last executing test programs:

1m21.528063172s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

1m3.816835175s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

49.759747821s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

37.425064685s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

19.425626165s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

6.687180988s ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r1, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
listen(r1, 0x20000005)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = accept4(r1, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002e00)={{}, 0x0, &(0x7f0000002dc0)='%pS    \x00'}, 0x20)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
close(r4)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000002000)={'ip6tnl0\x00', 0x0})
sendmsg$nl_route(r3, &(0x7f0000002d40)={0x0, 0x0, &(0x7f0000002d00)={&(0x7f0000002cc0)=@ipv6_getaddr={0x2c, 0x16, 0x200, 0x70bd2a, 0x0, {0xa, 0x1f, 0x10, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4804}, 0x404c044)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'wg0\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe1f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}}, 0x0)

6.53418067s ago: executing program 4:
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf9, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

6.352669309s ago: executing program 1:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x4, &(0x7f00000001c0)=ANY=[@ANYBLOB="85cab4259e92bd160000000000000000c3600000000000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x3, 0x93, &(0x7f0000000100)=""/147}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000000c0)={0xfffffffffffffffd, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16, @ANYBLOB="01000000000000000000460000657464657673696d0000000f0002006e657464657673696d30000008008e00030000000c008f0007000000000000000c0090000d03000000000000000000000000fc0bc3a8cf01c16fb7b8d8c70bf588d214033b456c8ae93ab50c96321a09fa54176e4b57dfec9fc1ca3e0a3094a0236a6516971244526021f40e23cae02b870bbe1a484206bfbb42ad2cb38d8b4df53877a485377d98f2cdc3201bb3470dfa401d19ba9f8dc516faf61fc397f5d5f21c1b0b8e1973671c329c9d90ad930d7fc12099764170b416b7fc0f6cec668edaa10c18509cd0e26b9ee1466c"], 0x54}}, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000300)={0x0, 0x6000, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
syz_init_net_socket$rose(0xb, 0x5, 0x0)

5.970637308s ago: executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="44000000010101010000000000000000020000000400018018"], 0x44}}, 0x0)
r1 = socket$kcm(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, 0x0, 0x0)
sendmsg$inet(r1, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0xa, @local}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0xff0e}], 0x4, 0x0, 0xc, 0xa6820000}, 0xafe6)

5.846791484s ago: executing program 1:
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0))
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100)=0x1)
ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000000)={0x29})
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000400)={<r2=>0x0, 0xa2, "61dd08f28f1c69b174e13bc8f092b131edd99676e5005a89e713f4c0ee3073ea8091ff71f26bf8a8be91a58856357346186ebebd5d9d1866b61f87811688712d9063623ec27dfb36ae4062aee794a8d138587e08c6a59503862c1c4eae8ee1aa7f6bf67b75c66d9e654364c2a48f9f92ebd51e1b999639df1dc50b47057bb3c08e1ce5430477de99aeb3447cc5acb12e625882290a73bb822acab6081e7835f89048"}, &(0x7f0000000280)=0xaa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
bind$netlink(r4, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
write(r4, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca5b", 0x26)
connect$netlink(r4, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
write(r4, &(0x7f0000000000)='\"', 0x1)
recvmmsg(r4, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f0000000140)={<r5=>r2, @in6={{0xa, 0x4e20, 0x7ff, @private1={0xfc, 0x1, '\x00', 0x1}, 0x5a}}, 0x2, 0x101, 0x400, 0x4, 0x3}, &(0x7f0000000040)=0x98)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x4, 0x14, &(0x7f0000001140)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073000000850000002a000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000004000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r7, 0x0, 0xe, 0x0, &(0x7f0000000400)="e4e647c9e0b8e9a2f2ab3026da58", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sendmsg$IPSET_CMD_CREATE(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000206050000000000000000000000000005000400000000000900020073797a32000000001400078005001400010000000800084000000000050005000200000005000100060000000c000300686173683a6970"], 0x58}}, 0x0)
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000380)={r5, 0x60, "16095830cd386c7da76e42bf41de6639318649210a6d80b94e6f573b404e375476592c197b1feeedff9a6aad7a678dc19701e9829196febdb1ddc1e157dd837bcbdd70246a0ad4577d2256240a503194ae89d6706a8211a7f3521e82794b9386"}, &(0x7f0000000080)=0x68)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'wg0\x00'})
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c000000100001040000000000000f0000000000c768c27a716c0d472d85e57c590db07e676121774a168473318fbc5430971b3a", @ANYRES32=0x0, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c00028008001400ffff0000"], 0x3c}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.288195157s ago: executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, 0x0, &(0x7f0000000380)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = epoll_create1(0x0)
r2 = epoll_create1(0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r3, 0x8933, &(0x7f0000000040)={'wg1\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={0x0}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r6, &(0x7f00000003c0)={0x0, 0x45, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0504000000000000000004000000053f0000", @ANYRES16=r4, @ANYBLOB="400008807c0000800700000000000000ac1414aa000000000000000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39220600060000006ee3"], 0x64}, 0x1, 0x0, 0x0, 0x800}, 0x4040011)
r7 = socket$inet(0x2, 0x2000000000003, 0x2)
bind$inet(r7, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10)
r8 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)="4c000000150097f87059ae08060c04000287ac1414a8a69d35a2cca84708f7abca1bac1414aabd5c493872f750375ed08a560400000003c48f93b82a03000000461ee3a318732fab16f45d2d8600000000000000000000a5501de19cab91b6d835d56508e432d4573db4d840a380ca21096bc01148e84fdbc4831db45284b1780408c5e53f140f387dc4d54fda616dede9e159b22a5e9857226f2d24541f3c411e46b6b6518121db8f5682d2b84aebeee9d9b44297d3d7f41669aaa40648dc27dd25220752c21e5024af871f04c336", 0xcf}], 0x1}, 0x50)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000100))
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r2, &(0x7f0000000000))
close(r2)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r11 = socket$inet_sctp(0x2, 0x5, 0x84)
r12 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r12, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
r13 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r13, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r14=>0x0}, &(0x7f00000000c0)=0x8)
setsockopt$inet_sctp_SCTP_ASSOCINFO(r11, 0x84, 0x1, &(0x7f00000003c0)={r14}, 0x14)
r15 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@cgroup=r15, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
sendmsg$NFT_BATCH(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000000000000000030000000900010073797a31000000000800024000000006"], 0x50}}, 0x0)

3.225417131s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001580)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d25b213bda84c8172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958"], 0x0}, 0x90)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000040)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="18000000000000008400002000000000620000000000000020000000000000008400000008000000"], 0x38}, 0x41)

3.147263101s ago: executing program 3:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mptcp_buf(r0, 0x11c, 0x2, 0x0, &(0x7f0000000100))
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0xc, &(0x7f00000002c0)=ANY=[@ANYRESHEX=r0, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x6, 0x8, 0x5, 0x101, 0x1}, 0x48)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f0000000080)={&(0x7f0000000440)=""/192, 0xc0, <r2=>0x0, &(0x7f0000000500)=""/73, 0x49}}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1e, 0x14, &(0x7f00000005c0)=ANY=[@ANYRES32=r1, @ANYRES64=r1, @ANYBLOB="1800000000000000000000000000000018110000"], &(0x7f0000000240)='GPL\x00', 0xff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x12, 0xffffffffffffffff, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, r2, r1, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='scsi_dispatch_cmd_start\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x40010)

2.991631318s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x2006}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r1, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
listen(r1, 0x20000005)
r2 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r3 = accept4(r1, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000002e00)={{}, 0x0, &(0x7f0000002dc0)='%pS    \x00'}, 0x20)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
close(r4)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r2, 0x89f0, &(0x7f0000002000)={'ip6tnl0\x00', 0x0})
sendmsg$nl_route(r3, &(0x7f0000002d40)={0x0, 0x0, &(0x7f0000002d00)={&(0x7f0000002cc0)=@ipv6_getaddr={0x2c, 0x16, 0x200, 0x70bd2a, 0x0, {0xa, 0x1f, 0x10, 0xc8}, [@IFA_LOCAL={0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4804}, 0x404c044)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000240)={'wg0\x00', <r7=>0x0})
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r8=>0x0})
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xe1f}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r8}, @IFLA_MASTER={0x8, 0xa, r7}]}, 0x4c}}, 0x0)

2.950791494s ago: executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0xc0241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'pim6reg0\x00', <r3=>0x0})
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r6=>0x0})
setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000140)={@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xffffffffffffffff, "b747c2e817f5d89ab3eb2581647a3380aeb53bd509933a5776ae64060c1e4043", 0x52, 0x5, 0x4, 0x100}, 0x3c)
bind$packet(r5, &(0x7f00000000c0)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="e4bb98e2876d"}, 0x14)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206010800000000000000000000000014000780080011400000000005001500020000000500010006000000050005000a00000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
getsockname$packet(r5, &(0x7f0000000080)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x49)
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="380040bbfa706058529981efb2061e66e900002def2a6c093d3fb314aa550001000000", @ANYRES32=r8, @ANYBLOB="20000100", @ANYRES32=r3, @ANYBLOB="00000000fc00000000000000000000000000000086dd0000"], 0x38}, 0x1, 0xf00}, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000180)={'ip6gretap0\x00', @link_local})
write$tun(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="034886dd090032000300300000006000000001002f0081e949b93897bc3b0000000000007d01ff020000000000000000000000000001120022eb3b7e6656de"], 0xfdef)

1.983353801s ago: executing program 0:
pipe(&(0x7f0000000100))
r0 = socket(0x1, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000005c0)=0x14)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x6c, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="540000001000030400e2ffffffffff0700000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006970766c616e0000140002800600020000000000060001000200000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x54}}, 0x0)

1.022092561s ago: executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETLINK(r0, 0x400454cd, 0x7)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f00000004c0), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(r1, &(0x7f0000000140)={0x0, 0x27, &(0x7f0000000100)={&(0x7f0000000180)={0x3c, r2, 0x1, 0x0, 0x0, {0x9}, [@handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x3c}}, 0x0)
r3 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x1}, 0x1c)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r3, 0x84, 0x6e, &(0x7f00000002c0)=[@in={0x2, 0x0, @rand_addr=0x64010102}], 0x10)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x0, 0x7)
socket(0x200000000000011, 0x3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x4, 0x200000005c832, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@empty, @in=@broadcast, 0x4e22, 0xfffe, 0x4, 0x0, 0x2, 0x0, 0x20}, {}, {0x0, 0x0, 0xffffffffffffffff}, 0xfffffffd}, {{@in=@empty}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x2}}, 0xe8)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'pim6reg\x00'})
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0xa, &(0x7f0000000000)=0xbf, 0x4)
bind$inet6(r5, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r5, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5d1014e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0x116d962d5f73552, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
recvmmsg(r5, &(0x7f0000000bc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000c00)=""/4111, 0xd80}], 0x1}}], 0x1, 0x122, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000040)={0x0, 0x0})
shutdown(0xffffffffffffffff, 0x0)

906.57463ms ago: executing program 2:
socket$pppoe(0x18, 0x1, 0x0) (async)
connect$pppoe(0xffffffffffffffff, 0x0, 0x0) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000000000900060000000000000000dab200000001000002000000028000000100000000000000034000000000000002800000010001000000"], 0x20}}, 0x0) (async)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, 0x0, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=@newqdisc={0x24}, 0x24}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r3 = socket$inet6(0xa, 0x80001, 0x0) (async)
unshare(0x20000400)
r4 = socket$unix(0x1, 0x5, 0x0)
connect$unix(r4, 0x0, 0x0) (async)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) (async)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000280)=ANY=[@ANYBLOB="010000ef103b04000a00000000000000ff010000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000af4557c3000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000001000000010000000a000000000000000000000000000000000000000000000000000000000000000000000000140000000000000000000065e6950e831108cf4971560b15d700"/276], 0x110) (async)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000500)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000001000100000000000018110000", @ANYBLOB="2598ccde00000000b70800004e9d00007b8af8ff00000000bfa20000fbff000007020000f8fffffdb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000040), 0x208e24b) (async)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f00000001c0)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @dev}, 0x10)
ioctl$int_in(r6, 0x5452, &(0x7f0000000040)=0x10000) (async)
recvmmsg(r6, &(0x7f00000005c0)=[{{0x0, 0xe8, 0x0, 0x0, 0x0, 0x0, 0xffffffff00003f00}}], 0x4000000000001db, 0x0, 0x0)
sendfile(r6, r5, 0x0, 0xffefffff) (async)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, &(0x7f0000000100))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

865.873869ms ago: executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080), 0x0)
syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES16, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f40108807000008048000980280000f8060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000908000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024"], 0x21c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$FOU_CMD_GET(0xffffffffffffffff, 0x0, 0x0)
socket$unix(0x1, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0xe, &(0x7f00000020c0)=ANY=[@ANYBLOB], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000040), 0x10}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="18020000ee0000000000000000000000850000000e00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)

813.33983ms ago: executing program 2:
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0x17, 0x0, 0x0)

688.860659ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, &(0x7f0000001580)=ANY=[@ANYBLOB="850000002a00000025000000000000009500000000000000afcd48d6494d614dcc6fab5335ec470db2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249ee1c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bf2255d6a0244d25b213bda84c8172afd8cc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958"], 0x0}, 0x90)
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f0000000040)=[{&(0x7f00000000c0)="80", 0x1}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="18000000000000008400002000000000620000000000000020000000000000008400000008000000"], 0x38}, 0x41)

633.17857ms ago: executing program 2:
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xb, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="660a0000000000006111730000000000000052e13e2c12c17d28cdccb7178ecf34ed6feaecf485437d880d9abd50d49bbc6434cfb957a711"], &(0x7f0000000000)='GPL\x00'}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1}, 0x48)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000100)={0xaf294b17a31401d5})
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000010c0)={&(0x7f0000001580)=ANY=[@ANYBLOB="9feb01001800000000000000de000000de000000030000000e00000000000002020000000f00000004000084ffffffff0d00000000000000dbfeab3fba37d4ac020000000000010001000000909c777563157866bfe9852ce8cf3c0500000004000000030000000100000001000000100000000000000e02000000010000000b00000007000004040000000d00000002000000030000000000000001000000018000000c0000000100000006001b0006000000000000007f0000000100000001000000fcffffff070000000300000005000000060000000100000000000000060000000200000f02000000030000000104000008aaffff03000000fdffffff080000000a6a0000002e003dd6acc0021a3da388100c4cb91877ce9478f5d8710ce4b134fbfd52257bdb2fac6c0b0e9447c7c206d0d3fb7e99cb52354461662afb16c8026c8a77c8878fa74f063b0a0d8c27e043e3c8136b28c0d8d3acb01fd979a76fc977ff2aa688e630f6bc9239011aa8299e046908060ad22a859c1ba60307a4f6e0722bdffebb06544cf194ff232cbf4407392656393e485c3952f7c588fcc5e0b259bea5398d00"], &(0x7f0000001000)=""/140, 0xfb, 0x8c, 0x1, 0x80}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001180)={0x6, 0x34, &(0x7f0000000880)=ANY=[@ANYBLOB="180000000100000000000000050000007848feff040001008d5b00010100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800008f0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018200000", @ANYRES32=r0, @ANYBLOB="000000000200000018160000", @ANYBLOB="aadcf1e2d619e2f14a055f46a26970126721d5128b9cbb879cfaa0aa4611cd47dfb69cb77e08ef524fc306b2bf6815b3de43dcc64ca84fe10fb94d38c20768ae36d0e30b310b3b2872d45775e978efeda2bd60ff892f9e6ad814ae7052256aa0e8a3e576fdd4b520db62a7d39a86699476cbbe34e47ba92c51ae28162e6bff150623d0", @ANYBLOB="000000000000000097983000f0ffffff850000000a00000018010000646c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000020000008500000006000000b7080000000000007b8af8ff00000000b7080000020000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a50000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300160400000085000000060000008520000005000000183700000400000000000000000000009500000000000000"], &(0x7f0000000e40)='syzkaller\x00', 0x7f, 0x42, &(0x7f0000000e80)=""/66, 0x41100, 0xf6747c251ca71fd9, '\x00', 0x0, 0x25, r1, 0x8, &(0x7f0000001100)={0x5, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001140)=[r0]}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=@bloom_filter={0x1e, 0x0, 0x0, 0x6, 0x2, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x0, 0x9}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000f00000095"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8b1a, &(0x7f0000000000)={'wlan1\x00'})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0500020600000008223b5b7f000000000000", @ANYRES32=r6, @ANYBLOB="0800050008000000"], 0x24}, 0x1, 0x0, 0x0, 0x48010}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
r7 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r7, &(0x7f0000000300), 0x6e)
r8 = socket$nl_route(0x10, 0x3, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r9, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
getsockname$packet(r9, &(0x7f0000000600)={0x11, 0x0, <r10=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r10, @ANYBLOB="00001000252155b21c0012000c000100626f6e6400"], 0x3c}}, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3000000010000400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000008000500", @ANYRES32=r10, @ANYBLOB="0800fb20bc5776ed6992985bbe0a00", @ANYRES32=r10, @ANYBLOB], 0x30}}, 0x0)

524.26243ms ago: executing program 0:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000300)=@o_path={&(0x7f00000002c0)='./file0\x00', r0, 0x4000, r0}, 0x18)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000008600000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$inet_tcp_buf(r2, 0x6, 0x1f, 0x0, &(0x7f0000000100))
unshare(0x4000400)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58)
unshare(0x2000600)
bind$alg(r3, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(blake2b-160-generic)\x00'}, 0x58)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r4, &(0x7f0000000180), 0x40010)
openat$cgroup_ro(r0, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x0, 0x0)
socket$kcm(0x29, 0x0, 0x0)

405.2319ms ago: executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000e00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000500)=@ipv4_newroute={0x38, 0x18, 0x1, 0x1, 0x0, {0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP_OPTS={0x10, 0x8, 0x0, 0x1, @LWTUNNEL_IP_OPTS_GENEVE={0xc, 0x1, 0x0, 0x1, @LWTUNNEL_IP_OPT_GENEVE_CLASS={0x6}}}}]}, 0x38}}, 0x0) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000380)='cgroup.procs\x00', 0x2, 0x0)
r4 = socket$igmp6(0xa, 0x3, 0x2)
bind$inet6(r4, &(0x7f0000000600)={0xa, 0x2, 0xfffffffe, @mcast1, 0x18}, 0x1c) (async)
r5 = socket(0x10, 0x3, 0x0)
r6 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0xffffffffffffffba, &(0x7f0000004640)={&(0x7f0000000600)=@newqdisc={0x58, 0x24, 0x100, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x28, 0x2, {{}, [@TCA_NETEM_RATE64={0xc, 0x8, 0x5e1f89a7bb6bc599}]}}}]}, 0x58}}, 0x0) (async)
r8 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r8, &(0x7f00000001c0)={0xa, 0x4e30, 0x8}, 0x1c) (async)
listen(r8, 0x400) (async)
r9 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r9, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r10 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r10, 0x0, 0x24, &(0x7f0000000040)={@empty, @local, @local}, 0xc) (async)
sendto$inet(r9, &(0x7f0000000080)='!', 0xffc3, 0x0, 0x0, 0x0)
accept$inet6(r8, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev}, 0x0) (async)
write$cgroup_pid(r3, &(0x7f00000000c0), 0x12)
syz_emit_ethernet(0x7e, &(0x7f0000000200)=ANY=[@ANYRES8, @ANYRES8=r6, @ANYBLOB="a4c3c7933211f235b48d23f1091c7e6fea9601de87567002f92145dd29c4f57dfcdb1187ebfbc7fddc7172f1aede588e5dc17c2ad1410ef0d3cb74bd30f86b7d7c3d90b836aaa19f43257765409e65d06d6a8e3d7394997665ca87b34bcfb1d6bf0481813b97c4affc4f1e28217ae741cecfd7cf"], 0x0) (async)
r11 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r12 = openat$cgroup_int(r11, &(0x7f0000000140)='cpuset.cpus\x00', 0x2, 0x0)
write$cgroup_subtree(r12, &(0x7f0000000340)=ANY=[@ANYBLOB='N-N:N/N'], 0x6a) (async)
socket$kcm(0x10, 0x3, 0x10) (async)
ioctl$sock_inet_SIOCSIFADDR(r4, 0x8916, &(0x7f0000000180)={'batadv0\x00', {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x39}}})

311.736586ms ago: executing program 2:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_route_sched_retired(r1, &(0x7f000001be80)={0x0, 0x0, &(0x7f000001be40)={&(0x7f0000001d00)=@deltfilter={0x11a0, 0x2d, 0x0, 0x0, 0x0, {}, [@f_rsvp={{0x9}, {0x238, 0x2, [@TCA_RSVP_CLASSID={0x8}, @TCA_RSVP_ACT={0x21c, 0x6, [@m_skbedit={0xa4, 0x0, 0x0, 0x0, {{0xc}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_QUEUE_MAPPING={0x6}, @TCA_SKBEDIT_PTYPE={0x6}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x4}}, @TCA_SKBEDIT_MARK={0x8}, @TCA_SKBEDIT_PARMS={0x18}]}, {0x2d, 0x6, "c6a494f3f45b1e00e67fc9a922ad45bd5962ea0c97f175346c07bad2fb9ada91ec827db61cfb8dab70"}, {0xc}, {0xc}}}, @m_ct={0xd0, 0x0, 0x0, 0x0, {{0x7}, {0x5c, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8}, @TCA_CT_ACTION={0x6}, @TCA_CT_NAT_PORT_MAX={0x6}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @empty}, @TCA_CT_NAT_IPV4_MAX={0x8, 0xa, @empty}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @loopback}, @TCA_CT_NAT_PORT_MAX={0x6}, @TCA_CT_LABELS_MASK={0x14, 0x8, "d2c273ebc450fec1ec08500a02de9677"}]}, {0x4d, 0x6, "f38e2eb5efabe3b1f6197aa76ef97c58a777a6467891d4b5e98708399c5e41e7b1c5cbd000dda961eb5485897a61d1fdb516e7503c6b2a9a7f27db63b32e621307db45a95aca099bd8"}, {0xc}, {0xc}}}, @m_mpls={0xa4, 0x0, 0x0, 0x0, {{0x9}, {0x4c, 0x2, 0x0, 0x1, [@TCA_MPLS_LABEL={0x8}, @TCA_MPLS_TTL={0x5}, @TCA_MPLS_BOS={0x5}, @TCA_MPLS_PROTO={0x6}, @TCA_MPLS_PROTO={0x6}, @TCA_MPLS_PROTO={0x6}, @TCA_MPLS_PROTO={0x6}, @TCA_MPLS_TTL={0x5}, @TCA_MPLS_BOS={0x5}]}, {0x2d, 0x6, "4d814c539ac71a2913db2a2967e92c5093f38e60e533227631b4219bbe1edd7e2ddcbdb3c835e61e65"}, {0xc}, {0xc}}}]}, @TCA_RSVP_CLASSID={0x8}, @TCA_RSVP_DST={0x8, 0x2, @multicast2}]}}, @f_tcindex={{0xc}, {0xf2c, 0x2, [@TCA_TCINDEX_HASH={0x8, 0x1, 0x74d7}, @TCA_TCINDEX_FALL_THROUGH={0x8}, @TCA_TCINDEX_FALL_THROUGH={0x8, 0x4, 0x1}, @TCA_TCINDEX_FALL_THROUGH={0x8, 0x4, 0x1}, @TCA_TCINDEX_FALL_THROUGH={0x8}, @TCA_TCINDEX_HASH={0x8, 0x1, 0x4b60}, @TCA_TCINDEX_ACT={0xef8, 0x7, [@m_sample={0xa4, 0x1b, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PARMS={0x18, 0x2, {0x3f, 0x3492, 0x7, 0x8b, 0x400}}]}, {0x5f, 0x6, "8f9c4581086ae7824f16a1b240735814307f58d23b92ef7d62f1453e82a4de9be955e072dfd64eeac440d424d040ca9613044d13b5c3de86acc5542d0afec52a7283d1ef860057fb171c7edf9d2ebf30c1559a9582300dfcfd3fde"}, {0xc}, {0xc, 0x8, {0x1, 0x1}}}}, @m_pedit={0xe50, 0x0, 0x0, 0x0, {{0xa}, {0xe24, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe20, 0x2, {{}, [{0x10001, 0xb5, 0x5, 0xa, 0x8, 0x579b9096}, {0x9, 0x4, 0x6, 0xfa, 0x7fff, 0x5}, {0x401, 0x50, 0x0, 0x100, 0x800, 0x80}, {0xd29, 0x3, 0x6, 0x40, 0x0, 0x1}, {0xf22, 0xe3, 0x6, 0x2, 0xfffffffc, 0x5}, {0xfffff001, 0xc5f9, 0x1, 0x519, 0x3, 0x8001}, {0x5, 0x3, 0x1a29fb4, 0x7c, 0xfffffffb, 0x2}, {0x8b3, 0x6, 0x3, 0x9, 0xa847, 0xb9b}, {0x4, 0xb5, 0x8001, 0x5d, 0x6, 0x9}, {0x5, 0x8, 0x6, 0x1, 0x7, 0x7fff}, {0x9, 0x2, 0x9, 0x10001, 0x5, 0x17ce}, {0xa600, 0x3, 0x3, 0x5, 0x91, 0x3e74}, {0x36, 0x7, 0x5, 0x80000001, 0x2, 0x10001}, {0x20, 0x7, 0x10001, 0x2, 0xffffffff, 0x9}, {0xffff, 0x91, 0x352, 0x401, 0x3, 0x20}, {0x8, 0x41, 0x2, 0x9, 0x6, 0x9}, {0x1, 0xed40, 0x3, 0x3, 0x6, 0x538e}, {0x3ff, 0x3f, 0xe3, 0x3, 0x5, 0xd0}, {0x7f, 0x8783, 0x7fff, 0x1, 0x0, 0x8}, {0x1, 0x50b, 0x3, 0x8, 0x7, 0xffff}, {0xc00, 0x7ff, 0x9, 0x9, 0xffffff33, 0x9be}, {0x3, 0x9, 0x3ff, 0x3, 0x1, 0x9}, {0x2, 0x4, 0x7fffffff, 0x1, 0x3, 0x8}, {0xfffffffd, 0x8, 0x1, 0xfff, 0x59a44136, 0x627}, {0x8, 0x5, 0x3, 0xcb, 0x0, 0x2}, {0x6, 0x9, 0xffffffd8, 0x5, 0x6}, {0x9, 0x1, 0x2, 0x7, 0x689, 0xa0}, {0x3, 0x200, 0x200, 0x2, 0x6, 0xa4ff}, {0xffff, 0x6, 0x0, 0x7, 0xb3c5, 0x401}, {0xcf, 0x100, 0x8ff, 0x438, 0x1, 0x6}, {0x49, 0x400, 0x1f, 0x4, 0xc000, 0x1}, {0xffffff00, 0x4, 0x5, 0x0, 0x3, 0x20000000}, {0x8, 0x1, 0x7a, 0xa9, 0x9, 0xffff}, {0x77b2276, 0x2, 0x0, 0x1, 0x3f, 0x8}, {0x8, 0x6, 0x6, 0x3ff, 0x6}, {0x7ff, 0x800, 0x2, 0x1, 0x3, 0x2}, {0x7, 0x8, 0xff, 0x7f, 0x7ff, 0x8001}, {0xfff, 0x80, 0x1f, 0xb9b, 0x6fc8, 0x1}, {0x4599, 0x7, 0x0, 0x9, 0x20, 0xeb}, {0x2, 0x4000, 0x400, 0xffffffff, 0x6, 0x7}, {0x1000, 0xf0, 0x0, 0xdff6, 0x9, 0x2}, {0x7, 0x1ff, 0x3, 0x1, 0x3, 0x7}, {0x10001, 0xb8a, 0x5, 0x0, 0x1ff, 0x8}, {0x6b, 0x1000, 0x400, 0x5, 0x0, 0x9}, {0x8001, 0x0, 0x7fffffff, 0x7, 0x7fffffff, 0xffffff0b}, {0x1ff, 0x81, 0xf43, 0x1f, 0x5, 0xafa}, {0xcb, 0xffffffff, 0x3, 0x4, 0x9d5, 0xfffffffb}, {0xda5c, 0x1, 0x9f1, 0x7fffffff, 0x81a, 0xffffffff}, {0x9, 0x9, 0x2, 0xdca9, 0x9000, 0x1000}, {0x2, 0x100, 0x7, 0x8, 0x0, 0x4}, {0x3, 0x80000001, 0x9b6, 0x1, 0x401, 0x7}, {0x7, 0x8, 0x6, 0xffffff7a, 0x2, 0x8}, {0x8001, 0x5, 0x6, 0x2}, {0x35cf, 0x6fcd, 0x2, 0x9, 0x0, 0x9}, {0xca, 0x7fff, 0x96, 0x3, 0x4, 0xfffffffb}, {0x6fb, 0x0, 0x19, 0x6, 0x1, 0x400}, {0x1, 0x3, 0x3, 0x9ba0, 0x3, 0xcf}, {0x200, 0x800, 0x3ace631b, 0x6, 0xb6, 0x7fff}, {0x400, 0x7f, 0x7, 0x0, 0xfffff610, 0x3800000}, {0x1000, 0x6, 0x3, 0x3f, 0x1, 0x2}, {0x65, 0x1, 0xfffffffc, 0x3, 0x279a, 0x14}, {0x2, 0xffffffff, 0x6, 0x8, 0x591, 0x8}, {0x491, 0x7, 0x7, 0x400, 0x3, 0xfff}, {0x7fff, 0x1, 0x57d, 0x4, 0x800, 0x48a}, {0x2, 0x8, 0x1, 0x10000, 0x401}, {0x6, 0x4, 0xfffff40c, 0x5, 0x8, 0x6ab2}, {0x6, 0xc6, 0xa275, 0xb0, 0x100, 0x1}, {0x8, 0x6, 0x9, 0xfff, 0x8}, {0xfffff000, 0x7, 0xfffffff8, 0x7, 0x2, 0x200}, {0x6, 0x4, 0x6d, 0x100, 0x3f, 0x4}, {0x5, 0x5, 0x9, 0x0, 0x400, 0x934}, {0x6, 0x2, 0x1f, 0x8, 0x81, 0xc40f}, {0x4, 0xc2b, 0xfffffff8, 0x7, 0x8000, 0xffffff50}, {0x5, 0xffffff81, 0x401, 0x3, 0x7, 0x400}, {0x100, 0x8, 0xfffffffa, 0x4, 0x6, 0x10001}, {0x6, 0x10000, 0x17, 0x8c, 0xfffffff8, 0x7ff}, {0x62067c13, 0x8, 0x6, 0x8, 0x5}, {0x7ee, 0x0, 0x0, 0x4, 0x10001, 0x80000000}, {0x5f81, 0xa28f, 0x6, 0xfffffffc, 0x800, 0x10001}, {0x1000, 0x7, 0x6, 0x8000, 0xfb03, 0x3ff}, {0x800, 0xfffffffe, 0x9, 0x7fffffff, 0x8, 0x5f1}, {0x1, 0x7, 0x4e83, 0x7fffffff, 0xffff}, {0xffff, 0x5, 0x1, 0x1, 0x0, 0x1ff}, {0x7, 0x2, 0xde, 0x6, 0x2, 0x6}, {0x101, 0xfffffffb, 0x4, 0x6, 0x8000, 0x1f8}, {0x1, 0x0, 0x3, 0x9, 0x4, 0x8}, {0xfffffff9, 0x7, 0x3f, 0x6483, 0x401}, {0x4, 0x9, 0x81, 0x7, 0x8, 0x1}, {0x8, 0xffffffdf, 0x8, 0x9, 0xfffffff9, 0x800}, {0x7, 0x3, 0x8, 0x1, 0xeac, 0x1}, {0x7, 0x314e, 0x0, 0x5}, {0x57f9, 0xe1, 0x7, 0x0, 0xa04, 0x6}, {0x6, 0x481, 0x5, 0x7, 0x684d8ac2}, {0x401, 0x401, 0x0, 0x8, 0x7fffffff, 0x3}, {0x4ad2, 0x1c9f, 0x5135e19b, 0x1, 0x7, 0x800}, {0x9, 0x8000, 0x3}, {0x9f1, 0x9, 0x8, 0x1452df82, 0x2, 0x101}, {0x1, 0x0, 0x6b2, 0x7, 0x5, 0x59f}, {0x5, 0xf36a, 0x3917, 0x9, 0xff, 0x2}, {0x6e, 0x2, 0x1, 0x0, 0x45, 0x7}, {0x400, 0x3ff, 0x1, 0x8, 0x0, 0x9}, {0x1, 0x0, 0x7, 0x3, 0xffffffff}, {0x603ad109, 0xb2, 0x5, 0x3, 0x5, 0x3}, {0x81, 0xf6e, 0xff, 0x400, 0x5}, {0x72, 0x0, 0x80000000, 0xff, 0x7fffffff, 0x8}, {0x2, 0x9, 0x1000, 0x9, 0x8001, 0x3}, {0xde, 0x400, 0x8, 0xff, 0x0, 0x20000}, {0x1bd74c1e, 0x6, 0xfffffffd, 0x3, 0x9, 0x33cf}, {0x0, 0x5, 0x8, 0x8, 0x5, 0x8}, {0x1, 0x400, 0x5, 0x9, 0x9, 0x1}, {0x7ff, 0x9, 0x2, 0x2, 0x6, 0x3}, {0x605, 0x3, 0x9, 0x616d066d, 0xfffffffe, 0x8}, {0x8, 0xfcb, 0x10001, 0x1350, 0x6, 0x3}, {0x4eb, 0x1f, 0x14, 0x4514adca, 0x1, 0x8}, {0x1, 0x2, 0x5, 0xff, 0x3ff, 0x704}, {0xff, 0x2000000, 0x3, 0xa4ab, 0x0, 0xea}, {0x5, 0x7ff, 0x5, 0x7, 0x0, 0x6}, {0x3, 0x5, 0x2, 0x7fff, 0x3, 0x5a9d6e4}], [{0x2}, {0x4}, {0x4, 0x1}, {0x4}, {0x2}, {0x2}, {0x1}, {0x1, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {0x5}, {}, {0x3, 0x1}, {0x3}, {0x4}, {0x4, 0x1}, {}, {0x6}, {0x5, 0x1}, {0x1}, {0x7}, {0x4}, {0x3}, {0x2}, {0x1, 0x1}, {}, {0x0, 0x1}, {0x1}, {0x1}, {0x3}, {0x1, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {0x0, 0x1}, {0x2, 0x1}, {0x1}, {0x1}, {}, {0x4}, {0x4, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {0x4, 0xdb3e77ce7302add}, {0x2}, {0x4}, {0x4, 0x1}, {0x3, 0x1}, {0x3, 0x1}, {}, {0x4, 0x1}, {0x5, 0x1}, {0x1}, {0x1}, {0x3}, {0x4}, {0x4, 0x1}, {}, {0x3, 0x1}, {0x0, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x1}, {0x2, 0x1}, {}, {0x4, 0x1}, {0x1, 0x1}, {0x4, 0x1}, {0x5, 0x1}, {0x2, 0x1}, {0x5, 0x1}, {0x2}, {}, {0x2}, {0x3, 0x1}, {}, {0x1, 0x1}, {0x1, 0x1}, {}, {0x2, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0x1}, {0x5}, {}, {0x2, 0x1}, {0x2, 0x1}, {0x2, 0x1}, {}, {0x4}, {0x3}, {0x5}, {0x0, 0x1}, {0xa, 0x1}, {0x0, 0x1}, {0x4}, {0x0, 0x1}, {}, {0x6}, {0x1, 0x1}, {0x4, 0x1}, {0x1, 0x1}, {0x0, 0x1}, {}, {0x1}, {0x2}, {0x3, 0x1}, {0x5}, {0x3}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x5, 0x1}, {0x2}, {0x0, 0x1}, {0x3}, {0x0, 0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x1}, {0x4, 0x1}, {0x0, 0x1}, {0x3, 0x1}], 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}}]}, 0x11a0}}, 0x0)
recvmsg(r1, &(0x7f00000002c0)={0x0, 0x5000000, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/4096, 0x1000}], 0x1}, 0x0)

208.710473ms ago: executing program 1:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', <r1=>0x0})
syz_80211_inject_frame(0x0, 0x0, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x2}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x8}, @union={0x0, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x0, 0x1}]}]}}, 0x0, 0x5a}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x6dfa, 0x9, 0x0, 0x18, 0x1, 0x3, '\x00', 0x0, r2, 0x3, 0x5, 0x3}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000005c0)={0xffffffffffffffff, 0xe0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0], 0x0, 0xf, &(0x7f00000003c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000400), &(0x7f0000000440), 0x8, 0xd7, 0x8, 0x8, &(0x7f0000000480)}}, 0x10)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000006c0)={r2, 0x20, &(0x7f0000000680)={&(0x7f0000000600)=""/32, 0x20, <r5=>0x0, &(0x7f0000000640)=""/60, 0x3c}}, 0x10)
r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c00)={&(0x7f0000000a80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xd4, 0xd4, 0x3, [@func={0x1, 0x0, 0x0, 0xc, 0x2}, @union={0xf, 0x3, 0x0, 0x5, 0x0, 0x1, [{0x0, 0x3, 0x80}, {0x5, 0x0, 0x8}, {0xe, 0x3, 0x8e}]}, @ptr={0x2, 0x0, 0x0, 0x2, 0x5}, @struct={0xc, 0x1, 0x0, 0x4, 0x1, 0x10001, [{0xe, 0x5, 0x3}]}, @enum={0xe, 0x9, 0x0, 0x6, 0x4, [{0x5, 0xa6}, {0x8, 0x20}, {0xc, 0x80000000}, {0x2, 0x6}, {0x8, 0x6}, {0xc, 0x4}, {0xa, 0x2}, {0xd, 0x8}, {0x7, 0x4}]}, @var={0xa, 0x0, 0x0, 0xe, 0x4}, @var={0x2, 0x0, 0x0, 0xe, 0x4}]}, {0x0, [0x61]}}, &(0x7f0000000b80)=""/120, 0xef, 0x78, 0x100, 0x3}, 0x20)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xb, 0x1f, 0x2, 0xbf22, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000400), 0x401, r7, 0x0, 0xa002a0}, 0x38)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000d80)={0x6, 0x23, &(0x7f0000000880)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x12c8, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [@map_idx={0x18, 0x0, 0x5, 0x0, 0x9}, @cb_func={0x18, 0x3, 0x4, 0x0, 0x8}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @call={0x85, 0x0, 0x0, 0xcf}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}, @btf_id={0x18, 0x6, 0x3, 0x0, 0x3}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000009c0)='syzkaller\x00', 0x343, 0x70, &(0x7f0000000a00)=""/112, 0x41000, 0x40, '\x00', r4, 0x25, r6, 0x8, &(0x7f0000000c40)={0x6, 0x3}, 0x8, 0x10, &(0x7f0000000c80)={0x4, 0x2, 0xc3a8, 0xfff}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000d40)=[r3, r7, 0xffffffffffffffff], 0x0, 0x10, 0x81d8}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x16, 0x12, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4ed, 0x0, 0x0, 0x0, 0x80000000}, [@cb_func={0x18, 0x5, 0x4, 0x0, 0xfffffffffffffff9}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @exit, @exit, @jmp={0x5, 0x1, 0x7, 0x2, 0xb, 0xc, 0x1}]}, &(0x7f00000001c0)='syzkaller\x00', 0x101, 0x87, &(0x7f00000002c0)=""/135, 0x41000, 0x19, '\x00', r4, 0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r5, 0xffffffffffffffff, 0x8, 0x0, &(0x7f0000000740)=[{0x0, 0x3, 0x6, 0xc}, {0x0, 0x4, 0xa, 0xa}, {0x2, 0x2, 0xe, 0xa}, {0x3, 0x3, 0x4, 0xf}, {0x5, 0x2, 0x8, 0x8}, {0x5, 0x7fff, 0xc, 0x8}, {0x3, 0x1, 0x4, 0x6}, {0x3, 0x4, 0x3, 0x9}], 0x10, 0x5}, 0x90)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2002}, [@IFLA_IFNAME={0x14, 0x3, 'wlan1\x00'}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000700)={0x2}, 0x8)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080))
syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
socket$rxrpc(0x21, 0x2, 0xa)

160.189097ms ago: executing program 3:
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000003a80)={&(0x7f00000004c0)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000003a00)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev={0xac, 0x14, 0x14, 0xb}, @multicast1}}}], 0x20}, 0x4008804)
sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f00000002c0)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000940)=[{&(0x7f0000000600)="3282db78e0ea55c52d87bc2a166b9e46818f5faca0b3a411e056b7928ccacd30019d925e47ecd2f92675d1d8c795dd0ab0a9c457007d002ae359e2b5d768e71db355cf220bb96b7a64e1d2629c3e21c5decd0e2e6f107c35a8081587d3dc42a0bc0d0c5e85c355c9cbadd6e8f8014acb52d24b961a3989d5102d540829ad660fdca299e7e74a71ed264d75a3e1dfb8331f1b441972bc5982dbe74341fa418cfee6039c15eda91b1ecf8887e008b15c4c7505c31efe20a7b838369c2857906c492432ba88cd2591215c875a7c854aa65bcc2e04eabc2ef716297c6d5c1357ed811a106739f968547df4ae455ecd6b0566ef52705630df27d81e2a544ecc09f8c73cec559d206644acdc56c717e19f04613456b8d7a386c0a700c032d0165c3b3f5716aa7f24e6fca522f91350793d13ba7f887e7b48cd3e6e41139d0deb8de9aeac59bf750ce01a", 0x147}, {&(0x7f0000000fc0)="da752f575198baaac222d34e85893d37a6bd281687872ed9151c56f415698f3fecf56eebf5edb42ed5d54e0419b2a13128d3ad19b6eed6b450aad46baaa57203e0d4f567d8d79fe07e7b3142de43e55cf69c65db2469175cf60c82f49d0f9d3f2ac908fd7099c4c4dde733a14d57f4117ed2f46aea5950ff0176d73349c2808eee62ce1c7d846ffdf65211f3192dabf5b3ac1516ad90e618d0ca9e4ac2778acabeac244f2f90af2616647e5cf8ab5e2ac404ebf2a866c8a73f68ae2cc4523e63e3a1aa5ab60a23e4c47534bda546042120c5333d91fefc68226bc9149d282937797a2fe036a58c9ecd19e54bcfb85d3f75ec7c74d86be94ef6b9191e0fa86d2a9330af3f592e24bc30b84632e5121bf04abc0e12f4073f6678ad97b786cc73b8175e35eda542e3631d283a3ca6fef91607ec7dee1b4a62bae169cc8fb64e8bdef95474f0b3c526f69ce55281e18016a4785875ba99e313fd63f66cfd36234bcc6048f25bce8cce39cf709eb10e1ea88497ff7401aae0d4a7e07f14691b6c4b75dc16e2586744317ffbb9966d8bfb16efcdf6ab308426e5c1aec6a6636122ffaca89af3b03834612b93989d0bbb251a42c1b48b86ac7162ad8d5cbf3d6cfccdc590724ff6caa85320f9d5beea2370b8c0533c19422c9097a7164651ad9d8f9cca4ea7815e53fd9c42eab1cb76b451cd3b18cf31c16d01731efd1506b844f52d2f173c825a7f8814ada5f6361a48f20250df6b98965d0c85f3df3b72b2ac49f3ed52e6fa30d7d3d54d95e8bd13ec2ed4883feb3b778d624ff0c1a3ec900671acd0ff00edc7b96d1cad51fba25565c67ce0e62302dbff8f68c0de8330c44704b2f019a7afc753538ed61f3744f286735af18a8f5e7ae3fd66e4562565b31a9e5d947a06ea69ee5f0ea97d2e832e1bbc9e74498a2f99473ef8822ad0254013fefff6c4c35d84072307633de00985a6477ff6480e75171a50915838168d3b1a5864450cc9b2fb1f71364095c0fd0c94610e4b9785dc39501ba75496d10907ada3ffa622225897c79c8e8efa27396ada49844f7664bd2eee3a156c0c89fc8ded3f1b8be73d1e60521c2789837b71fe63a320f233032f2bc0472f53165423fb6c8755e5f18ac54ea180f0486914f917f8b16b13b286248c2ed33bf7b95efc5b3c15664d036fcb721d19011d09a7efbb4863b021bd7b75c632a2bb13676a1ab1fed3f1101196625c09244c987825b515d662f4fcac27b9a4cf92ba0683b7eecbbff92c7250bf7c04bcc660840d91620bb214b46581f7f406b45019f01249be3a7ca79b97c9be7ae35f6d3594687c5207c029a2774f3a7df6681a206a59a9dd40a8f114e03f3b6a44a4e88960c9d6c79b5ac3ddfc4481ca5cdbf31816bfa9291879e0d7ea617add447d819aa30e2c3f9502c393cc9cce52dcbdac5e3c55a08a9b8ddaf52de96915f6635065a905aa94b7b20882dc3f72c3cbd2b5cab4e642b8defb3068b16582f9fad313682929d43e466c2448a9220bcdf2de3928078fbac197a7957bb9bb34e4778aca1626a984d4b1ac09517f1c353139739138fe320f5f34b17693c85e40d6f44e4750610a9e8463a4", 0x46d}], 0x2}, 0x8400) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40, 0x41}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r1}, 0x38) (async)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={r1, &(0x7f0000000cc0)="02"}, 0x20) (async)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x0, @local}, 0x10, &(0x7f0000000340)=[{&(0x7f0000000840)="f0", 0x1}], 0x1}, 0x0) (async, rerun: 64)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84) (async, rerun: 64)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="300000004a00010000000000000000000a008000", @ANYRES32=0x0, @ANYBLOB="0000000014000100ff"], 0x30}}, 0x0)
sendmmsg$inet6(r2, &(0x7f000000c640)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)='p', 0x1}], 0x1}}], 0x1, 0x0) (async)
shutdown(r2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r4=>0x0})
r5 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) (async)
r6 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2a, &(0x7f0000000080)={0x20, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}, 0x7}}, {{0xa, 0x0, 0x0, @loopback}}}, 0x108)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) (async)
setsockopt$inet6_group_source_req(r6, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}}}, 0x108)
close(r5) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="1831a5fde71e009dd335a1627d00", @ANYBLOB="b6a21c93f0cdb876918e3c9e93c78bf398cbabde1ff3b93c2700ea41e231cc90d6b9decd97c1902c0e6b605daa8aec452939adddd343463efd15e92ce415c2ccb36fc358f800251eea5d27a53cd80ed40bf678e9ef0635312c571ed9ba62426ebea4b05439009ef9f227043740143246fba48fd6de0e436c6f9722f6e241fa1938cd0449c15fe295f24db851e79cfd14367b370d0cbe3bf80698e56e119847e97b1a51e8cbdce14256ede0887dc254379d961d741bdc68f6a117a0207efd6591a8ae7b5346440726ac29221d68c365c1266678b1ca7c1a6473d53a5760b5", @ANYBLOB="0100000000000000000006000000080001000000000008000300", @ANYRES32=r4, @ANYBLOB="0a00e800080211000001007d90dbb323aabd184a"], 0x38}}, 0x0) (async)
getsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x83, &(0x7f0000000140), &(0x7f0000000100)=0x10)

156.286114ms ago: executing program 2:
r0 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SWAP(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)={0x40, 0x6, 0x6, 0x301, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x40}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_crypto(0x10, 0x3, 0x15)
r4 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_INIT(r4, 0x29, 0xc8, &(0x7f0000000340), 0x4)
setsockopt$MRT6_DONE(r4, 0x29, 0xcb, 0x0, 0x0)
ioctl$sock_bt_hci(r3, 0x800448d2, &(0x7f0000000000)="c2a5")
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="680000000206010100000000000000000000000005000100070000000900020073797a30000000001c00078005001500100000000800124000000000080008400000202113000300686173683a6e65742c696661636500000500050002000000050004"], 0x68}}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r7, 0x29, 0x21, &(0x7f0000000000)=0x101, 0x4)
sendto$inet6(r7, 0x0, 0x0, 0x20004000, &(0x7f0000000040)={0xa, 0x0, 0x0, @private1}, 0x1c)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="01000100000001800000390000000e0001006e657464777673696d0000000f0002006e657464657673696d3000000800736298e46532568df6d5988cee4fa7263900000000000e0001006e657464657673696d000039b16a9930211d4064"], 0x64}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x8, 0x5, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3000}, [@alu={0x7, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2f22}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x78)
sendmsg$nl_generic(r6, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2000000a00000000ee6c38301231310000000000000000000000000000495b84d67bdca4232cc5d96d7af419e29a1c8e03d22e2cd655fcefe5f3ea405202f9e89e2b5a7bda00"/82], 0x20}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100000000000000002eeed88696", @ANYRES32=r1], 0x20}}, 0x0)

95.356121ms ago: executing program 0:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x600, 0x0, 'cryptd(blake2b-160-generic)\x00'}, 0x58)

0s ago: executing program 0:
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
r1 = socket$packet(0x11, 0x0, 0x300)
r2 = socket$packet(0x11, 0x0, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r3=>0x0})
sendto$packet(r2, &(0x7f0000000000)="00000806", 0x4, 0x0, &(0x7f0000000080)={0x11, 0x8100, r3, 0x1, 0x0, 0x6, @multicast}, 0x14)
sendmsg$nl_crypto(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=ANY=[@ANYBLOB="e800000012000b3600000000000000007874732d63617374362d6176780000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1252cb264afe28ddd7900000000000000ff01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800010000"], 0xe8}}, 0x0)
r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000880), 0x4)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="190000eca42cedf3c23408000000080018110000", @ANYRES32, @ANYRES8=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, r4}, 0x90)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000001c0)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', <r6=>0x0, 0x0, 0x2, 0x3, 0x5, 0x5e, @mcast2, @local, 0x7, 0x20, 0x0, 0x88a6}})
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0xa9}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
recvmsg(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000040)=@ieee802154={0x24, @short}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000001c0)}, {&(0x7f0000000b00)=""/4096, 0x1000}, {&(0x7f0000000200)=""/41, 0x29}, {&(0x7f0000000280)=""/109, 0x6d}, {&(0x7f0000000300)=""/208, 0xd0}, {0x0}], 0x6, &(0x7f0000000540)=""/30, 0x1e}, 0x40000000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x90)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = socket$pppl2tp(0x18, 0x1, 0x1)
r10 = socket$inet6_udp(0xa, 0x2, 0x0)
ppoll(&(0x7f0000000400)=[{r10, 0x3082}, {r8, 0x5008}, {r5, 0x100}], 0x3, &(0x7f0000000640)={0x0, 0x989680}, &(0x7f0000000680)={[0x5]}, 0x8)
connect$pppl2tp(r9, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r10, {0x2, 0x0, @dev}, 0x2}}, 0x2e)
close(r9)
shutdown(r9, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000002100)={0x11, 0x14, &(0x7f0000001b00)=@raw=[@map_idx={0x18, 0x9}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}}, @jmp={0x5, 0x1, 0xc, 0x6, 0x6, 0x80, 0x4}, @ldst={0x3, 0x3, 0x2, 0x9, 0xb}, @ldst={0x2, 0x3, 0x4, 0x4, 0xa, 0xfffffffffffffffe, 0xfffffffffffffff0}, @cb_func={0x18, 0xa, 0x4, 0x0, 0xfffffffffffffffb}], &(0x7f00000009c0)='GPL\x00', 0x4937, 0xa5, &(0x7f0000001bc0)=""/165, 0x40f00, 0x2, '\x00', r6, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000a00)={0x8, 0x2}, 0x8, 0x10, &(0x7f0000001c80)={0x2, 0x0, 0x8, 0x80000001}, 0x10, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000020c0)=[0xffffffffffffffff, 0xffffffffffffffff, r4, 0xffffffffffffffff, 0xffffffffffffffff, r7, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x9}, 0x90)
r11 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r11, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x0, 0x0, 0x0, 0x2}}, 0x2e)
ioctl$PPPIOCGL2TPSTATS(r11, 0x8004745a, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000180)='ext4_ext_show_extent\x00', r8}, 0x10)
syz_genetlink_get_family_id$devlink(&(0x7f0000000840), 0xffffffffffffffff)
r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0x2, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x90)
write$cgroup_int(r12, &(0x7f0000000000), 0x400000)

kernel console output (not intermixed with test programs):


[   92.127666][ T5560]  ? __pfx_lock_release+0x10/0x10
[   92.132717][ T5560]  should_fail_ex+0x3b0/0x4e0
[   92.137418][ T5560]  _copy_from_iter+0x1f6/0x1960
[   92.142288][ T5560]  ? __pfx__copy_from_iter+0x10/0x10
[   92.147576][ T5560]  ? txopt_get+0x3e0/0x4f0
[   92.152005][ T5560]  ? mark_lock+0x9a/0x350
[   92.156343][ T5560]  ? txopt_get+0x7b/0x4f0
[   92.160708][ T5560]  ? __pfx_txopt_get+0x10/0x10
[   92.165486][ T5560]  ? aa_label_sk_perm+0x4f0/0x6d0
[   92.170527][ T5560]  ? __lock_acquire+0x1346/0x1fd0
[   92.175578][ T5560]  rawv6_sendmsg+0xdb4/0x23c0
[   92.180295][ T5560]  ? __pfx_rawv6_sendmsg+0x10/0x10
[   92.185438][ T5560]  ? aa_sk_perm+0x967/0xab0
[   92.189981][ T5560]  ? inet_sendmsg+0x330/0x390
[   92.194671][ T5560]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[   92.199964][ T5560]  ? security_socket_sendmsg+0x87/0xb0
[   92.205441][ T5560]  __sock_sendmsg+0x1a6/0x270
[   92.210131][ T5560]  sock_write_iter+0x2dd/0x400
[   92.214912][ T5560]  ? __pfx_sock_write_iter+0x10/0x10
[   92.220222][ T5560]  ? bpf_lsm_file_permission+0x9/0x10
[   92.225604][ T5560]  ? security_file_permission+0x7f/0xa0
[   92.231174][ T5560]  vfs_write+0xa72/0xc90
[   92.235434][ T5560]  ? __pfx_sock_write_iter+0x10/0x10
[   92.240746][ T5560]  ? __pfx_vfs_write+0x10/0x10
[   92.245551][ T5560]  ksys_write+0x1a0/0x2c0
[   92.249901][ T5560]  ? __pfx_ksys_write+0x10/0x10
[   92.254765][ T5560]  ? do_syscall_64+0x100/0x230
[   92.259556][ T5560]  ? do_syscall_64+0xb6/0x230
[   92.264249][ T5560]  do_syscall_64+0xf3/0x230
[   92.268766][ T5560]  ? clear_bhb_loop+0x35/0x90
[   92.273473][ T5560]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   92.279414][ T5560] RIP: 0033:0x7fcade07d0a9
[   92.283843][ T5560] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[   92.303461][ T5560] RSP: 002b:00007fcadee790c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   92.311896][ T5560] RAX: ffffffffffffffda RBX: 00007fcade1b3f80 RCX: 00007fcade07d0a9
[   92.319878][ T5560] RDX: 00000000000005ac RSI: 00000000200000c0 RDI: 0000000000000003
[   92.327854][ T5560] RBP: 00007fcadee79120 R08: 0000000000000000 R09: 0000000000000000
[   92.335855][ T5560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   92.343834][ T5560] R13: 000000000000000b R14: 00007fcade1b3f80 R15: 00007ffcc6e7a578
[   92.351855][ T5560]  </TASK>
[   92.407030][   T29] audit: type=1800 audit(1719241819.871:7): pid=5563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1960 res=0 errno=0
[   93.620960][ T5597] __nla_validate_parse: 2 callbacks suppressed
[   93.620982][ T5597] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[   93.622914][ T5594] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   93.651865][ T5593] Bluetooth: MGMT ver 1.22
[   93.667300][ T5593] Bluetooth: hci3: invalid length 0, exp 2 for type 12
[   93.750138][ T5598] macvlan2: entered allmulticast mode
[   93.759619][ T5598] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   93.781142][ T5598] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[   93.817216][ T5598] team0: Port device macvlan2 added
[   93.843973][ T5600] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[   93.866849][ T5600] bridge_slave_1: left allmulticast mode
[   93.895594][ T5600] bridge_slave_1: left promiscuous mode
[   93.917154][ T5600] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.946079][ T5600] bridge_slave_0: left allmulticast mode
[   93.955471][ T5600] bridge_slave_0: left promiscuous mode
[   93.967542][ T5600] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.151397][ T5597] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[   94.174027][   T29] audit: type=1800 audit(1719241821.641:8): pid=5608 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1952 res=0 errno=0
[   94.344731][ T5615] warning: `syz-executor.1' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   94.386127][ T5619] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[   94.489891][ T5624] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[   94.512588][ T5624] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   94.524466][ T5627] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'.
[   94.548670][ T5627] netlink: 72 bytes leftover after parsing attributes in process `syz-executor.3'.
[   94.563254][ T5629] batadv_slave_1: entered promiscuous mode
[   94.571525][ T5616] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[   94.636257][ T5628] batadv_slave_1: left promiscuous mode
[   94.662221][ T5630] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   94.715997][ T5633] Bluetooth: MGMT ver 1.22
[   94.802586][   T29] audit: type=1800 audit(1719241822.271:9): pid=5640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1964 res=0 errno=0
[   94.992555][ T5647] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   95.002698][ T5646] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[   95.012601][ T5647] block nbd0: not configured, cannot reconfigure
[   95.280909][ T5648] bridge_slave_1: left allmulticast mode
[   95.288716][ T5648] bridge_slave_1: left promiscuous mode
[   95.294564][ T5648] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.327294][ T5648] bridge_slave_0: left allmulticast mode
[   95.347046][ T5648] bridge_slave_0: left promiscuous mode
[   95.353129][ T5648] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.495487][ T5646] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[   95.740474][ T5664] 0ªX¹¦Dö»: renamed from gretap0 (while UP)
[   95.773584][ T5666] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   95.786283][ T5664] 0ªX¹¦Dö»: entered allmulticast mode
[   95.823000][   T29] audit: type=1800 audit(1719241823.291:10): pid=5672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1963 res=0 errno=0
[   96.714955][ T5707] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[   96.791418][   T29] audit: type=1800 audit(1719241824.261:11): pid=5717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1957 res=0 errno=0
[   96.865428][ T5719] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.103074][   T29] audit: type=1804 audit(1719241824.571:12): pid=5728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2697133727/syzkaller.Lw9G3Y/24/cgroup.controllers" dev="sda1" ino=1957 res=1 errno=0
[   97.649696][ T5753] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   97.796368][   T29] audit: type=1800 audit(1719241825.261:13): pid=5760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1966 res=0 errno=0
[   98.076444][ T5767] pim6reg1: entered promiscuous mode
[   98.120769][ T5767] pim6reg1: entered allmulticast mode
[   98.450573][ T5764] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[   98.783300][ T5794] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   99.049147][   T29] audit: type=1800 audit(1719241826.521:14): pid=5805 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1964 res=0 errno=0
[   99.481022][ T5828] __nla_validate_parse: 12 callbacks suppressed
[   99.481046][ T5828] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[   99.512049][ T5831] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[   99.801910][ T5841] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[   99.844443][ T5839] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   99.855776][ T5833] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[   99.888084][ T5833] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  100.093254][   T29] audit: type=1800 audit(1719241827.561:15): pid=5850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="memory.events" dev="sda1" ino=1964 res=0 errno=0
[  100.124907][ T5853] xt_CT: You must specify a L4 protocol and not use inversions on it
[  100.376807][ T5863] IPVS: set_ctl: invalid protocol: 103 172.20.20.187:20002
[  100.401957][ T5865] vcan0: entered promiscuous mode
[  100.415672][ T5865] vlan2: entered promiscuous mode
[  100.430885][ T5865] vlan2: entered allmulticast mode
[  100.455818][ T5865] vcan0: entered allmulticast mode
[  100.499079][ T5865] vcan0: left allmulticast mode
[  100.527655][ T5865] vcan0: left promiscuous mode
[  100.554644][ T5875] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  100.590370][ T5873] IPVS: length: 215 != 24
[  100.653686][ T5874] IPv4: Oversized IP packet from 172.20.20.24
[  100.662677][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  100.670498][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  100.697763][ T5868] IPv4: Oversized IP packet from 172.20.20.24
[  100.704644][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  100.711165][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  100.731261][ T5882] FAULT_INJECTION: forcing a failure.
[  100.731261][ T5882] name failslab, interval 1, probability 0, space 0, times 0
[  100.756306][   T29] audit: type=1800 audit(1719241828.221:16): pid=5867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz-executor.4" name="memory.events" dev="sda1" ino=1962 res=0 errno=0
[  100.766582][ T5882] CPU: 1 PID: 5882 Comm: syz-executor.3 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[  100.787479][ T5882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  100.797580][ T5882] Call Trace:
[  100.800898][ T5882]  <TASK>
[  100.803875][ T5882]  dump_stack_lvl+0x241/0x360
[  100.808615][ T5882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  100.813886][ T5882]  ? __pfx__printk+0x10/0x10
[  100.818624][ T5882]  ? nf_hook+0x396/0x450
[  100.822924][ T5882]  should_fail_ex+0x3b0/0x4e0
[  100.827666][ T5882]  ? skb_clone+0x20c/0x390
[  100.832138][ T5882]  should_failslab+0x9/0x20
[  100.836696][ T5882]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  100.842133][ T5882]  skb_clone+0x20c/0x390
[  100.846419][ T5882]  ? ip_mc_output+0x1ea/0x5c0
[  100.851141][ T5882]  ip_mc_output+0x1f7/0x5c0
[  100.855710][ T5882]  ip_send_skb+0x74/0x100
[  100.860134][ T5882]  udp_send_skb+0xaa6/0x1470
[  100.864817][ T5882]  udp_sendmsg+0x1c21/0x2a60
[  100.869508][ T5882]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  100.875118][ T5882]  ? __pfx_udp_sendmsg+0x10/0x10
[  100.880144][ T5882]  ? __lock_acquire+0x1346/0x1fd0
[  100.885237][ T5882]  udpv6_sendmsg+0x1383/0x3270
[  100.890068][ T5882]  ? release_sock+0x30/0x1f0
[  100.894735][ T5882]  ? __pfx_udpv6_sendmsg+0x10/0x10
[  100.899899][ T5882]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  100.906297][ T5882]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  100.908574][   T29] audit: type=1800 audit(1719241828.381:17): pid=5888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1954 res=0 errno=0
[  100.912039][ T5882]  ? inet_send_prepare+0x1b7/0x260
[  100.938624][ T5882]  ? do_raw_spin_unlock+0x13c/0x8b0
[  100.943890][ T5882]  ? inet_send_prepare+0x1b7/0x260
[  100.949063][ T5882]  __sock_sendmsg+0xef/0x270
[  100.953761][ T5882]  ____sys_sendmsg+0x525/0x7d0
[  100.958587][ T5882]  ? __pfx_____sys_sendmsg+0x10/0x10
[  100.963951][ T5882]  __sys_sendmsg+0x2b0/0x3a0
[  100.968596][ T5882]  ? __pfx___sys_sendmsg+0x10/0x10
[  100.973797][ T5882]  ? bpf_trace_run2+0x1fc/0x540
[  100.978716][ T5882]  ? bpf_trace_run2+0x36e/0x540
[  100.983637][ T5882]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  100.990011][ T5882]  ? rcu_is_watching+0x15/0xb0
[  100.994821][ T5882]  ? trace_sys_enter+0x1f/0xd0
[  100.999662][ T5882]  do_syscall_64+0xf3/0x230
[  101.004214][ T5882]  ? clear_bhb_loop+0x35/0x90
[  101.008941][ T5882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  101.014889][ T5882] RIP: 0033:0x7fcade07d0a9
[  101.019342][ T5882] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  101.038997][ T5882] RSP: 002b:00007fcadee790c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  101.047442][ T5882] RAX: ffffffffffffffda RBX: 00007fcade1b3f80 RCX: 00007fcade07d0a9
[  101.055428][ T5882] RDX: 0000000000000000 RSI: 00000000200016c0 RDI: 0000000000000003
[  101.063407][ T5882] RBP: 00007fcadee79120 R08: 0000000000000000 R09: 0000000000000000
[  101.071391][ T5882] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  101.079373][ T5882] R13: 000000000000000b R14: 00007fcade1b3f80 R15: 00007ffcc6e7a578
[  101.087377][ T5882]  </TASK>
[  101.359363][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.370231][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.379704][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.391252][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.411273][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.434488][ T5903] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  101.465729][ T5904] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  101.697796][ T5919] netlink: 'syz-executor.2': attribute type 11 has an invalid length.
[  101.763219][   T29] audit: type=1800 audit(1719241829.231:18): pid=5923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1942 res=0 errno=0
[  102.065887][ T5936] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  102.297478][ T5951] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  102.333675][ T5951] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  102.717832][ T5956] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  102.789402][ T5973] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  103.081816][ T5981] bond0: entered promiscuous mode
[  103.101316][ T5981] bond_slave_0: entered promiscuous mode
[  103.108545][ T5983] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  103.135452][ T5981] bond_slave_1: entered promiscuous mode
[  103.182287][ T5979] bond0: left promiscuous mode
[  103.197129][ T5979] bond_slave_0: left promiscuous mode
[  103.225229][ T5979] bond_slave_1: left promiscuous mode
[  103.730505][ T6015] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  104.015981][ T6028] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  104.458499][ T6060] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  104.729755][ T6074] __nla_validate_parse: 10 callbacks suppressed
[  104.729780][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  104.843202][ T6078] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.0'.
[  105.021865][ T6087] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  105.232141][ T6096] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  105.245367][ T6096] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  105.282713][ T6096] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  105.293108][ T6096] batadv_slave_0: entered promiscuous mode
[  105.317523][ T6096] debugfs: Directory 'hsr1' with parent 'hsr' already present!
[  105.332367][ T6096] Cannot create hsr debugfs directory
[  105.599966][ T6111] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  105.778448][ T6120] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[  105.854221][ T6120] netlink: 'syz-executor.3': attribute type 5 has an invalid length.
[  105.906435][ T6120] : entered promiscuous mode
[  105.923311][ T6129] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.3'.
[  105.960377][ T6129] bridge_slave_1: left allmulticast mode
[  105.999368][ T6129] bridge_slave_1: left promiscuous mode
[  106.024760][ T6129] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.061472][ T6129] bridge_slave_0: left allmulticast mode
[  106.073662][ T6129] bridge_slave_0: left promiscuous mode
[  106.087884][ T6129] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.659138][ T6155] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  106.719823][ T6153] syzkaller1: entered promiscuous mode
[  106.745068][ T6153] syzkaller1: entered allmulticast mode
[  106.866382][ T6162] xt_l2tp: wrong L2TP version: 0
[  107.040891][ T6168] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  107.245872][ T6176] vcan0: entered promiscuous mode
[  107.273623][ T6176] vlan2: entered promiscuous mode
[  107.288117][ T6176] vlan2: entered allmulticast mode
[  107.306941][ T6176] vcan0: entered allmulticast mode
[  107.328971][ T6176] vcan0: left allmulticast mode
[  107.344523][ T6176] vcan0: left promiscuous mode
[  107.396400][ T6184] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  107.439655][ T6185] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  107.929580][ T6215] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  107.934148][   T29] audit: type=1800 audit(1719241835.401:19): pid=6214 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1966 res=0 errno=0
[  108.216695][ T6225] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  108.282897][ T6231] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  108.579028][ T6232] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  108.674464][ T6238] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  108.913717][ T6254] xt_HMARK: proto mask must be zero with L3 mode
[  109.012077][   T29] audit: type=1800 audit(1719241836.481:20): pid=6258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1945 res=0 errno=0
[  109.561023][ T6280] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  109.831954][ T6285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  110.020056][ T6294] __nla_validate_parse: 2 callbacks suppressed
[  110.020079][ T6294] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.058787][ T6294] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.098759][ T6294] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.136905][ T6294] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.1'.
[  110.272381][   T29] audit: type=1800 audit(1719241837.721:21): pid=6306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1944 res=0 errno=0
[  110.373354][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  110.393069][ T6310] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  110.486152][ T6310] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  110.680294][ T6323] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  110.698851][ T6325] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  111.401609][   T29] audit: type=1800 audit(1719241838.871:22): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1966 res=0 errno=0
[  111.795166][ T6362] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  111.946534][ T6368] netlink: 184 bytes leftover after parsing attributes in process `syz-executor.1'.
[  112.209836][ T6371] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  112.373690][ T6374] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  113.170059][ T6397] netlink: 'syz-executor.0': attribute type 9 has an invalid length.
[  113.493602][ T6412] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  113.584587][ T6415] netlink: 'syz-executor.1': attribute type 11 has an invalid length.
[  113.946259][ T6449] netlink: 'syz-executor.1': attribute type 9 has an invalid length.
[  114.191739][ T6467] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  114.350348][ T6467] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  114.399965][ T6475] netlink: 'syz-executor.4': attribute type 11 has an invalid length.
[  115.003980][ T6506] block nbd0: not configured, cannot reconfigure
[  115.241379][ T6514] __nla_validate_parse: 5 callbacks suppressed
[  115.241402][ T6514] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  116.075171][ T6547] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  116.102129][ T6547] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  116.116601][ T6555] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  116.137055][ T6547] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  116.423516][ T6570] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  116.907459][ T6584] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  117.031690][ T6597] openvswitch: netlink: Flow get message rejected, Key attribute missing.
[  117.911262][ T6642] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.151081][ T6647] team_slave_0: entered promiscuous mode
[  118.157226][ T6647] team_slave_1: entered promiscuous mode
[  118.211246][ T6647] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  118.230617][ T6647] team_slave_0: left promiscuous mode
[  118.236167][ T6647] team_slave_1: left promiscuous mode
[  118.281755][ T6651] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.317956][ T6651] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.373544][ T6652] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  118.630626][   T29] audit: type=1800 audit(1719241846.091:23): pid=6657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1963 res=0 errno=0
[  119.321744][ T6690] syzkaller1: entered promiscuous mode
[  119.339556][ T6690] syzkaller1: entered allmulticast mode
[  119.364811][ T6690] openvswitch: netlink: IP tunnel attribute has 3060 unknown bytes.
[  119.537862][   T29] audit: type=1800 audit(1719241847.011:24): pid=6704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1951 res=0 errno=0
[  119.801011][ T6711] x_tables: duplicate underflow at hook 2
[  120.309924][ T6736] __nla_validate_parse: 3 callbacks suppressed
[  120.309947][ T6736] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  120.583593][ T6746] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  120.698028][ T2425] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  120.773436][ T6746] vlan2: entered allmulticast mode
[  120.790316][ T6746] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  120.828009][ T6746] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  120.952819][ T6755] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  121.042491][ T2425] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.273683][ T2425] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.430798][ T2425] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  121.473581][ T6774] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  121.547533][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  121.563069][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  121.577883][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  121.634543][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  121.666137][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  121.674137][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  121.725831][ T6793] x_tables: duplicate underflow at hook 2
[  121.743801][ T6794] FAULT_INJECTION: forcing a failure.
[  121.743801][ T6794] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  121.757726][ T6794] CPU: 1 PID: 6794 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[  121.768222][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  121.778321][ T6794] Call Trace:
[  121.781650][ T6794]  <TASK>
[  121.784626][ T6794]  dump_stack_lvl+0x241/0x360
[  121.789376][ T6794]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.794635][ T6794]  ? __pfx__printk+0x10/0x10
[  121.799285][ T6794]  ? __pfx_lock_release+0x10/0x10
[  121.804376][ T6794]  should_fail_ex+0x3b0/0x4e0
[  121.809123][ T6794]  _copy_from_user+0x2f/0xe0
[  121.813776][ T6794]  copy_msghdr_from_user+0xae/0x680
[  121.819022][ T6794]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  121.824862][ T6794]  __sys_sendmsg+0x23d/0x3a0
[  121.829481][ T6794]  ? __pfx___sys_sendmsg+0x10/0x10
[  121.834645][ T6794]  ? vfs_write+0x7c4/0xc90
[  121.839158][ T6794]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  121.845527][ T6794]  ? do_syscall_64+0x100/0x230
[  121.850320][ T6794]  ? do_syscall_64+0xb6/0x230
[  121.855027][ T6794]  do_syscall_64+0xf3/0x230
[  121.859553][ T6794]  ? clear_bhb_loop+0x35/0x90
[  121.864410][ T6794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  121.870365][ T6794] RIP: 0033:0x7f603d87d0a9
[  121.874804][ T6794] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  121.894553][ T6794] RSP: 002b:00007f603e5ae0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  121.903017][ T6794] RAX: ffffffffffffffda RBX: 00007f603d9b3f80 RCX: 00007f603d87d0a9
[  121.911046][ T6794] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000004
[  121.919075][ T6794] RBP: 00007f603e5ae120 R08: 0000000000000000 R09: 0000000000000000
[  121.927067][ T6794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  121.935055][ T6794] R13: 000000000000000b R14: 00007f603d9b3f80 R15: 00007ffded201dd8
[  121.943063][ T6794]  </TASK>
[  122.103664][ T6799] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  122.138531][ T6802] vxcan0: tx drop: invalid da for name 0x0000000000000003
[  122.225337][ T6806] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.0'.
[  122.567173][   T51] tipc: Subscription rejected, illegal request
[  122.691519][ T2425] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  122.704273][ T2425] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  122.716292][ T2425] bond0 (unregistering): Released all slaves
[  122.744105][ T6799] vlan2: entered allmulticast mode
[  122.749446][ T6799] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  122.765357][ T6799] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  122.835195][ T6806] vlan2: entered allmulticast mode
[  122.853916][ T6806] mac80211_hwsim hwsim9 wlan1: entered allmulticast mode
[  122.870627][ T6806] mac80211_hwsim hwsim9 wlan1: left allmulticast mode
[  122.921207][ T6813] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  123.546398][ T2425] hsr_slave_0: left promiscuous mode
[  123.575139][ T2425] hsr_slave_1: left promiscuous mode
[  123.592259][ T2425] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.603452][ T2425] batman_adv: batadv0: Removing interface: batadv_slave_0
[  123.622432][ T2425] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.633867][ T2425] batman_adv: batadv0: Removing interface: batadv_slave_1
[  123.668477][ T2425] veth1_macvtap: left promiscuous mode
[  123.674790][ T2425] veth0_macvtap: left promiscuous mode
[  123.681390][ T2425] veth1_vlan: left promiscuous mode
[  123.687356][ T2425] veth0_vlan: left promiscuous mode
[  123.767536][ T5129] Bluetooth: hci1: command tx timeout
[  123.793164][ T6852] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.2'.
[  124.338869][ T2425] team0 (unregistering): Port device team_slave_1 removed
[  124.381546][ T2425] team0 (unregistering): Port device team_slave_0 removed
[  124.846079][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  124.898613][ T6857] vcan0: entered promiscuous mode
[  124.903804][ T6857] vlan2: entered promiscuous mode
[  124.914507][ T6857] vlan2: entered allmulticast mode
[  124.926450][ T6857] vcan0: entered allmulticast mode
[  124.942005][ T6857] vcan0: left allmulticast mode
[  124.948035][ T6857] vcan0: left promiscuous mode
[  125.001351][ T6862] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  125.172650][ T6786] chnl_net:caif_netlink_parms(): no params data found
[  125.273309][ T6868] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  125.370547][ T6876] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'.
[  125.832416][ T6786] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.836827][ T5129] Bluetooth: hci1: command tx timeout
[  125.850758][ T6786] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.873050][ T6786] bridge_slave_0: entered allmulticast mode
[  125.892095][ T6786] bridge_slave_0: entered promiscuous mode
[  125.903607][ T6888] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  125.920261][ T6786] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.935063][ T6786] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.942659][ T6786] bridge_slave_1: entered allmulticast mode
[  125.962052][ T6786] bridge_slave_1: entered promiscuous mode
[  126.028165][ T6786] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  126.042620][ T6786] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  126.057057][ T6887] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  126.274533][ T6786] team0: Port device team_slave_0 added
[  126.294311][ T6786] team0: Port device team_slave_1 added
[  126.385564][ T6901] netlink: 'syz-executor.0': attribute type 142 has an invalid length.
[  126.522315][ T6786] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.552312][ T6786] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.600040][ T6913] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  126.607151][ T6786] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.623841][ T6786] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.631419][ T6786] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.684143][ T6786] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.853761][   T29] audit: type=1804 audit(1719241854.321:25): pid=6923 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3205350856/syzkaller.UUG7vO/111/cgroup.controllers" dev="sda1" ino=1945 res=1 errno=0
[  126.888725][ T6918] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  127.014246][ T6923] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  127.059170][ T6786] hsr_slave_0: entered promiscuous mode
[  127.081971][ T6786] hsr_slave_1: entered promiscuous mode
[  127.103156][ T6786] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  127.111858][ T6786] Cannot create hsr debugfs directory
[  127.337443][ T6932] vcan0: entered promiscuous mode
[  127.342651][ T6932] vlan3: entered promiscuous mode
[  127.368590][ T6932] vlan3: entered allmulticast mode
[  127.378162][ T6932] vcan0: entered allmulticast mode
[  127.390997][ T6932] vcan0: left allmulticast mode
[  127.406721][ T6932] vcan0: left promiscuous mode
[  127.576732][   T51] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.786415][   T51] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.916701][ T5129] Bluetooth: hci1: command tx timeout
[  128.023292][ T6945] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  128.045668][   T51] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.230940][ T5131] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  128.248100][ T5131] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  128.257797][ T5131] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  128.266772][ T5131] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  128.273541][   T51] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.286276][ T5131] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  128.305658][ T5131] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  128.717523][ T6973] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  129.113804][   T51] bond0 (unregistering): left promiscuous mode
[  129.120284][   T51] bond_slave_0: left promiscuous mode
[  129.125965][   T51] bond_slave_1: left promiscuous mode
[  129.134164][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  129.152138][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  129.163474][   T51] bond0 (unregistering): Released all slaves
[  129.205890][ T6973] vlan2: entered allmulticast mode
[  129.211857][ T6973] mac80211_hwsim hwsim5 wlan1: entered allmulticast mode
[  129.230412][ T6973] mac80211_hwsim hwsim5 wlan1: left allmulticast mode
[  129.301444][ T6976] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  129.532580][ T6987] smc: net device ip6_vti0 applied user defined pnetid SYZ0
[  129.721948][ T6997] dccp_xmit_packet: Payload too large (65475) for featneg.
[  129.838059][   T51] dummy0: left promiscuous mode
[  129.867793][   T29] audit: type=1804 audit(1719241857.331:26): pid=6989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2035380209/syzkaller.hzOqQR/117/cgroup.controllers" dev="sda1" ino=1944 res=1 errno=0
[  129.894618][   T51] hsr_slave_0: left promiscuous mode
[  129.908682][   T51] hsr_slave_1: left promiscuous mode
[  129.917209][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.924681][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.959736][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.973854][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.996708][ T5129] Bluetooth: hci1: command tx timeout
[  130.026008][   T51] veth1_macvtap: left promiscuous mode
[  130.036756][   T51] veth0_macvtap: left promiscuous mode
[  130.042894][   T51] veth1_vlan: left promiscuous mode
[  130.048560][   T51] veth0_vlan: left promiscuous mode
[  130.397995][ T5129] Bluetooth: hci2: command tx timeout
[  130.633044][   T51] team0 (unregistering): Port device team_slave_1 removed
[  130.677822][   T51] team0 (unregistering): Port device team_slave_0 removed
[  131.214049][ T6786] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  131.294393][ T6786] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  131.327220][ T6786] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  131.381593][ T6786] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  131.434617][ T7027] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  131.494207][ T7027] syz_tun: entered promiscuous mode
[  131.600149][ T7027] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  131.604484][ T7038] dccp_xmit_packet: Payload too large (65475) for featneg.
[  131.638897][ T7036] sctp: [Deprecated]: syz-executor.1 (pid 7036) Use of int in max_burst socket option.
[  131.638897][ T7036] Use struct sctp_assoc_value instead
[  131.694676][ T6950] chnl_net:caif_netlink_parms(): no params data found
[  132.035547][ T6950] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.054016][ T6950] bridge0: port 1(bridge_slave_0) entered disabled state
[  132.064600][ T6950] bridge_slave_0: entered allmulticast mode
[  132.079381][ T6950] bridge_slave_0: entered promiscuous mode
[  132.101007][ T6950] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.112598][ T6950] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.122353][ T6950] bridge_slave_1: entered allmulticast mode
[  132.130779][ T6950] bridge_slave_1: entered promiscuous mode
[  132.335678][ T6950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  132.359817][ T6950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  132.488888][ T5129] Bluetooth: hci2: command tx timeout
[  132.512497][ T6950] team0: Port device team_slave_0 added
[  132.540097][ T6950] team0: Port device team_slave_1 added
[  132.738920][ T6950] batman_adv: batadv0: Adding interface: batadv_slave_0
[  132.745953][ T6950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.781162][ T6950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  132.803384][ T6950] batman_adv: batadv0: Adding interface: batadv_slave_1
[  132.827377][ T6950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  132.884499][ T6950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  132.938177][ T7069] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.2'.
[  132.991614][ T6786] 8021q: adding VLAN 0 to HW filter on device bond0
[  133.154193][ T6950] hsr_slave_0: entered promiscuous mode
[  133.178140][ T6950] hsr_slave_1: entered promiscuous mode
[  133.200798][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  133.207790][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  133.216682][ T6950] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  133.224321][ T6950] Cannot create hsr debugfs directory
[  133.258016][ T7074] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  133.265524][ T7074] batman_adv: batadv0: Removing interface: batadv_slave_0
[  133.314078][ T7074] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  133.340751][ T7074] batman_adv: batadv0: Removing interface: batadv_slave_1
[  133.559707][ T6786] 8021q: adding VLAN 0 to HW filter on device team0
[  133.580434][ T7077] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap0
[  133.603093][ T7077] ip6gretap0: entered promiscuous mode
[  133.613826][ T7077] macsec1: entered promiscuous mode
[  133.620679][ T7077] macsec1: entered allmulticast mode
[  133.626185][ T7077] ip6gretap0: entered allmulticast mode
[  133.651680][ T7077] ip6gretap0: left allmulticast mode
[  133.659830][ T7077] ip6gretap0: left promiscuous mode
[  133.814604][  T785] bridge0: port 1(bridge_slave_0) entered blocking state
[  133.821878][  T785] bridge0: port 1(bridge_slave_0) entered forwarding state
[  133.901487][ T5172] bridge0: port 2(bridge_slave_1) entered blocking state
[  133.908800][ T5172] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.040976][ T7087] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  134.313310][ T7101] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  134.557441][ T5129] Bluetooth: hci2: command tx timeout
[  134.700276][ T6786] 8021q: adding VLAN 0 to HW filter on device batadv0
[  134.776290][ T6950] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  134.793340][ T7124] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  134.801808][ T6950] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  134.827148][ T6950] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  134.836570][ T7124] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.3'.
[  134.858131][ T6950] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  135.150025][ T7141] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  135.372454][ T6950] 8021q: adding VLAN 0 to HW filter on device bond0
[  135.463950][ T6950] 8021q: adding VLAN 0 to HW filter on device team0
[  135.488317][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.495546][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state
[  135.541927][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state
[  135.549208][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state
[  135.822373][ T6786] veth0_vlan: entered promiscuous mode
[  135.871058][ T6786] veth1_vlan: entered promiscuous mode
[  135.935762][ T7154] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  136.010446][ T6786] veth0_macvtap: entered promiscuous mode
[  136.049221][ T6786] veth1_macvtap: entered promiscuous mode
[  136.056322][ T7154] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  136.092609][ T7154] netlink: 84 bytes leftover after parsing attributes in process `syz-executor.1'.
[  136.227776][ T6786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.249088][ T6786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.270885][ T6786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  136.302638][ T6786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.336271][ T6786] batman_adv: batadv0: Interface activated: batadv_slave_0
[  136.373316][ T6950] 8021q: adding VLAN 0 to HW filter on device batadv0
[  136.411727][ T6786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.442931][ T6786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.463364][ T6786] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  136.486603][ T6786] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  136.511187][ T6786] batman_adv: batadv0: Interface activated: batadv_slave_1
[  136.587945][ T6786] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  136.609427][ T6786] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  136.628844][ T6786] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  136.638728][ T5129] Bluetooth: hci2: command tx timeout
[  136.654515][ T6786] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  136.860305][ T7162] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  136.867548][ T7162] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  136.894213][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  136.926794][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  136.984744][ T7164] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  137.006657][ T7164] netlink: 3657 bytes leftover after parsing attributes in process `syz-executor.1'.
[  137.102089][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  137.106638][ T6950] veth0_vlan: entered promiscuous mode
[  137.124070][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  137.190851][ T6950] veth1_vlan: entered promiscuous mode
[  137.273678][ T7170] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  137.499294][ T6950] veth0_macvtap: entered promiscuous mode
[  137.512574][ T6950] veth1_macvtap: entered promiscuous mode
[  137.581278][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.604391][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.630789][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.646298][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.658266][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  137.671237][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.698990][ T6950] batman_adv: batadv0: Interface activated: batadv_slave_0
[  137.764937][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.785870][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.812505][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.838166][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.866783][ T6950] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  137.879470][ T7189] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  137.895903][ T7189] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  137.906765][ T6950] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  137.946672][ T6950] batman_adv: batadv0: Interface activated: batadv_slave_1
[  137.964488][ T7183] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  138.043583][ T6950] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  138.087862][ T6950] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  138.111105][ T6950] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  138.130807][ T6950] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  138.259852][   T58] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.306897][ T7194] 
: renamed from sit0
[  138.503235][   T58] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.715936][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.730302][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  138.870326][   T58] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  138.946382][ T2425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  138.975189][ T2425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  139.001751][ T5131] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  139.014966][ T5131] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  139.026675][ T5131] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  139.040930][ T5131] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  139.059177][ T5131] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  139.065456][   T58] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.078625][ T5131] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  139.104816][ T7218] netlink: 'syz-executor.2': attribute type 27 has an invalid length.
[  139.264737][ T7226] IPv4: Oversized IP packet from 172.20.20.24
[  139.270525][ T7228] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  139.271707][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  139.281279][ T7228] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  139.285430][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  139.587693][   T58] bridge_slave_1: left allmulticast mode
[  139.614139][   T58] bridge_slave_1: left promiscuous mode
[  139.659680][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.748574][   T58] bridge_slave_0: left allmulticast mode
[  139.765428][   T58] bridge_slave_0: left promiscuous mode
[  139.771848][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.356949][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.369426][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.384250][   T58] bond0 (unregistering): Released all slaves
[  140.436961][ T7261] team_slave_0: entered promiscuous mode
[  140.442959][ T7261] team_slave_1: entered promiscuous mode
[  140.462971][ T7261] macsec1: entered promiscuous mode
[  140.478669][ T7261] team0: entered promiscuous mode
[  140.491183][ T7261] macvlan2: entered promiscuous mode
[  140.508448][ T7261] macsec1: entered allmulticast mode
[  140.513834][ T7261] team0: entered allmulticast mode
[  140.519256][ T7261] team_slave_0: entered allmulticast mode
[  140.525013][ T7261] team_slave_1: entered allmulticast mode
[  140.549662][ T7261] team0: left allmulticast mode
[  140.554577][ T7261] team_slave_0: left allmulticast mode
[  140.567827][ T7261] team_slave_1: left allmulticast mode
[  140.573406][ T7261] team0: left promiscuous mode
[  140.578824][ T7261] macvlan2: left promiscuous mode
[  140.584676][ T7261] team_slave_0: left promiscuous mode
[  140.590156][ T7261] team_slave_1: left promiscuous mode
[  140.627050][ T7268] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  140.806829][ T7284] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  140.992843][ T7295] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  141.196809][ T5131] Bluetooth: hci1: command tx timeout
[  141.706851][ T7324] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.1'.
[  141.729531][   T58] hsr_slave_0: left promiscuous mode
[  141.741380][   T58] hsr_slave_1: left promiscuous mode
[  141.763561][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  141.775140][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  141.784218][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  141.793902][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  141.899783][ T7326] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  141.914789][   T58] veth1_macvtap: left promiscuous mode
[  141.936622][   T58] veth0_macvtap: left promiscuous mode
[  141.954137][   T58] veth1_vlan: left promiscuous mode
[  141.962659][   T58] veth0_vlan: left promiscuous mode
[  141.991270][ T7336] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  142.189163][ T7342] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.0'.
[  142.702857][   T58] team0 (unregistering): Port device team_slave_1 removed
[  142.750956][   T58] team0 (unregistering): Port device team_slave_0 removed
[  143.250307][ T7338] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  143.265663][ T7336] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  143.287003][ T5131] Bluetooth: hci1: command tx timeout
[  143.321877][ T7216] chnl_net:caif_netlink_parms(): no params data found
[  144.034907][ T7381] netlink: 191416 bytes leftover after parsing attributes in process `syz-executor.1'.
[  144.057449][ T7381] netlink: zone id is out of range
[  144.062643][ T7381] netlink: zone id is out of range
[  144.097324][ T7381] netlink: zone id is out of range
[  144.102706][ T7381] netlink: zone id is out of range
[  144.118224][ T7381] netlink: zone id is out of range
[  144.123403][ T7381] netlink: zone id is out of range
[  144.138649][ T7381] netlink: zone id is out of range
[  144.143962][ T7381] netlink: zone id is out of range
[  144.168289][ T7381] netlink: zone id is out of range
[  144.190979][ T7381] netlink: zone id is out of range
[  144.248315][ T7382] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  144.287596][ T7216] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.319356][ T7216] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.343588][ T7216] bridge_slave_0: entered allmulticast mode
[  144.369658][ T7216] bridge_slave_0: entered promiscuous mode
[  144.388408][ T7216] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.421926][ T7216] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.431113][ T7216] bridge_slave_1: entered allmulticast mode
[  144.445162][ T7216] bridge_slave_1: entered promiscuous mode
[  144.579447][ T7216] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  144.615160][ T7216] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  144.716012][ T7216] team0: Port device team_slave_0 added
[  144.768226][ T7216] team0: Port device team_slave_1 added
[  144.858599][ T7403] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  145.089081][ T7216] batman_adv: batadv0: Adding interface: batadv_slave_0
[  145.097474][ T7216] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.144884][ T7216] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  145.162071][ T7405] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  145.171832][ T7405] bridge_slave_1: left allmulticast mode
[  145.181726][ T7405] bridge_slave_1: left promiscuous mode
[  145.187747][ T7405] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.213650][ T7405] bridge_slave_0: left allmulticast mode
[  145.233036][ T7405] bridge_slave_0: left promiscuous mode
[  145.248335][ T7405] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.358583][ T5131] Bluetooth: hci1: command tx timeout
[  145.371984][ T7403] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  145.404494][ T7216] batman_adv: batadv0: Adding interface: batadv_slave_1
[  145.425677][ T7216] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  145.456194][ T7216] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  145.566996][ T7216] hsr_slave_0: entered promiscuous mode
[  145.586970][ T7216] hsr_slave_1: entered promiscuous mode
[  145.595932][ T7216] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  145.611362][ T7216] Cannot create hsr debugfs directory
[  146.424549][ T7427] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  146.509057][ T7216] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  146.523760][ T7216] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  146.539694][ T7216] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  146.593073][ T7216] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  146.733837][ T7439] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  147.000202][ T7216] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.044174][ T7449] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[  147.065703][ T7439] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  147.083560][ T7216] 8021q: adding VLAN 0 to HW filter on device team0
[  147.111585][  T785] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.118868][  T785] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.150547][ T7454] netlink: 'syz-executor.3': attribute type 2 has an invalid length.
[  147.172735][ T7451] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  147.176784][ T7454] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  147.224565][ T7458] bridge_slave_1: left allmulticast mode
[  147.233579][ T7458] bridge_slave_1: left promiscuous mode
[  147.243542][ T7458] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.289390][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.296650][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.437929][ T5131] Bluetooth: hci1: command tx timeout
[  147.883651][ T7484] hsr_slave_0 (unregistering): left promiscuous mode
[  148.234723][ T7505] netlink: 'syz-executor.2': attribute type 9 has an invalid length.
[  148.359720][ T7216] 8021q: adding VLAN 0 to HW filter on device batadv0
[  149.031023][ T7543] __nla_validate_parse: 2 callbacks suppressed
[  149.031057][ T7543] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  149.137373][ T7546] netlink: 468 bytes leftover after parsing attributes in process `syz-executor.1'.
[  149.182853][ T7546] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'.
[  149.245643][ T7559] netlink: 'syz-executor.2': attribute type 9 has an invalid length.
[  149.335196][ T7560] bond0: (slave bond_slave_0): Releasing backup interface
[  149.430960][ T7216] veth0_vlan: entered promiscuous mode
[  149.470520][ T7216] veth1_vlan: entered promiscuous mode
[  149.535648][ T7216] veth0_macvtap: entered promiscuous mode
[  149.545224][ T7566] xt_cgroup: invalid path, errno=-2
[  149.555028][ T7216] veth1_macvtap: entered promiscuous mode
[  149.603788][ T7566] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  149.613673][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.613701][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.613714][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.613730][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.613746][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  149.613762][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.615658][ T7216] batman_adv: batadv0: Interface activated: batadv_slave_0
[  149.696689][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.707972][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.721093][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.756755][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.767717][ T7216] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  149.778329][ T7216] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  149.803657][ T7216] batman_adv: batadv0: Interface activated: batadv_slave_1
[  149.848506][ T7216] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  149.872383][ T7216] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  149.889376][ T7216] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  149.912377][ T7216] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  149.938102][ T7572] syzkaller1: entered promiscuous mode
[  149.958693][ T7572] syzkaller1: entered allmulticast mode
[  150.241196][ T7588] tipc: Started in network mode
[  150.261691][ T7588] tipc: Node identity 00306c6ef81f86b4, cluster identity 4711
[  150.273989][ T7588] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  150.308197][ T1102] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.316175][ T1102] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.431982][ T1102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  150.467518][ T1102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  150.646363][ T7605] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'.
[  150.682471][ T7605] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  150.857005][ T7613] netlink: 'syz-executor.2': attribute type 7 has an invalid length.
[  150.885745][ T7613] netlink: 'syz-executor.2': attribute type 39 has an invalid length.
[  151.203618][ T7625] netlink: 27 bytes leftover after parsing attributes in process `syz-executor.2'.
[  151.233201][ T7625] ieee802154 phy0 wpan0: encryption failed: -90
[  151.311567][ T7627] xt_cgroup: invalid path, errno=-2
[  151.352443][ T7627] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'.
[  151.428499][ T7631] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  151.606003][ T7640] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'.
[  151.663649][ T7641] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  151.686791][ T7641] syzkaller0: entered promiscuous mode
[  151.692439][ T7641] syzkaller0: entered allmulticast mode
[  151.954675][   T58] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.271244][ T7653] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  152.524883][   T29] audit: type=1800 audit(1719241879.991:27): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="memory.events" dev="sda1" ino=1960 res=0 errno=0
[  152.576662][   T29] audit: type=1804 audit(1719241879.991:28): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2035380209/syzkaller.hzOqQR/181/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  152.642817][   T29] audit: type=1804 audit(1719241880.031:29): pid=7659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2035380209/syzkaller.hzOqQR/181/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  152.714333][   T29] audit: type=1804 audit(1719241880.151:30): pid=7661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir2035380209/syzkaller.hzOqQR/181/memory.events" dev="sda1" ino=1960 res=1 errno=0
[  152.801394][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  152.814513][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  152.823290][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  152.832000][   T58] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.847209][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  152.855152][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  152.863658][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  152.930040][   T58] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.027682][   T58] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  153.451885][ T7666] chnl_net:caif_netlink_parms(): no params data found
[  153.491691][   T58] bridge_slave_1: left allmulticast mode
[  153.505814][   T58] bridge_slave_1: left promiscuous mode
[  153.532837][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.555692][   T58] bridge_slave_0: left allmulticast mode
[  153.563587][   T58] bridge_slave_0: left promiscuous mode
[  153.575171][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.175065][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  154.190687][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  154.202428][   T58] bond0 (unregistering): Released all slaves
[  154.273031][ T7693] __nla_validate_parse: 4 callbacks suppressed
[  154.273054][ T7693] netlink: 14568 bytes leftover after parsing attributes in process `syz-executor.3'.
[  154.850618][ T7666] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.853448][ T5172] IPVS: starting estimator thread 0...
[  154.866714][ T7666] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.880390][ T7666] bridge_slave_0: entered allmulticast mode
[  154.901890][ T7666] bridge_slave_0: entered promiscuous mode
[  154.939190][ T7666] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.967609][ T5131] Bluetooth: hci1: command tx timeout
[  154.986815][ T7737] IPVS: using max 18 ests per chain, 43200 per kthread
[  154.997371][ T7666] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.053915][ T7666] bridge_slave_1: entered allmulticast mode
[  155.072350][ T7666] bridge_slave_1: entered promiscuous mode
[  155.102206][   T58] hsr_slave_0: left promiscuous mode
[  155.120661][   T58] hsr_slave_1: left promiscuous mode
[  155.173780][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  155.185774][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  155.211465][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  155.230897][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  155.291399][   T58] veth1_macvtap: left promiscuous mode
[  155.299794][   T58] veth0_macvtap: left promiscuous mode
[  155.310879][   T58] veth1_vlan: left promiscuous mode
[  155.316342][   T58] veth0_vlan: left promiscuous mode
[  156.139609][   T58] team0 (unregistering): Port device team_slave_1 removed
[  156.183419][   T58] team0 (unregistering): Port device team_slave_0 removed
[  156.665355][ T7747] vlan2: entered allmulticast mode
[  156.674369][ T7747] mac80211_hwsim hwsim15 wlan0: entered allmulticast mode
[  156.701400][ T7752] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  156.728038][ T7754] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  156.739413][ T7754] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  156.791399][ T7666] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.841943][ T7666] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  157.036792][ T5131] Bluetooth: hci1: command tx timeout
[  157.085981][ T7666] team0: Port device team_slave_0 added
[  157.164366][   T25] IPVS: starting estimator thread 0...
[  157.246152][ T7666] team0: Port device team_slave_1 added
[  157.266623][ T7776] IPVS: using max 16 ests per chain, 38400 per kthread
[  157.371261][ T7666] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.385316][ T7666] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.429348][ T7666] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.449504][ T7666] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.461251][ T7666] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.504927][ T7666] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.670034][ T7796] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.2'.
[  157.683661][ T7796] 0ªX¹¦À: renamed from caif0
[  157.700118][ T7796] 0ªX¹¦À: entered allmulticast mode
[  157.710742][ T7796] net_ratelimit: 876 callbacks suppressed
[  157.710763][ T7796] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[  157.766952][ T7666] hsr_slave_0: entered promiscuous mode
[  157.793936][ T7666] hsr_slave_1: entered promiscuous mode
[  157.805522][ T7666] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  157.826823][ T7666] Cannot create hsr debugfs directory
[  158.078134][ T7807] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.2'.
[  158.287064][ T7810] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  158.693846][ T7827] tipc: Can't bind to reserved service type 0
[  158.809694][ T7833] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  159.003467][ T7666] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  159.049066][ T7666] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  159.091250][ T7666] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  159.118871][ T5131] Bluetooth: hci1: command tx timeout
[  159.124100][ T7666] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  159.490772][ T7666] 8021q: adding VLAN 0 to HW filter on device bond0
[  159.516335][ T7666] 8021q: adding VLAN 0 to HW filter on device team0
[  159.547021][ T5173] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.554248][ T5173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.588395][ T5173] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.595670][ T5173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.729563][ T7666] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  159.785135][ T7864] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  159.834007][ T7864] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'.
[  159.984542][ T7846] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  160.240177][ T7666] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.304422][ T7885] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  160.925022][ T7912] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  161.063828][ T7666] veth0_vlan: entered promiscuous mode
[  161.108700][ T7666] veth1_vlan: entered promiscuous mode
[  161.197560][ T5131] Bluetooth: hci1: command tx timeout
[  161.303381][ T7666] veth0_macvtap: entered promiscuous mode
[  161.350090][ T7666] veth1_macvtap: entered promiscuous mode
[  161.394656][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.440220][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.455136][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.476044][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.487826][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  161.500026][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.513176][ T7666] batman_adv: batadv0: Interface activated: batadv_slave_0
[  161.541101][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.557481][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.569829][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.580703][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.590883][ T7666] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  161.603609][ T7666] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  161.616165][ T7666] batman_adv: batadv0: Interface activated: batadv_slave_1
[  161.649139][ T7666] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  161.674735][ T7666] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  161.694146][ T7666] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  161.716022][ T7666] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  161.742332][ T7941] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  161.935985][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  161.956187][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.038420][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  162.054478][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  162.350756][ T7959] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  162.584133][ T7969] bond_slave_1: entered promiscuous mode
[  162.633986][ T7969] vlan2: entered promiscuous mode
[  162.661825][ T7969] bond0: entered promiscuous mode
[  162.696060][ T7969] vlan2: entered allmulticast mode
[  162.736045][ T7969] bond0: entered allmulticast mode
[  162.746337][ T7969] bond_slave_1: entered allmulticast mode
[  162.760985][ T7969] bond0: left allmulticast mode
[  162.766827][ T7969] bond_slave_1: left allmulticast mode
[  162.772363][ T7969] bond0: left promiscuous mode
[  162.799274][ T7969] bond_slave_1: left promiscuous mode
[  162.860749][ T7948] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  163.383632][ T7997] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  163.410886][ T7997] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.3'.
[  163.586757][   T29] audit: type=1804 audit(1719241891.051:31): pid=8010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3205350856/syzkaller.UUG7vO/202/cgroup.controllers" dev="sda1" ino=1959 res=1 errno=0
[  163.627140][ T8009] bond_slave_0: entered promiscuous mode
[  163.632884][ T8009] bond_slave_1: entered promiscuous mode
[  163.652293][ T8009] vlan2: entered promiscuous mode
[  163.663372][ T8009] bond0: entered promiscuous mode
[  163.672092][ T8009] vlan2: entered allmulticast mode
[  163.684341][ T8009] bond0: entered allmulticast mode
[  163.691368][ T8009] bond_slave_0: entered allmulticast mode
[  163.702922][ T8009] bond_slave_1: entered allmulticast mode
[  163.709370][ T8009] syz_tun: entered allmulticast mode
[  163.719649][ T8009] bond0: left allmulticast mode
[  163.729995][ T8009] bond_slave_0: left allmulticast mode
[  163.735840][ T8009] bond_slave_1: left allmulticast mode
[  163.743585][ T8009] syz_tun: left allmulticast mode
[  163.753355][ T8009] bond0: left promiscuous mode
[  163.775964][ T8009] bond_slave_0: left promiscuous mode
[  163.781552][ T8009] bond_slave_1: left promiscuous mode
[  164.017467][ T8024] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  164.321264][   T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.777310][ T8054] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  164.914441][ T8062] netlink: 199356 bytes leftover after parsing attributes in process `syz-executor.2'.
[  164.956846][ T8062] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  164.990451][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  165.005977][ T8062] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  165.360877][   T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.540262][   T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.626277][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  165.635371][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  165.654955][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  165.673196][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  165.685284][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  165.701574][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  165.773350][   T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  165.825924][ T8089] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  166.110025][   T11] bridge_slave_1: left allmulticast mode
[  166.134570][   T11] bridge_slave_1: left promiscuous mode
[  166.146866][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  166.199568][   T11] bridge_slave_0: left allmulticast mode
[  166.205270][   T11] bridge_slave_0: left promiscuous mode
[  166.221807][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  166.628661][   T29] audit: type=1804 audit(1719241894.101:32): pid=8122 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2697133727/syzkaller.Lw9G3Y/171/cgroup.controllers" dev="sda1" ino=1953 res=1 errno=0
[  167.171647][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  167.214952][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  167.250091][   T11] bond0 (unregistering): Released all slaves
[  167.515684][ T8163] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.759516][ T5129] Bluetooth: hci1: command tx timeout
[  167.833107][ T8080] chnl_net:caif_netlink_parms(): no params data found
[  168.010259][   T11] hsr_slave_0: left promiscuous mode
[  168.018228][ T8190] netlink: 'syz-executor.0': attribute type 27 has an invalid length.
[  168.029830][   T11] hsr_slave_1: left promiscuous mode
[  168.036301][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  168.044763][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  168.053996][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  168.061982][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  168.094177][   T11] veth1_macvtap: left promiscuous mode
[  168.107573][   T11] veth0_macvtap: left promiscuous mode
[  168.113457][   T11] veth1_vlan: left promiscuous mode
[  168.125291][   T11] veth0_vlan: left promiscuous mode
[  168.233684][ T8205] netlink: 596 bytes leftover after parsing attributes in process `syz-executor.0'.
[  168.821582][   T11] team0 (unregistering): Port device team_slave_1 removed
[  168.867922][   T11] team0 (unregistering): Port device team_slave_0 removed
[  169.341181][ T8191] netlink: 9412 bytes leftover after parsing attributes in process `syz-executor.3'.
[  169.365050][ T8195] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  169.406720][ T8197] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  169.837601][ T5129] Bluetooth: hci1: command tx timeout
[  169.906736][ T8080] bridge0: port 1(bridge_slave_0) entered blocking state
[  169.913970][ T8080] bridge0: port 1(bridge_slave_0) entered disabled state
[  169.965126][ T8080] bridge_slave_0: entered allmulticast mode
[  169.983242][ T8080] bridge_slave_0: entered promiscuous mode
[  170.010286][ T8080] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.030083][ T8080] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.065085][ T8080] bridge_slave_1: entered allmulticast mode
[  170.099628][ T8080] bridge_slave_1: entered promiscuous mode
[  170.352566][ T8080] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  170.398507][ T8236] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.1'.
[  170.514144][ T8080] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  170.537672][ T5131] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  170.548674][ T5131] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  170.560475][ T5131] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  170.581477][ T5131] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  170.582181][ T8243] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.1'.
[  170.608384][ T5131] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  170.628381][ T5131] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  170.763208][ T8080] team0: Port device team_slave_0 added
[  170.796029][ T8080] team0: Port device team_slave_1 added
[  170.959059][   T11] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  170.985125][ T8080] batman_adv: batadv0: Adding interface: batadv_slave_0
[  170.998419][ T8080] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.043056][ T8080] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  171.154031][   T11] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.172879][ T8080] batman_adv: batadv0: Adding interface: batadv_slave_1
[  171.182050][ T8080] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  171.215069][ T8080] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  171.297790][   T11] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.401079][ T8261] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  171.441974][ T8080] hsr_slave_0: entered promiscuous mode
[  171.454922][ T8080] hsr_slave_1: entered promiscuous mode
[  171.474595][ T8080] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  171.499280][ T8080] Cannot create hsr debugfs directory
[  171.561633][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): left promiscuous mode
[  171.576227][   T11] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  171.917441][ T5131] Bluetooth: hci1: command tx timeout
[  172.121409][ T8292] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  172.264512][ T8238] chnl_net:caif_netlink_parms(): no params data found
[  172.721024][ T5131] Bluetooth: hci3: command tx timeout
[  172.743822][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  172.762688][   T11] bond0 (unregistering): Released all slaves
[  172.810471][ T8305] netlink: 'syz-executor.2': attribute type 10 has an invalid length.
[  172.858294][ T8305] team0: Device veth1_vlan failed to register rx_handler
[  172.939869][   T11] : left promiscuous mode
[  173.103527][ T8238] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.112939][ T8238] bridge0: port 1(bridge_slave_0) entered disabled state
[  173.121215][ T8238] bridge_slave_0: entered allmulticast mode
[  173.131377][ T8238] bridge_slave_0: entered promiscuous mode
[  173.157072][ T8238] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.167951][ T8238] bridge0: port 2(bridge_slave_1) entered disabled state
[  173.176254][ T8238] bridge_slave_1: entered allmulticast mode
[  173.183851][ T8238] bridge_slave_1: entered promiscuous mode
[  173.306159][ T8238] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  173.361756][   T11] batadv_slave_0: left promiscuous mode
[  173.407924][   T11] hsr_slave_0: left promiscuous mode
[  173.415870][   T11] hsr_slave_1: left promiscuous mode
[  173.423781][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  173.431777][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  173.449194][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  173.461849][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  173.499930][   T11] veth1_macvtap: left promiscuous mode
[  173.505655][   T11] veth0_macvtap: left promiscuous mode
[  173.515914][   T11] veth1_vlan: left promiscuous mode
[  173.525069][   T11] veth0_vlan: left promiscuous mode
[  174.009754][ T5131] Bluetooth: hci1: command tx timeout
[  174.159122][   T11] team0 (unregistering): Port device team_slave_1 removed
[  174.203660][   T11] team0 (unregistering): Port device team_slave_0 removed
[  174.640902][ T8238] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  174.693226][ T8342] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  174.764919][ T8238] team0: Port device team_slave_0 added
[  174.797429][ T5131] Bluetooth: hci3: command tx timeout
[  174.804203][ T8238] team0: Port device team_slave_1 added
[  174.918942][ T8238] batman_adv: batadv0: Adding interface: batadv_slave_0
[  174.945143][ T8238] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.005351][ T8238] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  175.018685][ T8352] FAULT_INJECTION: forcing a failure.
[  175.018685][ T8352] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  175.027600][ T8238] batman_adv: batadv0: Adding interface: batadv_slave_1
[  175.044546][ T8238] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  175.070984][ T8352] CPU: 1 PID: 8352 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[  175.081463][ T8352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  175.082433][ T8238] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  175.091533][ T8352] Call Trace:
[  175.091547][ T8352]  <TASK>
[  175.091557][ T8352]  dump_stack_lvl+0x241/0x360
[  175.091600][ T8352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  175.091630][ T8352]  ? __pfx__printk+0x10/0x10
[  175.091661][ T8352]  ? __pfx_lock_release+0x10/0x10
[  175.091697][ T8352]  should_fail_ex+0x3b0/0x4e0
[  175.091737][ T8352]  _copy_from_user+0x2f/0xe0
[  175.091767][ T8352]  do_ipt_set_ctl+0x731/0x1250
[  175.091806][ T8352]  ? __pfx___might_resched+0x10/0x10
[  175.091836][ T8352]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  175.152650][ T8352]  ? __pfx_lock_release+0x10/0x10
[  175.157736][ T8352]  ? __mutex_unlock_slowpath+0x21d/0x750
[  175.163395][ T8352]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  175.168796][ T8352]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  175.174799][ T8352]  ? __pfx_aa_sk_perm+0x10/0x10
[  175.179670][ T8352]  ? module_put+0x13a/0x2d0
[  175.184193][ T8352]  nf_setsockopt+0x295/0x2c0
[  175.188817][ T8352]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  175.194726][ T8352]  do_sock_setsockopt+0x3af/0x720
[  175.199775][ T8352]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  175.205375][ T8352]  ? __fget_files+0x29/0x470
[  175.209988][ T8352]  ? __fget_files+0x3f6/0x470
[  175.214694][ T8352]  __sys_setsockopt+0x1ae/0x250
[  175.219580][ T8352]  __x64_sys_setsockopt+0xb5/0xd0
[  175.224637][ T8352]  do_syscall_64+0xf3/0x230
[  175.229162][ T8352]  ? clear_bhb_loop+0x35/0x90
[  175.233863][ T8352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  175.239864][ T8352] RIP: 0033:0x7fd446a7d0a9
[  175.244289][ T8352] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  175.263908][ T8352] RSP: 002b:00007fd4477420c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  175.272339][ T8352] RAX: ffffffffffffffda RBX: 00007fd446bb3f80 RCX: 00007fd446a7d0a9
[  175.280326][ T8352] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000004
[  175.288311][ T8352] RBP: 00007fd447742120 R08: 00000000000003d0 R09: 0000000000000000
[  175.296304][ T8352] R10: 0000000020000800 R11: 0000000000000246 R12: 0000000000000001
[  175.304285][ T8352] R13: 000000000000000b R14: 00007fd446bb3f80 R15: 00007ffdfaf5aad8
[  175.312279][ T8352]  </TASK>
[  175.355827][ T8349] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  175.372425][ T8349] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  175.583534][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  175.633300][ T8080] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  175.674086][ T8238] hsr_slave_0: entered promiscuous mode
[  175.705817][ T8238] hsr_slave_1: entered promiscuous mode
[  175.725776][ T8238] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  175.745956][ T8238] Cannot create hsr debugfs directory
[  175.770530][ T8080] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  175.801822][ T8377] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check.
[  175.806869][ T8379] netlink: 248 bytes leftover after parsing attributes in process `syz-executor.2'.
[  175.860646][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  175.882717][ T8080] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  175.901474][ T8080] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  176.502943][ T8080] 8021q: adding VLAN 0 to HW filter on device bond0
[  176.552140][ T8080] 8021q: adding VLAN 0 to HW filter on device team0
[  176.572201][ T5174] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.579521][ T5174] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.615437][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.622807][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.866421][ T8238] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  176.877043][ T5131] Bluetooth: hci3: command tx timeout
[  176.894472][ T8238] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  176.924380][ T8238] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  176.936410][ T8238] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  177.146230][ T8080] 8021q: adding VLAN 0 to HW filter on device batadv0
[  177.255969][ T8238] 8021q: adding VLAN 0 to HW filter on device bond0
[  177.311041][ T8238] 8021q: adding VLAN 0 to HW filter on device team0
[  177.348695][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  177.355942][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  177.449703][ T5174] bridge0: port 2(bridge_slave_1) entered blocking state
[  177.456975][ T5174] bridge0: port 2(bridge_slave_1) entered forwarding state
[  177.964965][ T8080] veth0_vlan: entered promiscuous mode
[  178.002422][ T8080] veth1_vlan: entered promiscuous mode
[  178.080880][ T8238] 8021q: adding VLAN 0 to HW filter on device batadv0
[  178.121904][ T8080] veth0_macvtap: entered promiscuous mode
[  178.169367][ T8080] veth1_macvtap: entered promiscuous mode
[  178.281853][ T8238] veth0_vlan: entered promiscuous mode
[  178.304763][ T8080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.334276][ T8080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.357946][ T8080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  178.376550][ T8080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.400490][ T8080] batman_adv: batadv0: Interface activated: batadv_slave_0
[  178.442045][ T8080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.463991][ T8080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.500727][ T8080] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  178.522214][ T8080] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  178.539959][ T8080] batman_adv: batadv0: Interface activated: batadv_slave_1
[  178.587449][ T8238] veth1_vlan: entered promiscuous mode
[  178.631302][ T8080] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  178.661062][ T8080] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  178.682180][ T8080] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  178.691396][ T8080] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  178.736396][ T8444] vlan2: entered allmulticast mode
[  178.748397][ T8444] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  178.767097][ T8444] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  178.902285][ T8238] veth0_macvtap: entered promiscuous mode
[  178.959912][ T8238] veth1_macvtap: entered promiscuous mode
[  178.966640][ T5131] Bluetooth: hci3: command tx timeout
[  179.022614][ T2425] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.053834][ T2425] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.091261][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.130825][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.145863][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.163167][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.181511][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  179.192258][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.212570][ T8238] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.247323][ T8458] bond_slave_0: entered promiscuous mode
[  179.253103][ T8458] bond_slave_1: entered promiscuous mode
[  179.265505][ T8458] vlan3: entered promiscuous mode
[  179.272455][ T8458] bond0: entered promiscuous mode
[  179.287595][ T8458] vlan3: entered allmulticast mode
[  179.293249][ T8458] bond0: entered allmulticast mode
[  179.303959][ T8458] bond_slave_0: entered allmulticast mode
[  179.311121][ T8458] bond_slave_1: entered allmulticast mode
[  179.324874][ T8458] bond0: left allmulticast mode
[  179.330259][ T8458] bond_slave_0: left allmulticast mode
[  179.335779][ T8458] bond_slave_1: left allmulticast mode
[  179.341457][ T8458] bond0: left promiscuous mode
[  179.347183][ T8458] bond_slave_0: left promiscuous mode
[  179.352673][ T8458] bond_slave_1: left promiscuous mode
[  179.388946][ T8462] FAULT_INJECTION: forcing a failure.
[  179.388946][ T8462] name failslab, interval 1, probability 0, space 0, times 0
[  179.411425][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.424557][ T8462] CPU: 0 PID: 8462 Comm: syz-executor.2 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[  179.426976][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.435006][ T8462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  179.435055][ T8462] Call Trace:
[  179.435068][ T8462]  <TASK>
[  179.450392][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.454996][ T8462]  dump_stack_lvl+0x241/0x360
[  179.455043][ T8462]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.458607][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.461233][ T8462]  ? __pfx__printk+0x10/0x10
[  179.461271][ T8462]  ? ref_tracker_alloc+0x332/0x490
[  179.472262][ T8238] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  179.476346][ T8462]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  179.476390][ T8462]  should_fail_ex+0x3b0/0x4e0
[  179.492841][ T8238] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  179.496058][ T8462]  ? skb_clone+0x20c/0x390
[  179.496100][ T8462]  should_failslab+0x9/0x20
[  179.504267][ T8238] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.511621][ T8462]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  179.511674][ T8462]  skb_clone+0x20c/0x390
[  179.511714][ T8462]  __netlink_deliver_tap+0x3cc/0x7c0
[  179.511764][ T8462]  ? netlink_deliver_tap+0x2e/0x1b0
[  179.567918][ T8462]  netlink_deliver_tap+0x19d/0x1b0
[  179.573063][ T8462]  netlink_sendskb+0x68/0x140
[  179.577776][ T8462]  netlink_unicast+0x39d/0x990
[  179.582572][ T8462]  ? __asan_memcpy+0x40/0x70
[  179.587287][ T8462]  ? __pfx_netlink_unicast+0x10/0x10
[  179.592605][ T8462]  netlink_rcv_skb+0x262/0x430
[  179.597383][ T8462]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.602426][ T8462]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.607738][ T8462]  ? __netlink_deliver_tap+0x77e/0x7c0
[  179.613230][ T8462]  genl_rcv+0x28/0x40
[  179.617233][ T8462]  netlink_unicast+0x7f0/0x990
[  179.622034][ T8462]  ? __pfx_netlink_unicast+0x10/0x10
[  179.627350][ T8462]  ? __virt_addr_valid+0x183/0x520
[  179.632497][ T8462]  ? __check_object_size+0x49c/0x900
[  179.637813][ T8462]  ? bpf_lsm_netlink_send+0x9/0x10
[  179.642983][ T8462]  netlink_sendmsg+0x8e4/0xcb0
[  179.647778][ T8462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.653088][ T8462]  ? __import_iovec+0x536/0x820
[  179.657966][ T8462]  ? aa_sock_msg_perm+0x91/0x160
[  179.662940][ T8462]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  179.668258][ T8462]  ? security_socket_sendmsg+0x87/0xb0
[  179.673765][ T8462]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.679082][ T8462]  __sock_sendmsg+0x221/0x270
[  179.683795][ T8462]  ____sys_sendmsg+0x525/0x7d0
[  179.688592][ T8462]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.693925][ T8462]  __sys_sendmsg+0x2b0/0x3a0
[  179.698631][ T8462]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.703965][ T8462]  ? vfs_write+0x7c4/0xc90
[  179.708478][ T8462]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  179.714832][ T8462]  ? do_syscall_64+0x100/0x230
[  179.719622][ T8462]  ? do_syscall_64+0xb6/0x230
[  179.724342][ T8462]  do_syscall_64+0xf3/0x230
[  179.728870][ T8462]  ? clear_bhb_loop+0x35/0x90
[  179.733584][ T8462]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.739502][ T8462] RIP: 0033:0x7f603d87d0a9
[  179.743953][ T8462] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  179.763581][ T8462] RSP: 002b:00007f603e5ae0c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.772020][ T8462] RAX: ffffffffffffffda RBX: 00007f603d9b3f80 RCX: 00007f603d87d0a9
[  179.780007][ T8462] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000005
[  179.787990][ T8462] RBP: 00007f603e5ae120 R08: 0000000000000000 R09: 0000000000000000
[  179.795974][ T8462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  179.803958][ T8462] R13: 000000000000000b R14: 00007f603d9b3f80 R15: 00007ffded201dd8
[  179.811956][ T8462]  </TASK>
[  179.820993][ T2425] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.831608][ T8466] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.1'.
[  179.855793][ T2425] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.979069][ T8466] mac80211_hwsim hwsim2 wlan0 (unregistering): left allmulticast mode
[  179.992170][ T8471] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.0'.
[  180.009602][ T8471] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  180.039176][ T8466] team0: Port device macvlan2 removed
[  180.074737][ T8238] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  180.084971][ T8238] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  180.095613][ T8238] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  180.104649][ T8238] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  180.303726][ T8475] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  180.342689][ T8475] A link change request failed with some changes committed already. Interface wg2 may have been left with an inconsistent configuration, please check.
[  180.659705][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.678122][ T8492] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  180.684824][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.720313][ T8498] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  180.729845][ T8492] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  180.730574][   T58] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  180.749032][ T8498] netlink: 199836 bytes leftover after parsing attributes in process `syz-executor.1'.
[  180.759499][   T58] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  180.803739][ T8498] Bluetooth: MGMT ver 1.22
[  181.134415][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  181.153191][ T8513] team_slave_0: entered promiscuous mode
[  181.159015][ T8513] team_slave_1: entered promiscuous mode
[  181.182577][ T8517] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  181.193490][ T8516] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  181.196172][ T8513] macvtap1: entered promiscuous mode
[  181.213817][ T8513] team0: entered promiscuous mode
[  181.219739][ T8513] macvtap1: entered allmulticast mode
[  181.225157][ T8513] team0: entered allmulticast mode
[  181.230836][ T8513] team_slave_0: entered allmulticast mode
[  181.237202][ T8513] team_slave_1: entered allmulticast mode
[  181.244466][ T8513] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  181.254376][ T8518] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  181.277188][ T8518] team0: left allmulticast mode
[  181.282133][ T8518] team_slave_0: left allmulticast mode
[  181.288208][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  181.297692][ T8518] team_slave_1: left allmulticast mode
[  181.303210][ T8518] team0: left promiscuous mode
[  181.319188][ T8518] team_slave_0: left promiscuous mode
[  181.324744][ T8518] team_slave_1: left promiscuous mode
[  181.330593][ T8518] macvtap1: left promiscuous mode
[  181.335761][ T8518] macvtap1: left allmulticast mode
[  181.722430][ T8529] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  181.793732][ T8531] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  181.811645][ T8531] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  182.346724][   T58] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.408477][ T8553] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  182.472284][ T8553] team_slave_0: entered promiscuous mode
[  182.478086][ T8553] team_slave_1: entered promiscuous mode
[  182.500369][ T8553] macvtap1: entered promiscuous mode
[  182.511853][ T8553] team0: entered promiscuous mode
[  182.521966][ T8553] macvtap1: entered allmulticast mode
[  182.530134][ T8553] team0: entered allmulticast mode
[  182.535377][ T8553] team_slave_0: entered allmulticast mode
[  182.545104][ T8553] team_slave_1: entered allmulticast mode
[  182.554763][ T8553] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  182.568825][ T8556] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  182.579348][ T8556] team0: left allmulticast mode
[  182.584361][ T8556] team_slave_0: left allmulticast mode
[  182.597826][ T8556] team_slave_1: left allmulticast mode
[  182.605544][ T8556] team0: left promiscuous mode
[  182.612770][ T8556] team_slave_0: left promiscuous mode
[  182.618316][ T8556] team_slave_1: left promiscuous mode
[  182.629471][ T8556] macvtap1: left promiscuous mode
[  182.634711][ T8556] macvtap1: left allmulticast mode
[  182.768070][   T58] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.920902][   T58] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  182.947982][ T8565] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:0
[  183.101157][   T58] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  183.266417][ T5129] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  183.288444][ T5129] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  183.298507][ T5129] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  183.315074][ T5129] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  183.326171][ T5129] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  183.337432][ T5129] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  183.453337][ T8581] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  183.474830][   T58] bridge_slave_1: left allmulticast mode
[  183.482209][   T58] bridge_slave_1: left promiscuous mode
[  183.491844][   T58] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.500083][ T8583] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  183.515159][   T58] bridge_slave_0: left allmulticast mode
[  183.522576][   T58] bridge_slave_0: left promiscuous mode
[  183.530535][   T58] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.103891][   T58] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  184.118955][   T58] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  184.135873][   T58] bond0 (unregistering): Released all slaves
[  184.164227][ T8593] netlink: 'syz-executor.1': attribute type 5 has an invalid length.
[  184.533830][ T8621] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:0
[  184.985355][   T58] hsr_slave_0: left promiscuous mode
[  185.002587][   T58] hsr_slave_1: left promiscuous mode
[  185.022672][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  185.034228][   T58] batman_adv: batadv0: Removing interface: batadv_slave_0
[  185.050129][   T58] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  185.058762][   T58] batman_adv: batadv0: Removing interface: batadv_slave_1
[  185.138723][   T58] veth1_macvtap: left promiscuous mode
[  185.165931][   T58] veth0_macvtap: left promiscuous mode
[  185.186788][   T58] veth1_vlan: left promiscuous mode
[  185.192214][   T58] veth0_vlan: left promiscuous mode
[  185.437413][ T5129] Bluetooth: hci1: command tx timeout
[  185.898791][ T8658] netlink: 'syz-executor.0': attribute type 30 has an invalid length.
[  186.121097][ T8665] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.2'.
[  186.370629][   T58] team0 (unregistering): Port device team_slave_1 removed
[  186.437440][   T58] team0 (unregistering): Port device team_slave_0 removed
[  186.962675][ T8573] chnl_net:caif_netlink_parms(): no params data found
[  186.995284][ T8655] netlink: 404 bytes leftover after parsing attributes in process `syz-executor.1'.
[  187.020057][ T8655] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  187.046612][ T8655] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  187.066307][ T8655] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  187.166729][ T8674] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:0
[  187.232280][ T8671] vlan2: entered allmulticast mode
[  187.252722][ T8671] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode
[  187.273522][ T8671] mac80211_hwsim hwsim24 wlan1: left allmulticast mode
[  187.523489][ T5129] Bluetooth: hci1: command tx timeout
[  187.696777][ T8573] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.704013][ T8573] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.746761][ T8573] bridge_slave_0: entered allmulticast mode
[  187.769406][ T8573] bridge_slave_0: entered promiscuous mode
[  187.795441][ T8573] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.812027][ T8573] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.835040][ T8573] bridge_slave_1: entered allmulticast mode
[  187.847155][ T8573] bridge_slave_1: entered promiscuous mode
[  187.910634][ T8706] netlink: 'syz-executor.0': attribute type 34 has an invalid length.
[  187.950200][ T8573] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.994003][ T8573] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  188.250177][ T8573] team0: Port device team_slave_0 added
[  188.293273][ T8573] team0: Port device team_slave_1 added
[  188.309715][ T8735] vlan3: entered allmulticast mode
[  188.316238][ T8735] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[  188.351261][ T8735] mac80211_hwsim hwsim16 wlan1: left allmulticast mode
[  188.461595][   T29] audit: type=1804 audit(1719241915.931:33): pid=8743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2371310527/syzkaller.bRLxly/13/memory.events" dev="sda1" ino=1959 res=1 errno=0
[  188.537175][ T8573] batman_adv: batadv0: Adding interface: batadv_slave_0
[  188.554309][   T29] audit: type=1804 audit(1719241916.021:34): pid=8747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir2371310527/syzkaller.bRLxly/13/memory.events" dev="sda1" ino=1959 res=1 errno=0
[  188.573748][ T8573] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.670304][ T8573] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  188.695492][ T8573] batman_adv: batadv0: Adding interface: batadv_slave_1
[  188.716550][ T8573] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  188.753274][ T8573] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.872704][ T8573] hsr_slave_0: entered promiscuous mode
[  188.881513][ T8573] hsr_slave_1: entered promiscuous mode
[  188.897793][ T8573] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.905561][ T8573] Cannot create hsr debugfs directory
[  189.062080][ T5125] IPVS: starting estimator thread 0...
[  189.167045][ T8770] IPVS: using max 15 ests per chain, 36000 per kthread
[  189.257601][ T8775] vlan4: entered allmulticast mode
[  189.262974][ T8775] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  189.272464][ T8775] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  189.469122][ T8784] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  189.504166][ T8784] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  189.599112][ T5129] Bluetooth: hci1: command tx timeout
[  189.911166][ T8804] hsr_slave_0: left promiscuous mode
[  189.920672][ T8804] hsr_slave_1: left promiscuous mode
[  189.995121][ T8808] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'.
[  190.115777][ T8573] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  190.143733][ T8573] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  190.164044][ T8814] vlan4: entered allmulticast mode
[  190.171718][ T8814] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  190.181489][ T8814] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  190.223833][ T8573] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  190.262148][ T8573] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  190.288959][ T8821] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.2'.
[  190.361544][ T8821] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'.
[  190.661775][ T8573] 8021q: adding VLAN 0 to HW filter on device bond0
[  190.731938][ T8573] 8021q: adding VLAN 0 to HW filter on device team0
[  190.819904][ T5173] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.827274][ T5173] bridge0: port 1(bridge_slave_0) entered forwarding state
[  190.863251][ T5173] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.870541][ T5173] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.191197][ T8852] vlan2: entered allmulticast mode
[  191.227966][ T8852] mac80211_hwsim hwsim11 wlan1: entered allmulticast mode
[  191.244153][   T29] audit: type=1804 audit(1719241918.711:35): pid=8856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3205350856/syzkaller.UUG7vO/278/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0
[  191.297166][ T8852] mac80211_hwsim hwsim11 wlan1: left allmulticast mode
[  191.366656][ T8856] __nla_validate_parse: 1 callbacks suppressed
[  191.366678][ T8856] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'.
[  191.506081][ T8867] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.0'.
[  191.570583][ T8870] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  191.613856][ T8876] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  191.628291][ T8573] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.677591][ T5129] Bluetooth: hci1: command tx timeout
[  191.817559][ T8876] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  191.852116][ T8885] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  191.881268][ T8885] netlink: 17 bytes leftover after parsing attributes in process `syz-executor.3'.
[  191.982263][ T8876] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.062940][ T8895] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  192.161449][ T8876] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.315795][ T8876] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.461759][ T8573] veth0_vlan: entered promiscuous mode
[  192.492648][ T8904] xt_limit: Overflow, try lower: 262144/524288
[  192.528510][ T8573] veth1_vlan: entered promiscuous mode
[  192.554919][ T8876] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  192.585306][ T8876] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  192.646367][ T8876] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.664569][ T8876] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.746405][ T8573] veth0_macvtap: entered promiscuous mode
[  192.769839][ T8573] veth1_macvtap: entered promiscuous mode
[  192.814450][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.847722][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.866498][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.888710][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.917775][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  192.936770][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  192.961376][ T8573] batman_adv: batadv0: Interface activated: batadv_slave_0
[  192.990853][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.006734][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.024070][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.110151][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.124186][ T8573] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  193.143776][ T8573] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  193.165947][ T8573] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.186129][ T8573] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.196216][ T8573] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.209691][ T8573] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.222102][ T8573] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.279905][ T8913] vlan2: entered allmulticast mode
[  193.285305][ T8913] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  193.301283][ T8913] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  193.352839][ T8917] vlan4: entered allmulticast mode
[  193.365031][ T8917] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  193.389212][ T8917] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  193.646621][ T2483] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.655213][ T2483] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.734012][ T2435] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.750083][ T2435] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  194.130408][ T8960] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  194.282193][ T8969] vlan2: entered allmulticast mode
[  194.295021][ T8969] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  194.330389][ T8969] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  194.410279][ T8973] vlan2: entered allmulticast mode
[  194.415703][ T8973] mac80211_hwsim hwsim24 wlan1: entered allmulticast mode
[  194.437008][ T8973] mac80211_hwsim hwsim24 wlan1: left allmulticast mode
[  194.659480][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  194.665951][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  194.702035][ T8990] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  194.822229][ T8997] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  194.830845][ T8997] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  195.261441][ T1102] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.262080][   T29] audit: type=1804 audit(1719241922.731:36): pid=9016 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir2371310527/syzkaller.bRLxly/36/cgroup.controllers" dev="sda1" ino=1954 res=1 errno=0
[  195.369732][   T58] rds_connect_path_complete: Cannot transition to state UP, current state is 5
[  195.385445][ T9023] vlan4: entered allmulticast mode
[  195.393327][ T9023] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode
[  195.455516][ T9023] mac80211_hwsim hwsim3 wlan1: left allmulticast mode
[  195.778196][ T9037] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  195.872788][ T1102] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.022970][ T1102] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.088802][ T9046] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  196.215674][ T1102] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  196.318947][ T9053] vlan2: entered allmulticast mode
[  196.344157][ T9053] mac80211_hwsim hwsim23 wlan0: entered allmulticast mode
[  196.381304][ T9053] mac80211_hwsim hwsim23 wlan0: left allmulticast mode
[  196.528646][ T5124] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  196.544063][ T5124] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  196.556350][ T5124] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  196.577208][ T5124] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  196.586369][ T5124] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  196.594181][ T5124] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  196.726966][ T5129] Bluetooth: hci0: command 0x0406 tx timeout
[  196.766689][ T9068] vlan3: entered allmulticast mode
[  196.771904][ T9068] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[  196.795956][ T9068] mac80211_hwsim hwsim16 wlan1: left allmulticast mode
[  196.885666][ T1102] bridge_slave_1: left allmulticast mode
[  196.898471][ T1102] bridge_slave_1: left promiscuous mode
[  196.914993][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state
[  196.957524][ T1102] bridge_slave_0: left allmulticast mode
[  196.963295][ T1102] bridge_slave_0: left promiscuous mode
[  196.976053][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.625436][ T9087] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'.
[  197.775994][ T9092] IPVS: length: 215 != 24
[  197.954738][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  197.975011][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  197.992878][ T1102] bond0 (unregistering): Released all slaves
[  198.511883][ T9115] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  198.545939][ T9115] netlink: 512 bytes leftover after parsing attributes in process `syz-executor.0'.
[  198.639250][ T5131] Bluetooth: hci1: command tx timeout
[  198.688466][ T1102] hsr_slave_0: left promiscuous mode
[  198.709954][ T1102] hsr_slave_1: left promiscuous mode
[  198.728560][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  198.743997][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  198.752392][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  198.766643][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  198.808142][ T1102] veth1_macvtap: left promiscuous mode
[  198.817377][ T1102] veth0_macvtap: left promiscuous mode
[  198.829367][ T1102] veth1_vlan: left promiscuous mode
[  198.841733][ T1102] veth0_vlan: left promiscuous mode
[  199.803638][ T1102] team0 (unregistering): Port device team_slave_1 removed
[  199.875073][ T1102] team0 (unregistering): Port device team_slave_0 removed
[  200.493023][ T9127] vlan2: entered allmulticast mode
[  200.516528][ T9127] mac80211_hwsim hwsim10 wlan0: entered allmulticast mode
[  200.542279][ T9127] mac80211_hwsim hwsim10 wlan0: left allmulticast mode
[  200.683297][ T9062] chnl_net:caif_netlink_parms(): no params data found
[  200.717622][ T5131] Bluetooth: hci1: command tx timeout
[  201.210188][ T9062] bridge0: port 1(bridge_slave_0) entered blocking state
[  201.238318][ T9062] bridge0: port 1(bridge_slave_0) entered disabled state
[  201.256823][ T9062] bridge_slave_0: entered allmulticast mode
[  201.274205][ T9062] bridge_slave_0: entered promiscuous mode
[  201.302492][ T9062] bridge0: port 2(bridge_slave_1) entered blocking state
[  201.313999][ T9062] bridge0: port 2(bridge_slave_1) entered disabled state
[  201.323023][ T9062] bridge_slave_1: entered allmulticast mode
[  201.338005][ T9062] bridge_slave_1: entered promiscuous mode
[  201.519885][ T9062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.548719][ T9181] raw_sendmsg: syz-executor.3 forgot to set AF_INET. Fix it!
[  201.568932][ T9176] 
[  201.571411][ T9176] ======================================================
[  201.578467][ T9176] WARNING: possible circular locking dependency detected
[  201.585503][ T9176] 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0 Not tainted
[  201.592630][ T9176] ------------------------------------------------------
[  201.599668][ T9176] syz-executor.1/9176 is trying to acquire lock:
[  201.606021][ T9176] ffff88807ba10768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: ieee80211_open+0xe7/0x200
[  201.615255][ T9176] 
2024/06/24 15:12:09 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  201.615255][ T9176] but task is already holding lock:
[  201.622654][ T9176] ffff888056434d20 (team->team_lock_key){+.+.}-{3:3}, at: team_add_slave+0xad/0x2750
[  201.632222][ T9176] 
[  201.632222][ T9176] which lock already depends on the new lock.
[  201.632222][ T9176] 
[  201.642661][ T9176] 
[  201.642661][ T9176] the existing dependency chain (in reverse order) is:
[  201.651707][ T9176] 
[  201.651707][ T9176] -> #1 (team->team_lock_key){+.+.}-{3:3}:
[  201.659758][ T9176]        lock_acquire+0x1ed/0x550
[  201.664825][ T9176]        __mutex_lock+0x136/0xd70
[  201.669879][ T9176]        team_port_change_check+0x51/0x1e0
[  201.675701][ T9176]        team_device_event+0x161/0x5b0
[  201.681169][ T9176]        notifier_call_chain+0x19f/0x3e0
[  201.686813][ T9176]        dev_close_many+0x33c/0x4c0
[  201.692017][ T9176]        unregister_netdevice_many_notify+0x544/0x16b0
[  201.698881][ T9176]        macvlan_device_event+0x7e0/0x870
[  201.704616][ T9176]        notifier_call_chain+0x19f/0x3e0
[  201.710261][ T9176]        unregister_netdevice_many_notify+0xd75/0x16b0
[  201.717124][ T9176]        unregister_netdevice_queue+0x303/0x370
[  201.723373][ T9176]        _cfg80211_unregister_wdev+0x162/0x560
[  201.729537][ T9176]        ieee80211_if_remove+0x25d/0x3a0
[  201.735182][ T9176]        ieee80211_del_iface+0x19/0x30
[  201.740652][ T9176]        cfg80211_remove_virtual_intf+0x23f/0x410
[  201.747095][ T9176]        genl_rcv_msg+0xb14/0xec0
[  201.752135][ T9176]        netlink_rcv_skb+0x1e3/0x430
[  201.757432][ T9176]        genl_rcv+0x28/0x40
[  201.761944][ T9176]        netlink_unicast+0x7f0/0x990
[  201.767241][ T9176]        netlink_sendmsg+0x8e4/0xcb0
[  201.772531][ T9176]        __sock_sendmsg+0x221/0x270
[  201.777733][ T9176]        ____sys_sendmsg+0x525/0x7d0
[  201.783032][ T9176]        __sys_sendmsg+0x2b0/0x3a0
[  201.788158][ T9176]        do_syscall_64+0xf3/0x230
[  201.793196][ T9176]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.799631][ T9176] 
[  201.799631][ T9176] -> #0 (&rdev->wiphy.mtx){+.+.}-{3:3}:
[  201.807386][ T9176]        validate_chain+0x18e0/0x5900
[  201.812774][ T9176]        __lock_acquire+0x1346/0x1fd0
[  201.818154][ T9176]        lock_acquire+0x1ed/0x550
[  201.823184][ T9176]        __mutex_lock+0x136/0xd70
[  201.828212][ T9176]        ieee80211_open+0xe7/0x200
[  201.833343][ T9176]        __dev_open+0x2d3/0x450
[  201.838200][ T9176]        dev_open+0xae/0x1b0
[  201.842800][ T9176]        team_add_slave+0x9b3/0x2750
[  201.848126][ T9176]        do_setlink+0xe70/0x41f0
[  201.853069][ T9176]        rtnl_newlink+0x180d/0x20a0
[  201.858285][ T9176]        rtnetlink_rcv_msg+0x89b/0x1180
[  201.863840][ T9176]        netlink_rcv_skb+0x1e3/0x430
[  201.869135][ T9176]        netlink_unicast+0x7f0/0x990
[  201.874450][ T9176]        netlink_sendmsg+0x8e4/0xcb0
[  201.879747][ T9176]        __sock_sendmsg+0x221/0x270
[  201.885057][ T9176]        ____sys_sendmsg+0x525/0x7d0
[  201.890359][ T9176]        __sys_sendmsg+0x2b0/0x3a0
[  201.895497][ T9176]        do_syscall_64+0xf3/0x230
[  201.900540][ T9176]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.906972][ T9176] 
[  201.906972][ T9176] other info that might help us debug this:
[  201.906972][ T9176] 
[  201.917217][ T9176]  Possible unsafe locking scenario:
[  201.917217][ T9176] 
[  201.924670][ T9176]        CPU0                    CPU1
[  201.930037][ T9176]        ----                    ----
[  201.935459][ T9176]   lock(team->team_lock_key);
[  201.940236][ T9176]                                lock(&rdev->wiphy.mtx);
[  201.947274][ T9176]                                lock(team->team_lock_key);
[  201.954629][ T9176]   lock(&rdev->wiphy.mtx);
[  201.959148][ T9176] 
[  201.959148][ T9176]  *** DEADLOCK ***
[  201.959148][ T9176] 
[  201.967298][ T9176] 2 locks held by syz-executor.1/9176:
[  201.972777][ T9176]  #0: ffffffff8f5e6f48 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x842/0x1180
[  201.982299][ T9176]  #1: ffff888056434d20 (team->team_lock_key){+.+.}-{3:3}, at: team_add_slave+0xad/0x2750
[  201.992251][ T9176] 
[  201.992251][ T9176] stack backtrace:
[  201.998152][ T9176] CPU: 1 PID: 9176 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00875-g568ebdaba637 #0
[  202.008656][ T9176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  202.018722][ T9176] Call Trace:
[  202.022012][ T9176]  <TASK>
[  202.024948][ T9176]  dump_stack_lvl+0x241/0x360
[  202.029660][ T9176]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.034877][ T9176]  ? print_circular_bug+0x130/0x1a0
[  202.040103][ T9176]  check_noncircular+0x36a/0x4a0
[  202.045081][ T9176]  ? __lock_acquire+0x1346/0x1fd0
[  202.050127][ T9176]  ? __pfx_check_noncircular+0x10/0x10
[  202.055609][ T9176]  ? lockdep_lock+0x123/0x2b0
[  202.060296][ T9176]  ? validate_chain+0x11e/0x5900
[  202.065245][ T9176]  ? mark_lock+0x9a/0x350
[  202.069589][ T9176]  ? _find_first_zero_bit+0xd3/0x100
[  202.074893][ T9176]  validate_chain+0x18e0/0x5900
[  202.079774][ T9176]  ? __pfx_validate_chain+0x10/0x10
[  202.085013][ T9176]  ? mark_lock+0x9a/0x350
[  202.089375][ T9176]  ? __pfx_validate_chain+0x10/0x10
[  202.094612][ T9176]  ? __pfx_validate_chain+0x10/0x10
[  202.099834][ T9176]  ? mark_lock+0x9a/0x350
[  202.104186][ T9176]  ? __lock_acquire+0x1346/0x1fd0
[  202.109228][ T9176]  ? mark_lock+0x9a/0x350
[  202.113575][ T9176]  __lock_acquire+0x1346/0x1fd0
[  202.118546][ T9176]  lock_acquire+0x1ed/0x550
[  202.123061][ T9176]  ? ieee80211_open+0xe7/0x200
[  202.127841][ T9176]  ? __pfx_lock_acquire+0x10/0x10
[  202.132888][ T9176]  ? __pfx___might_resched+0x10/0x10
[  202.138185][ T9176]  ? ib_device_get_by_netdev+0x595/0x5e0
[  202.143833][ T9176]  ? ib_device_get_by_netdev+0x85/0x5e0
[  202.149395][ T9176]  ? __pfx_ib_device_get_by_netdev+0x10/0x10
[  202.155393][ T9176]  ? net_generic+0x1f/0x240
[  202.159962][ T9176]  ? net_generic+0x1f0/0x240
[  202.164572][ T9176]  __mutex_lock+0x136/0xd70
[  202.169086][ T9176]  ? ieee80211_open+0xe7/0x200
[  202.173863][ T9176]  ? rxe_notify+0xef/0x4c0
[  202.178290][ T9176]  ? __pfx_vxlan_netdevice_event+0x10/0x10
[  202.184107][ T9176]  ? __pfx_rxe_notify+0x10/0x10
[  202.188968][ T9176]  ? is_hsr_master+0x19/0x70
[  202.193564][ T9176]  ? ieee80211_open+0xe7/0x200
[  202.198349][ T9176]  ? __pfx___mutex_lock+0x10/0x10
[  202.203391][ T9176]  ? ip6_route_dev_notify+0x99/0x600
[  202.208696][ T9176]  ieee80211_open+0xe7/0x200
[  202.213304][ T9176]  __dev_open+0x2d3/0x450
[  202.217646][ T9176]  ? __pfx___dev_open+0x10/0x10
[  202.222504][ T9176]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  202.227987][ T9176]  dev_open+0xae/0x1b0
[  202.232093][ T9176]  ? __pfx_dev_open+0x10/0x10
[  202.236791][ T9176]  ? rcu_is_watching+0x15/0xb0
[  202.241563][ T9176]  ? team_add_slave+0x686/0x2750
[  202.246513][ T9176]  ? team_add_slave+0x8a0/0x2750
[  202.251469][ T9176]  team_add_slave+0x9b3/0x2750
[  202.256262][ T9176]  ? __pfx___dev_notify_flags+0x10/0x10
[  202.261817][ T9176]  ? __dev_change_flags+0x515/0x6f0
[  202.267023][ T9176]  ? __pfx_team_add_slave+0x10/0x10
[  202.272244][ T9176]  ? 0xffffffffa000095c
[  202.276416][ T9176]  ? __pfx___dev_change_flags+0x10/0x10
[  202.281980][ T9176]  ? is_bpf_text_address+0x285/0x2a0
[  202.287282][ T9176]  ? is_bpf_text_address+0x26/0x2a0
[  202.292500][ T9176]  ? kernel_text_address+0xa7/0xe0
[  202.297629][ T9176]  ? nla_strscpy+0x100/0x180
[  202.302231][ T9176]  ? mutex_is_locked+0x12/0x50
[  202.307012][ T9176]  do_setlink+0xe70/0x41f0
[  202.311450][ T9176]  ? stack_trace_save+0x118/0x1d0
[  202.316488][ T9176]  ? __pfx_stack_trace_save+0x10/0x10
[  202.321883][ T9176]  ? __pfx_do_setlink+0x10/0x10
[  202.326753][ T9176]  ? __nla_validate_parse+0x26ce/0x3090
[  202.332312][ T9176]  ? kmalloc_trace_noprof+0x19c/0x2c0
[  202.337696][ T9176]  ? rtnl_newlink+0xf2/0x20a0
[  202.342399][ T9176]  ? __pfx___nla_validate_parse+0x10/0x10
[  202.348144][ T9176]  ? nla_strscpy+0x100/0x180
[  202.352745][ T9176]  ? full_name_hash+0x93/0xe0
[  202.357432][ T9176]  ? validate_linkmsg+0x71e/0x900
[  202.362474][ T9176]  rtnl_newlink+0x180d/0x20a0
[  202.367187][ T9176]  ? rtnl_newlink+0x451/0x20a0
[  202.371978][ T9176]  ? __pfx_rtnl_newlink+0x10/0x10
[  202.377058][ T9176]  ? do_raw_spin_unlock+0x13c/0x8b0
[  202.382285][ T9176]  ? __mutex_lock+0x527/0xd70
[  202.386994][ T9176]  ? __pfx_rtnl_newlink+0x10/0x10
[  202.392063][ T9176]  rtnetlink_rcv_msg+0x89b/0x1180
[  202.397095][ T9176]  ? rtnetlink_rcv_msg+0x208/0x1180
[  202.402301][ T9176]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  202.407770][ T9176]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  202.413766][ T9176]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  202.420117][ T9176]  ? __local_bh_enable_ip+0x168/0x200
[  202.425502][ T9176]  ? lockdep_hardirqs_on+0x99/0x150
[  202.430715][ T9176]  ? __local_bh_enable_ip+0x168/0x200
[  202.436093][ T9176]  ? dev_hard_start_xmit+0x773/0x7e0
[  202.441425][ T9176]  ? __dev_queue_xmit+0x2d2/0x3d30
[  202.446553][ T9176]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  202.452289][ T9176]  ? __dev_queue_xmit+0x2d2/0x3d30
[  202.457426][ T9176]  ? __dev_queue_xmit+0x16c9/0x3d30
[  202.462651][ T9176]  ? __dev_queue_xmit+0x2d2/0x3d30
[  202.467784][ T9176]  ? ref_tracker_free+0x643/0x7e0
[  202.472834][ T9176]  netlink_rcv_skb+0x1e3/0x430
[  202.477614][ T9176]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  202.483086][ T9176]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  202.488394][ T9176]  ? netlink_deliver_tap+0x2e/0x1b0
[  202.493602][ T9176]  netlink_unicast+0x7f0/0x990
[  202.498390][ T9176]  ? __pfx_netlink_unicast+0x10/0x10
[  202.503709][ T9176]  ? __virt_addr_valid+0x183/0x520
[  202.508847][ T9176]  ? __check_object_size+0x49c/0x900
[  202.514163][ T9176]  ? bpf_lsm_netlink_send+0x9/0x10
[  202.519317][ T9176]  netlink_sendmsg+0x8e4/0xcb0
[  202.524133][ T9176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.529445][ T9176]  ? __import_iovec+0x536/0x820
[  202.534308][ T9176]  ? aa_sock_msg_perm+0x91/0x160
[  202.539267][ T9176]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  202.544573][ T9176]  ? security_socket_sendmsg+0x87/0xb0
[  202.550047][ T9176]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.555344][ T9176]  __sock_sendmsg+0x221/0x270
[  202.560039][ T9176]  ____sys_sendmsg+0x525/0x7d0
[  202.564825][ T9176]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.570136][ T9176]  __sys_sendmsg+0x2b0/0x3a0
[  202.574745][ T9176]  ? __pfx___sys_sendmsg+0x10/0x10
[  202.579880][ T9176]  ? security_bpf+0x87/0xb0
[  202.584419][ T9176]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  202.590765][ T9176]  ? do_syscall_64+0x100/0x230
[  202.595551][ T9176]  ? do_syscall_64+0xb6/0x230
[  202.600250][ T9176]  do_syscall_64+0xf3/0x230
[  202.604771][ T9176]  ? clear_bhb_loop+0x35/0x90
[  202.609467][ T9176]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.615382][ T9176] RIP: 0033:0x7fd446a7d0a9
[  202.619813][ T9176] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  202.639431][ T9176] RSP: 002b:00007fd4477420c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  202.647864][ T9176] RAX: ffffffffffffffda RBX: 00007fd446bb3f80 RCX: 00007fd446a7d0a9
[  202.655852][ T9176] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003
[  202.663832][ T9176] RBP: 00007fd446aec074 R08: 0000000000000000 R09: 0000000000000000
[  202.671814][ T9176] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  202.679794][ T9176] R13: 000000000000000b R14: 00007fd446bb3f80 R15: 00007ffdfaf5aad8
[  202.687782][ T9176]  </TASK>
[  202.730355][ T9176] team0: Port device wlan1 added
[  202.759293][ T9187] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[  202.779218][ T9062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.822007][ T5131] Bluetooth: hci1: command tx timeout
[  203.215742][ T9179] team0 (unregistering): Port device team_slave_0 removed
[  203.241777][ T9179] team0 (unregistering): Port device team_slave_1 removed