last executing test programs:

1m22.963312423s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1m7.3989222s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

53.783246099s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

38.027432677s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

22.669297527s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

10.085778384s ago: executing program 1 (id=187):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0xbf, 0x2}, [@call={0x85, 0x0, 0x0, 0x7d}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.294759349s ago: executing program 0 (id=1014):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040), &(0x7f00000000c0)=0x4) (async)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc) (async)
r1 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r1, 0x0) (async)
ioctl$SIOCX25SFACILITIES(r1, 0x89e3, &(0x7f0000000000)={0x0, 0x0, 0x6}) (async)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) (async)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', <r3=>0x0})
socket$inet6_dccp(0xa, 0x6, 0x0) (async)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="44007fffffffffffffff0000f600000000867c1348932a5c763a95da1a18edfc83e70586bfa40fa583685441b9e1d620c7deaf75a25d6c6420d4d115b206629eb791e3574a354c3917573e8947ad03397e0b7de8d49a468032706d08ac5822a9d9dc895144b25f1417116b69bcf5b282be295ed19577ed41869800d3edd7f2542a660aebcbaf49bfc2ffa0026c3d38837c2de21ae1a508d6d9fb83208c4dc4da78935a61b34c8c3440f75c2f0b9e993e2e5d62bab79c74e47bb331db20f2", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b0001006970766c616e00000c000280060002000000000008000500", @ANYRES32=r3, @ANYBLOB], 0x44}}, 0x0) (async)
sendto$inet6(r0, &(0x7f000009e080)='<', 0x1, 0x20008804, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback, 0x200000}, 0x1c)
sendto$inet6(r0, &(0x7f0000000c80)="7cffa9061b2f8b082b6f69ae50430c8a8b6aa3162ba083c4a52e1ab0ac50ed4a19b1a69988000d5bed4433daaa4932dbb1cb3550dee8b23579d76ce37d574b43fca1eed8ebd38d1303240ed0d84517692128dd5aef5c4d60a6659952a1437c6f0ac3ed75806011ccbaa504f41a7e0abcf8823bc4a71ef8c52c2b297b539eaf752c56ebfe9b0542543069257dafcbf76c958d4cbf4eaaa67c5c2bd9e6518be34b56add7613ab83d389724b664e62c154e1a5aac073a53a0e8cadcf51ef495ebbcc77d5e36ff24c3f282289cc077374b714e08fbfecbdc8f14ef3fd409af4caf6fcb7d663beab335f239a1e93b399c93d7c036e1b39a7c477945f82b6dde53b1c21b590a58ba688ac4fb530d2c5b1195a127d2eaec840ab59f090d7047c278611e080cebe7b28588c11a44be99fe6f88c73441bf625b70565669997f4c3cda5afe1d6429908a69a459d35ba8c2f28076d8711f2667de749a783fac94ebd02680f20fb723c35c287a1f45064846385750665ffa74579083fbb1b1d6b7c90168252b1c5313544569203e7adb8e271a94f7413e5cfd6aa3157c4fc29bddba3683fcd032aecb513b2f27530fbefa0000000000000003c058e812d8db87de5e3eceae268b91f7d59daf77646fa4df99877dd5a9540934c7af91b96486eea62897", 0x1dd, 0xbcff, 0x0, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(r4, 0x84, 0x1c, &(0x7f0000000100), &(0x7f0000000140)=0x4) (async)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f0000000480)={<r5=>0x0, 0x78, "c615d449942a9e10e8fab134f187e53cd30f7b6646adde60e4b26c908147cabaca3d324d78914f975ccea60c9e0ed1030a83da83b3305fa47258f16d3ac54dd4f89402bd4ed8e7b091eb403e075fab8edb2d0650330d790a35a0ed89d5deb3cae8d6a49758c24584810d940c52115e1d3231dac05fdf49cc"}, &(0x7f0000000200)=0x80)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000080)={r5}, 0xc)
sendmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000001c0)="c2", 0x34000}], 0x1}}], 0x1, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000180)='ext4_fc_track_range\x00', r4}, 0x10)

2.835425278s ago: executing program 3 (id=1021):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_extract_tcp_res(&(0x7f0000000000)={<r1=>0x41424344}, 0x8000, 0x5)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
recvmsg$can_bcm(r2, &(0x7f00000016c0)={&(0x7f0000000240)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, 0x80, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/193, 0xc1}, {&(0x7f00000003c0)=""/123, 0x7b}, {&(0x7f0000000080)}, {&(0x7f0000000180)=""/10, 0xa}, {&(0x7f00000004c0)=""/83, 0x53}, {&(0x7f0000000540)=""/12, 0xc}, {&(0x7f0000000580)=""/161, 0xa1}], 0x7, &(0x7f00000006c0)=""/4096, 0x1000}, 0x10100)
syz_emit_ethernet(0x52, &(0x7f00000001c0)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x19}, @local, @val={@void, {0x8100, 0x1, 0x0, 0x1}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a35f2", 0x18, 0x6, 0x0, @loopback, @local, {[], {{0x0, 0x4e25, 0x41424344, r1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {[@sack_perm={0x2, 0x2}]}}}}}}}}, 0x0)
socket$packet(0x11, 0x3, 0x300)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r5=>0x0})
sendmsg$nl_route(r4, 0x0, 0x0)
sendto$packet(r3, &(0x7f0000000140)="a6bea8a120e5f8320c30e45010b2", 0xe, 0x0, &(0x7f00000000c0)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @local}, 0x14)

2.375596279s ago: executing program 0 (id=1022):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0}, 0x90)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c0000001800010800000000000000850a600200000000000500000014000500200100000000000000000100000000001c00090008000000", @ANYRES32=r0], 0x4c}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[], 0x98}}, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x0, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x41071, 0xffffffffffffffff, 0x0)

2.139034495s ago: executing program 0 (id=1025):
socket$nl_route(0x10, 0x3, 0x0)
socket$packet(0x11, 0x0, 0x300)
socket(0x0, 0x0, 0x0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000001080)=ANY=[@ANYBLOB="340000001800010000000000000000001d010000150001000000dec22c970000bdbb0a040714e8e4010000000800050008"], 0x34}}, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0xfffffffb, 0xbe, 0x9, 0x2003, r2, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4, 0x40000000}, 0x48)
close(r3)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x5, 0x2, 0x4}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x7, 0x0, 0x8000, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2}, 0x48)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x11, 0x2, &(0x7f00000011c0)=ANY=[@ANYBLOB="64ae36f1a07a6f0000000000000000", @ANYBLOB="1f3022e5f2716d212dd81aed578f4745fea26f2d2ad2e63a325eb46c9ea7c876c87a3a1410874dec4c3e537ecdc9f29ac2e71c5478a674f8823da2025b43fb7ca567721dd9f9fedd99985538c8ee3c8b7b2fd764e00c7ddd47a5e4ce0dc4f9c184f4fbfd8ced2eebb2f42c8cb6cee33b84327889f3dc7fb8f86ec7b58f065a072ef6d442db7c2cc7da64e5ab9354fcab087992f52238e84f46831f1f40cb3aaed58128124177b2f0e3fd2c674f4be2a042d0f8d9f374f2f8234e4e4bfe3a8e803cdb3c2e737753a74365412bb9663a9f0d63f85263a70283bd7f3de87872cd1dbf2949e5affa4bd01f9ac45a9cd2088e39bd7dd579a9864e400c8ac37c354ecf2b42bc7738140aa83bbf9df7418d2f3a49870f44061c0162b3eb2ec02834faee097c2553feaf2ead423dd1701506f2c8a4a5cf2852d52f9cb1da082d2d5189696311efaab3c80a4e51dbc22db981a38c6d46400f56c660965b45c2eca2fefa1a482738a6e67609f069d6dfb79fb4fc05ca507b27e716a66e0da065b5464a1c3d05a8a36c02eac30de778502ffc21671da9900406e31bfff356fcdfb74b6cd26dc6386f75f771908206201df2ca342fcf85dc16cbaafbdf198dc353a17be9378d9ba1721ff50e07f208b03ce5b07014f1a900098326fb4dcad17303a2a7071e5a193081dfa78955b90eae9821292f38808d6438db6bfafe907e3e420c89da21feb1ed655dc4c02647d96c3893b952a157b153dfe8ba1328b1003ba0c05c9b9c63fbd3dd17ab4e91cc8ce8900e3fb8681621ade1d48af050a9987385999c4a4da437325d7669dcf99e1355896694bfa8dd974af6293e719ba3bb5f8e0ee5cd98c2bd8f2c3380c3e88d6e7633197bea44f9bdb7556278cdb13b4e1d437e5e682bc58005648bae3503f3ac611e337e39e4df2422fc1c1276e2464b8a7aab73f79d0d841cadddffe2f9998cab35a7a688f84d9d9d9d4f82754fd727ebee2bb7c4f6b4c381d9a2b8d9e7910eba500a6f5e25bbc0142b66fc75c60060d066cbeb0b7743e87d43e40053c2282fb71e96f6a4b327d4ab26a3178fd89b3c2eced9ec64de0e01b5777a531debe28daba592586b7a63cea9c758d1b7b94a9527b836ce48d3de33ed8253600dbb6c1642665926973aaac7f32640beaed24f4cc9d008800cd5283f6b9391ced5c06f435dcd216ca4d88761b508d71fef2b39ab9e18069ce38ed32054c12e3d4919d7635956cf9b1408e14acdd4334f82269b789d365b4e75d94e76e30b5412a77af4791f8d58845030cf6b4f2eb761ddd2b4cdb58f4c8408a248f114cdb0e41cc533210eb7342d16840a53c42b04a4607854de4f97d7a6a0a34075d54484c68b65b8ad07a28edfb4cac0043fa9c1b95f47f531747096548c9c2b6363802d50bf82ae79b00062ed532821d3ec842700ff4718240e6e6a03c811795f43211d15a711dfbb5a21990e1c3364ea17802176323779a6e04c207b8ff9160541c8bc66d9aac1fbd20d68a7e23a7cdf3c70a84eadd88ddf1ae40e6144f253da49d3cdca1368e0fee4ebfa38b98c638d7846ff8ccd653fad856a56fb8da38a74c612cd97463604a5e431d2593e3a3f27003d7b4266fb1a12031ab36a387803b528e48081e14eb38409ab7514b78cfafb57b7964462501367feb92aa3d2f56802c8c597935a7ce50a571b230b2ce63a92e73d0c2180c08193b01c9d02c5d9419a80f7acc78cede6ca116913c2eb9a60f8cb38bd5178c6b4d5f08501f60b794ac569cb57f6bc52f45750a7eecf396bc14d607f93a43306ce38f45c735a8a60ad3d81ca8409f998d3c45ab614f2fc16ae17fd93a393647e39caaa85d95d04d0f7e5c4ba39fb5ec34633f6eabc7fa04bba2a31a7c5312cda0a92619ef8741e2522fa222170fc11d60844feb1dbb2146bc6ff01edea5ca2afa40fccbed85e16c78d1804f29a1d77b0f3eb5318c2c276f172343b1fe4855190cc2c5d1b001b2c1c6d2da9549d89fdd2115c795c404ba5e23ff6db69a22f53309a7c54122b82eae0cc668ee8856c05d19470341f25cf7c59561d0b9fe586bf932784235eb8079a00068f53167a553b5723daea7fb7b20aa7230e6fb3472eee286683016db7899b391043041f4a64cb6c3fd363490a5227dae499f4202d35c87120a9e69c2bf772815cd51b1064b0696728dcf0288989de95b47269866ee4814e76235c325db5953d8c845b815a2ef81c2c406d38658d27c4d4368e8573994253f5baa38c3f481bccae1daa5ef884b4db53ba92c48b4c9c3ff90f7e492170432afb17b368b5a4c48dcb09211e02926e826bff3065ccf4917ab2a5992669cc54f156d437749352bc8cf7b3fdf885be2f128b9f39c6c2e255a9fba99d52a24b618ab22c4187bd853df8bd88caa933b697342f7f674e4ae50e4d6d44ad8d7453d1447f1ada8b1bb37206ce1d30d8372bbdc3390cb5f5b7f641da2707cccf59e050556927f49ee9f02a0d5c4bf2ef34287da1ac702f77816f15963468fa9a64acb5ded43e8d8decdc478fdcad5f8bb387b2ae7b77c509a858ddad1444122732e471eafbd8f88d2a4e622030346a154efbd26819878c70f44850f63557bc19d2d2f5acf21dc56e2f7007718a3d02e67c30ec37aa4661925c78b3dc190e9d3e032b8b83134717051e16ad497d7bd902521b0817ee55cdc75ab1bb73a5c99dc4b26711a74c158409c3d0c58860775fd321c78f9a244cbff4f3349d76b6285ac22ab2983aa5ed3d323ae00878a31dca0e4eb4216acfb0de1d3ad2f103f8be75b505d6663b43fb3d40ac61ad9c66723747abec03c52fd2329c4e91a5e43a093c155e88bc8af09727b511e412af07d05b695856b362b2e28435e98ed26a0438b4951e8859181d00825bf96c4fe1fcc3508006697e4a4f085eb35d68359eade84c4412731bd9329fd57d104358e33c685b8d7d6d3c94c5e557b03f35f6852e9fe7b1443c2339ec1af544f98f8160393977077e9e3f35805567cfc1564bec0b7e5e2f1c44a20ce091e28c89cff910b1351f01ee6d93b35f0370a08efcac61bce60148e7d4697f3b4b872a7df0ef47f7014af7f3aa833ee7b94eea97ea959abfeffcd36c641b8555c8d9fe3c0e004b9361875247de8debf537b1c97fd72002882267ec7e92de1c81821893c1ff5fbd0d19dd78477458d13b74610a343edb60420098a013ffdd599a6747c6ee0a1e9d973702c2d38e9b47292a5ee998678d0e58a523feb4bae1658ff46a42ba1c8790f3cee1e84bb6bd8898854fcc4008babc26a951c5d3d8adfd6429947966cf6f03bbdec18470d03655e5e8948d73521d7feb0837b46ecec3a5bcba8341a06a4252d1218f1cd9c2ddcfa91b9277b40f25b6c834d4dbb4337d14730de353ab08e628996a0a11b7cef31e84a59b8be5667c0e55c45c52e65f578e8b58919beff11cdc9526fb4f43b93d8207c8bb7b73cde6259eb41a1ccae857765bac287d5b9f5c1fd8c1d57804589bc6cbb65a3576efea1a5a319f8b7ed261a0330c3ccfdf2c219d7e6124ba0787aacc714f4a73457c720586aade8fdf591ba5e7bf7e25dafac73cd7a2d3ba68a39a01a5595b3afa8c81d4c6f2f92c746cc84035675d99caa1df302c23b371b2d624b0156d11a514ac2b804f6983e7beb2f20184d6c6fc2eeda5212e5df0fcb1d79dddd097c6e20b0cb4a90df8f31f0d2c5a27ed0d9da571860125504672900b2131768840ef6dcf73d5478b86b6aea532dafbd02b768be303f0217919b4da44327ecc1cd1c040bce1a69410e6ae1c84d2a725bd5923acce3d4ab976b051dabf22f41d73e309d0d0e5764b7b7dd7408b66f2299dfc0cb50af42e205f16bc98bb0a1dd7ccc37ce9d4a68b679e36f1f1bda6657c57ae43e40570009c4f7a338ef81185c1a4a3accbcc8b8ddd837fa90c8f7106e518f87ac86434c36a06d0a2d13a6397025f36aa15106f94862bd4753f1f8428efca7e589749fbd815364d45400b0257bd78e631dc71eaa367529310320490f3a6332e01d3a47369389a2ce1cb5b17832d76e5e0fa3a094de721c7fe04fc8e313744175db5ed2aa94be10fbac6aea87484514bf6360cfe955acb7345274aed87c16af382aa945704c9166d6e026463ba73811ff8b7949ec017cbcbde88b2f230e3f5b14b27102be56272d16b1eecbb288d0d51e697feecbd36c1ad65bfa983c8b0d7f724aa3b1238486c0b9ab10269359c452f73c0c430aaf75433f170cc381e91e5af1628f2bacf25d2a848a8bfb0c4e921f239284b817e5560accc19ee4f9f1119353e9bbce96823047fcfecc5ccf40dadd474ed954b59621f20ed6cba91d9f3af87b405b56c8f6d48014d7a98bb4af3a625b4cf8734153246d6d8c3136da38bc9b5b61008928721c9774e18b9ae5d64f57ea1464f1679efe378bcc12576bc6bedf40bbbf502462589f58267a79790d691a05258416eff6f3edb3b2f3376e9a9ecaee5c0d7ec2fc17e7fe5f8fd6f9e9c2e7c989656bfd753329a552db456643e49471c26a439bfef75bcc78f6050cf007abc945734c4d5f25a65f1784b47e3159aabf7571eff120d7c333e70e1daf951f1c664f41d115ac3cf23b93fe4dd6505c7bcbb57c4b5522310090d36a34a043a62a6f0d30a984fdf0b80c5cd7b67d68143459e0865963bf506b1878c3ce26d13f522060e813335e4a1dbbf5a53b8f6920aba897fe1c36bb879dbb9a876d769a5b62c7188ac40d42ea339f20a21fd37a2a2e909ba3f88d065ad7964d1d5992e472e7680839c96700ba17384dd89c094765d6f46057b13817fbf854af625bd791ba2970a1b2a8a8871f9ff34a1ebd0875a55e9389c53198335bd831b47318a33618f1d8a56ab7b5481558eb1e989f015d1ca304f3c0ac0f871801466b0443883da2429425730f221e1b674c0c41e91881418d8718181de10b702152c9f21bfcc346091e10456b35add81c25b885e689b63447371f94b22da70313d261ea29f50e625c07350f584cc1defee92c028d32dfaecaece01ffeffbc1b1769fb289a3f5e4d32adc9df422ccfca36b71300f0593440a19cc4221b97ca2ef3b8dc2c488543cc27d7b4daf8bbac0eb6a4c85e094694e55cd5463437b65a6d7ebe2b2bbe6e65995db11553cbedd30127a93532174aa487d6c123d6d04ba748a706049aa7dcd414ad25cdb50d576a1a0adf20488feb029a2569cbf87baf7d172467acd5d36c42d800ab8bfd0684cca0b96472eb4d415fd16462e93e9329c1ef9a4a66b97e6550b4f6c779f5383afdbea3dd58b2700a470cf30e437597617aad638db685bae6819b46b30b3f0804d4e923e445f160a69b8e34652b8f18575d85c66ba58f8fc05cadfdd0ac8b923760c0a866adb7407de9a2e41e6188ab57341dab67ef211f7d3a8b6800602c5d5e25627a3efeafa6cb8908fcb82fa9d06304930e1dc530a0856840b6f0dea537b7d4bc5a97b71a0298e1cf87dd53f0202afcbcaf9a1efd0e4cfcbf546a15ffc925b71279cb85d1a91672a9e34e377eb77b4e3e19906cf358e88a06a837b9371a2e85b504acbb302a010d8fcd3513d9fbc8eef7d595568dcf1a4675514df49005ce89a0b65509bcb94d966178ac5f847a0cefa4370671dc8e21c447397c9cb29593d3e917d812f2b2c5db37a9571f2b2d5036f613434fa48a11b4608d94b0fc1e1e711aa0bdac739e209be03ec0783cc74b60bd2ad8576ea496cf9d66d9cfd334507ca660e4f43490ecdcffb2f191588b195f6207037af14f8e203c47098160bab9729b69b7a9d83990cec80280287e1d58ce56c"], &(0x7f0000000180)='syzkaller\x00', 0xffffffff, 0x0, 0x0, 0x0, 0x11}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff1f, 0x0, &(0x7f00000001c0)='{', 0x0}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f0000000680)=ANY=[@ANYBLOB="2e000000000000000000000000000000181100000d8f3c57dcd255772001c95a7c7a5ac9df35fd4540fa35aa7722c56502bf86ed170c81b2ee6e4228df01b725d0e074d6c38892732a99b185d436d0e3d1c8aef1c72badf96da785d771c2c72976a31c5439bcf9f9cabe9ca599d3c9b9b35a5724d837fefd1089c9bcacd8ec193ec2a11adc394b0047833f05018530d063006f0d7ae72a9e191d3c72ce6c98388d8034f6fc5eafb869b133a8a8f18d23566d629104d64bebb3c057", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r7}, 0x10)
r8 = socket(0x10, 0x803, 0x0)
r9 = socket(0x1d, 0x80000, 0x6)
sendmsg$nl_route_sched(r9, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0)
getsockname$packet(r9, &(0x7f00000003c0)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x4}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@getchain={0x24, 0x66, 0x109, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x5, &(0x7f00000005c0)=ANY=[@ANYRES64=r4], 0x0, 0x8, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, 0x2}, 0x90)
sendmsg$IPSET_CMD_LIST(r11, &(0x7f0000000240)={0x0, 0x5, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="00000080000000000000000c000000000000000005000640000000040000000000000000"], 0x24}}, 0x0)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r12, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x11, r0, 0x0)

2.039042776s ago: executing program 2 (id=1027):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0xc000000, {0xa, 0x10, 0x20}, [@FRA_SRC={0x14, 0x2, @private2}]}, 0x30}}, 0x0)

1.927771348s ago: executing program 3 (id=1028):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
r5 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syz_tun\x00', <r6=>0x0})
sendmsg$ETHTOOL_MSG_DEBUG_SET(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="d8a70000", @ANYRES16=r4, @ANYBLOB="010000000000000000000800000008000280040003800c00018008000100", @ANYRES32=r6, @ANYBLOB], 0x28}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x24000090}, 0x84)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x3c)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000010000000", @ANYRES32=r7, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="2000000014000001000000000000000002000000", @ANYRES32=r7, @ANYBLOB="080002007f000001cdcbf80dc669be3c1885c97cede4c2be64774e6d3ee7de549ac045cd56e3b306c39b0bc92873ac8fc8a9648e778729687f47fe74f629a455612cdbda592b03957de2ea04fe053787bcba66f49ca26454d62db5f0cbb4c8f0957c8f5436dc66eb99c85f29c9e6fdb5eec63e89d2d2b9c680bd319516d4c9"], 0x20}}, 0x0)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f00000002c0)=@req={0x28, &(0x7f0000000240)={'syzkaller0\x00', @ifru_addrs=@sco={0x1f, @none}}})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xff6a}, 0x48)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
write$binfmt_misc(r8, &(0x7f0000000540)=ANY=[@ANYBLOB='5\x00\x00\x00\a'], 0xd)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx\x00'}, 0x58)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='ext4_writepages_result\x00'}, 0x10)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002840)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001f7ff04b7050000240000006a0a00fe00000000850000000b000000b70000000000000095000000000000009cc6b3fcd62c061c6238975d43a4505f80e39c9f3c530cf08e467b592f868ee3b0a435df0a0e8c1bf176db2a6b2feb4b77d3d5707bfd2d84aaa3b1d4e984c46ea7e2b347a36f5662403e1b2be4284322a4988a0d411a9872971c7c56f0979bd10b97163c066d0e196bf0fb04e500b0c0502df9de9ca3c00cb9a323d9b401bf4e418d07fa22f0610a70f2bdf4000200000000b0c2c125080963f6324bb7b80197aa3161f45346b100000000000000000089e399f6609876b588743794298b79dc192dff048fc207c81f28bdd3e26a1a8a0481e9f0da43bb6ca66e2f55a9ff19ffcafe3e64be06000000000000005064caec04a367c23d9fb6a6991ddb737d527d6acb15426406991c3b404984dfa2c6e94bd0339454c13ad3c328a182c15dc760a313e3b3ca5d3393404029e98fa883c71949a34d84030323e3d54fc5b29d27643453ad9226e3550ee5520211d9370175fba303f003073afd1ec9f7c6133f260c6882a146880b9387f1beb5418618bc83a3becf9bb5d80eff7da7ba8b913c685fc6700848dc6665d73248c1f74e08ad04ce905faf32706e0000249a028044ede964362cfb2f30a246c3b2f60000fc4deb91da1368b0960b8d69bd99c64893d44f962524429dc0584b8e7e541c903869d96989b9a986620cb2c95c83f2a082c52764f49e51188f9418b01bcd8ae164acdac95318ec8b2c6feacdcf4b528e5e58219bc54f6ad5679e7f430e6960ed048c46e1dccca05bfa1d67c83795eae2d31968c055d325a9c794ef88b30c2de4a274878b73c05ffa88b7073be648b12bb1fee58958d6a6f31bfe568215dfbde59dad00008a73b40f09cf018cd496b36050d7fd45e3620c28f76749262e33e16429a6da35ceb1a989de81c3f8b8bc348ef2ac3781b847611fcb0a26acafdd6d9a1b17dcb9f7c493d8f8cd344a1d470ca0d6f16ab0293774b5509fb0e7113936d59d5a60dbd84a938476adeebab9ff44f531bb0200000000000000cc1fbc455a64fd449284f71761092a0302000000000000008a05d36fd9b814b4292745418c92d944763a4bf5e138d810e29a31f08f7dea7762d2d8f7e1d24cabe17ad4135d8872935ceac6eb4f046f2acc1b0efb4438abddcabb4e4e72a450aab72b589bec83bbb688e659fb426cd43d0ee993516fd4e867232cde69b6ffad447dcd92e0ef8234ff850ec3948dd1fa7afb77d951fe4abf618121b7894c106beb49a71c62df5544ef221973432ccc7e62b151eb898a01010a7ec5acd0a5dcb2de443880c8a682515d1da9a3048744acb44384d1591df789883c0560495cb0cb32283529926d25e5c7f481112ab8a82247e927fb6f256830dab3671f00500d36a17790bab7d0e89e6c15314f2b963bfc867953476b0505c7d728326d666f39e82cfcf7e7a85df288d75df24c5e4d529c349923f9a4fb882310391dd58b4cbd8def239a227724d39c3e6c40e20e07e68a22888a5c3941b7a765b92bcb37f302487bcbd93ccf3a104021ff34ddf7ffcca1a04eae963e25516a114573779b24a341dfb2e80f1f345c6d96493ffc2a18478b5bf3aab2ea59c51cf0678e1a57d0ea042d911548ff612002ddb2d54d42fbdde42b56887003d27468225b2594a05044baf314113e889468cf13dd92aa0d7744db6b56557a5adad95cb9a69d4de50642b4b9d6d3ba7eb534b00d0fea62f0a61535dfc4da06e7f8695be614c557caed7eb0120516e1351fed7d8ffa31c8f4be364185469cfc5f25c90d71bce745dd2d58a30e0844f12c4cbbdd7a08465e665c2620d78673dfb6d9263ed7def8924cfcd48a8a3534f1a3eac9ee9f18a18106ba3d7c7a62330f5c0e98cb7982dd7bad02c8dba9c13894185bfc4bd2520b6e2043fcb3fc5eb55ecf9e6e363ea2ac40a14a6f00f0ffffa0fdb6487c51ef12c2e88beeb5aa6f6a4151cfb90644e50630ed474df7d1635afcb1ea3f6c47b5acbba2ce5099a9387f74d1ffbd1da497613174f76a656ba5bacccbb58dddaf9a3510d65383829a51e0f41e661fa80ca1eaaa6cf0824305ba4ec80400c50ffe83ccb0e6fef321190c58aca8c7c8c6d26ff5cbc2cadebda8e1219e04f8dacffd33db1a0a2e74c9eb978d80a12d0b5327bfd053000000000000000000be0d02a14708504412fa93d335992b2983c5addc191b4a21c7b340d0536b01958e15315eb5f3f9f4992c18f666359f40295fa73284c4b607669bae75bd68c3e2b770c324a0ab26b6065d7e95a7bd80052db57506ec7cc861bf3998d07484c66630ca8173fea3f06ed1dfc70a8b90418e2dc76137e0f68cb1c8a908aef9f009f85647dba54e05028c33d94d463fb20d2e7547184b8d3611e45dff02144387f342ef9b9bf650e9d049bf65258a7bc094a6965e24611c077e1ca0891362a9d68f3ec7610c0449acf18459110500a09b75885cd79ba32776e4a511c8a4ad922b000000000002ef507ec6fc7f5dc431b9d8cbd9003972bf1dc6a71bedad8e19efc3edd2a7a7e555d5f3176af69920471e6e5bcb8966c813c132d65e2b99d3015e06b372e1aefaae14ee3fbc6349af362c19b59c214de66912d1a9a98d92dc197a51c29443de62caca334c46d110e50896fe50d0477771d387f40c8ef05750ca651e6e69a237dcf78666d6ab2bda1f853525494e4efdd93be38bb5fc671f8794002d7a951fd336aaf4ed1166cb459df70218c571ba1c40b028234505e5477effff26af8812c2fbb8785a223fce0a0601c2a3b58bea8c6216eadabcabe86ab46e4cd3d58ef7ce8d3c4b0bc5952e81dfc0a490d8568db6f9c51fe703c6864fae0053d2f91f49e977cdc1962dbc28c29471a72199862bc8fc6e211d13d8579cab4fba94b2b613c9b8148d05e0690a4c4ab35aabc45801d2b82081e62b23a01b58b1ffb624f63ad2246796796160cd3682374364edac52f1becb7c6eff50823b75fb2ef516ec4ec1cb20a2535b504502d744f2099674e58f2c117c980cf0d041c8e45c4f166bab4aa5ed200ef4dcff96f7c9c1ab8c22db0f439b23b04bcd41ffc3a0e01976ca1cf43e12d7d72f3faa4979faabd62e2dc54a980eae4d5e8c6498de331c3aba1144ef1190ea6cda641d9416c4560cab2d819eac7b04c70f141754c3ffd79da363fe8859afee531710caf1b2bf5a51142f4755cbb700c28083525a9093790096cb93417f1216000000000000000000000000000040ceb244e4cae2b65a76d41793aabccd3d0c50486eae6793e1f54814a8ee2779c14ca94759266200229b58c12279817869e831cadb7b09ddffffff9d93e2ad25eed43c0b9ee4fd209b5b919a42f676b9d7236fc8dd5040899d0676291407ce9ac8101dd3512f5b3ac8cf8179d1749de324000030d0f942ec4604c28d5c287d1435956784003a53eb5f0436ead88d7acf0166dbd9f30a9b259c8a9b9faf1356faf269cded935b07863e4fdad8aab52686c81babd1c08f6700a2fadd413443022ea5c774ffefdd426abed08d437a4db48611fc82a18ab9f54758a1aad86d95cd186ceb55fafa3930090467b8b7bb8ae7e1c8b4b4106a381cb67fdb86def4de2076dc538bb97502b4b4350e633dc0a53c2fc9a01bc5cfae0245f1fab843c633446f5f3a43226109b7dafe7815773bd6969f04cbe15236b90000000000000000000000000000000000000000000000000000ff0779b9c0057addb2efe11b8b3a706569f1522b57d71bb0beccab7c8fe9e1330b2f501b2ac3cfe9e2f505e833217557abb257d61a73a758543651b250f8d8ef9c8481bb28a137d15040b0181c28dfad7c17b30c452a64c43a117cb948247c33abc765a6ba695c3cea5e32a4d11c9b4be91c60932bae2dcbec2ff4268e03aad15efc6004e6b3d7f0edf8b5d4ae7846a6d43c16c90b7c5dc13ac2ff0439ab693498964cad2bb533bcd240778b7e49145c48efde42b44c01517f1a7c7707b4c4fc0900e7086ec40354504590696282286db9030f0320e2fcba8723939005347b3c99e3f1310d41ab328c1f351b3f744ff1973431000000000000000000000000000000000000003495d69aaf9a1d83e83511a3bf44fe753b8ad83bc34ea4d46b397e000fd267c50122aa5aaf8474ec2e57d960d963900bef84a4b3c7dd01ae4d6b5522aa8a35ae7996e298bcfe3f31a34e3e12c58cf172a4d3677a67b52041ec21ae8003aa1c9969178b1b00e4d12ac9741fd788fb6260ec043c013907523c77f8acc20b9e2fd224ca8f21fab2b10991881e0a12f4e1c4f54b9ca7c9a0c8298d60b8b6eaa023418992d6d62b0e9faca4a3b3a845e859137cd933ef5eb8db16f159f32505725da51414562d064b551246dacd586f42d04d3fed3c087bb52ae4bc09f3846c785d1b278e661ed01fbc2415288bc9c808c4aef648d431b3029da0dec8886c3ee9cad996843d00a3b5eb54e270dd2e96c8f2fdb4c27c2d1bd467f2a14867dec67730d8a68329839d9feff688dfbe25c73f936338e7b057980da58a6303d95f17712d667d5a1066ae457ae32925ce658b559c1182a74e267da57fe25b19153f1cdebaddf3f7a3479c09f2303dff449c0513b552a75ed48215cc31264a6ff648a95daa0d599dbce303b3b5307572df30429a3b4b115cab0a018f2501272048dd9e69877535e20078e7c28a98f26ace7a266bdc15ce904f25ec7fb2434ee7b5b69bed702ba1e7ed72942f452f1a98a2d949450091075efa823b11f5f5eccd921c04c7c15a5a05750cd85b1300fc00ce275de7559e117f87cb6c3c9a4b9f96149e3fcffa44d7000000000000000000d43d07d546acb7009c0c4f6e57b8577d2113bfca1939b9bf757265e175c1863a7c8d7640675830dc11d5d59546daf2385a7074f770c8333b21e2fb660141bc4f1ed45f703da6ac2557ab6952bd0c300000000000000000005b44bff4e3966fdfc9b720412bec09936b08e440c774e2224f2d338fab2ae59379378ca34eeedbd9a323a889f295e5d3bae64fc48ba123668e6a0be1e732aa5e2a0d4373a0b76d84f018d45bdf6f12d6d5d23a0331c3ae5e99a2bcdb52386135ea15890007e1cba5e52a04971139272012ae5542ba109a9d2f49798ce2fc6f639735e0222cd08075418239042bfe47c363973d3245ce507e838dfd90ae442a96fa1343029be56de31c2eff226c05f0ae3dbe2281e7bc02db39342d5b54ad3616733a5aa7753613423a0c5e2844a6e08fa5b76e18f7e24e967f6f83c546718d0f20959376427cdd449a4be3d75fd3e51e1b7f8690855af8eddbd3fd556b4460d0091e3623933f1a11db14aea54af6c49725bfa51fed222dc379995f48b1aab94441767c8bccbfd966d814715203bd8f549cd57d6a87295bf16aa25fb4e7fcaa8cec5e5c03b0095861bf2fed70ffb46bbb78ba90ca272ead9b3d2959fd9dbaabd1d51a60b474cef4c700faf718b810e4d3527a4663ee9fbc0000000000000000000000000000000000000000000000000061abf7a66b7b3f57ff83482dbab3f591dded505630dd9dd4828dde3fd9218fb1d041a26c60a724fd8506ba03a370721c281ff6202410dd078fc15f5c4e02b46fba33e0a772130f9a158a2e403ea61919f461358bee016e4c7c114ba7f4486aa7984fffd4555d71e049b2e933ae820bb5990ac3e27e7ebb101ad67ea47ed363de7dab4fb43769f5eca65b5918a76af8860f4d0d79805d9c08d3e27a8f041615ef85b52e521a90e511fcb303dc0ab19abaf0e37e9725bb596de8d8afecf5e15215a83652f3834bf00bf7bbc82b3c45e78a46e70a54a1925b4bf8392070e9cde0634790e444e4e4ee762db725122865a194d7ba289d9aecbba85da0a5c0de6b71a3cc"], &(0x7f0000000340)='GPL\x00'}, 0x48)
r11 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r11, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000001000)={&(0x7f00000006c0)=ANY=[@ANYRES8=r7], 0x48}}, 0x2c004)
r12 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$VFAT_IOCTL_READDIR_SHORT(r12, 0x82307202, &(0x7f0000000c00)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r10, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000003c0)="5aee41dea43e63a3f7fb7f11c72b", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x50)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, 0x0, 0x0)

1.926997392s ago: executing program 4 (id=1029):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000001ac0), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000c000000200005"], 0x34}}, 0x0)
r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
close(0xffffffffffffffff)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r3, <r5=>0xffffffffffffffff}, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x19, &(0x7f0000001b40)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}, {}, {0x85, 0x0, 0x0, 0x69}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}}]}, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000640)='ext4_ext_remove_space_done\x00', r6}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r2, @ANYBLOB="000d00000000000064000000000000001800000000000000001d0200000072403b710000c5831c5740ff0175950000000000000018010000001000000003000000202020c41af8ff000000fc5cc1b600bfa1000000560e0007010000f8ffdfffb702000008000000b50200000000000085000000800000000000000000005a42b03a5ddb1d547b1d03726e04fa19fc7cf7ec4d070016e6f65902a1d979f5603c4a89aec43ebe67621b58ab347afc2d118649367d087905769f98927393dae55c02c4ea5f1eef5567898685121e7fb274148826fe4b6a5a4f0912f8526e6448b459d44699dafaa8bcc1bd22cda958eebf5e7f446ed34e6cb8c46ed0af53c244f00a5d2b937b91784fb6b9166c914909d4baa23b4a930c0af781"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000500)=""/222}, 0x90)
r7 = socket$inet_dccp(0x2, 0x6, 0x0)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e22, @empty}, 0x10)
r8 = socket$inet6_dccp(0xa, 0x6, 0x0)
bind$inet6(r8, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x5, 0x32, 0xffffffffffffffff, 0x0)
connect$inet(r7, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000940)=[{0x0, 0x4, 0xf, 0x5}]}, 0x90)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x6, 0x80, 0x42, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x20}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r9}, 0x38)

1.875586781s ago: executing program 0 (id=1030):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000001000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000080)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_init_net_socket$ax25(0x3, 0x5, 0x8)

1.858198028s ago: executing program 2 (id=1031):
r0 = socket$inet(0x2, 0x3, 0x2)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f70002"], 0x58}}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, 0x41, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x8, 0x4, 0x0, 0x1, [@generic='\nN']}]}, 0x1c}}, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
ioctl$sock_inet_SIOCDARP(r5, 0x8953, &(0x7f00000002c0)={{0x2, 0x4e22, @private=0xa010102}, {0x306, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2f}}, 0x36, {0x2, 0x4e22, @empty}, 'wg1\x00'})
write$cgroup_int(r5, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r4, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000340)='yeah\x00', 0x5)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x4, &(0x7f0000000200)=[@window, @mss, @mss, @window], 0x4)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x8004, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
sendto$inet(r0, &(0x7f0000000400)="904ae56e0d00e73e19", 0x9, 0x0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000006c0)=ANY=[@ANYBLOB="850000002a0000002e000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d35b213bda84cc172afd8cc2e45a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbfe5ab0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab8b4b380a00d72bc0480f949c479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b846970cfd98b9d4139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323c78a996810000000571cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b30567e54d3504723177d356c4604bca492ecec37e83efceefd7ca2533659edc8be05cc85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e561a9845e4ff29e2bdb1d0b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebce68663ef5af469abe753314fae31a0445859a5ece8fb11a4ee8e46354c9c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a4601adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa700a86407e79ae29d2c117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cc50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5631820420b75b6522c0e21c882c66f4f25ffb6d95e07de02205fca4f18a2eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6fc01e1b9e16587bb5f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f87c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33384253af570f4ef9c0254afdd89c73943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b703043f4b2497ae5602473d8c1bb627d5f73790476a4a2e8b1f71"], &(0x7f0000000000)='GPL\x00', 0x9, 0x252, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r8=>0xffffffffffffffff})
r9 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r9, &(0x7f0000000000), 0x12)
bind$x25(r9, &(0x7f0000000040), 0x12)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x0, 0xf, &(0x7f0000000100)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}}, 0x0}, 0x90)
sendmsg$key(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000380)={0x2, 0xf, 0x1, 0x2, 0x4, 0x0, 0x70bd2d, 0x25dfdbfc, [@sadb_x_sa2={0x2, 0x13, 0x3, 0x0, 0x0, 0x0, 0x3501}]}, 0x20}}, 0x4004800)
sendmsg$nl_route_sched(r7, &(0x7f0000006280)={0x0, 0xa0003b40, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x2}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), r6)

1.584070864s ago: executing program 4 (id=1032):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001700), r1)
sendmsg$IEEE802154_SET_MACPARAMS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x40, r2, 0x21, 0x0, 0x0, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_CSMA_RETRIES={0x5, 0x25, 0x39}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x40}}, 0x4)

1.500709769s ago: executing program 2 (id=1033):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000040", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095", @ANYRES16=0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$binfmt_misc(r1, 0x0, 0x5)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0x8000f28, 0x0)
splice(r0, 0x0, r4, 0x0, 0x4000000005, 0x0)
write(r2, 0x0, 0x0)

1.434712727s ago: executing program 4 (id=1034):
r0 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r0, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14)
bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
syz_emit_ethernet(0x66, &(0x7f0000000280)=ANY=[@ANYBLOB="bbd28ddcfbbbaaaaaaaaaa0086dd60003a0400043a00f5800000000d000000000000000000bbff020000000000000000000000000001"], 0x0)

1.268086736s ago: executing program 3 (id=1035):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x18, 0x1, 0x1, 0x101, 0x0, 0x0, {0x0, 0x6}, [@CTA_FILTER={0x4}]}, 0x18}}, 0x0)

1.267485554s ago: executing program 4 (id=1036):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000002c0)={0x3c, 0x19, 0x15, 0x0, 0x0, "", [@typed={0xa, 0x0, 0x0, 0x0, @str='\x02\x02\x00\x00\x00\x00'}, @nested={0x20, 0x9, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@loopback={0x8000500}}, @generic="74f5c5a475e9d46e"]}]}, 0x3c}], 0x1}, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a44, 0x1700)
epoll_create1(0x80000) (async)
ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40086602, &(0x7f0000000000)={0xfff}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x8, &(0x7f00000002c0)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @initr0, @exit, @alu={0x7, 0x1, 0xb, 0x0, 0xa}]}, &(0x7f0000000000)='GPL\x00', 0x8}, 0x90)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000040))
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r2, 0x6, 0x21, &(0x7f00000001c0)="b0652d90aae863cd4fc5e6cb6965e55c", 0x10) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f0000000400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@func={0x10, 0x0, 0x0, 0xf, 0x2}]}, {0x0, [0x5f]}}, &(0x7f00000004c0)=""/179, 0x27, 0xb3, 0x1}, 0x20) (async)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x68, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x22}, @NFTA_SET_EXPR={0x2c, 0x11, 0x0, 0x1, @quota={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_QUOTA_BYTES={0xc}, @NFTA_QUOTA_CONSUMED={0xc, 0x4, 0x1, 0x0, 0x2}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xb0}}, 0x0)

1.009781011s ago: executing program 3 (id=1037):
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet(0x2, 0x0, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_LINK_WINDOW(r0, &(0x7f0000000140)={0x0, 0x8, &(0x7f0000000100)={&(0x7f0000000080)={0x68, r1, 0x1, 0x0, 0x0, {{}, {0x0, 0x4108}, {0x4c, 0x18, {0x60, @link='broadcast-link\x00'}}}}, 0x68}}, 0x0) (fail_nth: 11)

977.778765ms ago: executing program 4 (id=1038):
r0 = socket$igmp(0x2, 0x3, 0x2)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x380, 0x0, 0x11, 0x148, 0x0, 0x10, 0x570, 0x2a8, 0x2a8, 0x570, 0x2a8, 0x7fffffe, 0x0, {[{{@uncond, 0x10, 0x70, 0xd8, 0x1c}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}, {{@ip={@multicast1, @rand_addr, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_batadv\x00'}, 0x0, 0x1c8, 0x210, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'team_slave_0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev, 'macsec0\x00'}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x3e0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f0000000080)={0x0, 0x382, &(0x7f0000000140)={0x0, 0xb7ff}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001280)=ANY=[@ANYBLOB="3400000010000104000009040000000000000000", @ANYRES32=r4, @ANYBLOB="7700000000000004140012000c000100627269646765"], 0x34}}, 0x0)
r5 = socket(0x10, 0x803, 0x0)
r6 = socket(0x1, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@ipv6_newaddr={0x2c, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r7}, [@IFA_LOCAL={0x14, 0x2, @ipv4}]}, 0x2c}}, 0x0)
setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd1, &(0x7f00000001c0)=0xc, 0x4)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000280)={0x1, &(0x7f0000000240)=[{0x0, 0x0, 0xe1}]}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x0, 0x0, 0x0, 0x504}, 0x48)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000580)='./cgroup/syz1\x00', 0x200002, 0x0)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000140)=',8', 0x2)
r9 = accept4(r8, 0x0, 0x0, 0x0)
sendmmsg$alg(r9, &(0x7f0000005080)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="09dea4afb76288fa135537845f3188b4cb061c94084050d49b5f9dc271450ebc85f9479e56e3800f492b76e4254daff0a4082adffa4b52038a427a2ef1828f7be02a", 0x42}, {0x0}], 0x2, &(0x7f0000000540)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
socket(0x200000100000011, 0x803, 0x0)
socket$packet(0x11, 0x3, 0x300)

832.073297ms ago: executing program 0 (id=1039):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="4400f0ff", @ANYRES16=r1, @ANYBLOB="010000000000000000001400000018000180140002006e657464657673696d3000000000000008000400060000000800050000bffb00080003"], 0x44}}, 0x0)

764.952666ms ago: executing program 0 (id=1040):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$ITER_CREATE(0x21, &(0x7f0000000200), 0x8)
ioctl$sock_x25_SIOCDELRT(r0, 0x890c, &(0x7f0000000480)={@remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}, 0xb, 'veth0_virt_wifi\x00'})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x14, r2, 0x1}, 0x14}}, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3}, 0x48)
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0xffffffc0}, {{0x18, 0x1, 0x1, 0x0, r3}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0x50}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x5, 0x0, 0xd, 0x0}, {0x18, 0x2, 0x2, 0x0, r4}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x5, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
bind$inet(r5, 0x0, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000300), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x13, r6, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305829, &(0x7f0000000080)={0x1100, 0x0, 0x0, 0x10000})
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r6, 0x660c)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r7=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r6, 0x29, 0x32, &(0x7f00000001c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', r7}, 0x14)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000003c0)='dctcp-reno\x00', 0xb)
getsockopt$inet_mreqn(r5, 0x11c, 0x0, 0x0, 0x0)
setsockopt$inet_mtu(r5, 0x0, 0xa, 0x0, 0x0)
r8 = socket$pppl2tp(0x18, 0x1, 0x1)
socketpair(0x23, 0x800, 0xffffffff, &(0x7f0000000040)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000240)={<r10=>0x0, 0x25, "c4bd014dde8dbefdb9f5eee6db68148d770213ec31e4e8117ebf98ef4ccf35d1350ee6e724"}, &(0x7f0000000080)=0x2d)
r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r11, 0x29, 0x36, &(0x7f0000000580)=ANY=[@ANYRES16=r8, @ANYRES32=r5, @ANYBLOB, @ANYRESHEX=r9, @ANYRES16=r10, @ANYRESHEX=r5, @ANYRES8, @ANYBLOB='$M\x00\x00'], 0x8)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r9, 0x84, 0x8, &(0x7f0000000180)=0x401, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000000)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @loopback}}}}}}, 0x0)

322.936484ms ago: executing program 4 (id=1041):
r0 = socket$inet_tcp(0x2, 0x1, 0x0) (async)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010"], 0xec}}, 0x0) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x44}}, 0x0) (async)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f00000000c0)=@broute={'broute\x00', 0x20, 0x1, 0x220, [], 0x7, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000110000000000000000006e2a30456b880000145b41fe6900000079616d3000000000000000000000000079616d3000000000000000000000000076657468315f742f5f626f6e640000000180c20000000000000000000180c200000000faffffffffffffff000000670100009001000073746174697374696300000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000646e61740000000000000000ff0300000000000000000000000000000000000010000100000000000000ff000000006e666c010000000000000000000000000000000000000000000000000000ff0050000000121b6eb244d4f0fffbf04a000000007e4b000022d4e27ebdf3b9dc569e338e2c551c2fc4a19597ba4c501c8b1f16fb7809c40aee86f4fe16383d2afb577ed2bb6dd99f024b3f54ba00000000415544495400000000000000000000000000000000000000000000000000000008000000000000200000000000000000000200"/544]}, 0x298)
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000080)=@generic={0x2, 0x1ff, 0x6})

195.948988ms ago: executing program 2 (id=1042):
r0 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r0, &(0x7f00000012c0)={&(0x7f0000000000)=@id, 0x10, &(0x7f0000001200)=[{&(0x7f0000000040)="e2", 0x1}], 0x1, 0x0, 0x2}, 0xc4)

195.619676ms ago: executing program 3 (id=1043):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'lo\x00', <r1=>0x0})
ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000000000))
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000d00000008000100", @ANYRES32=r1, @ANYBLOB="3c000280380001"], 0x58}, 0x1, 0xf000}, 0x0) (async)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f0000000180)={0x0, 0xa, &(0x7f0000000140)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002b00010a000000000000001807"], 0x114}], 0x1}, 0x0)

193.481585ms ago: executing program 2 (id=1044):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="240000000f1401000000800000f0ff0008000100000000000c00450072646d615f636d"], 0x24}}, 0x0)

29.692962ms ago: executing program 3 (id=1045):
r0 = socket$netlink(0x10, 0x3, 0xf)
writev(r0, &(0x7f0000000440)=[{&(0x7f0000000140)="480000091400190d09004beafd0d8c560a84476080ffe00600000000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1)

0s ago: executing program 2 (id=1046):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$inet_icmp(0x2, 0x2, 0x1)
r4 = socket$inet_udplite(0x2, 0x2, 0x88)
r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[], &(0x7f0000000080)=""/236, 0x3e, 0xec, 0x1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{0x1, <r6=>0xffffffffffffffff}, &(0x7f0000000400), &(0x7f0000000440)}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x408b9d66, 0x4, 0x2, 0x200, r6, 0xcb8e, '\x00', 0x0, r5, 0x4, 0x0, 0x2, 0xd}, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB, @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000002000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008008000b7040000000000008500000003000000850000000f"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xd, 0x3, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002b40)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}]}, @NFT_MSG_NEWSETELEM={0x38, 0x1e, 0xa, 0x105, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0xc, 0x3, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0x4}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xbc}}, 0x0)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
setsockopt$inet_group_source_req(r10, 0x0, 0x2e, &(0x7f0000000140)={0x4, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @dev}}}, 0x108)
getsockopt$inet_buf(r10, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000))
r11 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x8, 0x4, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000080)={r11, &(0x7f0000000100), 0x20000000}, 0x20)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000040)={r11, &(0x7f00000007c0), 0x20000000}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r4, 0x89f2, &(0x7f0000000f80)={'gre0\x00', &(0x7f0000000580)={'gretap0\x00', 0x0, 0x7800, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @loopback}}}})
setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000200)={@dev={0xac, 0x14, 0x14, 0x9}, @dev={0xac, 0x14, 0x14, 0x39}, 0x1, 0x9, [@loopback, @dev={0xac, 0x14, 0x14, 0x39}, @local, @local, @dev={0xac, 0x14, 0x14, 0x19}, @multicast1, @multicast2, @remote, @private=0xa010101]}, 0x34)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x420000}, 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="6d13f75937ff63fd1f6558c720f1593b07dfcea82b57efd8814c473c1fa6ddfa0c7c9608efefd2ac0aef8ce509e16ea8d70585dc86214c30956eaf682cb48dd1a0c121c71ae8054434ba37f40bb1e2223731227cd65310b1e2e39ffb3588b1198d81ca72800b91fa3a06706774c77c8c68c336b1ca155bda3e33065c60b3e687ea11b7b767c716cb8ba5b12f3e105715", @ANYRES16=r2, @ANYBLOB="000026bd7000fbdbdf253000000008000300", @ANYRES32=r12, @ANYBLOB="0c0099000300000020000000060036002a0000000600360037000000"], 0x38}, 0x1, 0x0, 0x0, 0x80090}, 0x4000004)
r13 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r13, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)="d8000000180081064e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a800080008000c4003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0)
r14 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000240)={0x0, 0xfffffffffffffe1a, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r14, @ANYBLOB="010000000000000000000100000008000100400000000c000200700f0000000000000c00060003000000000000000a000a00272d5d29212b0000140007"], 0x6c}}, 0x0)

kernel console output (not intermixed with test programs):

es unique to avoid problems!
[   90.962322][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   90.993751][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.026275][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   91.053104][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.087928][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_0
[   91.137143][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.202629][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.275945][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.298073][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.332366][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.371589][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.403151][ T5359] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   91.416363][ T5359] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   91.440940][ T5359] batman_adv: batadv0: Interface activated: batadv_slave_1
[   91.474890][ T5786] netlink: 40 bytes leftover after parsing attributes in process `syz.3.163'.
[   91.496775][ T5768] lo speed is unknown, defaulting to 1000
[   91.503027][ T5768] lo speed is unknown, defaulting to 1000
[   91.603794][ T5359] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   91.626177][ T5359] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   91.634962][ T5359] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   91.677799][ T5359] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   91.704884][ T5768] lo speed is unknown, defaulting to 1000
[   91.744720][ T5768] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   91.799521][ T5768] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[   91.862097][ T5786] xt_TCPMSS: Only works on TCP SYN packets
[   91.904336][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   91.955253][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.066742][ T5768] lo speed is unknown, defaulting to 1000
[   92.088440][   T51] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.107110][ T5768] lo speed is unknown, defaulting to 1000
[   92.112989][   T51] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.129783][ T5768] lo speed is unknown, defaulting to 1000
[   92.177490][ T5768] lo speed is unknown, defaulting to 1000
[   92.207885][ T5768] lo speed is unknown, defaulting to 1000
[   92.593640][ T5833] netlink: 104 bytes leftover after parsing attributes in process `syz.0.170'.
[   92.633876][ T5831] Bluetooth: MGMT ver 1.22
[   92.931555][ T5848] netlink: 'syz.3.177': attribute type 3 has an invalid length.
[   93.040362][ T5850] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'.
[   93.075896][ T5850] netlink: 2 bytes leftover after parsing attributes in process `syz.2.178'.
[   93.224050][ T5861] siw: device registration error -23
[   93.647296][   T62] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   93.965339][ T5892] netlink: 'syz.2.189': attribute type 10 has an invalid length.
[   93.992032][   T62] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.012246][ T5892] netlink: 132 bytes leftover after parsing attributes in process `syz.2.189'.
[   94.034870][ T5897] netlink: 24 bytes leftover after parsing attributes in process `syz.3.190'.
[   94.056141][ T5895] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.259494][   T62] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.442940][   T62] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   94.494527][ T5911] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   94.608474][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   94.608889][ T5916] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   94.629274][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   94.641935][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   94.652931][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   94.668113][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   94.675653][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   94.795605][ T5911] netlink: 'syz.3.193': attribute type 1 has an invalid length.
[   95.022060][ T5937] netlink: 40 bytes leftover after parsing attributes in process `syz.0.196'.
[   95.144092][   T62] bridge_slave_1: left allmulticast mode
[   95.169801][   T62] bridge_slave_1: left promiscuous mode
[   95.181373][   T62] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.212299][   T62] bridge_slave_0: left allmulticast mode
[   95.232329][   T62] bridge_slave_0: left promiscuous mode
[   95.241915][   T62] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.402661][ T5953] xt_TCPMSS: Only works on TCP SYN packets
[   95.645999][   T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   95.658237][   T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   95.670004][   T62] bond0 (unregistering): Released all slaves
[   95.684688][ T5943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'.
[   95.718506][ T5946] sch_tbf: burst 0 is lower than device bridge1 mtu (1514) !
[   95.758309][ T5922] lo speed is unknown, defaulting to 1000
[   96.175267][ T5966] netlink: 4 bytes leftover after parsing attributes in process `syz.3.204'.
[   96.200624][ T5970] raw_sendmsg: syz.0.205 forgot to set AF_INET. Fix it!
[   96.238420][ T5966] veth0: entered promiscuous mode
[   96.265881][ T5966] macvtap1: entered promiscuous mode
[   96.281557][ T5966] macvtap1: entered allmulticast mode
[   96.299622][ T5966] veth0: entered allmulticast mode
[   96.351292][ T5969] netlink: 4 bytes leftover after parsing attributes in process `syz.3.204'.
[   96.394044][ T5969] veth0: left allmulticast mode
[   96.402482][ T5969] veth0: left promiscuous mode
[   96.410765][ T5969] macvtap1: left promiscuous mode
[   96.420526][ T5969] macvtap1: left allmulticast mode
[   96.706287][ T5102] Bluetooth: hci1: command tx timeout
[   96.831171][ T5991] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   96.906064][ T6010] netlink: 'syz.0.212': attribute type 3 has an invalid length.
[   96.968155][ T5991] netlink: 'syz.2.208': attribute type 1 has an invalid length.
[   96.991724][ T6008] netlink: 28 bytes leftover after parsing attributes in process `syz.3.210'.
[   97.030763][ T5996] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   97.143441][   T62] hsr_slave_0: left promiscuous mode
[   97.164992][   T62] hsr_slave_1: left promiscuous mode
[   97.183400][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   97.205816][   T62] batman_adv: batadv0: Removing interface: batadv_slave_0
[   97.227558][   T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   97.243040][   T62] batman_adv: batadv0: Removing interface: batadv_slave_1
[   97.300723][   T62] veth1_macvtap: left promiscuous mode
[   97.310961][   T62] veth0_macvtap: left promiscuous mode
[   97.323590][   T62] veth1_vlan: left promiscuous mode
[   97.339298][   T62] veth0_vlan: left promiscuous mode
[   98.222849][ T6029] netlink: 'syz.0.218': attribute type 4 has an invalid length.
[   98.240197][ T6029] netlink: 180 bytes leftover after parsing attributes in process `syz.0.218'.
[   98.334890][   T62] team0 (unregistering): Port device team_slave_1 removed
[   98.374495][   T62] team0 (unregistering): Port device team_slave_0 removed
[   98.796454][ T5102] Bluetooth: hci1: command tx timeout
[   98.856192][ T6023] netlink: 4 bytes leftover after parsing attributes in process `syz.2.216'.
[   98.882398][ T6023] veth0: entered promiscuous mode
[   98.895087][ T6023] macvtap1: entered promiscuous mode
[   98.900792][ T6023] macvtap1: entered allmulticast mode
[   98.915043][ T6023] veth0: entered allmulticast mode
[   98.923711][ T6025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.216'.
[   98.934953][ T6025] veth0: left allmulticast mode
[   98.946436][ T6025] veth0: left promiscuous mode
[   98.959502][ T6025] macvtap1: left promiscuous mode
[   98.964672][ T6025] macvtap1: left allmulticast mode
[   98.990544][ T6029] tipc: Started in network mode
[   98.995503][ T6029] tipc: Node identity , cluster identity 4711
[   99.019441][ T6029] tipc: Failed to set node id, please configure manually
[   99.057552][ T6029] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[   99.270756][ T5922] chnl_net:caif_netlink_parms(): no params data found
[   99.822607][ T6079] netlink: 4 bytes leftover after parsing attributes in process `syz.3.227'.
[   99.861267][ T5922] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.894415][ T5922] bridge0: port 1(bridge_slave_0) entered disabled state
[   99.908059][ T5922] bridge_slave_0: entered allmulticast mode
[   99.935484][ T5922] bridge_slave_0: entered promiscuous mode
[   99.961709][ T5922] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.982398][ T5922] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.005046][ T5922] bridge_slave_1: entered allmulticast mode
[  100.017653][ T5922] bridge_slave_1: entered promiscuous mode
[  100.190590][ T6095] netlink: 4 bytes leftover after parsing attributes in process `syz.4.229'.
[  100.246220][ T5922] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  100.305294][ T5922] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  100.441115][ T5922] team0: Port device team_slave_0 added
[  100.479782][ T5922] team0: Port device team_slave_1 added
[  100.540465][ T6106] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.234'.
[  100.552281][ T6106] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes.
[  100.706730][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_0
[  100.725267][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  100.796561][ T5922] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  100.861530][ T6115] netlink: 'syz.3.236': attribute type 33 has an invalid length.
[  100.871078][ T6116] netlink: 236 bytes leftover after parsing attributes in process `syz.4.238'.
[  100.880123][ T5102] Bluetooth: hci1: command tx timeout
[  100.903228][ T6115] netlink: 152 bytes leftover after parsing attributes in process `syz.3.236'.
[  100.968567][ T5922] batman_adv: batadv0: Adding interface: batadv_slave_1
[  100.983237][ T5922] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  101.023708][ T5922] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  101.041270][ T6119] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'.
[  101.061052][ T6119] veth0: entered promiscuous mode
[  101.066972][ T6119] macvtap2: entered promiscuous mode
[  101.073041][ T6119] macvtap2: entered allmulticast mode
[  101.078826][ T6119] veth0: entered allmulticast mode
[  101.154314][ T6126] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'.
[  101.164244][ T6126] veth0: left allmulticast mode
[  101.169761][ T6126] veth0: left promiscuous mode
[  101.180151][ T6126] macvtap2: left promiscuous mode
[  101.185300][ T6126] macvtap2: left allmulticast mode
[  101.306626][ T5922] hsr_slave_0: entered promiscuous mode
[  101.336325][ T5922] hsr_slave_1: entered promiscuous mode
[  101.349191][ T5922] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  101.357183][ T5922] Cannot create hsr debugfs directory
[  101.649117][ T6114] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  101.773552][ T6144] netlink: 'syz.3.246': attribute type 1 has an invalid length.
[  101.808090][ T6144] netlink: 112860 bytes leftover after parsing attributes in process `syz.3.246'.
[  101.818481][ T6144] netlink: 'syz.3.246': attribute type 1 has an invalid length.
[  102.944194][ T6200] netlink: 24 bytes leftover after parsing attributes in process `syz.4.260'.
[  102.957177][ T5102] Bluetooth: hci1: command tx timeout
[  102.970755][ T6204] netlink: 12 bytes leftover after parsing attributes in process `syz.2.261'.
[  102.980902][ T6204] netlink: zone id is out of range
[  103.189349][ T5922] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  103.226525][ T5922] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  103.353435][ T5922] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  103.412317][ T5922] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  103.790985][ T5922] 8021q: adding VLAN 0 to HW filter on device bond0
[  103.846461][ T6231] netlink: 16 bytes leftover after parsing attributes in process `syz.0.267'.
[  103.902925][ T5922] 8021q: adding VLAN 0 to HW filter on device team0
[  103.989933][ T5146] bridge0: port 1(bridge_slave_0) entered blocking state
[  103.997855][ T5146] bridge0: port 1(bridge_slave_0) entered forwarding state
[  104.042040][ T5146] bridge0: port 2(bridge_slave_1) entered blocking state
[  104.049310][ T5146] bridge0: port 2(bridge_slave_1) entered forwarding state
[  104.278769][   T29] audit: type=1804 audit(1719720034.404:2): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.272" name="/root/syzkaller.7b5tXv/61/memory.events" dev="sda1" ino=1950 res=1 errno=0
[  104.309987][ T5922] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  104.339846][ T5922] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  104.357587][   T29] audit: type=1804 audit(1719720034.444:3): pid=6259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.272" name="/root/syzkaller.7b5tXv/61/memory.events" dev="sda1" ino=1950 res=1 errno=0
[  104.411076][ T6258] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  104.839939][ T6284] macsec0: entered allmulticast mode
[  104.870697][ T6292] IPVS: set_ctl: invalid protocol: 33 100.1.1.2:20004
[  104.886972][ T6284] veth1_macvtap: entered allmulticast mode
[  105.103142][ T5922] 8021q: adding VLAN 0 to HW filter on device batadv0
[  105.129289][ T6301] Bluetooth: MGMT ver 1.22
[  105.214736][ T6303] netlink: set zone limit has 4 unknown bytes
[  105.293444][ T5922] veth0_vlan: entered promiscuous mode
[  105.325305][   T29] audit: type=1804 audit(1719720035.454:4): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.285" name="/root/syzkaller.nWjoL3/76/memory.events" dev="sda1" ino=1959 res=1 errno=0
[  105.422378][ T5922] veth1_vlan: entered promiscuous mode
[  105.446807][   T29] audit: type=1804 audit(1719720035.464:5): pid=6307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.285" name="/root/syzkaller.nWjoL3/76/memory.events" dev="sda1" ino=1959 res=1 errno=0
[  105.599555][ T5922] veth0_macvtap: entered promiscuous mode
[  105.650354][ T5922] veth1_macvtap: entered promiscuous mode
[  105.709221][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  105.742137][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  105.762463][ T6321] xt_CT: No such helper "syz1"
[  105.781809][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  105.802712][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  105.828107][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  105.859200][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  105.875714][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  105.901664][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  105.921694][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_0
[  105.934932][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  105.975768][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.006238][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.033501][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.052085][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.080866][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.114136][ T5922] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  106.128319][ T5922] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  106.140719][ T5922] batman_adv: batadv0: Interface activated: batadv_slave_1
[  106.167543][ T6346] __nla_validate_parse: 1 callbacks suppressed
[  106.167564][ T6346] netlink: 44 bytes leftover after parsing attributes in process `syz.0.294'.
[  106.190765][ T6327] netlink: 12 bytes leftover after parsing attributes in process `syz.4.290'.
[  106.213870][ T6338] netlink: 'syz.3.292': attribute type 9 has an invalid length.
[  106.231303][ T6338] bond0: entered promiscuous mode
[  106.245781][ T6338] bond_slave_0: entered promiscuous mode
[  106.262952][ T6338] bond_slave_1: entered promiscuous mode
[  106.279652][ T6338] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  106.332717][ T6338] bond0: left promiscuous mode
[  106.345850][ T6338] bond_slave_0: left promiscuous mode
[  106.351464][ T6338] bond_slave_1: left promiscuous mode
[  106.440228][ T5922] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  106.472333][ T5922] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  106.485977][ T5922] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  106.496468][ T5922] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  106.659127][ T6364] netlink: 12 bytes leftover after parsing attributes in process `syz.3.296'.
[  106.661784][ T6358] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  106.712177][ T6364] netlink: zone id is out of range
[  106.766955][ T6358] syzkaller0: entered promiscuous mode
[  106.782586][ T6358] syzkaller0: entered allmulticast mode
[  108.322175][ T6391] netlink: 'syz.4.300': attribute type 23 has an invalid length.
[  108.330259][ T6391] netlink: 16 bytes leftover after parsing attributes in process `syz.4.300'.
[  108.342026][ T6391] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.350021][ T6391] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.364361][ T6391] bridge0: entered promiscuous mode
[  108.477779][ T6404] netlink: 24 bytes leftover after parsing attributes in process `syz.2.301'.
[  108.663808][ T2438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.707502][ T2438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.801887][ T2438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.825811][ T2438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.941114][ T6423] netlink: 134788 bytes leftover after parsing attributes in process `syz.4.307'.
[  109.088857][ T6431] netlink: 'syz.2.310': attribute type 1 has an invalid length.
[  109.137161][    C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  109.247792][ T6442] netlink: 12 bytes leftover after parsing attributes in process `syz.4.313'.
[  109.314386][ T6435] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  109.340451][ T6435] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  109.393553][ T6435] bond1: (slave vcan1): making interface the new active one
[  109.427483][ T6452] dccp_check_seqno: Step 6 failed for RESET packet, (LSWL(182747985922371) <= P.seqno(0) <= S.SWH(182747985922445)) and (P.ackno exists or LAWL(78840749238215) <= P.ackno(78840749238216) <= S.AWH(78840749238216), sending SYNC...
[  109.432908][ T6435] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  109.508922][ T6431] netlink: 44 bytes leftover after parsing attributes in process `syz.2.310'.
[  109.566864][ T6447] netlink: 24 bytes leftover after parsing attributes in process `syz.0.316'.
[  109.840300][ T2438] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.032986][ T2438] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.066656][ T6474] netlink: 44 bytes leftover after parsing attributes in process `syz.3.321'.
[  110.092305][   T29] audit: type=1804 audit(1719720040.224:6): pid=6473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.319" name="/root/syzkaller.5ENbOA/43/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0
[  110.282539][ T2438] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.373337][ T6483] ip6tnl0: entered promiscuous mode
[  110.530424][ T2438] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.665986][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  110.676475][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  110.685005][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  110.694731][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  110.702800][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  110.710981][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  110.809664][ T6482] ip6tnl0: left promiscuous mode
[  111.085538][ T2438] bridge_slave_1: left allmulticast mode
[  111.110214][ T2438] bridge_slave_1: left promiscuous mode
[  111.126783][ T2438] bridge0: port 2(bridge_slave_1) entered disabled state
[  111.158727][ T2438] bridge_slave_0: left allmulticast mode
[  111.177747][ T2438] bridge_slave_0: left promiscuous mode
[  111.204158][ T2438] bridge0: port 1(bridge_slave_0) entered disabled state
[  111.900476][ T2438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  111.915634][ T2438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.936917][ T2438] bond0 (unregistering): Released all slaves
[  111.963484][ T6514] __nla_validate_parse: 3 callbacks suppressed
[  111.963501][ T6514] netlink: 40 bytes leftover after parsing attributes in process `syz.3.334'.
[  112.019690][ T6516] netlink: 8 bytes leftover after parsing attributes in process `syz.3.334'.
[  112.044703][ T6525] netlink: 'syz.2.337': attribute type 49 has an invalid length.
[  112.184445][ T6535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.339'.
[  112.579878][ T6494] lo speed is unknown, defaulting to 1000
[  112.599728][ T6543] bridge0: port 3(vlan2) entered blocking state
[  112.665906][ T6543] bridge0: port 3(vlan2) entered disabled state
[  112.676443][ T6543] vlan2: entered allmulticast mode
[  112.707694][ T6543] vlan2: left allmulticast mode
[  112.795957][ T5102] Bluetooth: hci1: command tx timeout
[  112.982686][ T6567] netlink: 104 bytes leftover after parsing attributes in process `syz.3.343'.
[  113.089110][ T6569] netlink: 24 bytes leftover after parsing attributes in process `syz.4.349'.
[  113.593290][ T2438] hsr_slave_0: left promiscuous mode
[  113.631676][ T2438] hsr_slave_1: left promiscuous mode
[  113.659707][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  113.698987][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_0
[  113.742943][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  113.776054][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_1
[  113.871224][ T2438] veth1_macvtap: left promiscuous mode
[  113.905998][ T2438] veth0_macvtap: left promiscuous mode
[  113.911747][ T2438] veth1_vlan: left promiscuous mode
[  113.930831][ T6610] nbd: must specify a size in bytes for the device
[  113.942966][ T2438] veth0_vlan: left promiscuous mode
[  113.978110][ T5144] IPVS: starting estimator thread 0...
[  114.105101][ T6615] IPVS: using max 19 ests per chain, 45600 per kthread
[  114.254441][ T6625] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.359'.
[  114.282808][ T6626] xt_addrtype: ipv6 does not support BROADCAST matching
[  114.296213][ T6625] openvswitch: netlink: Tunnel attr 2612 out of range max 16
[  114.312774][ T6626] netlink: 596 bytes leftover after parsing attributes in process `syz.2.361'.
[  114.717752][ T2438] team0 (unregistering): Port device team_slave_1 removed
[  114.754453][ T2438] team0 (unregistering): Port device team_slave_0 removed
[  114.866358][ T5102] Bluetooth: hci1: command tx timeout
[  115.222065][ T6626] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  115.231259][ T6626] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  115.240265][ T6626] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  115.249151][ T6626] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  115.378008][ T6630] netlink: 8 bytes leftover after parsing attributes in process `syz.3.362'.
[  115.542957][ T6636] netlink: 24 bytes leftover after parsing attributes in process `syz.0.364'.
[  115.929294][ T6494] chnl_net:caif_netlink_parms(): no params data found
[  116.143809][ T6671] netlink: 44 bytes leftover after parsing attributes in process `syz.4.373'.
[  116.279473][ T6494] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.302800][ T6494] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.315039][ T6494] bridge_slave_0: entered allmulticast mode
[  116.342006][ T6494] bridge_slave_0: entered promiscuous mode
[  116.372883][ T6494] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.397162][ T6494] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.413484][ T6494] bridge_slave_1: entered allmulticast mode
[  116.421751][ T6494] bridge_slave_1: entered promiscuous mode
[  116.620964][ T6494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.679420][ T6494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.844586][ T6494] team0: Port device team_slave_0 added
[  116.930996][ T6494] team0: Port device team_slave_1 added
[  116.946249][ T5102] Bluetooth: hci1: command tx timeout
[  117.038641][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.050265][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.078614][ T6494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.116432][ T6494] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.132788][ T6494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.195298][ T6714] __nla_validate_parse: 2 callbacks suppressed
[  117.195321][ T6714] netlink: 44 bytes leftover after parsing attributes in process `syz.3.385'.
[  117.211185][ T6494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.353008][ T6494] hsr_slave_0: entered promiscuous mode
[  117.393477][ T6494] hsr_slave_1: entered promiscuous mode
[  117.418823][ T6494] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.442609][ T6494] Cannot create hsr debugfs directory
[  118.285201][ T6760] netlink: 24 bytes leftover after parsing attributes in process `syz.3.395'.
[  118.297761][ T6761] netlink: 44 bytes leftover after parsing attributes in process `syz.2.396'.
[  118.947928][ T6494] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  118.974181][ T6494] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  119.005583][ T6494] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  119.027836][ T5102] Bluetooth: hci1: command tx timeout
[  119.028490][ T6494] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  119.253139][ T6776] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  119.300162][ T6494] 8021q: adding VLAN 0 to HW filter on device bond0
[  119.385147][ T6494] 8021q: adding VLAN 0 to HW filter on device team0
[  119.424341][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  119.431623][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  119.481511][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  119.488858][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  119.714823][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  119.788675][ T6822] netlink: 44 bytes leftover after parsing attributes in process `syz.0.410'.
[  119.884174][ T6828] netlink: 24 bytes leftover after parsing attributes in process `syz.2.411'.
[  120.340407][ T6494] 8021q: adding VLAN 0 to HW filter on device batadv0
[  120.611787][ T6494] veth0_vlan: entered promiscuous mode
[  120.670542][ T6494] veth1_vlan: entered promiscuous mode
[  120.774882][ T6870] tipc: Started in network mode
[  120.791171][ T6870] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  120.822379][ T6870] tipc: Enabled bearer <udp:syz0>, priority 10
[  120.931030][ T6494] veth0_macvtap: entered promiscuous mode
[  120.988244][ T6494] veth1_macvtap: entered promiscuous mode
[  121.078138][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.091385][ T6884] netlink: 104 bytes leftover after parsing attributes in process `syz.4.425'.
[  121.122049][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.145900][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.176280][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.211932][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.242100][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.270247][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  121.294655][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.337426][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_0
[  121.391859][ T6891] netlink: 24 bytes leftover after parsing attributes in process `syz.2.426'.
[  121.533050][ T6899] netlink: 16 bytes leftover after parsing attributes in process `syz.0.428'.
[  121.595547][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.638305][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.662872][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.695624][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.721202][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.733790][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.749035][ T6494] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  121.788497][ T6494] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  121.830199][ T6494] batman_adv: batadv0: Interface activated: batadv_slave_1
[  121.864150][ T6895] vxcan0: Master is either lo or non-ether device
[  121.893138][ T6494] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  121.931996][ T6494] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  121.942288][ T5146] tipc: Node number set to 4269801488
[  121.975386][ T6494] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  121.989760][ T6494] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  122.029273][ T6916] tipc: Failed to remove unknown binding: 66,1,1/0:1066012624/1066012626
[  122.051886][ T6917] netlink: 148 bytes leftover after parsing attributes in process `syz.0.428'.
[  122.067939][ T6916] tipc: Failed to remove unknown binding: 66,1,1/0:1066012624/1066012626
[  122.090609][ T6916] tipc: Failed to remove unknown binding: 66,1,1/0:1066012624/1066012626
[  122.203497][ T6916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.432'.
[  122.426312][ T6927] netlink: 8 bytes leftover after parsing attributes in process `syz.3.433'.
[  122.771596][ T6250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.804846][ T6250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.844355][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  122.893268][ T2438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  122.909467][ T6945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'.
[  122.918069][ T2438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  122.929160][ T6945] netlink: 24 bytes leftover after parsing attributes in process `syz.3.438'.
[  123.089230][ T6954] dummy0: entered promiscuous mode
[  123.111336][ T6954] batman_adv: batadv0: Adding interface: macvtap1
[  123.125757][ T6954] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  123.173520][ T6954] batman_adv: batadv0: Interface activated: macvtap1
[  123.250962][ T6960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.441'.
[  123.711811][ T6985] FAULT_INJECTION: forcing a failure.
[  123.711811][ T6985] name failslab, interval 1, probability 0, space 0, times 1
[  123.733716][ T6985] CPU: 0 PID: 6985 Comm: syz.0.448 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  123.743797][ T6985] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  123.753884][ T6985] Call Trace:
[  123.757178][ T6985]  <TASK>
[  123.760133][ T6985]  dump_stack_lvl+0x241/0x360
[  123.764839][ T6985]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.770044][ T6985]  ? __pfx__printk+0x10/0x10
[  123.774665][ T6985]  ? __pfx___might_resched+0x10/0x10
[  123.779975][ T6985]  ? __lock_acquire+0x1346/0x1fd0
[  123.785013][ T6985]  should_fail_ex+0x3b0/0x4e0
[  123.789730][ T6985]  ? bpf_test_init+0xe1/0x180
[  123.794413][ T6985]  should_failslab+0x9/0x20
[  123.798931][ T6985]  __kmalloc_noprof+0xd8/0x400
[  123.803706][ T6985]  bpf_test_init+0xe1/0x180
[  123.808224][ T6985]  bpf_prog_test_run_xdp+0x48e/0x11b0
[  123.813632][ T6985]  ? __pfx_lock_acquire+0x10/0x10
[  123.818698][ T6985]  ? __pfx_lock_release+0x10/0x10
[  123.823747][ T6985]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  123.829580][ T6985]  ? __fget_files+0x29/0x470
[  123.834200][ T6985]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  123.840021][ T6985]  bpf_prog_test_run+0x33a/0x3b0
[  123.844975][ T6985]  __sys_bpf+0x48d/0x810
[  123.849238][ T6985]  ? __pfx___sys_bpf+0x10/0x10
[  123.854027][ T6985]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  123.860020][ T6985]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  123.866364][ T6985]  ? do_syscall_64+0x100/0x230
[  123.871490][ T6985]  __x64_sys_bpf+0x7c/0x90
[  123.875921][ T6985]  do_syscall_64+0xf3/0x230
[  123.880431][ T6985]  ? clear_bhb_loop+0x35/0x90
[  123.885120][ T6985]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  123.891035][ T6985] RIP: 0033:0x7fc9dd175b99
[  123.895461][ T6985] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  123.915078][ T6985] RSP: 002b:00007fc9dde6e048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  123.923601][ T6985] RAX: ffffffffffffffda RBX: 00007fc9dd303fa0 RCX: 00007fc9dd175b99
[  123.931585][ T6985] RDX: 0000000000000050 RSI: 0000000020000640 RDI: 000000000000000a
[  123.939565][ T6985] RBP: 00007fc9dde6e0a0 R08: 0000000000000000 R09: 0000000000000000
[  123.947548][ T6985] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  123.955544][ T6985] R13: 000000000000000b R14: 00007fc9dd303fa0 R15: 00007ffec00e4388
[  123.963541][ T6985]  </TASK>
[  124.166136][ T6991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.449'.
[  124.444488][ T7008] netlink: 4 bytes leftover after parsing attributes in process `syz.0.452'.
[  124.667140][ T7018] netlink: 24 bytes leftover after parsing attributes in process `syz.3.455'.
[  125.156447][ T2438] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.637631][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  125.652712][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  125.664397][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  125.679880][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  125.688083][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  125.696943][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  125.704350][ T2438] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.909842][ T2438] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.010634][ T2438] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.293773][ T7051] netlink: 24 bytes leftover after parsing attributes in process `syz.2.466'.
[  126.359477][ T2438] bridge_slave_1: left allmulticast mode
[  126.365189][ T2438] bridge_slave_1: left promiscuous mode
[  126.385309][ T2438] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.410969][ T2438] bridge_slave_0: left allmulticast mode
[  126.425720][ T2438] bridge_slave_0: left promiscuous mode
[  126.431574][ T2438] bridge0: port 1(bridge_slave_0) entered disabled state
[  126.804462][   T29] audit: type=1804 audit(1719720056.934:7): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.467" name="/root/syzkaller.5ENbOA/79/memory.events" dev="sda1" ino=1972 res=1 errno=0
[  126.828381][   T29] audit: type=1804 audit(1719720056.934:8): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.467" name="/root/syzkaller.5ENbOA/79/memory.events" dev="sda1" ino=1972 res=1 errno=0
[  126.850821][ T2438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  126.862869][   T29] audit: type=1804 audit(1719720056.934:9): pid=7055 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.467" name="/root/syzkaller.5ENbOA/79/memory.events" dev="sda1" ino=1972 res=1 errno=0
[  126.888072][ T2438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  126.900773][ T2438] bond0 (unregistering): Released all slaves
[  126.918661][ T7035] lo speed is unknown, defaulting to 1000
[  127.142152][ T7067] nbd: must specify at least one socket
[  127.144400][ T7063] netlink: 'syz.4.469': attribute type 33 has an invalid length.
[  127.476854][ T7068] netlink: 48 bytes leftover after parsing attributes in process `syz.4.469'.
[  127.493553][ T7068] netlink: 48 bytes leftover after parsing attributes in process `syz.4.469'.
[  127.746788][ T7091] netlink: 24 bytes leftover after parsing attributes in process `syz.3.478'.
[  127.826840][   T53] Bluetooth: hci1: command tx timeout
[  128.191608][ T7113] FAULT_INJECTION: forcing a failure.
[  128.191608][ T7113] name failslab, interval 1, probability 0, space 0, times 0
[  128.232967][ T7113] CPU: 1 PID: 7113 Comm: syz.4.484 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  128.243022][ T7113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  128.253088][ T7113] Call Trace:
[  128.256371][ T7113]  <TASK>
[  128.259307][ T7113]  dump_stack_lvl+0x241/0x360
[  128.264005][ T7113]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.269206][ T7113]  ? __pfx__printk+0x10/0x10
[  128.273828][ T7113]  ? __pfx___might_resched+0x10/0x10
[  128.279128][ T7113]  ? dynamic_dname+0x141/0x1b0
[  128.283913][ T7113]  should_fail_ex+0x3b0/0x4e0
[  128.288621][ T7113]  ? tomoyo_encode+0x26f/0x540
[  128.293399][ T7113]  should_failslab+0x9/0x20
[  128.297937][ T7113]  __kmalloc_noprof+0xd8/0x400
[  128.302709][ T7113]  tomoyo_encode+0x26f/0x540
[  128.307302][ T7113]  ? __pfx_sockfs_dname+0x10/0x10
[  128.312528][ T7113]  tomoyo_realpath_from_path+0x59e/0x5e0
[  128.318196][ T7113]  tomoyo_path_number_perm+0x23a/0x880
[  128.323682][ T7113]  ? tomoyo_path_number_perm+0x208/0x880
[  128.329334][ T7113]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  128.335364][ T7113]  ? __fget_files+0x29/0x470
[  128.339987][ T7113]  ? __fget_files+0x3f6/0x470
[  128.344681][ T7113]  ? __fget_files+0x29/0x470
[  128.349310][ T7113]  security_file_ioctl+0x75/0xb0
[  128.354282][ T7113]  __se_sys_ioctl+0x47/0x170
[  128.358925][ T7113]  do_syscall_64+0xf3/0x230
[  128.363444][ T7113]  ? clear_bhb_loop+0x35/0x90
[  128.368152][ T7113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.374064][ T7113] RIP: 0033:0x7f78b8975b99
[  128.378497][ T7113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.398120][ T7113] RSP: 002b:00007f78b9780048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  128.406565][ T7113] RAX: ffffffffffffffda RBX: 00007f78b8b03fa0 RCX: 00007f78b8975b99
[  128.414557][ T7113] RDX: 0000000020000000 RSI: 00000000000089e2 RDI: 0000000000000007
[  128.422809][ T7113] RBP: 00007f78b97800a0 R08: 0000000000000000 R09: 0000000000000000
[  128.430804][ T7113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  128.438783][ T7113] R13: 000000000000000b R14: 00007f78b8b03fa0 R15: 00007ffe2d66c0f8
[  128.446803][ T7113]  </TASK>
[  128.528979][ T7113] ERROR: Out of memory at tomoyo_realpath_from_path.
[  128.686345][ T7124] erspan0: entered promiscuous mode
[  128.703075][ T7124] erspan0: left promiscuous mode
[  128.791264][ T2438] hsr_slave_0: left promiscuous mode
[  128.801260][ T2438] hsr_slave_1: left promiscuous mode
[  128.820261][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  128.828904][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_0
[  128.842593][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  128.850441][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_1
[  128.897428][ T2438] veth1_macvtap: left promiscuous mode
[  128.903048][ T2438] veth0_macvtap: left promiscuous mode
[  128.918961][ T2438] veth1_vlan: left promiscuous mode
[  128.930338][ T2438] veth0_vlan: left promiscuous mode
[  129.259108][ T7149] sctp: [Deprecated]: syz.3.491 (pid 7149) Use of int in max_burst socket option deprecated.
[  129.259108][ T7149] Use struct sctp_assoc_value instead
[  129.577003][ T2438] team0 (unregistering): Port device team_slave_1 removed
[  129.621781][ T2438] team0 (unregistering): Port device team_slave_0 removed
[  129.905978][   T53] Bluetooth: hci1: command tx timeout
[  130.057226][ T7035] chnl_net:caif_netlink_parms(): no params data found
[  130.224594][ T7158] netlink: 24 bytes leftover after parsing attributes in process `syz.2.493'.
[  130.566677][ T7035] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.573885][ T7035] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.614565][ T7035] bridge_slave_0: entered allmulticast mode
[  130.650990][ T7035] bridge_slave_0: entered promiscuous mode
[  130.703443][ T7035] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.748742][ T7035] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.766278][ T7035] bridge_slave_1: entered allmulticast mode
[  130.773776][ T7035] bridge_slave_1: entered promiscuous mode
[  130.918504][ T7035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.976794][ T7035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  131.093031][ T7035] team0: Port device team_slave_0 added
[  131.134089][ T7035] team0: Port device team_slave_1 added
[  131.208076][ T7203] batadv1: entered allmulticast mode
[  131.283701][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_0
[  131.310804][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.344743][ T7035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  131.370701][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_1
[  131.381880][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  131.446278][ T7035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  131.644974][ T7035] hsr_slave_0: entered promiscuous mode
[  131.692116][ T7035] hsr_slave_1: entered promiscuous mode
[  131.720295][ T7035] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  131.742508][ T7035] Cannot create hsr debugfs directory
[  131.762526][ T7216] netlink: 24 bytes leftover after parsing attributes in process `syz.4.507'.
[  131.921761][ T7223] GUP no longer grows the stack in syz.3.508 (7223): 20006000-2000a000 (20005000)
[  131.974077][ T7223] CPU: 1 PID: 7223 Comm: syz.3.508 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  131.984125][ T7223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  131.994220][ T7223] Call Trace:
[  131.997569][ T7223]  <TASK>
[  132.000535][ T7223]  dump_stack_lvl+0x241/0x360
[  132.005263][ T7223]  ? __pfx_dump_stack_lvl+0x10/0x10
[  132.010509][ T7223]  ? __pfx__printk+0x10/0x10
[  132.015160][ T7223]  ? find_vma+0xf9/0x170
[  132.019463][ T7223]  __get_user_pages+0x10e3/0x1590
[  132.024559][ T7223]  ? __gup_longterm_locked+0x1ec9/0x2a80
[  132.030250][ T7223]  ? __pfx___get_user_pages+0x10/0x10
[  132.035683][ T7223]  ? __lock_acquire+0x1346/0x1fd0
[  132.040777][ T7223]  __gup_longterm_locked+0x1ff6/0x2a80
[  132.046332][ T7223]  ? __pfx___gup_longterm_locked+0x10/0x10
[  132.052264][ T7223]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  132.058380][ T7223]  ? sanity_check_pinned_pages+0x12bb/0x13c0
[  132.064687][ T7223]  gup_fast_fallback+0x2732/0x2b40
[  132.069899][ T7223]  ? __pfx_gup_fast_fallback+0x10/0x10
[  132.075466][ T7223]  ? __pfx_validate_chain+0x10/0x10
[  132.080746][ T7223]  ? unwind_get_return_address+0x91/0xc0
[  132.086419][ T7223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.092529][ T7223]  ? arch_stack_walk+0x16d/0x1b0
[  132.097530][ T7223]  ? __lock_acquire+0x1346/0x1fd0
[  132.102587][ T7223]  ? is_valid_gup_args+0x124/0x200
[  132.107718][ T7223]  pin_user_pages_fast+0xcc/0x160
[  132.112760][ T7223]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  132.118435][ T7223]  iov_iter_extract_pages+0x3db/0x720
[  132.123834][ T7223]  bio_iov_iter_get_pages+0x541/0x1930
[  132.129587][ T7223]  ? bio_associate_blkg+0x6c/0x230
[  132.134737][ T7223]  ? bio_associate_blkg_from_css+0xb0c/0xc70
[  132.140737][ T7223]  ? bio_associate_blkg_from_css+0xa4/0xc70
[  132.146644][ T7223]  ? __pfx_bio_iov_iter_get_pages+0x10/0x10
[  132.152558][ T7223]  ? bio_alloc_bioset+0x6d7/0x1130
[  132.157688][ T7223]  iomap_dio_bio_iter+0xc8e/0x1670
[  132.162867][ T7223]  __iomap_dio_rw+0x1295/0x2370
[  132.167739][ T7223]  ? do_syscall_64+0xf3/0x230
[  132.172442][ T7223]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.178551][ T7223]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  132.184547][ T7223]  ? __pfx___iomap_dio_rw+0x10/0x10
[  132.189777][ T7223]  ? jbd2_journal_stop+0x902/0xd80
[  132.194937][ T7223]  ? __pfx_jbd2_journal_stop+0x10/0x10
[  132.200419][ T7223]  ? __pfx_ext4_orphan_add+0x10/0x10
[  132.205718][ T7223]  iomap_dio_rw+0x46/0xa0
[  132.210091][ T7223]  ext4_file_write_iter+0x15e5/0x1a10
[  132.215504][ T7223]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  132.221250][ T7223]  vfs_write+0xa72/0xc90
[  132.225528][ T7223]  ? __pfx_ext4_file_write_iter+0x10/0x10
[  132.231350][ T7223]  ? __pfx_vfs_write+0x10/0x10
[  132.236123][ T7223]  ? do_futex+0x392/0x560
[  132.240482][ T7223]  ksys_write+0x1a0/0x2c0
[  132.244852][ T7223]  ? __pfx_ksys_write+0x10/0x10
[  132.249729][ T7223]  ? do_syscall_64+0x100/0x230
[  132.254506][ T7223]  ? do_syscall_64+0xb6/0x230
[  132.259190][ T7223]  do_syscall_64+0xf3/0x230
[  132.263702][ T7223]  ? clear_bhb_loop+0x35/0x90
[  132.268481][ T7223]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  132.274382][ T7223] RIP: 0033:0x7f3337d75b99
[  132.278800][ T7223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.298412][ T7223] RSP: 002b:00007f3338b32048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  132.306842][ T7223] RAX: ffffffffffffffda RBX: 00007f3337f03fa0 RCX: 00007f3337d75b99
[  132.314821][ T7223] RDX: 0000000000043400 RSI: 0000000020000200 RDI: 000000000000000b
[  132.322832][ T7223] RBP: 00007f3337df677e R08: 0000000000000000 R09: 0000000000000000
[  132.330813][ T7223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  132.338795][ T7223] R13: 000000000000000b R14: 00007f3337f03fa0 R15: 00007fffe5ed3e38
[  132.346790][ T7223]  </TASK>
[  132.365773][   T53] Bluetooth: hci1: command tx timeout
[  133.041964][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  133.048757][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  133.453611][ T7035] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  133.468068][ T7035] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  133.481742][ T7035] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  133.501443][ T7035] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  133.777979][ T7035] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.869509][ T7035] 8021q: adding VLAN 0 to HW filter on device team0
[  133.922209][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.929497][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.995091][ T5144] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.002486][ T5144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.128430][ T7304] netlink: 16 bytes leftover after parsing attributes in process `syz.4.525'.
[  134.187279][ T7304] ip6tnl1: entered promiscuous mode
[  134.200955][ T7304] ip6tnl1: entered allmulticast mode
[  134.385896][   T53] Bluetooth: hci1: command tx timeout
[  134.538938][ T7326] netlink: 16 bytes leftover after parsing attributes in process `syz.4.531'.
[  134.827133][ T7346] FAULT_INJECTION: forcing a failure.
[  134.827133][ T7346] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  134.883385][ T7346] CPU: 1 PID: 7346 Comm: syz.4.536 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  134.893453][ T7346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  134.903631][ T7346] Call Trace:
[  134.906950][ T7346]  <TASK>
[  134.909910][ T7346]  dump_stack_lvl+0x241/0x360
[  134.914629][ T7346]  ? __pfx_dump_stack_lvl+0x10/0x10
[  134.919863][ T7346]  ? __pfx__printk+0x10/0x10
[  134.924512][ T7346]  should_fail_ex+0x3b0/0x4e0
[  134.929250][ T7346]  prepare_alloc_pages+0x1da/0x5d0
[  134.934442][ T7346]  __alloc_pages_noprof+0x166/0x6c0
[  134.939685][ T7346]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  134.945494][ T7346]  ? lockdep_hardirqs_on+0x99/0x150
[  134.950750][ T7346]  alloc_pages_mpol_noprof+0x3e8/0x680
[  134.956263][ T7346]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  134.962284][ T7346]  ? rcuref_put_slowpath+0x301/0x340
[  134.967612][ T7346]  ? rep_movs_alternative+0x4a/0x70
[  134.972882][ T7346]  ? alloc_pages_noprof+0xef/0x170
[  134.978045][ T7346]  bpf_prog_test_run_xdp+0xc97/0x11b0
[  134.983484][ T7346]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  134.989323][ T7346]  ? __fget_files+0x29/0x470
[  134.994080][ T7346]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  134.999924][ T7346]  bpf_prog_test_run+0x33a/0x3b0
[  135.004884][ T7346]  __sys_bpf+0x48d/0x810
[  135.009149][ T7346]  ? __pfx___sys_bpf+0x10/0x10
[  135.014036][ T7346]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  135.020027][ T7346]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  135.026459][ T7346]  ? do_syscall_64+0x100/0x230
[  135.031250][ T7346]  __x64_sys_bpf+0x7c/0x90
[  135.035687][ T7346]  do_syscall_64+0xf3/0x230
[  135.040202][ T7346]  ? clear_bhb_loop+0x35/0x90
[  135.044892][ T7346]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  135.050804][ T7346] RIP: 0033:0x7f78b8975b99
[  135.055246][ T7346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.074860][ T7346] RSP: 002b:00007f78b9780048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  135.083290][ T7346] RAX: ffffffffffffffda RBX: 00007f78b8b03fa0 RCX: 00007f78b8975b99
[  135.091275][ T7346] RDX: 0000000000000048 RSI: 0000000020000000 RDI: 000000000000000a
[  135.099279][ T7346] RBP: 00007f78b97800a0 R08: 0000000000000000 R09: 0000000000000000
[  135.107272][ T7346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  135.115245][ T7346] R13: 000000000000000b R14: 00007f78b8b03fa0 R15: 00007ffe2d66c0f8
[  135.123286][ T7346]  </TASK>
[  135.181186][ T7035] 8021q: adding VLAN 0 to HW filter on device batadv0
[  135.341064][ T7035] veth0_vlan: entered promiscuous mode
[  135.384295][ T7035] veth1_vlan: entered promiscuous mode
[  135.483394][ T7035] veth0_macvtap: entered promiscuous mode
[  135.504408][ T7035] veth1_macvtap: entered promiscuous mode
[  135.563307][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.583088][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.634359][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.664551][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.692944][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.713523][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.735615][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  135.756977][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  135.835267][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_0
[  135.950556][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  135.993069][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.023783][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.035000][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.055826][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.082766][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.093893][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.108486][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.120492][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.163072][ T7035] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.186494][ T7035] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.205956][ T7035] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.222371][ T7035] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.290351][ T7399] netlink: 28 bytes leftover after parsing attributes in process `syz.4.546'.
[  136.317804][ T7399] netlink: 4 bytes leftover after parsing attributes in process `syz.4.546'.
[  136.345630][ T7399] veth1_macvtap: left promiscuous mode
[  136.607289][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.630523][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.695318][   T29] audit: type=1800 audit(1719720066.824:10): pid=7412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.549" name="blkio.throttle.io_service_bytes_recursive" dev="sda1" ino=1972 res=0 errno=0
[  136.721138][ T6244] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.738341][ T6244] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.442819][ T7454] syz.4.559[7454] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  137.444156][ T7454] syz.4.559[7454] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  138.281912][ T7492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.569'.
[  138.441134][ T7502] netlink: 48 bytes leftover after parsing attributes in process `syz.4.571'.
[  138.469894][ T7499] xt_CT: You must specify a L4 protocol and not use inversions on it
[  138.491241][ T7502] netlink: 48 bytes leftover after parsing attributes in process `syz.4.571'.
[  138.542050][ T7502] netlink: 48 bytes leftover after parsing attributes in process `syz.4.571'.
[  138.570734][ T7502] netlink: 48 bytes leftover after parsing attributes in process `syz.4.571'.
[  138.599545][ T7502] netlink: 48 bytes leftover after parsing attributes in process `syz.4.571'.
[  138.887372][ T2438] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.679463][ T2438] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.717119][ T7549] __nla_validate_parse: 28 callbacks suppressed
[  139.717141][ T7549] netlink: 4 bytes leftover after parsing attributes in process `syz.4.581'.
[  139.792349][ T7549] netlink: 16 bytes leftover after parsing attributes in process `syz.4.581'.
[  139.874685][ T2438] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.974380][ T2438] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  140.428498][ T2438] bridge_slave_1: left allmulticast mode
[  140.458016][ T2438] bridge_slave_1: left promiscuous mode
[  140.486107][ T2438] bridge0: port 2(bridge_slave_1) entered disabled state
[  140.525356][ T2438] bridge_slave_0: left allmulticast mode
[  140.542788][ T2438] bridge_slave_0: left promiscuous mode
[  140.559281][ T2438] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.606203][ T7572] netlink: 296 bytes leftover after parsing attributes in process `syz.3.587'.
[  140.652651][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  140.664125][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  140.678213][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  140.692733][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  140.699841][ T7579] ieee802154 phy0 wpan0: encryption failed: -90
[  140.713733][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  140.723303][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  141.420595][ T2438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.436082][ T2438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.449362][ T2438] bond0 (unregistering): Released all slaves
[  141.870973][ T7629] team0: Port device team_slave_0 removed
[  142.091432][ T7571] lo speed is unknown, defaulting to 1000
[  142.709921][ T7659] netlink: 12 bytes leftover after parsing attributes in process `syz.2.605'.
[  142.786362][   T53] Bluetooth: hci1: command tx timeout
[  142.837069][ T2438] hsr_slave_0: left promiscuous mode
[  142.850040][ T2438] hsr_slave_1: left promiscuous mode
[  142.909151][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  142.933770][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_0
[  142.957049][ T2438] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  142.964504][ T2438] batman_adv: batadv0: Removing interface: batadv_slave_1
[  142.991846][ T2438] veth1_macvtap: left promiscuous mode
[  142.997580][ T2438] veth0_macvtap: left promiscuous mode
[  143.003267][ T2438] veth1_vlan: left promiscuous mode
[  143.017914][ T2438] veth0_vlan: left promiscuous mode
[  143.598442][ T2438] team0 (unregistering): Port device team_slave_1 removed
[  143.666761][ T2438] team0 (unregistering): Port device team_slave_0 removed
[  144.114881][ T7666] veth1_macvtap: left promiscuous mode
[  144.371337][ T7571] chnl_net:caif_netlink_parms(): no params data found
[  144.430612][ T7681] netlink: 'syz.0.612': attribute type 4 has an invalid length.
[  144.452924][ T7685] netlink: 24 bytes leftover after parsing attributes in process `syz.4.614'.
[  144.482061][ T7685] netlink: 16 bytes leftover after parsing attributes in process `syz.4.614'.
[  144.675560][ T7690] netlink: 16 bytes leftover after parsing attributes in process `syz.3.615'.
[  144.706705][ T7695] netlink: 28 bytes leftover after parsing attributes in process `syz.4.617'.
[  144.743671][ T7690] ip6tnl1: entered promiscuous mode
[  144.775758][ T7690] ip6tnl1: entered allmulticast mode
[  144.866435][   T53] Bluetooth: hci1: command tx timeout
[  145.013530][ T7571] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.029077][ T7714] netlink: 4 bytes leftover after parsing attributes in process `syz.0.619'.
[  145.032341][ T7571] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.046127][ T7571] bridge_slave_0: entered allmulticast mode
[  145.056066][ T7571] bridge_slave_0: entered promiscuous mode
[  145.178600][ T7571] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.199609][ T7571] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.227174][ T7571] bridge_slave_1: entered allmulticast mode
[  145.251874][ T7571] bridge_slave_1: entered promiscuous mode
[  145.407487][ T7571] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  145.419434][ T7699] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  145.425409][ T7571] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  145.609593][ T7571] team0: Port device team_slave_0 added
[  145.630221][ T7571] team0: Port device team_slave_1 added
[  145.715763][ T7571] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.733860][ T7571] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.770814][ T7571] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.803921][ T7571] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.829238][ T7571] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.893852][ T7571] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.987363][ T7571] hsr_slave_0: entered promiscuous mode
[  146.029008][ T7571] hsr_slave_1: entered promiscuous mode
[  146.056198][ T7571] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  146.063821][ T7571] Cannot create hsr debugfs directory
[  146.373616][ T7761] netlink: 16 bytes leftover after parsing attributes in process `syz.0.631'.
[  146.422729][ T7761] ip6tnl1: entered promiscuous mode
[  146.472836][ T7761] ip6tnl1: entered allmulticast mode
[  146.726656][ T7781] ip6_tunnel: non-ECT from fc02:0000:0000:0000:0000:0000:0000:0000 with DS=0x1
[  146.766871][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  146.945878][   T53] Bluetooth: hci1: command tx timeout
[  147.609421][ T7819] netlink: 16 bytes leftover after parsing attributes in process `syz.0.647'.
[  147.800035][ T7831] netlink: 'syz.3.652': attribute type 5 has an invalid length.
[  147.895251][ T7835] netlink: 8 bytes leftover after parsing attributes in process `syz.2.653'.
[  147.943964][ T7571] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  147.981723][ T7571] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  148.002229][ T7571] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  148.044734][ T7571] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  148.206522][ T7846] netlink: 36 bytes leftover after parsing attributes in process `syz.2.655'.
[  148.489511][ T7571] 8021q: adding VLAN 0 to HW filter on device bond0
[  148.581993][ T7863] netlink: 16 bytes leftover after parsing attributes in process `syz.2.661'.
[  148.598693][ T7863] ip6tnl3: entered promiscuous mode
[  148.605218][ T7863] ip6tnl3: entered allmulticast mode
[  148.654877][ T7571] 8021q: adding VLAN 0 to HW filter on device team0
[  148.700467][ T5144] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.707721][ T5144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.770730][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.778023][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.813542][ T7874] netlink: 24 bytes leftover after parsing attributes in process `syz.3.665'.
[  149.010404][ T7879] sit0: entered promiscuous mode
[  149.026768][   T53] Bluetooth: hci1: command tx timeout
[  149.062735][ T7881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.667'.
[  149.097749][ T7879] netlink: 'syz.0.668': attribute type 1 has an invalid length.
[  149.146074][ T7879] netlink: 1 bytes leftover after parsing attributes in process `syz.0.668'.
[  149.726197][ T7913] netlink: 16 bytes leftover after parsing attributes in process `syz.4.676'.
[  149.778514][ T7571] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.961666][ T7571] veth0_vlan: entered promiscuous mode
[  150.019221][ T7571] veth1_vlan: entered promiscuous mode
[  150.147534][ T7571] veth0_macvtap: entered promiscuous mode
[  150.170564][ T7571] veth1_macvtap: entered promiscuous mode
[  150.232536][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.275856][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.293137][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.321975][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.354816][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.380460][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.402317][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  150.432449][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.480023][ T7571] batman_adv: batadv0: Interface activated: batadv_slave_0
[  150.649676][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.677168][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.694800][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.713028][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.736469][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.761419][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.783554][ T7571] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  150.802423][ T7571] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  150.822638][ T7571] batman_adv: batadv0: Interface activated: batadv_slave_1
[  150.831992][ T7950] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  150.895197][ T7571] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  150.918282][ T7571] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  150.938073][ T7571] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  150.969850][ T7571] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  151.053205][ T7967] __nla_validate_parse: 1 callbacks suppressed
[  151.053226][ T7967] netlink: 16 bytes leftover after parsing attributes in process `syz.4.689'.
[  153.589154][ T6250] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.635236][ T6250] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.728723][ T8049] netlink: 24 bytes leftover after parsing attributes in process `syz.4.698'.
[  153.747334][ T8049] netlink: 24 bytes leftover after parsing attributes in process `syz.4.698'.
[  153.798575][ T8054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.699'.
[  153.813148][ T2438] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.838669][ T8054] FAULT_INJECTION: forcing a failure.
[  153.838669][ T8054] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  153.854116][ T2438] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.893013][ T8054] CPU: 1 PID: 8054 Comm: syz.0.699 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  153.903069][ T8054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  153.913239][ T8054] Call Trace:
[  153.916541][ T8054]  <TASK>
[  153.919491][ T8054]  dump_stack_lvl+0x241/0x360
[  153.924199][ T8054]  ? __pfx_dump_stack_lvl+0x10/0x10
[  153.929421][ T8054]  ? __pfx__printk+0x10/0x10
[  153.934058][ T8054]  ? snprintf+0xda/0x120
[  153.938344][ T8054]  should_fail_ex+0x3b0/0x4e0
[  153.943072][ T8054]  _copy_to_user+0x2f/0xb0
[  153.947525][ T8054]  simple_read_from_buffer+0xca/0x150
[  153.952958][ T8054]  proc_fail_nth_read+0x1e9/0x250
[  153.958022][ T8054]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  153.963612][ T8054]  ? rw_verify_area+0x514/0x6b0
[  153.968686][ T8054]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  153.974282][ T8054]  vfs_read+0x204/0xbd0
[  153.978477][ T8054]  ? __pfx_lock_release+0x10/0x10
[  153.983541][ T8054]  ? __pfx_vfs_read+0x10/0x10
[  153.988344][ T8054]  ? __fget_files+0x29/0x470
[  153.992984][ T8054]  ? __fget_files+0x3f6/0x470
[  153.997718][ T8054]  ksys_read+0x1a0/0x2c0
[  154.002017][ T8054]  ? __pfx_ksys_read+0x10/0x10
[  154.006823][ T8054]  ? do_syscall_64+0x100/0x230
[  154.011621][ T8054]  ? do_syscall_64+0xb6/0x230
[  154.016325][ T8054]  do_syscall_64+0xf3/0x230
[  154.020856][ T8054]  ? clear_bhb_loop+0x35/0x90
[  154.025568][ T8054]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.031488][ T8054] RIP: 0033:0x7fc9dd17467c
[  154.035925][ T8054] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  154.055823][ T8054] RSP: 002b:00007fc9dde6e040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  154.064281][ T8054] RAX: ffffffffffffffda RBX: 00007fc9dd303fa0 RCX: 00007fc9dd17467c
[  154.072287][ T8054] RDX: 000000000000000f RSI: 00007fc9dde6e0b0 RDI: 000000000000000a
[  154.080286][ T8054] RBP: 00007fc9dde6e0a0 R08: 0000000000000000 R09: 0000000000000000
[  154.088290][ T8054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.096291][ T8054] R13: 000000000000000b R14: 00007fc9dd303fa0 R15: 00007ffec00e4388
[  154.104305][ T8054]  </TASK>
[  154.332102][ T8072] netlink: 16 bytes leftover after parsing attributes in process `syz.0.704'.
[  154.579647][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.675349][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.036359][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.112006][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.313373][ T8090] netlink: 24 bytes leftover after parsing attributes in process `syz.3.710'.
[  155.344735][   T12] bridge_slave_1: left allmulticast mode
[  155.365513][   T12] bridge_slave_1: left promiscuous mode
[  155.401284][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.420297][   T29] audit: type=1804 audit(1719720085.554:11): pid=8094 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.708" name="/root/syzkaller.5ENbOA/137/cgroup.controllers" dev="sda1" ino=1971 res=1 errno=0
[  155.507747][   T12] bridge_slave_0: left allmulticast mode
[  155.546946][   T12] bridge_slave_0: left promiscuous mode
[  155.579156][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.610213][ T8099] netlink: 64 bytes leftover after parsing attributes in process `syz.4.712'.
[  155.942446][ T8117] openvswitch: netlink: Flow key attr not present in new flow.
[  156.119190][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  156.138810][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  156.151279][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  156.170496][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  156.181892][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  156.191554][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  156.836582][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  156.863136][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  156.905546][   T12] bond0 (unregistering): Released all slaves
[  156.926893][ T8117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.714'.
[  156.940426][ T8128] netlink: 16 bytes leftover after parsing attributes in process `syz.4.716'.
[  157.140484][ T8144] netlink: 'syz.4.720': attribute type 2 has an invalid length.
[  157.180052][ T8144] netlink: 24 bytes leftover after parsing attributes in process `syz.4.720'.
[  157.370683][ T8152] netlink: 12 bytes leftover after parsing attributes in process `syz.2.722'.
[  157.547101][ T8152] netlink: 'syz.2.722': attribute type 3 has an invalid length.
[  157.576868][ T8152] netlink: 'syz.2.722': attribute type 1 has an invalid length.
[  157.596416][ T8122] lo speed is unknown, defaulting to 1000
[  157.602350][ T8152] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.722'.
[  157.689041][ T8166] netlink: 'syz.3.725': attribute type 9 has an invalid length.
[  157.714818][ T8166] netlink: 'syz.3.725': attribute type 6 has an invalid length.
[  158.118322][ T8182] netlink: 16 bytes leftover after parsing attributes in process `syz.3.730'.
[  158.226249][   T53] Bluetooth: hci1: command tx timeout
[  158.254502][   T12] hsr_slave_0: left promiscuous mode
[  158.324401][   T12] hsr_slave_1: left promiscuous mode
[  158.337187][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  158.344663][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  158.363080][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  158.383468][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  158.483133][   T12] veth1_macvtap: left promiscuous mode
[  158.505852][   T12] veth0_macvtap: left promiscuous mode
[  158.516119][   T12] veth1_vlan: left promiscuous mode
[  158.534136][   T12] veth0_vlan: left promiscuous mode
[  158.632428][ T8204] netlink: 'syz.4.736': attribute type 2 has an invalid length.
[  158.691924][ T8205] netlink: 207496 bytes leftover after parsing attributes in process `syz.4.736'.
[  159.379904][   T12] team0 (unregistering): Port device team_slave_1 removed
[  159.437753][   T12] team0 (unregistering): Port device team_slave_0 removed
[  159.865121][ T8204] : entered promiscuous mode
[  159.890559][ T8228] netlink: 16 bytes leftover after parsing attributes in process `syz.0.743'.
[  160.058524][ T8235] netlink: 124 bytes leftover after parsing attributes in process `syz.0.747'.
[  160.269694][ T8247] netlink: 'syz.4.749': attribute type 3 has an invalid length.
[  160.306727][   T53] Bluetooth: hci1: command tx timeout
[  160.335805][ T8247] netlink: 130984 bytes leftover after parsing attributes in process `syz.4.749'.
[  160.417846][ T8122] chnl_net:caif_netlink_parms(): no params data found
[  160.506974][ T8253] netlink: 'syz.3.752': attribute type 10 has an invalid length.
[  160.591075][ T8253] 8021q: adding VLAN 0 to HW filter on device team0
[  160.622789][ T8265] xt_cgroup: path and classid specified
[  160.651823][ T8253] bond0: (slave team0): Enslaving as an active interface with an up link
[  160.705440][ T8257] FAULT_INJECTION: forcing a failure.
[  160.705440][ T8257] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.721131][ T8269] netlink: zone id is out of range
[  160.735461][ T8257] CPU: 1 PID: 8257 Comm: syz.2.753 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  160.744639][ T8269] netlink: zone id is out of range
[  160.745502][ T8257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  160.745541][ T8257] Call Trace:
[  160.758004][ T8269] netlink: zone id is out of range
[  160.760680][ T8257]  <TASK>
[  160.760693][ T8257]  dump_stack_lvl+0x241/0x360
[  160.772141][ T8269] netlink: zone id is out of range
[  160.776793][ T8257]  ? __pfx_dump_stack_lvl+0x10/0x10
[  160.776826][ T8257]  ? __pfx__printk+0x10/0x10
[  160.776867][ T8257]  ? snprintf+0xda/0x120
[  160.776897][ T8257]  should_fail_ex+0x3b0/0x4e0
[  160.776934][ T8257]  _copy_to_user+0x2f/0xb0
[  160.776961][ T8257]  simple_read_from_buffer+0xca/0x150
[  160.776992][ T8257]  proc_fail_nth_read+0x1e9/0x250
[  160.777020][ T8257]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  160.777047][ T8257]  ? rw_verify_area+0x514/0x6b0
[  160.777074][ T8257]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  160.777100][ T8257]  vfs_read+0x204/0xbd0
[  160.777125][ T8257]  ? __pfx_lock_release+0x10/0x10
[  160.777158][ T8257]  ? __pfx_vfs_read+0x10/0x10
[  160.777193][ T8257]  ? __fget_files+0x29/0x470
[  160.777225][ T8257]  ? __fget_files+0x3f6/0x470
[  160.777269][ T8257]  ksys_read+0x1a0/0x2c0
[  160.777303][ T8257]  ? __pfx_ksys_read+0x10/0x10
[  160.777330][ T8257]  ? do_syscall_64+0x100/0x230
[  160.791635][ T8269] netlink: zone id is out of range
[  160.792300][ T8257]  ? do_syscall_64+0xb6/0x230
[  160.792335][ T8257]  do_syscall_64+0xf3/0x230
[  160.803626][ T8269] netlink: zone id is out of range
[  160.805667][ T8257]  ? clear_bhb_loop+0x35/0x90
[  160.805705][ T8257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  160.805730][ T8257] RIP: 0033:0x7f11cb97467c
[  160.805752][ T8257] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  160.813858][ T8269] netlink: zone id is out of range
[  160.816133][ T8257] RSP: 002b:00007f11cb3ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  160.816163][ T8257] RAX: ffffffffffffffda RBX: 00007f11cbb03fa0 RCX: 00007f11cb97467c
[  160.816180][ T8257] RDX: 000000000000000f RSI: 00007f11cb3ff0b0 RDI: 0000000000000004
[  160.816195][ T8257] RBP: 00007f11cb3ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  160.816209][ T8257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  160.816224][ T8257] R13: 000000000000000b R14: 00007f11cbb03fa0 R15: 00007ffd0f7abbe8
[  160.823324][ T8269] netlink: zone id is out of range
[  160.826640][ T8257]  </TASK>
[  161.045001][ T8269] netlink: zone id is out of range
[  161.071833][ T8269] netlink: zone id is out of range
[  161.104961][ T8269] netlink: zone id is out of range
[  161.121316][ T8269] netlink: zone id is out of range
[  161.134812][ T8269] netlink: zone id is out of range
[  161.144961][ T8269] netlink: zone id is out of range
[  161.151037][ T8269] netlink: zone id is out of range
[  161.159024][ T8269] netlink: zone id is out of range
[  161.167096][ T8269] netlink: zone id is out of range
[  161.172403][ T8269] netlink: zone id is out of range
[  161.499929][ T8122] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.526498][ T8122] bridge0: port 1(bridge_slave_0) entered disabled state
[  161.533922][ T8122] bridge_slave_0: entered allmulticast mode
[  161.597079][ T8122] bridge_slave_0: entered promiscuous mode
[  161.623483][ T8122] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.641553][ T8122] bridge0: port 2(bridge_slave_1) entered disabled state
[  161.675910][ T8122] bridge_slave_1: entered allmulticast mode
[  161.683212][ T8122] bridge_slave_1: entered promiscuous mode
[  161.935090][ T8122] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  161.966654][ T8122] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  162.051354][ T8122] team0: Port device team_slave_0 added
[  162.062431][ T8319] __nla_validate_parse: 1 callbacks suppressed
[  162.062451][ T8319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.767'.
[  162.087844][ T8122] team0: Port device team_slave_1 added
[  162.230608][ T8324] netlink: 72 bytes leftover after parsing attributes in process `syz.2.768'.
[  162.286261][ T8122] batman_adv: batadv0: Adding interface: batadv_slave_0
[  162.315999][ T8122] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.386128][ T5102] Bluetooth: hci1: command tx timeout
[  162.393164][ T8334] netlink: 112 bytes leftover after parsing attributes in process `syz.4.771'.
[  162.425857][ T8122] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  162.460397][ T8334] netlink: 12 bytes leftover after parsing attributes in process `syz.4.771'.
[  162.487617][ T8122] batman_adv: batadv0: Adding interface: batadv_slave_1
[  162.501860][ T8122] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  162.529473][ T8343] tipc: Can't bind to reserved service type 0
[  162.557683][ T8122] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  162.685390][ T8122] hsr_slave_0: entered promiscuous mode
[  162.721467][ T8122] hsr_slave_1: entered promiscuous mode
[  162.742492][ T8122] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  162.751155][ T8350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.774'.
[  162.762089][ T8122] Cannot create hsr debugfs directory
[  163.222099][ T8368] netlink: 165 bytes leftover after parsing attributes in process `syz.3.779'.
[  164.034922][ T8399] netlink: 132 bytes leftover after parsing attributes in process `syz.2.789'.
[  164.078190][ T8122] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  164.101136][ T8122] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  164.134907][ T8122] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  164.171977][ T8122] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  164.466420][   T53] Bluetooth: hci1: command tx timeout
[  164.547659][ T8419] xt_l2tp: missing protocol rule (udp|l2tpip)
[  164.648791][ T8122] 8021q: adding VLAN 0 to HW filter on device bond0
[  164.711257][ T8122] 8021q: adding VLAN 0 to HW filter on device team0
[  164.757449][ T5176] bridge0: port 1(bridge_slave_0) entered blocking state
[  164.764739][ T5176] bridge0: port 1(bridge_slave_0) entered forwarding state
[  164.854062][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  164.861411][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  164.927379][ T8434] xt_hashlimit: max too large, truncated to 1048576
[  165.043732][ T8122] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  165.262228][ T8448] netlink: 'syz.3.800': attribute type 1 has an invalid length.
[  165.303500][ T8448] netlink: 168864 bytes leftover after parsing attributes in process `syz.3.800'.
[  165.755220][ T8122] 8021q: adding VLAN 0 to HW filter on device batadv0
[  165.855710][ T8467] netlink: 44 bytes leftover after parsing attributes in process `syz.4.804'.
[  165.877511][ T8467] netlink: 43 bytes leftover after parsing attributes in process `syz.4.804'.
[  165.907216][ T8467] netlink: 'syz.4.804': attribute type 5 has an invalid length.
[  165.931780][ T8122] veth0_vlan: entered promiscuous mode
[  165.981646][ T8122] veth1_vlan: entered promiscuous mode
[  166.036481][ T8473] nbd: socks must be embedded in a SOCK_ITEM attr
[  166.055306][ T8122] veth0_macvtap: entered promiscuous mode
[  166.158623][ T8122] veth1_macvtap: entered promiscuous mode
[  166.276750][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.335502][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.372901][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.408482][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.437228][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.457928][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.468624][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.480836][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.494084][ T8122] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.548454][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.559082][   T53] Bluetooth: hci1: command 0x0405 tx timeout
[  166.597338][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.625587][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.637550][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.647611][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.665122][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.675167][ T8122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.696177][ T8122] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.737495][ T8122] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.773896][ T8122] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.839959][ T8122] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.859159][ T8122] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.888175][ T8122] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.906237][ T8507] IPVS: set_ctl: invalid protocol: 44 127.0.0.1:20003
[  167.320949][ T6246] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.356491][ T6246] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.451719][ T6246] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.495054][ T6246] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.505081][ T8531] __nla_validate_parse: 6 callbacks suppressed
[  167.505099][ T8531] netlink: 28 bytes leftover after parsing attributes in process `syz.4.819'.
[  167.598675][ T8531] IPVS: set_ctl: invalid protocol: 33 26.1.1.1:0
[  167.933342][ T8558] netlink: 20 bytes leftover after parsing attributes in process `syz.4.826'.
[  168.224837][ T8575] netlink: 24 bytes leftover after parsing attributes in process `syz.2.828'.
[  168.524293][ T8591] IPVS: set_ctl: invalid protocol: 0 127.0.0.1:0
[  168.908504][ T8610] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.836'.
[  168.932856][ T8610] net_ratelimit: 3 callbacks suppressed
[  168.932874][ T8610] openvswitch: netlink: Unknown VXLAN extension attribute 0
[  169.039513][ T8618] netlink: 'syz.2.838': attribute type 6 has an invalid length.
[  169.047603][ T8618] netlink: 56 bytes leftover after parsing attributes in process `syz.2.838'.
[  169.092028][ T8621] ip6t_rpfilter: unknown options
[  169.234100][ T8626] netlink: 24 bytes leftover after parsing attributes in process `syz.4.841'.
[  169.928493][ T6250] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.145122][ T8638] lo speed is unknown, defaulting to 1000
[  170.404760][ T6250] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.491253][ T6250] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.561121][ T6250] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.661106][ T6250] bridge_slave_1: left allmulticast mode
[  170.667335][ T6250] bridge_slave_1: left promiscuous mode
[  170.673459][ T6250] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.693338][ T6250] bridge_slave_0: left allmulticast mode
[  170.699805][ T6250] bridge_slave_0: left promiscuous mode
[  170.705596][ T6250] bridge0: port 1(bridge_slave_0) entered disabled state
[  171.011371][ T8680] netlink: 'syz.3.856': attribute type 3 has an invalid length.
[  171.038065][ T8680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.856'.
[  171.273382][   T53] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  171.281607][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  171.297269][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  171.305492][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  171.316851][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  171.324179][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  171.419827][ T6250] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  171.431888][ T6250] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  171.443689][ T6250] bond0 (unregistering): Released all slaves
[  171.578713][ T8691] netlink: 24 bytes leftover after parsing attributes in process `syz.2.859'.
[  171.625823][   T29] audit: type=1804 audit(1719720101.754:12): pid=8694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.860" name="/root/syzkaller.5ENbOA/172/cgroup.controllers" dev="sda1" ino=1970 res=1 errno=0
[  171.771927][ T8694] IPVS: persistence engine module ip_vs_pe_si not found
[  172.139986][ T8686] lo speed is unknown, defaulting to 1000
[  172.606688][ T8730] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  172.667268][ T6250] hsr_slave_0: left promiscuous mode
[  172.685060][ T6250] hsr_slave_1: left promiscuous mode
[  172.694277][ T6250] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  172.721509][ T6250] batman_adv: batadv0: Removing interface: batadv_slave_0
[  172.743672][ T6250] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  172.769038][ T6250] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.821364][ T6250] veth1_macvtap: left promiscuous mode
[  172.829496][ T6250] veth0_macvtap: left promiscuous mode
[  172.841649][ T6250] veth1_vlan: left promiscuous mode
[  172.862959][ T6250] veth0_vlan: left promiscuous mode
[  173.425841][   T53] Bluetooth: hci1: command tx timeout
[  173.592821][ T6250] team0 (unregistering): Port device team_slave_1 removed
[  173.635366][ T6250] team0 (unregistering): Port device team_slave_0 removed
[  174.031625][ T8731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.870'.
[  174.149931][ T8686] chnl_net:caif_netlink_parms(): no params data found
[  174.341471][ T8752] netlink: 4 bytes leftover after parsing attributes in process `syz.4.876'.
[  174.414482][ T8752] vxcan3: entered promiscuous mode
[  174.488113][ T8726] lo speed is unknown, defaulting to 1000
[  174.493660][ T8759] netlink: 8 bytes leftover after parsing attributes in process `syz.2.877'.
[  174.673509][ T8686] bridge0: port 1(bridge_slave_0) entered blocking state
[  174.681395][ T8686] bridge0: port 1(bridge_slave_0) entered disabled state
[  174.689324][ T8686] bridge_slave_0: entered allmulticast mode
[  174.698643][ T8686] bridge_slave_0: entered promiscuous mode
[  174.710703][ T8686] bridge0: port 2(bridge_slave_1) entered blocking state
[  174.719188][ T8686] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.727021][ T8686] bridge_slave_1: entered allmulticast mode
[  174.734582][ T8686] bridge_slave_1: entered promiscuous mode
[  174.833753][ T8686] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  174.849698][ T8686] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.899076][ T8774] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.906878][ T8774] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.914963][ T8774] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  174.962312][ T8686] team0: Port device team_slave_0 added
[  174.983133][ T8686] team0: Port device team_slave_1 added
[  175.281148][ T8686] batman_adv: batadv0: Adding interface: batadv_slave_0
[  175.288978][ T8686] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.316107][ T8686] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.346473][ T8686] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.374732][ T8686] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.402481][ T8686] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.460115][ T8783] netlink: 4 bytes leftover after parsing attributes in process `syz.0.883'.
[  175.506978][   T53] Bluetooth: hci1: command tx timeout
[  175.523373][ T8781] netlink: 24 bytes leftover after parsing attributes in process `syz.0.883'.
[  175.621153][ T8686] hsr_slave_0: entered promiscuous mode
[  175.628108][ T8686] hsr_slave_1: entered promiscuous mode
[  175.642594][ T8686] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.650460][ T8686] Cannot create hsr debugfs directory
[  175.738035][ T8786] netlink: 'syz.4.884': attribute type 1 has an invalid length.
[  175.942834][ T8793] netlink: 'syz.0.887': attribute type 6 has an invalid length.
[  176.024248][ T8793] netlink: 4 bytes leftover after parsing attributes in process `syz.0.887'.
[  176.034398][ T8793] netlink: 'syz.0.887': attribute type 1 has an invalid length.
[  176.239289][ T8807] netlink: 'syz.2.891': attribute type 9 has an invalid length.
[  176.533995][ T8686] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  176.579317][ T8686] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  176.617587][ T8686] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  176.631118][ T8686] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  176.664441][ T8820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.897'.
[  176.881154][ T8686] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.943468][ T8686] 8021q: adding VLAN 0 to HW filter on device team0
[  176.994476][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.001710][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.019367][   T58] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.026743][   T58] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.305259][ T8848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.905'.
[  177.585982][   T53] Bluetooth: hci1: command tx timeout
[  177.659650][ T8861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.908'.
[  177.693199][ T8686] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.823565][ T8686] veth0_vlan: entered promiscuous mode
[  177.868756][ T8686] veth1_vlan: entered promiscuous mode
[  178.009649][ T8686] veth0_macvtap: entered promiscuous mode
[  178.081845][ T8686] veth1_macvtap: entered promiscuous mode
[  178.140835][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.184072][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.195282][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.227534][ T8884] FAULT_INJECTION: forcing a failure.
[  178.227534][ T8884] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.240755][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.271883][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.296030][ T8884] CPU: 1 PID: 8884 Comm: syz.0.915 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  178.306083][ T8884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  178.316178][ T8884] Call Trace:
[  178.319517][ T8884]  <TASK>
[  178.322453][ T8884]  dump_stack_lvl+0x241/0x360
[  178.327145][ T8884]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.332383][ T8884]  ? __pfx__printk+0x10/0x10
[  178.335729][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.336976][ T8884]  ? __pfx_lock_release+0x10/0x10
[  178.337014][ T8884]  should_fail_ex+0x3b0/0x4e0
[  178.351268][ T8686] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.351833][ T8884]  _copy_from_user+0x2f/0xe0
[  178.368329][ T8884]  copy_msghdr_from_user+0xae/0x680
[  178.373594][ T8884]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  178.377615][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.379456][ T8884]  __sys_sendmsg+0x23d/0x3a0
[  178.379514][ T8884]  ? __pfx___sys_sendmsg+0x10/0x10
[  178.390117][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.394486][ T8884]  ? vfs_write+0x7c4/0xc90
[  178.394566][ T8884]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  178.401355][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.409451][ T8884]  ? do_syscall_64+0x100/0x230
[  178.409485][ T8884]  ? do_syscall_64+0xb6/0x230
[  178.409520][ T8884]  do_syscall_64+0xf3/0x230
[  178.409540][ T8884]  ? clear_bhb_loop+0x35/0x90
[  178.409565][ T8884]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.409586][ T8884] RIP: 0033:0x7fc9dd175b99
[  178.409604][ T8884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  178.409619][ T8884] RSP: 002b:00007fc9dde6e048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  178.409641][ T8884] RAX: ffffffffffffffda RBX: 00007fc9dd303fa0 RCX: 00007fc9dd175b99
[  178.409656][ T8884] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  178.409669][ T8884] RBP: 00007fc9dde6e0a0 R08: 0000000000000000 R09: 0000000000000000
[  178.409682][ T8884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  178.409694][ T8884] R13: 000000000000004d R14: 00007fc9dd303fa0 R15: 00007ffec00e4388
[  178.409723][ T8884]  </TASK>
[  178.570684][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.586316][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.597408][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.609417][ T8686] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.620789][ T8686] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.641731][ T8686] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.665307][ T8686] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.667128][ T8888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.916'.
[  178.677949][ T8686] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.742959][ T8686] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.775754][ T8686] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.906540][ T8905] vlan2: entered allmulticast mode
[  179.077259][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.085133][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.161712][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.201195][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.461227][ T8926] dvmrp0: entered allmulticast mode
[  179.487762][ T8926] dvmrp0: left allmulticast mode
[  180.102060][ T8940] syzkaller0: entered promiscuous mode
[  180.110720][ T8942] __nla_validate_parse: 1 callbacks suppressed
[  180.110739][ T8942] netlink: 8 bytes leftover after parsing attributes in process `syz.0.929'.
[  180.114216][ T8940] syzkaller0: entered allmulticast mode
[  180.232130][ T8952] netlink: 'syz.0.936': attribute type 1 has an invalid length.
[  180.384255][ T8961] netlink: 8 bytes leftover after parsing attributes in process `syz.2.938'.
[  181.971024][ T8960] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.000067][ T8968] bridge0: port 1(bridge_slave_0) entered blocking state
[  182.007350][ T8968] bridge0: port 1(bridge_slave_0) entered forwarding state
[  182.579043][ T6245] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.188805][ T6245] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.253126][ T6245] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.419362][ T6245] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.464297][ T9010] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  183.747092][ T6245] bridge_slave_1: left allmulticast mode
[  183.760672][ T6245] bridge_slave_1: left promiscuous mode
[  183.773946][ T6245] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.829100][ T6245] bridge_slave_0: left allmulticast mode
[  183.850113][ T6245] bridge_slave_0: left promiscuous mode
[  183.856017][ T9025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.956'.
[  183.881465][ T6245] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.016892][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  184.026989][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  184.038070][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  184.067263][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  184.078370][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  184.090869][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  184.506198][ T6245] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.519052][ T6245] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.532227][ T6245] bond0 (unregistering): Released all slaves
[  184.566649][ T9044] gretap0: refused to change device tx_queue_len
[  184.573385][ T9044] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  184.847418][ T9056] netlink: 24 bytes leftover after parsing attributes in process `syz.3.966'.
[  184.976986][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.970'.
[  185.165166][ T9033] lo speed is unknown, defaulting to 1000
[  185.231120][ T9072] RDS: rds_bind could not find a transport for 5800::8000:20:0:0, load rds_tcp or rds_rdma?
[  185.454546][ T9086] erspan0: entered promiscuous mode
[  185.481605][ T9086] vlan2: entered promiscuous mode
[  185.515265][ T9086] erspan0: left promiscuous mode
[  185.592285][ T9092] SET target dimension over the limit!
[  185.602822][ T9084] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  185.653127][ T9088] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  185.702885][ T6245] hsr_slave_0: left promiscuous mode
[  185.730583][ T6245] hsr_slave_1: left promiscuous mode
[  185.755932][ T6245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.773121][ T6245] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.792105][ T6245] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.802081][ T9099] netlink: 'syz.4.980': attribute type 1 has an invalid length.
[  185.809370][ T6245] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.818693][ T9099] netlink: 224 bytes leftover after parsing attributes in process `syz.4.980'.
[  185.865546][ T6245] veth1_macvtap: left promiscuous mode
[  185.879506][ T6245] veth0_macvtap: left promiscuous mode
[  185.885408][ T6245] veth1_vlan: left promiscuous mode
[  185.893057][ T6245] veth0_vlan: left promiscuous mode
[  186.147034][ T5102] Bluetooth: hci1: command tx timeout
[  186.433258][ T6245] team0 (unregistering): Port device team_slave_1 removed
[  186.475393][ T6245] team0 (unregistering): Port device team_slave_0 removed
[  187.016232][ T9107] ip6tnl4: entered promiscuous mode
[  187.021659][ T9107] ip6tnl4: entered allmulticast mode
[  187.033387][ T9110] netlink: 24 bytes leftover after parsing attributes in process `syz.3.983'.
[  187.167768][   T12] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  187.209026][ T9033] chnl_net:caif_netlink_parms(): no params data found
[  187.261520][ T9128] IPVS: set_ctl: invalid protocol: 79 127.0.0.1:20004
[  187.288778][ T9131] netlink: 8 bytes leftover after parsing attributes in process `syz.3.989'.
[  187.377964][ T9131] netlink: 'syz.3.989': attribute type 1 has an invalid length.
[  187.557389][ T9148] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  187.574123][ T9033] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.605015][ T9033] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.636364][ T9033] bridge_slave_0: entered allmulticast mode
[  187.651393][ T9033] bridge_slave_0: entered promiscuous mode
[  187.669674][ T9033] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.692162][ T9033] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.703017][ T9033] bridge_slave_1: entered allmulticast mode
[  187.720417][ T9033] bridge_slave_1: entered promiscuous mode
[  187.791259][ T9033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.814431][ T9033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.897070][ T9033] team0: Port device team_slave_0 added
[  187.912004][ T9033] team0: Port device team_slave_1 added
[  188.025583][ T9033] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.035470][ T9033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.073775][ T9033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.083520][   T29] audit: type=1804 audit(1719720118.214:13): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1002" name="/root/syzkaller.nWjoL3/252/memory.events" dev="sda1" ino=1973 res=1 errno=0
[  188.091229][ T9033] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.115244][   T29] audit: type=1804 audit(1719720118.244:14): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1002" name="/root/syzkaller.nWjoL3/252/memory.events" dev="sda1" ino=1973 res=1 errno=0
[  188.144660][ T9033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.144717][ T9033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.213642][   T29] audit: type=1804 audit(1719720118.254:15): pid=9167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1002" name="/root/syzkaller.nWjoL3/252/memory.events" dev="sda1" ino=1973 res=1 errno=0
[  188.239536][   T53] Bluetooth: hci1: command tx timeout
[  188.335212][ T9033] hsr_slave_0: entered promiscuous mode
[  188.373910][ T9033] hsr_slave_1: entered promiscuous mode
[  188.386969][ T9033] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.409654][ T9033] Cannot create hsr debugfs directory
[  188.415882][ T9172] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1005'.
[  188.442681][ T9177] FAULT_INJECTION: forcing a failure.
[  188.442681][ T9177] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  188.483530][ T9177] CPU: 0 PID: 9177 Comm: syz.4.1007 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  188.493659][ T9177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  188.503728][ T9177] Call Trace:
[  188.507035][ T9177]  <TASK>
[  188.510002][ T9177]  dump_stack_lvl+0x241/0x360
[  188.514704][ T9177]  ? __pfx_dump_stack_lvl+0x10/0x10
[  188.519921][ T9177]  ? __pfx__printk+0x10/0x10
[  188.524642][ T9177]  should_fail_ex+0x3b0/0x4e0
[  188.529390][ T9177]  prepare_alloc_pages+0x1da/0x5d0
[  188.534552][ T9177]  __alloc_pages_noprof+0x166/0x6c0
[  188.539761][ T9177]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  188.545513][ T9177]  ? __pfx_validate_chain+0x10/0x10
[  188.550733][ T9177]  alloc_pages_mpol_noprof+0x3e8/0x680
[  188.556221][ T9177]  ? __pfx_alloc_pages_mpol_noprof+0x10/0x10
[  188.562224][ T9177]  vma_alloc_folio_noprof+0xf3/0x1f0
[  188.567532][ T9177]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  188.573551][ T9177]  ? __lock_acquire+0x1346/0x1fd0
[  188.578585][ T9177]  folio_prealloc+0x31/0x170
[  188.583198][ T9177]  handle_pte_fault+0x257b/0x7090
[  188.588247][ T9177]  ? __pfx_lock_acquire+0x10/0x10
[  188.593293][ T9177]  ? __pfx_handle_pte_fault+0x10/0x10
[  188.598683][ T9177]  ? do_raw_spin_lock+0x14f/0x370
[  188.603741][ T9177]  ? follow_page_pte+0x292/0x1d90
[  188.608779][ T9177]  ? follow_page_pte+0x859/0x1d90
[  188.613813][ T9177]  ? __pfx_lock_release+0x10/0x10
[  188.618865][ T9177]  ? do_raw_spin_unlock+0x13c/0x8b0
[  188.624095][ T9177]  handle_mm_fault+0x10df/0x1ba0
[  188.629106][ T9177]  ? __pfx_handle_mm_fault+0x10/0x10
[  188.634432][ T9177]  ? __pfx_find_vma+0x10/0x10
[  188.639128][ T9177]  ? vma_is_secretmem+0xd/0x50
[  188.643898][ T9177]  ? check_vma_flags+0x531/0x5a0
[  188.648852][ T9177]  __get_user_pages+0x6ef/0x1590
[  188.653831][ T9177]  ? __pfx___get_user_pages+0x10/0x10
[  188.659232][ T9177]  __gup_longterm_locked+0x1ff6/0x2a80
[  188.664705][ T9177]  ? __pfx_lock_acquire+0x10/0x10
[  188.669754][ T9177]  ? __pfx___gup_longterm_locked+0x10/0x10
[  188.675580][ T9177]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  188.681584][ T9177]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  188.687920][ T9177]  ? sanity_check_pinned_pages+0x12c2/0x13c0
[  188.693921][ T9177]  ? gup_fast_fallback+0x220d/0x2b40
[  188.699250][ T9177]  gup_fast_fallback+0x2732/0x2b40
[  188.704421][ T9177]  ? __pfx_gup_fast_fallback+0x10/0x10
[  188.709888][ T9177]  ? __sys_getsockopt+0x271/0x330
[  188.714966][ T9177]  ? __x64_sys_getsockopt+0xb5/0xd0
[  188.720180][ T9177]  ? do_syscall_64+0xf3/0x230
[  188.724974][ T9177]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.731107][ T9177]  ? is_valid_gup_args+0x124/0x200
[  188.736229][ T9177]  pin_user_pages_fast+0xcc/0x160
[  188.741272][ T9177]  ? __pfx_pin_user_pages_fast+0x10/0x10
[  188.746937][ T9177]  ? rds_info_getsockopt+0x20c/0x600
[  188.752349][ T9177]  ? rds_info_getsockopt+0x20c/0x600
[  188.757645][ T9177]  ? __kmalloc_noprof+0x217/0x400
[  188.762770][ T9177]  rds_info_getsockopt+0x22e/0x600
[  188.767896][ T9177]  ? __might_fault+0xaa/0x120
[  188.772576][ T9177]  ? __pfx_lock_release+0x10/0x10
[  188.777611][ T9177]  ? __pfx_rds_info_getsockopt+0x10/0x10
[  188.783286][ T9177]  ? __might_fault+0xc6/0x120
[  188.787992][ T9177]  ? rds_getsockopt+0x2c2/0x530
[  188.792854][ T9177]  ? __pfx_rds_getsockopt+0x10/0x10
[  188.798061][ T9177]  do_sock_getsockopt+0x373/0x850
[  188.803106][ T9177]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  188.808684][ T9177]  ? __fget_files+0x3f6/0x470
[  188.813382][ T9177]  __sys_getsockopt+0x271/0x330
[  188.818272][ T9177]  ? __pfx___sys_getsockopt+0x10/0x10
[  188.823664][ T9177]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  188.830042][ T9177]  ? do_syscall_64+0x100/0x230
[  188.834833][ T9177]  __x64_sys_getsockopt+0xb5/0xd0
[  188.839889][ T9177]  do_syscall_64+0xf3/0x230
[  188.844396][ T9177]  ? clear_bhb_loop+0x35/0x90
[  188.849087][ T9177]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.854984][ T9177] RIP: 0033:0x7f78b8975b99
[  188.859407][ T9177] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.879039][ T9177] RSP: 002b:00007f78b9780048 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[  188.887476][ T9177] RAX: ffffffffffffffda RBX: 00007f78b8b03fa0 RCX: 00007f78b8975b99
[  188.895554][ T9177] RDX: 0000000000002711 RSI: 0000200000000114 RDI: 0000000000000006
[  188.903545][ T9177] RBP: 00007f78b97800a0 R08: 0000000020000240 R09: 0000000000000000
[  188.911558][ T9177] R10: 00000000200198c0 R11: 0000000000000246 R12: 0000000000000002
[  188.919540][ T9177] R13: 000000000000000b R14: 00007f78b8b03fa0 R15: 00007ffe2d66c0f8
[  188.927567][ T9177]  </TASK>
[  189.304522][ T9197] netlink: 'syz.2.1015': attribute type 58 has an invalid length.
[  189.314535][ T9197] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1015'.
[  189.690234][ T9033] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  189.701058][ T9033] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  189.715931][ T9033] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  189.732823][ T9033] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  189.830302][ T9033] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.857880][ T9033] 8021q: adding VLAN 0 to HW filter on device team0
[  189.872199][ T5147] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.879470][ T5147] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.899884][ T5147] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.907103][ T5147] bridge0: port 2(bridge_slave_1) entered forwarding state
[  190.165423][ T9222] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  190.173291][ T9222] IPv6: NLM_F_CREATE should be set when creating new route
[  190.180621][ T9222] IPv6: NLM_F_CREATE should be set when creating new route
[  190.211035][ T9033] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.306104][ T5109] Bluetooth: hci1: command 0x040f tx timeout
[  190.336208][ T9033] veth0_vlan: entered promiscuous mode
[  190.392426][ T9033] veth1_vlan: entered promiscuous mode
[  190.536246][ T9033] veth0_macvtap: entered promiscuous mode
[  190.556672][ T9033] veth1_macvtap: entered promiscuous mode
[  190.591214][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.629651][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.645328][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.656459][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.666729][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.677662][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.692855][ T9033] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.713826][ T9238] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1029'.
[  190.731793][ T9246] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1028'.
[  190.763060][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.788148][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.815320][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.832339][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.860137][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.893972][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.923952][ T9033] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.945129][ T9033] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.977636][ T9033] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.030004][ T9033] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.050753][ T9033] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.063006][ T9033] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.076374][ T9033] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.261762][   T29] audit: type=1800 audit(1719720121.374:16): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1036" name="memory.events" dev="sda1" ino=1973 res=0 errno=0
[  191.283274][    C1] ip6_tunnel: ip6tnl4 xmit: Local address not yet configured!
[  191.303213][   T29] audit: type=1804 audit(1719720121.384:17): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1036" name="/root/syzkaller.zxtv70/248/memory.events" dev="sda1" ino=1973 res=1 errno=0
[  191.426114][ T5109] Bluetooth: hci2: command 0x0406 tx timeout
[  191.437170][ T5106] Bluetooth: hci4: command 0x0405 tx timeout
[  191.545808][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.550497][ T9269] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1038'.
[  191.553658][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.658206][ T9276] FAULT_INJECTION: forcing a failure.
[  191.658206][ T9276] name failslab, interval 1, probability 0, space 0, times 0
[  191.677140][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.687756][ T9276] CPU: 1 PID: 9276 Comm: syz.3.1037 Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  191.697881][ T9276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  191.700113][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.708028][ T9276] Call Trace:
[  191.708077][ T9276]  <TASK>
[  191.721652][ T9276]  dump_stack_lvl+0x241/0x360
[  191.726371][ T9276]  ? __pfx_dump_stack_lvl+0x10/0x10
[  191.731598][ T9276]  ? __pfx__printk+0x10/0x10
[  191.736242][ T9276]  should_fail_ex+0x3b0/0x4e0
[  191.740978][ T9276]  ? __alloc_skb+0x1c3/0x440
[  191.745600][ T9276]  should_failslab+0x9/0x20
[  191.750157][ T9276]  kmem_cache_alloc_node_noprof+0x71/0x320
[  191.756023][ T9276]  __alloc_skb+0x1c3/0x440
[  191.760462][ T9276]  ? __pfx_aa_get_newest_label+0x10/0x10
[  191.766105][ T9276]  ? __pfx___alloc_skb+0x10/0x10
[  191.771053][ T9276]  tipc_get_err_tlv+0x38/0x330
[  191.775845][ T9276]  tipc_nl_compat_recv+0xe61/0x14c0
[  191.781049][ T9276]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  191.786680][ T9276]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  191.792679][ T9276]  ? genl_rcv_msg+0x121/0xec0
[  191.797394][ T9276]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  191.803751][ T9276]  ? __pfx_tipc_nl_node_set_link+0x10/0x10
[  191.809580][ T9276]  ? __pfx_tipc_nl_compat_link_set+0x10/0x10
[  191.815590][ T9276]  ? __pfx___mutex_lock+0x10/0x10
[  191.820644][ T9276]  ? genl_get_cmd+0x71c/0xbe0
[  191.825346][ T9276]  genl_rcv_msg+0xb14/0xec0
[  191.829861][ T9276]  ? mark_lock+0x9a/0x350
[  191.834208][ T9276]  ? __pfx_genl_rcv_msg+0x10/0x10
[  191.839269][ T9276]  ? __pfx_lock_acquire+0x10/0x10
[  191.844335][ T9276]  ? __pfx_tipc_nl_compat_recv+0x10/0x10
[  191.850089][ T9276]  ? __pfx___might_resched+0x10/0x10
[  191.855394][ T9276]  netlink_rcv_skb+0x1e3/0x430
[  191.860179][ T9276]  ? __pfx_genl_rcv_msg+0x10/0x10
[  191.865219][ T9276]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  191.870525][ T9276]  ? __netlink_deliver_tap+0x77e/0x7c0
[  191.875998][ T9276]  genl_rcv+0x28/0x40
[  191.879986][ T9276]  netlink_unicast+0x7f0/0x990
[  191.884761][ T9276]  ? __pfx_netlink_unicast+0x10/0x10
[  191.890049][ T9276]  ? __virt_addr_valid+0x183/0x520
[  191.895194][ T9276]  ? __check_object_size+0x49c/0x900
[  191.900538][ T9276]  ? bpf_lsm_netlink_send+0x9/0x10
[  191.905673][ T9276]  netlink_sendmsg+0x8e4/0xcb0
[  191.910454][ T9276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.915772][ T9276]  ? __import_iovec+0x536/0x820
[  191.920650][ T9276]  ? aa_sock_msg_perm+0x91/0x160
[  191.925608][ T9276]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  191.930914][ T9276]  ? security_socket_sendmsg+0x87/0xb0
[  191.936403][ T9276]  ? __pfx_netlink_sendmsg+0x10/0x10
[  191.941700][ T9276]  __sock_sendmsg+0x221/0x270
[  191.946404][ T9276]  ____sys_sendmsg+0x525/0x7d0
[  191.951193][ T9276]  ? __pfx_____sys_sendmsg+0x10/0x10
[  191.956506][ T9276]  __sys_sendmsg+0x2b0/0x3a0
[  191.961107][ T9276]  ? __pfx___sys_sendmsg+0x10/0x10
[  191.966231][ T9276]  ? vfs_write+0x7c4/0xc90
[  191.970699][ T9276]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  191.977031][ T9276]  ? do_syscall_64+0x100/0x230
[  191.981799][ T9276]  ? do_syscall_64+0xb6/0x230
[  191.986483][ T9276]  do_syscall_64+0xf3/0x230
[  191.990992][ T9276]  ? clear_bhb_loop+0x35/0x90
[  191.995681][ T9276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.001674][ T9276] RIP: 0033:0x7f3337d75b99
[  192.006089][ T9276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  192.025700][ T9276] RSP: 002b:00007f3338b11048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  192.034129][ T9276] RAX: ffffffffffffffda RBX: 00007f3337f04078 RCX: 00007f3337d75b99
[  192.042101][ T9276] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
[  192.050072][ T9276] RBP: 00007f3338b110a0 R08: 0000000000000000 R09: 0000000000000000
[  192.058043][ T9276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  192.066026][ T9276] R13: 000000000000006e R14: 00007f3337f04078 R15: 00007fffe5ed3e38
[  192.074008][ T9276]  </TASK>
[  192.289167][ T9283] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  192.320928][ T9289] netlink: 188 bytes leftover after parsing attributes in process `syz.3.1043'.
[  192.321264][ T9283] team0: Device ipvlan2 is already an upper device of the team interface
[  192.341076][ T9289] netlink: 'syz.3.1043': attribute type 1 has an invalid length.
[  192.396023][ T5095] Bluetooth: hci1: command 0x040f tx timeout
[  192.459418][ T9033] ==================================================================
[  192.467548][ T9033] BUG: KASAN: slab-use-after-free in sco_conn_del+0xa5/0x310
[  192.474958][ T9033] Write of size 4 at addr ffff888061a9c080 by task syz-executor/9033
[  192.483045][ T9033] 
[  192.485387][ T9033] CPU: 0 PID: 9033 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  192.495732][ T9033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  192.505826][ T9033] Call Trace:
[  192.509121][ T9033]  <TASK>
[  192.512065][ T9033]  dump_stack_lvl+0x241/0x360
[  192.516767][ T9033]  ? __pfx_dump_stack_lvl+0x10/0x10
[  192.521989][ T9033]  ? __pfx__printk+0x10/0x10
[  192.526620][ T9033]  ? _printk+0xd5/0x120
[  192.530807][ T9033]  ? __virt_addr_valid+0x183/0x520
[  192.535960][ T9033]  ? __virt_addr_valid+0x183/0x520
[  192.541192][ T9033]  print_report+0x169/0x550
[  192.545743][ T9033]  ? __virt_addr_valid+0x183/0x520
[  192.550887][ T9033]  ? __virt_addr_valid+0x183/0x520
[  192.556044][ T9033]  ? __virt_addr_valid+0x44e/0x520
[  192.561186][ T9033]  ? __phys_addr+0xba/0x170
[  192.565723][ T9033]  ? sco_conn_del+0xa5/0x310
[  192.570334][ T9033]  kasan_report+0x143/0x180
[  192.574864][ T9033]  ? sco_conn_del+0xa5/0x310
[  192.579487][ T9033]  kasan_check_range+0x282/0x290
[  192.584465][ T9033]  sco_conn_del+0xa5/0x310
[  192.588912][ T9033]  ? __pfx_sco_disconn_cfm+0x10/0x10
[  192.594221][ T9033]  hci_conn_hash_flush+0xff/0x240
[  192.599301][ T9033]  hci_dev_close_sync+0x911/0xf70
[  192.604396][ T9033]  hci_unregister_dev+0x1db/0x4e0
[  192.609596][ T9033]  vhci_release+0x83/0xd0
[  192.613935][ T9033]  ? __pfx_vhci_release+0x10/0x10
[  192.618965][ T9033]  __fput+0x406/0x8b0
[  192.622962][ T9033]  task_work_run+0x24f/0x310
[  192.627562][ T9033]  ? __pfx_task_work_run+0x10/0x10
[  192.632690][ T9033]  ? do_exit+0xa22/0x27e0
[  192.637029][ T9033]  ? kmem_cache_free+0x145/0x350
[  192.642170][ T9033]  do_exit+0xa27/0x27e0
[  192.646352][ T9033]  ? __pfx_do_exit+0x10/0x10
[  192.650947][ T9033]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  192.657025][ T9033]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  192.663361][ T9033]  ? _raw_spin_unlock_irq+0x23/0x50
[  192.668573][ T9033]  ? lockdep_hardirqs_on+0x99/0x150
[  192.673794][ T9033]  do_group_exit+0x207/0x2c0
[  192.678397][ T9033]  __x64_sys_exit_group+0x3f/0x40
[  192.683433][ T9033]  do_syscall_64+0xf3/0x230
[  192.687943][ T9033]  ? clear_bhb_loop+0x35/0x90
[  192.692630][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.698531][ T9033] RIP: 0033:0x7f2627575b99
[  192.702962][ T9033] Code: Unable to access opcode bytes at 0x7f2627575b6f.
[  192.709981][ T9033] RSP: 002b:00007fff512940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  192.718412][ T9033] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2627575b99
[  192.726393][ T9033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  192.734365][ T9033] RBP: 00007f26275d50d0 R08: 00007fff51291e87 R09: 0000000000000003
[  192.742342][ T9033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  192.750314][ T9033] R13: 0000000000000003 R14: 00007fff512942c0 R15: 00000000ffffffff
[  192.758302][ T9033]  </TASK>
[  192.761319][ T9033] 
[  192.763632][ T9033] Allocated by task 9125:
[  192.767952][ T9033]  kasan_save_track+0x3f/0x80
[  192.772632][ T9033]  __kasan_kmalloc+0x98/0xb0
[  192.777224][ T9033]  __kmalloc_noprof+0x1f9/0x400
[  192.782073][ T9033]  sk_prot_alloc+0xe0/0x210
[  192.786582][ T9033]  sk_alloc+0x38/0x370
[  192.790653][ T9033]  bt_sock_alloc+0x3c/0x340
[  192.795248][ T9033]  sco_sock_create+0xbb/0x390
[  192.799928][ T9033]  bt_sock_create+0x161/0x230
[  192.804612][ T9033]  __sock_create+0x490/0x920
[  192.809206][ T9033]  __sys_socket+0x150/0x3c0
[  192.813726][ T9033]  __x64_sys_socket+0x7a/0x90
[  192.818410][ T9033]  do_syscall_64+0xf3/0x230
[  192.823116][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.829008][ T9033] 
[  192.831328][ T9033] Freed by task 9130:
[  192.835302][ T9033]  kasan_save_track+0x3f/0x80
[  192.839981][ T9033]  kasan_save_free_info+0x40/0x50
[  192.845003][ T9033]  poison_slab_object+0xe0/0x150
[  192.849949][ T9033]  __kasan_slab_free+0x37/0x60
[  192.854716][ T9033]  kfree+0x149/0x360
[  192.858619][ T9033]  __sk_destruct+0x476/0x5f0
[  192.863214][ T9033]  sco_sock_release+0x25e/0x320
[  192.868067][ T9033]  sock_close+0xbc/0x240
[  192.872309][ T9033]  __fput+0x406/0x8b0
[  192.876291][ T9033]  task_work_run+0x24f/0x310
[  192.880884][ T9033]  do_exit+0xa27/0x27e0
[  192.885040][ T9033]  do_group_exit+0x207/0x2c0
[  192.889632][ T9033]  get_signal+0x16a1/0x1740
[  192.894316][ T9033]  arch_do_signal_or_restart+0x96/0x860
[  192.899863][ T9033]  syscall_exit_to_user_mode+0xc9/0x370
[  192.905424][ T9033]  do_syscall_64+0x100/0x230
[  192.910032][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  192.915926][ T9033] 
[  192.918250][ T9033] The buggy address belongs to the object at ffff888061a9c000
[  192.918250][ T9033]  which belongs to the cache kmalloc-2k of size 2048
[  192.932309][ T9033] The buggy address is located 128 bytes inside of
[  192.932309][ T9033]  freed 2048-byte region [ffff888061a9c000, ffff888061a9c800)
[  192.946204][ T9033] 
[  192.948532][ T9033] The buggy address belongs to the physical page:
[  192.954944][ T9033] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61a98
[  192.963707][ T9033] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  192.972202][ T9033] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  192.979752][ T9033] page_type: 0xffffefff(slab)
[  192.984440][ T9033] raw: 00fff00000000040 ffff888015042000 ffffea00018a1c00 dead000000000002
[  192.993023][ T9033] raw: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[  193.001609][ T9033] head: 00fff00000000040 ffff888015042000 ffffea00018a1c00 dead000000000002
[  193.010281][ T9033] head: 0000000000000000 0000000000080008 00000001ffffefff 0000000000000000
[  193.018950][ T9033] head: 00fff00000000003 ffffea000186a601 ffffffffffffffff 0000000000000000
[  193.027618][ T9033] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  193.036374][ T9033] page dumped because: kasan: bad access detected
[  193.042788][ T9033] page_owner tracks the page as allocated
[  193.048501][ T9033] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 6250, tgid 6250 (kworker/u8:16), ts 173519330625, free_ts 173414911241
[  193.071515][ T9033]  post_alloc_hook+0x1f3/0x230
[  193.076297][ T9033]  get_page_from_freelist+0x2e4c/0x2f10
[  193.081838][ T9033]  __alloc_pages_noprof+0x256/0x6c0
[  193.087033][ T9033]  alloc_slab_page+0x5f/0x120
[  193.091732][ T9033]  allocate_slab+0x5a/0x2f0
[  193.096236][ T9033]  ___slab_alloc+0xcd1/0x14b0
[  193.100909][ T9033]  __slab_alloc+0x58/0xa0
[  193.105239][ T9033]  kmalloc_node_track_caller_noprof+0x281/0x440
[  193.111484][ T9033]  kmalloc_reserve+0x111/0x2a0
[  193.116252][ T9033]  __alloc_skb+0x1f3/0x440
[  193.120673][ T9033]  rtmsg_ifinfo_build_skb+0x84/0x260
[  193.125965][ T9033]  unregister_netdevice_many_notify+0xe71/0x1d20
[  193.132303][ T9033]  default_device_exit_batch+0xa0f/0xa90
[  193.137937][ T9033]  cleanup_net+0x89d/0xcc0
[  193.142720][ T9033]  process_scheduled_works+0xa2c/0x1830
[  193.148281][ T9033]  worker_thread+0x86d/0xd50
[  193.153151][ T9033] page last free pid 8741 tgid 8741 stack trace:
[  193.159477][ T9033]  free_unref_page+0xd22/0xea0
[  193.164294][ T9033]  __put_partials+0xeb/0x130
[  193.168891][ T9033]  put_cpu_partial+0x17c/0x250
[  193.173663][ T9033]  __slab_free+0x2ea/0x3d0
[  193.178087][ T9033]  qlist_free_all+0x9e/0x140
[  193.182680][ T9033]  kasan_quarantine_reduce+0x14f/0x170
[  193.188139][ T9033]  __kasan_slab_alloc+0x23/0x80
[  193.193003][ T9033]  kmem_cache_alloc_noprof+0x135/0x2a0
[  193.198466][ T9033]  vm_area_alloc+0x24/0x1d0
[  193.202974][ T9033]  mmap_region+0xc3d/0x2090
[  193.207496][ T9033]  do_mmap+0x8ad/0xfa0
[  193.211571][ T9033]  vm_mmap_pgoff+0x1dd/0x3d0
[  193.216156][ T9033]  do_syscall_64+0xf3/0x230
[  193.220654][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.226630][ T9033] 
[  193.228943][ T9033] Memory state around the buggy address:
[  193.234567][ T9033]  ffff888061a9bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  193.242621][ T9033]  ffff888061a9c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.250682][ T9033] >ffff888061a9c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.258736][ T9033]                    ^
[  193.262796][ T9033]  ffff888061a9c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.270849][ T9033]  ffff888061a9c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  193.278899][ T9033] ==================================================================
[  193.290150][ T9033] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  193.297376][ T9033] CPU: 0 PID: 9033 Comm: syz-executor Not tainted 6.10.0-rc5-syzkaller-01115-g30972a4ea092 #0
[  193.307642][ T9033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  193.317716][ T9033] Call Trace:
[  193.321021][ T9033]  <TASK>
[  193.323970][ T9033]  dump_stack_lvl+0x241/0x360
[  193.328682][ T9033]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.333917][ T9033]  ? __pfx__printk+0x10/0x10
[  193.338567][ T9033]  ? vscnprintf+0x5d/0x90
[  193.342926][ T9033]  panic+0x349/0x860
[  193.346860][ T9033]  ? check_panic_on_warn+0x21/0xb0
[  193.352006][ T9033]  ? __pfx_panic+0x10/0x10
[  193.356543][ T9033]  ? mark_lock+0x9a/0x350
[  193.360898][ T9033]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  193.366813][ T9033]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  193.372733][ T9033]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.379080][ T9033]  ? print_report+0x502/0x550
[  193.383806][ T9033]  check_panic_on_warn+0x86/0xb0
[  193.388777][ T9033]  ? sco_conn_del+0xa5/0x310
[  193.393757][ T9033]  end_report+0x77/0x160
[  193.398036][ T9033]  kasan_report+0x154/0x180
[  193.402710][ T9033]  ? sco_conn_del+0xa5/0x310
[  193.407340][ T9033]  kasan_check_range+0x282/0x290
[  193.412315][ T9033]  sco_conn_del+0xa5/0x310
[  193.416775][ T9033]  ? __pfx_sco_disconn_cfm+0x10/0x10
[  193.422093][ T9033]  hci_conn_hash_flush+0xff/0x240
[  193.427149][ T9033]  hci_dev_close_sync+0x911/0xf70
[  193.432206][ T9033]  hci_unregister_dev+0x1db/0x4e0
[  193.437262][ T9033]  vhci_release+0x83/0xd0
[  193.441622][ T9033]  ? __pfx_vhci_release+0x10/0x10
[  193.446780][ T9033]  __fput+0x406/0x8b0
[  193.450796][ T9033]  task_work_run+0x24f/0x310
[  193.455435][ T9033]  ? __pfx_task_work_run+0x10/0x10
[  193.460576][ T9033]  ? do_exit+0xa22/0x27e0
[  193.464908][ T9033]  ? kmem_cache_free+0x145/0x350
[  193.469848][ T9033]  do_exit+0xa27/0x27e0
[  193.474009][ T9033]  ? __pfx_do_exit+0x10/0x10
[  193.478609][ T9033]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  193.484614][ T9033]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  193.490952][ T9033]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.496155][ T9033]  ? lockdep_hardirqs_on+0x99/0x150
[  193.501447][ T9033]  do_group_exit+0x207/0x2c0
[  193.506057][ T9033]  __x64_sys_exit_group+0x3f/0x40
[  193.511112][ T9033]  do_syscall_64+0xf3/0x230
[  193.515615][ T9033]  ? clear_bhb_loop+0x35/0x90
[  193.520310][ T9033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  193.526207][ T9033] RIP: 0033:0x7f2627575b99
[  193.530635][ T9033] Code: Unable to access opcode bytes at 0x7f2627575b6f.
[  193.537652][ T9033] RSP: 002b:00007fff512940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  193.546171][ T9033] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2627575b99
[  193.554144][ T9033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  193.562118][ T9033] RBP: 00007f26275d50d0 R08: 00007fff51291e87 R09: 0000000000000003
[  193.570092][ T9033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  193.578068][ T9033] R13: 0000000000000003 R14: 00007fff512942c0 R15: 00000000ffffffff
[  193.586056][ T9033]  </TASK>
[  193.589398][ T9033] Kernel Offset: disabled
[  193.593877][ T9033] Rebooting in 86400 seconds..