[  329.135161][T16606] hsr0: entered promiscuous mode
[  329.141761][T16606] bridge0: port 1(hsr0) entered blocking state
[  329.148086][T16606] bridge0: port 1(hsr0) entered forwarding state
[  329.290879][T16626] FAULT_INJECTION: forcing a failure.
[  329.290879][T16626] name failslab, interval 1, probability 0, space 0, times 0
[  329.315041][T16626] CPU: 1 PID: 16626 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  329.325595][T16626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  329.335657][T16626] Call Trace:
[  329.339016][T16626]  <TASK>
[  329.341937][T16626]  dump_stack_lvl+0x241/0x360
[  329.346628][T16626]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.351822][T16626]  ? __pfx__printk+0x10/0x10
[  329.356406][T16626]  ? __pfx___might_resched+0x10/0x10
[  329.361683][T16626]  ? dynamic_dname+0x141/0x1b0
[  329.366449][T16626]  should_fail_ex+0x3b0/0x4e0
[  329.371133][T16626]  ? tomoyo_encode+0x26f/0x540
[  329.375889][T16626]  should_failslab+0x9/0x20
[  329.380383][T16626]  __kmalloc_noprof+0xd8/0x400
[  329.385146][T16626]  tomoyo_encode+0x26f/0x540
[  329.389735][T16626]  ? __pfx_sockfs_dname+0x10/0x10
[  329.394753][T16626]  tomoyo_realpath_from_path+0x59e/0x5e0
[  329.400387][T16626]  tomoyo_path_number_perm+0x23a/0x880
[  329.405839][T16626]  ? tomoyo_path_number_perm+0x208/0x880
[  329.411653][T16626]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  329.417672][T16626]  ? __fget_files+0x29/0x470
[  329.422440][T16626]  ? __fget_files+0x3f6/0x470
[  329.427115][T16626]  ? __fget_files+0x29/0x470
[  329.431711][T16626]  security_file_ioctl+0x75/0xb0
[  329.436649][T16626]  __se_sys_ioctl+0x47/0x170
[  329.441235][T16626]  do_syscall_64+0xf3/0x230
[  329.445733][T16626]  ? clear_bhb_loop+0x35/0x90
[  329.450404][T16626]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.456303][T16626] RIP: 0033:0x7f91d007cf69
[  329.460709][T16626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  329.480397][T16626] RSP: 002b:00007f91d0df20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  329.488812][T16626] RAX: ffffffffffffffda RBX: 00007f91d01b4050 RCX: 00007f91d007cf69
[  329.496776][T16626] RDX: 0000000020000380 RSI: 000000000000890b RDI: 0000000000000003
[  329.504745][T16626] RBP: 00007f91d0df2120 R08: 0000000000000000 R09: 0000000000000000
[  329.512712][T16626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  329.520674][T16626] R13: 000000000000006e R14: 00007f91d01b4050 R15: 00007ffdde87e6e8
[  329.528651][T16626]  </TASK>
[  329.561919][T16626] ERROR: Out of memory at tomoyo_realpath_from_path.
[  329.678588][T16635] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  330.652206][T16670] xt_l2tp: v2 doesn't support IP mode
[  330.801669][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  331.363651][T16696] FAULT_INJECTION: forcing a failure.
[  331.363651][T16696] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  331.390930][T16696] CPU: 1 PID: 16696 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  331.401490][T16696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  331.411570][T16696] Call Trace:
[  331.414876][T16696]  <TASK>
[  331.417823][T16696]  dump_stack_lvl+0x241/0x360
[  331.422534][T16696]  ? __pfx_dump_stack_lvl+0x10/0x10
[  331.427765][T16696]  ? __pfx__printk+0x10/0x10
[  331.432371][T16696]  ? bpf_cgroup_storage_free+0x8f/0xb0
[  331.437858][T16696]  ? __pfx_lock_release+0x10/0x10
[  331.442907][T16696]  ? bpf_test_run+0x840/0x910
[  331.447609][T16696]  should_fail_ex+0x3b0/0x4e0
[  331.452316][T16696]  _copy_to_user+0x2f/0xb0
[  331.456820][T16696]  bpf_test_finish+0x30f/0x8b0
[  331.461637][T16696]  ? __pfx_bpf_test_finish+0x10/0x10
[  331.466953][T16696]  ? convert___skb_to_skb+0x41/0x620
[  331.472238][T16696]  ? convert_skb_to___skb+0x2d3/0x510
[  331.477618][T16696]  bpf_prog_test_run_skb+0xd06/0x13a0
[  331.482992][T16696]  ? __pfx_lock_release+0x10/0x10
[  331.488119][T16696]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  331.493935][T16696]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  331.499735][T16696]  bpf_prog_test_run+0x33a/0x3b0
[  331.504670][T16696]  __sys_bpf+0x48d/0x810
[  331.508909][T16696]  ? __pfx___sys_bpf+0x10/0x10
[  331.513670][T16696]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  331.520102][T16696]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  331.526616][T16696]  ? do_syscall_64+0x100/0x230
[  331.531389][T16696]  __x64_sys_bpf+0x7c/0x90
[  331.535809][T16696]  do_syscall_64+0xf3/0x230
[  331.540388][T16696]  ? clear_bhb_loop+0x35/0x90
[  331.545063][T16696]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  331.550949][T16696] RIP: 0033:0x7f825b67cf69
[  331.555354][T16696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  331.575036][T16696] RSP: 002b:00007f825c3860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  331.583443][T16696] RAX: ffffffffffffffda RBX: 00007f825b7b3f80 RCX: 00007f825b67cf69
[  331.591409][T16696] RDX: 0000000000000050 RSI: 00000000200002c0 RDI: 000000000000000a
[  331.599634][T16696] RBP: 00007f825c386120 R08: 0000000000000000 R09: 0000000000000000
[  331.607595][T16696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  331.615554][T16696] R13: 000000000000004d R14: 00007f825b7b3f80 R15: 00007ffc26f3fe68
[  331.623532][T16696]  </TASK>
[  331.739588][T16701] tun0: tun_chr_ioctl cmd 2147767519
[  331.756959][T16702] netlink: 'syz-executor.4': attribute type 11 has an invalid length.
[  331.792048][ T4491] Bluetooth: hci2: command 0x0405 tx timeout
[  331.799114][ T5130] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  331.812590][ T5130] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  331.823316][ T5130] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  331.831789][ T5130] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  331.839748][ T5130] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  331.848149][ T5130] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  332.001437][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.018312][T16704] lo speed is unknown, defaulting to 1000
[  332.416052][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  332.893593][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  333.372263][   T51] bridge_slave_1: left allmulticast mode
[  333.385714][   T51] bridge_slave_1: left promiscuous mode
[  333.404776][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.431943][   T51] bridge_slave_0: left allmulticast mode
[  333.447370][   T51] bridge_slave_0: left promiscuous mode
[  333.461092][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.933519][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  333.944959][ T5130] Bluetooth: hci1: command 0x0405 tx timeout
[  333.958900][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  333.971323][   T51] bond0 (unregistering): Released all slaves
[  333.990439][T16704] chnl_net:caif_netlink_parms(): no params data found
[  334.342927][T16778] __nla_validate_parse: 10 callbacks suppressed
[  334.342949][T16778] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  334.399285][T16704] bridge0: port 1(bridge_slave_0) entered blocking state
[  334.409964][T16704] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.429737][T16704] bridge_slave_0: entered allmulticast mode
[  334.450342][T16704] bridge_slave_0: entered promiscuous mode
[  334.466687][T16782] tun0: tun_chr_ioctl cmd 2147767519
[  334.478369][T16773] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  334.489759][T16704] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.515881][T16704] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.523221][T16704] bridge_slave_1: entered allmulticast mode
[  334.552311][T16704] bridge_slave_1: entered promiscuous mode
[  334.795016][T16791] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  334.851252][T16704] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  334.861196][T16798] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  334.892055][T16704] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  334.932894][   T51] hsr_slave_0: left promiscuous mode
[  334.942811][   T51] hsr_slave_1: left promiscuous mode
[  334.950644][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  334.958197][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  334.967018][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.974763][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  335.001564][   T51] veth1_macvtap: left promiscuous mode
[  335.007280][   T51] veth0_macvtap: left promiscuous mode
[  335.012904][   T51] veth1_vlan: left promiscuous mode
[  335.018580][   T51] veth0_vlan: left promiscuous mode
[  335.684669][   T51] team0 (unregistering): Port device team_slave_1 removed
[  335.763603][   T51] team0 (unregistering): Port device team_slave_0 removed
[  336.034975][ T5131] Bluetooth: hci1: command 0x0405 tx timeout
[  336.208032][T16801] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'.
[  336.217782][T16801] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  336.230547][T16801] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.239230][T16801] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.246443][T16801] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.302647][T16799] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.3'.
[  336.370842][T16704] team0: Port device team_slave_0 added
[  336.427526][T16704] team0: Port device team_slave_1 added
[  336.535313][T16704] batman_adv: batadv0: Adding interface: batadv_slave_0
[  336.542620][T16704] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.579188][T16704] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  336.624558][T16704] batman_adv: batadv0: Adding interface: batadv_slave_1
[  336.631550][T16704] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  336.711103][T16704] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  336.756244][T16838] pim6reg1: entered promiscuous mode
[  336.764287][T16838] pim6reg1: entered allmulticast mode
[  336.928406][T16704] hsr_slave_0: entered promiscuous mode
[  336.950102][T16704] hsr_slave_1: entered promiscuous mode
[  336.986027][T16704] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  337.012081][T16704] Cannot create hsr debugfs directory
[  337.114859][T16857] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  337.191146][T16854] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  337.410185][T16871] can: request_module (can-proto-0) failed.
[  337.426839][T16872] syzkaller0: entered promiscuous mode
[  337.438484][T16872] syzkaller0: entered allmulticast mode
[  338.114114][ T5131] Bluetooth: hci1: command 0x0405 tx timeout
[  339.942316][T16704] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  339.985236][T16704] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  340.011307][T16704] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  340.039023][T16704] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  340.158516][T16934] tipc: Started in network mode
[  340.174847][T16934] tipc: Node identity aaaaaaaaaa41, cluster identity 4711
[  340.185073][ T5131] Bluetooth: hci1: command 0x0405 tx timeout
[  340.207428][T16934] tipc: Enabled bearer <eth:geneve1>, priority 0
[  340.352387][T16949] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  340.438848][T16704] 8021q: adding VLAN 0 to HW filter on device bond0
[  340.488712][T16704] 8021q: adding VLAN 0 to HW filter on device team0
[  340.543281][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state
[  340.550515][ T5169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  340.571362][T16957] FAULT_INJECTION: forcing a failure.
[  340.571362][T16957] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  340.598885][ T5169] bridge0: port 2(bridge_slave_1) entered blocking state
[  340.606119][ T5169] bridge0: port 2(bridge_slave_1) entered forwarding state
[  340.614256][T16957] CPU: 1 PID: 16957 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  340.624796][T16957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  340.635009][T16957] Call Trace:
[  340.638301][T16957]  <TASK>
[  340.641246][T16957]  dump_stack_lvl+0x241/0x360
[  340.645959][T16957]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.651186][T16957]  ? __pfx__printk+0x10/0x10
[  340.655805][T16957]  ? __pfx_lock_release+0x10/0x10
[  340.660859][T16957]  should_fail_ex+0x3b0/0x4e0
[  340.665654][T16957]  _copy_to_user+0x2f/0xb0
[  340.670183][T16957]  xsk_getsockopt+0x7c9/0xbc0
[  340.674972][T16957]  ? __pfx___might_resched+0x10/0x10
[  340.680346][T16957]  ? __pfx_xsk_getsockopt+0x10/0x10
[  340.685536][T16957]  ? __lock_acquire+0x1346/0x1fd0
[  340.690579][T16957]  ? __pfx_lock_acquire+0x10/0x10
[  340.695598][T16957]  ? aa_sock_opt_perm+0x79/0x120
[  340.700538][T16957]  ? bpf_lsm_socket_getsockopt+0x9/0x10
[  340.706076][T16957]  ? security_socket_getsockopt+0x87/0xb0
[  340.711820][T16957]  ? __pfx_xsk_getsockopt+0x10/0x10
[  340.717012][T16957]  do_sock_getsockopt+0x373/0x850
[  340.722031][T16957]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  340.727571][T16957]  ? __fget_files+0x3f6/0x470
[  340.732252][T16957]  __sys_getsockopt+0x271/0x330
[  340.737184][T16957]  ? __pfx___sys_getsockopt+0x10/0x10
[  340.742554][T16957]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  340.748876][T16957]  ? do_syscall_64+0x100/0x230
[  340.753634][T16957]  __x64_sys_getsockopt+0xb5/0xd0
[  340.758652][T16957]  do_syscall_64+0xf3/0x230
[  340.763148][T16957]  ? clear_bhb_loop+0x35/0x90
[  340.767823][T16957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.773710][T16957] RIP: 0033:0x7f91d007cf69
[  340.778205][T16957] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  340.797817][T16957] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  340.806311][T16957] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  340.814278][T16957] RDX: 0000000000000001 RSI: 000000000000011b RDI: 0000000000000003
[  340.822259][T16957] RBP: 00007f91d0e13120 R08: 0000000020000000 R09: 0000000000000000
[  340.830393][T16957] R10: 0000000020001740 R11: 0000000000000246 R12: 0000000000000001
[  340.838357][T16957] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  340.846331][T16957]  </TASK>
[  340.866777][T16704] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  340.963010][T16966] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  341.079808][T16969] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  341.159525][T16704] 8021q: adding VLAN 0 to HW filter on device batadv0
[  341.180432][T16974] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  341.324657][ T5169] tipc: Node number set to 15444650
[  341.338847][   T29] audit: type=1804 audit(1717863360.836:46): pid=16974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3621047146/syzkaller.rXSNeW/322/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0
[  341.392309][T16704] veth0_vlan: entered promiscuous mode
[  341.435043][T16704] veth1_vlan: entered promiscuous mode
[  341.553735][T16704] veth0_macvtap: entered promiscuous mode
[  341.608195][T16704] veth1_macvtap: entered promiscuous mode
[  341.655487][T16704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  341.669591][T16704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.679986][T16704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  341.694635][T16704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.715109][T16704] batman_adv: batadv0: Interface activated: batadv_slave_0
[  341.745668][T16999] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  341.790211][T16999] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  341.815399][T16995] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  341.827834][T16704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.857640][T16704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.878514][T16704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.892172][T16704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.911190][T16704] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  341.940449][T16704] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  341.963461][T16704] batman_adv: batadv0: Interface activated: batadv_slave_1
[  342.011804][T16704] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  342.058910][T16704] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  342.089871][T16704] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  342.125384][T16704] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  342.204351][T17029] FAULT_INJECTION: forcing a failure.
[  342.204351][T17029] name failslab, interval 1, probability 0, space 0, times 0
[  342.248825][T17029] CPU: 0 PID: 17029 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  342.259376][T17029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  342.269456][T17029] Call Trace:
[  342.272792][T17029]  <TASK>
[  342.275456][   T61] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.275722][T17029]  dump_stack_lvl+0x241/0x360
[  342.288164][T17029]  ? __pfx_dump_stack_lvl+0x10/0x10
[  342.288195][T17029]  ? __pfx__printk+0x10/0x10
[  342.294063][   T61] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  342.297971][T17029]  ? __pfx___might_resched+0x10/0x10
[  342.298021][T17029]  should_fail_ex+0x3b0/0x4e0
[  342.298049][T17029]  ? __d_alloc+0x31/0x700
[  342.298068][T17029]  should_failslab+0x9/0x20
[  342.306970][ T5131] Bluetooth: hci1: command 0x0405 tx timeout
[  342.310586][T17029]  kmem_cache_alloc_lru_noprof+0x71/0x2b0
[  342.310627][T17029]  __d_alloc+0x31/0x700
[  342.339901][T17029]  d_alloc_parallel+0xdf/0x1600
[  342.344758][T17029]  ? __asan_memset+0x23/0x50
[  342.349345][T17029]  ? __asan_memset+0x23/0x50
[  342.353928][T17029]  ? lockdep_init_map_type+0xa1/0x910
[  342.359313][T17029]  ? __pfx_lockdep_init_map_type+0x10/0x10
[  342.365116][T17029]  ? __pfx_d_alloc_parallel+0x10/0x10
[  342.370497][T17029]  ? __init_waitqueue_head+0xae/0x150
[  342.375865][T17029]  __lookup_slow+0x117/0x3f0
[  342.380447][T17029]  ? __pfx___lookup_slow+0x10/0x10
[  342.385556][T17029]  ? try_to_unlazy+0x35c/0x5b0
[  342.390322][T17029]  lookup_slow+0x53/0x70
[  342.394644][T17029]  walk_component+0x2e1/0x410
[  342.399333][T17029]  path_lookupat+0x16f/0x450
[  342.403927][T17029]  filename_lookup+0x256/0x610
[  342.408698][T17029]  ? __pfx_filename_lookup+0x10/0x10
[  342.413999][T17029]  ? strncpy_from_user+0x1a4/0x2f0
[  342.419105][T17029]  ? getname_flags+0x1fe/0x4f0
[  342.423881][T17029]  user_path_at_empty+0x42/0x60
[  342.428724][T17029]  bpf_obj_get_user+0xbc/0x4e0
[  342.433480][T17029]  ? __pfx_bpf_obj_get_user+0x10/0x10
[  342.438854][T17029]  __sys_bpf+0x639/0x810
[  342.443089][T17029]  ? __pfx___sys_bpf+0x10/0x10
[  342.447856][T17029]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  342.453833][T17029]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  342.460179][T17029]  ? do_syscall_64+0x100/0x230
[  342.464961][T17029]  __x64_sys_bpf+0x7c/0x90
[  342.469397][T17029]  do_syscall_64+0xf3/0x230
[  342.473908][T17029]  ? clear_bhb_loop+0x35/0x90
[  342.478597][T17029]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.484487][T17029] RIP: 0033:0x7f91d007cf69
[  342.488895][T17029] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  342.508497][T17029] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  342.516906][T17029] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  342.524867][T17029] RDX: 0000000000000018 RSI: 0000000020001240 RDI: 0000000000000007
[  342.532848][T17029] RBP: 00007f91d0e13120 R08: 0000000000000000 R09: 0000000000000000
[  342.540828][T17029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  342.548795][T17029] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  342.556791][T17029]  </TASK>
[  342.652588][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  342.676297][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  342.735921][T17039] lo speed is unknown, defaulting to 1000
[  343.028331][T17057] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  343.053280][T17057] netlink: 9328 bytes leftover after parsing attributes in process `syz-executor.4'.
[  343.068118][T17061] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  343.090082][T17061] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.1'.
[  343.101370][T17057] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
[  343.142270][T17065] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[  343.302657][T17070] tun0: tun_chr_ioctl cmd 2147767519
[  343.471793][ T6553] tipc: Subscription rejected, illegal request
[  343.538198][T17079] FAULT_INJECTION: forcing a failure.
[  343.538198][T17079] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  343.576722][T17079] CPU: 0 PID: 17079 Comm: syz-executor.1 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  343.587374][T17079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  343.597452][T17079] Call Trace:
[  343.600758][T17079]  <TASK>
[  343.603797][T17079]  dump_stack_lvl+0x241/0x360
[  343.608513][T17079]  ? __pfx_dump_stack_lvl+0x10/0x10
[  343.613741][T17079]  ? __pfx__printk+0x10/0x10
[  343.618358][T17079]  ? __pfx_lock_release+0x10/0x10
[  343.623418][T17079]  should_fail_ex+0x3b0/0x4e0
[  343.628119][T17079]  _copy_from_user+0x2f/0xe0
[  343.632712][T17079]  copy_msghdr_from_user+0xae/0x680
[  343.637910][T17079]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  343.643733][T17079]  __sys_sendmsg+0x23d/0x3a0
[  343.648318][T17079]  ? __pfx___sys_sendmsg+0x10/0x10
[  343.653597][T17079]  ? vfs_write+0x7c4/0xc90
[  343.658039][T17079]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  343.664363][T17079]  ? do_syscall_64+0x100/0x230
[  343.669133][T17079]  ? do_syscall_64+0xb6/0x230
[  343.673807][T17079]  do_syscall_64+0xf3/0x230
[  343.678320][T17079]  ? clear_bhb_loop+0x35/0x90
[  343.682999][T17079]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.688887][T17079] RIP: 0033:0x7f099587cf69
[  343.693294][T17079] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  343.715398][T17079] RSP: 002b:00007f099664c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  343.723822][T17079] RAX: ffffffffffffffda RBX: 00007f09959b3f80 RCX: 00007f099587cf69
[  343.731811][T17079] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000005
[  343.739781][T17079] RBP: 00007f099664c120 R08: 0000000000000000 R09: 0000000000000000
[  343.747746][T17079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  343.755709][T17079] R13: 000000000000000b R14: 00007f09959b3f80 R15: 00007ffea5fcea88
[  343.763800][T17079]  </TASK>
[  343.884146][T17087] sctp: [Deprecated]: syz-executor.4 (pid 17087) Use of int in max_burst socket option.
[  343.884146][T17087] Use struct sctp_assoc_value instead
[  344.540130][T17118] tun0: tun_chr_ioctl cmd 2147767519
[  344.704617][T17124] nbd: couldn't find a device at index 0
[  344.715141][T17124] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  344.859097][T17129] sctp: [Deprecated]: syz-executor.1 (pid 17129) Use of int in max_burst socket option.
[  344.859097][T17129] Use struct sctp_assoc_value instead
[  345.451383][T17149] __nla_validate_parse: 19 callbacks suppressed
[  345.451404][T17149] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  345.484088][T17149] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  345.591496][T17158] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  345.728116][T17163] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  345.836146][T17169] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  345.846352][T17169] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  345.956445][T17168] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  346.228339][ T6553] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  346.499597][T17192] syzkaller0: entered promiscuous mode
[  346.506627][T17192] syzkaller0: entered allmulticast mode
[  346.534888][T17195] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  346.550319][T17199] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'.
[  346.570662][T17195] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  347.015969][ T5130] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  347.048873][ T5130] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  347.067101][ T5130] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  347.087924][ T5130] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  347.103465][ T5130] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  347.112357][ T5130] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  347.549350][   T51] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  348.769213][T17227] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  348.801328][T17230] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  348.816857][ T6553] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  348.899703][T17224] tun0: tun_chr_ioctl cmd 2147767519
[  349.035706][ T6553] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.061874][T17219] lo speed is unknown, defaulting to 1000
[  349.185585][ T6553] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  349.224246][ T5130] Bluetooth: hci1: command tx timeout
[  349.229173][T17244] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  349.540456][ T5197] IPVS: starting estimator thread 0...
[  349.654160][T17264] IPVS: using max 23 ests per chain, 55200 per kthread
[  349.667018][ T6553] bridge_slave_1: left allmulticast mode
[  349.686684][ T6553] bridge_slave_1: left promiscuous mode
[  349.718427][ T6553] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.740839][ T6553] bridge_slave_0: left allmulticast mode
[  349.753310][ T6553] bridge_slave_0: left promiscuous mode
[  349.759327][ T6553] bridge0: port 1(bridge_slave_0) entered disabled state
[  350.071721][   T29] audit: type=1804 audit(1717863369.566:47): pid=17285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3621047146/syzkaller.rXSNeW/345/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0
[  350.278860][ T6553] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  350.290420][ T6553] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  350.301418][ T6553] bond0 (unregistering): Released all slaves
[  350.321373][T17281] netlink: 'syz-executor.4': attribute type 33 has an invalid length.
[  350.624830][T17300] __nla_validate_parse: 11 callbacks suppressed
[  350.624850][T17300] netlink: 860 bytes leftover after parsing attributes in process `syz-executor.3'.
[  350.665358][T17296] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  350.691235][T17296] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  350.691511][T17294] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  351.033178][T17219] chnl_net:caif_netlink_parms(): no params data found
[  351.305217][ T5130] Bluetooth: hci1: command tx timeout
[  351.327212][ T6553] hsr_slave_0: left promiscuous mode
[  351.341423][ T6553] hsr_slave_1: left promiscuous mode
[  351.368554][ T6553] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  351.384111][ T6553] batman_adv: batadv0: Removing interface: batadv_slave_0
[  351.393472][ T6553] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  351.411633][ T6553] batman_adv: batadv0: Removing interface: batadv_slave_1
[  351.441716][T17323] sctp: [Deprecated]: syz-executor.0 (pid 17323) Use of int in max_burst socket option.
[  351.441716][T17323] Use struct sctp_assoc_value instead
[  351.495667][ T6553] veth1_macvtap: left promiscuous mode
[  351.501210][ T6553] veth0_macvtap: left promiscuous mode
[  351.514114][ T6553] veth1_vlan: left promiscuous mode
[  351.520019][ T6553] veth0_vlan: left promiscuous mode
[  352.228773][ T6553] team0 (unregistering): Port device team_slave_1 removed
[  352.276942][ T6553] team0 (unregistering): Port device team_slave_0 removed
[  352.851260][T17333] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.864403][T17339] netlink: 860 bytes leftover after parsing attributes in process `syz-executor.4'.
[  352.953534][T17337] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  352.974160][T17337] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  352.997618][T17337] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  353.076086][T17333] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.157173][T17219] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.178098][T17219] bridge0: port 1(bridge_slave_0) entered disabled state
[  353.194025][T17219] bridge_slave_0: entered allmulticast mode
[  353.203168][T17219] bridge_slave_0: entered promiscuous mode
[  353.263531][T17333] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  353.320262][   T29] audit: type=1800 audit(1717863372.816:48): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1955 res=0 errno=0
[  353.341352][T17358] netlink: 'syz-executor.3': attribute type 7 has an invalid length.
[  353.350724][T17358] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  353.365345][   T29] audit: type=1804 audit(1717863372.816:49): pid=17350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir3621047146/syzkaller.rXSNeW/353/memory.events" dev="sda1" ino=1955 res=1 errno=0
[  353.394652][ T5130] Bluetooth: hci1: command tx timeout
[  353.402993][T17219] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.411754][T17219] bridge0: port 2(bridge_slave_1) entered disabled state
[  353.419149][T17219] bridge_slave_1: entered allmulticast mode
[  353.427236][T17219] bridge_slave_1: entered promiscuous mode
[  353.582268][T17355] syzkaller0: entered promiscuous mode
[  353.605362][T17355] syzkaller0: entered allmulticast mode
[  353.655843][T17333] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  354.089300][T17383] sctp: [Deprecated]: syz-executor.4 (pid 17383) Use of int in max_burst socket option.
[  354.089300][T17383] Use struct sctp_assoc_value instead
[  355.464810][ T5130] Bluetooth: hci1: command tx timeout
[  355.668905][T17219] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.696694][T17219] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.797541][T17219] team0: Port device team_slave_0 added
[  355.808019][T17386] netlink: 860 bytes leftover after parsing attributes in process `syz-executor.4'.
[  355.820029][T17219] team0: Port device team_slave_1 added
[  355.841607][T17387] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  355.868539][T17387] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  355.884845][T17387] team0: entered promiscuous mode
[  355.890304][T17387] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping
[  355.916703][T17219] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.923743][T17219] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.959888][T17219] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  356.028651][T17333] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  356.038724][T17397] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'.
[  356.049902][T17389] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  356.062805][T17389] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  356.082600][T17219] batman_adv: batadv0: Adding interface: batadv_slave_1
[  356.092735][T17219] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  356.121169][T17219] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.123288][T17404] FAULT_INJECTION: forcing a failure.
[  356.123288][T17404] name failslab, interval 1, probability 0, space 0, times 0
[  356.145994][T17404] CPU: 1 PID: 17404 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  356.156519][T17404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  356.166590][T17404] Call Trace:
[  356.169884][T17404]  <TASK>
[  356.172807][T17404]  dump_stack_lvl+0x241/0x360
[  356.177486][T17404]  ? __pfx_dump_stack_lvl+0x10/0x10
[  356.182678][T17404]  ? __pfx__printk+0x10/0x10
[  356.187262][T17404]  ? __pfx___might_resched+0x10/0x10
[  356.192547][T17404]  should_fail_ex+0x3b0/0x4e0
[  356.197218][T17404]  ? rxrpc_alloc_bundle+0x7b/0x730
[  356.202324][T17404]  should_failslab+0x9/0x20
[  356.206821][T17404]  kmalloc_trace_noprof+0x6c/0x2c0
[  356.212010][T17404]  rxrpc_alloc_bundle+0x7b/0x730
[  356.216942][T17404]  rxrpc_look_up_bundle+0x37a/0x860
[  356.222130][T17404]  ? do_raw_spin_unlock+0x13c/0x8b0
[  356.227329][T17404]  rxrpc_new_client_call+0xc4d/0x1510
[  356.232701][T17404]  rxrpc_do_sendmsg+0xff1/0x1910
[  356.237645][T17404]  ? __pfx_rxrpc_do_sendmsg+0x10/0x10
[  356.243019][T17404]  ? rxrpc_sendmsg+0x5d8/0x920
[  356.247776][T17404]  ? __pfx_rxrpc_sendmsg+0x10/0x10
[  356.252874][T17404]  __sock_sendmsg+0x221/0x270
[  356.257547][T17404]  ____sys_sendmsg+0x525/0x7d0
[  356.262313][T17404]  ? __pfx_____sys_sendmsg+0x10/0x10
[  356.267608][T17404]  __sys_sendmmsg+0x3b2/0x740
[  356.272310][T17404]  ? __pfx___sys_sendmmsg+0x10/0x10
[  356.277526][T17404]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  356.283417][T17404]  ? ksys_write+0x23e/0x2c0
[  356.287928][T17404]  ? __pfx_lock_release+0x10/0x10
[  356.292946][T17404]  ? vfs_write+0x7c4/0xc90
[  356.297449][T17404]  ? __mutex_unlock_slowpath+0x21d/0x750
[  356.303080][T17404]  ? __pfx_vfs_write+0x10/0x10
[  356.307884][T17404]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  356.313856][T17404]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  356.320172][T17404]  ? do_syscall_64+0x100/0x230
[  356.324928][T17404]  __x64_sys_sendmmsg+0xa0/0xb0
[  356.329772][T17404]  do_syscall_64+0xf3/0x230
[  356.334266][T17404]  ? clear_bhb_loop+0x35/0x90
[  356.338940][T17404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.344821][T17404] RIP: 0033:0x7f825b67cf69
[  356.349230][T17404] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  356.368917][T17404] RSP: 002b:00007f825c3860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  356.377331][T17404] RAX: ffffffffffffffda RBX: 00007f825b7b3f80 RCX: 00007f825b67cf69
[  356.385313][T17404] RDX: 0000000000000002 RSI: 0000000020000180 RDI: 0000000000000003
[  356.393275][T17404] RBP: 00007f825c386120 R08: 0000000000000000 R09: 0000000000000000
[  356.401232][T17404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  356.409190][T17404] R13: 000000000000004d R14: 00007f825b7b3f80 R15: 00007ffc26f3fe68
[  356.417181][T17404]  </TASK>
[  356.495492][T17333] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  356.566062][T17219] hsr_slave_0: entered promiscuous mode
[  356.590936][T17219] hsr_slave_1: entered promiscuous mode
[  356.605855][T17219] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  356.613429][T17219] Cannot create hsr debugfs directory
[  356.679257][T17333] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  356.750521][T17333] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  357.004938][T17426] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  357.132689][T17428] sctp: [Deprecated]: syz-executor.1 (pid 17428) Use of int in max_burst socket option.
[  357.132689][T17428] Use struct sctp_assoc_value instead
[  357.916547][T17465] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  357.983107][T17468] sctp: [Deprecated]: syz-executor.3 (pid 17468) Use of int in max_burst socket option deprecated.
[  357.983107][T17468] Use struct sctp_assoc_value instead
[  358.039516][T17465] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.098810][T17476] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  358.129448][T17465] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.159665][T17219] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  358.183097][T17219] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  358.196468][T17219] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  358.233038][T17465] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  358.264259][T17219] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  358.386135][T17487] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'.
[  358.449813][   T45] IPVS: starting estimator thread 0...
[  358.517530][T17219] 8021q: adding VLAN 0 to HW filter on device bond0
[  358.544281][T17492] IPVS: using max 22 ests per chain, 52800 per kthread
[  358.590145][T17219] 8021q: adding VLAN 0 to HW filter on device team0
[  358.596024][T17496] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'.
[  358.626213][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state
[  358.633378][ T5197] bridge0: port 1(bridge_slave_0) entered forwarding state
[  358.661038][T17498] sctp: [Deprecated]: syz-executor.0 (pid 17498) Use of int in max_burst socket option.
[  358.661038][T17498] Use struct sctp_assoc_value instead
[  358.666174][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state
[  358.683165][ T5197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  358.739314][T17219] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  358.750670][T17219] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  358.869386][T17506] bridge_slave_0: left allmulticast mode
[  358.888528][T17506] bridge_slave_0: left promiscuous mode
[  358.907843][T17506] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.959128][T17506] bridge0 (unregistering): left allmulticast mode
[  359.010583][T17506] team0: Port device macvlan2 removed
[  359.238219][T17517] FAULT_INJECTION: forcing a failure.
[  359.238219][T17517] name failslab, interval 1, probability 0, space 0, times 0
[  359.250046][T17520] x_tables: duplicate underflow at hook 2
[  359.271508][T17517] CPU: 0 PID: 17517 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  359.282055][T17517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  359.292126][T17517] Call Trace:
[  359.295573][T17517]  <TASK>
[  359.297551][T17219] 8021q: adding VLAN 0 to HW filter on device batadv0
[  359.298502][T17517]  dump_stack_lvl+0x241/0x360
[  359.309975][T17517]  ? __pfx_dump_stack_lvl+0x10/0x10
[  359.315199][T17517]  ? __pfx__printk+0x10/0x10
[  359.319813][T17517]  ? __pfx___might_resched+0x10/0x10
[  359.325133][T17517]  should_fail_ex+0x3b0/0x4e0
[  359.329837][T17517]  should_failslab+0x9/0x20
[  359.334346][T17517]  __kmalloc_node_noprof+0xdf/0x440
[  359.339541][T17517]  ? kvmalloc_node_noprof+0x72/0x190
[  359.344838][T17517]  kvmalloc_node_noprof+0x72/0x190
[  359.349944][T17517]  __nf_hook_entries_try_shrink+0x330/0x730
[  359.355843][T17517]  __nf_unregister_net_hook+0x5cf/0x800
[  359.361400][T17517]  nf_unregister_net_hooks+0xd0/0x140
[  359.366769][T17517]  ip_vs_unregister_hooks+0xb9/0x120
[  359.372056][T17517]  ip_vs_unlink_service+0x3c5/0x9e0
[  359.377259][T17517]  ip_vs_flush+0xa6/0x1b0
[  359.381587][T17517]  do_ip_vs_set_ctl+0x4c4/0x13d0
[  359.386527][T17517]  ? __pfx___might_resched+0x10/0x10
[  359.391809][T17517]  ? __pfx_do_ip_vs_set_ctl+0x10/0x10
[  359.397185][T17517]  ? rcu_is_watching+0x15/0xb0
[  359.401947][T17517]  ? __mutex_unlock_slowpath+0x21d/0x750
[  359.407581][T17517]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  359.413561][T17517]  ? __pfx___mutex_lock+0x10/0x10
[  359.418588][T17517]  ? module_put+0x13a/0x2d0
[  359.423105][T17517]  nf_setsockopt+0x295/0x2c0
[  359.427714][T17517]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  359.433621][T17517]  smc_setsockopt+0x275/0xe50
[  359.438313][T17517]  ? __pfx_smc_setsockopt+0x10/0x10
[  359.443513][T17517]  ? aa_sock_opt_perm+0x79/0x120
[  359.448464][T17517]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  359.454010][T17517]  ? security_socket_setsockopt+0x87/0xb0
[  359.459726][T17517]  ? __pfx_smc_setsockopt+0x10/0x10
[  359.464922][T17517]  do_sock_setsockopt+0x3af/0x720
[  359.470087][T17517]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  359.475644][T17517]  ? __fget_files+0x29/0x470
[  359.480233][T17517]  ? __fget_files+0x3f6/0x470
[  359.484921][T17517]  __sys_setsockopt+0x1ae/0x250
[  359.489767][T17517]  __x64_sys_setsockopt+0xb5/0xd0
[  359.494788][T17517]  do_syscall_64+0xf3/0x230
[  359.499284][T17517]  ? clear_bhb_loop+0x35/0x90
[  359.503952][T17517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.509836][T17517] RIP: 0033:0x7f188027cf69
[  359.514240][T17517] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  359.533859][T17517] RSP: 002b:00007f1880f710c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  359.542267][T17517] RAX: ffffffffffffffda RBX: 00007f18803b3f80 RCX: 00007f188027cf69
[  359.550228][T17517] RDX: 0000000000000485 RSI: 0000000000000000 RDI: 0000000000000003
[  359.558215][T17517] RBP: 00007f1880f71120 R08: 0000000000000000 R09: 0000000000000000
[  359.566201][T17517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  359.574263][T17517] R13: 000000000000000b R14: 00007f18803b3f80 R15: 00007ffd9bedb648
[  359.582258][T17517]  </TASK>
[  359.618373][T17219] veth0_vlan: entered promiscuous mode
[  359.652317][T17219] veth1_vlan: entered promiscuous mode
[  359.721262][T17219] veth0_macvtap: entered promiscuous mode
[  359.754799][T17219] veth1_macvtap: entered promiscuous mode
[  359.848441][T17219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  359.884621][T17219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.903344][T17219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  359.914732][T17219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  359.927033][T17219] batman_adv: batadv0: Interface activated: batadv_slave_0
[  359.984983][T17219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  359.995707][T17219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.009130][T17219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.020469][T17219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.030676][T17219] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  360.041694][T17219] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  360.054660][T17219] batman_adv: batadv0: Interface activated: batadv_slave_1
[  360.102022][T17538] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  360.171295][T17219] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  360.181144][T17219] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  360.204436][T17219] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  360.213178][T17219] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  360.393707][ T6553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  360.423239][ T6553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  360.479660][T17553] x_tables: duplicate underflow at hook 2
[  360.527509][ T6558] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  360.551615][ T6558] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  360.574869][T17557] 0ªX¹¦D: renamed from 
00ªX¹¦Dö» (while UP)
[  360.587160][T17557] A link change request failed with some changes committed already. Interface 
50ªX¹¦D may have been left with an inconsistent configuration, please check.
[  360.623438][ T6553] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  361.015643][T17582] __nla_validate_parse: 9 callbacks suppressed
[  361.015665][T17582] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  361.095088][T17585] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  361.201786][T17594] x_tables: duplicate underflow at hook 2
[  361.204279][T17598] lo speed is unknown, defaulting to 1000
[  361.316249][T17601] tun0: tun_chr_ioctl cmd 2147767519
[  361.322974][T17601] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  361.363288][T17606] FAULT_INJECTION: forcing a failure.
[  361.363288][T17606] name failslab, interval 1, probability 0, space 0, times 0
[  361.376649][T17606] CPU: 0 PID: 17606 Comm: syz-executor.4 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  361.387135][T17606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  361.397695][T17606] Call Trace:
[  361.400961][T17606]  <TASK>
[  361.403877][T17606]  dump_stack_lvl+0x241/0x360
[  361.408545][T17606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  361.413810][T17606]  ? __pfx__printk+0x10/0x10
[  361.418421][T17606]  ? __pfx_lock_acquire+0x10/0x10
[  361.423466][T17606]  ? __sigqueue_alloc+0x2f/0x540
[  361.428415][T17606]  should_fail_ex+0x3b0/0x4e0
[  361.433101][T17606]  ? __sigqueue_alloc+0x42e/0x540
[  361.438134][T17606]  should_failslab+0x9/0x20
[  361.442637][T17606]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  361.448023][T17606]  __sigqueue_alloc+0x42e/0x540
[  361.452968][T17606]  __send_signal_locked+0x22f/0xdc0
[  361.458181][T17606]  ? __lock_task_sighand+0x29/0x2d0
[  361.463388][T17606]  group_send_sig_info+0x292/0x310
[  361.468522][T17606]  ? __pfx_group_send_sig_info+0x10/0x10
[  361.474180][T17606]  bpf_send_signal_common+0x2dd/0x430
[  361.479557][T17606]  ? __pfx_bpf_send_signal_common+0x10/0x10
[  361.485451][T17606]  ? tomoyo_supervisor+0x544/0x11f0
[  361.490654][T17606]  ? bpf_trace_run2+0x1fc/0x540
[  361.495501][T17606]  bpf_send_signal_thread+0x16/0x20
[  361.500699][T17606]  bpf_prog_4c85cdd3a16dba6d+0x22/0x28
[  361.506149][T17606]  bpf_trace_run2+0x2ec/0x540
[  361.510827][T17606]  ? __pfx_bpf_trace_run2+0x10/0x10
[  361.516025][T17606]  ? tomoyo_print_ulong+0x27/0xa0
[  361.521057][T17606]  ? tomoyo_path_number_perm+0x68d/0x880
[  361.526679][T17606]  ? __pfx_snprintf+0x10/0x10
[  361.531353][T17606]  ? tomoyo_path_number_perm+0x68d/0x880
[  361.536996][T17606]  kfree+0x2bb/0x360
[  361.540915][T17606]  tomoyo_path_number_perm+0x68d/0x880
[  361.546825][T17606]  ? tomoyo_path_number_perm+0x208/0x880
[  361.552456][T17606]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  361.558459][T17606]  ? __fget_files+0x29/0x470
[  361.563046][T17606]  ? __fget_files+0x3f6/0x470
[  361.567724][T17606]  ? __fget_files+0x29/0x470
[  361.572316][T17606]  security_file_ioctl+0x75/0xb0
[  361.577249][T17606]  __se_sys_ioctl+0x47/0x170
[  361.581837][T17606]  do_syscall_64+0xf3/0x230
[  361.586333][T17606]  ? clear_bhb_loop+0x35/0x90
[  361.591008][T17606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.596902][T17606] RIP: 0033:0x7f825b67cf69
[  361.601313][T17606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  361.620912][T17606] RSP: 002b:00007f825c3860c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  361.629319][T17606] RAX: ffffffffffffffda RBX: 00007f825b7b3f80 RCX: 00007f825b67cf69
[  361.637277][T17606] RDX: 0000000020000000 RSI: 00000000c0185879 RDI: 0000000000000007
[  361.645235][T17606] RBP: 00007f825c386120 R08: 0000000000000000 R09: 0000000000000000
[  361.653192][T17606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  361.661148][T17606] R13: 000000000000004d R14: 00007f825b7b3f80 R15: 00007ffc26f3fe68
[  361.669129][T17606]  </TASK>
[  361.761824][T17609] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'.
[  361.837998][T17616] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  361.987418][T17465] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.011040][T17623] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'.
[  362.042989][T17465] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.068728][T17627] x_tables: duplicate underflow at hook 2
[  362.087227][T17465] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.106817][T17625] netlink: 49 bytes leftover after parsing attributes in process `syz-executor.4'.
[  362.132898][T17465] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.223542][   T29] audit: type=1804 audit(1717863381.716:50): pid=17633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1247082452/syzkaller.PeVsOE/784/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0
[  362.272766][T17635] tun0: tun_chr_ioctl cmd 2147767519
[  362.308080][T17635] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  362.368690][T17646] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  362.602862][T17657] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  362.627711][T17662] x_tables: duplicate underflow at hook 2
[  362.902250][T17673] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.052644][T17673] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.073702][T17680] syzkaller0: entered allmulticast mode
[  363.095449][T17684] tun0: tun_chr_ioctl cmd 2147767519
[  363.111142][T17678] syzkaller0: left allmulticast mode
[  363.176957][T17673] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.298484][T17673] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  363.317112][T17692] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  363.363347][T17692] team0: Device veth1_vlan failed to register rx_handler
[  363.446082][T17673] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.462249][T17673] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.482281][T17673] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.503056][T17673] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.963615][   T61] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  364.664200][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  364.681593][ T5131] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  364.693129][ T5131] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  364.701476][ T5131] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  364.711415][ T5131] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  364.719167][ T5131] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  364.727747][ T5131] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  364.781317][T17747] lo speed is unknown, defaulting to 1000
[  365.274224][T17771] sctp: [Deprecated]: syz-executor.3 (pid 17771) Use of int in maxseg socket option.
[  365.274224][T17771] Use struct sctp_assoc_value instead
[  365.322736][   T61] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.346401][   T29] audit: type=1804 audit(1717863384.846:51): pid=17767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1247082452/syzkaller.PeVsOE/793/cgroup.controllers" dev="sda1" ino=1960 res=1 errno=0
[  365.389920][T17747] chnl_net:caif_netlink_parms(): no params data found
[  365.390812][T17773] smc: net device wlan0 applied user defined pnetid SYZ2
[  365.573759][   T61] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.617706][T17771] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition
[  365.640881][T17771] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0)
[  365.716777][   T61] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.804276][T17786] tun0: tun_chr_ioctl cmd 2147767519
[  365.921354][T17747] bridge0: port 1(bridge_slave_0) entered blocking state
[  365.937217][T17747] bridge0: port 1(bridge_slave_0) entered disabled state
[  365.949513][T17747] bridge_slave_0: entered allmulticast mode
[  365.958522][T17747] bridge_slave_0: entered promiscuous mode
[  365.980933][T17747] bridge0: port 2(bridge_slave_1) entered blocking state
[  365.990026][T17747] bridge0: port 2(bridge_slave_1) entered disabled state
[  365.997486][T17747] bridge_slave_1: entered allmulticast mode
[  366.006685][T17747] bridge_slave_1: entered promiscuous mode
[  366.097874][T17805] __nla_validate_parse: 13 callbacks suppressed
[  366.097892][T17805] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  366.129245][T17747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  366.159693][T17747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  366.167364][T17804] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.0'.
[  366.171886][   T61] bridge_slave_1: left allmulticast mode
[  366.185064][   T61] bridge_slave_1: left promiscuous mode
[  366.190951][   T61] bridge0: port 2(bridge_slave_1) entered disabled state
[  366.206548][   T61] bridge_slave_0: left allmulticast mode
[  366.208780][T17804] openvswitch: netlink: IP tunnel attribute has 3048 unknown bytes.
[  366.212223][   T61] bridge_slave_0: left promiscuous mode
[  366.212436][   T61] bridge0: port 1(bridge_slave_0) entered disabled state
[  366.469919][T17819] ebt_among: dst integrity fail: 200
[  366.827061][ T5130] Bluetooth: hci1: command tx timeout
[  366.888348][   T61] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  366.901103][   T61] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  366.914694][   T61] bond0 (unregistering): Released all slaves
[  366.937885][T17853] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  367.187698][T17870] sctp: [Deprecated]: syz-executor.4 (pid 17870) Use of int in max_burst socket option.
[  367.187698][T17870] Use struct sctp_assoc_value instead
[  367.238887][T17872] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  367.274233][T17876] netlink: 'syz-executor.1': attribute type 2 has an invalid length.
[  367.279558][T17747] team0: Port device team_slave_0 added
[  367.282415][T17876] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  367.306979][T17877] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  367.324119][T17877] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  367.390927][T17747] team0: Port device team_slave_1 added
[  367.615076][T17887] syzkaller0: entered allmulticast mode
[  367.630283][T17747] batman_adv: batadv0: Adding interface: batadv_slave_0
[  367.646253][T17747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  367.684928][T17747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  367.726068][T17887] syzkaller0 (unregistering): left allmulticast mode
[  367.827934][T17893] wlan1: mtu greater than device maximum
[  367.883046][T17747] batman_adv: batadv0: Adding interface: batadv_slave_1
[  367.924140][T17747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  367.966677][T17909] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  368.006649][T17747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  368.133648][T17908] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  368.188314][T17909] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  368.208064][   T61] hsr_slave_0: left promiscuous mode
[  368.215047][   T61] hsr_slave_1: left promiscuous mode
[  368.221113][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  368.228979][   T61] batman_adv: batadv0: Removing interface: batadv_slave_0
[  368.238532][   T61] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  368.246438][   T61] batman_adv: batadv0: Removing interface: batadv_slave_1
[  368.276423][   T61] veth1_macvtap: left promiscuous mode
[  368.282512][   T61] veth0_macvtap: left promiscuous mode
[  368.292245][   T61] veth1_vlan: left promiscuous mode
[  368.298224][   T61] veth0_vlan: left promiscuous mode
[  368.861946][   T61] team0 (unregistering): Port device team_slave_1 removed
[  368.909337][   T61] team0 (unregistering): Port device team_slave_0 removed
[  368.917255][ T5130] Bluetooth: hci1: command tx timeout
[  369.398289][T17916] vlan2: entered promiscuous mode
[  369.434444][T17747] hsr_slave_0: entered promiscuous mode
[  369.443210][T17747] hsr_slave_1: entered promiscuous mode
[  369.464714][T17747] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  369.472732][T17747] Cannot create hsr debugfs directory
[  369.494013][T17911] tun0: tun_chr_ioctl cmd 2147767519
[  369.660885][T17935] netlink: 'syz-executor.0': attribute type 2 has an invalid length.
[  370.386447][T17967] tun0: tun_chr_ioctl cmd 2147767519
[  370.410736][T17971] No such timeout policy "syz0"
[  370.412150][T17747] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  370.447724][T17747] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  370.474971][T17747] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  370.498202][T17747] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  370.759358][T17747] 8021q: adding VLAN 0 to HW filter on device bond0
[  370.816619][T17747] 8021q: adding VLAN 0 to HW filter on device team0
[  370.869202][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  370.876389][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  370.911024][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  370.918250][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  370.984734][ T5130] Bluetooth: hci1: command tx timeout
[  371.513566][T17747] 8021q: adding VLAN 0 to HW filter on device batadv0
[  371.668928][T17747] veth0_vlan: entered promiscuous mode
[  371.718546][T17747] veth1_vlan: entered promiscuous mode
[  371.773436][T18030] __nla_validate_parse: 13 callbacks suppressed
[  371.773455][T18030] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  371.795597][T18030] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  371.911098][T17747] veth0_macvtap: entered promiscuous mode
[  371.961536][T17747] veth1_macvtap: entered promiscuous mode
[  372.026878][T18045] Bluetooth: hci3: invalid length 0, exp 2 for type 19
[  372.040906][T17747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  372.061066][T18046] Bluetooth: hci3: invalid length 0, exp 2 for type 19
[  372.068844][T17747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.086217][T17747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  372.102843][T17747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.122305][T17747] batman_adv: batadv0: Interface activated: batadv_slave_0
[  372.143167][T17747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.162744][T17747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.174722][T17747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.194032][T17747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.211684][T17747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  372.233188][T17747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  372.245427][T17747] batman_adv: batadv0: Interface activated: batadv_slave_1
[  372.267785][T17747] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  372.285334][T17747] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  372.300190][T17747] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  372.311504][T17747] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  372.434712][ T2841] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.442800][ T2841] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.491520][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  372.501675][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  372.504044][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  372.656254][T18051] syz-executor.1[18051] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  372.656568][T18051] syz-executor.1[18051] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  372.689068][T18052] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  372.722235][T18049] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  372.898383][T18065] netlink: 'syz-executor.4': attribute type 11 has an invalid length.
[  372.917014][T18069] netlink: 'syz-executor.1': attribute type 10 has an invalid length.
[  372.928384][T18069] 8021q: adding VLAN 0 to HW filter on device team0
[  372.940625][T18069] bond0: (slave team0): Enslaving as an active interface with an up link
[  373.042998][T18069] bridge2: entered promiscuous mode
[  373.065732][T18069] bridge2: entered allmulticast mode
[  373.193143][T18076] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  373.222029][T18085] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  373.244618][T18085] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  373.318856][T18089] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  373.349413][T18093] netlink: 'syz-executor.1': attribute type 12 has an invalid length.
[  373.404197][T18093] netlink: 148 bytes leftover after parsing attributes in process `syz-executor.1'.
[  373.866473][T18131] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  374.119537][T18148] IPVS: set_ctl: invalid protocol: 44 172.20.20.187:20003
[  374.226314][T18157] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  374.975969][T18204] sctp: [Deprecated]: syz-executor.0 (pid 18204) Use of int in max_burst socket option.
[  374.975969][T18204] Use struct sctp_assoc_value instead
[  375.174767][T18221] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 25 (only 8 groups)
[  375.249207][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.329886][T18225] tun0: tun_chr_ioctl cmd 2147767519
[  375.358505][T18217] lo speed is unknown, defaulting to 1000
[  375.603590][T18235] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  375.634340][T18241] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16)
[  375.661176][T18235] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  375.684058][T18241] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  375.879881][T18250] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  375.984751][T18250] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.087127][T18250] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.139603][T18254] sctp: [Deprecated]: syz-executor.3 (pid 18254) Use of int in max_burst socket option.
[  376.139603][T18254] Use struct sctp_assoc_value instead
[  376.195172][ T5131] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  376.206877][ T5131] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  376.215640][ T5131] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  376.230184][T18250] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.235734][ T5131] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  376.256509][ T5131] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  376.264937][ T5131] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  376.446657][T18258] lo speed is unknown, defaulting to 1000
[  376.469115][T18257] openvswitch: netlink: Tunnel attr 0 has unexpected len 1 expected 8
[  376.617867][T18250] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  376.729579][T18250] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  376.733603][T18285] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  376.826474][T18277] __nla_validate_parse: 14 callbacks suppressed
[  376.826495][T18277] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  376.926529][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  376.976974][T18250] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  377.073440][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.105800][T18296] sctp: [Deprecated]: syz-executor.1 (pid 18296) Use of int in max_burst socket option.
[  377.105800][T18296] Use struct sctp_assoc_value instead
[  377.134282][T18250] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  377.240628][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  377.254356][T18302] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  377.724435][T18317] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[  377.821643][T18258] chnl_net:caif_netlink_parms(): no params data found
[  377.840055][   T11] bridge_slave_1: left allmulticast mode
[  377.846656][   T11] bridge_slave_1: left promiscuous mode
[  377.852702][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  377.870433][   T11] bridge_slave_0: left allmulticast mode
[  377.894334][   T11] bridge_slave_0: left promiscuous mode
[  377.908082][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.923002][T18324] Bluetooth: hci3: invalid length 0, exp 2 for type 20
[  378.000281][T18325] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  378.249136][T18338] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  378.347618][ T5131] Bluetooth: hci1: command tx timeout
[  378.690766][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  378.703312][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  378.718329][   T11] bond0 (unregistering): Released all slaves
[  378.736566][T18336] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  378.853498][T18349] netlink: 'syz-executor.0': attribute type 30 has an invalid length.
[  378.908217][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[  378.920617][T18349] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.0'.
[  379.093727][T18362] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  379.276447][T18258] bridge0: port 1(bridge_slave_0) entered blocking state
[  379.299207][T18370] sctp: [Deprecated]: syz-executor.1 (pid 18370) Use of int in max_burst socket option.
[  379.299207][T18370] Use struct sctp_assoc_value instead
[  379.317926][T18258] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.342986][T18258] bridge_slave_0: entered allmulticast mode
[  379.364347][T18258] bridge_slave_0: entered promiscuous mode
[  379.427692][T18258] bridge0: port 2(bridge_slave_1) entered blocking state
[  379.449335][T18258] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.480625][T18258] bridge_slave_1: entered allmulticast mode
[  379.536130][T18258] bridge_slave_1: entered promiscuous mode
[  379.546517][ T2841] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  379.565022][T18376] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  379.676205][T18372] tun0: tun_chr_ioctl cmd 2147767519
[  379.798966][T18258] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  379.846119][   T11] hsr_slave_0: left promiscuous mode
[  379.858971][   T11] hsr_slave_1: left promiscuous mode
[  379.895082][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  379.902551][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  379.923146][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  379.941079][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  379.982307][   T11] veth1_macvtap: left promiscuous mode
[  379.988374][   T11] veth0_macvtap: left promiscuous mode
[  379.994603][   T11] veth1_vlan: left promiscuous mode
[  379.999908][   T11] veth0_vlan: left promiscuous mode
[  380.424692][ T5131] Bluetooth: hci1: command tx timeout
[  380.552016][   T11] team0 (unregistering): Port device team_slave_1 removed
[  380.617416][   T11] team0 (unregistering): Port device team_slave_0 removed
[  381.078285][T18258] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  381.092325][T18382] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  381.120618][T18387] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.4'.
[  381.294947][T18258] team0: Port device team_slave_0 added
[  381.336380][T18258] team0: Port device team_slave_1 added
[  381.458842][T18401] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  381.482535][T18258] batman_adv: batadv0: Adding interface: batadv_slave_0
[  381.492335][T18258] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  381.529213][T18258] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  381.556138][T18404] syzkaller1: entered promiscuous mode
[  381.570106][T18404] syzkaller1: entered allmulticast mode
[  381.589947][T18258] batman_adv: batadv0: Adding interface: batadv_slave_1
[  381.604032][T18258] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  381.695502][T18258] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  381.785727][T18416] sctp: [Deprecated]: syz-executor.3 (pid 18416) Use of int in max_burst socket option.
[  381.785727][T18416] Use struct sctp_assoc_value instead
[  381.958776][T18258] hsr_slave_0: entered promiscuous mode
[  381.992026][T18258] hsr_slave_1: entered promiscuous mode
[  382.029853][T18258] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  382.042424][T18258] Cannot create hsr debugfs directory
[  382.057118][T18420] __nla_validate_parse: 2 callbacks suppressed
[  382.057137][T18420] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  382.081304][T18430] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  382.108714][T18430] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  382.379070][T18442] pim6reg1: entered promiscuous mode
[  382.404186][T18442] pim6reg1: entered allmulticast mode
[  382.436225][T18444] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  382.449788][T18444] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  382.507063][ T5131] Bluetooth: hci1: command tx timeout
[  382.633559][T18447] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.4'.
[  382.700360][T18464] sctp: [Deprecated]: syz-executor.1 (pid 18464) Use of int in max_burst socket option.
[  382.700360][T18464] Use struct sctp_assoc_value instead
[  382.709312][T18456] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  383.145894][T18470] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  383.193146][T18471] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[  383.636375][T18490] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  383.665321][T18490] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  383.794455][T18496] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  383.806816][T18258] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  383.835042][T18258] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  383.835190][T18500] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  383.888027][T18258] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  383.931388][T18499] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  383.931732][T18506] sctp: [Deprecated]: syz-executor.0 (pid 18506) Use of int in max_burst socket option.
[  383.931732][T18506] Use struct sctp_assoc_value instead
[  383.941370][T18258] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  384.255200][T18258] 8021q: adding VLAN 0 to HW filter on device bond0
[  384.408837][T18258] 8021q: adding VLAN 0 to HW filter on device team0
[  384.483197][ T5169] bridge0: port 1(bridge_slave_0) entered blocking state
[  384.490459][ T5169] bridge0: port 1(bridge_slave_0) entered forwarding state
[  384.595218][ T5131] Bluetooth: hci1: command tx timeout
[  384.603495][T14547] bridge0: port 2(bridge_slave_1) entered blocking state
[  384.610768][T14547] bridge0: port 2(bridge_slave_1) entered forwarding state
[  384.815378][T18258] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  384.844296][T18258] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  385.194365][T18563] bridge3: entered promiscuous mode
[  385.214791][T18563] bridge3: entered allmulticast mode
[  385.330608][T18569] sctp: [Deprecated]: syz-executor.1 (pid 18569) Use of int in max_burst socket option.
[  385.330608][T18569] Use struct sctp_assoc_value instead
[  385.364075][T18258] 8021q: adding VLAN 0 to HW filter on device batadv0
[  385.416763][T18575] FAULT_INJECTION: forcing a failure.
[  385.416763][T18575] name failslab, interval 1, probability 0, space 0, times 0
[  385.476429][T18575] CPU: 0 PID: 18575 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  385.486986][T18575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  385.497064][T18575] Call Trace:
[  385.500361][T18575]  <TASK>
[  385.503321][T18575]  dump_stack_lvl+0x241/0x360
[  385.507041][T18258] veth0_vlan: entered promiscuous mode
[  385.508032][T18575]  ? __pfx_dump_stack_lvl+0x10/0x10
[  385.508063][T18575]  ? __pfx__printk+0x10/0x10
[  385.508085][T18575]  ? __pfx___might_resched+0x10/0x10
[  385.528621][T18575]  should_fail_ex+0x3b0/0x4e0
[  385.533330][T18575]  should_failslab+0x9/0x20
[  385.533599][T18258] veth1_vlan: entered promiscuous mode
[  385.538007][T18575]  __kmalloc_node_noprof+0xdf/0x440
[  385.538034][T18575]  ? kvmalloc_node_noprof+0x72/0x190
[  385.538057][T18575]  kvmalloc_node_noprof+0x72/0x190
[  385.538077][T18575]  bpf_test_run_xdp_live+0x2a4/0x1e60
[  385.538101][T18575]  ? stack_trace_save+0x118/0x1d0
[  385.569449][T18575]  ? __lock_acquire+0x1346/0x1fd0
[  385.574472][T18575]  ? __pfx_stack_trace_save+0x10/0x10
[  385.579838][T18575]  ? mark_lock+0x9a/0x350
[  385.584169][T18575]  ? __lock_acquire+0x1346/0x1fd0
[  385.589196][T18575]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  385.595019][T18575]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  385.600909][T18575]  ? __might_fault+0xaa/0x120
[  385.605582][T18575]  ? __might_fault+0xc6/0x120
[  385.610269][T18575]  ? _copy_from_user+0xa6/0xe0
[  385.615025][T18575]  ? bpf_test_init+0x15a/0x180
[  385.619777][T18575]  ? xdp_convert_md_to_buff+0x5b/0x330
[  385.625226][T18575]  bpf_prog_test_run_xdp+0x80e/0x11b0
[  385.630596][T18575]  ? __pfx_lock_release+0x10/0x10
[  385.635622][T18575]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  385.641418][T18575]  ? __fget_files+0x29/0x470
[  385.646016][T18575]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  385.651815][T18575]  bpf_prog_test_run+0x33a/0x3b0
[  385.656746][T18575]  __sys_bpf+0x48d/0x810
[  385.660976][T18575]  ? __pfx___sys_bpf+0x10/0x10
[  385.665761][T18575]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  385.671731][T18575]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  385.678048][T18575]  ? do_syscall_64+0x100/0x230
[  385.682809][T18575]  __x64_sys_bpf+0x7c/0x90
[  385.687250][T18575]  do_syscall_64+0xf3/0x230
[  385.691743][T18575]  ? clear_bhb_loop+0x35/0x90
[  385.696416][T18575]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  385.702298][T18575] RIP: 0033:0x7f91d007cf69
[  385.706702][T18575] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  385.726297][T18575] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  385.734705][T18575] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  385.742666][T18575] RDX: 0000000000000048 RSI: 0000000020000180 RDI: 000000000000000a
[  385.750625][T18575] RBP: 00007f91d0e13120 R08: 0000000000000000 R09: 0000000000000000
[  385.758583][T18575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  385.766540][T18575] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  385.774512][T18575]  </TASK>
[  385.987936][T18580] pim6reg0: tun_chr_ioctl cmd 1074025677
[  386.016220][T18580] pim6reg0: linktype set to 821
[  386.069428][T18258] veth0_macvtap: entered promiscuous mode
[  386.117518][T18258] veth1_macvtap: entered promiscuous mode
[  386.188477][T18258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.216011][T18258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.241427][T18258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  386.258604][T18258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.307693][T18258] batman_adv: batadv0: Interface activated: batadv_slave_0
[  386.337970][T18258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.369277][T18258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.395548][T18258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.418985][T18258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.451430][T18258] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  386.463638][T18258] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  386.486164][T18258] batman_adv: batadv0: Interface activated: batadv_slave_1
[  386.527449][T18258] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  386.559732][T18258] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  386.569590][T18258] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  386.580675][T18258] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  386.599841][   T29] audit: type=1804 audit(1717863406.096:52): pid=18592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir681398183/syzkaller.8qDMxm/904/cgroup.controllers" dev="sda1" ino=1961 res=1 errno=0
[  386.644815][T18597] FAULT_INJECTION: forcing a failure.
[  386.644815][T18597] name failslab, interval 1, probability 0, space 0, times 0
[  386.659018][T18597] CPU: 0 PID: 18597 Comm: syz-executor.1 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  386.669555][T18597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  386.679633][T18597] Call Trace:
[  386.682936][T18597]  <TASK>
[  386.685894][T18597]  dump_stack_lvl+0x241/0x360
[  386.690603][T18597]  ? __pfx_dump_stack_lvl+0x10/0x10
[  386.695827][T18597]  ? __pfx__printk+0x10/0x10
[  386.700442][T18597]  ? __pfx___might_resched+0x10/0x10
[  386.705763][T18597]  should_fail_ex+0x3b0/0x4e0
[  386.710488][T18597]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  386.716761][T18597]  should_failslab+0x9/0x20
[  386.721282][T18597]  __kmalloc_noprof+0xd8/0x400
[  386.726084][T18597]  genl_family_rcv_msg_attrs_parse+0xa3/0x290
[  386.732188][T18597]  genl_rcv_msg+0x802/0xec0
[  386.736715][T18597]  ? mark_lock+0x9a/0x350
[  386.741166][T18597]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.746257][T18597]  ? __pfx_lock_acquire+0x10/0x10
[  386.751306][T18597]  ? __pfx_netlbl_mgmt_remove+0x10/0x10
[  386.756882][T18597]  ? __pfx___might_resched+0x10/0x10
[  386.762185][T18597]  netlink_rcv_skb+0x1e3/0x430
[  386.766959][T18597]  ? __pfx_genl_rcv_msg+0x10/0x10
[  386.772007][T18597]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  386.777349][T18597]  genl_rcv+0x28/0x40
[  386.781356][T18597]  netlink_unicast+0x7ea/0x980
[  386.786130][T18597]  ? __pfx_netlink_unicast+0x10/0x10
[  386.791401][T18597]  ? __virt_addr_valid+0x183/0x520
[  386.796504][T18597]  ? __check_object_size+0x49c/0x900
[  386.801780][T18597]  ? bpf_lsm_netlink_send+0x9/0x10
[  386.806886][T18597]  netlink_sendmsg+0x8db/0xcb0
[  386.811647][T18597]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.817052][T18597]  ? __import_iovec+0x536/0x820
[  386.822099][T18597]  ? aa_sock_msg_perm+0x91/0x160
[  386.827061][T18597]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  386.832408][T18597]  ? security_socket_sendmsg+0x87/0xb0
[  386.837965][T18597]  ? __pfx_netlink_sendmsg+0x10/0x10
[  386.843244][T18597]  __sock_sendmsg+0x221/0x270
[  386.847921][T18597]  ____sys_sendmsg+0x525/0x7d0
[  386.852682][T18597]  ? __pfx_____sys_sendmsg+0x10/0x10
[  386.857970][T18597]  __sys_sendmsg+0x2b0/0x3a0
[  386.862563][T18597]  ? __pfx___sys_sendmsg+0x10/0x10
[  386.867681][T18597]  ? vfs_write+0x7c4/0xc90
[  386.872174][T18597]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  386.878511][T18597]  ? do_syscall_64+0x100/0x230
[  386.883269][T18597]  ? do_syscall_64+0xb6/0x230
[  386.887935][T18597]  do_syscall_64+0xf3/0x230
[  386.892427][T18597]  ? clear_bhb_loop+0x35/0x90
[  386.897094][T18597]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  386.902999][T18597] RIP: 0033:0x7f099587cf69
[  386.907401][T18597] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  386.927038][T18597] RSP: 002b:00007f099664c0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  386.935471][T18597] RAX: ffffffffffffffda RBX: 00007f09959b3f80 RCX: 00007f099587cf69
[  386.943435][T18597] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000007
[  386.951481][T18597] RBP: 00007f099664c120 R08: 0000000000000000 R09: 0000000000000000
[  386.959439][T18597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  386.967407][T18597] R13: 000000000000000b R14: 00007f09959b3f80 R15: 00007ffea5fcea88
[  386.975395][T18597]  </TASK>
[  387.102203][T18611] __nla_validate_parse: 8 callbacks suppressed
[  387.102222][T18611] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  387.131481][T17836] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.135459][T18613] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  387.149252][T17836] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.278311][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  387.296107][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  387.563073][T18631] sctp: [Deprecated]: syz-executor.0 (pid 18631) Use of int in max_burst socket option.
[  387.563073][T18631] Use struct sctp_assoc_value instead
[  387.822578][T18639] sctp: [Deprecated]: syz-executor.1 (pid 18639) Use of int in max_burst socket option.
[  387.822578][T18639] Use struct sctp_assoc_value instead
[  387.864093][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  388.157708][T18652] syz-executor.4 uses old SIOCAX25GETINFO
[  388.299480][T18653] netlink: 572 bytes leftover after parsing attributes in process `syz-executor.4'.
[  388.506815][T18664] netlink: 164 bytes leftover after parsing attributes in process `syz-executor.3'.
[  388.668259][T18677] sctp: [Deprecated]: syz-executor.1 (pid 18677) Use of int in max_burst socket option.
[  388.668259][T18677] Use struct sctp_assoc_value instead
[  388.839848][T18685] netlink: 'syz-executor.3': attribute type 72 has an invalid length.
[  388.884034][T18685] netlink: 'syz-executor.3': attribute type 8 has an invalid length.
[  388.967452][T18691] netdevsim netdevsim0 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.060310][T18691] netdevsim netdevsim0 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.162088][T18691] netdevsim netdevsim0 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.212860][T18697] sctp: [Deprecated]: syz-executor.3 (pid 18697) Use of int in max_burst socket option.
[  389.212860][T18697] Use struct sctp_assoc_value instead
[  389.283009][T18691] netdevsim netdevsim0 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.462631][T18691] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  389.478566][T18703] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'.
[  389.502436][T18691] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  389.524003][T18703] openvswitch: netlink: VXLAN extension message has 13 unknown bytes.
[  389.532977][T18691] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  389.570814][T18691] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  389.764141][ T2841] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.095487][T18726] sctp: [Deprecated]: syz-executor.3 (pid 18726) Use of int in max_burst socket option.
[  390.095487][T18726] Use struct sctp_assoc_value instead
[  390.530890][ T2841] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.777582][ T2841] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.788934][ T5130] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  390.835857][T18756] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
[  390.844664][ T5130] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  390.857527][ T5130] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  390.864208][T18756] netlink: 'syz-executor.4': attribute type 6 has an invalid length.
[  390.875604][ T5130] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  390.885864][ T5130] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  390.891618][T18756] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  390.913581][ T5130] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  390.924015][ T5130] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  390.935107][T18764] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  390.950400][ T2841] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.955540][T18764] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  390.969577][T18764] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  390.982808][T18764] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  390.990731][T18764] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  391.165773][T18761] lo speed is unknown, defaulting to 1000
[  391.166265][T18775] sctp: [Deprecated]: syz-executor.3 (pid 18775) Use of int in max_burst socket option.
[  391.166265][T18775] Use struct sctp_assoc_value instead
[  391.379870][ T2841] bridge_slave_1: left allmulticast mode
[  391.390273][ T2841] bridge_slave_1: left promiscuous mode
[  391.415846][ T2841] bridge0: port 2(bridge_slave_1) entered disabled state
[  391.437941][ T2841] bridge_slave_0: left allmulticast mode
[  391.447534][ T2841] bridge_slave_0: left promiscuous mode
[  391.453443][ T2841] bridge0: port 1(bridge_slave_0) entered disabled state
[  391.834519][ T2841] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  391.846386][ T2841] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  391.860624][ T2841] bond0 (unregistering): Released all slaves
[  391.874970][T18753] lo speed is unknown, defaulting to 1000
[  392.093877][T18800] pimreg: left allmulticast mode
[  392.296224][T18805] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  392.462631][T18815] sctp: [Deprecated]: syz-executor.0 (pid 18815) Use of int in max_burst socket option.
[  392.462631][T18815] Use struct sctp_assoc_value instead
[  392.510105][T18810] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  392.600347][T18810] macvtap2: entered promiscuous mode
[  392.606839][T18810] macvtap2: entered allmulticast mode
[  392.624436][T18810] 8021q: adding VLAN 0 to HW filter on device macvtap2
[  392.687886][ T2841] hsr_slave_0: left promiscuous mode
[  392.697921][ T2841] hsr_slave_1: left promiscuous mode
[  392.705415][ T2841] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  392.712881][ T2841] batman_adv: batadv0: Removing interface: batadv_slave_0
[  392.727490][ T2841] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  392.739747][ T2841] batman_adv: batadv0: Removing interface: batadv_slave_1
[  392.816108][ T2841] veth1_macvtap: left promiscuous mode
[  392.822373][ T2841] veth0_macvtap: left promiscuous mode
[  392.837744][ T2841] veth1_vlan: left promiscuous mode
[  392.849117][ T2841] veth0_vlan: left promiscuous mode
[  392.979761][T18832] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  392.996846][ T5119] Bluetooth: hci0: command tx timeout
[  393.020321][T18832] netlink: 'syz-executor.4': attribute type 11 has an invalid length.
[  393.029393][T18832] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  393.064082][ T5119] Bluetooth: hci1: command tx timeout
[  393.261439][T18838] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  393.439333][ T2841] team0 (unregistering): Port device team_slave_1 removed
[  393.486273][ T2841] team0 (unregistering): Port device team_slave_0 removed
[  393.983537][T18837] tun0: tun_chr_ioctl cmd 2147767519
[  394.146309][T18761] chnl_net:caif_netlink_parms(): no params data found
[  394.229735][T18753] chnl_net:caif_netlink_parms(): no params data found
[  394.409738][T18854] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  394.440917][T18854] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  394.464702][T18761] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.480243][T18761] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.490426][T18761] bridge_slave_0: entered allmulticast mode
[  394.498673][T18761] bridge_slave_0: entered promiscuous mode
[  394.507794][T18761] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.515148][T18761] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.524607][T18761] bridge_slave_1: entered allmulticast mode
[  394.532316][T18761] bridge_slave_1: entered promiscuous mode
[  394.586086][T18865] sctp: [Deprecated]: syz-executor.0 (pid 18865) Use of int in max_burst socket option.
[  394.586086][T18865] Use struct sctp_assoc_value instead
[  394.655179][T18753] bridge0: port 1(bridge_slave_0) entered blocking state
[  394.663079][T18753] bridge0: port 1(bridge_slave_0) entered disabled state
[  394.670391][T18867] FAULT_INJECTION: forcing a failure.
[  394.670391][T18867] name failslab, interval 1, probability 0, space 0, times 0
[  394.678914][T18753] bridge_slave_0: entered allmulticast mode
[  394.684861][T18867] CPU: 1 PID: 18867 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  394.699402][T18867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  394.709469][T18867] Call Trace:
[  394.710157][T18753] bridge_slave_0: entered promiscuous mode
[  394.712745][T18867]  <TASK>
[  394.712756][T18867]  dump_stack_lvl+0x241/0x360
[  394.712786][T18867]  ? __pfx_dump_stack_lvl+0x10/0x10
[  394.731367][T18867]  ? __pfx__printk+0x10/0x10
[  394.735978][T18867]  ? __pfx___might_resched+0x10/0x10
[  394.741055][T18761] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  394.741264][T18867]  ? vsnprintf+0x1cfc/0x1da0
[  394.741298][T18867]  should_fail_ex+0x3b0/0x4e0
[  394.759594][T18867]  should_failslab+0x9/0x20
[  394.764124][T18867]  kmalloc_node_track_caller_noprof+0xda/0x440
[  394.767193][T18753] bridge0: port 2(bridge_slave_1) entered blocking state
[  394.770277][T18867]  ? kasprintf+0xd5/0x120
[  394.770310][T18867]  kvasprintf+0xdf/0x190
[  394.783247][T18753] bridge0: port 2(bridge_slave_1) entered disabled state
[  394.785856][T18867]  ? __kmalloc_noprof+0x1f9/0x400
[  394.785886][T18867]  ? nla_strdup+0x9c/0x140
[  394.785908][T18867]  ? nf_tables_newset+0x1785/0x2ea0
[  394.785934][T18867]  ? __pfx_kvasprintf+0x10/0x10
[  394.785955][T18867]  ? ____sys_sendmsg+0x525/0x7d0
[  394.785988][T18867]  kasprintf+0xd5/0x120
[  394.786019][T18867]  ? __pfx_kasprintf+0x10/0x10
[  394.786053][T18867]  nf_tables_set_alloc_name+0x111/0x730
[  394.800601][T18753] bridge_slave_1: entered allmulticast mode
[  394.802471][T18867]  ? rcu_is_watching+0x15/0xb0
[  394.802505][T18867]  ? __pfx_nf_tables_set_alloc_name+0x10/0x10
[  394.811070][T18753] bridge_slave_1: entered promiscuous mode
[  394.812510][T18867]  ? __asan_memcpy+0x40/0x70
[  394.812539][T18867]  ? nla_strdup+0xb7/0x140
[  394.829675][T18761] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  394.831900][T18867]  nf_tables_newset+0x17a6/0x2ea0
[  394.831953][T18867]  ? __pfx_nf_tables_newset+0x10/0x10
[  394.882903][T18867]  ? __nla_parse+0x40/0x60
[  394.887322][T18867]  nfnetlink_rcv+0x1427/0x2a80
[  394.892094][T18867]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  394.898478][T18867]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  394.903608][T18867]  ? __dev_queue_xmit+0x2d2/0x3d30
[  394.908748][T18867]  ? netlink_deliver_tap+0x2e/0x1b0
[  394.913951][T18867]  ? skb_clone+0x240/0x390
[  394.918382][T18867]  ? __pfx_lock_release+0x10/0x10
[  394.923436][T18867]  ? netlink_deliver_tap+0x2e/0x1b0
[  394.928647][T18867]  netlink_unicast+0x7ea/0x980
[  394.933406][T18867]  ? __pfx_netlink_unicast+0x10/0x10
[  394.938690][T18867]  ? __virt_addr_valid+0x183/0x520
[  394.943825][T18867]  ? __check_object_size+0x49c/0x900
[  394.949135][T18867]  ? bpf_lsm_netlink_send+0x9/0x10
[  394.954274][T18867]  netlink_sendmsg+0x8db/0xcb0
[  394.959073][T18867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.964381][T18867]  ? __import_iovec+0x536/0x820
[  394.969241][T18867]  ? aa_sock_msg_perm+0x91/0x160
[  394.974182][T18867]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  394.979487][T18867]  ? security_socket_sendmsg+0x87/0xb0
[  394.984975][T18867]  ? __pfx_netlink_sendmsg+0x10/0x10
[  394.990268][T18867]  __sock_sendmsg+0x221/0x270
[  394.994953][T18867]  ____sys_sendmsg+0x525/0x7d0
[  394.999740][T18867]  ? __pfx_____sys_sendmsg+0x10/0x10
[  395.005060][T18867]  __sys_sendmsg+0x2b0/0x3a0
[  395.009663][T18867]  ? __pfx___sys_sendmsg+0x10/0x10
[  395.014772][T18867]  ? vfs_write+0x7c4/0xc90
[  395.019255][T18867]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  395.025602][T18867]  ? do_syscall_64+0x100/0x230
[  395.030375][T18867]  ? do_syscall_64+0xb6/0x230
[  395.035057][T18867]  do_syscall_64+0xf3/0x230
[  395.039580][T18867]  ? clear_bhb_loop+0x35/0x90
[  395.044279][T18867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.050182][T18867] RIP: 0033:0x7f91d007cf69
[  395.054603][T18867] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  395.065588][ T5119] Bluetooth: hci0: command tx timeout
[  395.074211][T18867] RSP: 002b:00007f91d0e130c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.074238][T18867] RAX: ffffffffffffffda RBX: 00007f91d01b3f80 RCX: 00007f91d007cf69
[  395.074252][T18867] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  395.074264][T18867] RBP: 00007f91d0e13120 R08: 0000000000000000 R09: 0000000000000000
[  395.074275][T18867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  395.074287][T18867] R13: 000000000000000b R14: 00007f91d01b3f80 R15: 00007ffdde87e6e8
[  395.074316][T18867]  </TASK>
[  395.144101][ T5119] Bluetooth: hci1: command tx timeout
[  395.156569][T18869] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  395.249312][T18761] team0: Port device team_slave_0 added
[  395.287085][T18753] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  395.330818][T18753] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  395.357509][T18761] team0: Port device team_slave_1 added
[  395.417436][T17836] netdevsim netdevsim1 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.553378][T18881] syzkaller1: entered promiscuous mode
[  395.573991][T18881] syzkaller1: entered allmulticast mode
[  395.606016][T17836] netdevsim netdevsim1 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.652624][T18753] team0: Port device team_slave_0 added
[  395.662512][T18753] team0: Port device team_slave_1 added
[  395.699908][T18761] batman_adv: batadv0: Adding interface: batadv_slave_0
[  395.708544][T18761] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.744132][T18761] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  395.800920][T18892] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  395.818341][T17836] netdevsim netdevsim1 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  395.838171][T18761] batman_adv: batadv0: Adding interface: batadv_slave_1
[  395.845525][T18761] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.873027][T18761] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  395.906790][T18753] batman_adv: batadv0: Adding interface: batadv_slave_0
[  395.913760][T18753] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.940533][T18753] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  395.953326][T18753] batman_adv: batadv0: Adding interface: batadv_slave_1
[  395.961201][T18753] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  395.987479][T18753] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  396.004625][T17836] netdevsim netdevsim1 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  396.025535][T18903] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  396.167666][T18761] hsr_slave_0: entered promiscuous mode
[  396.179143][T18761] hsr_slave_1: entered promiscuous mode
[  396.189567][T18912] sctp: [Deprecated]: syz-executor.4 (pid 18912) Use of int in max_burst socket option.
[  396.189567][T18912] Use struct sctp_assoc_value instead
[  396.205135][T18761] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  396.212859][T18761] Cannot create hsr debugfs directory
[  396.302080][T18753] hsr_slave_0: entered promiscuous mode
[  396.312360][T18753] hsr_slave_1: entered promiscuous mode
[  396.319125][T18753] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  396.327392][T18753] Cannot create hsr debugfs directory
[  396.656203][T17836] bridge_slave_1: left allmulticast mode
[  396.661898][T17836] bridge_slave_1: left promiscuous mode
[  396.668614][T17836] bridge0: port 2(bridge_slave_1) entered disabled state
[  396.680447][T17836] bridge_slave_0: left allmulticast mode
[  396.686536][T17836] bridge_slave_0: left promiscuous mode
[  396.692222][T17836] bridge0: port 1(bridge_slave_0) entered disabled state
[  396.710941][T18929] sctp: [Deprecated]: syz-executor.3 (pid 18929) Use of int in maxseg socket option.
[  396.710941][T18929] Use struct sctp_assoc_value instead
[  396.726959][T17836] tipc: Resetting bearer <eth:xfrm0>
[  396.768636][T18931] tipc: Failed to remove unknown binding: 66,1,1/0:2528829439/2528829441
[  396.901636][T17836] tipc: Disabling bearer <eth:xfrm0>
[  397.030191][T17836] bridge0 (unregistering): left allmulticast mode
[  397.144915][ T5119] Bluetooth: hci0: command tx timeout
[  397.226245][ T5119] Bluetooth: hci1: command tx timeout
[  397.279487][T17836] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  397.291191][T17836] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  397.302522][T17836] bond0 (unregistering): (slave team0): Releasing backup interface
[  397.314524][T17836] bond0 (unregistering): Released all slaves
[  397.328153][T17836] bond1 (unregistering): Released all slaves
[  397.378117][T18931] 8021q: adding VLAN 0 to HW filter on device bond0
[  397.437734][T18931] team0: Port device bond0 added
[  397.458786][T18937] __nla_validate_parse: 3 callbacks suppressed
[  397.458805][T18937] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  397.460027][T18930] tipc: Failed to remove unknown binding: 66,1,1/0:2528829439/2528829441
[  397.483104][T18937] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  397.514399][T18930] tipc: Failed to remove unknown binding: 66,1,1/0:2528829439/2528829441
[  397.539618][T17836] tipc: Left network mode
[  397.614842][T18939] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  397.690842][T18944] vlan0: entered promiscuous mode
[  397.695323][T18943] sctp: [Deprecated]: syz-executor.3 (pid 18943) Use of int in max_burst socket option.
[  397.695323][T18943] Use struct sctp_assoc_value instead
[  397.702236][T18944] vlan0: entered allmulticast mode
[  397.729413][T18944] veth0_vlan: entered allmulticast mode
[  397.763687][T18944] team0: Port device vlan0 added
[  397.957201][T18949] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  397.986011][T18953] Bluetooth: MGMT ver 1.22
[  397.996770][T18953] netlink: 9412 bytes leftover after parsing attributes in process `syz-executor.3'.
[  398.026364][T18942] tun0: tun_chr_ioctl cmd 2147767519
[  398.147262][T18959] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  398.377610][T17836] dummy0: left promiscuous mode
[  398.383111][T17836] veth1_macvtap: left promiscuous mode
[  398.388817][T17836] veth0_macvtap: left promiscuous mode
[  398.395263][T17836] veth0_vlan: left promiscuous mode
[  398.962663][T17836] team0 (unregistering): Port device team_slave_1 removed
[  399.015507][T17836] team0 (unregistering): Port device team_slave_0 removed
[  399.224314][ T5119] Bluetooth: hci0: command tx timeout
[  399.314330][ T5119] Bluetooth: hci1: command tx timeout
[  399.440401][T18964] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  399.450358][T18964] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  399.486978][T18761] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  399.567195][T18761] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  399.599173][T18969] sctp: [Deprecated]: syz-executor.0 (pid 18969) Use of int in max_burst socket option.
[  399.599173][T18969] Use struct sctp_assoc_value instead
[  399.614500][T18761] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  399.634887][T18761] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  400.015282][T18991] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  400.018977][T18761] 8021q: adding VLAN 0 to HW filter on device bond0
[  400.048361][T18991] netlink: 112860 bytes leftover after parsing attributes in process `syz-executor.0'.
[  400.076103][T18761] 8021q: adding VLAN 0 to HW filter on device team0
[  400.091111][ T5197] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.098288][ T5197] bridge0: port 1(bridge_slave_0) entered forwarding state
[  400.107365][T18991] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  400.146361][ T5197] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.153521][ T5197] bridge0: port 2(bridge_slave_1) entered forwarding state
[  400.218359][T18753] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  400.268752][T18753] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  400.289659][T18999] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  400.352489][T18753] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  400.382430][T18753] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  400.461759][T19003] IPVS: length: 87 != 24
[  400.596289][T19011] sctp: [Deprecated]: syz-executor.3 (pid 19011) Use of int in max_burst socket option.
[  400.596289][T19011] Use struct sctp_assoc_value instead
[  400.599761][T19010] tun0: tun_chr_ioctl cmd 2147767519
[  400.752071][T18753] 8021q: adding VLAN 0 to HW filter on device bond0
[  400.811724][T19007] ------------[ cut here ]------------
[  400.818306][T19007] refcount_t: decrement hit 0; leaking memory.
[  400.830638][T18761] 8021q: adding VLAN 0 to HW filter on device batadv0
[  400.838774][T19007] WARNING: CPU: 1 PID: 19007 at lib/refcount.c:31 refcount_warn_saturate+0xfa/0x1d0
[  400.848342][T19007] Modules linked in:
[  400.852246][T19007] CPU: 1 PID: 19007 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  400.862959][T19007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  400.869880][T18753] 8021q: adding VLAN 0 to HW filter on device team0
[  400.873590][T19007] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  400.885846][T19007] Code: b2 00 00 00 e8 f7 be e6 fc 5b 5d c3 cc cc cc cc e8 eb be e6 fc c6 05 4b 60 e8 0a 01 90 48 c7 c7 20 a2 1f 8c e8 67 ed a8 fc 90 <0f> 0b 90 90 eb d9 e8 cb be e6 fc c6 05 28 60 e8 0a 01 90 48 c7 c7
[  400.906437][T19007] RSP: 0018:ffffc90002e6fc48 EFLAGS: 00010246
2024/06/08 16:17:00 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  400.912535][T19007] RAX: 255040225f918c00 RBX: ffff88802c026664 RCX: ffff8880260b5a00
[  400.920788][T19007] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  400.929055][T19007] RBP: 0000000000000004 R08: ffffffff815857a2 R09: fffffbfff1c39994
[  400.937620][T19007] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffff88802c026620
[  400.945971][T19007] R13: 0000000000000000 R14: ffff88802c026664 R15: dffffc0000000000
[  400.954085][T19007] FS:  00005555727b3480(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  400.963041][T19007] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  400.970218][T19007] CR2: 00007f1ec8d01440 CR3: 000000005c7ae000 CR4: 00000000003506f0
[  400.978326][T19007] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  400.986444][T19007] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  400.994989][T19007] Call Trace:
[  400.998283][T19007]  <TASK>
[  401.001222][T19007]  ? __warn+0x163/0x4e0
[  401.005472][T19007]  ? refcount_warn_saturate+0xfa/0x1d0
[  401.011114][T19007]  ? report_bug+0x2b3/0x500
[  401.015713][T19007]  ? refcount_warn_saturate+0xfa/0x1d0
[  401.021194][T19007]  ? handle_bug+0x3e/0x70
[  401.026067][T19007]  ? exc_invalid_op+0x1a/0x50
[  401.030826][T19007]  ? asm_exc_invalid_op+0x1a/0x20
[  401.035934][T19007]  ? __warn_printk+0x292/0x360
[  401.040720][T19007]  ? refcount_warn_saturate+0xfa/0x1d0
[  401.046294][T19007]  ? refcount_warn_saturate+0xf9/0x1d0
[  401.051770][T19007]  ref_tracker_free+0x6af/0x7e0
[  401.057379][T19007]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  401.063307][T19007]  ? __pfx_ref_tracker_free+0x10/0x10
[  401.068958][T19007]  ? ax25_destroy_socket+0x549/0x5b0
[  401.074352][T19007]  ax25_release+0x368/0x950
[  401.078885][T19007]  sock_close+0xbc/0x240
[  401.083140][T19007]  ? __pfx_sock_close+0x10/0x10
[  401.088601][T19007]  __fput+0x406/0x8b0
[  401.092614][T19007]  __x64_sys_close+0x7f/0x110
[  401.097392][T19007]  do_syscall_64+0xf3/0x230
[  401.101998][T19007]  ? clear_bhb_loop+0x35/0x90
[  401.106788][T19007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.112850][T19007] RIP: 0033:0x7f91d007be5a
[  401.117925][T19007] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[  401.137654][T19007] RSP: 002b:00007ffdde87e7b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  401.146841][T19007] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f91d007be5a
[  401.154904][T19007] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  401.162889][T19007] RBP: 00007f91d01b5980 R08: 000000008136572d R09: 7fffffffffffffff
[  401.170934][T19007] R10: 000000000000004f R11: 0000000000000293 R12: 0000000000061fd1
[  401.179476][T19007] R13: 00007f91d01b405c R14: 0000000000000032 R15: 00007f91d01b5980
[  401.187527][T19007]  </TASK>
[  401.190557][T19007] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  401.198010][T19007] CPU: 1 PID: 19007 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00440-ga99997323654 #0
[  401.208586][T19007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  401.218662][T19007] Call Trace:
[  401.221948][T19007]  <TASK>
[  401.224888][T19007]  dump_stack_lvl+0x241/0x360
[  401.229585][T19007]  ? __pfx_dump_stack_lvl+0x10/0x10
[  401.234802][T19007]  ? __pfx__printk+0x10/0x10
[  401.239408][T19007]  ? vscnprintf+0x5d/0x90
[  401.243751][T19007]  panic+0x349/0x860
[  401.247675][T19007]  ? __warn+0x172/0x4e0
[  401.251841][T19007]  ? __pfx_panic+0x10/0x10
[  401.256286][T19007]  __warn+0x346/0x4e0
[  401.260277][T19007]  ? refcount_warn_saturate+0xfa/0x1d0
[  401.265758][T19007]  report_bug+0x2b3/0x500
[  401.270091][T19007]  ? refcount_warn_saturate+0xfa/0x1d0
[  401.275561][T19007]  handle_bug+0x3e/0x70
[  401.279711][T19007]  exc_invalid_op+0x1a/0x50
[  401.284208][T19007]  asm_exc_invalid_op+0x1a/0x20
[  401.289047][T19007] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0
[  401.295109][T19007] Code: b2 00 00 00 e8 f7 be e6 fc 5b 5d c3 cc cc cc cc e8 eb be e6 fc c6 05 4b 60 e8 0a 01 90 48 c7 c7 20 a2 1f 8c e8 67 ed a8 fc 90 <0f> 0b 90 90 eb d9 e8 cb be e6 fc c6 05 28 60 e8 0a 01 90 48 c7 c7
[  401.314804][T19007] RSP: 0018:ffffc90002e6fc48 EFLAGS: 00010246
[  401.320869][T19007] RAX: 255040225f918c00 RBX: ffff88802c026664 RCX: ffff8880260b5a00
[  401.328834][T19007] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  401.336799][T19007] RBP: 0000000000000004 R08: ffffffff815857a2 R09: fffffbfff1c39994
[  401.344766][T19007] R10: dffffc0000000000 R11: fffffbfff1c39994 R12: ffff88802c026620
[  401.352726][T19007] R13: 0000000000000000 R14: ffff88802c026664 R15: dffffc0000000000
[  401.360697][T19007]  ? __warn_printk+0x292/0x360
[  401.365468][T19007]  ? refcount_warn_saturate+0xf9/0x1d0
[  401.370941][T19007]  ref_tracker_free+0x6af/0x7e0
[  401.375790][T19007]  ? __pfx_skb_queue_purge_reason+0x10/0x10
[  401.381679][T19007]  ? __pfx_ref_tracker_free+0x10/0x10
[  401.387054][T19007]  ? ax25_destroy_socket+0x549/0x5b0
[  401.392332][T19007]  ax25_release+0x368/0x950
[  401.396832][T19007]  sock_close+0xbc/0x240
[  401.401160][T19007]  ? __pfx_sock_close+0x10/0x10
[  401.406017][T19007]  __fput+0x406/0x8b0
[  401.410018][T19007]  __x64_sys_close+0x7f/0x110
[  401.414696][T19007]  do_syscall_64+0xf3/0x230
[  401.419201][T19007]  ? clear_bhb_loop+0x35/0x90
[  401.423886][T19007]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  401.429872][T19007] RIP: 0033:0x7f91d007be5a
[  401.434284][T19007] Code: 48 3d 00 f0 ff ff 77 48 c3 0f 1f 80 00 00 00 00 48 83 ec 18 89 7c 24 0c e8 03 7f 02 00 8b 7c 24 0c 89 c2 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 36 89 d7 89 44 24 0c e8 63 7f 02 00 8b 44 24
[  401.453882][T19007] RSP: 002b:00007ffdde87e7b0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  401.462288][T19007] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00007f91d007be5a
[  401.470352][T19007] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000008
[  401.478327][T19007] RBP: 00007f91d01b5980 R08: 000000008136572d R09: 7fffffffffffffff
[  401.486323][T19007] R10: 000000000000004f R11: 0000000000000293 R12: 0000000000061fd1
[  401.494286][T19007] R13: 00007f91d01b405c R14: 0000000000000032 R15: 00007f91d01b5980
[  401.502265][T19007]  </TASK>
[  401.505388][T19007] Kernel Offset: disabled
[  401.509784][T19007] Rebooting in 86400 seconds..