xffffffffffffffff, 0x84, 0x18, &(0x7f0000000100)={<r4=>0x0, 0x7fffffff}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0x3ff, 0x101, 0x101, 0x39, 0x40000000000}, &(0x7f00000001c0)=0x14)

12:17:22 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4800, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:22 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x10)

12:17:23 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000))
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000200)=0x6)
ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000040))
r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x400200, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r2, 0xc0186419, &(0x7f0000001540)={0x4, &(0x7f0000000280)=""/4096, &(0x7f00000014c0)=[{0x7fff, 0x73, 0x101, &(0x7f0000001280)=""/115}, {0x7, 0x2c, 0x6, &(0x7f0000001300)=""/44}, {0x401, 0xcc, 0x2, &(0x7f0000001340)=""/204}, {0x25cf, 0x77, 0x8, &(0x7f0000001440)=""/119}]})
r3 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x80800)
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, &(0x7f0000000100)={<r4=>0x0, 0x7fffffff}, &(0x7f0000000140)=0x8)
getsockopt$inet_sctp_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000180)={r4, 0x3ff, 0x101, 0x101, 0x39, 0x40000000000}, &(0x7f00000001c0)=0x14)

12:17:23 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:23 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:23 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
sendmsg(r1, &(0x7f0000000280)={0x0, 0xfffffffffffffd6a, 0x0, 0xc2, 0x0, 0xffffffffffffff9f}, 0xc100)
sendmsg(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001480)="d09a", 0x2}], 0x1}, 0x0)

12:17:23 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:23 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x60)

12:17:23 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4c00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:23 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:23 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf0)

12:17:23 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x5865, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 4:
r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0xc98f, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, &(0x7f00000000c0)={'mangle\x00'}, &(0x7f0000000140)=0x54)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000180)={{{@in=@broadcast, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0}}, {{@in=@multicast1}, 0x0, @in6=@loopback}}, &(0x7f0000000280)=0xe8)
r4 = getgid()
write$FUSE_CREATE_OPEN(r0, &(0x7f00000002c0)={0xa0, 0x0, 0x6, {{0x3, 0x1, 0x1, 0x7fff, 0x6, 0x8, {0x0, 0x5af9, 0xffff, 0x100, 0x1ff, 0x40, 0x7, 0x1, 0x5c2, 0x9, 0x8001, r3, r4, 0x5, 0x9}}, {0x0, 0x3}}}, 0xa0)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
getsockopt$inet_opts(r5, 0x0, 0x9, 0x0, &(0x7f0000000080))
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3)
fcntl$getownex(r1, 0x10, &(0x7f0000000380)={0x0, <r6=>0x0})
r7 = getpgid(0x0)
setpgid(r6, r7)

12:17:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x300)

12:17:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x600)

12:17:24 executing program 4:
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000040)=<r1=>0x0)
ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000000080)=r1)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video2\x00', 0x2, 0x0)
accept4$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, &(0x7f0000000100)=0x1c, 0x800)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000240)={0x1, @pix_mp={0x0, 0x0, 0x3132564e}})
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f00000001c0)=<r3=>0x0)
getpgrp(r3)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000140)={0xb, {0x47c, 0x6000000001, 0x0, 0x8fbf}})

12:17:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6558, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa00)

12:17:24 executing program 4:
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
poll(&(0x7f0000000100), 0x0, 0x3)
r1 = syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x40ff, 0x802)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f00000002c0)={&(0x7f00000001c0), 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x400, 0x70bd28, 0x25dfdbfe, {}, ["", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4)
socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, &(0x7f0000000140))
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000340), 0x0)
fcntl$setownex(0xffffffffffffffff, 0xf, 0x0)
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000380)={'filter\x00', 0x7, 0x4, 0x470, 0x258, 0x118, 0x258, 0x388, 0x388, 0x388, 0x4, &(0x7f0000000080), {[{{@arp={@dev={0xac, 0x14, 0x14, 0x2a}, @multicast1, 0xff, 0xff000000, @mac, {[0xff, 0xff, 0x0, 0x0, 0xff, 0xff]}, @mac=@remote, {[0xff, 0xff, 0x0, 0x0, 0xff]}, 0xcd32, 0x9, 0x4, 0x7fffffff, 0x3d, 0x1f, 'dummy0\x00', 'erspan0\x00', {0xff}, {}, 0x0, 0x40}, 0xf0, 0x118}, @unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x3}}}, {{@arp={@multicast2, @local, 0xffffff00, 0xff, @mac=@local, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}, @empty, {[0xff, 0xff, 0xff, 0x0, 0xff]}, 0x6, 0x63, 0x1f, 0x20000000000000, 0x5, 0x7, 'rose0\x00', 'veth0_to_bridge\x00', {}, {}, 0x0, 0x4}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @multicast1, @dev={0xac, 0x14, 0x14, 0xa}, 0xf, 0x1}}}, {{@arp={@remote, @loopback, 0xff000000, 0xff, @empty, {[0xff, 0xff, 0xff, 0x0, 0xff]}, @mac=@remote, {[0xff, 0x0, 0xff, 0xff]}, 0xf6b8, 0x60000000, 0x5, 0x4, 0x6, 0x0, 'netdevsim0\x00', 'irlan0\x00', {0xff}, {}, 0x0, 0x2}, 0xf0, 0x130}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "39b33bb1b5f3bdce038ff93a7dfdf97fae5901d1a86374e8fd783d86a86e"}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4c0)
syz_open_procfs(0x0, 0x0)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={0x0, 0x3267}, 0x0)
ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = inotify_init1(0x0)
fcntl$setown(r4, 0x8, 0xffffffffffffffff)
fcntl$getownex(r4, 0x10, &(0x7f0000000100))
set_mempolicy(0x2, &(0x7f00000000c0)=0x1, 0x5)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
readv(r5, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1)

12:17:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6800, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:25 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xc00)

12:17:25 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:25 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  631.012336][T13399] validate_nla: 28 callbacks suppressed
[  631.012345][T13399] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  631.156488][T13406] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:25 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x142}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6c00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:25 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xe00)

12:17:25 executing program 4:
r0 = syz_open_dev$video(&(0x7f00000001c0)='/dev/video#\x00', 0x1, 0x80)
ioctl$VIDIOC_S_EDID(r0, 0xc0285629, &(0x7f0000000240)={0x0, 0x1, 0xffff, [], &(0x7f0000000200)=0x4})
r1 = syz_open_dev$sg(&(0x7f0000000180)='/dev/sg#\x00', 0x400000000000000, 0x0)
ioctl$SG_GET_REQUEST_TABLE(r1, 0x2286, &(0x7f0000000000))

12:17:25 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:25 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:25 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf00)

12:17:25 executing program 4:
timer_create(0x7, &(0x7f0000000140)={0x0, 0x31, 0x1, @thr={&(0x7f0000000000)="063b6a230835c8f34236b4e2a154614f179307da2ff7d1e8e1e7e9d1d6777655aa70a3b2da86f542d2ea1b0ef639d4899242e4db35294a82acac4ce9940db77db603374ab385c8f62f9b5b27230a33a82ed550db0e5e800a74ea3fa6526561ac4855e61bf2a9ab2d87fb5f264f71c98d5db4", &(0x7f0000000080)="456ca787db4f30b4a5de75f6d29e0a7a7f79500b18ac10dabc84844fd425b37b3449547fd36bdb6c3626e34afd7536b7c43c2787fa05bff900ffe3be296d53fb80a60a369126345e1ac01b8715f25716904a44fb01f9e8c2f9314a16e58cfc29e4e5f177523cd55422c07311b19eee82557515333b1cbb0806b9f554aa8a12e5ea57bc042e06f9e0b0edd8a1eaf257894c74edb591e5b4111b949c82fa1086ad10c72a6da10542"}}, &(0x7f0000000180)=<r0=>0x0)
timer_gettime(r0, &(0x7f00000001c0))
r1 = fcntl$getown(0xffffffffffffffff, 0x9)
sched_setattr(r1, &(0x7f0000000200)={0x30, 0x6, 0x0, 0x1f, 0x400, 0x9, 0x9}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x17)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000280)='TIPC\x00')
sendmsg$TIPC_CMD_GET_NODES(r2, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8800808}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x1c, r3, 0x701, 0x70bd29, 0x25dfdbfd, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8800)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000380)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f00000003c0)={0x43, 0x4}, 0x10)
r6 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm-monitor\x00', 0x4000, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r6, 0x119, 0x1, &(0x7f0000000440)=0xff, 0x4)
r7 = dup2(r4, r6)
ioctl$RTC_RD_TIME(r7, 0x80247009, &(0x7f0000000480))
write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000500)={<r8=>0xffffffffffffffff}, 0x13f, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r7, &(0x7f0000000580)={0x12, 0x10, 0xfa00, {&(0x7f00000004c0), r8, r7}}, 0x18)
ioctl$IOC_PR_PREEMPT_ABORT(r6, 0x401870cc, &(0x7f00000005c0)={0x2, 0x4})
r9 = msgget$private(0x0, 0x4)
bind$netlink(r2, &(0x7f0000000600)={0x10, 0x0, 0x25dfdbfd, 0x400220}, 0xc)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r7, 0x84, 0x1e, &(0x7f0000000640)=0xc150, 0x4)
msgsnd(r9, &(0x7f0000000680)={0x3, "1c521f08167ddb9f2b2c8063985bd451a623bded455aaaece70dc27aa42e70e103093e223ce7d230011c45dda79747201c6227410dc1de95fbc5f005f991e7136d77f83fe8c5bfd7ba7e25b367402fcb4774c5fefb24380a841716b9d909f4407399975357de8bad253a16bb1492151a7780d2433d68687c1d32fd02e16c7eee0d94b3"}, 0x8b, 0x800)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r6, 0xc034564b, &(0x7f0000000740)={0x80, 0x59575f57, 0x7, 0x2, 0x0, @stepwise={{0xfffffffffffffffe, 0xa5e}, {0xfffffffffffffff9, 0xffff}, {0xffffffffffffff9c, 0x7e83}}})
ioctl$UI_DEV_CREATE(r7, 0x5501)
clock_gettime(0x6, &(0x7f0000000780))
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f00000007c0)={0x3, 0x0, [{0xbf7, 0x0, 0x7f}, {0x9eb, 0x0, 0x6}, {0xc2, 0x0, 0x16}]})
ioctl$sock_SIOCSPGRP(r5, 0x8902, &(0x7f0000000800)=r1)
sendmsg$TIPC_CMD_SET_LINK_PRI(r6, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000900)={&(0x7f0000000880)={0x68, r3, 0x100, 0x70bd2b, 0x25dfdbff, {{}, 0x0, 0x4108, 0x0, {0x4c, 0x18, {0x6, @link='syz0\x00'}}}, ["", "", "", "", "", ""]}, 0x68}, 0x1, 0x0, 0x0, 0x20048001}, 0x8010)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r6, 0xc0145401, &(0x7f0000000980)={0xffffffffffffffff, 0x3, 0x4, 0x2, 0x3})
syz_open_dev$adsp(&(0x7f00000009c0)='/dev/adsp#\x00', 0x7, 0x400180)
statfs(&(0x7f0000000a00)='./file0\x00', &(0x7f0000000a40)=""/245)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r6, 0x4008ae73, &(0x7f0000000b40)={0x5, 0x4})

[  631.580257][T13423] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7400, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  631.740920][T13426] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:26 executing program 4:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x2000, 0x0)
ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000040))
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000009400)={0xa, 0x10000000004e20}, 0x1c)
recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@link_local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r2 = getpgid(0x0)
sched_setparam(r2, &(0x7f0000000080)=0x3b)

[  631.840354][T13427] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x1da4)

[  631.931378][T13447] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:26 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  632.055928][T13427] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  632.158888][T13460] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:26 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:26 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7a00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x3f00)

12:17:26 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:26 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:26 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x4000)

[  632.625683][T13472] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  632.715361][T13475] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:27 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@ipv4_newroute={0x1c, 0x18, 0x401, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf0ffff, 0x1}}, 0xfffffe80}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

12:17:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x5865)

12:17:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8087, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x6000)

12:17:27 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:27 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000280)="11dca5055e0bcfe47bf070")
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x123000, 0x0)
mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0, 0x50, r1, 0x10000000)
readahead(r0, 0x0, 0x0)

12:17:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x6558)

12:17:27 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 4:
r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0xb80, 0x0)
ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000040))
mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x1, 0x44031, 0xffffffffffffffff, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00')

12:17:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x8100)

12:17:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:27 executing program 4:
socketpair$unix(0x1, 0x6, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_int(r1, 0x0, 0x16, &(0x7f0000000000), &(0x7f0000000040)=0x4)

12:17:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa41d)

12:17:27 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4201}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:28 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070")
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop-control\x00', 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
close(r2)
syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r4, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff33)
r5 = shmget$private(0x0, 0x3000, 0x240, &(0x7f0000ffd000/0x3000)=nil)
shmat(r5, &(0x7f0000ffb000/0x4000)=nil, 0x3000)

12:17:28 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf000)

12:17:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xff7f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1cb, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x34000)

12:17:28 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:28 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth0_to_bridge\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="a000000013000100"/20, @ANYRES32=r2, @ANYBLOB="000000000000000080002b00080003000800000074000100000000000000000000000000000000000000000000000000000000000000000400"/88, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="080062af9ce065e200000000000000000000000000001000000000000000000000000000a80c16ae31920a85872e15027b1d70d3390e7cbaab77f4d1e6a01fd94a2663c0027069ad67e6e88911e374316525e6989db0f6fec224a3882b3f5f19da63ddaf44e8bbcadf24f1396a2b18f379b4dab73d0bad159c2c0ced0d9e6bfcbd6787a0a0371de77c3d15ccb9576306a78f55c5f765a8a0cb58410e97650cddae9a7843f19bd5acffecb287ac1cab39ca0fe7aa75b2787246e2908bf686be1a347138e6430b"], 0xa0}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_mems\x00', 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, &(0x7f0000000080)={0xccda, 0x9, 0x1, 0x0, 0xc2, 0xffffffffffff7fff, 0x9, 0x81, 0x7f, 0xe158, 0x5, 0x5, 0x0, 0x9, 0xb46, 0x7fff, 0x70, 0x1c, 0x4})

12:17:28 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x400300)

12:17:29 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000200)={0x2, @raw_data="88d2dbeda9e6155eb73a49c38946cf15b138f32c982d02073526f2d91940c90e94ceaa40717fe2d90e5c2d645ad7fc180d65c9f264fa8e2a60fa76e22b046bc8696dc970d9216b971b49b8c2c88b243dc9f7af9b1f452a2736880986b9965d67a276a1c22f521300ed41f496923f2e92d5d8a052d4849b89f2da2202b4fcc3d068508ac7a3c8ce8425bcde8cfcca1df1f57464fe2ffec627edb4d95765e768e78088670da52bdc0de707d243d014145b79639008dd33c65b9a18ebbe43a0061ce1cf0af3a7d88a01"})

12:17:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1cc, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf0ffff)

12:17:29 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6400}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:29 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 4:
syz_open_procfs(0xffffffffffffffff, 0x0)
r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x2f6, 0x1100082)
ioctl$LOOP_SET_STATUS64(r0, 0x4c02, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "f8ca781d5f7e93115c52fa936f014904ccdb29372829d175a4e80426585243b3926d887f686449fdd786f718d8343d49d4273cc82ed2a2ef63524fc21d710476", "92ef27daf4634f9065ecbc04c983083f390c3d7bf9ac5c11d0b60f5d070e9826557914da1567ee4534b1192353f3f801223d563be035c7fb302fe546973e9c78", "f1a55947f83b5a8a1bd0d7e25a30c2c9d78038891de2ae1c3c5b7be4da2a17da"})

12:17:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x1000000)

12:17:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1cd, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000000)={'raw\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000007000/0x2000)=nil)
munlock(&(0x7f0000006000/0x3000)=nil, 0x3000)

12:17:29 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x2000000)

12:17:29 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:29 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x3000000)

12:17:29 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bind$inet6(r1, &(0x7f0000000280)={0xa, 0x204e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x8)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000001200)={0x0, 0x8}, 0x8)
r3 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
close(r3)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000", 0xe)
sendmsg$alg(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0)
getpeername(r3, &(0x7f0000000340)=@x25, &(0x7f00000003c0)=0x80)
stat(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fstat(r3, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
fstat(r0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, <r7=>0x0})
r8 = getegid()
stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f0000000740)={{0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e23, 0x1, 'nq\x00', 0x21, 0x0, 0x7a}, {@multicast2, 0x4e21, 0x2000, 0x7, 0x7, 0x1}}, 0x44)
setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='system.posix_acl_access\x00', &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000010001000000000002000100", @ANYRES32=r4, @ANYBLOB="02000000", @ANYRES32=r5, @ANYBLOB="4cdfb521", @ANYRES32=r6, @ANYBLOB="02000500", @ANYRES32=r7, @ANYBLOB="040002000000000008000200", @ANYRES32=r8, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB="10000700000000002000040000000000"], 0x54, 0x2)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f00000007c0)=[@in6={0xa, 0x4e24, 0xb9, @empty, 0x1}, @in={0x2, 0x4e21, @broadcast}], 0x2c)
rt_sigaction(0x40, &(0x7f0000000180)={&(0x7f0000000100)="c4a159f67a0e3641e14dc4224506259010000047d856b646e3c1f90f526297cfc4e33579be00000100928fe86097050b00000000", {0x52f}, 0x80000002, &(0x7f0000000140)="c4619573d8d9430f187235c44251df1e26430ffe2ef30fa7e8dda24397fb99f365470fb54d293e4583fc00410f18d4f3a4"}, &(0x7f0000000240)={&(0x7f00000001c0)="c4e3f914d1f1c422550179880f4c21c4825516c1f30f5b80feeffffff246a5c401fa6f9d00000020400503000000440f46d6c4e1f91303", {}, 0x0, &(0x7f0000000200)="3643dae9c483396cd3c466430f3a636f157e8fa8009f3eef67cfc46271398300080000c441782b560a8f492897cb26f69b09000000442a8fc8000000"}, 0x8, &(0x7f0000000280))
recvmmsg(0xffffffffffffffff, &(0x7f0000007e00)=[{{0x0, 0x0, &(0x7f0000004700)=[{&(0x7f0000003580)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0)

12:17:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ce, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x4000000)

12:17:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1cf, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 4:
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x41, 0x4)
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000080)={0x28, 0x2, 0x0, {0x4, 0x9, 0x7}}, 0x28)
r1 = syz_open_dev$sndtimer(&(0x7f0000000500)='/dev/snd/timer\x00', 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40485404, &(0x7f0000000040))

12:17:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x6000000)

12:17:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 4:
setsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0x7, 0x0, 0xfffffffffffffda6)
getitimer(0x0, &(0x7f0000000000))

[  636.055099][T13710] validate_nla: 27 callbacks suppressed
[  636.055109][T13710] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa000000)

12:17:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 4:
r0 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, 0x100)
ioctl$KVM_SET_SIGNAL_MASK(r0, 0x4004ae8b, &(0x7f0000000140)=ANY=[@ANYBLOB="00104200ed5f52c199c02561bae331bb735725d8e2a6d9de9bfdef5b53b663634308827340539612bf853ed70ab3e2900b2b6b5e72d75ceb6b850092354747c8a849b0416192c7241808b49598d6c0d80a6a7043ad71ee952a6f4c550f0c50e89baaf403e7f35fc55d2c50c2e0525d28e2ad21c49d9b37bda1114d6fcfc25b67ba8a7abaf489792b2e635e95720b4768f9430e728ee9515b9ba507f7adb920e14421490ec26dced6795365800af27a3d7b34d5782c2aef52ea342b4460be5976e7c9b471d1f89698a328f1bd020a129ff7d3c20142bc298433303ca3e00526b53d605de5e58736a077e1890edaa3de64598b98ecdd1eeba7b09d9f9c0518702ca685aeb256907a9074f89ae872fd260037a443a37a1508e648f177aaf5ec6c6098af11b14d245fc3e091949f82d20428553cc94965196806a62d903e00e312a1130d51d0fc778685fad8403dd22104383d665cacb673e79f8eaee372d61bdfece5eed26242d4cfe1d76f26d7ac8443baff122ce1135911aee64dbac68fa3a431313a7869cbc30f5715937b3b7588d23f0b1f3d720ad5b0e60a17fc48a3c469952d03267178799d0e2f7e6e31b70a5e43172dd4cb35a187ee3e61539715b7fa067e943b2ea797acfd2050f5608f0228df7fc09f8a3e240c13c73e30d20928c10114560779e45b2f9e56badc9b7cc2a8492f8d49f209950e4b3dc45b4054545f5214d07f619773cd07858bdb78e67affe58e4597bd9431430b9e872650e7db2c89fe5e43bbc92c5f5986e6f661c294a37cbe89ee475b323951bd5e41d7c69c23398d670ed436bab27fe7a3490224114582440a41dd5a8015d25fff43bd9eb695ec68123d4a0b08348160b3109d5508d653440ac7b5091bb26bdec6cb7a8e0fe786c282866d34a96cd1332425c57a7233af5c9d98ea4127af7bdc1626b083bd517b89bc609f04d1fac9efbead941e649c73ff9d46d4e2670ec77e7cd37d3e08f3faed0b31bbbe9567e41b8e2433ea73e0dcb49f59d9c9df544e0f6ec0c522eb6ae36afa7b9414b8503a7625d4a3de5090bb4523c8966235b6cb435eb289549ca4ec6a799c0b5fd86c879fa3446533ce92db87ea48ab8b86c6b73cb1cf3c3640f1e7ae42b769b62ac9e6338f45295bf97a245cc1608578f2b1928ac289d766e849e0dc1b6fd4ce92d2b132466d1b7ba5017dc52654ebf32262631c86404f1b943eec07f2bc986dd51189caf9e8b6bac5b6cc91acb6b75f13ee7d72d85e068ac2686f0355bc14d968df92fc73664d4c93383dc38bcbeb869db012ffc46325a88c1347bdae6e9561c7aca9531d53f8d187f58ee1e5681612ec718878d23083b0fe508262d20088a8b148e537a4537f0281c2f20c1aed4415d0434d32d555b3d78ea412172c08249dd9376ae28aaa364ef52a7602a86c856ac49f5a51726d786747e5bdbe6b94410fff43e649b1906a94b3dfbb1a3e44d1ade7c7aae8f23b5a1d2dd5106fc318f0433884e60732125f3f5e2071a74ecdf58ec23e912564624e511cfb8f7b643a44e1a790074d665d069a0f32796e250d796adcde10758d87c170daf8154e4587eb5fc029e7eef8fe27ca1a7acc329eb051c9b0e0af11f14acf91e74eb52bd4677fe4be6d74636939209a2d3e26f9f19d174612b99cf13d4b2dea70cdc5a5d16002a5381d97b649c78837ee0e5851fe8bc91576990ca997daf2af66745ea11e2f741e476ed23c8870868b8651948d298709a45b1d27ac021ee18fea088474928722ed81a27772589bcf260b3e01afaf16494b4c541480083a2df39f71b33262477157648e8e19ff078cdc04bae45b043f76a91ec7c1621c2fce7287adcdc74bfa026714cbe2380c2526cdfe0a89afc99de2d097879354c8f7354aa9418a6c23e3e1aedffcb4b7fa07409fe2d740b244fb9c799772d46600f0b2a23efc9cf20a316d51d6637db3baf3ba9003b57fff97f0137225786699bd353567bc02290fe908667c9397143f561aa5c90c0bab768b59df729551f837ed41a009e40e1b4268c56baa18c4ece35e59c6d2ebee92ebf9bd5424089b391ef699e21d76db154a0d97f99e27006406924d95b76633050a57d68f880dc4e1aa9a8efb48f4f655ea493e607183ee199b124f6b75c727cb10407e0dbf9e93a13bd67e445b3a52fbaf1e447811f8f6a731d4010cb5e92e52999a79595dc9ed06614982b78a2d861cb75c8de828f203fe66b59b3150347abae7b48f0fd3ab62feb88ec0fcb4711021b5b8ed3abb0701691dfffe452a741f4432d9a84da64d394e2724726f8785a095ac46860a9cbd7dbb86f66a846682fa16db36dcde5418804c6fef1411e8651325431887334bf60c8098ab1c7494872daa77dcde9728ba24bc78a1a46cc2c49c8610b1cf3a87029d9f5f94f3dbb03c5d7c414fe230478829397a6a1fcaa0ca013cd873e51c154ef08a321d1d63fd97420db4fa5e60aa7fd611565062df7c061b5ed971d7ba4df681284ae4bb2928871bef47876085732b20df57e63f3adc428ccd9d71422346dc364aea035eb5326992a3fa3be75aefab04a03f0bc6b0722947cf71c90f98a0cb9b298ed2d00e3edcc213463e6531434519b00185972a1c59b9ee4d6fd67d907522d457535de708f272c0d1cc0239870f1b8271582cf1e49b2852a6794affb234dc524d2eb14f73426afc9aebbc2f28637fe0d8b5c5dd0c1350c162d53943f220fbb9599515e10ff3eec3eee0fa58cbd28a61488fe0661ed61299cd5bbe8d76256edcb680e1444e9a054eca0b4d49d2f9d7049f4f479619add84f8772bd3406ab06dcf36d25afcd564a00d3c88657428db489476752851f00c052f6bc61daf44193156870f52cec88b292e9335049509feeb8168c84c50d37a35d570df30b9e3717033db0ad1225cad478c75bc6662ce216544083e67b2c0e7edcb191348681f00f0a328ca17e17a52e5127475897a565ac45c31dcd19033431ac5d849ed7b5315fb4c351f10cf24425ca2ecb7d961c24165eaad598b8215aee22de164413317db74c567364e1da12eec2ed20d3a7c89f3a3e9cd0e63b7cfa5f215827d4e5212c62e69573e7161286cd3776f2e40cee541fb3471a92ca532015a47bdb1ab55fcd3ca86046d50bdb3e1a447275a864dbaf74950029ef69c9ef30b1945116ea0650b55dfa0ad4ad1913c4b3866351114d86f876cc077e0e15e07b8d185bfcd24e4e0d4c3463dce70d4daa382ed5538a9419fd0bb70dddb7f1880fc243b96ed84cee3e4d4d0a6735016ab3e4ad3a3d3a94c771916e5d7b4ddd2607acebac78dbb51c6c48715ee7e3136e1b32d70ff2de055802665b956c1d85320408c3ff01a68d268df7297f46f6a11f237834bd0a1102d511b69b038bcd4e7f11c33c71efc372526e0161098bcb22b3fde95dc67134be361ef6581d24d70a21e25f8bfcb8737363c8c9106ddf25173e0da65fbe59172a3bdc646b2d9e036fcc751ba64c6f758111297607a4019abdc6e0e6707d14a2c57b4fae008c38baa70490c1bebd755a98b702c1c4b27862ac33ebca9d51803f4e86308e12bfe7e1c169d52688c0a743314840520be1e98e0103a3696d13b3c8a5d8af56dc14cafbbd1fe77794ec62c9af03f5b48b98512c51f6d6dacd910241d123f2de9d94a081e2d9ba3a576b6e43e69aa365ff930d48a32727db757204ba6869a5b4b0c3e407e3d4c011ef38eae61f986e6ad650c158a637c5ed3b144852457cdfa383ae44532d447d7b8527c9a8491ad84e674815b09823f7d81e02d81ba688a6af854784b7d9a090af7a914cf324ce415083f99b3b7d39730aa7e3945dd820a98ce6dd86e25949eb6b2bfe950e4989f0a0b55c3a90479496a4e623e28b999870d44c9f5d23f4abe8bffdb591461f7cc8a621656e12cd95c67de191653efad3f59f92abedf55c0b5443f27136a26bb06cc601f9d5fa678fa14b186dcc969850fb886c9dac3cae16a81f4588c91395e1800f9cb220a639d8635aed3c513d792398f6dd7a021a1b81a76b2be37b09918780ece97142ba95a68d419ea87cbbcadf10706c7da122281fb53f367244530876b6d9188dabf1548d0defe642c27f001da42577b408b2e0b5f908a6aaec944184ca2caeebe445bee0292bb5c2625d6fbaab46ace296f3d7a0d0e38596dd8d3712d1170e6d2b9826f4d368bf6d70514b26349ce6ef17206e81413609a98a21836617d30b2dd327027dc12029351098e35a408ca3402a890f5858d315d5e755de0899d1ddd76a7fd7f29445866ee9507c3d7320c3453c7934b0f552799904d8a2c39d050c71d004336ab1b4014c8961dd4815d7f4a0fc45c6ddaa489888e24ea7c1c7022d6e3769028ffc199d5a2a8e8fe58f819cd46cc7abc99a22176297e9f57ce55da855ddae4e064c44bdab23c98fc21593acd05203246acc160145ecae030b311b52560ca226cc882353ea3ae92bb8cc92eee28869103c05a1dc490c7282f5d22fbec8e05aa8b78fc799a9ebbeb8336267c14f6cc61f791b8096240649f7131faadaba2a3a1bfe7b46558a5146f7dcc682dbf2740f6ce706c3a1a95490eaba900beca747bd58336f7d4a52fbcf9e63099b824f80006c7ff94748f2dd59b2bca9a7d4b9f1c3ad073176d5edf08dde84b71f19628f432068a10fd7d2610d1fbd8ef61a5f80bab2a7ba9c360df7ddf84c4f84e393542a4e1fd5dcb2975ad3eacee9ca342e3144da5c81906c7b147ce7189613a18a922c14eb4ef9ce2ea14a0b578bb0e60ae7395c72477cb37ca192bdea1b7808954a39b9a24a3fb6f34e8f7afb88178d82cbba92c5b6e584cedb84ffff939eb9fe92bab9ceecceab1cfed0cbacc769440e89c1417496f2de2d8685961bebafaac0e3fcdc5022baab15b27c4539204bd90409016dacbab92912dfd02808838c287bdc5359d03eb2b89add5abcadb6de0f86e3c99d79d6ec06642954ad8edf07c0f55a2873523c152736e63c546890b88666953fe195aaaf09ab4f4c145e02568a6bacc8637deab70db27a28a0af9cc68c45fab537f4d0607c4724ad33535975e63180ef3bf4ddc445c02f7b43101f5bb1b7bb56a70f40fe11c22f3e2e2a5a8c0b5fb7419c322f976554d0f28481e973ea0c0a691fa930d468b77e1d887f774ff623831cea52c4c016b85443555af028ead89a7ea46b564c8b40542bd78fd37cb88ac891973c0d4e6e661d8346c601c00df1679549b5e88928d6ab8db55a2d643eb1d5348bdb96ad5576167b017c799305886e31032895df66cede423e5bcccd1c2c072d6c3ac3bcfe15c0e3db5a24d5e2341e0320e2f4919cf38409128940a5c198eff405a21bb23612d6ab497fbd9dd0a04f02df0219d6be12f49f70b6cf5107f32db4b8fd1540d310f4475f3308dc10b5a5c7c7dec440425ef97205673278b80054679c3eb7720ad1d70e67c45f461c2defd822aa7128164190cede4daba1ab31b827d6a15688f0ef1ce2fad7d22f45fd236548cea9058456e2ae773ca003d57a4f2bd1c1b907a7c9c59edb177591ae77dd36c3a4effbce0d954d8fa5ded4bb3f03e89e7a4809e3e5133ffac15a08abe9cea2ee19cd7aca82e3049bdcd9a34b9f1d7c8098afb6b7c920b6e4410b146f26eb32a7d2574a2af608d4661df4812950c228d44e674bd3b45d593ec773594fe8e69af3231f478ada9abfe26ff8ddd375efd7d20cb19fae9bc44fb5daf385b44b5a31689b95f9dfbd986dc7342f685db49d2b5301bdc5eb718f3ad89002a95510f49a6172b73e52b3e01d4fe3c03158ed08ff9805907dda1fb9b5"])
bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x1, 0x402, 0x1}, 0x2c)
r1 = bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0, 0x0, [], 0x0, 0xffffffffffffffff, 0x3}, 0x3c)
bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x73fffb, 0x0, 0x20820000, r1, 0x1}, 0x2c)

[  636.179418][T13729] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  636.302408][T13710] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  636.353328][T13739] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:30 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d1, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xc000000)

12:17:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 4:
r0 = syz_open_dev$dmmidi(&(0x7f0000000300)='/dev/dmmidi#\x00', 0x0, 0x0)
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000340)='/dev/uhid\x00', 0x802, 0x0)
r2 = fcntl$dupfd(r0, 0x0, r1)
ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r2, 0xc0505510, &(0x7f0000000280)={0x2, 0x2, 0x8, 0x4, &(0x7f0000000200)=[{}, {}]})
r3 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x7fff, 0x2)
socketpair(0x1, 0x6, 0x5, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00')
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x7c, &(0x7f0000000380)={<r6=>0x0, 0x2, 0x62}, &(0x7f00000003c0)=0x8)
getpeername$inet(r3, &(0x7f0000000480), &(0x7f00000004c0)=0x10)
getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000400)=@assoc_id=r6, &(0x7f0000000440)=0x4)
sendmsg$TIPC_CMD_DISABLE_BEARER(r4, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8010}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="020035e911442be318792bbd70070000000000100013000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x800)
syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0)

12:17:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xe000000)

[  636.732858][T13758] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:31 executing program 4:
r0 = eventfd2(0x0, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000340)='/dev/admmidi#\x00', 0x2, 0x8100)
ioctl$VT_OPENQRY(r1, 0x5600, &(0x7f0000000040))
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3})
write$eventfd(r0, 0x0, 0x9)
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f00000002c0)={0x3, 0x0, &(0x7f0000000100)=""/9, &(0x7f0000000140)=""/193, &(0x7f0000000400)=""/108, 0x7003})

[  636.822275][T13760] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:31 executing program 4:
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000000)={0x2, "347dd89f67daf6431aef15b2ba6798a37b3c1091adf8bd5f887ba5ecb78cd13d", 0x3, 0x1})
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x2, 0x1, 0x2})
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x1, 0x0)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f00000000c0)={<r2=>0x0, 0x100, 0x10}, &(0x7f0000000100)=0xc)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f0000000140)={r2, 0x80000000}, &(0x7f0000000180)=0x8)

12:17:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  636.913831][T13767] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:31 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
socket$bt_bnep(0x1f, 0x3, 0x4)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={<r1=>0x0, 0x84, &(0x7f0000000080)=[@in6={0xa, 0x4e22, 0x9, @ipv4={[], [], @empty}, 0x1000}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x4e21, 0xfff, @dev={0xfe, 0x80, [], 0x1b}, 0x28}, @in6={0xa, 0x4e21, 0xfe6, @mcast2, 0x20}, @in={0x2, 0x4e21, @local}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000300)={r1, 0x7, 0xdf, "2f53a8e3a8226003722a78039eb677b408a44d59350091fce0d12f44a98253401d8f8548d649d785f9337d0d2438d1ae2adc3d3e55df848b40456a4bb830a09bf842934ad34bf219d5faf6fdbd1db5551987e688afbfdcb8270d03da35e3c6813acd32f6821b62edcf595c5b7720c8248ddb7dca6da39df2ae58c2e5651ca0d41a2df7b41365fc570305e76c6ab40e37fe0ab517479deba409221bddbe84735b7ca57bca0465276d0ebf4b37c8dfa81d4322e0282494ad119aa6f1a039ae79e7c723156652649a3f9ab2d10826314299147b751d04e17b19e3cb0a9538618f"}, 0xe7)
r2 = accept$alg(r0, 0x0, 0x0)
dup2(r2, r0)

[  637.075179][T13784] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  637.208970][T13795] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:31 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:31 executing program 4:
r0 = socket(0x8000000000000010, 0x2, 0x0)
write(r0, &(0x7f0000000180)="24000000210005ff006b000421ed382002190008000000000010ffea080001001c7a6cb4", 0x30a)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={<r1=>0x0, 0x3}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000080)={r1, 0x8000}, 0x8)

12:17:31 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf000000)

12:17:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d3, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000580)=0x14, 0xfffffffffffffdd8)
fstat(r0, &(0x7f0000000000))
r1 = syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x2, 0x2)
ioctl$TIOCGRS485(r1, 0x542e, &(0x7f0000000140))
openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x800, 0x0)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000080)=0x1f, 0x4)

[  637.415770][T13809] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:31 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x10000000)

12:17:31 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x9, 0x80000)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000240)={<r2=>0x0, 0xad9}, &(0x7f0000000280)=0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f00000002c0)={0x0, 0x5, 0x527e4ed958cf4635, 0xffc000000000000, 0x3ff, 0x2, 0x7, 0x9, r2}, &(0x7f0000000300)=0x20)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
fstat(r3, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r4=>0x0})
ioprio_get$uid(0x3, r4)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x6a, 0xa, 0xffdc}}, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2'}, 0x48)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1ffffffffffffe)

12:17:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d4, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:31 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x3f000000)

12:17:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:32 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x200e01, 0x0)
getsockopt$inet6_tcp_buf(r0, 0x6, 0x21, &(0x7f00000000c0)=""/123, &(0x7f0000000180)=0x7b)
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000002440)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e0000002b008163e45ae087000000000b0f0000000000bc4cc91b4dd65b2f0580cb7023072a556d1c958c000000", 0x2e}], 0x1}, 0x0)

12:17:32 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x40000000)

12:17:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d5, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x10043, 0x0)
ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0xb0db2)
r2 = socket$l2tp(0x18, 0x1, 0x1)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c)
r3 = creat(&(0x7f0000000100)='./file0\x00', 0x181)
r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x0, 0x0)
ioctl$TUNSETFILTEREBPF(r3, 0x800454e1, &(0x7f0000000200)=r4)
sendmmsg$alg(r3, &(0x7f0000001d80)=[{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000280)="477b38bef71b03e68322534295a7bd8c05c1d25e4323b00be078b5b3263ef35761fdc8d7e8617069c8d0baceab524958ae8d031b63e51b2999262aaa41283e1eb1f805b3c1c9a1e80481ca55d568d7cfcf08", 0x52}, {&(0x7f0000000300)="930a1780b39a286b87bc90a241205de18f721aede28f03639abb71af85f61b6f7d0716faf86a3bd5fed1b17ded4e9cbbb1c5159f237b392bc752349de99719779e8c1158f34a04fea92f45580d0b6c9b96eb30efc72b38bf4389716d7b6a0ebdb97e8b3cbcef1d238c07d18bb1d8fbc5", 0x70}, {&(0x7f0000000380)="1ea0", 0x2}, {&(0x7f00000003c0)="3a05ad3940091e189aa7f02c8a459d6acc4154fc555f17e4f1a6e1f5ed7be3c53ff931fdfbaa5589c9b471daf08ccb0eb67c4376097bedf27cfd08eb6cd46cb744ac93d3304ea96b2badb0f669af0d276cc5ca0bb620eb4d5b34eab8e1e1c46eb9fc33b55ccf5b1810554d31bf8b9e790942b05ba07aca04", 0x78}, {&(0x7f0000000440)="3930c656c4cdee7e893df99e9c455ff5e2eabbfbf29a490bc6b0817980dd81d47471f573ff2215a02a82746d684d003fd0d4217799ad114a6a15d0959aae72241e895cd4f581544e11b5e413d97c493921a9c11c31537a17d43130068fe10da60590bd98121563a9419f8849791b43320d21219fc2ed59faed13cde334599a93296dfcb48d462899a9fbbec9a016821a02dad77bc94c973acd009c1f609d4c0f1cf6fd8b4a42f61313f0", 0xaa}, {&(0x7f0000000500)="e42537221536c9dbd1380ba71b4600b5a5d706c7c34b6872e52c0dc67d1ace850e148247002f376657623845e39e6bf26236c65739ce48eb4315900168a4be5a1bf8d264ab4c968b59ec556a54ebebc1a52b6300f3ac433f411d8831e578f03fadd7dd6155ca40b7c21f35fac1fcf1b99f2ce218362c51a3af264fcd990ec59c30e8614c29241bb2f37a769df25a5cced9b7c8108aa3ccc9e206c0d86e31347ab5d80c4b49349dfc33a005471669a5dc7b644ebaecff978408224a2098a4a0999af88e59a0b92920cfa505ea61fd6ad8eb3530159d2585397d5e0980e32f3c603c6f948b94a9d1", 0xe7}, {&(0x7f0000000600)="a687f8977a7a652c213d7e1302431b803523651a13bdedafa50266fbfb347a874e201e5df93ed21414fe4d4ef50c6543a586122904ba333014c2b7e06ff579b7b8be9f79dfe49c1033228122a8726c059b794e01b7059a5262509cd639152c9811e6617f89b001fdedbfe08f12d6858bea5014aa75b5751606548dbfbafabc849491acd26b6c3db5c34936c281846355f265496b681d6750234cc74453bd687a3205ed855c20d11aa1422eed93d4ae272fd36c4e736d2427e8889c281cd50c926161533835637f60113c119ff96beab2294341b506eb3c70473876e7f131ce13e9faa211247e1a6e6c004e13b94c356fd0885fcf66b8d9", 0xf7}, {&(0x7f0000000700)="3615be33", 0x4}, {&(0x7f0000000740)="1f5179c9ebd3608e1ee7689e5206ad095c6b0b70f6c49f4dcbff9a4556bd335566546ca9f4cb93b436c0ff0e119723c8eea967d7158205223520ec10e3665f30b853f55d5d55c65a81be6b6db51e1361b37d6819f667b6130df9fcecf409a6d39c156e625452a96e594d27217b0b3fab02440a676ed5381f03f5a96ae30e90330597155f1b8d7bdec9a0f532a026c94b12ab7b577981bffdc4796e28d9e69c9bd604b45dca532ea75c1a102f97d3f97b9aaaace07719a47f4d8fc479edc1039184bf580f18988728", 0xc8}, {&(0x7f0000000840)="685ef394c446da4378e33b5cc166065157bc8a1faceb3f336fa5181e897e65c78aa1571ee0820967ae55677cbb96246ac5adc6ac0dc3e2bb9d406fa23c90a802dea0390ca0375085f37fc4dfabd7538565d2f30cf420c611e8ec5b12593aca961f4d780854ed0bf50644ed5aed55efea20ddb69d0e2aeb1340c34ab21abf5ba5258d426fdf14e7905699ccea52ee2b8f1eccadc59a594bf7e37f2289f49120fc3f08753fca38b6292b5003f8acd554495b9b025a60c95f3e483a83ea366c51ebb5d027b316452e9bd0934ba13e95aa0febab57de88ea8c8b5ff48ab4e27ee721e095de8215e9d8bbbaf71cb57e433253265b2fe5dfdc1a345de17507635fdca29bfe79ab54a62e340e852f9fdcb59befda24e38826711845b0b598ffa6f82888d5bb117d85f656a750d7f53b6a51c2b985f21c8924ce086588807009bfe983b83e74d4f67f79115629c167572ad8b9c4d8eb339b6df36f86e873dfd51cbd774cf04f851c4f35d5ccfc245ca24ad021bcc7ed616202f6ff2f7420b35a5a3c68a836564d87256df951cb19ee50b750d419d871550b8f318db17b2afa5a083a57cae2257ab7210564bceea71e7054f32b6552fd3ccaa61fa5601ef7e3b82e6cd5625af3bfcb480a313753ca40a520575861cf1c30576c693b8cf8255aa623fc0018c50abeb8920653a582c7ab9ec1db7bd416ea3cb21f2b573a0f0ca18a0ecc6b54cf329bdae824e681a2321a940a58084786a98eacb0ebbc8e4f9b010d687cabcd9001ed2e9bd2ec70bf317595c320665161bc57ad5489abb471a3059d978461f25159ec9724ce7be8dda124ef574eaefda50077657a3ed2216fc24990335fb72123cc80f8e24737e76924d0a13c230ece087b6f31088f6944721542e521b097ac5d1f0b41e50c5eae85db9d6ef17fa62e55fd025a4a082997913bbc2ae15f53b3ba127df642dfb68130400aa6325bbfbc9cd6326ed7e7164ca849b978ab1e894ab3cb0590b8b115aba40c52d10d1d57f5401191cef6341d71fa9e7d5b657bfc7eef118c106b54f99226c50fad954f8b1fe573cf5912defe3625a5519f2fe2d8bbdc8b2907ebd555838b12054d606316c7efd18cfca448622fbc251d51005c44be17ad5da5f2df868c229b3d3fa2138c9779e8e07619275e4c654ae65714ab4146e7403f6c962c4465ac8e5983e0cad8884d813ecb743e02d8ca52a8874f33f149fc1eabcb0ca972e0a79e612546cf4e92460654a669fb8de79d0223779965abe4891af8f4285f37b91b6850ad36e4691d9f7aa92f10ed72e62ff5e55c587537e5a229f381d45c5f5259f992e6029b242b9eedaeebeab1669ff40f152663a9a8af0c21f281a4adb4137005ec0448cdda5138142e0887b8e189cb5867ac0e76c68e4b8e99b73cef85e98be8ef35ac3995d5ef451c1b41f90575bc212018e7ed196e445f2af05e769aecdd4315a5925b482bb81956cf279036737b6fcb33ba35c671baaf9dd406d57fb5fafcca3da859be13db4704c90e2e6b7fb27c42613ba32b52a138a1727c6dcde01410e8a8338f7f583024f25e98ee6754724d1868504c1ea8bae95b26f05bc0a50be4e7b2e0587b77f38acb5cb6c837c27ca8abc9a2f19ddf933435f079556b4d181298e79700b70da0e0c74c7dd313a95c2105e83298d6bb768b11cdfe8cd54f8753e53cab0772dde51a8f6dc0a67ece14a28ac645babd47f81fe690332199cfc3c5b152497177b02a7b53fb110df22628b3eb0eb4df79387144561315e666666569c6582cb5a41b8b4de8e4c0658617244713d094ffed4fe86d3b5efbf77a35b5c6c75274a7aab64476ce02d875c3433697bbc1c41ca5fbf6beaa0e803c3bdb80cd40d851112b06834c7d930824477953785730b9a5d7ad246758701e08c09244c229d7b0c7c210c57091b3517aa3f28565b0188a0c4a5be35a2bdd34ed72f266779b79cb67130e7a46e6006e538b7cca2836e70f241793245030bd3b3d55595dbae84edc2e8916c773aa4f17d7a2d198ff6aac92d8469f4de04d5e79c239bf37b6a5e6b20a20243cb457860c0164a0a230db35709c516efb91e59b163387256c75c8d096944c034e4cc54f8bc10837d1e73c4bb8f45601cb23707c5a49c70e8e796022f21efc19b21a73670087cc965c4ac51fcd649a47457fcfbc411fb8e011b72e166cb92b8c3d9658261061966f45cbec2bfb1c56b6d837f873b08c883448229b048e9f6ede1024c731c761c60733e77a4f4e179f76941d03b9838e0ed36243ad03694e7ac7f24083996a237e7db364db11c5c9360770f061f029ec6781359b0a4373d33703743929526d6a61ee6132ab55ae91d8cebe171becd6ee0886799566df41cd38f2db291a3eeca7bc07d6a01b24f108802a4f68e627bce4b7b6e280a79e3c123076c3403ee54ce016ab0d501ef532d1b2da0d98db47e2cca6708589e3bc8deb1344f9c6ed9c644ef503ce183f6ac23373e037833c3ea5f70e214a69cfd34b6f02f7e29270ed506df2242f936192bac8d973a4c4e872f3d6d654e9418770263f418061d5ec8f63bfedcd829b7e73d0290123ab23268c47aa315934f61d369d73cd81322c320a81a3b3b1e733304fe407d7df226738dc182ec82c70f93fa704f3332bc47d01c41f0aa6331b75134203579d63342e9f7e90e45933437bb74fb86f807b7e3ef33a65ec2f9d18f15ccf5f19cf2dc11f48aa8fa945e1bca20afc67d9985c1a3cab24111d675cfed1c51f84187a5c5a339a3947ac3901ca0077cbecb419469be11c37a25fd63c1b929932aa876d14d1ee1e72d3bfd37d23a8c9e95d45e02c21f3984a9b6d497198bb71f2e1a57f3795298429dab9a853beb7661c984b4a3b53e2d2541547c8a620b41662ac910e4fd730f0eaaf892d2adad479149ddbec1528fc4bf57358767984c576f70c77ae3d12477003c2eae55a434a6b15081d2c4f707172b24d50e102417141d52bf37598a5a2a88d5348b1412a4756226de1218afa96ce3863e4c4247735190d0b9f3b79aa943a42e3d8eab7ea498c7ffc2ee3dbf98d54b0e026549eff30a6b36c0f2658b276b2a4c6ee2178c0b4f5ea6ecef7e05289510f0c55b079c837f1591407502d791ef62eb31ff1c99facd52f6effdf6d9ddecc045dc529ed66a5113d9522bb8936fcd1452309e10cd726d50c05e28ae24efb408cdd34ae34afcefe787b36139e443ce06e38a4f3c307ff9ab2bf19975a61b06870d197c17ff3dadb572519769aa339098e38cdfeaa27c7535374dc08d19015153dcac6353a7af8caace550b6faad04442dc11ac8fb02678104e31fbca80300e4d552b8eeb37282b42e497bfd64d2adb018a95b712b6c10448d452dea572b168ff9fa466ce1d58bda11eb4654c54ee308c10f3a38ae66fea63f4d4d1f9d4e97239d02d1a56c5369bc5da9fd518efe20199c5a118088951d6744273a905884e5813347799f08acf003daf246ad19478a65693ed482217208def54c473315aa7be2153859520c3fb3efd8860c62149b3d5d5de9b6f96d681ef5c9ac159e39c82a37363253a6fafe34f53526d5104c0196a5d03523156ad7b9ca665213922edaef61f28ca001f294cd1f1fcb3a76f28efbeaaf1d0a998b7f6ba6c80b3e5f117bbf71abee0f09193dc1f9fedae1f1d9c0ae88e9fd9d4358e344e227f1c57dd7ee454edf9b0a8c61b7735963a9625751d18829be8efb0bad6bd89f4d7994b65146a401c65f710292e08372f01e537dc1881b003f82287046b64f9f78ecd75c7cc299d87c1a86b3bd73ddf5b2b7fc8a32e5bf9be688e72be8b7bf7fc47ad64cc2ff71d266ec3b14c2f9d7f292389cd336fa2d72d57cf9bbca50021371bb13d0a8b015c3c84d02f9f9568c16ea9488c1dda9e4bdc6ee22113d55cb33eb076ae75ba2f0ed3d843d55f89d0ed161d8d26e51b07bcefe2553cb66aef41e64031eb562d553a6b225e69cdea1c813de6ea2400c4cd11d14117e69a19f69fd8d1eaba713d05bff477547f7ff3190a83bebc7c8960e4c0594b4cf1ce14012cdffe065c43fd4003a661dabd2f226e2bc5d5d0564c114cfb487838ecd94605226197c41bdb8023af8fb56507aff874730c466ef2e5a8a50333a935e1c2a5933d6e6cd27250dd79e59cb06b763eb3f80fb85c8a3d2098006c79997e282b524f5e1d9d273a48e32c994ed9e779b9e6b6bedc840783a1e6faf897bc25e6681d33e6438c022f4fe4c8a266d1be9da90562b13feb80fd91f8bb8d7d30286b05ff7fdcb6338b4250f75cd82c097938f64a71228dde859f8e67cbb8c474e05c6ea150553f89c692af33631af1578c55c7757b2ce10aab138fced3bbce487a8070fe680be5f26a1b8eb872fe7556e638aa9548e42839a80bf43512db8e9fe6eb4601d265a5551890091c0458338e85bc91a153548f4d4f0b2c6d67ad1708a3215aaacf0480f71f0343fb076c14127848162618071f154f2344cb4ece91606efdcf96a2d0f3b03c501aa1afcfb214a9d7759eb5332b1c8be00e5bc60875669490f473021a8ed4b457bc04fcfe562a423443a297e588b3b2ac575165c8823e8aa2406760ab9665df7c981c37075e9edc4f04604452e828c3de47c1a4dcaa9968c3091dff6a300d6148b9bb96435f15ab643233cedaf825fc2e60ace10b30aa7c37c462426d7a3b3341bf8574e21798363c7c0c208978b956f9f2521a9072b0f338fac7a6a2389247a5ae812b10309e680a15d9bfd6a53e8e77f61cf45f5d5787fa0e07488794aee81dc61333e6b3c265367526fef873227c0dab10c8e43a88cb3c2770e349a4c128a5388197c2cf7562610b672bfcfb7b2b2fc8110ce8ad2bf912520cc5e0d8f9dfb0605a7b4335f5dfdee0d8a1369fb02cb5b10f62090b0f1667eb86cb95312168dfed5e6f7c6a4013b3c3529ec7e06f3af078f8f035669f172b7a48c4f98d4cdf9e2c7af0e57de7362a9ab4ea7cf1f568b5254d1f6ab09470aee4a7adb2cfca9b14bbc1a7318d060f9786f12da7b6ba3a81d0ca180feccd4dc6b68191ec682f6035019d462fe52824361e7b211ef181cee538aa8e0cae4d7e9e49afe264157ae8a6eecb047172215eac3e5d78e69dc98fd9ae6a0ea84069097df985b6760a3070df7f42e52058c6907e447f29d6562a3e767581dc086ba41ec3e7c57c2e8249c52b311e2bba4bb6de82b1929dc4544fe4a8741c3d561b39f5d36f737311ff5586a9d84b0f724f8364a3a7aae0fe2a7105c3f57335f9d31cd125e0c33e468ba84035c1c557a59780bba8093eeb5ad2803c954d44fb76750d616e6e92671fbeff727eeb80650457eed72d51924fd41ecc7024597b399245dce4f5c13d95de2d2e458366d50cc18f5a6be63da9eac8cf5baaa97071ca1ca811a7040a890bbc8c6b01e686cdb87e3a3f0181795e671aa02acbb7966765c85e6fca649d8f26b784c0fe66f17fb1ec9b8a8c830e9e02da9cd959206893a7af1adaf457ba3dc7a8e3ff02499544ad6dcdfbcd3bb1c860beac065ee18c505e25cad4fe54e086eca411997bfdfbfa73f39091d09ad0085ef4d7d943c78d4bae9e7b4effd95a5844d6569bf583299f2c7df483440bbd2f4a28408ddd8cb6dc9a5cc9c78d62aae032859d029ecbe73959e9cc3853465cdfbbb178f7a5fb469aa9923e52cce328ec78801bfb256516e517caebe77e7cd59a8f528aea2f4a8ff869022050f1393a178328ddee8cd07ec4be7f8825bbd5ce6274258e59e40682c8ee17d095c2477d093f1bfa382b97f7efee345cbbd56a569950fc1bb76b8aef8", 0x1000}], 0xa, &(0x7f0000001900)=[@assoc={0x18, 0x117, 0x4, 0xa5}, @iv={0x110, 0x117, 0x2, 0xfb, "8f822975cd3bf949a652987fc28aced8623b410da72710c29712abc40c29537fe04e21fc524b52a628b48e7e57e632e80e313bd448a3b0bb283cd43a4d8de0c4b608ed280334dff0b1cd01195de25d07ea4988a0722310f301a3ac27c647fb080228281cd10cfc9eb2e36d33ee29fe67593ed38377cd70df14d9163955458c15d4cdfabfcf3235a45d1e1d4c698afcb79145dc331b58ddb0c3b1bc8fe3dfb3e22e7097254f5591ce57e75c6b0ccc000a3a971444b22f4e1cadde058ac8ea81183f7859f6ab89584f4a8e42b05ada9d3b27243a4ce819c694b9c990cb8ffcdde9fb5cbea7e75a88c4dcb86585401ac26cd78dcf3666341ce2a33fcc"}, @iv={0x118, 0x117, 0x2, 0xff, "b9e26570b448b6b1de47eac2e2a1276b0d79412636c29a2b0a48a6ba2bf562946f270ecf8b0e269dcdcf2571b1575102e4fe17e76bc3c6d465c2e7d14549461e9751517b0dc2b8eb93c8d3be2346e54f3a9b3d1d7e49adea31853a89c06c92a9f243770145a6692accd924ea84d9d193dc8e0f8b62a20d7ebc421a56bfe8c22e1a2300ad88a95f568a449a3060212316aa7a2e99d2dd1c7c821bf3668de88d8221bb9750ed1b6c2576e75ec436acdd6173ef5a022b810c04448e64fd6ca9d1768b583cd38adb24fb638ed77fd3a70fd0c859e4ac42fec347022f7af9916a092b048afa9ab9d9e8ab9efbf987c54be31f773c9d640758cacd8656f66b80ed87"}, @op={0x18, 0x117, 0x3, 0x1}, @op={0x18, 0x117, 0x3, 0x1}, @iv={0xd8, 0x117, 0x2, 0xc1, "043fa1ad8b64f6456bbbc1f2da8c3a152e0553db812d711ebb1c87c7a58de16e4e4733b08f3b5d6d8b30f9f247f504a317f5859e7d95e64e099292bc685066550a01944f0049ec40b38c013c8676a3a28c5c4bc91e67924b85a733d7d8d20882f76081557eb90fedce7aec63eccfaf91032413bcdd3088b5ed5f25e5f7a8d417cef41628543b82d14c1012b3806f6badaf04da61831bc2d512fb6c33e9f480eacaea8a0c0520f05f3f7d18788a0aecfdf3d9697618821ffd8d09a2f772d1315ad3"}, @iv={0x100, 0x117, 0x2, 0xe5, "96105701a994db7868eeb929ec9be69c26df6c1131f9ec5f4e9845faf506e395d0d6ced532c65c62acb616a92b9601a5ac348957ad5b9bde3e52d78dba870a07b1d289917b334059e2b587b1ac8657e126e55ba1cec40b0b801c3c95efcc417bffbc7a593781b141913658706b2c312e0c4ee245c714f4d6aaac7b45bdd9615c2b4ccb4c83257436fc342cf754c4e4f9bfb491a2f192d3ecff6818cb0d9ad68cf0542a2d778ff0da9104c86b1767878f240ac7368a9c4a12d59d270193e8222aa448f44f8a53220cb63cf11a35664567a361fe3abce0d9e571a3b550fce99f187e01656fbf"}], 0x448, 0x4000000}], 0x1, 0x10)
connect$l2tp(r2, &(0x7f0000000140)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e)
sendto$inet6(r0, 0x0, 0xfea4, 0x8000, &(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c)
sendmmsg(r2, &(0x7f0000005fc0), 0x3fffffffffffe0e, 0x0)
r5 = dup3(r2, r2, 0x80000)
ioctl$TIOCMSET(r5, 0x5418, &(0x7f00000000c0)=0xfff)
setsockopt$inet_sctp6_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000000)={0x3, 0x6, 0x1, 0x2}, 0x8)

12:17:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d6, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x60000000)

12:17:32 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:32 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x65580000)

12:17:33 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d7, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x81000000)

12:17:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:33 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000001280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0xfeca, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000100)=0x20800, 0x4)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$nl_netfilter(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000012c0)={0x14}, 0x14}}, 0x0)

12:17:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x88a8ffff)

12:17:33 executing program 4:
r0 = syz_open_dev$ndb(&(0x7f0000000200)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0)
ioctl$BLKRRPART(r0, 0x125f, 0x0)
r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x7, 0x200)
setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000000c0)=0x6, 0x1)
r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x6, 0x18400)
write$P9_RWSTAT(r2, &(0x7f0000000040)={0x7, 0x7f, 0x2}, 0x7)
ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0x7)

12:17:33 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x9effffff)

12:17:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d8, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42010000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:34 executing program 4:
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x392, &(0x7f0000000440)}, 0x0)
r0 = socket$inet(0x10, 0x2, 0x0)
socket$inet(0x2, 0x2, 0x6)
ioctl$sock_ifreq(r0, 0x89f2, &(0x7f0000000180)={'nr0\x00', @ifru_hwaddr=@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})

12:17:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa41d0000)

12:17:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1d9, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf0ffffff)

12:17:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xffffa888)

12:17:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1da, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:34 executing program 4:
capset(&(0x7f0000000000)={0x20071026}, &(0x7f00000000c0))
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$P9_RSTAT(r0, &(0x7f0000000100)={0x5b, 0x7d, 0x2, {0x0, 0x54, 0x4, 0x7, {0x80, 0x4, 0x5}, 0x80000000, 0x1ff, 0x5, 0x20, 0x0, '', 0x4, 'lolo', 0x12, 'eth0[\\selinuxwlan1', 0xb, '[GPLtrusted'}}, 0x5b)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, 0x0, &(0x7f0000000080))

12:17:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xfffff000)

12:17:35 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:35 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1db, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xffffff7f)

12:17:35 executing program 4:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ppp\x00', 0x10100a, 0x0)
ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246)
pwritev(r0, &(0x7f0000001880)=[{&(0x7f0000000040)="80fd", 0x2}], 0x1, 0x0)
r1 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000)=@name, &(0x7f0000000080)=0x10, 0x80800)
setsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f00000000c0)=0x7f, 0x4)

12:17:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xffffff9e)

[  641.128488][T14027] validate_nla: 24 callbacks suppressed
[  641.128523][T14027] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1dc, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xfffffff0)

[  641.241121][T14029] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x40030000000000)

12:17:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  641.365616][T14040] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf0ffffffffffff)

[  641.515783][T14051] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:35 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefdffff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1dd, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:35 executing program 4:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
fcntl$getown(r0, 0x9)
r1 = socket$inet(0x10, 0x2, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x0, 0x0)
ioctl$UI_SET_ABSBIT(r2, 0x40045567, 0x3)
sendmsg(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000380)="24000000190007041dfffd946f610500020000031f00000000000800080007000400ff7e2800", 0x26}], 0x1}, 0x0)
r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x2040, 0x0)
write$rfkill(r3, &(0x7f0000000080)={0x5, 0x3, 0x3, 0x1, 0x1}, 0x3c2)
ioctl$SG_EMULATED_HOST(r3, 0x2203, &(0x7f00000000c0))

12:17:35 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x100000000000000)

12:17:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  641.801941][T14063] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:36 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000100)={0x0, 'yam0\x00', 0x2}, 0x18)
r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2)
connect$l2tp(r2, &(0x7f00000000c0)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e20, @rand_addr=0x4}, 0x0, 0x2, 0x0, 0x1}}, 0x2e)
r3 = pkey_alloc(0x0, 0x3)
pkey_free(r3)
setsockopt$inet6_MRT6_DEL_MFC_PROXY(r2, 0x29, 0xd3, &(0x7f0000000140)={{0xa, 0x4e24, 0x2, @mcast1}, {0xa, 0x4e23, 0x9d2c, @mcast2, 0xffffffff}, 0x8f8000000000, [0xffffffffffff8001, 0x1, 0xfffffffffffffff7, 0x7, 0x20000000000000, 0x5, 0x3, 0x3]}, 0x5c)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000040)=@filter={'fil%er\x00\x00\x00\x00\x00\x00\x00l\x00', 0xe, 0x2, 0x250, [0x0, 0x20000100, 0x20000130, 0x20000280], 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000002000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0100000003000000000000000000697036677265300000000000000000007465616d30000000000000000000000076657468305f746f5f626f6e6400000076657468305f746f5f626f6e64000000aaaaaaaaaa0000000000000024ffffffffff0000000000000000f0000000f0000000200100006c696d697400000000000000000000000000000000000000000000000000000020000000000000000000000002000000000000000000000000000000000000000000000000000000636c757374657200000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000415544495400000000000000000000000000000000000000000000000000000008001a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff0100000011000000000000000000766c616e3000000000000000000000006c6f0000000000000000000000000000726f736530000000000000000000000062726964676530000000000000000000ffffffffffff000000000000aaaaaaaaaa0000000000000000007000000070000000a0000000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000e053dc84d5a312a93dc47b07cdac5e403143c0faa637c331208944df331333d004cf318d9dd9bb66aeaee57f563d7fef2e06b9a8184fade7a04f59fc9a6572a98131769a96688e1205a0a4a734575a09eb0831136232a83c0e508347a8cf722534ed171a04f4518eebba378f8c018ebc6ac0bd9612e9948b1ade00f2"]}, 0x344)

12:17:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x200000000000000)

[  641.880997][T14079] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1de, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  642.011280][T14078] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x300000000000000)

[  642.092564][T14092] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  642.212752][T14093] IPVS: Unknown mcast interface: yam0
[  642.221369][T14078] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1df, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  642.261179][T14093] IPVS: Unknown mcast interface: yam0
[  642.269651][T14104] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:36 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfe}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x400000000000000)

12:17:36 executing program 4:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="3c00000010000102004000"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012000c000100626f6e64000000000c00020008000400ffffffff"], 0x3c}}, 0x0)

12:17:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x600000000000000)

12:17:36 executing program 4:
getsockopt$EBT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)={'filter\x00'}, &(0x7f0000000100)=0x78)
syz_open_dev$evdev(0x0, 0x0, 0x0)
getpid()
syz_open_dev$sndctrl(0x0, 0x40000000000001, 0x480006)
r0 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x0)
unlink(&(0x7f0000000140)='./file0\x00')
socket$rxrpc(0x21, 0x2, 0x0)
ioctl$PPPIOCGUNIT(r0, 0x80047456, &(0x7f0000000000))
getgid()
setsockopt$RXRPC_SECURITY_KEYRING(0xffffffffffffffff, 0x110, 0x3, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0, 0x2)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r0, 0x894b, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
timer_create(0x0, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000400))
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, r0)
unshare(0x40000000)

12:17:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:36 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa00000000000000)

12:17:37 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:37 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xc00000000000000)

[  642.907514][T14145] IPVS: ftp: loaded support on port[0] = 21
[  643.337380][T14141] IPVS: ftp: loaded support on port[0] = 21
12:17:37 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e1, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:37 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:37 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xe00000000000000)

12:17:37 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 4:
r0 = socket$rds(0x15, 0x5, 0x0)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000000)=0x1, 0x4)
setxattr$security_smack_entry(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='security.SMACK64MMAP\x00', &(0x7f0000000140)='nq\x00', 0x3, 0x3)
setsockopt$RDS_CONG_MONITOR(r0, 0x114, 0x6, &(0x7f0000000040), 0x2f1)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f0000000080)={0x1f, @empty, 0x4e24, 0x4, 'nq\x00', 0x4, 0x2, 0x3b}, 0x2c)

12:17:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf00000000000000)

12:17:38 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x90000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setrlimit(0x40000000000008, &(0x7f0000000040))
mlockall(0x5)
clone(0x80000020001fff, 0x0, 0x0, 0x0, 0x0)
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x200000, 0x0)
write$P9_RLOCK(r0, &(0x7f0000000040)={0x8, 0x35, 0x1, 0x1}, 0x8)

[  643.933606][T14201] IPVS: set_ctl: invalid protocol: 31 0.0.0.0:20004
12:17:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x1000000000000000)

12:17:38 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:38 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e3, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000540)}, 0x0)
preadv(r2, &(0x7f00000017c0), 0x1000000000000277, 0x400000000000)
ioctl$VIDIOC_G_EXT_CTRLS(r2, 0xc0205647, &(0x7f0000000100)={0x9c0000, 0x7, 0x7, [], &(0x7f0000000080)={0x9a091d, 0x81, [], @p_u16=&(0x7f0000000000)=0x5}})
ioctl$void(r0, 0xc0045878)

12:17:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x3f00000000000000)

12:17:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x4000000000000000)

12:17:38 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e4, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 4:
r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x0, 0x0)
fcntl$addseals(r0, 0x409, 0x0)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="c80000001f4f96b8979000525bc4acfd86ca69bd599c174dc516535046a2102929a8f0308fa91b60b5e6e307357b067e2fa1a3ad7596580418348b58f3223400514dcb6f5e7ad981d46a4e7d46a95eb80ca155d1be933ff4c699e8eb1d7aac74e4ee155688426040f46e7811d1ec148c3e7e66df0cc8dd3b9d62d88b5989b181367149c1e966c05ecc00709ebee282171ccec016ae2bae6058535b7967f648e3963d181acdba4b4727f17aaf70db68a4321cddb2bd77dac679498a90081e838bc3c4351b8a92a06c08a619ca"], &(0x7f00000001c0)=0xd0)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={r1, @in6={{0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, [], 0x28}, 0x2}}}, 0x84)
fstat(r0, &(0x7f0000000000))

12:17:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x6000000000000000)

12:17:39 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:39 executing program 4:
r0 = socket(0x2, 0x3, 0x9)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, 0x10)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x141046, 0x0)
write$P9_RXATTRWALK(r1, &(0x7f0000000400)={0xf}, 0xf)
ftruncate(r1, 0x8007ffc)
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040))
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='erspan0\x00', 0x10)
sendfile(r0, r1, 0x0, 0xffff)
socket(0xe, 0x80000, 0x200)

12:17:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e5, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:39 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:39 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x6558000000000000)

12:17:39 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:39 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x8100000000000000)

12:17:39 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e6, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:39 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0xf08e, 0x100)
ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f00000001c0)=0x7)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="240000002f001107000000000001000005f700000100000000000000f918000000000000af73d65d63e1f3fa01c13d8a0f930ec722390627aa0b0f9dc1a8c6ddd365e4c507e1cf738b8d7bfb3e4a49ad1f4fa690ef5a70f8e3cc504d6f8c152abfeb8f336d8e4809765f42bcb7da4bb1c2fae44f7eceeab6281a198a47f42425df66769911c5b031c029135dbc9823c663b0a3d8473eab751065db545a79a95ed6553b9662679ca9ee19125610251a4a23ad2c76311c76fdc01894d802438d62842cf65acc1ef5251d18178f398dcdd8ff1b2c1d2a13b2d589fca5cc69282f3b21308f5f87fa6ca93a85c3f4168b54d70cce41b35e8171871e547fc767c0ace4c5a702bc91743b5b45dd53fcf1b2df800300ae86fae76a34b6a1173d88321c7d609b6a56bc24a84fd74b3ca13b379b929b6ecae4a3d994c28d7bf0f0ef926ee351d6e2d963c9014045b6bcf98085456d70ae91c4c152d31fecec6bcb364195ebf01822ee048402e40ff899d5bbe90b931f8d2018e3065e1d5ba1a9e4eea128f38c92ff9945e43e60e58196d4b7b9b8c4de62bdfb4e7130c0349f2887af1fb6dd08c33003d376820bcd405c045694d9da47b3cea636f8d122dff7fbc9cf659722a17d5991bf84ad0460e0debe62ede99e2d363652419ff634e720343bbec0e11b7d413c8d78cd8f44d847fa3de5f72d23a81060cb5cee0e751abd7c7d4149759d92d4b5b2b2454b2f0604e1c04009fba8a44afec27c20e36558fc0a0ce90952a30728a8290f46695cd8d45a8d611bce467de779844a76b70fca31bc3c749cbe0271721d1fe3666a9f9ee9c6a09f003ad6ae4ec07e0f5ce71f"], 0x280}}, 0x0)
lsetxattr$security_capability(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='security.capability\x00', &(0x7f0000000280)=@v1={0x1000000, [{0x1f, 0x3}]}, 0xc, 0x1)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000300)={0x0, r1, 0x1e, 0x2}, 0x14)
prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c)
r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x403, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f00000002c0)={0x1, 0x5, 0x7})
ioctl$VIDIOC_SUBDEV_S_FMT(r2, 0xc0585605, &(0x7f0000000140)={0x1, 0x0, {0x4, 0x2, 0x0, 0x2, 0x9, 0x6, 0x1, 0x2}})

12:17:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x88a8ffff00000000)

12:17:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:40 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:40 executing program 4:
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000140)='/dev/uinput\x00', 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000000c0)={{}, 'syz0\x00'})
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xe)
ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x101080, 0x0)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r1, 0xc0905664, &(0x7f0000000180)={0x0, 0x0, [], @raw_data=[0x4, 0x10000, 0xfff, 0x2, 0x6, 0x1, 0x35, 0xa6, 0x1, 0xa00, 0xffff, 0x6, 0x6, 0x8, 0xffffffffffffff5d, 0x8, 0x1, 0x8000, 0x107d000000000000, 0x8, 0x3f, 0x100000001, 0x2, 0xd0e, 0x10000, 0xffffffffffffffff, 0x7, 0x7fffffff, 0x100000001, 0x1, 0x0, 0x8001]})
ioctl$UI_SET_FFBIT(r0, 0x40045569, 0x0)

12:17:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x9effffff00000000)

12:17:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e7, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  646.475727][T14334] validate_nla: 27 callbacks suppressed
[  646.475735][T14334] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  646.497532][T14341] input: syz0 as /devices/virtual/input/input16
12:17:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xa41d000000000000)

[  646.552797][T14345] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  646.575573][T14341] input: syz0 as /devices/virtual/input/input17
12:17:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e8, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:40 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="7a1f0000000000000040001947bcf22c4001079b0c000000000000000000000000000000feaf75a7a7a026a59fecd2301e14ee0b8571ce4ce8eb5d3e8c0cf274f148b9e732eb05bc6f2c701dd6ab47970038a36f637f76ec220312a4c32302e64555d8241b08967e42"], 0x24}}, 0x0)

[  646.675874][T14342] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xf0ffffff00000000)

12:17:41 executing program 4:
r0 = socket$pppoe(0x18, 0x1, 0x0)
r1 = syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0xbc, 0x200400)
ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x93, 0x5, 0xe, 0xc, "1ac69ce63c7e87fee2ca962c7a941a0fc7d61ba3dce9679fcd100e38e2d057d410c1b17f1bf7097483a71cf53d1418a4a1a03d2fa2b4a17b81cd350556396681", "b770742b0da0651495232c908a968d1a3c6ac93438c641ee9756f2752db4ead2", [0x86, 0x3ff]})
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f00000000c0)={'\x00', @broadcast})
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000140)={<r2=>0xffffffffffffffff}, 0x13f, 0xf}}, 0x20)
write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f00000002c0)={0xf, 0x8, 0xfa00, {r2, 0xf}}, 0x10)
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x3, @local, 'syz_tun\x00'}}, 0x1e)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000300))
fcntl$getownex(r0, 0x10, &(0x7f0000000340)={0x0, <r3=>0x0})
setpriority(0x2, r3, 0x9)
syz_extract_tcp_res(&(0x7f0000000240), 0x2, 0x1001)
ioctl$PPPOEIOCSFWD(r0, 0x4008b100, &(0x7f0000000000)={0x18, 0x0, {0x2, @empty, 'team_slave_0\x00'}})

[  646.775366][T14360] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  646.958670][T14373] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:41 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1e9, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:41 executing program 4:
r0 = socket$inet6(0xa, 0x80001, 0x0)
getsockopt$inet_sctp6_SCTP_RECVRCVINFO(r0, 0x84, 0x20, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f0000000000)={'NETMAP\x00'}, &(0x7f0000000040)=0x1e)
ioctl$sock_inet6_SIOCADDRT(r0, 0x8936, 0x0)

12:17:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xffffff7f00000000)

12:17:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:41 executing program 4:
timer_create(0x0, &(0x7f0000cd0000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x8}, {0x0, 0x1c9c380}}, 0x0)
r0 = gettid()
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc))
write$FUSE_STATFS(r2, &(0x7f0000000080)={0x60, 0x0, 0x3, {{0x10000, 0xffffffffffffffff, 0x7, 0x0, 0x101, 0x8, 0x400, 0x100}}}, 0x60)
r3 = syz_open_pts(r1, 0x2)
r4 = dup3(r3, r1, 0x0)
mq_notify(r2, &(0x7f0000000240)={0x0, 0xb, 0x7, @thr={&(0x7f0000000140)="977f87953c90e312695bdd662ec0c7750663393a5ba0ff0f072e67cebb3acd4ebfcc2d", &(0x7f0000000180)="cc42558879c1d7ad0259012be246a3cdd47718cab2a969d690c59e44182bd1a11767fc8035347b91e2ef7e34e7e0d96b6e0aad3f81016fa988dfd572e64dae074848e97dea6310f797131d14e59af202a83271bb3420e55b14210e61141796f4f32ab634010dad3662ecef0685fec2f0794ec61a81571bf85d19672368fd993bc3"}})
write(r1, &(0x7f0000c34fff), 0xffffff0b)
write$binfmt_script(r1, &(0x7f00000002c0)={'#! ', './file0'}, 0xb)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$EVIOCGRAB(r4, 0x40044590, &(0x7f0000000340)=0xffffffffffff7fff)
ioctl$KVM_ASSIGN_DEV_IRQ(r2, 0x4040ae70, &(0x7f0000000300)={0x9, 0xf42b, 0x26d, 0x603})
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
tkill(r0, 0x1000000000016)

[  647.479813][T14391] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xffffffff00000000)

12:17:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ea, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  647.559806][T14394] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  647.584120][T14404] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  647.690323][T14416] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:42 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0xfffffffffffff000)

[  647.807229][T14422] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:42 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1eb, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xfffffffffffffffb)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:42 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x4000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x13f, 0xf}}, 0x20)
epoll_create1(0x0)
write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000140)={0x6, 0x118, 0xfa00, {{0x7, 0xfffffffffffffffb, "26ce3886644b0c7d4c335e55a238187a4bb1366bec9e10901f4a1625eaba769809838bd684c3f94fe5f2616c6b8443356dbed756aec62ee669db90311afe1341ff84b830c73f8c03205035d232683b6a4ba0c2c123cbd284571c331eb99300863f33efeec959cb209b25f727625d813060a4d4a950ce69bf1f8700383c8146165f40570109cb64a481151f2a1fb0bc38598231a3957b8e1b5199270dd507c9c626765f1c1777a54530cf7862e17e17efa8ea626aa6fda53322b58686984bf589d734cef7a786345c0e99290ce5b2bb305c8c3fc4678b4b37427788e50bcbfdc5e92b4b9d708553173f28cf516be0abcf1e4e9c5a862a0177c2a3150696bb0837", 0xca, 0x101, 0x425, 0x8, 0x75e1, 0x2ca, 0x324, 0x1}, r2}}, 0x120)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
syz_emit_ethernet(0x211d49, &(0x7f0000000000)={@local, @empty=[0x2, 0x7], [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x29, 0x0, @ipv4={[0x2], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0xffffff86, 0x0, 0x0, 0x0, [0x9, 0x29], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400101, 0x3], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0)

12:17:42 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="4000000010000505000000000000000000000000b10bd4d7e65b41c16c5ec65e877c6e0de7b83f5ede523eed97820d001d0afad08a4ffbbf30fa88cb5aed68cf76e5da723e076c65f5b5cd9cdd9f55f44d09249066438471093cadaf2ef2fc5894969f051826dd4cee3f30aefd657c1f671827b91028e42e8fc7cab3c25bc7938927c586d1e049c3c8fc77f9a13703f10cb581908c3085244b5a852465df23d328372879d5525800d6ba7c7239e8fbd31cbd97155309a39fda3016b1e109cb2990499b90844e9cddc4a8f940b7e7d76b4e", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:17:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ec, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = accept$inet(0xffffffffffffffff, &(0x7f0000000040), 0x0)
syz_genetlink_get_family_id$tipc2(&(0x7f00000001c0)='TIPCv2\x00')
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f00000000c0)={@initdev, @broadcast, <r2=>0x0}, &(0x7f0000000100)=0xc)
r3 = getpgid(0x0)
ptrace$setsig(0x4203, r3, 0xa3b, &(0x7f0000000280)={0x1, 0x0, 0xbb7f})
io_setup(0x8, 0x0)
io_getevents(0x0, 0x0, 0x5, &(0x7f0000000380)=[{}, {}, {}, {}, {}], 0x0)
setsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000140)={r2, @dev={0xac, 0x14, 0x14, 0xc}, @multicast1}, 0xc)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000340)='clear_refs\x00g\xff\xca\x02\x8a\xf0\xe1ZM\xfa@\x1bS0\x11\xbe\xdc\xdc\xdd\xc1\x17~\x18\xd6\xa5\x88Cd**\xde\xae\xaf\xcf\t\xec0\x04\xe7\xf3\"\b9\xb5\x96VR+\xbb\xa0a\xbb\xc8')
r5 = syz_open_procfs(0x0, &(0x7f0000000200)='loginuid\x009\xda\xd3\xc4D\xdeJ5\xf0\xfd\"=\xb6\xaa\x1e/\xddc\xc9\xf3_8\x9eFi\xe0\xafe\"\xc2%\xbb\xb6E\xae\x9e\x0fF\xc8|\xd4M\xb4\x91\x9c\x1a4\xab\x1d\x00\xbbAW\xf7\x9b#\x91.\x9b\x96Vn\xbf#a\x8d\xfd\xd31\xfc\xac\xfe\xcc\xdb\x93\x89t\xf4\x8dB\fI\xe5\xb3\x7f\x94\xbd\xb6Q\xb9\xc1\x02e\x904\xf4\x19/')
setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'netdevsim0\x00'}, 0x18)
sendfile(r4, r5, 0x0, 0x1)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=@polexpire={0xc0, 0x1b, 0x101, 0x0, 0x0, {{{@in6=@empty, @in6=@remote}}}}, 0xc0}}, 0x0)

12:17:42 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  648.598359][T14459] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
12:17:42 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:42 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ed, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4201000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x1f)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f0000003ec0)={@empty, <r1=>0x0}, &(0x7f0000003f00)=0x14)
sendmsg$nl_route(r0, &(0x7f0000003fc0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000003f80)={&(0x7f0000003f40)=@getstats={0x1c, 0x5e, 0x402, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, 0x1}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0xc0000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff}, 0x117, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_DISCONNECT(r2, &(0x7f00000000c0)={0xa, 0x4, 0xfa00, {r3}}, 0xc)
ioctl$EVIOCGBITKEY(r2, 0x80404521, &(0x7f0000000140)=""/182)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:43 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x244000, 0x0)
ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0)
write$FUSE_OPEN(r1, &(0x7f00000000c0)={0x20, 0x0, 0x1}, 0x20)
setsockopt$inet6_tcp_int(r1, 0x6, 0xc, &(0x7f0000000080)=0xeab6, 0x4)
open(&(0x7f0000000100)='./file0\x00', 0x2440, 0x193)
pipe(&(0x7f0000000140))
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
socket$isdn_base(0x22, 0x3, 0x0)
keyctl$join(0x1, &(0x7f0000000200)={'syz', 0x3})

12:17:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ee, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ef, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x800000, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r1, &(0x7f0000000b40)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000100)="8c2fb08f70aca1f2e24e7dc4636db1607852800ad7239bfbb123065f680fcd8bd0da6e13b662424ccd67943bc81a1d56defee801abbb295542689614ad3cf075062ecc8fff703998f05b4a75cd21c51a0cdf5c1d22ec6c88b2f328c35d2284ce37375165fc7b892d9211b9f2b8d60d65de6a11b376b8379dea0e24d9d54997f9b0c35fdbb691b6a85b1dd235877eaf2c6b56cdebc12feefdd198891969cc07ec80aa29bcc95a7fa0866e97a784c0ac21edab15d06cfb51b0f47e5f4404", 0xbd}, {&(0x7f0000000340)="4520d8c1ee8e08b9ee293229", 0xc}], 0x2}}, {{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000500)="426a45705ec53350aaa74eef11d62035c8d21c2bcb1c26759f32b08d7978bc2e2ac03256030b3107f472fc36db0f536f42aae97ceef6169f4ebd79c8696b", 0x3e}], 0x1}}, {{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000640)="6704848d55e654ad6f06f85d5c8caed968361a080c9a53252ca10c8e9f2257b4300eccf6f7e8f49e10382d24c8e304851ba9f674097b80c63dc396090a3762753a1400aba6fc2b7dcec89c4c03bb4f4a995e7f", 0x53}, {&(0x7f0000000700)="7b7b2ae757d6f03b21cec15d2ab68113bf233de12088aa87f905155f6b8cf44e0a1be9db8ee7ab7675a036dbb09736dff58a416371d1ed28967b1062e09e62", 0x3f}], 0x2}}], 0x3, 0x0)
r2 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$sock_timeval(r2, 0x1, 0x10, &(0x7f0000000080), 0x10)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000080)=0xda9, 0x4)
sendto$inet(r1, &(0x7f00000012c0)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba", 0x20001bd8, 0x11, 0x0, 0x27)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x0, 0x0)

12:17:43 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockname$netlink(r0, &(0x7f0000000000), &(0x7f0000000040)=0xc)

12:17:43 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:43 executing program 3:
r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x20, 0x40)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x8, 0x6, 0x1, "b540bee0de0711ca54ec070742b9c6c414947e9216e27b0f298e01f63180e399", 0x7f777f5d})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:44 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6400000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:44 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x14)
syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x8c, 0x80)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0xffffffffffffffe8, &(0x7f0000008780)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x200080, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f00000002c0)=0xffff, 0x4)

12:17:44 executing program 4:
r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x20, 0x40)
ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x8, 0x6, 0x1, "b540bee0de0711ca54ec070742b9c6c414947e9216e27b0f298e01f63180e399", 0x7f777f5d})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:44 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x4, 0x40800)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000040)=[@in={0x2, 0x4e24, @rand_addr=0x9}, @in6={0xa, 0x4e21, 0x2, @rand_addr="4d6a0444b2751c4648e6983a5f7fff46", 0x1}, @in={0x2, 0x4e20, @local}, @in6={0xa, 0x4e20, 0x1, @loopback, 0x7}, @in={0x2, 0x4e20, @rand_addr=0x10}, @in6={0xa, 0x4e21, 0x6, @empty, 0xa278}, @in={0x2, 0x4e22}], 0x94)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:44 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f1, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc)
sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="00000000000000000000d402efb28b41f9ad5275fd6aa3ef0cc07300804e23f547c7d0d27511ff9560086adf514788662baec8b1b6cca105000000b34f5b3d60e5ba00e24245086509b357afecab8f3556062cbac610284a9435ca4fba5c30165e1cc96eaafe294b6b5316923c60f6ff3f80a53b0b9a1b4327cf924e7edbeb23"], 0x1}}, 0x0)
add_key(&(0x7f00000003c0)='dns_resolver\x00', &(0x7f0000000080)={'syz'}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976ede8860ab49c3a4f51ab0124b50c3362201a307df03000", 0xfd75, r1)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x2, 0x40000)

12:17:44 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:44 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  650.760302][T14973] Option '      õGÇÐÒuÿ•`jßQGˆf+®È±¶Ì¡' to dns_resolver key: bad/missing value
[  650.822310][T14988] Option '      õGÇÐÒuÿ•`jßQGˆf+®È±¶Ì¡' to dns_resolver key: bad/missing value
12:17:45 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefdffff00000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x10000, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x7, 0xffffffff00000001, 0x0, 0xa, 0xc, 0x1, "4e62d08f0b10922c660e2b0ec3496773be0ce15ab37841a23873975143b52416cd55391a76f1eba2a05f06ca89a62f4420893098f2085edeefe45d0b80b79272", "51f8d83229451e36deee50de59b997d01a559a3dd998f9f225d1eea5dfe18db349ffafcdaf43430f0bf6116a58c563302d1f3590948f17507274c6bebe4a4fbd", "6358aa5a2b214b24f27194aee5b380fc20b6f6c74f73ac6a00cc2441d0482450", [0x1a]})
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)="7c4346db2486f4237170909134b415381f6f9580ba4f18e663b68dd5f6e0e8fdad49febdc0f5bf6c36c321978085d7ebaa8c53f63cde1b84504c9ae1cdd88e8326e335984e0b8051eef6b3fc8e83", 0x4e}, {&(0x7f0000000080)="f18dc0365e57ef32dc8a71e2adbaf74b", 0x10}], 0x2)

12:17:45 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f0000004480)={0x10000000000001, 0x84, 0x5, 0x2, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x8}, 0x2b)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='proc\x00', 0xc0ed0000, 0x0)
mount(&(0x7f0000000040)=@sg0='/dev/sg0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='cgroup2\x00', 0x209008, &(0x7f0000000140)='ppp1vmnet0user\x00')
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180)='/dev/hwrng\x00', 0x8000, 0x0)

12:17:45 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:45 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f3, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:45 executing program 4:
r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
r2 = getpid()
sched_setscheduler(r2, 0x5, &(0x7f0000000000))
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x182)
r4 = memfd_create(&(0x7f00000003c0)='-bdevlo\x00', 0x1)
ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, 0x0)
ftruncate(r4, 0x321)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x101000, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c00, r4)
sendfile(r3, r4, 0x0, 0x2000005)
ioctl$UI_END_FF_UPLOAD(r0, 0x406055c9, &(0x7f0000000180)={0xc, 0x3, {0x53, 0x4, 0xee, {0x4, 0x5}, {0x8, 0x1000}, @const={0xffffffff, {0xc, 0xfffffffffffff000, 0x0, 0x2}}}, {0x0, 0x41b, 0x0, {0x7bb32d23}, {0x1dca8774}, @cond=[{0x5, 0x6, 0x5, 0x401, 0x3}, {0x0, 0xffffffff, 0x0, 0x401, 0x9, 0xffffffffffffaf25}]}})
dup2(r4, r3)
vmsplice(r1, 0x0, 0x0, 0x4)

12:17:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x16)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000271000050500000000000000000000ff00", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000))

12:17:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f4, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  651.551258][T15060] validate_nla: 23 callbacks suppressed
[  651.551268][T15060] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x60003)
getsockname$packet(0xffffffffffffffff, &(0x7f0000001e80)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000001ec0)=0x14)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x4000, 0x0)
write$FUSE_IOCTL(r2, &(0x7f0000000140)={0x20, 0x0, 0x1, {0x1, 0x4, 0x40}}, 0x20)
mount(&(0x7f0000000180)=ANY=[@ANYBLOB='/v/sr0\x00'], &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='hfsplus\x00', 0x1, &(0x7f0000000240)='/dev/zero\x00')
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001600020029bd7000fcdbdf250a2006ff", @ANYRES32=r1, @ANYBLOB="140006000600000007000000030000004bfbffff14009ca5578d42cfab59e9711d7c0200ff010000000000000000000000000001080008000400000014000100fe8000000000000000000000000000bba09b26782f088a9063a933c2de5d1b2b5dc9ba27b5d46bdb43e460429d5333d7c1b592af39624f491e9ed70b66652b2e2cbc92a2fc2ea4020c507fa15d1284b2c2bb70d3a91ffb9cd04b35576c39e81c7c895ade798ed5359cf592b1a4fc25ff22c70fcb028a1b7c45df628829f1897bebf3d0a8b630bfeda6c273b57266ade3e79f778aa5e2d562f9d0"], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)

[  651.660474][T15124] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f5, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:46 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  651.932106][T15345] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  652.003507][T15353] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:46 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:46 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x20, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="4000000010000505000000007bfc11727f8380ea484575c6022883bbe6238ea487d49e354c2e766cc537db4e764f256161f2403e319c0bd3fcd5e9d279aeb89c43124c298570bf", @ANYRES32=0x0, @ANYRESDEC=r0], 0x3}, 0x1, 0x0, 0x0, 0x4000}, 0x3)
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2080000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=@ipv4_delrule={0x28, 0x21, 0xb01, 0x70bd2d, 0x25dfdbfd, {0x2, 0x20, 0x14, 0x1, 0x8, 0x0, 0x0, 0x7}, [@FRA_DST={0x8, 0x1, @remote}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000880}, 0x1)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/btrfs-control\x00', 0x480040, 0x0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000000000)=[@in={0x2, 0x4e23, @multicast2}, @in6={0xa, 0x4e22, 0xe225, @loopback, 0x30d17519}], 0x2c)
ioctl$BLKREPORTZONE(r1, 0xc0101282, &(0x7f0000000200)=ANY=[@ANYBLOB="0800000000000000070000000000000000000000000000003f000000000000000400000000000000080704070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100d000000000000fcffffffffffffff080900ff00000000000000000000000000000000000000000000000000000000000000000000000005000000000000000600000000000000040000000000000000000401000000000000000000000000000000000000000000000000000000000000000000000000ebe30000000000000000000000000000020000000000000000b2070500000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000e30000000000000008070148000000000012df00000000000000000000000000000000000000000000000000000000004a6800000000000000000000000000006400000000000000083204060000000000000000000000000000000000000000000000000000000000000000000000007f00000000000000060000000000000007000000000000000687ff8000"/464])

12:17:46 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

12:17:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f6, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:46 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  652.322316][T15362] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f7, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001000b005050400fb5cbf37000000000100b9ae3d160a6d386249d7c6108d64706f78ebe1191f02000000e13874815c", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0xfffffffffffffe74}, 0x1, 0x0, 0x0, 0x1}, 0x40000000)
syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x80, 0x200)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000080)='trusted.overlay.redirect\x00', &(0x7f00000000c0)='./file0\x00', 0x8, 0x2)

[  652.394680][T15406] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  652.482047][T15428] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:46 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x16)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000200)=ANY=[@ANYBLOB="40bdf4a79f6845d0844448a5132a690000001000050500"/34, @ANYRES32=0x0, @ANYBLOB="00000000000000200012000c00e199fb6cc131125000baf235ca6100100002000400d23e10408a3471c83f322f8c6ba6782e70acb034af6a6210ffb686abe82cc9063d1caf0e93e031c4acf99c515befd3d20602ff1acfac9a4a378bd6fbc09a154aff0edd17d778d41b6d8578039342c2cf7c64c84f5389bf6bc86fa2df7dbf399747716925e9fe3020bb6887fc4ce47ca2017f0fcde30d37069f21368084999069b13debfdc7ee605b8c8c12fbb34314d69920e65f8a5fa7afde920fbae1000000000000"], 0x40}}, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000080)='/dev/vcs#\x00', 0x3, 0x400000)
getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000000c0)={<r2=>0x0}, &(0x7f0000000100)=0x8)
setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000140)={r2, @in6={{0xa, 0x4e20, 0x3, @ipv4={[], [], @remote}, 0x4}}}, 0x84)

[  652.534377][T15483] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:46 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f8, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  652.597995][T15428] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:46 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  652.738011][T15697] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:47 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:17:47 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:17:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1f9, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  654.394906][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  654.401002][T15374] Bluetooth: hci0: sending frame failed (-49)
[  656.474985][ T3572] Bluetooth: hci0: command 0x1001 tx timeout
[  656.481110][T15374] Bluetooth: hci0: sending frame failed (-49)
[  658.554919][    T5] Bluetooth: hci0: command 0x1009 tx timeout
12:17:56 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

12:17:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:56 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:17:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1fa, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
fgetxattr(r0, &(0x7f0000000000)=@known='trusted.overlay.nlink\x00', &(0x7f0000000040)=""/201, 0xc9)

12:17:56 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  662.515945][T15827] validate_nla: 3 callbacks suppressed
[  662.515956][T15827] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:17:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1fb, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  662.562030][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
[  662.575413][T15831] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = socket(0x3, 0x801, 0x4)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x7, 0x8000}, 0x4)

[  662.647844][T15840] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:17:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  662.724505][T15921] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  662.764100][T15948] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:17:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1fc, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:17:57 executing program 3:
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x3, 0x129080)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_DAEMON(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="ae36d7b8", @ANYRES16=r1, @ANYBLOB="01022abd7000ffdbdf2509000000600001000800080004000000080009006b000000080001000a0000000800050001000000080004004e2200000800080009000000080009000c00000014000300ac1414aa0000000000000000000000000800050004000000080008003f000000080004000600000038000200080008000900000008000900010000001400010000000000000000000000ffffffffffff080004003f00000008000e004e24000008000600080000005800010008000800060000000c0007000c0000000800000008000800ffffff7f080004004e24000008000200000000000800090038000000080002007300000008000b007369700008000800020000000800060073656400"], 0x114}, 0x1, 0x0, 0x0, 0x10}, 0x41)
setsockopt$inet_dccp_buf(r0, 0x21, 0xc, &(0x7f0000000280)="314ac616da56a55ee75c265772fb06c86351ba01f82aa5645a9f94f48ca5612c55cbe25497ad280e3aa6b8edc58af316d195ab89871db1040bd26a0052400eb97ab865e589ce6fc4935a55eb93577bed6d23e6465e86142f7f37068ac5e1ddc46eeb98aaa726a538a3af44b78a5e2033c82ddf45da72d805dbfc140cf212594a5d0a5be5493ec75fbc66f227cbbea36f0752cc4b5ff2593a5c2658b8079b938bb9c31701ef67bb43d51f1522d590c4fa0992b712076d8ca898217bc4a7f27f436d8f2ebb89079939", 0xc8)
r2 = socket$netlink(0x10, 0x3, 0x1f)
ioctl$sock_bt_bnep_BNEPCONNADD(r0, 0x400442c8, &(0x7f0000000380)={r2, 0x5, 0xfffffffffffffc01, "f7080751ffdfd75c7ae946d6d83ebc32618573c935f82728726b30cb51da0457cbc00da9a0ebf15285f95949258157093020d65f1704d9808e179ae4639a237fcc91b84de793a2ca369591e94dd77541b7790311bfcd4b01797c5aa179e5b02757cd4b7e7a458574f7582035d3fedba10864acc86d847fb3df37e5515c94461f9adf8eb905618c03d3ab89e17bf1659b3ba46607e1e9af618dfe5dc9a023a9209f076e7a5b34c30dbb3e813f75074e0200905d8fc7665772"})

[  662.874432][T16053] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  662.940571][T16060] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  662.981296][T16063] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  663.032686][T16069] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  663.054729][T16169] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  664.644931][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  664.651053][T15374] Bluetooth: hci0: sending frame failed (-49)
[  666.714992][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[  666.721122][T15374] Bluetooth: hci0: sending frame failed (-49)
[  668.794981][ T3572] Bluetooth: hci0: command 0x1009 tx timeout
12:18:06 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

12:18:06 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x2000000000020)
r1 = dup(r0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f0000000000)={<r2=>0x0, 0x6, 0x0, 0xe00000000000, 0x401}, &(0x7f0000000040)=0x18)
ioctl$RTC_WIE_ON(r1, 0x700f)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000080)={r2, @in6={{0xa, 0x4e21, 0x1, @dev={0xfe, 0x80, [], 0xf}, 0x7}}, 0x3, 0x7ff}, &(0x7f0000000140)=0x90)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000180)=ANY=[@ANYBLOB="4000000010000505080000720d75600100000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c000104001206080004c00a0c0a0000000008000000000000000000800b2819b44469930095e513bb4ba7196a283b65e3ae818e55c741023ab7b2c3ea5bedf9ad8d780b9525c55bd315fd7d53cb1f4a0ac7ebc2d723dc72db40daadb8e2fb"], 0x40}}, 0x0)

12:18:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1fd, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:06 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:06 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:06 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  672.757186][T16187] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:18:07 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
socket$packet(0x11, 0x2000000000000003, 0x300)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ptype\x00')
read$alg(r2, &(0x7f0000000500)=""/4096, 0x1000)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  672.800518][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
[  672.834557][T16183] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1fe, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  672.892328][T16296] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:07 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
sendmsg$rds(r1, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="40000000100005050000000000010c0a8c47a3052d939ed8af141ea67a5e8cc9edd6387c0ee286060000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:18:07 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  672.981254][T16392] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a1ff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:07 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  673.082308][T16411] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  673.105203][T16414] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  673.219035][T16441] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  673.264398][T16524] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  674.874886][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[  674.880975][T15374] Bluetooth: hci0: sending frame failed (-49)
[  676.954938][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[  676.961013][T15374] Bluetooth: hci0: sending frame failed (-49)
[  679.034910][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:18:17 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

12:18:17 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x142}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:18:17 executing program 3:
r0 = syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x1, 0x10000)
ioctl$TCSETX(r0, 0x5433, &(0x7f0000000180)={0x80, 0x3, [0x0, 0x7f, 0x209c3165, 0x3, 0x401]})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x200000, 0x0)
ioctl$KDGKBDIACR(r2, 0x4b4a, &(0x7f0000000040)=""/109)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x2df, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRES32=r0, @ANYRES32=r2, @ANYRES16=r2, @ANYRESHEX=r2, @ANYBLOB="1601646c2e7533d83d7b2534b02eac12f5334e12523e1ef8164a3a621c0b69313da0abe2ca8e4012fcb8c99c161bd2ce2e8f4a87ff7ea42a01c7ca310aed0d0653c20e77ea2e34865bdd77eb7891d07ade4dd3ca435597f10e8b59c739ccf0971a6804385905cb402b8b86dda669c5169da6738ae32ed20c53a7be9e28042cf74684ba7f5ed62a48d6d07a9fee044c0e9f1db3bfc574e6aa786699dc2bcdcb12003f1adeee40788dd070f44f48b963d02080cb4b436fb1175d59b2841632e0ddec0aa596b97a47e8ecbceccb38d26bb635580408a7cf5f1806bee60518f26b3091279dac42d24f4bff9aa6df38f3a0a1031b7ab92a3a719b7fe14e75659d3dcb8091059e758426784e726616cc17e149e308b3a9b515621c735d1bd0fc13bc381e7897e944d44406cb13a14a9d77c8531d317bb63e89a3a7851d3cee1120da5f270c709b6c20fa0331a73404e9a6b40b6b2e94f4e35c133ce00e0389e484df9d42cc111e5ab4cd95771b95e50fddd11d2ac73f3db467e852b19ef7d47b54169a68f78c12639242f1b3cd064b680e513d3675d2946f86877265db442b30498ef9139e9784d873e3f7a5b3866738694238b8f1f5afa9f9b474afa62e5023cc6461f5b862ddf349dee60665743683e65fb05402d67a2b1c3e5d17e49086ef0c0da6bb738e222810458bfa3026c9753dfafebdf60a48fe0a47eb2a5136f30216dec4ce718d745d7b011bfad07a2d8b243f3da92a88a8c281fe07253ffd809f883f22052b5e11b66b81cfb8ecb4a1cd1f0b92e3c5db893e7bb7d7f071bb823b53c4ebd846cabcc87c316770863d1edc264e430d20f0c066ad753970f48c237f1749cb0dd09bc269173550b70543b3b79197d4d091df635c79ade4e0b27db1f0780e0ebed6aa09ccf57ae40a7b3b0def4e224529b27e8b9007bd43b87dfe10387514a50044edbdc2a30de24fddc7bcbd00c36d47e768dad97064f283fe7abf3328005da0bd2a4eb57439df003584d4b9e8e302086943450bc556318dc4049d3bb0dea6350e8134515565152d91847f8b3b1aacc36f3354970fbabdf1930d5297404ffa3dd7d5f8887697175b1fa07ead66e7fe459abdd0e30e925e75ac5491606b022b484ec141230a6aebc3110b36530b3e747b093406e11683888d9ef2cd9439509db980711e5c8dc7b6719650f375dbf5c7065200f5f63a18b148bffca3bc1af2ced513bf66448c25c4abd60a583a60602dd4c07a50d7cb33a8add3d63fc774c9b64d687a2338a17f78f782fc1a29b9cc2c3f398de9936f9cff0247694c2ecaad4a519a4debab8a0aeeebed82e7b6ed8180d39439d11ad6e0edf05366ab419c9d05395805c38fa706dc0d18e4899d05462b25dffadfb69dc6eb7ef809ff29d0824bf9947ba6d84db609ff930f6cab8cee141c07a2f0bad8c8caf071bdb4c819342d4b5af30cc77a07607177fa46bcda7807ec33877ef23deb47bd8a6fc34b12c7ddb7a877b01ac2f598c4eae3d877bf1c562d1ec9ec5e616781d05498fa4260b1f9e80a2c5c1727a27db9b468680a8e370e94c3c97029a379f207a88a530a54a0c43993c75d70f8551282c2ec87c7fb579bf95dbc81e843934b03a957aae07983655833d131bb599bec956275a35fd306ac7b29f1b99ff07970e9b204386eeda4a4720af55666c4d60d863f6646737c0ebb6b415ab49821c47ae2771001ff00b88e516e56a2e84f2698f333071d3dd8706e9619bc623d3c8be78e8bcad402ab130402cfe9c7d43082d167b906f94d4b15acfe77200cad95916f87fda447e2c031ef5909c56594c8bb18a7b82e7ab58b867b15b335cc7d2c6d8a5eeb372e6ebd3719c516823cf32c1deb7c425e29ac2e14d047fbee827670f4835cc8871e8956665164af531a42c376951354d323365c0d75681b5ec46bd1e59410c60600a9598975e669bc52e7c1bbd511a82738b9f153e65ef763ab6c0256cbbfd7534cf3c927a0eaba9fdf8c522f575c0edfaab51feefe6f8c39b3473fe1288b882f0addb070bf2ded484e4766a7eb073aa67a1464b4aaf772ffec907e761ecc82e22260664ae3cf2aa89e40bee57051edd04b615f2d8c4ecbbf2e6e1cf7d46cc973cf92068ebed7113cf403bcb483698ba6f38eced7533e8fb87c3671308418d00634c4fb9666464c62cc96b8847c5c09e55b356340058392dadf3b74b5ac6b0e646f165390c0d41a76c47483087ba34275d533b5e85cf9c0f539dab9179be4864187f92f7a0d65c2a1c6d02c7af3166c3532ab786a825907a00ef30a8e6707d0099b3c6a8a58d05c27253e7231560c0b0cc3da216175a86de8ae8fd208795f806b724a81cf0a8ed6a77e6d619a1bb5a2b0cb0c0f2055bfb3a7fe41f3d4ffabf509220b6719d6089ce950daeabd9adcf4f03a9914be0482f75e71f1c058af93928db0ceb429ee3ebed070e5e590f9e1b909aa1eb80144418cac90e2d409e919a997b1c5e4c586bf20fc7b880a088d36e16dd2a298b30ae7c9cbdce47c2d9e356ec315e032734a5d34e51e410c7eb6c37e177ab0d2b702a8a000fbed5b3366f36d0ae45bedf29174da35c32f610da8e0732ca14887c227d9907cb301ff6b96066d17788047baea2ce287ca6a5c8b7e55ea808fd30edb788585cf4f5b619b01f1bbb317f2dd67c38c1f6c34d6af22361f354abf27c3e69f0c0629a451acfd9042433a7b80123b268c2baadbdaacbe85bbbdaa18a05e5116057c581dee61e4f7e43cc139217361840413cee9c1b889e7547e183f7f19dc82f266605522bf7ece61e3f499942289a46e3e494532ad956a57baca47a2229b88e5a2693c723cb150d03506fc734558ecffe16b39e2112b66f8f9544dd0b3e33413f9d344ba6932941566ec4a831358e1f72f1712428b6834d8dce8d77a95dd6bbc5d21759cb82b4b38a6a177e1fbb5872d503f41b9d2cb8454c4b86b44897a415d3309a4df273579725342bea7d646993816848070b582d421ad61a547589af87ae45fbd3b9ae1a34f5c1e448b697522c4e8516607dfddf80ad617e97b32e3eb5666fea7a98c5b8e4483a56112b883baba83cb9d285927a0d3b7186e30686f34e782648495f248a20bfd44a3471a6cb6d9a743294a6955fb63196e6cb28cf5bb8ba521c2f4501f90b85e1a55aa0972adde1a8c9fc854158ad96da6cfbbf598321156edd9183b26f4ebc32c14c8712c2a5e8d20d79d0d5766f28001120c949b18a0a7dfad2db611d65b011b5fb5e98aebd1fc4aae2e77040f8805a0855f4118dbd856a109d39b3afbc6668cb78ca3831b298dce065b2db10c044250c02fe33ff713d9e02115c2bbe52eec757d50090f3a615aae91aee7b46c5be026e5575be02d6303f269fd9d54b843e5c341d8baa2f82d5f03a0c9ba51a42267d7ce16436b1dc3c4e33fc13a46d16515bb73d66dc457c68b2a2e08b6353b017124ede9d5df5d4b3737cc9c93f02d0dea3099b5eb539b176e4dcee120719e8d8b8d17b22392f23ca8f69f8ae66a46b71730604a194f81daf7d9f77116863fc6021d411891a97eb307bede4bc5e457ce14e826e1f61c255dbb31c885d6c0e2b295dbcd731a8732a7b7ab0f3982053ba2b4ba22866d19a02b6e90a065b69e655573409a79926b7d5232516c6dad4565f27c9f34a8e8e5871a229bd3b6690592b691ad2fd9282b69be93c940420c7d82420a3ec40688cf3fd87f13c2334128b3de82394531333e2233359e69fbe17bc9d2472ba9f8af3cd85d7a1635f565d22c942bbd3dd7b5255f564ed5a058f505894bc4dfb9c9ccca986d03059c118cbf9b951d81fffc51ae218bd03009553e2fa78f442fccc32f6f1873cfb8a7811f6812db6e9077f14fe4ce80762b8868c2c4c1fbabcf1981274557da8e0efe7e68de751dce00ac932d05a6e8d99f8384cda5cbc26b6430f99c4b63017ea5e7387265b80fe782198f512b03a8c140c7bbce79cbdff73923e7e0d160daeae0f5788e7d685411216caf7b29a4454c3185f1854656c36fc8eba4eb3f4a97ded11ac083371fd2994b5b2a401af7dd07fbb30edd5df155e2a676a006528af6de6b674e99727002431d4a58a1a16fe6b72c4079441883b5fae1ef2fbc1f0f1f7de3cde1fff004cf72cd8aeb118a152efe83e9d13061999321e349e05bd14fec245430ce0a0209cc9c840f9c09c3dd724d241b5fcd71ed870b9bd1080b8b107b3a62def109aa8a88b5298628a45cd21b6639b545d5d8abf79eb068329448112e8316f542ba67e729d37ae65ced44091cbecdcf39c53a438ad841d7195885cc311207a739b908a73ce7584d05d9f9979b384a417b28a073a33f803805e3ec4272f58f21e72d6d06576c0feb467ad20e08d0896adbe3d5348085726b86fefd049c1f44a39b77c40c59e0b1e17c4d69f25256bc1ddfa5da0533bbc02d51466677b30fd0818acebf108631b019912738f941a1eea4e953d51525bd66a3b87141ccde775892f618a96ef7f5945a819b39714171ea517a2664e3806fa77572d098a437cad23a52d7c2172a4150bd710cc48fe3b665973d4c8c44140a608a976b489b5c8510585d87815070c050cd05472ebe461aa45dbf6dd37dd2b35f2236657dba4d329c2f1b18026cd7b5db881e57f39e6003246fea4744b2ab088c43b22686b10c215bdf5cf960d0610bd73d28c87a119c611c5ce6696097eb6cb41c7c75f16d6753e0cc61e33b7ce233b67288e9b16db89d7df8e4abef68b2278590138cd2ad9c16cf08d3b959f203803106998ca5e6dd3ca2c87041438778bd11ab7dc8b16b70f73df48f455deaecb6d5507f7d4a0e39f3d68b4f039a9e07bf5498fa638812e42196663367bc2a26462a151fe21686190ffc49173c6f6ddebfe03846c0e6d050138baad4b246367dcccad1b68dc876ac327ee017b0c818fad1b8f1c3c496ba6e4e1db331b0bd8f883255b92c39da2e5389c6899c760b364a51af808924564e3c2ae8855cb071a3f09f3d4a33c07aacb8d01b6d5f7cb2968ebafebce3efa7e0c2b434f27aec51104e3017284d7504f9ff313dbaaccee7e7dbfddde049b3d8f64cfe400e6691f3e84d15f2ddc1d9480dd4a00826a1398e331a939ce806d0fadff1cf93c0b24b92183c2c0de27e5895ee6b69e608cd0dfde4cb44584b5e1e58d6f9e5e4db8178e87f6fd00b1785775f4ca4bb39b81d30b800296deeda336cbfbc04c815beb9bd0af20b16ab9a12cd7191e36d8c724a089c3caf99b2b1141de6b3a65eb397c1dc49c84e8fa05d86b0b338270d306b50afb77af23dfa1c181c057c857cb308afd7c04e49aaea4a18fcbdd75b5cf2070606c5e24cefd60e2b6d05b9a5ac1bbca245e4022cdfac311cc29698bf267b63acc193f2129714b01bcc65b2768b0b6e452293ddd7df7870c8a77f8a96274c713e0631661aafbaaf949511607f0f899b422d1e57a82ccae32778721e11f05b007b3a0ec69bad3729423e93953f70cf233ea4a666e8f61bba40fa6e5ae3153e7d07f7fe3e20c870bf08040aa210c64842012edd5ff0a2828013d930f4381541ca45e210d3eb24ed878c76e5c69f84879a9c58ac9a34e0df76c3e5d9785a81c1fa6aa825bc1991a7bf26e47a0da7b2765f2ca4fa9fbde19f4c3db904c3ef482723d80464c1865f3b1e25371b232f6401c0b0ad99a430c78e7999632b3e6f5c08030c4a75c80e9e42e5ada10fa1f9f2c3256fc330ec297704f6f041f41fc9a1f633f911b3c2c20d17f3f10293e7ac4bd15015f2f810bedd68ca3de44211e4f56c231e0d3a8dae8fd03b345f61ee"]], 0x3}, 0x1, 0x0, 0x0, 0x800}, 0x0)
fgetxattr(r1, &(0x7f00000000c0)=@known='com.apple.FinderInfo\x00', &(0x7f0000000100)=""/45, 0x2d)

12:18:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a200, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:17 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:17 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  682.992656][T16538] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a201, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  683.047502][T16542] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  683.071596][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
12:18:17 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x4000, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  683.116555][T16603] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:17 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  683.205078][T16655] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  683.268998][T16603] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  683.293646][T16655] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:17 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:17 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000000)=<r1=>0x0)
move_pages(r1, 0x1, &(0x7f0000000040)=[&(0x7f0000ffd000/0x2000)=nil], &(0x7f0000000080)=[0x4, 0xd77, 0x4, 0x800, 0xfffffffffffff1c5, 0x10001, 0x7ff, 0x1, 0x6], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x6)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000000ca47ed427445fcc061e826732517bc00000000e400710000000000800000", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:18:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a202, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  683.319903][T16661] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  683.428232][T16787] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  683.491854][T16878] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  685.114898][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  685.121002][T15374] Bluetooth: hci0: sending frame failed (-49)
[  687.194928][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  687.201043][T15374] Bluetooth: hci0: sending frame failed (-49)
[  689.274964][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:18:27 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

12:18:27 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:18:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0xf7, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0xfffffffffffffe9f}, 0x1, 0x0, 0x0, 0x1}, 0x0)

12:18:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a203, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:27 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:27 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getpeername(r0, &(0x7f0000000180)=@ll={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000200)=0x80)
recvfrom(r0, &(0x7f0000000080)=""/231, 0xe7, 0x2000, &(0x7f0000000240)=@ll={0x11, 0x1b, r1, 0x1, 0x100000001}, 0x80)
r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x1b, 0xa00)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x88, @loopback, 0x4e21, 0x0, 'lc\x00', 0x0, 0xfffffffffffffffe, 0x12}, 0x2c)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  693.232051][T16892] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:27 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a204, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  693.306579][T16900] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  693.312743][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  693.367016][T16903] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:27 executing program 3:
socket$netlink(0x10, 0x3, 0x0)

12:18:27 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:27 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500c9225133cd12149900"/28, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

[  693.449796][T16944] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:27 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  693.561850][T17018] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  693.639166][T17026] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  693.679464][T17024] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  695.354893][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  695.360991][T15374] Bluetooth: hci0: sending frame failed (-49)
[  697.434898][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  697.441904][T15374] Bluetooth: hci0: sending frame failed (-49)
[  699.515096][ T3572] Bluetooth: hci0: command 0x1009 tx timeout
12:18:37 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
close(r1)

12:18:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a205, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:37 executing program 3:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/qat_adf_ctl\x00', 0x109002, 0x0)
setsockopt$inet_tcp_TCP_QUEUE_SEQ(r0, 0x6, 0x15, &(0x7f00000000c0)=0xff, 0x4)
setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0xa4001, 0x0)
connect$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x2711, @hyper}, 0x10)
ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000100))

12:18:37 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:37 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:37 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  703.471739][T17039] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a206, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  703.521064][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
[  703.545208][T17050] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:18:37 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000000), &(0x7f0000000080)=0x68)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  703.622764][T17046] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  703.712813][T17115] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a207, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:38 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:38 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:38 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x10)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000040)={0xc5, 0x8000, 0x1, 0x0, 0x0, [{r0, 0x0, 0x100000001}]})
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip6_mr_vif\x00')
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0xfffffffffffffd93}}, 0x0)

[  703.847781][T17267] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  703.951368][T17311] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  704.040646][T17276] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  704.083463][T17269] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  705.604896][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  705.611044][T15374] Bluetooth: hci0: sending frame failed (-49)
[  707.674948][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  707.681044][T15374] Bluetooth: hci0: sending frame failed (-49)
[  709.754961][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:18:47 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x13f, 0x2}}, 0x20)
close(r1)

12:18:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a208, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:47 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2080, 0x1)
ioctl$PPPIOCGCHAN(r1, 0x80047437, &(0x7f0000000140))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000040)=0x2)

12:18:47 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:47 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:47 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4201}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  713.709633][T17393] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:48 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a209, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  713.765707][T17394] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  713.820822][T17403] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:48 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x8000003)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x29c, &(0x7f0000008780)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:18:48 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x10000, 0x408180)
getpeername(0xffffffffffffffff, &(0x7f0000000140)=@xdp={0x2c, 0x0, <r1=>0x0}, &(0x7f00000001c0)=0x80)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth0_to_team\x00', r1})
r2 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4)
sendmsg$nl_route(r2, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYBLOB="000000006f02a4e71000020004001200080004c00a000000"], 0x40}}, 0x0)

12:18:48 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  713.918782][T17509] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:48 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:48 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  714.038809][T17549] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  714.150475][T17623] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  714.211779][T17626] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  715.834964][T10275] Bluetooth: hci0: command 0x1003 tx timeout
[  715.841877][T15374] Bluetooth: hci0: sending frame failed (-49)
[  717.914956][T10275] Bluetooth: hci0: command 0x1001 tx timeout
[  717.921486][T15374] Bluetooth: hci0: sending frame failed (-49)
[  719.995127][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:18:58 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
close(r1)

12:18:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000d000100656f7370006e00001000020004001200080004c00a000000631543b8074f3cd3404897f3d74e17145a7fa7d23d158ecf7d5c84bc549e18ec044289553f585b21a2f186255bd030a5"], 0x40}}, 0x0)

12:18:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:18:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:58 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6400}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  723.951797][T17643] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  723.996495][T17640] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  724.008768][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
[  724.060317][T17648] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x1f)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x40, 0x0)
ioctl$VFIO_GET_API_VERSION(r1, 0x3b64)
ioctl$EVIOCSABS2F(r1, 0x401845ef, &(0x7f0000000000)={0x7f, 0x2, 0x53d5, 0x40, 0x61, 0x6})
ioctl$KVM_PPC_GET_PVINFO(r1, 0x4080aea1, &(0x7f0000000100)=""/21)

[  724.107654][T17657] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:18:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:18:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  724.202487][T17661] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:18:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  724.266481][T17670] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:18:58 executing program 3:
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
accept$packet(0xffffffffffffffff, &(0x7f0000000280)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', r1})
r2 = socket$netlink(0x10, 0x3, 0x0)
getsockname$netlink(r2, &(0x7f0000000200), &(0x7f0000000240)=0xc)
sendmsg$nl_route(r2, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000440)=ANY=[@ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES16=r2, @ANYRES32=r2, @ANYPTR=&(0x7f0000000000)=ANY=[@ANYRES32=r2, @ANYRESOCT=r2, @ANYRESOCT=r2, @ANYRES64=r2, @ANYPTR64, @ANYRESHEX=0x0, @ANYBLOB="40170cdb85925f7ec40dd5f78d2bd25fff7652ba46d6bd7ff452d5c5c142f4f8050b9fba0a5ed297e22a9ca5cf47e261557d0be89a91dfafc7320d577bbe42898197f696d4ace86e85703dee97aeb21e0e7f8a5a653e8b276786865ec5fe6ff834749303595611427572070dbb10672992ab2d7fcfaeca0e8dc697bf3c0ca773b340871b253dde0463d12ea91af2c10b7eff21900e3ea2c28f5ad6d15b446124bca9213dc7f478b055745ef77254c6bc", @ANYRESDEC=r2], @ANYRESOCT, @ANYRESHEX=r2, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRES16=r2, @ANYRES32], @ANYRES16=0x0, @ANYRESOCT=r2], @ANYRES32=0x0, @ANYBLOB="00002527332ceab8f208f90a18edbca10cf7a52a001d0100656e73700075ffffffffffff8ab00000001691b5f99a92567cd285e0fc8a80d73f743b2aa358a4eb9a186462457f4d9a658092ade3ba6499e83f443938722fbad9badcc7388aba8a948dc58437ee478ab202ccac2ce5ff0465748c0dfed61c090113f1a29b6f5453d1e5cde4c932f08aab2dc553879108a55c80c674837fb0d3cea6baeb2280dd1b44b12b39212e95df84a2203b3be2f22fa90c8c39f1da9da48f29cccf2c3737b5b6f20c87577563f3f4c026fbe38dfafe5108b27f"], 0x3}}, 0x0)

[  724.369851][T17731] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  724.459104][T17853] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  724.544629][T17778] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  726.074891][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  726.081007][T15374] Bluetooth: hci0: sending frame failed (-49)
[  728.154913][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  728.161026][T15374] Bluetooth: hci0: sending frame failed (-49)
[  730.235007][ T3572] Bluetooth: hci0: command 0x1009 tx timeout
12:19:08 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
close(r1)

12:19:08 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:08 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:08 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x2000, 0x0)
ioctl$VIDIOC_QUERYSTD(r1, 0x8008563f, &(0x7f0000000040))

12:19:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:08 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  734.185766][T17897] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  734.245681][T17902] Unknown ioctl -2146937281
[  734.247941][T17899] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:08 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:08 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, &(0x7f0000000140)={'veth0_to_bridge\x00', {0x2, 0x4e22, @local}})
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="40ffffffe1d932f19cba5de3eca0ffffffffff00"/30, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}, 0x1, 0x0, 0x0, 0x8d4}, 0x0)

[  734.305195][T17915] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  734.382178][T18015] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:08 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  734.475891][T18019] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a210, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:08 executing program 3:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  734.573869][T18127] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  734.670463][T18130] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  736.234946][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  736.241054][T15374] Bluetooth: hci0: sending frame failed (-49)
[  738.314997][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  738.321186][T15374] Bluetooth: hci0: sending frame failed (-49)
[  740.394913][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:19:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
close(r1)

12:19:18 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xfffffffffffffffb)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000afd9ac780500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
signalfd(r0, &(0x7f0000000000)={0x5}, 0x8)

12:19:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a211, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:18 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  744.437161][T18148] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
close(r1)

12:19:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a212, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={<r1=>0x0, @remote, @loopback}, &(0x7f0000000080)=0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x24000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=@gettfilter={0x24, 0x2e, 0x200, 0x70bd27, 0x25dfdbfd, {0x0, r1, {0xffff, 0xffff}, {0xf}, {0xf, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x800)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  744.510952][T18207] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:19:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
close(r1)

[  744.619279][T18206] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  744.677778][T18269] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:18 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
close(r1)

12:19:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a213, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
close(r1)

12:19:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
ioctl$FICLONE(r0, 0x40049409, r0)

[  744.933966][T18383] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
close(r1)

[  745.043753][T18392] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  745.130557][T18384] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:19:19 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0xffffffffffffff6b, &(0x7f0000000000)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:19:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(0xffffffffffffffff)

12:19:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a214, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
fsetxattr$security_capability(r0, &(0x7f0000000000)='security.capability\x00', &(0x7f0000000040)=@v2={0x2000000, [{0xfffffffffffffffa, 0x7}, {0x100000001, 0x4}]}, 0x14, 0x1)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000ec00200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
r1 = syz_genetlink_get_family_id$SEG6(&(0x7f00000000c0)='SEG6\x00')
sendmsg$SEG6_CMD_SETHMAC(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40008}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0b000100", @ANYRES16=r1, @ANYBLOB="24062abd7000ffdbdf250100000008000600000000000c00040000800000d97b00000800040006000000080006000400000008000600c1000000080003003400000010000400050000000500000000010000"], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4000)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x800, 0x0)
move_mount(r2, &(0x7f0000000240)='./file0\x00', r2, &(0x7f0000000340)='./file0\x00', 0x4)
openat$cgroup_ro(r2, &(0x7f0000000280)='cpu\xf7Kl\x1f\x9a\r\a\x99ry_pressure\x00\al\xa3:\xb8\x873\xa2,\xe0:e\x04\xec:\x84\xa2^\xe9\x86\xd1\x03\xbd\n\xa8\xab+tge\xdf=\xc7hJ\xc5\f\x834\x03\xc4\xf4\x9a\x02\xdcm\x8e\x19\xdb14\xc2\xe7\xac9\x13\xd7[\x06\x1e\x19\xdf\xa2Q\x8f\x852\x93\xb6\x81\xab\xea\xad\x12C\xcfsp\xc6\xce\xe9\x1a\x06\x135&1\xff\x93\xadx\x84J5\xb0\x19qjg\a\xeb*\xec\t\xf4=\x9b\x8d\a\xef;P\xf1\xa6', 0x0, 0x0)

12:19:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(0xffffffffffffffff)

[  745.361582][T18515] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(0xffffffffffffffff)

12:19:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a215, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  745.434142][T18524] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:19:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
rt_sigreturn()
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:19:19 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

[  745.476896][T18528] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:20 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:20 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x0, 0x0)
write$UHID_CREATE(r1, &(0x7f00000000c0)={0x0, 'syz1\x00', 'syz0\x00', 'syz1\x00', &(0x7f0000000040)=""/77, 0x4d, 0x7, 0x8, 0x8, 0x4, 0x80}, 0x120)
ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611)

12:19:20 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x9, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a216, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a217, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x100000001, 0x24000)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000040)={<r2=>0x0, 0x2}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={r2, 0x9}, &(0x7f0000000100)=0x8)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:19:20 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0xf, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a218, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:20 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x10, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  747.594928][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  747.601745][T15374] Bluetooth: hci0: sending frame failed (-49)
[  749.674920][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  749.681007][T15374] Bluetooth: hci0: sending frame failed (-49)
[  751.755441][    T5] Bluetooth: hci0: command 0x1009 tx timeout
12:19:30 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xffffffffffffffff)
accept$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000080)=@ipv6_deladdr={0x8c, 0x15, 0x20, 0x70bd27, 0x25dfdbfe, {0xa, 0xf8, 0x400, 0xc8, r1}, [@IFA_LOCAL={0x14, 0x2, @ipv4={[], [], @broadcast}}, @IFA_CACHEINFO={0x14, 0x6, {0x2, 0x40, 0x2, 0x401}}, @IFA_LOCAL={0x14, 0x2, @ipv4={[], [], @multicast1}}, @IFA_LOCAL={0x14, 0x2, @mcast1}, @IFA_FLAGS={0x8, 0x8, 0x18}, @IFA_ADDRESS={0x14, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @IFA_FLAGS={0x8, 0x8, 0x8}]}, 0x8c}}, 0x0)

12:19:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x5b, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a219, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:30 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  755.945975][T18902] validate_nla: 6 callbacks suppressed
[  755.946005][T18902] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c000100000400120056d6080004c00a080079730b65e90ba5925d000000000000000000000059debe8113250ad1ef9b23"], 0x40}}, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x191040, 0x0)
ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f00000000c0))

[  756.003788][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  756.036866][T19009] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x60, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  756.104949][T19021] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  756.126413][T19021] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  756.171104][T19029] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:30 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000280))
r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x80000001, 0x80)
ioctl$PPPIOCGFLAGS(r1, 0x8004745a, &(0x7f0000000080))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x20000004)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f00000000c0)=[@in6={0xa, 0x4e21, 0x1f, @ipv4={[], [], @local}, 0x80}, @in6={0xa, 0x4e24, 0x10001, @mcast1, 0x4}, @in6={0xa, 0x4e22, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x401}, @in6={0xa, 0x4e20, 0x2, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x80000001}], 0x70)

12:19:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  756.263268][T19028] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  756.372645][T19195] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  758.074881][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  758.081000][T15374] Bluetooth: hci0: sending frame failed (-49)
[  760.154932][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  760.161016][T15374] Bluetooth: hci0: sending frame failed (-49)
[  762.234890][ T3572] Bluetooth: hci0: command 0x1009 tx timeout
12:19:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x296}}, 0x0)

12:19:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x84, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:40 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42010000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:40 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:40 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

[  766.187462][T19254] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
prctl$PR_SET_PTRACER(0x59616d61, r1)

12:19:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  766.262936][T19268] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:40 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x8c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  766.374740][T19260] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:40 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

[  766.435922][T19278] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:40 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = accept4(r0, &(0x7f0000000000)=@isdn, &(0x7f0000000080)=0x80, 0x80000)
getsockname$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000100)=0x1c)
getsockopt$inet_udp_int(r1, 0x11, 0x67, &(0x7f0000000140), &(0x7f0000000180)=0x4)

12:19:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  766.600019][T19393] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  766.711104][T19401] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:41 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0xc0, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x1b)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:19:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a21f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  766.876660][T19512] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a220, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  766.930037][T19515] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:41 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000001100))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000001040)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="000000000001005a727370616e00001000020004001200080004fcc00a000000"], 0x40}}, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001080)='/dev/sequencer2\x00', 0x10000, 0x0)
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r1, 0x800455d1, &(0x7f00000010c0))
write$binfmt_aout(r0, &(0x7f0000000000)={{0x1cf, 0x4, 0x8, 0x3d4, 0x1be, 0x3ff, 0x2e2, 0x43}, "89b6a93ad758cafaba1501052e4838a0d23698c389d855b9105d3a920841f7be08b6d6869956713ca4e8c95793ead0878d36ac5bac183171144a7e2e622cae3776017250099258e8984a1dd2edd77b561773fb6cda1435c2c47c5a73361017e1a905ac80ae6ede20c97bb43ec09c6a00492148bb6b79d97af5adb7ced606d986cd62691a1e9af78e61e79b6d8ea49cb8c06641c13a0c2e7c2364ce31d65c2542eeb14421250a5493ad04b19ff6ce2024a1e00922de209f79d51d452f5484a2f664e5f55f69a89d5cbb313f9e5a0abf10eaee2a436b8dcbd582f36c264aaeb2c1372bfe26787d530947b41e33d95ddc95c9c4d71f286de548bae9a01f979809cde5f74b10ba8703dfbf7417d6e69736b13b8cc62fe790309812320b994fa48f041c36a3f42465dd566e949cfea3c9b91b706d86f1601a946797290265c060cb352a237c7939a6902aac226dac8a9f705e03af4a66a450b4b619bc4ce34a947b49566ebcd09c4c2f6e1577f9e62eefed1173b222e4157031fedd3d745260263f458dd917b8671245cfb3e1d9b30168769098779d5e600bbf59572795d7050e52cfd23b6bc9c69a5a7e3c8443a576e0038c7ab902f7cdc3e57a09c5f6e665b4d14aba14086a65b6b482df5a9e3f033312ba4f6908fe14d2250b831d5afa2f6d38c86bdae9129ae7785a58a94e27af36c66e7cf7e40f6fcaa93ed60348dc231eb9c6c65a84ae23764cf7ab8f5f663f7ad7e4f155c5cf0c248a5928eeda4d8cbf805d0ca954a501db95e8d71ec1e10b9dd21f9a0ff7c6b52c33863aef334087281ef3a2aa51aca6e3242dfa7369c2f8b5b681bb67ef9f48466c9695821a551b29daf915ace922be6e4a6ecc1bc17a2c83354d80ee3246a9f10640cb4f09022725aef5c74a39bb3b86add5e6a694083d30aecd7c3934c4d09883591a310f3cdfafa0ec910ac7a6f1b8f457a474fa83af80646942cea846ddfc5d1ffa96f77ab58ec1ad912639b165ace4aff6be04b782cfb51a6c02cf74e33e31a93097287546dcb9df1db88327990c6186f31f8ae99fcb25f82fad9c231ec8649cbe26da2483d479b51fc1190a19c45e564387a23eaa44435aa7cf7c62cec3ef2215f0beb3eae1713bcae7b42f77aa80458a678d35574ccf6b4c37edbf32cdb018dc44450b8fbe5e094b9836704309367b3b58220c9d64bee7b87ac979198b2cde169a92015b02839c790777aa274b262b0bad5800ec51da1685dcdcd1b2ef065da1d7b5101fbb87518423e357ab864874d4684dadcbe0411f624d3b99d6cfed45ffe80c55690866d8f1f9b36d6a61c22f7c87de99dc4f0ea49bdc706cf6a56f0e14f05844182acabbd8fe9f45920d6a7296f37d256aa29f3560b40a4e2296abc1ec6a1064dec21542f384bb3686280ee48a094a29ddbc6c5157ba17e3335865b8ae89f690f7f19af8349b7662be7947a02002cb50048761f36e22b8e7cdff3e681b3a6e07f27b8ffd6faf39e2198246cf7db330c2e6fc9cc0a5d3e6c9029db60463e462bca28f153b46354987a7aa2708c12a6bf442562ddb012fa7a53bed480c7e8335462b572a84423c28edf06683d76e7600d17b32e775f13ed684cfb1a54e1ae6fae5c06dafe7c0d981ddac48d8de7b62b8c1aef1db21617cea9883df0d826407a8d5d5ead4e3c9b4f9e17cfbfce7b869ab040b1f89223fe098fbb4d7f758b296dcfac3b648235185fe2eda41143b29d66a84c74d784baa0b444836984d36c1a0f5a44b18976680996f46d4cf6c916780734d958c8f917c28488bcf0a82281699452ad97ea9fe5b1f61089c27b00a2da80ca6105b5bdcc6dce1545e1b984137177d81dec635f31aa7d41e94b2ae342620f2f1d7a895fb003f231d204a2c7666a628779fa0dcb97928fa7fd56324a924edce0287c88745e8e25968500b46e62f9b4eefc9bc0b4d9c1b3ac16a9a438c9421c2df8b6eb2d254be9ef6b0df8998c82d29ebb3ec6db15ca66e4e2f50f72fb6a71b513190d8fb1ead99b4aa5c60b422c06e487f0dfb26ba97ec2ea2b95a49db8714453993d28c5d922d136da8da13824a6a06078ebb0229b78ac047da0303050b97c94b9dcdce002d56b11de19eb513dfe7893f4f9ffc6f8d62f0ce7e0d229e0f4dc1858c38fab4bb334615c2156b7a74d6dc56fb65808b2f95b3ec923afeb0f433227ae72245dacc8b58ae0c35c4fa86ed24d0db1634db65217462c98d2e35b43de7237efc95a725f6f7b53f739b9f3684d0b3edea8980bb76aa452f2eb680b1d006330cf13374910c2ed73b1cd2331b7dc5f322c0bbe05f4418e197ac66e8fbec53762ab0796f550308c1a8025fc60228b55b1a6b21818ea1b778f6af064cf8f010e74fad1385427070ebe5545a141964bee046cb1e316735405fd26521df8db5b19eace9fd56623d281beac6d8cd10cd3f9d641814c9867f1d7af0804889831ce538ee03ad41ff3c5971ec291de9fff05836fb848da7820a03faf5bf1a18cca0957b1b7100795926e6cfdc01722946e423ab5a7001aeae9db04112aacdd42579e1fbdf1da561232b4a8be4eaec948deef6d9c20b73cad9fa6599c2485f9a650ab4714926c03f1fad580db0004fcf2b598900bbe57c2f166bcbc721d1db1b12841a5d437f66b1c94745b5c7584550c6dca984dd0a4d52d59aa9558845497a3fc18e214eff8798c2b3a33379d9e47e667ccb19ac1dca21447397ba70dd287fb9f3005df1166c60a5abc202a56d16ac74708fb0c409273b7fc246d40f8f7948e21bec86688cb4008bd0864ca6b894bd2d7d7e6daaf985189024a7c25f765af98ff059ae4f366cd3677c30fd03884876b36ecfd2a6a06054b04d6ba9691ce0c5055122e80ef7a23b4137b5605aaae1db86151fa377412c986587c89f2925dcf93e8c1eb77ee7ce94dcc10a591b262c183e2c806fb7e2465cece473248ee8f0f72c563a94a6910ba0208b184738785b3e81ee4a041045954ea10f7cd71bd29e5e1cecdf1538b59938635c818ddc8d4c50f1eeda15c2c30a96477c34d8efc5083984e85690a722e519de2d49b68b4c40d06763926a3882daedba36166dc1a80e98bc4da04a1542c4f0183b28d72e0b7d5f0489a7ed477a9627d750f0f1315bedc87d7ba49ba2f77db948ae9a82f1e2c294c6a80f0e47246c1445a3b11ef80ca190aa81f3a81e2469db1b98e650c4bf3d5c22444b731970b8fa741ff527ad0ad44166c4561f7fba25a3c5213950fec431f92ac33269b42d280a71819688c57c896f9037b4cc8c75978fd68da3b36502f2edc77d2a82cf92b05414f93cfbd964b0af3524656e73652446984655604eacd1f0e8848d351934398eab23850e06529028de176a657611beef7487df59d88dfce5423f983a853a6448d5149e9437aa6271c9d3eaba3367252ec2910818c2dc5a96287bc1199b1aecbe1443c60bfeeae7a5da1cd4db90f9c2fa9b1244c66d107739f2454e5b2f9272db5ce3024aa809278fe41ee7ea6cae2c606e1d05b84976acb3a4260081a6f04a5253f20322c83b5d015654c95e0ecfbc2ec8e9d72bf7dd8b070c759a9fc5e946ae4fb353562dec3ef64f22a23c8a86d15ea536229a94c3b749b1f6741a28a7f6a5650bf549df770c1315164a9af5692eb4daf8ce3c405a39b7ec0fa55ec6128e27b47e50022abffc82dd202b79b93c6518d144f73f8321da631e05f60c0ed3b9d49403f0bf7d2e72d7410a6d9c2cbc707ac56184dfb8e72e173dfebae2a7a3aa24773c27087eb5863a7261f6162154ce4009e06db9ba64c2a19d4942a19c79c4111235b69600b2d387ec620f67aaa7bb0d4a2c8afe83592968942521e5212647640a18ea5f980c6e9426d25b8711c9cad538dd71dfd8f459197ebe34aaae764473dca2f5f57e52af309bfbb6a7a38b0a28809ca88f6f080bc464e8be01e1e8bd7765de5698d406764755adbfb0e28ad95ee9788a8162ab4c4380f710e9b721ada9af962753f6818c34c555911712a5603e53ff8de72ba20cd2bc242492bf617d74588c16c749e2eae338e0b7c3822fedaac09ace14c1671c1fc6299345ea7136d938c66ba54a58634128742476c633767ef5cd54ee83ae289c9b737422c955c6e1fc5ce9495c4257bf4ff1cb46573e3380b21aef8d0b71a24db89ce3c6a9d1a8e33a45db471d6b14f8c502b8b506c1c05d5768960443d2a2bb0c7a97289ce3366731cf3b915114810880ff8b98f6df16bbece971c2ed94f1b1d4bf0ce1c276119fe9d671a9893a6623ec68786712d3a40704e5bbb8d1d9e8d8ab5c1452c2904a1e6c46a8a67956aee6e139c34ffba3e35889a9a4c4a84c40688da408ef4254653541ecc2338b893a306268e17c98e3811cc6b44f71c9a235305ac5d737075df8b4315622552288a36227858233617b90455d2fb70ea4d5eaf759d2807dacc9dd3c5d13f1fc01005e6c4268651eccbbd0dc105a61006801a214379c8f4d1ebcd9db8aeb16336690c13eb2e50e698bf809a1daca992aa495f943cef44f9158e566e7fe021d194d07f3806de4169d020eea792732855f69f8cf32fdbc0fc689c095546047271333b5aae4c67916c4e40c5efcc8b5aff479802bbe073ae1323ba0048df713f2f07873cf6412cbd52d3591b61b8057902c0d4cdb046c2e0a15e1d6e5b73cbb7bbc6aa460d53abac4bffa7e9d944bf7452c00a3be420b021ee5764207ed7174093dd016e0663be82c1ab80c299e12b3cb9a27e5a2b9ef961290f3dd565ebfbba9cec479d3d02c116d7ac311857851dae5915e2d4d084be687631c1ff3f524b4c78b151a1d40a4198362078627c7b4e79553a74d44df6352521c3f79647f7338ad5881f435686ac9b4a1f27ffa2cdb18d242d673627e62d777cdcb096c612df191e20d8f79312385b8d2c0468f2782cd17df816926baa90129000e39e8224093d7cfb8cc3af7a72132d5faff3f8b21b536aac15c5145583a9be019abee5a58b1ff0b36d03f7ab0d28138706e20b7a8e7a1fd621ac18701f6917effdd74f0615b9fad972244a10725e411d7a1343d1fd3c0be8f0d606d4fd2e360a330e5ce638688974081ab3f41979b15c58cfdf3d7e236f6d2c2c8b52547c9ee90caac1374845c54d58e088e2268fe246498e45b437b737ba7ac517e2d40632f0a0d30f2bffa805fe70c142f420f358207ff777c9ec97870d75583aae4ad08c6b66dbb69b3771a20dde27ea64744cfeb00c0962b34c3aa77fbb625902d4100bcffeb332c83fe6df5cb7ad58a03e50ad9495b4fc991e5ff35b7f786d304a403659b9e82ed3b73c918e0e0d568230e1ff5bcdf15f87ca19340d15be17193366e5091d3dbc97738e99d3b839b042a67a427d8234dc824f1dca3a130140d6f0063da1ed7561fb9c500ee05559b2f6b1793948de9569c22e7bb08a66654415d16eb6ed26cf5958546e6f37439f127e66696c86c012cad84127a01176c40b27a22c9d6b5c91af507c9d3af6aa126da80fb75fe7f47e52d6b04b16aa0b19274bd2c7ddffb494f2116be37de1f08828c39f1005dada8a27bea05268003a64e1f3261f4acc50eede9f0a8074886b8bbbe9310c8c0d3e00bce1c7f124205809b6d3d5ad5c3c8561e55e6dd916ef0ce8751a19bbcc3ce85638506698fcc23188221708b4926f83c50737e5871144fd5372bec88060bebc36537d5d0c7716624bf39bb762b5e6f205e89312afa153406c34b3a48d861cf8c00b7e14a7abf109d01fedba2346f3144857ab9b6d4e9331b61389328d22320adfed8edd0a582582b1044309517a2cd760c"}, 0x1020)

12:19:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0xec0, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  767.035041][T19628] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  767.100224][T19633] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  767.251326][T19743] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  768.714938][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[  768.721065][T15374] Bluetooth: hci0: sending frame failed (-49)
[  770.794935][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[  770.801034][T15374] Bluetooth: hci0: sending frame failed (-49)
[  772.874972][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a221, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x33fe0, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000f3f08b7f0c000100001200080004c00a000000"], 0x40}}, 0x0)

12:19:51 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefdffff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  777.055617][T19754] validate_nla: 1 callbacks suppressed
[  777.055627][T19754] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a222, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  777.132486][T19758] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  777.166682][T19768] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:51 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x200005fc, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000100)=0x8d)
ioctl$VIDIOC_QUERYBUF(r1, 0xc0585609, &(0x7f0000000080)={0x2, 0x7, 0x4, 0x6, {0x0, 0x7530}, {0x4, 0x0, 0xbeec, 0x6, 0x6, 0x7, "d53b7e39"}, 0x3, 0x3, @userptr=0x7985, 0x4})
ioctl$ASHMEM_SET_PROT_MASK(r1, 0x40087705, &(0x7f0000000040)={0x9, 0x61f})

12:19:51 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

[  777.330638][T19778] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:51 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x7ffff000, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  777.456467][T19856] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:51 executing program 3:
r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x2, 0x80201)
ioctl$DRM_IOCTL_AGP_RELEASE(r0, 0x6431)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="00002a000000000020001200d74d03b883b54f3f4539e6270c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:19:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a223, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

[  777.637255][T19914] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  777.694702][T19910] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
12:19:51 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfe}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:51 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x2, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:51 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a224, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x15)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  777.815566][T19977] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:52 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x3, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x3}, 0x4)

[  777.927839][T20034] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:52 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x60000, 0x0)
ioctl$TIOCGDEV(r1, 0x80045432, &(0x7f0000000080))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000021000050500000000e8ff000000000000bfe1e66457f0e8d679119bf63a88dd97c08b655a943f64a6085e338f5a2d441259afe127b1b0861010c176c40bbadacaf2ffdda85c38f5e5bea5ba40fb197d75b4d443615fb35db089bfec451c635ebc0898902d0d7480a42b8353b8098e9fd6087b3129eedc7b5c7ea070ad0861534d29823d5c3270dd4992c353ac5e8404e275996382ccea531b7a82abcdc820083878419dce86a59263786f737a6128a508cc1e275779262451d35f1359aa97443e4f0125911300a1b5229d216750aa7faffbf4df6ba0b333d96f8f91028c3a0b34", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x4a001, 0x0)
ioctl$MON_IOCT_RING_SIZE(r2, 0x9204, 0xfd23a)
ioctl$UI_BEGIN_FF_ERASE(r2, 0xc00c55ca, &(0x7f00000000c0)={0xb, 0x401, 0xfffffffffffffffe})

12:19:52 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  778.292772][T20168] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:52 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:52 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x4, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(r0)

12:19:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a225, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000008180)={<r1=>0x0, @rand_addr, @broadcast}, &(0x7f00000081c0)=0xc)
r2 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x717, 0x80a01)
ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000140)={0x1, 0x8})
ioctl$sock_bt_cmtp_CMTPGETCONNINFO(r2, 0x800443d3, &(0x7f0000000180)={{0x1, 0x0, 0x1000, 0x5, 0x40, 0xad4}, 0x74, 0x0, 0x101})
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="480000001c0020062dbd7000fbdbdf251f000000", @ANYRES32=r1, @ANYBLOB="0a00040f080006004e220000080004000692000008000400040000000c0900000000000000a900000800010000000000aed1a2cf80454b36fcae4e81db1cf220a75d8f72de463f20a475c2881b5e9ff4616085603d9f97a8da4892f0dc6b887d8a3828352d0b5d73e395c5e7ecf9755f0ed9c81140323e80"], 0x48}, 0x1, 0x0, 0x0, 0x40}, 0x0)

12:19:52 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  778.421660][T20179] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:19:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(r0)

12:19:52 executing program 3:
socket$netlink(0x10, 0x3, 0x0)
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000040)={<r1=>0x0, @in6={{0xa, 0x4e22, 0xf1, @local, 0x3f}}, 0x9, 0xff}, &(0x7f0000000100)=0x90)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={r1, 0x200}, &(0x7f0000000180)=0x8)

[  778.522125][T20286] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:19:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a226, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(r0)

12:19:52 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x5, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:52 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:53 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:53 executing program 3:
socket$netlink(0x10, 0x3, 0x0)

12:19:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a227, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:53 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)
close(r0)

12:19:53 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x6, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:53 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:53 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x84008900}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_getmulticast={0x14, 0x3a, 0x200, 0x70bd28, 0x25dfdbff, {}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x800)

12:19:53 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
close(r0)

12:19:53 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x7, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a228, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  779.546949][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
12:19:53 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x17)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:19:53 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:54 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:19:54 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x8, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a229, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:54 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x400000012)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="40000000100005245c000000000000001f7ec7dd", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40000, 0x0)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x8100, 0x0)
connect$tipc(r1, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x43, 0x4}, 0x2}}, 0x10)

12:19:54 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:19:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:19:54 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  781.594973][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  781.601071][T15374] Bluetooth: hci0: sending frame failed (-49)
[  783.674931][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  783.681028][T15374] Bluetooth: hci0: sending frame failed (-49)
[  785.754934][    T5] Bluetooth: hci0: command 0x1009 tx timeout
12:20:04 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
close(r0)

12:20:04 executing program 3:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x200000, 0x0)
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20\x00', 0x801, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f00000000c0)={<r2=>0x0}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000140)={r2, @in6={{0xa, 0x4e21, 0x7fff, @ipv4={[], [], @loopback}, 0x9}}, 0x10000, 0x3}, &(0x7f0000000200)=0x90)
fcntl$getownex(r0, 0x10, &(0x7f0000000040))
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0xffffffffffffffff}, 0x0)

12:20:04 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x9, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x900000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  789.870237][T20822] validate_nla: 11 callbacks suppressed
[  789.870246][T20822] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:04 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x14)
r1 = accept(r0, &(0x7f0000000100)=@ll={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000180)=0x80)
accept$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000240)=0x14)
setsockopt$netlink_NETLINK_LISTEN_ALL_NSID(r1, 0x10e, 0x8, &(0x7f0000000080)=0x7fff, 0x4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000280)={<r4=>0x0, @initdev, @remote}, &(0x7f00000002c0)=0xc)
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000300)=@mpls_newroute={0x17c, 0x18, 0x8, 0x70bd2a, 0x25dfdbfe, {0x1c, 0x80, 0x10, 0xa8, 0x0, 0x4, 0xfe, 0x5, 0x2400}, [@RTA_NEWDST={0x84, 0x13, [{0x8, 0x0, 0x8}, {0x6, 0x0, 0x80000001}, {0x800, 0x0, 0xc42d}, {0x246c, 0x0, 0x2800000000}, {0x10001, 0x0, 0x7ff}, {0x5, 0x0, 0x7}, {0x80000001, 0x0, 0x5}, {0x3, 0x0, 0x5}, {0x9, 0x0, 0x4}, {0x6, 0x0, 0x8001}, {0x4, 0x0, 0x5}, {0x0, 0x0, 0xfffffffffffffbad}, {0x80000001, 0x0, 0x101}, {0x7fff, 0x0, 0x100000000}, {0x2, 0x0, 0x2df}, {0xfffffffffffffff9, 0x0, 0x80000000}, {0x0, 0x0, 0x58a}, {0x1e2, 0x0, 0x7}, {0x3, 0x0, 0x7}, {0xfffffffffffffff8, 0x0, 0x8}, {0x7f, 0x0, 0x9}, {0x544, 0x0, 0x4}, {0x0, 0x0, 0x4}, {0x3, 0x0, 0x3}, {0xef31, 0x0, 0x5}, {0x1, 0x0, 0x514}, {0x800, 0x0, 0x8001}, {0xb566, 0x0, 0x1}, {0xffffffff, 0x0, 0x40}, {0x5, 0x0, 0x8}, {0xfffffffffffffffc, 0x0, 0x7ff}, {0xcd, 0x0, 0x8}]}, @RTA_MULTIPATH={0xc, 0x9, {0x80000000, 0x401, 0x22, r2}}, @RTA_DST={0x8, 0x1, {0x80000000, 0x0, 0xc83}}, @RTA_DST={0x8, 0x1, {0x81, 0x0, 0x1}}, @RTA_MULTIPATH={0xc, 0x9, {0x6, 0x2, 0x7fff, r3}}, @RTA_TTL_PROPAGATE={0x8, 0x1a, 0x8}, @RTA_TTL_PROPAGATE={0x8, 0x1a, 0x4}, @RTA_VIA={0x14, 0x12, {0x19, "4189c9491c6dc4b73b038d2dfb91"}}, @RTA_NEWDST={0x84, 0x13, [{0x2, 0x0, 0x1e0}, {0xcf8b, 0x0, 0x7fffffff}, {0x0, 0x0, 0x401}, {0x3, 0x0, 0x10001}, {0x3ff, 0x0, 0x2}, {0x7, 0x0, 0x1}, {0x9, 0x0, 0xa9}, {0x100, 0x0, 0x955}, {0x3}, {0x70, 0x0, 0x88}, {0x2400000000000000, 0x0, 0x101}, {0x78c0, 0x0, 0x452aac4}, {0xba0e, 0x0, 0x200}, {0x8001, 0x0, 0x1f}, {0x1, 0x0, 0x20}, {0xfffffffffffffffa, 0x0, 0x4}, {0xffffffff80000000, 0x0, 0x2290}, {0x9b5, 0x0, 0x1}, {0x400, 0x0, 0x80}, {0x4, 0x0, 0x1ff}, {0x10000}, {0xffffffffffffff45, 0x0, 0xfffffffffffffff9}, {0x1, 0x0, 0x4}, {0x8, 0x0, 0x8d}, {0xef54, 0x0, 0x18a}, {0x8, 0x0, 0x2}, {0x800, 0x0, 0x7f}, {0x3ff, 0x0, 0x3de}, {0x3, 0x0, 0x5}, {0x3, 0x0, 0x6}, {0x2}, {0x3, 0x0, 0x3f}]}, @RTA_MULTIPATH={0xc, 0x9, {0x3, 0x2, 0x6, r4}}]}, 0x17c}}, 0x800)

[  789.915714][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
[  789.950455][T20819] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:04 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xa, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:04 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="40000000100005f9ff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
get_robust_list(r1, &(0x7f0000000100)=&(0x7f00000000c0)={&(0x7f0000000080)={&(0x7f0000000040)}}, &(0x7f0000000140)=0x18)

[  790.111591][T21043] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  790.207920][T21045] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:04 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
accept4$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14, 0x80000)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000100)={@dev, <r2=>0x0}, &(0x7f0000000140)=0x14)
getresuid(&(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0), &(0x7f0000000200))
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000240)={{{@in6=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@dev}, 0x0, @in=@local}}, &(0x7f0000000340)=0xe8)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000380)=@ipv6_getroute={0x0, 0x1a, 0x30e, 0x70bd27, 0x25dfdbfe, {0xa, 0x14, 0x20, 0x80, 0xfc, 0x0, 0xff, 0xb, 0x100}, [@RTA_IIF={0x0, 0x1, r1}, @RTA_OIF={0x0, 0x4, r2}, @RTA_ENCAP={0x0, 0x16, @typed={0x0, 0x559, @u64=0x4}}, @RTA_PREF, @RTA_UID={0x0, 0x19, r3}, @RTA_UID={0x0, 0x19, r4}]}, 0xffffffed}, 0x1, 0x0, 0x0, 0xfffffffffffffffc}, 0x40)

[  791.994979][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  792.001088][T15374] Bluetooth: hci0: sending frame failed (-49)
[  794.074951][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[  794.081105][T15374] Bluetooth: hci0: sending frame failed (-49)
[  796.154956][T12773] Bluetooth: hci0: command 0x1009 tx timeout
12:20:14 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)
close(r0)

12:20:14 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:14 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xb, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:14 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:14 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x2, 0x0)
fsetxattr$trusted_overlay_redirect(r0, &(0x7f00000000c0)='trusted.overlay.redirect\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1)
getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000040), &(0x7f0000000080)=0x4)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:20:14 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  800.102971][T21271] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:14 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  800.170179][T21269] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:14 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xc, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  800.230295][T21287] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:14 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x10000, 0x0)
ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000040))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:20:14 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a22f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:14 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:14 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xd, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  800.441610][T21453] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  800.531266][T21510] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  802.234963][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[  802.241227][T15374] Bluetooth: hci0: sending frame failed (-49)
[  804.314950][ T3572] Bluetooth: hci0: command 0x1001 tx timeout
[  804.321051][T15374] Bluetooth: hci0: sending frame failed (-49)
[  806.394991][ T5699] Bluetooth: hci0: command 0x1009 tx timeout
12:20:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(0xffffffffffffffff)

12:20:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x103)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:20:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a230, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xe, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:20:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="000000800100000020589ecebf1e2e6373727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

[  810.346308][T21525] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xf, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a231, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1d5a7d40cd5a19b80daa640a3ecf8f400000001000050500"/35, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)

[  810.399183][T21527] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x11, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  810.471261][T21547] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  810.543638][T21555] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  812.394876][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  812.401630][T15374] Bluetooth: hci0: sending frame failed (-49)
[  814.474915][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  814.481039][T15374] Bluetooth: hci0: sending frame failed (-49)
[  816.554980][ T5699] Bluetooth: hci0: command 0x1009 tx timeout
12:20:34 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(0xffffffffffffffff)

12:20:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a232, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x200000000000000}, 0x0)
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x20000, 0x0)
setsockopt$inet6_udp_int(r1, 0x11, 0x67, &(0x7f0000000040)=0x401, 0x4)
getpeername$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000000c0)=0x14)

12:20:34 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x12, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:34 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:34 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4201000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  820.587671][T21671] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  820.604440][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
12:20:34 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x14, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a233, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  820.632126][T21680] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:34 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000001000cc491fb8f716f497cbf3b3fa49052dd866c0555fedbea89c98506fcca694dc4a9687e58dc6b0cd117a77c2d7fef4915d80fa6bb77f029fd06528fcf0acf2e3af00000086", @ANYRES32=0x0, @ANYBLOB="0000003300000000200012000c00010065727370426e00001000020004001200080004c009fffff2"], 0x40}}, 0x0)
r1 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x2a9e, 0x200)
ioctl$DRM_IOCTL_GET_MAP(r1, 0xc0286404, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, 0x7, 0x0, 0x1, &(0x7f0000ffe000/0x2000)=nil, 0x1f})

[  820.739777][T21791] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:35 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x2f, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a234, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  820.958385][T21907] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  821.005538][T21910] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  822.635180][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  822.641313][T15374] Bluetooth: hci0: sending frame failed (-49)
[  824.715292][ T3572] Bluetooth: hci0: command 0x1001 tx timeout
[  824.721417][T15374] Bluetooth: hci0: sending frame failed (-49)
[  826.795066][ T5699] Bluetooth: hci0: command 0x1009 tx timeout
12:20:45 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)
close(0xffffffffffffffff)

12:20:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000001640)=ANY=[@ANYBLOB="c19fe68d92fddefd3d76293d2c4109c56b6a517e8ba05be69852ad000000", @ANYRES32=0x0, @ANYBLOB="000000000000000070616e00001000020004001200080104c00a000000000000000000000039f300ddfd3d8aaab4d53b2f0669291ddc283af5ba32b211a438b4ea6e29845b7a9e324a6b5ed2425f4ae15e00f37b55743ab77d095c21655eb3b960f979a59a53340980311e9a58f57a0b2b56f1fd000729dd3b19144fb9fd11a79fd5f1fe166d08919ab9bfdd857d770499692f19314229f76ea95652abdfcec9651bdec09dad4e1de5ff4d28288cfc6553308d2a32055f0c7c763093454d90f12afcab31c7539e11bacc725cf1b7931a37c18142cc4afecd5f9fb0af1feec1179add31cc961efe0cc9b69b972595e109daee94386fe5121615b923de6b0436ecec918e1731c50524fb41b50ac47d7b8e64401a7a3645e76209faf4ab22a36adf5fc8000faf06c13f881b3d69e6ee12ab1494a07b5ae8b033c8a9ae1e9ad43bb73cf9744be599ccf859be8facd1e08084fb0fdd6484e04274adaba5b03c5fcdf366504ce3203ad59e896355b0a30db2b74159f72fb9366dbed3e2b5baa06a58a27774bb4b34fd304a8a9ee5cfd0f2d958819c5318fb3972066466db9190e5c643d5849f1d3b33de80755be5ab2d14"], 0x40}}, 0x0)
r1 = semget(0x2, 0x4000021000000001, 0x2)
semctl$GETZCNT(r1, 0x1, 0xf, &(0x7f0000000040)=""/4096)
r2 = gettid()
fcntl$setown(r0, 0x8, r2)
r3 = add_key$user(&(0x7f0000001100)='user\x00', &(0x7f0000001140)={'syz', 0x1}, &(0x7f0000001180)="7df9353ed3ec1912012af187226155f91cbbd0a5623ad11f53ba02a35666dab15ddf7e3856903b341a0c9a1cabb2ff1668c1a290a033aa4f1195ee002bcf8719a8fdc7aca30422ec816685a559508210b7b186e2ddddb5775441743ecd370bbfbedb77209a9d98a96a11ce890577e28ebb2e79d3fcb26020f023c6d6110398ab284ad12f5f08788c90621d3cab9b33614c52116fca4055b625d346dcfcf41c06d430cf406293980ce149351d88a551e9e64bae2b1f7fc67c857c6befc4346e44a05e963209034f6e557489307a6010551253af36", 0xd4, 0xfffffffffffffffc)
keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000001280)={r3, 0xb9, 0x5a}, 0x0, &(0x7f00000012c0)="43ffbb893aa9579ffc6edcc6424389272878b4fef65c37439bd0ef725e4378213c8f87f438f30500068cbd7ac1fea5c9de5473b83b3d4f942b9295b6ab519abe2eb66750e116981a3ce91f5fe50387141ece29b1af5170dbb950fcf3b41dab6b82d3aef0c35aa55217fae778815df0ba6d54ab92c7278044731731db6e855914da992891c04bc8c1d911d33fafa61815a2c76afa793fcfb29bc6eb39ac08fe5630abf12291d629e7481d57e9073c9c8417f812ceaab04eb270", &(0x7f0000001380)=""/90)
creat(&(0x7f00000010c0)='./file0\x00', 0x4)
r4 = fcntl$dupfd(r0, 0x0, r0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f0000001400)={0x5000, 0x2005})
getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f0000000000)=@assoc_id=<r5=>0x0, &(0x7f0000001040)=0x4)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000001080)={r5, 0x6}, &(0x7f0000001440)=0x8)

12:20:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a235, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:45 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x5b, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:45 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:45 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6400000000000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  830.824030][T21925] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a236, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:45 executing program 3:
pipe(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080))
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000)=0xf7, 0xffffffffffffff5e)
alarm(0xf1f)

[  830.868193][ T2652] Bluetooth: hci0: Frame reassembly failed (-84)
[  830.905550][T21991] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:45 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x63, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  831.002344][T22042] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:45 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x20, 0x20400)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000040)={{{@in=@multicast1, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@broadcast}, 0x0, @in=@dev}}, &(0x7f0000000140)=0xe8)
lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r3=>0x0})
write$FUSE_ATTR(r1, &(0x7f0000000240)={0x78, 0x0, 0x8, {0x2, 0x3, 0x0, {0x4, 0x10000, 0xffff, 0xdda, 0x1000, 0x80000000, 0x6, 0x7, 0x5, 0x0, 0x2, r2, r3, 0x2, 0x2}}}, 0x78)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000002c0)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c000100817273700004c00a000000aba01de43c6090710dda1b5e5bfdd06200547eefa1bc84a0193de354aff84527bdd647a0e65d331c74e8c9970d4dfab8dd1f9b926e3462e9fb788b64c3ebd650d27d80ac910ae78760fd0797f39adc3119db52ab261af63ea7e866f565cc3b92a0410881200d0c6b960b437f5ff3c14c743d865bf378d883e3cdb927041009db52fe97cacaf4bef858f400b11f052c52bd390c954bfcbf846804923ee8812961199e9cb2d0cd00e8a6e34b9425ab2f44f88aaea8b165489977da491ccd9f3ced5491c41c87213f37df746de5f8df69925ecf201f7bba77e1104fd4b138a37f6b92838a1b2ab48c8e8177a18fae66b4754a1698e282150cee0bfad437a79132d6548c6e4f7575ede7ed0d615abd4e940307e6c825505c8b485a01e5234ee17a6d55df8e22fea98e9967d886aca109a0130604cbebcd6f14c2cac9a68a3e7a137e3ef3a16819ff691c50b222d1d597aa50afad14aabb62e5a261d06f2986e58b"], 0x40}}, 0x0)

12:20:45 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:45 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x6b, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  831.198931][T22156] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  831.248714][T22159] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  831.311780][T22159] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  832.874963][ T3572] Bluetooth: hci0: command 0x1003 tx timeout
[  832.881066][T15374] Bluetooth: hci0: sending frame failed (-49)
[  834.955047][ T3572] Bluetooth: hci0: command 0x1001 tx timeout
[  834.961415][T15374] Bluetooth: hci0: sending frame failed (-49)
[  837.034995][T21920] Bluetooth: hci0: command 0x1009 tx timeout
12:20:55 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x7b6, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x40000, 0x0)
getsockopt$inet_sctp_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xb)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00')
sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r2, 0x70c, 0x70bd26, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000000)

12:20:55 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:55 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfefdffff00000000}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:20:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x989680, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:55 executing program 4:
r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
recvfrom$inet(r0, 0x0, 0x202, 0x0, 0x0, 0x10000007c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmget(0xffffffffffffffff, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, 0x0, &(0x7f0000000380))
getpriority(0x0, 0x0)
ioctl$TIOCGPGRP(r0, 0x540f, 0x0)
getpgrp(0x0)
r1 = getpgid(0x0)
r2 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x0)
ioctl$TIOCSCTTY(0xffffffffffffffff, 0x540e, 0x100000000)
ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0)
ioctl$BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={[0x2, 0x0, 0xa00000000000000], 0x8000, 0x400, 0x3ff, 0x10000, 0x0, r1})
add_key$keyring(0x0, &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000680)='keyring\x00', &(0x7f0000000700)={'syz'}, 0x0, 0x0, 0xfffffffffffffff9)
request_key(0x0, 0x0, &(0x7f0000000240)='keyring&-\x00', 0x0)
io_setup(0x0, 0x0)
memfd_create(0x0, 0xffffffffffffffff)
lstat(&(0x7f0000000180)='./file0\x00', &(0x7f00000007c0))

[  841.058189][T22277] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  841.153868][T22290] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:55 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58)
openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x875c, 0x0, 0x4c51a1c6})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

12:20:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000580)='/dev/radio#\x00', 0x2, 0x2)
ioctl$CAPI_GET_MANUFACTURER(r1, 0xc0044306, &(0x7f0000000380))
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x8001)
sendmsg$nl_generic(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x68000010}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x200, 0x32, 0x2, 0x70bd2d, 0x25dfdbfe, {0x10}, [@nested={0x44, 0x0, [@typed={0x3c, 0x32, @binary="131c8d5f67a7223479ee62bce2419ffa62edfa8801a14e5a6a73ed0802ee3e544e824cf617474be8b9bdb699cfbebe1cbb94c4a087008d13"}, @typed={0x4, 0x70}]}, @generic="9f226f624808578cbcebbb8dde36bd25f07ef149afaddf8b606e936e1e43f09f75174f3dd8135cdecb0d6584ddd59ed20f042261e5ff65fd0c7b968231f30227eb2f4d5c8390af6535941c151bc6e82196f75ed1119c850749b3037c44c3c01719ae9f4399aab75238fa0e4b49636537086514fdc88661bc6f1564107307b16d4b1c713453985f8f3f51825c5a896d717b8a7deedf3498f85931fea0548458f802d08ccb5bb3757ba744dab0249ed726c1bf103fca1eb06d2d139a634af32ace3acffaf9a4471a236b", @generic="4aa2a00b71ecd70cf52c88e3659c18b00703cfb58985eb84044b425a7d202dbfd87ebf0d4924e94533ac04a9a125fb454f2216ba2aab98160c96f33f0ea1d9b2727ee3fa060c784ff06b07011b565294138bd8c7c60484f6159a7b4f9f23395c14a9816ab2f35643de412c5c48e75e17a7aeaa367c60b4d07690bac7e2afdd67f25b79e7b3f9c75e6ee88fc4da228bf59f25427d494899bfb7e41fd5fe256312", @generic="5fdbf2c3c7c927a347371046d90293126c52d2577986947a020146213d1cd553f755b33b35a9262cb2a3d34c3b371088598ccd3c26b299090d757a8149"]}, 0x200}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000003c0)={<r2=>0x0, 0x95, "684f1fb3819f7548fce7eb6c45b6e84e1849525902891cf7a1ee7dfec5cfc8f3c24b631dc845b76a8444ce66370382b1155f9ad5f1fccfe8eb2b5af18da84310bf7b5b9d767e4640e095e624190a225b1066c6744baf96af692b5d4b33fb3b91486d976f804491948255f99ab2762a309bda25056e559c9523aea066227075343d79eb91867e97c953311ffc3f26a20fbfc6588c61"}, &(0x7f0000000300)=0x9d)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000480)=[@sack_perm], 0x1)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000500)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f00000004c0), 0x0, r1}, 0x68)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000340)=@assoc_value={r2, 0x5}, 0x8)

12:20:55 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x7c5, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  841.295088][T22399] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000020001200f927f6209101421b616e00001000020004001200080004c00a00000070dc78"], 0x40}}, 0x0)

12:20:55 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf0ffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:55 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x5f5e0ff, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  841.491958][T22513] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
12:20:55 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = request_key(&(0x7f0000000000)='blacklist\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='erspan\x00', 0x0)
keyctl$clear(0x7, r1)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

[  841.536120][T22516] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  841.649944][T22519] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:55 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
pidfd_send_signal(r2, 0x23, &(0x7f0000000280)={0x3c, 0x0, 0xfffffffffffffffa}, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:20:55 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x12b56b38, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  841.871904][T22642] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  841.975710][T22639] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:56 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b005", 0x5)

12:20:56 executing program 3:
socket$netlink(0x10, 0x3, 0x0)

12:20:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300)='/dev/zero\x00', 0x2000, 0x0)
ioctl$SCSI_IOCTL_STOP_UNIT(r0, 0x6)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000340), 0x4000)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
futimesat(r2, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)={{0x77359400}, {0x77359400}})

12:20:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x20000050, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001010e97377430203dcb05cedc7e5c163020004001200080004c00a000000"], 0x40}}, 0x0)

[  842.291629][T22665] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  842.383671][T22676] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'.
[  842.397207][T22678] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:20:56 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b005", 0x5)
r1 = accept$alg(r0, 0x0, 0x0)
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000e4ff00"/25], 0x19)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x0, 0x141}, 0x0)

12:20:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:20:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x29309f10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  842.480560][T22685] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:20:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:56 executing program 4:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(cast5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b005", 0x5)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
write$binfmt_aout(r1, &(0x7f0000000400)=ANY=[@ANYBLOB="00000000e4ff00"/17], 0x11)
recvmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, 0x0, 0x141}, 0x0)

12:20:56 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x17)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
semget$private(0x0, 0x0, 0x200)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x240, 0x0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000040)=@sack_info={<r2=>0x0}, &(0x7f0000000080)=0xc)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000000c0)={r2, 0x5e}, 0x8)

12:20:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x362039c9, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$FS_IOC_SETFSLABEL(r1, 0x41009432, &(0x7f00000002c0)="9b0e7d1372a59a903c8d7c582eec3adfb1c96e5f1d09a6bb7e79fe90284de162e0ec2a0ef03135f6c6b4723feecfa49c05a78d79bef8b621791fe53c5b8ae5c693f05c98c933e8e51e1bc27052e3d5c2c31d037f3b774e2afea1da7d57d38e1f1768d66d0bc673dadbd4d6b2cb9e8339ddc75a2dc5ed612240d7998df4cd410a79da0b4c7acf7396da36ba1f49737cb1f626d71eee8b9cfb385aa97b5147628aa4d9e73dd63e8784d09003542a68b50efe7c2ca26cfec11d0df4c7a8fd9a8bcd6f50bfc3191068de66294e3102a58f73351c7a120b40ef280bb1d305259d3ec41cdf6316c0a17fc4d007cd0e60f1a0eafbefdd17851bd41b5365e9a5cf95797a")
clock_gettime(0x0, &(0x7f0000000280)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:20:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x10032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000280)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1})
r3 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r3, 0x84, 0xd, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x6, 0x0, 0x2)
r4 = dup2(r1, r3)
dup3(r4, r2, 0x0)

12:20:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x4529348f, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0xe)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x328, &(0x7f0000008780)={&(0x7f00000086c0)=@ipv4_delroute={0x24, 0x19, 0x0, 0x70bd29, 0x25dfdbfe, {0x2, 0x10, 0x80, 0x8000, 0xff, 0x2, 0x0, 0xb, 0x100}, [@RTA_GATEWAY={0x8, 0x5, @loopback}]}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x400000000000000)

12:20:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x80008)
r1 = syz_open_dev$usb(&(0x7f0000000240)='/dev/bus/usb/00#/00#\x00', 0x1, 0x288200)
ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000280)=0x6)
ioctl$void(r1, 0x5451)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000020200012000c000100080004c0020000002692e4c106e8aa31ba7671ec0f5fc411d294fe67451ca1cdfd343ce1e5d97898b5f83217eca16351310ea7e0f95bfc1f07f64520512ce0d11f7d01ac079d72f29b9f18f5"], 0x40}}, 0x0)
r2 = openat(r1, &(0x7f00000002c0)='./file0\x00', 0x100, 0xfc)
getsockopt$IPT_SO_GET_INFO(r2, 0x0, 0x40, &(0x7f00000000c0)={'filter\x00'}, &(0x7f0000000140)=0x54)
clock_gettime(0x0, &(0x7f00000001c0)={<r3=>0x0, <r4=>0x0})
utimensat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000200)={{r3, r4/1000+10000}, {0x77359400}}, 0x80000)
socket$nl_xfrm(0x10, 0x3, 0x6)

12:20:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0xff55445a, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:57 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
close(r1)

12:20:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x602, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  843.533446][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
12:20:58 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rfkill\x00', 0x200, 0x0)
ioctl$UI_DEV_DESTROY(r2, 0x5502)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000980)={<r5=>0x0}, &(0x7f00000009c0)=0xc)
syz_open_procfs(r5, &(0x7f0000000a00)='syscall\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
socket$inet_tcp(0x2, 0x1, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000300)={<r7=>0x0, 0x3}, &(0x7f0000000340)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000480)={<r8=>0x0, 0x74, &(0x7f00000003c0)=[@in={0x2, 0x4e24, @broadcast}, @in6={0xa, 0x4e22, 0x1, @empty, 0x7f}, @in6={0xa, 0x4e23, 0x1ff, @mcast2, 0x20}, @in={0x2, 0x4e21, @loopback}, @in6={0xa, 0x4e23, 0x9, @remote, 0x6}]}, &(0x7f00000004c0)=0x10)
setsockopt$XDP_TX_RING(r4, 0x11b, 0x3, &(0x7f0000000a40)=0x109418, 0x4)
sendmsg$inet_sctp(r1, &(0x7f0000000580)={&(0x7f0000000280)=@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, &(0x7f00000002c0), 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="180000000000000084000072233132cee0aa2268aea60005000044e13676d0afc7400030000000010000002000d80000000000000094000200000007000f020900000005000000", @ANYRES32=r7, @ANYBLOB="300000000000000084000000010000000400020004800000010000000000008069000000ff0f0000e0961d2e", @ANYRES32=r8], 0x68, 0x40841}, 0x10)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sendmsg$inet(r4, &(0x7f0000000940)={&(0x7f0000000100)={0x2, 0x5, @multicast1}, 0x10, &(0x7f0000000880)=[{&(0x7f0000000500)="13c80da0ce5c3e4067336ddb95870a204bfcf4c37ab9b5338fed4785377ece23e717e5f055ad21", 0x27}, {&(0x7f0000000540)="1c18182c907fc1490af5f49ac6ce574fb18d9fdb2b7f3715bcefe565df66283a6f2d537138b33d2dbbe7ba8ab7dfbd8d", 0x30}, {&(0x7f0000000640)="c333388cc0be299751763766cc1975027b65933b36bfb05789b07f2a9f1b3075098a8d95bfbc973d0159f73b193963f4ea738a221b06c9147510e38ab696cd553496b49ea72fe472b29c49d244c336e919fa6b569fa0785c628e3a15f3e65adf1f6897e8b73054b5c2c3a095e022b37315721c60349c5f757e5dba4f812e06e0846469f14027c522b095f953d1da2729bb30fe", 0x93}, {&(0x7f0000000700)="c01eab404ee9c5662277bcbbc4fc2d7c70e433f5a67d13ad97b92fd09ac86343894a5125b90d9d5d82563c960e8a87c3a362c84201511e7bcccb7b7fdd5d27062456bb5ae60528214fa75f043fe183898b3c1aa44ef529d0511991f82cd865a42a5f81300d", 0x65}, {&(0x7f0000000780)="3940bc9cbb881a6c191208541036e62ccc22cfc52c02baa51968a75de3357a640a8d3311b0fc55ad02a297c1e8c9e1d1eb958166c375aef255d820f0b6a00e3fe6ae46045f6d71489cb3b128242006fddf311a2a7d", 0x55}, {&(0x7f0000000800)="36e72d67713d6f275010e059f8d05c7cd8e17901897d5e2a19a6e53058c3", 0x1e}, {&(0x7f0000000840)="45f7eede5dcc32", 0x7}], 0x7, &(0x7f0000000900)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x7fff}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3f}}], 0x30}, 0x1)

12:20:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:20:58 executing program 3:
socket$netlink(0x10, 0x3, 0x0)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x0, 0x0)
accept$alg(r0, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:20:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x603, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:58 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="40000000100005054000"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:20:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x604, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:20:58 executing program 3:
r0 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x1, 0x2)
ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000040)=0x1)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
fcntl$setsig(r0, 0xa, 0x1)

12:20:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  845.594961][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  845.601030][T15374] Bluetooth: hci0: sending frame failed (-49)
[  847.674925][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  847.681043][T15374] Bluetooth: hci0: sending frame failed (-49)
[  849.754915][T21920] Bluetooth: hci0: command 0x1009 tx timeout
12:21:08 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

12:21:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x5000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:08 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x605, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:08 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:08 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r0)

12:21:08 executing program 1:
gettid()
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
r3 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
vmsplice(r3, &(0x7f0000000840)=[{&(0x7f0000000280)="4e91a95de75beef070a0404e986dbc445b34d12210b8082660e0d7b80cf4e60573869dc198419a51eac04adde8b77ddde7d2c83ce4fd7e6c634bf0f2ac43e7aafac68a8d2c1451937d361eb3d2f9064ba19d696619387a6f71c6c0009ed8329ed8bbb78618f00f3c9257e7f9418d285903276a90e6b2388e91a26452b73ef937b6875e64cd3d57e529cc7673952f8f0cd46291f92b29988ea0233072c5177f14dc099fee2af79730278a9ac73e9c352cb489e6b1c55b972b687e23dfe24c9e6cf48a5825e1e964459102db103f658dbd7f043f56110a3c3a6de45226c8581dd889a10685", 0xe4}, {&(0x7f0000000480)="06e353611dd4e66d9ea970ae467721d05fe9537ef260a616faccdce802d1dec3a454d8f5b4f8dc8ee503f9d1f846acc210682d5b054ac5ea2d288e2978a02365a0e090b172806f387050c5ac57cf359e1ca7275759676f7b213faf14ca8e03794b38decace50d44a0b01b62070925435a13bdd3a5d9456839287bc41b85b4308cc8902beedd9037d5cfd59ebc5b38e46487c4ef4a2825cf9426b0b7c7bc7cddf05b16068905571e313a05ee5419a48a161725dde266febdc91af6c237ac20dfa83242189f3e8740ad5ecfcf9558f39367ddf6e8efa35afe5d2df66b10bd2cc59765c82a8a01bef6bd55421f2c9635111b555725cd3e19be1659ef906", 0xfc}, {&(0x7f00000003c0)="3556e05214abea45f8251e8090e5e340ee9c2e206ee24b3787817477ac5446d53519eb14972361e828eeb6a9ec8ca2e087ac85f9c1baa13dff31961ef6e94d273b87fbf70dfdf2ce99c9700d6d0551f392a38ee1046343bfa32ac1dbec4cf9273d6d363096bc489c1aa773492d22b4", 0x6f}, {&(0x7f0000000580)="0fee37dbf675b9989daa1307cc8145a6417b2bd2cb519bdec659de5170646a69ac60bbcae2c009f1e39b1b84064ddf3009c62cdc5aff39e0143448607946394250a25314d43d1bded92aeb1156ecdb1f979010b12076367e2f18d23db23d7c6c4ae42227cc1a12e290a48312469e75c8d5c667d0885e08e8f94af798bd0a5beb19c1d560df1527215db286bf06ba363b81cbe5f10370", 0x96}, {&(0x7f0000000640)="30f332f26bfed67910c5d9c26959d42ebd6fbadd7a701627c9e7ac7f81633b0a5a2972afdd019d980ff4796f00541c790fcecd75072518af610a001f2efa7e35d57408f48a61a86b4d1dd65610a6226a7793e1c14efa76f6f0fed949b05d4d9b7021646ec98726c1b522f6635e96e7845b4bfe0177b0836e04a230b7855abc926ea25ab48e92aed39d817598b57fc36df0d17e74d5044af95dd23c3a1a3059b68ff2eab9a46a87576120934cd520799029ffd663f29172211b70a3e81e491c94fa9a7e668b8d17", 0xc7}, {&(0x7f0000000740)="a507a408bd3a70d12d80bb09056f08d2fb2a49770f3c7c6937a18ce7f217c969ea2d81a074f475c5be659c100c4c81522bd1c228c77f42f42107a81ba9985ff255dce0025722ebaab53fedef22f70304ad4ecd3f46d12813fef413f75084b5c31c5c655342a1bc65fb3e09545e2041b01069dad5a83d6bd8311f86bc7a8a0b35ec9c019499783c9e47782ae142fb7ff9081c4e35c5a3fa5c7622afeb289664d34a11d131d1c448c4683aa3e3723b59d883df8b4d4d9070e8eede8824367d30bf436db6b6f1da8858f081ef168da5e19b7344317fefd1dbf523720779932bfec115fbdd44f134a3dbeb12f712a1b7", 0xee}], 0x6, 0x4)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  853.867878][T23234] validate_nla: 11 callbacks suppressed
[  853.867889][T23234] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x5a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  853.916142][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
[  853.942769][T23237] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:08 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000040)=ANY=[@ANYBLOB="400000001000050500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c4a00c80061727304000000001000020007001200080004c62b000004"], 0x40}}, 0x4008004)

[  853.993307][T23250] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:21:08 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  854.069746][T23249] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  854.087810][T23360] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:08 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x606, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:08 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  854.162811][T23363] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  854.181304][T23368] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:08 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0x5, &(0x7f0000000000)=0x80, 0x4)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000001a000505000000ae4ecb7e920d0f8d001b115e30fe7f4e465f58db73403825aefdc79b150300000000000015d0522f66c5c677face43abd31f51978a238d4b6cc96e105611a45a24659f82d4fe288a6825a5b00c231979d2621f4add7ec9d815104592b33c57bb6526c93ddee801009b1500000023b847f23280e3a429d43aa23df918c0e33d33", @ANYRES32=0x0, @ANYBLOB="000000000000000000001200090008100002000400123fb5f43200080004c00a00"/44], 0x40}}, 0x0)
r1 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000100))

[  854.325242][T23379] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  854.408897][T23383] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  855.915220][T14328] Bluetooth: hci0: command 0x1003 tx timeout
[  855.921302][T15374] Bluetooth: hci0: sending frame failed (-49)
[  857.994971][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[  858.001079][T15374] Bluetooth: hci0: sending frame failed (-49)
[  860.075181][T14328] Bluetooth: hci0: command 0x1009 tx timeout
12:21:18 executing program 4:

12:21:18 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000280), 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:21:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x608, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:18 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DEST(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20040008}, 0xc, &(0x7f0000000240)={&(0x7f0000000100)={0x140, r2, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_TUN_TYPE={0x8}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x5}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa5e0}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0x6c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr="ddc252c3ab8d08dc434ce94ef407e9d4"}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @empty}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'vcan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'caif0\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x50, 0x2, [@IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x8}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv6=@remote}, @IPVS_DEST_ATTR_TUN_TYPE={0x8, 0xd, 0x1}, @IPVS_DEST_ATTR_L_THRESH={0x8}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0xa00000000000}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x9}, @IPVS_CMD_ATTR_DEST={0x14, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7fffffff}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x40}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x10001}]}, 0x140}, 0x1, 0x0, 0x0, 0x4004000}, 0x0)
ioctl$KDGETMODE(r1, 0x4b3b, &(0x7f0000000040))

12:21:18 executing program 4:

[  864.122426][T23507] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:18 executing program 4:

12:21:18 executing program 4:

12:21:18 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=ANY=[@ANYBLOB="4000000010000505000000000000000000dd00c9", @ANYRES32=0x0, @ANYBLOB="0000000000000000200012000c00010065727370616e00001000020004001200080004c00a000000"], 0x40}}, 0x0)

12:21:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  864.230992][T23556] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:18 executing program 4:

12:21:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x609, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  864.352929][T23630] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  864.480151][T23636] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:21:19 executing program 4:

12:21:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x200000, 0x0)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r1, 0x40a85321, &(0x7f0000000040)={{0x5}, 'port0\x00', 0x8, 0x40, 0x1, 0x2, 0x4, 0x7fffffff, 0x6, 0x0, 0x4, 0x3})
sendmsg$nl_route(r0, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0xc004, 0xa}]]}}}]}, 0x40}}, 0x0)

12:21:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
r5 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$SG_GET_SCSI_ID(r3, 0x2276, &(0x7f0000000280))
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
getsockopt$inet_sctp_SCTP_INITMSG(r2, 0x84, 0x2, &(0x7f00000002c0), &(0x7f0000000300)=0x8)
ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000340)=0x5)

12:21:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x60a, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

[  865.018492][T23644] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  865.077704][T15374] Bluetooth: hci0: sending frame failed (-49)
[  865.106956][T23650] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x60b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  865.138607][T23661] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

[  865.225600][T23774] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  865.351077][ T2652] Bluetooth: hci1: Frame reassembly failed (-84)
[  865.360200][T23788] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  865.433045][T23790] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:21:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x60f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x9000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:19 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x800, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000280), 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x101082, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0xffffffff80000000}, 0x0, &(0x7f0000000140)={0x7, 0x0, 0x3f}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:21:19 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x610, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  867.114921][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  867.121011][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  867.354929][T14328] Bluetooth: hci1: command 0x1003 tx timeout
[  867.361026][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  869.194938][T14328] Bluetooth: hci0: command 0x1001 tx timeout
[  869.201078][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  869.434984][T14328] Bluetooth: hci1: command 0x1001 tx timeout
[  869.441101][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  871.274954][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  871.515009][    T5] Bluetooth: hci1: command 0x1009 tx timeout
12:21:29 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

12:21:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x9a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:29 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:29 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x611, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:29 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f00000003c0)={0x100000000, 0x0, 0x3017, 0x5, 0x800, 0x3, 0x9})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
modify_ldt$read(0x0, &(0x7f0000000280)=""/212, 0xd4)

12:21:29 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

[  875.658683][T23948] validate_nla: 5 callbacks suppressed
[  875.658694][T23948] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  875.716716][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
[  875.730959][    T7] Bluetooth: hci1: Frame reassembly failed (-84)
[  875.743338][    T7] Bluetooth: hci1: Frame reassembly failed (-84)
12:21:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xa000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  875.762461][T23963] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  875.816935][T23965] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  875.899463][T24013] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:30 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xaa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x612, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  875.944918][T24091] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  876.032808][T24097] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:30 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:30 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x614, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  876.142732][T24105] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  877.754950][ T3572] Bluetooth: hci1: command 0x1003 tx timeout
[  877.754971][T21920] Bluetooth: hci0: command 0x1003 tx timeout
[  877.761117][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  877.773154][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  879.834948][ T3572] Bluetooth: hci0: command 0x1001 tx timeout
[  879.840992][ T3572] Bluetooth: hci1: command 0x1001 tx timeout
[  879.841054][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  879.849810][T24119] Bluetooth: hci1: sending frame failed (-49)
[  881.914944][ T3572] Bluetooth: hci1: command 0x1009 tx timeout
[  881.914952][T21920] Bluetooth: hci0: command 0x1009 tx timeout
12:21:40 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

12:21:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xba20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x625, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:40 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000400)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
getsockopt$packet_int(r2, 0x107, 0x1f, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:21:40 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0x7)

[  885.864721][T24124] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  885.943991][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
[  885.970044][ T2652] Bluetooth: hci1: Frame reassembly failed (-84)
[  885.981584][ T2652] Bluetooth: hci1: Frame reassembly failed (-84)
12:21:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xc000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  886.008448][T24137] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  886.089335][T24141] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  886.153290][T24262] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:40 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x639, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:40 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xca20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  886.196476][T24266] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:40 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r1, 0x84, 0x15, &(0x7f00000002c0)={0x6}, 0x1)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x2, &(0x7f0000000280)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:21:40 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  886.294350][T24274] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  886.379132][T24278] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  886.419118][T24287] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  886.452887][T24288] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  887.994920][T14328] Bluetooth: hci1: command 0x1003 tx timeout
[  888.000945][T14328] Bluetooth: hci0: command 0x1003 tx timeout
[  888.000995][T24119] Bluetooth: hci1: sending frame failed (-49)
[  888.007265][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  890.074943][T14328] Bluetooth: hci0: command 0x1001 tx timeout
[  890.074962][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[  890.081026][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  890.089829][T24119] Bluetooth: hci1: sending frame failed (-49)
[  892.154912][T21920] Bluetooth: hci1: command 0x1009 tx timeout
[  892.154919][T14328] Bluetooth: hci0: command 0x1009 tx timeout
12:21:50 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xda20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:50 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)

12:21:50 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x65b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:50 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
pipe(&(0x7f0000000280))
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f00000002c0)=[0x40, 0xfffffffffffffffd])
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:21:50 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)
close(r1)

[  896.116855][T24303] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  896.207220][T10887] Bluetooth: hci1: Frame reassembly failed (-84)
[  896.222353][T24316] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  896.258646][T24319] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:50 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x663, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  896.303770][T24327] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xea20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:50 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  896.380516][T24319] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  896.414382][T24332] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:21:50 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  896.487804][T24337] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  896.517542][T24341] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:21:50 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x10000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  896.609643][T24348] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  896.633744][T24352] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:21:50 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  898.235071][T12773] Bluetooth: hci1: command 0x1003 tx timeout
[  898.241218][T12773] Bluetooth: hci0: command 0x1003 tx timeout
[  898.241273][T24119] Bluetooth: hci1: sending frame failed (-49)
[  898.247333][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  900.314931][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  900.314960][    T5] Bluetooth: hci1: command 0x1001 tx timeout
[  900.320985][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  900.327157][T24119] Bluetooth: hci1: sending frame failed (-49)
[  902.394880][T12773] Bluetooth: hci0: command 0x1009 tx timeout
[  902.394976][    T5] Bluetooth: hci1: command 0x1009 tx timeout
12:22:00 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)

12:22:00 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:00 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$VIDIOC_RESERVED(r0, 0x5601, 0x0)
ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000002c0)={0x4, 0x9107, 0x9, 0xffffffffffffff68})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000280)='tls\x00', 0x4)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:22:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x10a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:00 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:00 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000080)=ANY=[@ANYBLOB="04a2ed15"], 0x8e, 0x3)

[  906.338806][T24379] validate_nla: 2 callbacks suppressed
[  906.338813][T24379] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  906.370961][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  906.387874][T10887] Bluetooth: hci1: Frame reassembly failed (-84)
12:22:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x11a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  906.410109][T24392] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  906.437274][T24394] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:22:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x12a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:00 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:00 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x5, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  906.469701][T24398] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  906.503283][T24392] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  906.549769][T24408] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x13a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  906.598369][T24411] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  906.622805][T24415] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:00 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  906.657779][T24420] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  906.697161][T24428] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  908.394869][T24321] Bluetooth: hci1: command 0x1003 tx timeout
[  908.401052][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  908.407197][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[  908.413318][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  910.474958][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[  910.474965][T24321] Bluetooth: hci1: command 0x1001 tx timeout
[  910.487468][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  910.493724][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  912.554930][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[  912.554936][T21920] Bluetooth: hci1: command 0x1009 tx timeout
12:22:10 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x13f, 0x2}}, 0x20)

12:22:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x14a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:10 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:10 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:10 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
r2 = syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={<r3=>0xffffffffffffffff}, 0x13f, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY_ROUTE(r2, &(0x7f00000001c0)={0x5, 0x10, 0xfa00, {&(0x7f0000000280), r3, 0x3}}, 0x18)

12:22:10 executing program 1:
syz_open_dev$usb(&(0x7f00000003c0)='/dev/bus/usb/00#/00#\x00', 0x9, 0x200000)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = open(&(0x7f0000000400)='./file0\x00', 0x40900, 0x157)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x1)
mmap(&(0x7f0000fe7000/0x13000)=nil, 0x13000, 0x1000000, 0x113, r1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$inet_MCAST_LEAVE_GROUP(r3, 0x0, 0x2d, &(0x7f00000002c0)={0x1ff, {{0x2, 0x4e22, @remote}}}, 0x88)
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
setsockopt$MISDN_TIME_STAMP(r3, 0x0, 0x1, &(0x7f0000000280), 0x4)

[  916.588444][T24438] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x15a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  916.629687][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  916.641468][ T2652] Bluetooth: hci1: Frame reassembly failed (-84)
[  916.654679][T24454] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:10 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:10 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  916.682079][T24455] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  916.710131][T24460] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x16a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  916.790098][T24469] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  916.836543][T24473] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  916.873671][T24475] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:11 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:11 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  916.917318][T24481] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  916.992612][T24488] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  917.031393][T24491] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  918.634914][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  918.641963][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  918.714883][    T5] Bluetooth: hci1: command 0x1003 tx timeout
[  918.720989][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  920.714904][T12773] Bluetooth: hci0: command 0x1001 tx timeout
[  920.721032][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  920.794937][T12773] Bluetooth: hci1: command 0x1001 tx timeout
[  920.801141][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  922.794900][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  922.874913][    T5] Bluetooth: hci1: command 0x1009 tx timeout
12:22:21 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)

12:22:21 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140), 0x13f, 0x2}}, 0x20)

12:22:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x17a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:21 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x9, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:21 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000280)={0x800100c, 0x4, 0x2})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  926.841143][T24504] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  926.902340][ T2652] Bluetooth: hci1: Frame reassembly failed (-84)
[  926.910381][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
12:22:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  926.947718][T24519] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  927.002396][T24521] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  927.042792][T24528] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x19a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  927.086212][T24519] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:22:21 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xa, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:21 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
setsockopt$inet6_dccp_buf(r0, 0x21, 0xf, &(0x7f0000000000)="04ae4c92ed77920dcf70d01469d8dca011882836083980a74ac8efaf142ab5fa374f0115d2056a44474cb4f1937108bb585ec267cd208c38a9", 0x39)
vmsplice(r1, &(0x7f0000000000), 0x0, 0x0)

[  927.210724][T24540] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1aa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  927.276164][T24543] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  927.344150][T24547] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  927.370513][T24554] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  928.954934][T14328] Bluetooth: hci0: command 0x1003 tx timeout
[  928.960971][T14328] Bluetooth: hci1: command 0x1003 tx timeout
[  928.961022][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  928.967519][T24119] Bluetooth: hci1: sending frame failed (-49)
[  931.034924][T14328] Bluetooth: hci1: command 0x1001 tx timeout
[  931.034932][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[  931.047186][T24119] Bluetooth: hci0: sending frame failed (-49)
[  931.053366][T24119] Bluetooth: hci1: sending frame failed (-49)
[  933.114939][T14328] Bluetooth: hci0: command 0x1009 tx timeout
[  933.114947][T21920] Bluetooth: hci1: command 0x1009 tx timeout
12:22:31 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:31 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)

12:22:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1ba20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x10, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:31 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/pfkey\x00', 0x800, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x40, 0x0)

[  937.087561][T24567] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  937.139238][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  937.169968][T10887] Bluetooth: hci1: Frame reassembly failed (-84)
12:22:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1ca20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  937.187742][T24582] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  937.242156][T24583] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x48, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  937.304989][T24590] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1da20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  937.402601][T24597] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  937.427261][T24599] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  937.485091][T24607] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  937.528472][T24612] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  937.615525][T24616] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  937.675905][T24617] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  939.194891][    T5] Bluetooth: hci1: command 0x1003 tx timeout
[  939.200968][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  939.201015][T24119] Bluetooth: hci1: sending frame failed (-49)
[  939.207196][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  941.274957][   T22] Bluetooth: hci1: command 0x1001 tx timeout
[  941.274965][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  941.285606][ T1518] Bluetooth: hci1: sending frame failed (-49)
[  941.287081][T24119] Bluetooth: hci0: sending frame failed (-49)
[  943.354913][    T5] Bluetooth: hci0: command 0x1009 tx timeout
[  943.354923][   T22] Bluetooth: hci1: command 0x1009 tx timeout
12:22:41 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:41 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1ea20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:41 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x101000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
ioctl$KDDISABIO(r0, 0x4b37)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x4000000000000000, 0x84000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="63d14c9c9a4aca5ac8605a245bbd164884b78607da0266b7c9ee102ddccafc21ad2a93d2c2f36ba0f47422", 0x2b, 0xfffffffffffffffa)
r4 = request_key(&(0x7f0000000340)='keyring\x00', &(0x7f00000003c0)={'syz', 0x3}, &(0x7f0000000400)='eth0/cgroup}bdev$\xa4\x1f\x00', 0x0)
keyctl$link(0x8, r3, r4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
r5 = semget(0x1, 0x3, 0x0)
semctl$IPC_RMID(r5, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000), 0x0, 0x0)

12:22:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x60, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  947.298345][T24633] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:41 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

[  947.387796][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[  947.399059][T24634] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1f000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:41 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x68, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  947.452863][T24637] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:22:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  947.514093][T24658] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:41 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:22:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1fa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  947.602059][T24664] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  947.687395][T24675] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  947.733821][T24670] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  949.434864][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[  949.440972][T11860] Bluetooth: hci0: sending frame failed (-49)
[  951.515086][T24321] Bluetooth: hci0: command 0x1001 tx timeout
[  951.522166][T11860] Bluetooth: hci0: sending frame failed (-49)
[  953.595011][ T5699] Bluetooth: hci0: command 0x1009 tx timeout
12:22:51 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:51 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:22:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x20000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:51 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:51 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:51 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x2000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000080)=0x44)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:22:51 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

[  957.558769][T24688] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:51 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

12:22:51 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)

[  957.660374][T24702] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:22:51 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:22:51 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x20a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:52 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

[  957.830550][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
[  957.846113][T24706] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:22:52 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

[  957.920389][T24723] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:52 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:22:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x21a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:52 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x74, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:22:52 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:22:52 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000280)={<r4=>0xffffffffffffffff}, 0x13f, 0x1}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r1, &(0x7f0000000300)={0x4, 0x8, 0xfa00, {r4, 0x2}}, 0x10)
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[  958.101637][T24746] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:52 executing program 3:
syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:22:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x22a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  958.217930][T24751] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  958.238366][   T21] Bluetooth: hci1: Frame reassembly failed (-84)
[  958.283505][T24752] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  958.320610][T24763] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:22:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x23a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  958.344610][T24751] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  958.453075][T24775] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  959.834863][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[  959.840985][T24119] Bluetooth: hci0: sending frame failed (-49)
[  960.314881][T21920] Bluetooth: hci1: command 0x1003 tx timeout
[  960.320978][T24119] Bluetooth: hci1: sending frame failed (-49)
[  961.914911][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[  961.921071][T24119] Bluetooth: hci0: sending frame failed (-49)
[  962.394960][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[  962.401064][T24119] Bluetooth: hci1: sending frame failed (-49)
[  963.995008][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[  964.474905][T24321] Bluetooth: hci1: command 0x1009 tx timeout
12:23:02 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:02 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x24a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:02 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:02 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x1, 0x0)
ioctl$int_in(r1, 0x80080040045010, &(0x7f0000000040))
mmap$binder(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1, 0x11, r1, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0xaaaaaaaaaaaa9b7, 0x1000000000000004, 0x0, 0x31d)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
setitimer(0x3, &(0x7f0000000240)={{0x77359400}, {0x77359400}}, &(0x7f0000000300))
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x7, &(0x7f0000000280)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
ioctl$TCXONC(r3, 0x540a, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
semget$private(0x0, 0x69f9c0d6ab6df87a, 0x4)

12:23:02 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  968.431538][T24785] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  968.500543][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
12:23:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x25a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  968.542887][T24793] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  968.603196][T24798] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  968.640403][T24807] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:02 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:02 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:02 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x26a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  968.748672][T24813] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  968.830351][T24820] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:03 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x27a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  968.872743][T24823] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:03 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:03 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2ef, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  968.924565][T24824] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  968.942042][T24831] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:03 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x28a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  969.017991][T24838] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:03 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x29a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  970.554908][T14328] Bluetooth: hci1: command 0x1003 tx timeout
[  970.560964][T14328] Bluetooth: hci0: command 0x1003 tx timeout
[  970.561031][T24119] Bluetooth: hci1: sending frame failed (-49)
[  970.569549][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  972.634894][T14328] Bluetooth: hci0: command 0x1001 tx timeout
[  972.634914][ T5699] Bluetooth: hci1: command 0x1001 tx timeout
[  972.640998][ T1518] Bluetooth: hci0: sending frame failed (-49)
[  972.649835][T24119] Bluetooth: hci1: sending frame failed (-49)
[  974.714900][T14328] Bluetooth: hci0: command 0x1009 tx timeout
[  974.714907][ T5699] Bluetooth: hci1: command 0x1009 tx timeout
12:23:12 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x300, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:12 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:12 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:12 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000280)='/dev/snd/pcmC#D#c\x00', 0x8, 0x40a00)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:12 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:12 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2aa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  978.695452][T24864] validate_nla: 3 callbacks suppressed
[  978.695462][T24864] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:13 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:13 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:13 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  978.785004][T24873] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:13 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:13 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  978.889072][T24874] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:23:13 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:13 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x500, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:13 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2ba20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:13 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  979.066548][T10887] Bluetooth: hci1: Frame reassembly failed (-84)
[  979.113996][T24907] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[  979.172721][T24913] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:23:13 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:13 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2ca20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  979.244129][T24912] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:13 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x600, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  979.305440][T24920] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:13 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:13 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2da20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  979.371621][T24932] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  979.460492][T24942] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:13 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x700, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:13 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2ea20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  979.504596][T24943] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[  981.034864][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[  981.040970][T24119] Bluetooth: hci0: sending frame failed (-49)
[  981.114926][    T5] Bluetooth: hci1: command 0x1003 tx timeout
[  981.121063][T24119] Bluetooth: hci1: sending frame failed (-49)
[  983.114956][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[  983.121104][T24119] Bluetooth: hci0: sending frame failed (-49)
[  983.194979][    T5] Bluetooth: hci1: command 0x1001 tx timeout
[  983.201087][T24119] Bluetooth: hci1: sending frame failed (-49)
[  985.194969][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[  985.274955][T24321] Bluetooth: hci1: command 0x1009 tx timeout
12:23:23 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:23 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:23 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2fa20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:23 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:23 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x900, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:23 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$TIOCNXCL(r1, 0x540d)

[  989.554362][T24966] validate_nla: 2 callbacks suppressed
[  989.554373][T24966] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:23 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:23 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  989.652872][T24982] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:23 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x30a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  989.711570][T24983] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  989.823533][T24998] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xa00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x31a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  989.948505][T25009] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  990.085979][T25017] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  990.167946][T25022] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf43, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 1:
r0 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x91, 0x0)
setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000340)=0x7, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/rfkill\x00', 0x84000, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
ioctl$VIDIOC_S_PRIORITY(r2, 0x40045644, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r6 = request_key(&(0x7f0000000280)='trusted\x00', &(0x7f00000002c0)={'syz', 0x3}, &(0x7f0000000300)='.\x00', 0xfffffffffffffff8)
keyctl$get_keyring_id(0x0, r6, 0xb9)

12:23:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x32a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  990.478572][T25046] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  990.605687][T25056] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:23:24 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:24 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x33a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:24 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[  990.731732][T25055] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:25 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x34a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1f00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0))
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:23:25 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000280)={0x0, <r1=>0x0})
syz_open_procfs(r1, &(0x7f00000002c0)='net/if_inet6\x00')
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$VIDIOC_G_STD(r2, 0x80085617, &(0x7f0000000300)=<r4=>0x0)
r5 = shmget(0x3, 0x2000, 0x78000000, &(0x7f0000fe6000/0x2000)=nil)
lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, <r6=>0x0})
lstat(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0})
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000005c0)={0x0, <r8=>0x0}, &(0x7f0000000600)=0xc)
stat(&(0x7f0000000640)='\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0})
shmctl$IPC_SET(r5, 0x1, &(0x7f0000000700)={{0x7fffffff, r6, r7, r8, r9, 0x0, 0x5}, 0x0, 0xac, 0x1, 0x582, r1, r1, 0x7})
ioctl$VIDIOC_S_STD(r3, 0x40085618, &(0x7f0000000340)=r4)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r10=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r10+30000000}, 0x0)
io_uring_enter(r0, 0x2, 0x7fff, 0x3, &(0x7f00000003c0)={0x3}, 0x8)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:25 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:25 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:25 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x35a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:25 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:25 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:25 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x36a20100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:25 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:25 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[  991.852310][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
12:23:26 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000480)={{0x7f, 0x45, 0x4c, 0x46, 0x2, 0x3, 0x2, 0x8, 0x6, 0x3, 0x6, 0x101, 0xd4, 0x40, 0xfffffffffffffffd, 0x3, 0x7fffffff, 0x38, 0x2313, 0x8, 0x5, 0x8001}, [{0x0, 0x7, 0x8, 0x1000, 0x800, 0x40, 0x35, 0x7}], "ac6ad25057bfe08acbda9d7f91eaada37f3a8a01baef83dde637671aa9b0dbff33a38315dc39a7130f38090c5404e996f2858c6b0a6d92dfdce61e262d82203da1e2d78016e5566c661a06aa4ded3b888aa80a71ff77bb1a79df274039ce1bc96935", [[], []]}, 0x2da)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:26 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3a030000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:26 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x4)

12:23:26 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3f00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:26 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:26 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:26 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f0000000280)="66f20f01b300000fc79f003866b9790100000f323636670f01c90f38f17de567660f22a366b9800000c00f326635000100000f3066b9560300000f320fc7ad008066b9eb08000066b8680f000066ba000000000f30"}], 0x1, 0x4, 0x0, 0xffffff80)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:26 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:26 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:26 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3f000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[  993.914840][T21920] Bluetooth: hci0: command 0x1003 tx timeout
[  993.920950][T24119] Bluetooth: hci0: sending frame failed (-49)
[  994.554878][T21920] Bluetooth: hci1: command 0x1003 tx timeout
[  994.560989][T24119] Bluetooth: hci1: sending frame failed (-49)
[  995.994923][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[  996.001109][T24119] Bluetooth: hci0: sending frame failed (-49)
[  996.634961][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[  996.641284][T24119] Bluetooth: hci1: sending frame failed (-49)
[  998.074887][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[  998.714995][T24321] Bluetooth: hci1: command 0x1009 tx timeout
12:23:36 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x430f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x40000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:36 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$BLKREPORTZONE(r2, 0xc0101282, &(0x7f0000000480)={0x0, 0xa, 0x0, [{0x81, 0x1ff, 0x5, 0x6a26, 0x1, 0x5, 0x7ff}, {0xd7a, 0x3, 0x1, 0x1, 0x7b4, 0x100000000, 0x8}, {0xf88, 0x2, 0x1ff, 0x2, 0x6, 0x8000, 0xcc}, {0x7, 0x41, 0x2, 0xffffffffffffffff, 0x10001, 0x3, 0x8}, {0x6, 0x268b, 0x400, 0x401, 0x0, 0xed0, 0xfffffffffffffff9}, {0x7fff, 0x400, 0x8, 0x6, 0xffff, 0xf, 0x31}, {0x4b, 0x9a, 0x0, 0x5, 0x3f, 0x4, 0x59453862}, {0x3, 0x80000000, 0x0, 0x1, 0x6, 0x1, 0x5}, {0x4, 0xfffffffffffffff8, 0x629, 0x7c24, 0x40, 0x346c, 0x1be9}, {0x8, 0x5, 0x1, 0x4, 0x5, 0x4, 0x10000}]})
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1002.357008][T25221] validate_nla: 16 callbacks suppressed
[ 1002.357073][T25221] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x430f0000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1002.402406][T25218] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1002.433173][T25229] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1002.514188][T25239] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1002.572095][T25241] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:37 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:37 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4800, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x48000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:37 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1002.985461][T25250] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:37 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4c000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1003.028419][T25251] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1003.044944][T24938] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1003.088838][T25260] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1003.135832][T25263] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1004.394895][T21920] Bluetooth: hci0: command 0x1003 tx timeout
[ 1004.400981][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1005.114862][T21920] Bluetooth: hci1: command 0x1003 tx timeout
[ 1005.120938][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1006.474921][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[ 1006.481007][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1007.194924][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[ 1007.201030][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1008.554914][   T22] Bluetooth: hci0: command 0x1009 tx timeout
[ 1009.274996][   T22] Bluetooth: hci1: command 0x1009 tx timeout
12:23:46 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:46 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = syz_open_dev$sndpcmc(&(0x7f0000000380)='/dev/snd/pcmC#D#c\x00', 0xffffffffffffffa7, 0x200)
r1 = openat$cgroup_ro(r0, &(0x7f00000003c0)='cpuacct.usage_user\x00', 0x0, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x200000, 0x0)
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000540)=0x400, 0x4)
ioctl$KVM_NMI(r2, 0xae9a)
setsockopt$packet_int(r1, 0x107, 0xb, &(0x7f0000000500)=0x5, 0x4)
getsockopt$IPT_SO_GET_ENTRIES(r5, 0x0, 0x41, &(0x7f0000000580)=ANY=[@ANYBLOB="6d616e676c00000000000000000000fa3400000025f9e5d0972db98c8034c55a0bd6196b327e881ffae0e12b491f124ed5694029b3069f18b71240fc652eaee31774250b944218040007000000dd0963aed7c05c6100000000000000000000000000000000013194d2b8fc78cc6736242b2ca9d5d2a032329698f55796a93d10b47350212b618dd25d7c2d13c3c5b0796d07825926d2ba564499de13c8f0ddd23dc36e2e01292ae5818573c9c997428e309d6e3790d065c3ed4f2f36fd8e42c77384f9f538b0c0f3a985727bd43b4b62a618e876dd878808df7f58a24064befb4e2d19da6382e60c9df4748b83da68b843c44c98bc3c321408ef8af1443c43b947b03bc31c6a04ce73379a6d6a7fab775cc533"], &(0x7f0000000300)=0x58)
bind$isdn_base(r4, &(0x7f0000000340)={0x22, 0x7faa, 0x1248000000, 0x7, 0x7}, 0x6)
ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000400)=<r6=>0x0)
sched_getparam(r6, &(0x7f0000000480))
clock_gettime(0x7, &(0x7f00000004c0)={0x0, <r7=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:46 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:46 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4c00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x60000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1012.585485][T25276] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x65580000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1012.629422][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1012.638034][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1012.654205][T25283] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1012.701521][T25288] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1012.740425][T25292] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x68000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1012.773942][T25296] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1012.801434][T25288] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1012.845060][T25302] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:47 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x0)

12:23:47 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:47 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6c000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1013.215338][T25311] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:47 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x74000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1013.272082][T25315] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1013.314788][T25317] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1014.634916][T21920] Bluetooth: hci0: command 0x1003 tx timeout
[ 1014.641005][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1015.274873][T21920] Bluetooth: hci1: command 0x1003 tx timeout
[ 1015.280952][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1016.714971][T21920] Bluetooth: hci0: command 0x1001 tx timeout
[ 1016.721094][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1017.354960][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[ 1017.361850][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1018.794975][   T22] Bluetooth: hci0: command 0x1009 tx timeout
[ 1019.434957][   T22] Bluetooth: hci1: command 0x1009 tx timeout
12:23:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7a000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6800, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_CTX(r3, 0xc0086420, &(0x7f0000000340)={<r4=>0x0})
ioctl$DRM_IOCTL_LOCK(r1, 0x4008642a, &(0x7f00000003c0)={r4, 0x4})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$IOC_PR_PREEMPT_ABORT(r0, 0x401870cc, &(0x7f0000000280)={0x4, 0x59f, 0x8a32, 0x83})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r2, 0xc0086420, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r2, 0x4008ae48, &(0x7f00000002c0)=0x107000)
ioctl$BLKDISCARD(r2, 0x1277, &(0x7f0000000300)=0x9)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:57 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x7ffff000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

[ 1022.833527][T25336] validate_nla: 1 callbacks suppressed
[ 1022.833537][T25336] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x80969800, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1022.910190][T25349] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1022.993383][T25344] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1023.040502][T25354] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1023.107822][T25359] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1023.184753][T25363] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:57 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-ssse3\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x7ffff000, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0)

12:23:57 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x6c00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x81000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x303001, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm-monitor\x00', 0x14000, 0x0)
ioctl$LOOP_SET_FD(r4, 0x4c00, r1)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f00000003c0)={0xffffffffffffffe0, 0x1, {0x0, 0x3, 0x1, 0x0, 0xffffffff00000000}})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:57 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:57 executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/arp\x00\xe2\xce\xf9\xca\xfa\x975\xcd\x1f\x02S \xaeFMgr\x96y\xf9F\x92\x81>\xe3)\xb8w\x17\xbf\xc0\xc6\xd4\xdf\xeau\xd9W?\xe7\xfd{\x14\xba\x01\x18\x15\xbf\b\xf6\xcbk;le\xa2\x00.\xef\"Kqg[\x17X\xcf\xa8\xa4\xccUW\x92\xc5\xdc\x11\xf7\bw7\xc8\x1f\t\xaf,\x9dQz\xd9q\xe9\x81\xf4\xd0|R\xae\xa4\xc2o\x98MF\x87tIA\xf7\x9e1S\xbfy]\xe4\v\x05\x1f\xe6\x9ec\xf3D\x97y\xfc\xc0}S\xe8\x1c\x89')
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f00000001c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, 0x0, 0x0, 0x0, 0x1f0}, 0x0)
getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000080)={'broute\x00', 0x0, 0x3, 0xe3, [], 0x0, &(0x7f0000000040), &(0x7f0000000240)=""/227}, &(0x7f0000000340)=0x78)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1)
preadv(r0, &(0x7f00000017c0), 0x1000000000000304, 0x400000000100)

[ 1023.488238][T25379] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:57 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x87800000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1023.531783][T25377] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:23:57 executing program 3:
r0 = socket$kcm(0x2b, 0x8000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0x10, 0x3, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="240000001e0081aee4050c00000f10fe070101000000000063da9a9a1cae18c1eebd11da", 0x24}], 0x1}, 0x0)
recvmsg$kcm(r2, &(0x7f0000000680)={0x0, 0x311167f3, 0x0, 0x0, 0x0, 0x21366e0ca75e96a5}, 0x0)
recvmsg$kcm(r2, &(0x7f00000008c0)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001ec0)=[{&(0x7f0000001a80)=""/106, 0x6a}, {&(0x7f00000028c0)=""/4096, 0x1000}, {&(0x7f0000001b00)=""/106, 0x6a}, {0x0}, {&(0x7f0000001c40)=""/121, 0x79}, {&(0x7f00000038c0)=""/4096, 0x1000}, {0x0}, {&(0x7f0000001dc0)=""/17, 0x11}, {&(0x7f0000001e00)=""/143, 0x8f}], 0x9, &(0x7f00000048c0)=""/4096, 0x1000}, 0x10160)
recvmsg(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8005)
recvmsg(0xffffffffffffffff, 0x0, 0x20)

[ 1023.669461][T25419] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:23:58 executing program 4:
getsockopt$inet_mreqsrc(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000000c0)={@rand_addr, @empty, @local}, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000540))
r0 = creat(&(0x7f0000000280)='./bus\x00', 0x50)
getresuid(0x0, &(0x7f0000000380), &(0x7f00000003c0))
ftruncate(r0, 0x8003f1)
r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0))
clock_adjtime(0x2, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f00000007c0)={0x0, 0xffffffff, 0x0, 0x0, 0x3, [{0x0, 0x0, 0x1}, {0xa00000000000000, 0xfffffffffffffffa, 0x100000000}, {}]})

[ 1023.754572][T25499] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:23:58 executing program 3:
r0 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x200)
openat$null(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
dup2(r1, r0)

12:23:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7400, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x88a8ffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1000000, 0x0)
r1 = openat$random(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/urandom\x00', 0x62402, 0x0)
openat$random(0xffffffffffffff9c, &(0x7f0000000000)='/dev/urandom\x00', 0x4c03, 0x0)
r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000440)='/dev/vhci\x00', 0x800)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000180))
fcntl$getownex(r2, 0x10, &(0x7f0000000480))
ioctl$TIOCGSID(r0, 0x5429, &(0x7f00000004c0))
ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000500))
gettid()
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000580)={<r3=>0xffffffffffffffff, r1, 0x0, 0x5, &(0x7f0000000540)='self\x00'}, 0x30)
syz_open_procfs(r3, 0x0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bind$inet(r4, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r5, 0x107, 0x5, &(0x7f00000001c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
setsockopt$sock_int(r4, 0x1, 0x6, &(0x7f0000000280)=0x32, 0x4)
connect$inet(r4, &(0x7f0000000340)={0x2, 0x0, @broadcast}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BLKGETSIZE(0xffffffffffffffff, 0x1260, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x201000, 0x0)
removexattr(0x0, 0x0)
bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0)

12:23:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x9effffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
ioctl$KDGKBLED(r1, 0x4b64, &(0x7f0000000280))
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x2000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000080)=0x44)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x7a00, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xcba10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 4:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x101000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
ioctl$KDDISABIO(r0, 0x4b37)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x4000000000000000, 0x84000)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
r3 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="63d14c9c9a4aca5ac8605a245bbd164884b78607da0266b7c9ee102ddccafc21ad2a93d2c2f36ba0f47422", 0x2b, 0xfffffffffffffffa)
r4 = request_key(&(0x7f0000000340)='keyring\x00', &(0x7f00000003c0)={'syz', 0x3}, &(0x7f0000000400)='eth0/cgroup}bdev$\xa4\x1f\x00', 0x0)
keyctl$link(0x8, r3, r4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
r5 = semget(0x1, 0x3, 0x0)
semctl$IPC_RMID(r5, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000), 0x0, 0x0)

12:23:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xcca10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8087, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x2000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000080)=0x44)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:58 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xcda10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:58 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xcea10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vcs\x00', 0x2000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00'}, &(0x7f0000000080)=0x44)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000280)='./file0\x00')
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:59 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_AGP_ACQUIRE(r0, 0x6430)
write(r2, &(0x7f0000000300), 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:23:59 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xef02, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)

12:23:59 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xcfa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:23:59 executing program 3 (fault-call:2 fault-nth:0):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1025.638195][T26200] FAULT_INJECTION: forcing a failure.
[ 1025.638195][T26200] name failslab, interval 1, probability 0, space 0, times 0
[ 1025.651256][T26200] CPU: 0 PID: 26200 Comm: syz-executor.3 Not tainted 5.3.0-rc1+ #105
[ 1025.659365][T26200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1025.669453][T26200] Call Trace:
[ 1025.672843][T26200]  dump_stack+0x172/0x1f0
[ 1025.672869][T26200]  should_fail.cold+0xa/0x15
[ 1025.681768][T26200]  ? fault_create_debugfs_attr+0x180/0x180
[ 1025.681788][T26200]  ? ___might_sleep+0x163/0x280
[ 1025.681811][T26200]  __should_failslab+0x121/0x190
[ 1025.692436][T26200]  should_failslab+0x9/0x14
[ 1025.692451][T26200]  __kmalloc+0x2e0/0x770
[ 1025.692467][T26200]  ? mark_held_locks+0xf0/0xf0
[ 1025.692488][T26200]  ? _parse_integer+0x190/0x190
[ 1025.701994][T26200]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1025.702011][T26200]  tomoyo_realpath_from_path+0xcd/0x7b0
[ 1025.702027][T26200]  ? tomoyo_path_number_perm+0x193/0x520
[ 1025.702048][T26200]  tomoyo_path_number_perm+0x1dd/0x520
[ 1025.711024][T26200]  ? tomoyo_path_number_perm+0x193/0x520
[ 1025.711043][T26200]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1025.711060][T26200]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1025.711081][T26200]  ? __kasan_check_read+0x11/0x20
[ 1025.721717][T26200]  ? __fget+0x384/0x560
[ 1025.721735][T26200]  ? ksys_dup3+0x3e0/0x3e0
[ 1025.721758][T26200]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1025.732949][T26200]  ? fput_many+0x12c/0x1a0
[ 1025.732968][T26200]  tomoyo_file_ioctl+0x23/0x30
[ 1025.732984][T26200]  security_file_ioctl+0x77/0xc0
[ 1025.733004][T26200]  ksys_ioctl+0x57/0xd0
[ 1025.744070][T26200]  __x64_sys_ioctl+0x73/0xb0
[ 1025.744089][T26200]  do_syscall_64+0xfd/0x6a0
[ 1025.744177][T26200]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1025.756130][T26200] RIP: 0033:0x459829
[ 1025.756145][T26200] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1025.756153][T26200] RSP: 002b:00007efd74368c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1025.756167][T26200] RAX: ffffffffffffffda RBX: 00007efd74368c90 RCX: 0000000000459829
[ 1025.756175][T26200] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1025.756182][T26200] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1025.756190][T26200] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efd743696d4
[ 1025.756197][T26200] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:24:00 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd0a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1025.769196][T26200] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1025.882241][T10887] Bluetooth: hci1: Frame reassembly failed (-84)
12:24:00 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd1a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:00 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xff7f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:00 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd2a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:00 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x10000, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
syz_open_dev$mouse(&(0x7f0000000280)='/dev/input/mouse#\x00', 0x8, 0x341000)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:24:00 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1027.674931][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[ 1027.681035][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1027.914869][    T5] Bluetooth: hci1: command 0x1003 tx timeout
[ 1027.920967][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1029.754949][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[ 1029.761059][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1029.994941][    T5] Bluetooth: hci1: command 0x1001 tx timeout
[ 1030.001054][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1031.835001][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[ 1032.074961][T24321] Bluetooth: hci1: command 0x1009 tx timeout
12:24:10 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000200)='/dev/usbmon#\x00', 0x9, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000480))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r1, 0x400455c8, 0x4)
syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x0, 0x20100)

12:24:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd3a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:10 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:10 executing program 3 (fault-call:2 fault-nth:1):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:24:10 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:10 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcs\x00', 0x28000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1036.263987][T26249] validate_nla: 25 callbacks suppressed
[ 1036.263997][T26249] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1036.347494][T26261] FAULT_INJECTION: forcing a failure.
[ 1036.347494][T26261] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1036.361009][T26261] CPU: 0 PID: 26261 Comm: syz-executor.3 Not tainted 5.3.0-rc1+ #105
[ 1036.361020][T26261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1036.361025][T26261] Call Trace:
[ 1036.361049][T26261]  dump_stack+0x172/0x1f0
[ 1036.361077][T26261]  should_fail.cold+0xa/0x15
[ 1036.379741][T26261]  ? fault_create_debugfs_attr+0x180/0x180
[ 1036.379759][T26261]  ? lock_downgrade+0x920/0x920
[ 1036.379778][T26261]  should_fail_alloc_page+0x50/0x60
[ 1036.379789][T26261]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1036.379804][T26261]  ? __alloc_pages_slowpath+0x2520/0x2520
[ 1036.379816][T26261]  ? kernel_text_address+0x73/0xf0
[ 1036.379831][T26261]  ? unwind_get_return_address+0x61/0xa0
[ 1036.379844][T26261]  ? profile_setup.cold+0xbb/0xbb
[ 1036.379859][T26261]  ? fault_create_debugfs_attr+0x180/0x180
[ 1036.379874][T26261]  cache_grow_begin+0x90/0xd20
[ 1036.379887][T26261]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1036.379902][T26261]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1036.379921][T26261]  __kmalloc+0x6b2/0x770
[ 1036.387624][T26261]  ? mark_held_locks+0xf0/0xf0
[ 1036.398094][T26261]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1036.398109][T26261]  tomoyo_realpath_from_path+0xcd/0x7b0
[ 1036.398125][T26261]  ? tomoyo_path_number_perm+0x193/0x520
[ 1036.398142][T26261]  tomoyo_path_number_perm+0x1dd/0x520
[ 1036.398156][T26261]  ? tomoyo_path_number_perm+0x193/0x520
[ 1036.398171][T26261]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1036.398187][T26261]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1036.398207][T26261]  ? __kasan_check_read+0x11/0x20
[ 1036.398230][T26261]  ? __fget+0x384/0x560
[ 1036.408367][T26261]  ? ksys_dup3+0x3e0/0x3e0
[ 1036.408383][T26261]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1036.408396][T26261]  ? fput_many+0x12c/0x1a0
[ 1036.408412][T26261]  tomoyo_file_ioctl+0x23/0x30
[ 1036.408427][T26261]  security_file_ioctl+0x77/0xc0
[ 1036.408441][T26261]  ksys_ioctl+0x57/0xd0
[ 1036.408455][T26261]  __x64_sys_ioctl+0x73/0xb0
[ 1036.408479][T26261]  do_syscall_64+0xfd/0x6a0
[ 1036.419654][T26261]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1036.419672][T26261] RIP: 0033:0x459829
[ 1036.430402][T26261] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1036.430409][T26261] RSP: 002b:00007efd74368c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1036.430430][T26261] RAX: ffffffffffffffda RBX: 00007efd74368c90 RCX: 0000000000459829
[ 1036.446170][T26261] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1036.446178][T26261] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1036.446186][T26261] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efd743696d4
[ 1036.446194][T26261] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:24:10 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd4a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1036.655458][T26263] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1036.680696][T26264] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:10 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1036.732011][T26274] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1036.766425][T26264] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:11 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd5a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:11 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1036.818369][T26281] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:24:11 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
flock(r0, 0x4)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000280)="80c375360f78468665650f01c867838785a6000006b856000f00d0360f54fc3e0f01c40f01c40f20c06635020000000f22c0260f01c3", 0x36}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f00000001c0)={0x400, 0x9, 0x3, @remote, 'vlan0\x00'})
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:24:11 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1036.918014][T26292] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1036.991872][T26289] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1037.049069][T26300] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1038.714859][T21920] Bluetooth: hci1: command 0x1003 tx timeout
[ 1038.720939][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1038.727125][T21920] Bluetooth: hci0: command 0x1003 tx timeout
[ 1038.733321][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1040.794857][T14328] Bluetooth: hci0: command 0x1001 tx timeout
[ 1040.794864][T21920] Bluetooth: hci1: command 0x1001 tx timeout
[ 1040.807418][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1040.816033][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1042.874947][T14328] Bluetooth: hci0: command 0x1009 tx timeout
[ 1042.880998][T14328] Bluetooth: hci1: command 0x1009 tx timeout
12:24:21 executing program 4:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f0000000040)=[{0x20000000006, 0x0, 0x0, 0x50000}]})
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0)

12:24:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd6a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:21 executing program 3 (fault-call:2 fault-nth:2):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:24:21 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:21 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/vcs\x00', 0x1000000101000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
clock_gettime(0x7, &(0x7f0000000080))
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$UI_END_FF_UPLOAD(r2, 0x406855c9, &(0x7f0000000280)={0x1, 0xd83, {0x55, 0x6, 0x8000, {0x3, 0x8000}, {0x7fff, 0x1}, @rumble={0x20, 0x3}}, {0x52, 0x8, 0x1a, {0xffffffffffffff6f, 0xffffffffffffffff}, {0xc90, 0x4}, @ramp={0xfffffffffffff6f8, 0x8, {0x1035, 0x1, 0x3ff, 0x100000001}}}})

[ 1047.152944][T26314] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1047.222844][T26327] FAULT_INJECTION: forcing a failure.
[ 1047.222844][T26327] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.241886][T26327] CPU: 1 PID: 26327 Comm: syz-executor.3 Not tainted 5.3.0-rc1+ #105
[ 1047.250109][T26327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1047.250115][T26327] Call Trace:
[ 1047.250148][T26327]  dump_stack+0x172/0x1f0
[ 1047.250170][T26327]  should_fail.cold+0xa/0x15
[ 1047.250188][T26327]  ? fault_create_debugfs_attr+0x180/0x180
[ 1047.250206][T26327]  ? ___might_sleep+0x163/0x280
[ 1047.250226][T26327]  __should_failslab+0x121/0x190
[ 1047.250243][T26327]  should_failslab+0x9/0x14
[ 1047.250255][T26327]  __kmalloc+0x2e0/0x770
[ 1047.250274][T26327]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1047.250287][T26327]  ? d_absolute_path+0x11b/0x170
[ 1047.250300][T26327]  ? __d_path+0x140/0x140
[ 1047.250313][T26327]  ? tomoyo_encode2.part.0+0xf5/0x400
[ 1047.250328][T26327]  tomoyo_encode2.part.0+0xf5/0x400
[ 1047.250342][T26327]  tomoyo_encode+0x2b/0x50
[ 1047.250365][T26327]  tomoyo_realpath_from_path+0x1d3/0x7b0
[ 1047.278523][T26327]  tomoyo_path_number_perm+0x1dd/0x520
[ 1047.278539][T26327]  ? tomoyo_path_number_perm+0x193/0x520
[ 1047.278557][T26327]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1047.278573][T26327]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1047.278603][T26327]  ? __kasan_check_read+0x11/0x20
[ 1047.288381][T26327]  ? __fget+0x384/0x560
[ 1047.288401][T26327]  ? ksys_dup3+0x3e0/0x3e0
12:24:21 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xf7c, 0x8000000000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

[ 1047.303545][T26327]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1047.303562][T26327]  ? fput_many+0x12c/0x1a0
[ 1047.303579][T26327]  tomoyo_file_ioctl+0x23/0x30
[ 1047.303596][T26327]  security_file_ioctl+0x77/0xc0
[ 1047.303616][T26327]  ksys_ioctl+0x57/0xd0
[ 1047.318353][T26327]  __x64_sys_ioctl+0x73/0xb0
[ 1047.333597][T26327]  do_syscall_64+0xfd/0x6a0
[ 1047.333615][T26327]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1047.333626][T26327] RIP: 0033:0x459829
[ 1047.333641][T26327] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1047.333647][T26327] RSP: 002b:00007efd74368c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1047.333670][T26327] RAX: ffffffffffffffda RBX: 00007efd74368c90 RCX: 0000000000459829
[ 1047.356881][T26327] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1047.356889][T26327] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1047.356898][T26327] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efd743696d4
[ 1047.356906][T26327] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1047.367730][T26327] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1047.513532][T26328] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd7a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:21 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom$inet(r0, 0x0, 0xffffff99, 0x0, 0x0, 0x800e00769)
shutdown(r0, 0x0)

[ 1047.527080][T24938] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1047.612991][T26330] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:24:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1047.662231][T26344] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:24:21 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd8a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1047.731851][T26353] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:22 executing program 4:
r0 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000000))
r1 = syz_open_dev$usbmon(&(0x7f0000000380)='/dev/usbmon#\x00', 0x3, 0x101040)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000700)={{{@in=@empty, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@remote}, 0x0, @in=@multicast2}}, &(0x7f0000000800)=0xe8)
getresuid(&(0x7f0000000840), 0x0, &(0x7f00000008c0)=<r3=>0x0)
recvmmsg(0xffffffffffffffff, &(0x7f000000afc0)=[{{&(0x7f0000000900)=@nl, 0x80, &(0x7f0000002e00)=[{&(0x7f0000000980)=""/4096, 0x1000}, {&(0x7f0000001980)=""/21, 0x15}, {&(0x7f00000019c0)=""/213, 0xd5}, {&(0x7f0000001ac0)=""/135, 0x87}, {&(0x7f0000001b80)=""/118, 0x76}, {&(0x7f0000001c00)=""/149, 0x95}, {&(0x7f0000001cc0)=""/4096, 0x1000}, {&(0x7f0000002cc0)=""/141, 0x8d}, {&(0x7f0000002d80)=""/78, 0x4e}], 0x9}, 0x1}, {{&(0x7f0000002ec0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, 0x80, &(0x7f0000003f40)=[{&(0x7f0000002f40)=""/4096, 0x1000}], 0x1, &(0x7f0000003f80)=""/232, 0xe8}, 0x6}, {{0x0, 0x0, &(0x7f0000005540)=[{&(0x7f0000004080)=""/4096, 0x1000}, {&(0x7f0000005080)=""/127, 0x7f}, {&(0x7f0000005100)=""/128, 0x80}, {&(0x7f0000005180)=""/149, 0x95}, {&(0x7f0000005240)=""/206, 0xce}, {&(0x7f0000005340)=""/6, 0x6}, {&(0x7f0000005380)=""/187, 0xbb}, {&(0x7f0000005440)=""/203, 0xcb}], 0x8}}, {{&(0x7f00000055c0), 0x80, &(0x7f0000005780)=[{&(0x7f0000005640)=""/176, 0xb0}, {&(0x7f0000005700)=""/80, 0x50}], 0x2, &(0x7f00000057c0)=""/24, 0x18}}, {{&(0x7f0000005800)=@alg, 0x80, &(0x7f0000006d80)=[{&(0x7f0000005880)=""/154, 0x9a}, {&(0x7f0000005a00)=""/32, 0x20}, {&(0x7f0000005a40)=""/4096, 0x1000}, {0x0}, {&(0x7f0000006b40)=""/223, 0xdf}, {&(0x7f0000006c40)=""/123, 0x7b}, {&(0x7f0000006cc0)=""/167, 0xa7}], 0x7, &(0x7f0000006e00)=""/4096, 0x1000}, 0x4}, {{&(0x7f0000007e00)=@xdp={0x2c, 0x0, <r4=>0x0}, 0x80, &(0x7f000000a1c0)=[{&(0x7f0000007e80)=""/211, 0xd3}, {&(0x7f0000007f80)=""/133, 0x85}, {&(0x7f0000008040)}, {0x0}, {&(0x7f00000090c0)=""/126, 0x7e}, {&(0x7f0000009140)=""/117, 0x75}, {&(0x7f00000091c0)=""/4096, 0x1000}], 0x7}}, {{&(0x7f000000a240)=@in6={0xa, 0x0, 0x0, @initdev}, 0x80, &(0x7f000000a700)=[{&(0x7f000000a300)=""/90, 0x5a}, {&(0x7f000000a380)=""/246, 0xf6}, {&(0x7f000000a480)=""/69, 0x45}, {0x0}, {&(0x7f000000a580)=""/37, 0x25}, {&(0x7f000000a5c0)=""/26, 0x1a}, {0x0}], 0x7, &(0x7f000000a780)=""/180, 0xb4}}, {{&(0x7f000000a840)=@generic, 0x80, &(0x7f000000a9c0)=[{&(0x7f000000a8c0)=""/230, 0xe6}], 0x1, &(0x7f000000aa00)=""/241, 0xf1}, 0x5}, {{0x0, 0x0, 0x0}, 0x9}], 0x9, 0x10000, &(0x7f000000b240)={0x0, 0x989680})
sendmsg$nl_xfrm(r1, &(0x7f000000b440)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f000000b400)={&(0x7f000000b280)=@updsa={0x154, 0x1a, 0x300, 0x70bd28, 0x25dfdbff, {{@in=@loopback, @in6=@remote, 0x4e23, 0x0, 0x4e22, 0x1, 0xa, 0x20, 0x80, 0x7f, r2, r3}, {@in=@empty, 0x4d6, 0x32}, @in6=@mcast2, {0x3, 0x5, 0x0, 0xfffffffffffffffe, 0x7, 0xa5b, 0x20, 0x80000001}, {0x4, 0xffffffff, 0x8, 0x8}, {0x5, 0xa6, 0x5}, 0x70bd29, 0x3500, 0xa, 0x0, 0x47}, [@offload={0xc, 0x1c, {r4, 0x2}}, @user_kmaddress={0x2c, 0x13, {@in6=@remote, @in6=@remote, 0x0, 0xa}}, @etimer_thresh={0x8, 0xc, 0xff}, @lifetime_val={0x24, 0x9, {0x1f, 0x10001, 0x8, 0x1}}]}, 0x154}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
syz_open_procfs(0x0, &(0x7f00000001c0)='loginuid\x00')
r5 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x4000000000001)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000640)='/dev/rtc0\x00', 0xd0043, 0x0)
r6 = creat(&(0x7f0000008040)='./file0\x00', 0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r6, &(0x7f0000000400)="b77aa0c6be9e2a06fcd1ddbce5cfbb07a954d6096b54a290706d0121942014015779d24f2fd71085cafcc5a8fdde88e7fb4db063fabc53d78918aaaf20dfe42eef1e48634baca69dd56fea98351c4feb400ee2e8650d455f274ff78f697e62b05c5bf63d4ac8d35e53e5c1a2dfc110804620c802a85a525dc47afbe7ad06d4a0f8d273f5a6", 0xfffffffffffffffe}, 0x28f)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x7fffffd, 0x0, 0xd1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x800000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
sendto(r1, &(0x7f00000005c0)="76847f465317bf17e509344d5189", 0xe, 0x41, &(0x7f0000000680)=@in={0x2, 0x4e24, @multicast1}, 0x80)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
accept$inet6(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, &(0x7f0000000500)=0x1c)
r7 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="24000000030307031dfffd944ef20c0020200a0009000100021d85680c1baba20400ff7e28000000110affff82aba0aa1c0009b356da5a80918b06b20cd37ed01cc000"/76, 0x4c}], 0x1}, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x3c, 0x5}, &(0x7f00000000c0))
prctl$PR_GET_SECCOMP(0x15)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000580)={'team0\x00'})

[ 1047.823691][T26358] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:24:22 executing program 4:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0)
lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

12:24:22 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_SETFSLABEL(r4, 0x41009432, &(0x7f0000000280)="7e49b617b467bf47432a8bfcf949c61549f1c51d8509d7a04ba21f2c3efcd813752923adaa3240908d734a0814174f30d472bcff689f7c771e0eedaae4f115c8ee112ce186c2f9e664f98d20255de8851ec896e5564e913637d122f1b2b51fa64b7fd5ce9a33e254d17c15ed60543890583f08d27d25a186d59d1e7dd9fa08c6123dd7646bca53143e0c19e16bbe7333e890c558b4c4d667b57c5abb05c8fecb817b60f66b0c1940800f4fb1a310f306ba1b0b2fcc76fbd85fcb01456d00849dc1a93c258a70f8cec548fc36995448e36b0246f018659997b32038c0393249a3d797c3ea092a3eeacdf54b433b6c3858c134ad0a177018c4ddf3f6c7fa7b409a")
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0xfffffffffffffffe, &(0x7f00000003c0)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ubi_ctrl\x00', 0x101000, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r1, 0x111, 0x1, 0x4, 0x4)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1047.867369][T26366] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 1047.920508][T26363] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1049.594967][    T5] Bluetooth: hci0: command 0x1003 tx timeout
[ 1049.601044][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1051.674917][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[ 1051.681013][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1053.754915][T24321] Bluetooth: hci0: command 0x1009 tx timeout
12:24:32 executing program 3 (fault-call:2 fault-nth:3):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:24:32 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:32 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1880f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:32 executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ptmx\x00', 0x0, 0x0)
read(r0, &(0x7f00000000c0)=""/11, 0x249f7084)
shmget(0x3, 0x2000, 0x1000, &(0x7f0000ffc000/0x2000)=nil)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000))
clone(0x7fd, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0xffffffffffffffff)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet(0x2, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r1, &(0x7f0000000080), 0x1c)
ioctl$KIOCSOUND(r0, 0x4b2f, 0x0)

12:24:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xd9a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:32 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000280)='/dev/sequencer2\x00', 0xfffffffffffffffc, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1058.047873][T26400] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1058.081539][T26396] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1058.085508][T26404] FAULT_INJECTION: forcing a failure.
[ 1058.085508][T26404] name failslab, interval 1, probability 0, space 0, times 0
[ 1058.102785][T26404] CPU: 1 PID: 26404 Comm: syz-executor.3 Not tainted 5.3.0-rc1+ #105
[ 1058.110856][T26404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1058.120910][T26404] Call Trace:
[ 1058.124208][T26404]  dump_stack+0x172/0x1f0
[ 1058.128549][T26404]  should_fail.cold+0xa/0x15
[ 1058.133159][T26404]  ? fault_create_debugfs_attr+0x180/0x180
[ 1058.138975][T26404]  ? page_to_nid.part.0+0x20/0x20
[ 1058.138992][T26404]  ? ___might_sleep+0x163/0x280
[ 1058.139015][T26404]  __should_failslab+0x121/0x190
[ 1058.154044][T26404]  should_failslab+0x9/0x14
[ 1058.154060][T26404]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1058.154082][T26404]  ? rwlock_bug.part.0+0x90/0x90
[ 1058.163927][T26404]  ? ___might_sleep+0x163/0x280
[ 1058.173752][T26404]  hci_alloc_dev+0x43/0x1d80
[ 1058.173819][T26404]  hci_uart_tty_ioctl+0x306/0xc00
[ 1058.183394][T26404]  tty_ioctl+0xaf9/0x14f0
[ 1058.187746][T26404]  ? hci_uart_init_work+0x180/0x180
[ 1058.192955][T26404]  ? do_tty_hangup+0x30/0x30
[ 1058.192974][T26404]  ? tomoyo_path_number_perm+0x459/0x520
[ 1058.192994][T26404]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1058.193016][T26404]  ? tomoyo_path_number_perm+0x263/0x520
[ 1058.215066][T26404]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1058.215083][T26404]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1058.215103][T26404]  ? __kasan_check_read+0x11/0x20
[ 1058.215120][T26404]  ? do_tty_hangup+0x30/0x30
[ 1058.215135][T26404]  do_vfs_ioctl+0xdb6/0x13e0
[ 1058.215158][T26404]  ? ioctl_preallocate+0x210/0x210
[ 1058.227187][T26404]  ? __fget+0x384/0x560
[ 1058.241362][T26404]  ? ksys_dup3+0x3e0/0x3e0
[ 1058.241380][T26404]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1058.241401][T26404]  ? fput_many+0x12c/0x1a0
[ 1058.250677][T26404]  ? tomoyo_file_ioctl+0x23/0x30
[ 1058.261299][T26404]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1058.261316][T26404]  ? security_file_ioctl+0x8d/0xc0
[ 1058.261332][T26404]  ksys_ioctl+0xab/0xd0
[ 1058.261351][T26404]  __x64_sys_ioctl+0x73/0xb0
[ 1058.291027][T26404]  do_syscall_64+0xfd/0x6a0
12:24:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdaa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1058.291046][T26404]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1058.291063][T26404] RIP: 0033:0x459829
[ 1058.305441][T26404] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1058.325130][T26404] RSP: 002b:00007efd74368c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1058.325149][T26404] RAX: ffffffffffffffda RBX: 00007efd74368c90 RCX: 0000000000459829
12:24:32 executing program 4 (fault-call:2 fault-nth:0):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1058.325158][T26404] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1058.325166][T26404] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1058.325173][T26404] R10: 0000000000000000 R11: 0000000000000246 R12: 00007efd743696d4
[ 1058.325181][T26404] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1058.398411][T26422] FAULT_INJECTION: forcing a failure.
[ 1058.398411][T26422] name failslab, interval 1, probability 0, space 0, times 0
[ 1058.436163][T26422] CPU: 1 PID: 26422 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1058.444257][T26422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1058.444264][T26422] Call Trace:
[ 1058.444290][T26422]  dump_stack+0x172/0x1f0
[ 1058.444317][T26422]  should_fail.cold+0xa/0x15
[ 1058.464869][T26404] Bluetooth: Can't allocate HCI device
[ 1058.466598][T26422]  ? fault_create_debugfs_attr+0x180/0x180
[ 1058.466617][T26422]  ? ___might_sleep+0x163/0x280
[ 1058.466639][T26422]  __should_failslab+0x121/0x190
[ 1058.487723][T26422]  should_failslab+0x9/0x14
[ 1058.492227][T26422]  __kmalloc+0x2e0/0x770
[ 1058.492245][T26422]  ? mark_held_locks+0xf0/0xf0
[ 1058.492260][T26422]  ? _parse_integer+0x190/0x190
[ 1058.492281][T26422]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1058.511806][T26422]  tomoyo_realpath_from_path+0xcd/0x7b0
[ 1058.517377][T26422]  ? tomoyo_path_number_perm+0x193/0x520
[ 1058.517397][T26422]  tomoyo_path_number_perm+0x1dd/0x520
[ 1058.517413][T26422]  ? tomoyo_path_number_perm+0x193/0x520
[ 1058.517430][T26422]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1058.517446][T26422]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
12:24:32 executing program 3 (fault-call:2 fault-nth:4):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1058.517466][T26422]  ? __kasan_check_read+0x11/0x20
[ 1058.517492][T26422]  ? __fget+0x384/0x560
[ 1058.534182][T26422]  ? ksys_dup3+0x3e0/0x3e0
[ 1058.534199][T26422]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1058.534220][T26422]  ? fput_many+0x12c/0x1a0
[ 1058.546238][T26422]  tomoyo_file_ioctl+0x23/0x30
[ 1058.546257][T26422]  security_file_ioctl+0x77/0xc0
[ 1058.546273][T26422]  ksys_ioctl+0x57/0xd0
[ 1058.546287][T26422]  __x64_sys_ioctl+0x73/0xb0
[ 1058.546304][T26422]  do_syscall_64+0xfd/0x6a0
[ 1058.546321][T26422]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1058.546338][T26422] RIP: 0033:0x459829
[ 1058.559886][T26422] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1058.559895][T26422] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1058.559908][T26422] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1058.559924][T26422] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1058.585951][T26422] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1058.585960][T26422] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1058.585969][T26422] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1058.627633][T26422] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1058.689699][T26401] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:32 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
r2 = dup2(r1, r1)
ioctl$KVM_S390_UCAS_UNMAP(r2, 0x4018ae51, &(0x7f0000000280)={0x5, 0xe42a})
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r4, 0x111, 0x1, 0x4cf1d32, 0x4)

12:24:32 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1058.714780][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1058.786120][T26420] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:24:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18810, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1058.840748][T24938] Bluetooth: hci1: Frame reassembly failed (-84)
12:24:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdba10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1058.938046][T26551] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdca10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1059.005959][T26559] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1059.044462][T26553] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:24:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:33 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1059.099855][T26566] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:24:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18811, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdda10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1059.170214][T26571] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1059.291433][T26581] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1060.714852][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[ 1060.720944][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1060.874938][ T5699] Bluetooth: hci1: command 0x1003 tx timeout
[ 1060.881032][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1062.794907][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1062.801007][T24119] Bluetooth: hci0: sending frame failed (-49)
[ 1062.954988][ T5699] Bluetooth: hci1: command 0x1001 tx timeout
[ 1062.961112][T24119] Bluetooth: hci1: sending frame failed (-49)
[ 1064.874889][T24321] Bluetooth: hci0: command 0x1009 tx timeout
[ 1065.034957][T24321] Bluetooth: hci1: command 0x1009 tx timeout
12:24:43 executing program 4 (fault-call:2 fault-nth:1):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:24:43 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdea10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:43 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x2, 0x4)

12:24:43 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18812, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:43 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff})
write(r1, &(0x7f0000000480)="6a77d6152ab23c8a651412ea2805d8890847e19948c746927bfa175bc8d12078a09e52cbb7200a9c94cec49ddee0ef7b1bc561e243a5f20c7a4e364ebc09a5ff17e0a0c3fce9707bc8c76baa01b815e1eecfb849b8cb2f8507e4b1ff6de9e90b273f7669d95d2b7816a630b46ab6e83ba941efb1", 0x3800dcb0aa17b249)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r2=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x24)

[ 1068.923301][T26596] validate_nla: 1 callbacks suppressed
[ 1068.923312][T26596] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1068.959200][T26601] FAULT_INJECTION: forcing a failure.
[ 1068.959200][T26601] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1068.972444][T26601] CPU: 1 PID: 26601 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1068.980511][T26601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1068.990571][T26601] Call Trace:
[ 1068.993881][T26601]  dump_stack+0x172/0x1f0
[ 1068.998224][T26601]  should_fail.cold+0xa/0x15
[ 1069.002829][T26601]  ? fault_create_debugfs_attr+0x180/0x180
[ 1069.008641][T26601]  ? lock_downgrade+0x920/0x920
[ 1069.013501][T26601]  should_fail_alloc_page+0x50/0x60
12:24:43 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x10, 0x4)

[ 1069.018701][T26601]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1069.024081][T26601]  ? __alloc_pages_slowpath+0x2520/0x2520
[ 1069.029807][T26601]  ? kernel_text_address+0x73/0xf0
[ 1069.034924][T26601]  ? unwind_get_return_address+0x61/0xa0
[ 1069.040560][T26601]  ? profile_setup.cold+0xbb/0xbb
[ 1069.045588][T26601]  ? fault_create_debugfs_attr+0x180/0x180
[ 1069.051396][T26601]  cache_grow_begin+0x90/0xd20
[ 1069.056258][T26601]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1069.061982][T26601]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1069.061998][T26601]  __kmalloc+0x6b2/0x770
[ 1069.062014][T26601]  ? mark_held_locks+0xf0/0xf0
[ 1069.062035][T26601]  ? tomoyo_realpath_from_path+0xcd/0x7b0
[ 1069.083015][T26601]  tomoyo_realpath_from_path+0xcd/0x7b0
[ 1069.083033][T26601]  ? tomoyo_path_number_perm+0x193/0x520
[ 1069.083053][T26601]  tomoyo_path_number_perm+0x1dd/0x520
[ 1069.083068][T26601]  ? tomoyo_path_number_perm+0x193/0x520
[ 1069.083092][T26601]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1069.111307][T26601]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1069.117564][T26601]  ? __kasan_check_read+0x11/0x20
[ 1069.122789][T26601]  ? __fget+0x384/0x560
[ 1069.126961][T26601]  ? ksys_dup3+0x3e0/0x3e0
[ 1069.131394][T26601]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1069.137643][T26601]  ? fput_many+0x12c/0x1a0
[ 1069.142069][T26601]  tomoyo_file_ioctl+0x23/0x30
[ 1069.146845][T26601]  security_file_ioctl+0x77/0xc0
[ 1069.151788][T26601]  ksys_ioctl+0x57/0xd0
[ 1069.151805][T26601]  __x64_sys_ioctl+0x73/0xb0
[ 1069.151823][T26601]  do_syscall_64+0xfd/0x6a0
[ 1069.151840][T26601]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1069.151858][T26601] RIP: 0033:0x459829
[ 1069.160591][T26601] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1069.160599][T26601] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1069.160614][T26601] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1069.160622][T26601] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1069.160630][T26601] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1069.160638][T26601] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1069.160646][T26601] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:24:43 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x125f, 0x4)

12:24:43 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xdfa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:43 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18813, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1069.269183][T26821] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1069.388190][T26868] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:24:43 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4140, 0x4)

12:24:43 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1069.435261][T26893] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1069.535600][T26956] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1071.274908][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[ 1071.281007][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1073.355024][T24321] Bluetooth: hci0: command 0x1001 tx timeout
[ 1073.361112][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1075.435046][ T5699] Bluetooth: hci0: command 0x1009 tx timeout
12:24:53 executing program 4 (fault-call:2 fault-nth:2):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:24:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe0a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:53 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18814, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:24:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4c01, 0x4)

12:24:53 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:24:53 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r3, 0x54a3)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1079.788201][T27073] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1079.819377][T27083] FAULT_INJECTION: forcing a failure.
[ 1079.819377][T27083] name failslab, interval 1, probability 0, space 0, times 0
[ 1079.834379][T27083] CPU: 1 PID: 27083 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1079.842464][T27083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1079.842471][T27083] Call Trace:
[ 1079.842495][T27083]  dump_stack+0x172/0x1f0
[ 1079.842523][T27083]  should_fail.cold+0xa/0x15
[ 1079.864862][T27083]  ? fault_create_debugfs_attr+0x180/0x180
[ 1079.870688][T27083]  ? ___might_sleep+0x163/0x280
[ 1079.875641][T27083]  __should_failslab+0x121/0x190
[ 1079.875658][T27083]  should_failslab+0x9/0x14
[ 1079.875671][T27083]  __kmalloc+0x2e0/0x770
[ 1079.875689][T27083]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1079.875702][T27083]  ? d_absolute_path+0x11b/0x170
[ 1079.875714][T27083]  ? __d_path+0x140/0x140
[ 1079.875726][T27083]  ? tomoyo_encode2.part.0+0xf5/0x400
[ 1079.875739][T27083]  tomoyo_encode2.part.0+0xf5/0x400
[ 1079.875752][T27083]  tomoyo_encode+0x2b/0x50
[ 1079.875765][T27083]  tomoyo_realpath_from_path+0x1d3/0x7b0
[ 1079.875786][T27083]  tomoyo_path_number_perm+0x1dd/0x520
[ 1079.875808][T27083]  ? tomoyo_path_number_perm+0x193/0x520
[ 1079.885513][T27083]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1079.885532][T27083]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1079.885550][T27083]  ? __kasan_check_read+0x11/0x20
[ 1079.885574][T27083]  ? __fget+0x384/0x560
[ 1079.885589][T27083]  ? ksys_dup3+0x3e0/0x3e0
[ 1079.885603][T27083]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1079.885617][T27083]  ? fput_many+0x12c/0x1a0
[ 1079.885636][T27083]  tomoyo_file_ioctl+0x23/0x30
[ 1079.896212][T27083]  security_file_ioctl+0x77/0xc0
12:24:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5380, 0x4)

[ 1079.896230][T27083]  ksys_ioctl+0x57/0xd0
[ 1079.896245][T27083]  __x64_sys_ioctl+0x73/0xb0
[ 1079.896261][T27083]  do_syscall_64+0xfd/0x6a0
[ 1079.896277][T27083]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1079.896287][T27083] RIP: 0033:0x459829
[ 1079.896302][T27083] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1079.896309][T27083] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1079.896322][T27083] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1079.896329][T27083] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1079.896336][T27083] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1079.896342][T27083] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1079.896350][T27083] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1079.905426][T27083] ERROR: Out of memory at tomoyo_realpath_from_path.
12:24:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe1a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1080.113747][T27175] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:24:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5409, 0x4)

[ 1080.183924][T27176] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:24:54 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18815, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1080.248382][T27317] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:24:54 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, 0xfffffffffffffffd, 0x20613e, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={<r3=>0x0, r0, 0x0, 0x7, &(0x7f0000000280)=')}ppp0\x00'}, 0x30)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x7}, r3, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000300)={'security\x00', 0x4, [{}, {}, {}, {}]}, 0x68)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:24:54 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1080.389077][T27360] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1080.464476][T27449] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1082.075037][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[ 1082.081150][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1084.154908][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1084.161020][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1086.234904][T24321] Bluetooth: hci0: command 0x1009 tx timeout
12:25:04 executing program 4 (fault-call:2 fault-nth:3):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:04 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x540b, 0x4)

12:25:04 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe2a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:04 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18816, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:04 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:04 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000340)={<r4=>0x0, 0x7, 0x30}, &(0x7f00000003c0)=0xc)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000400)=r4, 0x4)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r2, 0x40bc5311, &(0x7f0000000280)={0x2, 0x2, 'client1\x00', 0x7, "a9ffaf4a03a315cf", "3eaa988434f1d5d76912d2bd3a103a473b771479cd03758ce826c2e6daf31ad8", 0x3, 0xa2b})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1090.685772][T27467] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1090.720630][T27488] FAULT_INJECTION: forcing a failure.
[ 1090.720630][T27488] name failslab, interval 1, probability 0, space 0, times 0
[ 1090.754664][T27488] CPU: 0 PID: 27488 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1090.763660][T27488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1090.773728][T27488] Call Trace:
[ 1090.777065][T27488]  dump_stack+0x172/0x1f0
[ 1090.777092][T27488]  should_fail.cold+0xa/0x15
[ 1090.786011][T27488]  ? fault_create_debugfs_attr+0x180/0x180
[ 1090.786029][T27488]  ? page_to_nid.part.0+0x20/0x20
[ 1090.786043][T27488]  ? ___might_sleep+0x163/0x280
[ 1090.786061][T27488]  __should_failslab+0x121/0x190
[ 1090.786084][T27488]  should_failslab+0x9/0x14
[ 1090.796907][T27488]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1090.796923][T27488]  ? rwlock_bug.part.0+0x90/0x90
[ 1090.796938][T27488]  ? ___might_sleep+0x163/0x280
[ 1090.796953][T27488]  hci_alloc_dev+0x43/0x1d80
[ 1090.796968][T27488]  hci_uart_tty_ioctl+0x306/0xc00
[ 1090.796984][T27488]  tty_ioctl+0xaf9/0x14f0
[ 1090.796996][T27488]  ? hci_uart_init_work+0x180/0x180
[ 1090.797016][T27488]  ? do_tty_hangup+0x30/0x30
[ 1090.850135][T27488]  ? tomoyo_path_number_perm+0x459/0x520
[ 1090.855802][T27488]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1090.862132][T27488]  ? tomoyo_path_number_perm+0x263/0x520
[ 1090.867782][T27488]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1090.873679][T27488]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1090.879924][T27488]  ? __kasan_check_read+0x11/0x20
[ 1090.879941][T27488]  ? do_tty_hangup+0x30/0x30
[ 1090.879954][T27488]  do_vfs_ioctl+0xdb6/0x13e0
[ 1090.879969][T27488]  ? ioctl_preallocate+0x210/0x210
[ 1090.879988][T27488]  ? __fget+0x384/0x560
12:25:05 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18817, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x540c, 0x4)

[ 1090.903486][T27488]  ? ksys_dup3+0x3e0/0x3e0
[ 1090.907913][T27488]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1090.914162][T27488]  ? fput_many+0x12c/0x1a0
[ 1090.914930][T27465] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1090.918587][T27488]  ? tomoyo_file_ioctl+0x23/0x30
[ 1090.918605][T27488]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1090.918620][T27488]  ? security_file_ioctl+0x8d/0xc0
[ 1090.918641][T27488]  ksys_ioctl+0xab/0xd0
[ 1090.947179][T27488]  __x64_sys_ioctl+0x73/0xb0
[ 1090.951788][T27488]  do_syscall_64+0xfd/0x6a0
[ 1090.956332][T27488]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1090.962224][T27488] RIP: 0033:0x459829
[ 1090.966128][T27488] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1090.985763][T27488] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1090.994180][T27488] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1091.002178][T27488] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1091.010154][T27488] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1091.018130][T27488] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1091.026104][T27488] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1091.035412][T27488] Bluetooth: Can't allocate HCI device
12:25:05 executing program 4 (fault-call:2 fault-nth:4):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe3a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1091.059706][T27594] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1091.141875][T27629] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1091.147490][T27685] FAULT_INJECTION: forcing a failure.
[ 1091.147490][T27685] name failslab, interval 1, probability 0, space 0, times 0
[ 1091.175201][T27685] CPU: 0 PID: 27685 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1091.183300][T27685] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1091.183306][T27685] Call Trace:
[ 1091.183330][T27685]  dump_stack+0x172/0x1f0
[ 1091.183354][T27685]  should_fail.cold+0xa/0x15
[ 1091.205696][T27685]  ? fault_create_debugfs_attr+0x180/0x180
[ 1091.211514][T27685]  ? page_to_nid.part.0+0x20/0x20
[ 1091.211531][T27685]  ? ___might_sleep+0x163/0x280
[ 1091.211550][T27685]  __should_failslab+0x121/0x190
[ 1091.211571][T27685]  should_failslab+0x9/0x14
[ 1091.221447][T27685]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1091.221549][T27685]  ? pm_runtime_init+0x311/0x3b0
[ 1091.221593][T27685]  ? device_initialize+0x1a3/0x440
[ 1091.231090][T27685]  ll_open+0x46/0x380
[ 1091.231107][T27685]  hci_uart_tty_ioctl+0x748/0xc00
[ 1091.231124][T27685]  tty_ioctl+0xaf9/0x14f0
[ 1091.231144][T27685]  ? hci_uart_init_work+0x180/0x180
[ 1091.241439][T27685]  ? do_tty_hangup+0x30/0x30
[ 1091.241457][T27685]  ? tomoyo_path_number_perm+0x459/0x520
[ 1091.241483][T27685]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1091.250543][T27685]  ? tomoyo_path_number_perm+0x263/0x520
12:25:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x540d, 0x4)

[ 1091.250561][T27685]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1091.250586][T27685]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1091.259912][T27685]  ? __kasan_check_read+0x11/0x20
[ 1091.259932][T27685]  ? do_tty_hangup+0x30/0x30
[ 1091.259952][T27685]  do_vfs_ioctl+0xdb6/0x13e0
[ 1091.269739][T27685]  ? ioctl_preallocate+0x210/0x210
[ 1091.269753][T27685]  ? __fget+0x384/0x560
[ 1091.269776][T27685]  ? ksys_dup3+0x3e0/0x3e0
[ 1091.281625][T27685]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1091.281642][T27685]  ? fput_many+0x12c/0x1a0
[ 1091.281666][T27685]  ? tomoyo_file_ioctl+0x23/0x30
[ 1091.293105][T27685]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1091.293122][T27685]  ? security_file_ioctl+0x8d/0xc0
[ 1091.293137][T27685]  ksys_ioctl+0xab/0xd0
[ 1091.293161][T27685]  __x64_sys_ioctl+0x73/0xb0
[ 1091.304411][T27685]  do_syscall_64+0xfd/0x6a0
[ 1091.304430][T27685]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1091.304448][T27685] RIP: 0033:0x459829
[ 1091.313600][T27685] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1091.313609][T27685] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1091.313622][T27685] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1091.313631][T27685] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1091.313653][T27685] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1091.322888][T27685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
12:25:05 executing program 4 (fault-call:2 fault-nth:5):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1091.322896][T27685] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1091.453049][T27727] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:05 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18818, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x540e, 0x4)

[ 1091.532076][T27853] FAULT_INJECTION: forcing a failure.
[ 1091.532076][T27853] name failslab, interval 1, probability 0, space 0, times 0
[ 1091.559434][T27853] CPU: 0 PID: 27853 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1091.567547][T27853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1091.577688][T27853] Call Trace:
[ 1091.580984][T27853]  dump_stack+0x172/0x1f0
[ 1091.585323][T27853]  should_fail.cold+0xa/0x15
[ 1091.589920][T27853]  ? fault_create_debugfs_attr+0x180/0x180
[ 1091.595739][T27853]  ? page_to_nid.part.0+0x20/0x20
[ 1091.600764][T27853]  ? ___might_sleep+0x163/0x280
[ 1091.605709][T27853]  __should_failslab+0x121/0x190
[ 1091.610657][T27853]  should_failslab+0x9/0x14
[ 1091.612327][T27858] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1091.615159][T27853]  __kmalloc+0x2e0/0x770
[ 1091.615179][T27853]  ? alloc_workqueue+0x166/0xf40
12:25:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe4a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:05 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1091.615194][T27853]  alloc_workqueue+0x166/0xf40
[ 1091.615214][T27853]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1091.615270][T27853]  ? scnprintf+0x140/0x140
[ 1091.615291][T27853]  ? kasan_kmalloc+0x9/0x10
[ 1091.643034][T27853]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1091.643058][T27853]  hci_register_dev+0x1b8/0x8f0
[ 1091.662346][T27853]  ? __raw_spin_lock_init+0x2d/0x100
[ 1091.667644][T27853]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1091.667669][T27853]  tty_ioctl+0xaf9/0x14f0
[ 1091.667684][T27853]  ? hci_uart_init_work+0x180/0x180
[ 1091.667703][T27853]  ? do_tty_hangup+0x30/0x30
[ 1091.686800][T27853]  ? tomoyo_path_number_perm+0x459/0x520
[ 1091.686821][T27853]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1091.686835][T27853]  ? tomoyo_path_number_perm+0x263/0x520
[ 1091.686852][T27853]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1091.686865][T27853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1091.686892][T27853]  ? __kasan_check_read+0x11/0x20
[ 1091.704365][T27853]  ? do_tty_hangup+0x30/0x30
[ 1091.704382][T27853]  do_vfs_ioctl+0xdb6/0x13e0
[ 1091.704402][T27853]  ? ioctl_preallocate+0x210/0x210
[ 1091.716426][T27853]  ? __fget+0x384/0x560
[ 1091.716444][T27853]  ? ksys_dup3+0x3e0/0x3e0
[ 1091.716460][T27853]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1091.716474][T27853]  ? fput_many+0x12c/0x1a0
[ 1091.716490][T27853]  ? tomoyo_file_ioctl+0x23/0x30
[ 1091.716504][T27853]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1091.716519][T27853]  ? security_file_ioctl+0x8d/0xc0
[ 1091.716533][T27853]  ksys_ioctl+0xab/0xd0
[ 1091.716546][T27853]  __x64_sys_ioctl+0x73/0xb0
[ 1091.716562][T27853]  do_syscall_64+0xfd/0x6a0
[ 1091.716583][T27853]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1091.740003][T27853] RIP: 0033:0x459829
[ 1091.750629][T27853] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1091.750638][T27853] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1091.750658][T27853] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
12:25:06 executing program 1:
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000400)=<r0=>0x0)
ptrace(0x8, r0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
ioctl$VHOST_GET_FEATURES(r1, 0x8008af00, &(0x7f0000000300))
openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
ioctl$VIDIOC_S_AUDIO(r3, 0x40345622, &(0x7f0000000280)={0x7, "40b701a8e8c29cd75a15563b76decebc140a37181b81eb26ac6258903f7e3587", 0x1, 0x1})
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsetxattr$security_evm(r5, &(0x7f0000000340)='security.evm\x00', &(0x7f00000003c0)=@sha1={0x1, "ad2e5cb1d805cb9ede076d1de5c9acb84edf2e3f"}, 0x15, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x101000)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
ioctl$VIDIOC_RESERVED(r2, 0x5601, 0x0)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1091.750667][T27853] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1091.750682][T27853] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1091.766234][T27853] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1091.766247][T27853] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1091.789996][T27853] Bluetooth: Can't register HCI device
12:25:06 executing program 4 (fault-call:2 fault-nth:6):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:06 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x540f, 0x4)

[ 1091.991902][T27864] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1092.070025][T28000] FAULT_INJECTION: forcing a failure.
[ 1092.070025][T28000] name failslab, interval 1, probability 0, space 0, times 0
[ 1092.100206][T28000] CPU: 1 PID: 28000 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1092.100809][T27879] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1092.108339][T28000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.108345][T28000] Call Trace:
[ 1092.108373][T28000]  dump_stack+0x172/0x1f0
[ 1092.108395][T28000]  should_fail.cold+0xa/0x15
[ 1092.108412][T28000]  ? fault_create_debugfs_attr+0x180/0x180
[ 1092.108433][T28000]  ? page_to_nid.part.0+0x20/0x20
[ 1092.108449][T28000]  ? ___might_sleep+0x163/0x280
[ 1092.108467][T28000]  __should_failslab+0x121/0x190
[ 1092.108482][T28000]  should_failslab+0x9/0x14
[ 1092.108493][T28000]  __kmalloc+0x2e0/0x770
[ 1092.108511][T28000]  ? alloc_workqueue+0x166/0xf40
[ 1092.108527][T28000]  alloc_workqueue+0x166/0xf40
[ 1092.108551][T28000]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1092.184910][T28000]  ? scnprintf+0x140/0x140
[ 1092.189344][T28000]  ? kasan_kmalloc+0x9/0x10
[ 1092.193867][T28000]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1092.199439][T28000]  hci_register_dev+0x1b8/0x8f0
[ 1092.204300][T28000]  ? __raw_spin_lock_init+0x2d/0x100
[ 1092.209611][T28000]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1092.214777][T28000]  tty_ioctl+0xaf9/0x14f0
[ 1092.219104][T28000]  ? hci_uart_init_work+0x180/0x180
[ 1092.224290][T28000]  ? do_tty_hangup+0x30/0x30
[ 1092.224307][T28000]  ? tomoyo_path_number_perm+0x459/0x520
[ 1092.224332][T28000]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1092.234528][T28000]  ? tomoyo_path_number_perm+0x263/0x520
[ 1092.234546][T28000]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1092.234571][T28000]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1092.246509][T28000]  ? __kasan_check_read+0x11/0x20
[ 1092.246528][T28000]  ? do_tty_hangup+0x30/0x30
12:25:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe4ffffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1092.246543][T28000]  do_vfs_ioctl+0xdb6/0x13e0
[ 1092.246562][T28000]  ? ioctl_preallocate+0x210/0x210
[ 1092.258861][T28000]  ? __fget+0x384/0x560
[ 1092.258878][T28000]  ? ksys_dup3+0x3e0/0x3e0
[ 1092.258894][T28000]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1092.258908][T28000]  ? fput_many+0x12c/0x1a0
[ 1092.258929][T28000]  ? tomoyo_file_ioctl+0x23/0x30
[ 1092.268515][T28000]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1092.268532][T28000]  ? security_file_ioctl+0x8d/0xc0
[ 1092.268552][T28000]  ksys_ioctl+0xab/0xd0
12:25:06 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5410, 0x4)

[ 1092.279109][T28000]  __x64_sys_ioctl+0x73/0xb0
[ 1092.279126][T28000]  do_syscall_64+0xfd/0x6a0
[ 1092.279142][T28000]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1092.279159][T28000] RIP: 0033:0x459829
[ 1092.279175][T28000] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1092.279191][T28000] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1092.288456][T28000] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1092.288463][T28000] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1092.288470][T28000] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1092.288477][T28000] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1092.288484][T28000] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1092.305926][T28000] Bluetooth: Can't register HCI device
12:25:06 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18819, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1092.451551][T28126] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:06 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000280)={0x3, [0x1f, 0x5, 0x984]}, 0xa)
clock_gettime(0x4, &(0x7f0000000300)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:25:06 executing program 4 (fault-call:2 fault-nth:7):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:06 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5411, 0x4)

12:25:06 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1092.625043][T28252] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1092.650034][T28258] FAULT_INJECTION: forcing a failure.
[ 1092.650034][T28258] name failslab, interval 1, probability 0, space 0, times 0
[ 1092.691500][T28258] CPU: 1 PID: 28258 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1092.699625][T28258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1092.699631][T28258] Call Trace:
[ 1092.699660][T28258]  dump_stack+0x172/0x1f0
[ 1092.699688][T28258]  should_fail.cold+0xa/0x15
[ 1092.721993][T28258]  ? fault_create_debugfs_attr+0x180/0x180
[ 1092.727809][T28258]  ? page_to_nid.part.0+0x20/0x20
[ 1092.727823][T28258]  ? ___might_sleep+0x163/0x280
[ 1092.727840][T28258]  __should_failslab+0x121/0x190
[ 1092.727856][T28258]  should_failslab+0x9/0x14
[ 1092.727876][T28258]  __kmalloc_track_caller+0x2dc/0x760
[ 1092.752618][T28258]  ? pointer+0x750/0x750
[ 1092.752634][T28258]  ? widen_string+0x2e0/0x2e0
[ 1092.752649][T28258]  ? kasprintf+0xbb/0xf0
[ 1092.752669][T28258]  kvasprintf+0xc8/0x170
[ 1092.770050][T28258]  ? bust_spinlocks+0xe0/0xe0
[ 1092.770071][T28258]  ? page_to_nid.part.0+0x20/0x20
[ 1092.770088][T28258]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1092.770109][T28258]  ? find_next_bit+0x107/0x130
[ 1092.790578][T28258]  kasprintf+0xbb/0xf0
[ 1092.794916][T28258]  ? kvasprintf_const+0x190/0x190
[ 1092.799959][T28258]  ? is_module_percpu_address+0xb/0x10
[ 1092.799981][T28258]  alloc_workqueue+0x46c/0xf40
[ 1092.800001][T28258]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1092.800024][T28258]  ? kasan_kmalloc+0x9/0x10
[ 1092.810229][T28258]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1092.810248][T28258]  hci_register_dev+0x1b8/0x8f0
[ 1092.810264][T28258]  ? __raw_spin_lock_init+0x2d/0x100
[ 1092.810283][T28258]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1092.810304][T28258]  tty_ioctl+0xaf9/0x14f0
[ 1092.820520][T28258]  ? hci_uart_init_work+0x180/0x180
[ 1092.820536][T28258]  ? do_tty_hangup+0x30/0x30
[ 1092.820553][T28258]  ? tomoyo_path_number_perm+0x459/0x520
[ 1092.820573][T28258]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1092.820595][T28258]  ? tomoyo_path_number_perm+0x263/0x520
[ 1092.831031][T28258]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1092.831049][T28258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1092.831069][T28258]  ? __kasan_check_read+0x11/0x20
12:25:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe5a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1092.831092][T28258]  ? do_tty_hangup+0x30/0x30
[ 1092.845724][T28258]  do_vfs_ioctl+0xdb6/0x13e0
[ 1092.845743][T28258]  ? ioctl_preallocate+0x210/0x210
[ 1092.845755][T28258]  ? __fget+0x384/0x560
[ 1092.845771][T28258]  ? ksys_dup3+0x3e0/0x3e0
[ 1092.845786][T28258]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1092.845807][T28258]  ? fput_many+0x12c/0x1a0
[ 1092.855587][T28258]  ? tomoyo_file_ioctl+0x23/0x30
[ 1092.855605][T28258]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1092.855620][T28258]  ? security_file_ioctl+0x8d/0xc0
12:25:07 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5412, 0x4)

[ 1092.855635][T28258]  ksys_ioctl+0xab/0xd0
[ 1092.855660][T28258]  __x64_sys_ioctl+0x73/0xb0
[ 1092.867631][T28258]  do_syscall_64+0xfd/0x6a0
[ 1092.867649][T28258]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1092.867659][T28258] RIP: 0033:0x459829
[ 1092.867676][T28258] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1092.867683][T28258] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1092.879206][T28258] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1092.879214][T28258] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1092.879222][T28258] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1092.879230][T28258] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1092.879238][T28258] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1093.040428][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
12:25:07 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5413, 0x4)

12:25:07 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:07 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe6a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:07 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5414, 0x4)

12:25:07 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x2b3, 0x0)
ioctl$IMGETDEVINFO(r3, 0x80044944, &(0x7f0000000300)={0x80000001})
fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000280)='trusted.overlay.origin\x00', &(0x7f00000002c0)='y\x00', 0x2, 0x3)
ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000100)=0x2040c082)

12:25:07 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe7a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1095.114903][   T22] Bluetooth: hci0: command 0x1003 tx timeout
[ 1095.121000][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1097.194934][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1097.201031][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1099.280315][   T22] Bluetooth: hci0: command 0x1009 tx timeout
12:25:17 executing program 4 (fault-call:2 fault-nth:8):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:17 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:17 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5415, 0x4)

12:25:17 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe8a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:17 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
openat$full(0xffffffffffffff9c, &(0x7f0000000400)='/dev/full\x00', 0x200, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getsockopt$inet_opts(r5, 0x0, 0x4, &(0x7f0000000280)=""/141, &(0x7f0000000340)=0x8d)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f0000000580))
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r6=>0x0})
write$USERIO_CMD_SEND_INTERRUPT(r2, &(0x7f00000007c0)={0x2, 0x7}, 0x2)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000480))
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r6+30000000}, 0x0)
ioctl$VHOST_GET_VRING_BASE(r4, 0xc008af12, &(0x7f00000003c0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000005c0)={'eql\x00', <r7=>0x0})
lstat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r8=>0x0})
setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000006c0)={{{@in6=@ipv4={[], [], @loopback}, @in6=@rand_addr="80174436f30c7dd56d626869f29b640d", 0x4e23, 0x0, 0x4e21, 0x4f7, 0xa, 0xa0, 0x0, 0x3c, r7, r8}, {0x8, 0x100000000, 0x4, 0x1, 0x20, 0x7fff, 0x3d, 0x4}, {0x8, 0x6, 0x8001, 0x3}, 0x7, 0x6e6bbd, 0x0, 0x1, 0x1, 0x3}, {{@in=@remote, 0x4d5, 0xff}, 0x2, @in6=@mcast1, 0x3505, 0x1, 0x3, 0x7, 0x58c7, 0x5, 0x80000001}}, 0xe8)
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1103.468662][T28777] validate_nla: 5 callbacks suppressed
[ 1103.468672][T28777] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1103.535388][T28797] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1103.548418][T28784] FAULT_INJECTION: forcing a failure.
[ 1103.548418][T28784] name failslab, interval 1, probability 0, space 0, times 0
[ 1103.578085][T28784] CPU: 1 PID: 28784 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1103.586721][T28784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1103.586727][T28784] Call Trace:
[ 1103.586752][T28784]  dump_stack+0x172/0x1f0
[ 1103.586781][T28784]  should_fail.cold+0xa/0x15
[ 1103.604481][T28784]  ? fault_create_debugfs_attr+0x180/0x180
[ 1103.604499][T28784]  ? page_to_nid.part.0+0x20/0x20
[ 1103.604522][T28784]  ? ___might_sleep+0x163/0x280
[ 1103.614916][T28784]  __should_failslab+0x121/0x190
[ 1103.614934][T28784]  should_failslab+0x9/0x14
[ 1103.614947][T28784]  __kmalloc_track_caller+0x2dc/0x760
[ 1103.614969][T28784]  ? pointer+0x750/0x750
[ 1103.643831][T28784]  ? widen_string+0x2e0/0x2e0
[ 1103.643847][T28784]  ? kasprintf+0xbb/0xf0
[ 1103.643862][T28784]  kvasprintf+0xc8/0x170
[ 1103.643882][T28784]  ? bust_spinlocks+0xe0/0xe0
[ 1103.661830][T28784]  ? page_to_nid.part.0+0x20/0x20
[ 1103.666872][T28784]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1103.672610][T28784]  ? find_next_bit+0x107/0x130
[ 1103.677380][T28784]  kasprintf+0xbb/0xf0
[ 1103.677394][T28784]  ? kvasprintf_const+0x190/0x190
[ 1103.677414][T28784]  ? is_module_percpu_address+0xb/0x10
[ 1103.677434][T28784]  alloc_workqueue+0x46c/0xf40
[ 1103.677456][T28784]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1103.696744][T28784]  ? kasan_kmalloc+0x9/0x10
[ 1103.696758][T28784]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1103.696775][T28784]  hci_register_dev+0x1b8/0x8f0
[ 1103.696796][T28784]  ? __raw_spin_lock_init+0x2d/0x100
[ 1103.712564][T28784]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1103.712583][T28784]  tty_ioctl+0xaf9/0x14f0
[ 1103.712596][T28784]  ? hci_uart_init_work+0x180/0x180
[ 1103.712619][T28784]  ? do_tty_hangup+0x30/0x30
[ 1103.732091][T28784]  ? tomoyo_path_number_perm+0x459/0x520
[ 1103.732113][T28784]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1103.732136][T28784]  ? tomoyo_path_number_perm+0x263/0x520
[ 1103.747529][T28784]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1103.747547][T28784]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1103.747575][T28784]  ? __kasan_check_read+0x11/0x20
[ 1103.759425][T28784]  ? do_tty_hangup+0x30/0x30
[ 1103.759442][T28784]  do_vfs_ioctl+0xdb6/0x13e0
[ 1103.759458][T28784]  ? ioctl_preallocate+0x210/0x210
[ 1103.759479][T28784]  ? __fget+0x384/0x560
[ 1103.776651][T28784]  ? ksys_dup3+0x3e0/0x3e0
[ 1103.790917][T28784]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1103.790934][T28784]  ? fput_many+0x12c/0x1a0
[ 1103.790951][T28784]  ? tomoyo_file_ioctl+0x23/0x30
[ 1103.790974][T28784]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1103.805754][T28784]  ? security_file_ioctl+0x8d/0xc0
[ 1103.805772][T28784]  ksys_ioctl+0xab/0xd0
[ 1103.805787][T28784]  __x64_sys_ioctl+0x73/0xb0
12:25:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xe9a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5416, 0x4)

[ 1103.805803][T28784]  do_syscall_64+0xfd/0x6a0
[ 1103.805825][T28784]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1103.815167][T28784] RIP: 0033:0x459829
[ 1103.815184][T28784] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1103.815192][T28784] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1103.815205][T28784] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1103.815213][T28784] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1103.815220][T28784] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1103.815228][T28784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1103.815243][T28784] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1103.931859][    T7] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1103.961167][T28775] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:25:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5418, 0x4)

[ 1104.006083][T28909] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:18 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xeaa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1104.193871][T29154] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1104.234573][T29159] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1104.257015][T29160] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1104.309101][T29165] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1105.994944][   T22] Bluetooth: hci0: command 0x1003 tx timeout
[ 1106.001030][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1108.074920][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1108.081000][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1110.154976][   T22] Bluetooth: hci0: command 0x1009 tx timeout
12:25:28 executing program 4 (fault-call:2 fault-nth:9):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:28 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x541d, 0x4)

12:25:28 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xeba10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:28 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:28 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:28 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
madvise(&(0x7f0000ff1000/0x4000)=nil, 0x4000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x403, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
clone(0x1000000000011, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, &(0x7f00000000c0), 0x1000007, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1114.370311][T29189] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1114.391285][T29193] FAULT_INJECTION: forcing a failure.
[ 1114.391285][T29193] name failslab, interval 1, probability 0, space 0, times 0
[ 1114.404047][T29193] CPU: 1 PID: 29193 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
12:25:28 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x541e, 0x4)

[ 1114.412118][T29193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1114.422913][T29193] Call Trace:
[ 1114.426885][T29193]  dump_stack+0x172/0x1f0
[ 1114.431735][T29193]  should_fail.cold+0xa/0x15
[ 1114.436337][T29193]  ? fault_create_debugfs_attr+0x180/0x180
[ 1114.442235][T29193]  ? page_to_nid.part.0+0x20/0x20
[ 1114.447260][T29193]  ? ___might_sleep+0x163/0x280
[ 1114.452252][T29193]  __should_failslab+0x121/0x190
[ 1114.457199][T29193]  should_failslab+0x9/0x14
[ 1114.461706][T29193]  __kmalloc+0x2e0/0x770
[ 1114.465953][T29193]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1114.465970][T29193]  ? mark_held_locks+0xf0/0xf0
[ 1114.465984][T29193]  ? preempt_count_add+0x7a/0x160
[ 1114.466000][T29193]  ? apply_wqattrs_prepare+0xae/0x960
[ 1114.466017][T29193]  apply_wqattrs_prepare+0xae/0x960
[ 1114.466038][T29193]  ? lock_acquire+0x190/0x410
[ 1114.476341][T29193]  ? alloc_workqueue+0x8d8/0xf40
[ 1114.476362][T29193]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1114.476376][T29193]  alloc_workqueue+0x8f1/0xf40
[ 1114.476394][T29193]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1114.476412][T29193]  ? kasan_kmalloc+0x9/0x10
[ 1114.476424][T29193]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1114.476442][T29193]  hci_register_dev+0x1b8/0x8f0
[ 1114.476464][T29193]  ? __raw_spin_lock_init+0x2d/0x100
[ 1114.538346][T29193]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1114.543381][T29193]  tty_ioctl+0xaf9/0x14f0
[ 1114.547723][T29193]  ? hci_uart_init_work+0x180/0x180
[ 1114.552930][T29193]  ? do_tty_hangup+0x30/0x30
[ 1114.557531][T29193]  ? tomoyo_path_number_perm+0x459/0x520
[ 1114.563204][T29193]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
12:25:28 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x541f, 0x4)

[ 1114.569550][T29193]  ? tomoyo_path_number_perm+0x263/0x520
[ 1114.575667][T29193]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1114.582935][T29193]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1114.589192][T29193]  ? __kasan_check_read+0x11/0x20
[ 1114.594231][T29193]  ? do_tty_hangup+0x30/0x30
[ 1114.598832][T29193]  do_vfs_ioctl+0xdb6/0x13e0
[ 1114.603430][T29193]  ? ioctl_preallocate+0x210/0x210
[ 1114.608536][T29193]  ? __fget+0x384/0x560
[ 1114.608551][T29193]  ? ksys_dup3+0x3e0/0x3e0
[ 1114.608567][T29193]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1114.608580][T29193]  ? fput_many+0x12c/0x1a0
[ 1114.608597][T29193]  ? tomoyo_file_ioctl+0x23/0x30
[ 1114.608611][T29193]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1114.608633][T29193]  ? security_file_ioctl+0x8d/0xc0
[ 1114.644193][T29193]  ksys_ioctl+0xab/0xd0
[ 1114.648360][T29193]  __x64_sys_ioctl+0x73/0xb0
[ 1114.652959][T29193]  do_syscall_64+0xfd/0x6a0
[ 1114.657565][T29193]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1114.663459][T29193] RIP: 0033:0x459829
12:25:28 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5420, 0x4)

[ 1114.667363][T29193] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1114.686974][T29193] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1114.695392][T29193] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1114.703473][T29193] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1114.711468][T29193] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1114.719527][T29193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1114.727499][T29193] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:25:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xeca10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1114.785283][T29184] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1114.795223][T29193] Bluetooth: Can't register HCI device
12:25:29 executing program 4 (fault-call:2 fault-nth:10):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:29 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5421, 0x4)

[ 1114.887586][T29186] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:29 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1114.978159][T29679] FAULT_INJECTION: forcing a failure.
[ 1114.978159][T29679] name failslab, interval 1, probability 0, space 0, times 0
[ 1115.020408][T29679] CPU: 1 PID: 29679 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1115.028551][T29679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1115.038608][T29679] Call Trace:
[ 1115.041905][T29679]  dump_stack+0x172/0x1f0
[ 1115.041926][T29679]  should_fail.cold+0xa/0x15
[ 1115.041943][T29679]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1115.041964][T29679]  ? fault_create_debugfs_attr+0x180/0x180
[ 1115.050863][T29679]  ? page_to_nid.part.0+0x20/0x20
[ 1115.050880][T29679]  ? ___might_sleep+0x163/0x280
[ 1115.050903][T29679]  __should_failslab+0x121/0x190
[ 1115.062925][T29679]  should_failslab+0x9/0x14
[ 1115.062941][T29679]  kmem_cache_alloc_node+0x268/0x740
[ 1115.062971][T29679]  alloc_unbound_pwq+0x4c5/0xcb0
[ 1115.072844][T29679]  apply_wqattrs_prepare+0x354/0x960
[ 1115.072863][T29679]  ? alloc_workqueue+0x8d8/0xf40
[ 1115.072884][T29679]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1115.082295][T29679]  alloc_workqueue+0x8f1/0xf40
[ 1115.082316][T29679]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1115.082337][T29679]  ? kasan_kmalloc+0x9/0x10
[ 1115.092558][T29679]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1115.092578][T29679]  hci_register_dev+0x1b8/0x8f0
[ 1115.092599][T29679]  ? __raw_spin_lock_init+0x2d/0x100
[ 1115.102802][T29679]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1115.102820][T29679]  tty_ioctl+0xaf9/0x14f0
[ 1115.102841][T29679]  ? hci_uart_init_work+0x180/0x180
[ 1115.113403][T29679]  ? do_tty_hangup+0x30/0x30
[ 1115.113421][T29679]  ? tomoyo_path_number_perm+0x459/0x520
[ 1115.113446][T29679]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1115.123750][T29679]  ? tomoyo_path_number_perm+0x263/0x520
[ 1115.123770][T29679]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1115.123787][T29679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1115.123821][T29679]  ? __kasan_check_read+0x11/0x20
[ 1115.134181][T29679]  ? do_tty_hangup+0x30/0x30
[ 1115.134198][T29679]  do_vfs_ioctl+0xdb6/0x13e0
[ 1115.134215][T29679]  ? ioctl_preallocate+0x210/0x210
[ 1115.134234][T29679]  ? __fget+0x384/0x560
[ 1115.144527][T29679]  ? ksys_dup3+0x3e0/0x3e0
12:25:29 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5422, 0x4)

[ 1115.144546][T29679]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1115.144561][T29679]  ? fput_many+0x12c/0x1a0
[ 1115.144581][T29679]  ? tomoyo_file_ioctl+0x23/0x30
[ 1115.158664][T29679]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1115.158681][T29679]  ? security_file_ioctl+0x8d/0xc0
[ 1115.158698][T29679]  ksys_ioctl+0xab/0xd0
[ 1115.158716][T29679]  __x64_sys_ioctl+0x73/0xb0
[ 1115.170585][T29679]  do_syscall_64+0xfd/0x6a0
[ 1115.170603][T29679]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1115.170622][T29679] RIP: 0033:0x459829
[ 1115.182065][T29679] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1115.182074][T29679] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1115.182088][T29679] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1115.182096][T29679] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1115.182111][T29679] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
12:25:29 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5423, 0x4)

[ 1115.193342][T29679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1115.193351][T29679] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1115.352801][T29681] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:29 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
rt_sigtimedwait(&(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000340)={0x77359400}, 0x8)
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r4 = shmget(0x1, 0x2000, 0x4, &(0x7f0000fe6000/0x2000)=nil)
shmctl$IPC_INFO(r4, 0x3, &(0x7f0000000480)=""/246)

[ 1115.368825][T29679] Bluetooth: Can't register HCI device
12:25:29 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:29 executing program 4 (fault-call:2 fault-nth:11):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:29 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xeda10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:29 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1881f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:29 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5424, 0x4)

[ 1115.541692][T30054] FAULT_INJECTION: forcing a failure.
[ 1115.541692][T30054] name failslab, interval 1, probability 0, space 0, times 0
[ 1115.583852][T30054] CPU: 0 PID: 30054 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1115.591946][T30054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1115.602004][T30054] Call Trace:
[ 1115.605308][T30054]  dump_stack+0x172/0x1f0
[ 1115.609653][T30054]  should_fail.cold+0xa/0x15
[ 1115.614254][T30054]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1115.620507][T30054]  ? fault_create_debugfs_attr+0x180/0x180
[ 1115.626318][T30054]  ? page_to_nid.part.0+0x20/0x20
[ 1115.631385][T30054]  ? ___might_sleep+0x163/0x280
[ 1115.636242][T30054]  __should_failslab+0x121/0x190
[ 1115.637680][T30067] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1115.641190][T30054]  should_failslab+0x9/0x14
[ 1115.641205][T30054]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1115.641217][T30054]  ? kasan_kmalloc+0x9/0x10
[ 1115.641237][T30054]  ? __kmalloc+0x351/0x770
[ 1115.668314][T30054]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1115.673870][T30054]  alloc_workqueue_attrs+0x3d/0xc0
[ 1115.678983][T30054]  apply_wqattrs_prepare+0xbe/0x960
[ 1115.684190][T30054]  ? lock_acquire+0x190/0x410
[ 1115.688873][T30054]  ? alloc_workqueue+0x8d8/0xf40
[ 1115.693836][T30054]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1115.699644][T30054]  alloc_workqueue+0x8f1/0xf40
[ 1115.704472][T30054]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1115.710182][T30054]  ? kasan_kmalloc+0x9/0x10
[ 1115.714672][T30054]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1115.720205][T30054]  hci_register_dev+0x1b8/0x8f0
[ 1115.725043][T30054]  ? __raw_spin_lock_init+0x2d/0x100
[ 1115.730341][T30054]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1115.735360][T30054]  tty_ioctl+0xaf9/0x14f0
[ 1115.739699][T30054]  ? hci_uart_init_work+0x180/0x180
[ 1115.744906][T30054]  ? do_tty_hangup+0x30/0x30
[ 1115.749507][T30054]  ? tomoyo_path_number_perm+0x459/0x520
[ 1115.755148][T30054]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1115.761405][T30054]  ? tomoyo_path_number_perm+0x263/0x520
[ 1115.767040][T30054]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1115.772832][T30054]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1115.779055][T30054]  ? __kasan_check_read+0x11/0x20
[ 1115.784070][T30054]  ? do_tty_hangup+0x30/0x30
[ 1115.788667][T30054]  do_vfs_ioctl+0xdb6/0x13e0
[ 1115.793279][T30054]  ? ioctl_preallocate+0x210/0x210
[ 1115.798376][T30054]  ? __fget+0x384/0x560
[ 1115.802518][T30054]  ? ksys_dup3+0x3e0/0x3e0
[ 1115.806918][T30054]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1115.813165][T30054]  ? fput_many+0x12c/0x1a0
[ 1115.817601][T30054]  ? tomoyo_file_ioctl+0x23/0x30
[ 1115.822546][T30054]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1115.828787][T30054]  ? security_file_ioctl+0x8d/0xc0
[ 1115.833886][T30054]  ksys_ioctl+0xab/0xd0
[ 1115.838021][T30054]  __x64_sys_ioctl+0x73/0xb0
[ 1115.842624][T30054]  do_syscall_64+0xfd/0x6a0
[ 1115.847144][T30054]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1115.853028][T30054] RIP: 0033:0x459829
[ 1115.856949][T30054] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1115.876546][T30054] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
12:25:30 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5425, 0x4)

[ 1115.884965][T30054] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1115.892930][T30054] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1115.900886][T30054] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1115.908851][T30054] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1115.916820][T30054] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:25:30 executing program 4 (fault-call:2 fault-nth:12):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1115.979881][T30054] Bluetooth: Can't register HCI device
[ 1115.993364][T30068] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:30 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5427, 0x4)

[ 1116.061318][T30309] FAULT_INJECTION: forcing a failure.
[ 1116.061318][T30309] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.074931][T30309] CPU: 1 PID: 30309 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1116.083015][T30309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1116.093079][T30309] Call Trace:
[ 1116.096379][T30309]  dump_stack+0x172/0x1f0
[ 1116.100718][T30309]  should_fail.cold+0xa/0x15
[ 1116.105318][T30309]  ? lock_downgrade+0x920/0x920
[ 1116.110196][T30309]  ? fault_create_debugfs_attr+0x180/0x180
[ 1116.116014][T30309]  ? page_to_nid.part.0+0x20/0x20
[ 1116.121042][T30309]  ? ___might_sleep+0x163/0x280
[ 1116.125907][T30309]  __should_failslab+0x121/0x190
[ 1116.130850][T30309]  should_failslab+0x9/0x14
[ 1116.135357][T30309]  __kmalloc+0x2e0/0x770
[ 1116.139609][T30309]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1116.145342][T30309]  ? pwq_adjust_max_active+0x3b6/0x5c0
[ 1116.150816][T30309]  ? alloc_workqueue+0x166/0xf40
[ 1116.155767][T30309]  alloc_workqueue+0x166/0xf40
12:25:30 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5428, 0x4)

[ 1116.160536][T30309]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1116.166271][T30309]  ? kasan_kmalloc+0x9/0x10
[ 1116.170812][T30309]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1116.176373][T30309]  hci_register_dev+0x209/0x8f0
[ 1116.181235][T30309]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1116.186273][T30309]  tty_ioctl+0xaf9/0x14f0
[ 1116.190613][T30309]  ? hci_uart_init_work+0x180/0x180
[ 1116.195822][T30309]  ? do_tty_hangup+0x30/0x30
[ 1116.200419][T30309]  ? tomoyo_path_number_perm+0x459/0x520
[ 1116.206155][T30309]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1116.212407][T30309]  ? tomoyo_path_number_perm+0x263/0x520
[ 1116.218051][T30309]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1116.223862][T30309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1116.230119][T30309]  ? __kasan_check_read+0x11/0x20
[ 1116.235167][T30309]  ? do_tty_hangup+0x30/0x30
[ 1116.239760][T30309]  do_vfs_ioctl+0xdb6/0x13e0
[ 1116.244360][T30309]  ? ioctl_preallocate+0x210/0x210
[ 1116.249480][T30309]  ? __fget+0x384/0x560
[ 1116.253630][T30309]  ? ksys_dup3+0x3e0/0x3e0
[ 1116.258040][T30309]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1116.264365][T30309]  ? fput_many+0x12c/0x1a0
[ 1116.264383][T30309]  ? tomoyo_file_ioctl+0x23/0x30
[ 1116.264405][T30309]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1116.279973][T30309]  ? security_file_ioctl+0x8d/0xc0
[ 1116.279990][T30309]  ksys_ioctl+0xab/0xd0
[ 1116.280004][T30309]  __x64_sys_ioctl+0x73/0xb0
[ 1116.280021][T30309]  do_syscall_64+0xfd/0x6a0
[ 1116.280038][T30309]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1116.280048][T30309] RIP: 0033:0x459829
[ 1116.280063][T30309] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1116.280070][T30309] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1116.280084][T30309] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1116.280091][T30309] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1116.280099][T30309] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
12:25:30 executing program 4 (fault-call:2 fault-nth:13):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1116.280115][T30309] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1116.289467][T30309] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1116.328478][T30309] Bluetooth: Can't register HCI device
[ 1116.422635][T30070] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:30 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5429, 0x4)

[ 1116.473030][T30548] FAULT_INJECTION: forcing a failure.
[ 1116.473030][T30548] name failslab, interval 1, probability 0, space 0, times 0
[ 1116.517629][T30548] CPU: 0 PID: 30548 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1116.525811][T30548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1116.525817][T30548] Call Trace:
[ 1116.525844][T30548]  dump_stack+0x172/0x1f0
[ 1116.525868][T30548]  should_fail.cold+0xa/0x15
[ 1116.525888][T30548]  ? fault_create_debugfs_attr+0x180/0x180
[ 1116.525906][T30548]  ? page_to_nid.part.0+0x20/0x20
[ 1116.525924][T30548]  ? ___might_sleep+0x163/0x280
[ 1116.525941][T30548]  __should_failslab+0x121/0x190
[ 1116.525956][T30548]  should_failslab+0x9/0x14
[ 1116.525970][T30548]  __kmalloc_track_caller+0x2dc/0x760
[ 1116.525983][T30548]  ? pointer+0x750/0x750
[ 1116.525997][T30548]  ? widen_string+0x2e0/0x2e0
[ 1116.526019][T30548]  ? kasprintf+0xbb/0xf0
[ 1116.554051][T30548]  kvasprintf+0xc8/0x170
[ 1116.554066][T30548]  ? bust_spinlocks+0xe0/0xe0
[ 1116.554089][T30548]  ? page_to_nid.part.0+0x20/0x20
[ 1116.563941][T30548]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1116.563958][T30548]  ? find_next_bit+0x107/0x130
[ 1116.563977][T30548]  kasprintf+0xbb/0xf0
[ 1116.573391][T30548]  ? kvasprintf_const+0x190/0x190
[ 1116.573411][T30548]  ? is_module_percpu_address+0xb/0x10
[ 1116.573435][T30548]  alloc_workqueue+0x46c/0xf40
[ 1116.583692][T30548]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1116.583712][T30548]  ? kasan_kmalloc+0x9/0x10
[ 1116.583732][T30548]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1116.592636][T30548]  hci_register_dev+0x209/0x8f0
[ 1116.592663][T30548]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1116.592684][T30548]  tty_ioctl+0xaf9/0x14f0
12:25:30 executing program 1:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x101000, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, <r2=>0x0}, &(0x7f0000000300)=0xc)
getgroups(0x2, &(0x7f0000000340)=[0xee00, <r3=>0x0])
getgroups(0x2, &(0x7f00000003c0)=[<r4=>0xee01, 0xee00])
getgroups(0x3, &(0x7f0000000400)=[r2, r3, r4])
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r6, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r7=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1116.601577][T30548]  ? hci_uart_init_work+0x180/0x180
[ 1116.601592][T30548]  ? do_tty_hangup+0x30/0x30
[ 1116.601608][T30548]  ? tomoyo_path_number_perm+0x459/0x520
[ 1116.601632][T30548]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1116.612434][T30548]  ? tomoyo_path_number_perm+0x263/0x520
[ 1116.612452][T30548]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1116.612468][T30548]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1116.612489][T30548]  ? __kasan_check_read+0x11/0x20
[ 1116.621311][T30548]  ? do_tty_hangup+0x30/0x30
[ 1116.621327][T30548]  do_vfs_ioctl+0xdb6/0x13e0
[ 1116.621343][T30548]  ? ioctl_preallocate+0x210/0x210
[ 1116.621363][T30548]  ? __fget+0x384/0x560
[ 1116.631862][T30548]  ? ksys_dup3+0x3e0/0x3e0
[ 1116.631879][T30548]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1116.631892][T30548]  ? fput_many+0x12c/0x1a0
[ 1116.631913][T30548]  ? tomoyo_file_ioctl+0x23/0x30
[ 1116.642396][T30548]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1116.642411][T30548]  ? security_file_ioctl+0x8d/0xc0
[ 1116.642427][T30548]  ksys_ioctl+0xab/0xd0
[ 1116.642446][T30548]  __x64_sys_ioctl+0x73/0xb0
[ 1116.652487][T30548]  do_syscall_64+0xfd/0x6a0
[ 1116.652504][T30548]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1116.652515][T30548] RIP: 0033:0x459829
[ 1116.652537][T30548] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1116.662820][T30548] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1116.662833][T30548] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1116.662839][T30548] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1116.662847][T30548] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1116.662854][T30548] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1116.662861][T30548] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1116.860660][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
12:25:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:31 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5437, 0x4)

12:25:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xeea10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18820, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1116.991315][T30681] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:31 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5441, 0x4)

[ 1117.073084][T30685] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xefa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1117.116488][T30807] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:25:31 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r5 = syz_genetlink_get_family_id$team(&(0x7f00000002c0)='team\x00')
accept$packet(r2, &(0x7f0000002900)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000002940)=0x14)
getsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000002980)={{{@in6=@mcast1, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in=@dev}, 0x0, @in6=@local}}, &(0x7f0000002a80)=0xe8)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000002b40)={<r8=>0x0, @loopback, @initdev}, &(0x7f0000002b80)=0xc)
getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000002bc0)={<r9=>0x0, @empty, @multicast2}, &(0x7f0000002c00)=0xc)
getsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000002c40)={{{@in6=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r10=>0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000002d40)=0xe8)
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000002fc0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10080100}, 0xc, &(0x7f0000002f80)={&(0x7f0000002d80)={0x1dc, r5, 0x408, 0x70bd2b, 0x25dfdbfe, {}, [{{0x8, 0x1, r6}, {0x4}}, {{0x8, 0x1, r7}, {0x1b4, 0x2, [{0x40, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x44, 0x1, @name={{0x24, 0x1, 'mode\x00'}, {0x8}, {0x14, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x80000000}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0xcf39}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24, 0x1, 'lb_tx_hash_to_port_mapping\x00'}, {0x8}, {0x8, 0x4, r8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24, 0x1, 'activeport\x00'}, {0x8}, {0x8, 0x4, r10}}}]}}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x4}, 0x4004000)

12:25:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18821, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1118.874905][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[ 1118.881703][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1120.954944][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1120.961041][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1123.034904][T24321] Bluetooth: hci0: command 0x1009 tx timeout
12:25:41 executing program 4 (fault-call:2 fault-nth:14):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:41 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5450, 0x4)

12:25:41 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf0a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:41 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18822, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:41 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
ioctl(r0, 0x3000000, &(0x7f0000000280)="ff0762bc1666f276fb3344eba886304449a9504f8b677c8bab0c7209fea78f57c6add04b575fa4b1dd4de4ac6739fe97ed827b0426e146c7a102bdfa57f46ba7af91ee1ea65f520c9640c61b30056a6b93de6aae72534e17a93d61fb0f7a8c15b09e64d42e80226a1d105936612f237fdddac007f87e8d36ffff6ccf6577b7fe3681264f3990df776f743028940acdd4becaa9bded1829a849a6a6")
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1127.168135][T30966] validate_nla: 3 callbacks suppressed
[ 1127.168145][T30966] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1127.188780][T30969] FAULT_INJECTION: forcing a failure.
[ 1127.188780][T30969] name failslab, interval 1, probability 0, space 0, times 0
[ 1127.201743][T30969] CPU: 1 PID: 30969 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1127.209920][T30969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1127.219994][T30969] Call Trace:
[ 1127.220024][T30969]  dump_stack+0x172/0x1f0
[ 1127.220045][T30969]  should_fail.cold+0xa/0x15
[ 1127.220062][T30969]  ? fault_create_debugfs_attr+0x180/0x180
[ 1127.220079][T30969]  ? page_to_nid.part.0+0x20/0x20
[ 1127.220097][T30969]  ? ___might_sleep+0x163/0x280
[ 1127.220123][T30969]  __should_failslab+0x121/0x190
[ 1127.232322][T30969]  should_failslab+0x9/0x14
[ 1127.232338][T30969]  __kmalloc_track_caller+0x2dc/0x760
[ 1127.232353][T30969]  ? pointer+0x750/0x750
[ 1127.232374][T30969]  ? widen_string+0x2e0/0x2e0
[ 1127.243190][T30969]  ? kasprintf+0xbb/0xf0
[ 1127.243205][T30969]  kvasprintf+0xc8/0x170
[ 1127.243220][T30969]  ? bust_spinlocks+0xe0/0xe0
[ 1127.243239][T30969]  ? page_to_nid.part.0+0x20/0x20
[ 1127.243262][T30969]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1127.253031][T30969]  ? find_next_bit+0x107/0x130
[ 1127.253046][T30969]  kasprintf+0xbb/0xf0
[ 1127.253059][T30969]  ? kvasprintf_const+0x190/0x190
[ 1127.253079][T30969]  ? is_module_percpu_address+0xb/0x10
[ 1127.253102][T30969]  alloc_workqueue+0x46c/0xf40
[ 1127.263064][T30969]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1127.263085][T30969]  ? kasan_kmalloc+0x9/0x10
[ 1127.263097][T30969]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1127.263120][T30969]  hci_register_dev+0x209/0x8f0
[ 1127.272030][T30969]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1127.272048][T30969]  tty_ioctl+0xaf9/0x14f0
[ 1127.272062][T30969]  ? hci_uart_init_work+0x180/0x180
[ 1127.272075][T30969]  ? do_tty_hangup+0x30/0x30
[ 1127.272098][T30969]  ? tomoyo_path_number_perm+0x459/0x520
[ 1127.280562][T30969]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1127.280580][T30969]  ? tomoyo_path_number_perm+0x263/0x520
[ 1127.280598][T30969]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1127.280619][T30969]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1127.290366][T30969]  ? __kasan_check_read+0x11/0x20
[ 1127.290385][T30969]  ? do_tty_hangup+0x30/0x30
[ 1127.290400][T30969]  do_vfs_ioctl+0xdb6/0x13e0
[ 1127.290424][T30969]  ? ioctl_preallocate+0x210/0x210
[ 1127.301015][T30969]  ? __fget+0x384/0x560
[ 1127.301033][T30969]  ? ksys_dup3+0x3e0/0x3e0
12:25:41 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5451, 0x4)

[ 1127.301050][T30969]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1127.301072][T30969]  ? fput_many+0x12c/0x1a0
[ 1127.310163][T30969]  ? tomoyo_file_ioctl+0x23/0x30
[ 1127.310182][T30969]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1127.310198][T30969]  ? security_file_ioctl+0x8d/0xc0
[ 1127.310218][T30969]  ksys_ioctl+0xab/0xd0
[ 1127.320551][T30969]  __x64_sys_ioctl+0x73/0xb0
[ 1127.320570][T30969]  do_syscall_64+0xfd/0x6a0
[ 1127.320588][T30969]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1127.320599][T30969] RIP: 0033:0x459829
[ 1127.320619][T30969] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1127.330825][T30969] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1127.330839][T30969] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1127.330848][T30969] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1127.330856][T30969] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1127.330865][T30969] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1127.330873][T30969] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:25:41 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5452, 0x4)

[ 1127.652172][T30965] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:41 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf0ffffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1127.712768][T31045] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:42 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18823, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:42 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x545d, 0x4)

12:25:42 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1127.824464][T31329] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1127.939684][T31351] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1127.999779][T31340] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1129.514947][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[ 1129.521056][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1131.595019][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1131.601164][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1133.674991][T24321] Bluetooth: hci0: command 0x1009 tx timeout
12:25:52 executing program 4 (fault-call:2 fault-nth:15):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:52 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf1a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:52 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5460, 0x4)

12:25:52 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18824, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:52 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:25:52 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1138.035603][T31469] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1138.064389][T31478] FAULT_INJECTION: forcing a failure.
[ 1138.064389][T31478] name failslab, interval 1, probability 0, space 0, times 0
[ 1138.079375][T31478] CPU: 1 PID: 31478 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1138.087839][T31478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.098358][T31478] Call Trace:
[ 1138.101903][T31478]  dump_stack+0x172/0x1f0
[ 1138.106275][T31478]  should_fail.cold+0xa/0x15
[ 1138.106293][T31478]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.106308][T31478]  ? fault_create_debugfs_attr+0x180/0x180
[ 1138.106325][T31478]  ? page_to_nid.part.0+0x20/0x20
[ 1138.106339][T31478]  ? ___might_sleep+0x163/0x280
[ 1138.106358][T31478]  __should_failslab+0x121/0x190
[ 1138.106380][T31478]  should_failslab+0x9/0x14
[ 1138.117757][T31478]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1138.117772][T31478]  ? kasan_kmalloc+0x9/0x10
[ 1138.117783][T31478]  ? __kmalloc+0x351/0x770
[ 1138.117799][T31478]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 1138.117816][T31478]  alloc_workqueue_attrs+0x3d/0xc0
[ 1138.117830][T31478]  alloc_workqueue+0x18b/0xf40
[ 1138.117849][T31478]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1138.117866][T31478]  ? kasan_kmalloc+0x9/0x10
[ 1138.117879][T31478]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1138.117901][T31478]  hci_register_dev+0x209/0x8f0
[ 1138.129040][T31478]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1138.129066][T31478]  tty_ioctl+0xaf9/0x14f0
[ 1138.139429][T31478]  ? hci_uart_init_work+0x180/0x180
[ 1138.139446][T31478]  ? do_tty_hangup+0x30/0x30
[ 1138.139463][T31478]  ? tomoyo_path_number_perm+0x459/0x520
[ 1138.139487][T31478]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
12:25:52 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x5608, 0x4)

12:25:52 executing program 4 (fault-call:2 fault-nth:16):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1138.149886][T31478]  ? tomoyo_path_number_perm+0x263/0x520
[ 1138.149902][T31478]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1138.149918][T31478]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.149939][T31478]  ? __kasan_check_read+0x11/0x20
[ 1138.149955][T31478]  ? do_tty_hangup+0x30/0x30
[ 1138.149969][T31478]  do_vfs_ioctl+0xdb6/0x13e0
[ 1138.149985][T31478]  ? ioctl_preallocate+0x210/0x210
[ 1138.149997][T31478]  ? __fget+0x384/0x560
[ 1138.150022][T31478]  ? ksys_dup3+0x3e0/0x3e0
[ 1138.165378][T31478]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1138.165395][T31478]  ? fput_many+0x12c/0x1a0
[ 1138.165410][T31478]  ? tomoyo_file_ioctl+0x23/0x30
[ 1138.165425][T31478]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.165439][T31478]  ? security_file_ioctl+0x8d/0xc0
[ 1138.165454][T31478]  ksys_ioctl+0xab/0xd0
[ 1138.165474][T31478]  __x64_sys_ioctl+0x73/0xb0
[ 1138.176053][T31478]  do_syscall_64+0xfd/0x6a0
[ 1138.176071][T31478]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1138.176081][T31478] RIP: 0033:0x459829
[ 1138.176095][T31478] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1138.176102][T31478] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1138.176116][T31478] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1138.176123][T31478] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1138.176131][T31478] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1138.176139][T31478] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1138.176153][T31478] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1138.186045][T31478] Bluetooth: Can't register HCI device
[ 1138.338726][T31600] FAULT_INJECTION: forcing a failure.
[ 1138.338726][T31600] name failslab, interval 1, probability 0, space 0, times 0
[ 1138.454422][T31600] CPU: 0 PID: 31600 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1138.463390][T31600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1138.475270][T31600] Call Trace:
[ 1138.479974][T31600]  dump_stack+0x172/0x1f0
[ 1138.484602][T31600]  should_fail.cold+0xa/0x15
[ 1138.484620][T31600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.484635][T31600]  ? fault_create_debugfs_attr+0x180/0x180
[ 1138.484660][T31600]  ? page_to_nid.part.0+0x20/0x20
[ 1138.484676][T31600]  ? ___might_sleep+0x163/0x280
[ 1138.484700][T31600]  __should_failslab+0x121/0x190
[ 1138.496438][T31600]  should_failslab+0x9/0x14
[ 1138.496452][T31600]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1138.496465][T31600]  ? kasan_kmalloc+0x9/0x10
[ 1138.496476][T31600]  ? __kmalloc+0x351/0x770
[ 1138.496492][T31600]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1138.496508][T31600]  alloc_workqueue_attrs+0x3d/0xc0
[ 1138.496533][T31600]  apply_wqattrs_prepare+0xbe/0x960
[ 1138.508359][T31600]  ? lock_acquire+0x190/0x410
[ 1138.508375][T31600]  ? alloc_workqueue+0x8d8/0xf40
[ 1138.508393][T31600]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1138.508409][T31600]  alloc_workqueue+0x8f1/0xf40
[ 1138.508426][T31600]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1138.508444][T31600]  ? kasan_kmalloc+0x9/0x10
[ 1138.508464][T31600]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1138.519539][T31600]  hci_register_dev+0x209/0x8f0
[ 1138.519558][T31600]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1138.519573][T31600]  tty_ioctl+0xaf9/0x14f0
[ 1138.519586][T31600]  ? hci_uart_init_work+0x180/0x180
[ 1138.519598][T31600]  ? do_tty_hangup+0x30/0x30
[ 1138.519614][T31600]  ? tomoyo_path_number_perm+0x459/0x520
[ 1138.519633][T31600]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1138.519661][T31600]  ? tomoyo_path_number_perm+0x263/0x520
12:25:52 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x6364, 0x4)

[ 1138.530585][T31600]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1138.530600][T31600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.530619][T31600]  ? __kasan_check_read+0x11/0x20
[ 1138.530636][T31600]  ? do_tty_hangup+0x30/0x30
[ 1138.530658][T31600]  do_vfs_ioctl+0xdb6/0x13e0
[ 1138.530680][T31600]  ? ioctl_preallocate+0x210/0x210
[ 1138.540620][T31600]  ? __fget+0x384/0x560
[ 1138.540636][T31600]  ? ksys_dup3+0x3e0/0x3e0
[ 1138.540659][T31600]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1138.540673][T31600]  ? fput_many+0x12c/0x1a0
[ 1138.540697][T31600]  ? tomoyo_file_ioctl+0x23/0x30
[ 1138.552745][T31600]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1138.552760][T31600]  ? security_file_ioctl+0x8d/0xc0
[ 1138.552775][T31600]  ksys_ioctl+0xab/0xd0
[ 1138.552790][T31600]  __x64_sys_ioctl+0x73/0xb0
[ 1138.552807][T31600]  do_syscall_64+0xfd/0x6a0
[ 1138.552829][T31600]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1138.564652][T31600] RIP: 0033:0x459829
12:25:52 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)="38aa159319a51850edaa400784389a6d886f54286213927e20c940c5baf5f486979d4727c4842b", 0x27}], 0x1, 0x0)

[ 1138.564669][T31600] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1138.564676][T31600] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1138.564689][T31600] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1138.564696][T31600] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1138.564703][T31600] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1138.564711][T31600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1138.564718][T31600] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1138.831756][T31600] Bluetooth: Can't register HCI device
12:25:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8903, 0x4)

12:25:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf2a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1138.860459][T31521] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1138.896943][T31512] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:53 executing program 4 (fault-call:2 fault-nth:17):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:53 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18825, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:53 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1138.963814][T31850] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8912, 0x4)

[ 1139.083582][T31965] FAULT_INJECTION: forcing a failure.
[ 1139.083582][T31965] name failslab, interval 1, probability 0, space 0, times 0
[ 1139.147689][T31977] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1139.177226][T31965] CPU: 1 PID: 31965 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1139.186585][T31965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1139.197506][T31965] Call Trace:
[ 1139.201404][T31965]  dump_stack+0x172/0x1f0
[ 1139.205861][T31965]  should_fail.cold+0xa/0x15
[ 1139.211220][T31965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1139.218563][T31965]  ? fault_create_debugfs_attr+0x180/0x180
[ 1139.224841][T31965]  ? page_to_nid.part.0+0x20/0x20
[ 1139.230265][T31965]  ? ___might_sleep+0x163/0x280
[ 1139.235328][T31965]  __should_failslab+0x121/0x190
[ 1139.241592][T31965]  should_failslab+0x9/0x14
[ 1139.246718][T31965]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1139.253431][T31965]  ? kasan_kmalloc+0x9/0x10
[ 1139.258289][T31965]  ? __kmalloc+0x351/0x770
[ 1139.263098][T31965]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1139.269467][T31965]  alloc_workqueue_attrs+0x3d/0xc0
[ 1139.275077][T31965]  apply_wqattrs_prepare+0xbe/0x960
[ 1139.280370][T31965]  ? lock_acquire+0x190/0x410
[ 1139.285811][T31965]  ? alloc_workqueue+0x8d8/0xf40
[ 1139.291034][T31965]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1139.298619][T31965]  alloc_workqueue+0x8f1/0xf40
[ 1139.304295][T31965]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1139.310024][T31965]  ? kasan_kmalloc+0x9/0x10
[ 1139.314883][T31965]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1139.320753][T31965]  hci_register_dev+0x209/0x8f0
[ 1139.326420][T31965]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1139.331453][T31965]  tty_ioctl+0xaf9/0x14f0
[ 1139.336070][T31965]  ? hci_uart_init_work+0x180/0x180
[ 1139.342017][T31965]  ? do_tty_hangup+0x30/0x30
[ 1139.347073][T31965]  ? tomoyo_path_number_perm+0x459/0x520
[ 1139.353527][T31965]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1139.360101][T31965]  ? tomoyo_path_number_perm+0x263/0x520
[ 1139.366437][T31965]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1139.372668][T31965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1139.379552][T31965]  ? __kasan_check_read+0x11/0x20
[ 1139.385066][T31965]  ? do_tty_hangup+0x30/0x30
[ 1139.390085][T31965]  do_vfs_ioctl+0xdb6/0x13e0
[ 1139.395467][T31965]  ? ioctl_preallocate+0x210/0x210
[ 1139.401355][T31965]  ? __fget+0x384/0x560
[ 1139.406215][T31965]  ? ksys_dup3+0x3e0/0x3e0
[ 1139.411017][T31965]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1139.417986][T31965]  ? fput_many+0x12c/0x1a0
[ 1139.422581][T31965]  ? tomoyo_file_ioctl+0x23/0x30
[ 1139.428505][T31965]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1139.435266][T31965]  ? security_file_ioctl+0x8d/0xc0
[ 1139.442630][T31965]  ksys_ioctl+0xab/0xd0
[ 1139.450262][T31965]  __x64_sys_ioctl+0x73/0xb0
[ 1139.456365][T31965]  do_syscall_64+0xfd/0x6a0
[ 1139.461221][T31965]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1139.468104][T31965] RIP: 0033:0x459829
[ 1139.472477][T31965] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1139.495129][T31965] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1139.503959][T31965] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1139.522230][T31965] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1139.530851][T31965] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1139.540075][T31965] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
12:25:53 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf3a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8916, 0x4)

[ 1139.548589][T31965] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:25:53 executing program 4 (fault-call:2 fault-nth:18):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1139.615473][T31965] Bluetooth: Can't register HCI device
[ 1139.623136][T31978] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:25:53 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_DISABLE_BEARER(r2, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x110}, 0xc, &(0x7f0000000340)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c000000a34e1a84a04516caf5212e801c4e60208e5618b95d30bad0793a", @ANYRES16=r3, @ANYBLOB="020127bd7000fbdbdf25010000000000000002410000001000137564703a73797a3100000000"], 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x80)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1139.710585][T32104] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1139.741529][T32222] FAULT_INJECTION: forcing a failure.
[ 1139.741529][T32222] name failslab, interval 1, probability 0, space 0, times 0
12:25:53 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8933, 0x4)

[ 1139.763374][T32222] CPU: 1 PID: 32222 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1139.773952][T32222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1139.785576][T32222] Call Trace:
[ 1139.785604][T32222]  dump_stack+0x172/0x1f0
[ 1139.785622][T32222]  should_fail.cold+0xa/0x15
[ 1139.785637][T32222]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1139.785651][T32222]  ? fault_create_debugfs_attr+0x180/0x180
[ 1139.785668][T32222]  ? page_to_nid.part.0+0x20/0x20
[ 1139.785683][T32222]  ? ___might_sleep+0x163/0x280
[ 1139.785708][T32222]  __should_failslab+0x121/0x190
[ 1139.829167][T32222]  should_failslab+0x9/0x14
[ 1139.833778][T32222]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1139.840357][T32222]  ? kasan_kmalloc+0x9/0x10
[ 1139.844977][T32222]  ? __kmalloc+0x351/0x770
[ 1139.850207][T32222]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1139.856224][T32222]  ? mark_held_locks+0xf0/0xf0
[ 1139.861431][T32222]  alloc_workqueue_attrs+0x3d/0xc0
[ 1139.867141][T32222]  apply_wqattrs_prepare+0xb6/0x960
[ 1139.872673][T32222]  ? lock_acquire+0x190/0x410
[ 1139.877797][T32222]  ? alloc_workqueue+0x8d8/0xf40
[ 1139.883673][T32222]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1139.889934][T32222]  alloc_workqueue+0x8f1/0xf40
[ 1139.894914][T32222]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1139.901127][T32222]  ? kasan_kmalloc+0x9/0x10
[ 1139.905890][T32222]  ? kmem_cache_alloc_trace+0x346/0x790
12:25:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8936, 0x4)

[ 1139.911941][T32222]  hci_register_dev+0x209/0x8f0
[ 1139.917126][T32222]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1139.922369][T32222]  tty_ioctl+0xaf9/0x14f0
[ 1139.927110][T32222]  ? hci_uart_init_work+0x180/0x180
[ 1139.933036][T32222]  ? do_tty_hangup+0x30/0x30
[ 1139.938963][T32222]  ? tomoyo_path_number_perm+0x459/0x520
[ 1139.946378][T32222]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1139.953526][T32222]  ? tomoyo_path_number_perm+0x263/0x520
[ 1139.960925][T32222]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1139.968424][T32222]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1139.975678][T32222]  ? __kasan_check_read+0x11/0x20
[ 1139.981137][T32222]  ? do_tty_hangup+0x30/0x30
[ 1139.986557][T32222]  do_vfs_ioctl+0xdb6/0x13e0
[ 1139.993048][T32222]  ? ioctl_preallocate+0x210/0x210
[ 1139.999401][T32222]  ? __fget+0x384/0x560
[ 1140.004206][T32222]  ? ksys_dup3+0x3e0/0x3e0
12:25:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8980, 0x4)

[ 1140.009526][T32222]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1140.015966][T32222]  ? fput_many+0x12c/0x1a0
[ 1140.020682][T32222]  ? tomoyo_file_ioctl+0x23/0x30
[ 1140.026009][T32222]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1140.033014][T32222]  ? security_file_ioctl+0x8d/0xc0
[ 1140.039478][T32222]  ksys_ioctl+0xab/0xd0
[ 1140.043904][T32222]  __x64_sys_ioctl+0x73/0xb0
[ 1140.048837][T32222]  do_syscall_64+0xfd/0x6a0
[ 1140.053454][T32222]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1140.059607][T32222] RIP: 0033:0x459829
[ 1140.064054][T32222] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1140.084943][T32222] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.084957][T32222] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1140.084964][T32222] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
12:25:54 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f00000003c0)='/dev/vcs#\x00', 0x8, 0x40)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
write(r5, &(0x7f0000000340), 0x41395527)
r6 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$VIDIOC_QUERYCTRL(r1, 0xc0445624, &(0x7f0000001880)={0x9, 0x107, "bbb206456b56194012defb315bcab9437d6493e5fb3bc7877a591b432549a99f", 0x8, 0x0, 0x8, 0xffffffffffff8000, 0x84})
ioctl$DRM_IOCTL_FREE_BUFS(r4, 0x4010641a, &(0x7f0000001940)={0x1, &(0x7f0000001900)=[0xffffffff]})
sendto$inet6(r5, &(0x7f0000000480)="a6de900db268622b94a41bfb6992f4c87e50e6ad58506b581a0b52571b05450642fa26a9ebe9cbe9e860691fc4e23a483251fa522d00e07d753fc07d9571869771ccff8ce67d08777c1feda3ba10e731b59111cde483526727f0b1460f52d90f84e79d57e20e4d711ad409a074370d1b99bf748e038dd94e71f560c03ddceb4b5095249546a744022cc5e18363aa092bfb5fbfe9ff1bd40603295f5bc061e04be028b162dd824df224ade0e7c68f8cd319401164bb21fb8b6e478f8ebd602c258bf7167290be960608487ff4fc645a3a95e88365555241c88b51faeb3187e89ae908cfde2233331a6849a9c40cf7b84d67834b6c7eabd42bed1565e3a7a302d207d27dc7c7a5f2d596260a940b8afa8a11772ae76c561a4078785183356729e24bf9540c8e9f180c5ad706a94b87adf4983118cd083ef5612aae7c99242f4dce279cff6da67b1789bad63acff821863736d6a02e0d09e72687d6564ed2de8fc40b7699094c71b9526793c017bec6510f90ab37d6e7c286bce54afd9daa420bcbe5427c61a62c3623f5175aba03b58ee1a532898554286b6d694e5457cfcb4409a259e2411138c6e9991dce77abae0b205265614cd065f2a11b87c07265e659cc99d33606eb53be42b332ccbb26765be09806b7982269dcc99575819ff3540b36c61a7de96810b14dde0184b0a9f2510d5f963acfed7343e10638c1d1e9d93f304153b4735f2badeccbe1c08b183e1c9a8e452b4614233c74531f893c27aeecdd1f4564ee398491dcd81f4b8167189b89869914d8add3b5e3017c0586c599e7ce83ee49d22b38f8c6db64cfee58ae8ecffc63fc29d4cf05cb8a503b3573bc862c16c6e353966f347ccba3d2bfe1c6a60d15f224f25ab7c9d35db9eadc1c03cd940ab75423c0b3ab6e1d4e69c280e48b3e1ce094a96287aaab62b595f02b8a4c00aea5be70025da0e88c56f10f67b6fdfa9bb327c6c464a0edda4b64deca85bd9008efbc445b1dd60c76242735a97202f28b0d623993c4a12f3814f3099712c1ab76bc9cfe40676c088e76f9e549fc7f079585037d043d16b5763e5c4511893e313611f917523a66688fe720876076ad597152b770955ab71b345b707eeb4564a892a5b7bc04aa2a44bcd31385a081e882c5a3abba407a4d1c2dd20a7c094fb285925578360ce0ee1e2cab40127e7ee74f51cf5ac77dff64e5db404777925a8196a27a2bc3cfc7a49bf294e446c06e4798a340ae4faab0afadf41c2607270ba9f10769feb29172c424ab64623663caf865c522855c61b515d51d99e78ef2ceb3b2da1c4e3a25791064829d858d11b1c283d64fd3cc7aea8428bee3a5c3edf77b087134bd74387eb607809a6222a51b944e3c3fc6a406e1dabc5674c2d278b53ee835086f0866cae7964792cef6be25f466dd0042f127acd4d557e3cec8b08e06216078c715b5cb26b0d245b507f31daa9096975dc97d44db82f04f5a856eba43462da758a3c3549d6a4d001697f44625fcaf493eda25e173bfba3e7207d9abb7ae9c438c14caf2c82c1db282b46e5b5c121bcc2565aa50c2f557ed7c2aebbeae28a20643baf22bec30c79ccc5fb5aef50fdbcdc13fe70b3cf8bb7bd10bf4ac4c66de082ee7d43b8d87cc3f9e8d20c3952f8b1c42ab864755c6a0b1ea28d04b987c540ff4b195597cf03aed883f3c809db016d746230a2a459bb4bdd3f84998ddd849b9a26a3bae664fcb91a3868a930590fb9526172b015214c06b777f2672b09f0690638658b250f80bc03642b703f35bc9cab1d28f10764a4bdc82fa810b26a20c9c71454fc794612b48f2357fad89a1d5873e8c7955b801fb37237f8cb0aeb38053dbb8e7545052a6188504f870adcf548fe0ec676484d57f410aaea9b6f29bb84b487e4291e90235b323bc0459b34d34a0c19151e0a73e6a79f7933dac8c922315e4779f10b951dc7774dda199171f7b5a76d915a946208b371ab7a4195787b59389c6e91150f8cbcf01718cdd2e120989c26f622258bb5ad7bca7ddd248278403534f8c75658171e1c368a7b79ae94baed672b0fa3f583181641a9abd163f2b419b15ebaec5372f9904946790308119f8094d1beb5c5b6bf299ca9133850dfaf948b88af025fe7823a1da491fd876c18cedc43c6d886d91f34f28106ab5ce771705d64ba075f8e8d16a94ac438efcf1df68eb30d3ef5345d00ce02cfbb6fad692fb760a2f5c399c5e59c99b21ffeaf346f8e19ac211a7c669eafdb93658e2d7c49846b64ffbcb674e38c8d49e1dd09cfb3d6f2b176741e6037cd44b0a7a13c5fcb5765c78907a841f81eab1e83d232981df61bc7b92a9a136fde297e4df44c7d3fd392db2149421a2cf0ffeca1507d1f36eafa75dd10a373ed6db1d448ccb56969e8c622a4e766ddd8b2b0239e564f3aa69fda04e6abc6fee0caf2656e03def8f68c99d9d2a06f4fde11ac990cdf20dec80822028a680b301a4f940b3f70e8947dfde88a873299b097fb98e266210293da5cfffdfb6c6af624c7125e29b2c85b63d831eb95dc25b1a338ca8ae1bcba6be3b0f01913b29b5bccab32c891cd8b6944aa4999722bae4e8569773328cb190fca927785d431da413de803b4bc0057a56cd5094eaba1c68fcaca100ad9221ac899627572c9a47a8ea48b9d4fa40296c0d408c36c0789289d839fc82d4ac4f9b04882ecc157a8cb1a89f0e9b5f9bbd77043ac6b60dce39c1263af55244b333d3a7bf659eb28794d52b5078c5f066ce521a72b041916006be5bfbdb34d091c16b1727f06c0968b8f06470c9d78fcb0979d821080e599f4634e4cbad483d755b9766687d73e4bdb53e0fb586332118828597b36a9470207250b47231d66fc501984bb74100e163cd0057b15c8cd64ee7147d8d3144656127a873cbf329c0cce7db5b29ed7d5d118f44bf34ce4abfee460c41d327bec6c96bc2ba5031445c0b35d0bfe1658ff6f28dac7db3e8caf93f86abd8b533189e5bbb4145ee279f14c18291671b0abd1c584b10b725bc0cb67c0939b260e2c8cc258218127ef4fc63f63208d5f8705f2513bd6396b866f739ce82e2977b925d294e16eb0b713b2f9a498f046fe6d488c8b594a3ac24f42cab278bf76cee76b49a7eefe20df42517e2c102c990899dc7a8d2460a3b3046e6afe457bd208d8469fd83edd8714f21b115b3f58a583ade84a103417d31c6639227823c2f959f95308778df580d1eb3504928ea75f4475ac7657b58b1278f9075633b1c9736d7196b4e57d1aa8b82b496713b42917d7a2d80ae21d016b522f14a09fdbb764324c78aa763058c25dafe5e17b1fc338dc3f34f64477c6c67b391e53c6a947cb09e6a0e021f8e972c37410f2d0a69c451a8b413ce650b1e8eb7140a3b414639ceea39c31bdeb3654344ce6b278222c774c1617304f6da3ee2c6ab7e183cacc65379910781e0f8a6ba2d2c9883eb5e7f8cbff3f0a147f32ac98bad87f09fc3e5d2c07abf42e41d914f4d24a2beccd4148e9345a34fe126d92bc7c81f570b2d0f0a1cc05d403b5b1e4437b21a93ff805b454f5a99e38a3595787fea804dd32afac51ff0eb52dbc567b82719a8465b56e4effa3e48b71b4e0aa986e4a4b6187b04e7a488eb276c3ab3ac02c4610724a633bf274423d40748351b555a43627ab51ab386898620f556b4e1636b2fbf659521dfc197ab485da21541ab0e1f779a3794e6f7586470d79831df988a01ab3d03e034f29e4b72d01fe54989c3185d151ee65183ec1975f60d7ee981e0d4d6221ca262bc6796d4ab23739a118e8e5a6d8f639b9b7f283c70b8958f140a078a4d0c6ca7b80988fa0f8d7659a2f726d80a973734c0d7914b5c883818f12bc14872312b00dc7e96188ef4d5b70c59db1ec8058675705c12c8d1fa39581fc32c158a1403077b7ce571fe9ef2d7ab2eece916e118d6d7ad83e8fa754006b3af84cadcd899e19aa8b8a0e77e718cac54c4cfd153c2d365afd8c6a7fe5cfece9dc765b8e20b8d856b31bd6e7775e3f2e973455fe1c7c1439042a6c2e0ba843d0770f657050e54910b2b8a6173877b45f593b2fc942ac175f11f2427b5b034f5fc574761102bdb40bfbde0c888bfc1700eed3cc7d539b84d5eeda3437bab68fd1f34539fa79b607e039b3b460cc3a1dbcbead2929960c729470ffada37494d9870a63f56a01c278febe470b9dc204820f946721ecabd0b11c60ca788a7baad9ab2253041cee8dfe9d3a6f7577b16f02cfb66028fabff1639a09a75ccf438198578805d40907947d6e36008a310ddff039edc68c251677d9983fec66aa4581f0444b2d747956dd7cac74ecadb253eccb33a9f248dc2aa5a5b5aea9dbe78cebfb04e1291a4e6e1561909febaec812923c7edf5d393c7ec284de2ac6c198cbbad960d7c72c6bb26161bdd74ccdc57583a6ebe55432152cb2d457d5d064fc92baf95ed3bef08e18325ffbda93b73315f371899b26fc265f8d0642be7291b7b34c185d11611e2fa9561fd7033f5eb789601c24181af08ba5a22ea05239191faee260d0a8b4f67b479215ed58f6c9cef78f45bb7e74077eb86147ff35bbb08eabcb8d322a48475fffeb0aa5d38dcc76ef04370b20f3a4e27206bcc02489c04d56498d001d1891e320ebc7ed0744599408e4aa813d2edeca42b15c7ff20d0c138a0f20a0b282a752ff82086217d0e54e0fdfb172a1cbc6e7fca2daf5c13ab53133e2ff875831255b9c287d8f27278929430db188c6ddb962a5b51b22bd1d0b426d949e7f30380e796ce68a43354aa0a0b6467dc82f69254de92fec49fc56f421c5e0be9f388311bbb3365d5fe1e4585c155d7035abd0d42cbb4e9d5d8835039cf302dd5dfff6b52cdf27d3c95e955a0905f27abf91675f2aabbd8f13f17f5d5a6fdd4083338d9b4160eec2d158f85041976341ba0bc88e49275ee137efab7224d236df1b3fe4851a3c6c6d33dd42444c7ac2cc7c05e6c5aafb74c0f97007c5773d6ee63a505afe1ea889f6f683e8ea9c8773f64bbd363237ef937038dca4e7ce28e26ba4e53288e08ccba01ab6fd9ade181c0eb517e47f5323a0ae792c906b60e8e98ae3c5a5d8b575fb40155536a266a046b2a5e7713bd55cffc2773683f6ccbaeb55399e9ae6c10723235133374e09226dde7c45bc6d14f1467eba3fabe4e632b69ab8e593e28c2b65cc6126aa09480e91145891816f4c5158ebfc09bdcbe5480062616eb61f42421cdf2d39270d163f3f71bcab392323ff53f60e80203e15c3ef534276bdd3018c0d7b6660cf34c2de06c925d76592b7f43536a8b1cdf4e2fc80c21578fc56a67b875abbdb96de981843b07a323c0ad49732bf2ba66efa0798931fdddd14166ef10b4bd428decf4ee749930e5540e693c0c72a492f9d08998ee844af00a3b179ca0580d93f9673ef5d7eadea28eca13141c4cae5c6778c46a9a54e390d6f446f4e3e468206f9175a752ff4abe77a984abc22bb74af258408b02d46cfce89645cc124dcc9bb8017ffb1556c92586d5529726393255e4f5ad808431e90fefd0f6ca709a8969b14e9f4c5f4293c74ac8bdf3f065b9d9bebdb4d2afe187c99b6dcfb74dee8132392e70ee2f999293f1818c4f76d4f9c3a34796abacdaea1f4b9b2901a79a73b4920d0f46c31a772ab9c0bbc21784777bd54e10ab39ca5f1b8f91145ee5195188d0a1a1a307cc66df64d2911e508d4e2f0df33d19af591b070f758ea0c7afc1dc0f0780ffa0342a1453c4eb22c802f4d5386293f2c27dcc68be0924782939883418fde900cc0a250779eece8d", 0x1000, 0x8000, &(0x7f0000000180)={0xa, 0x4e23, 0x7265b7a3, @rand_addr="611441fc30a3fe40f27c699cc7044b95", 0x872}, 0x1c)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open$dir(&(0x7f0000001840)='./file0\x00', 0x0, 0x80)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r6, 0x81785501, &(0x7f0000000280)=""/214)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
sendmsg$nl_route_sched(r2, &(0x7f00000016c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8010}, 0xc, &(0x7f0000001680)={&(0x7f0000001480)=ANY=[@ANYBLOB="e00100003000200226bd7000ffdbdf25f5ff000000010100fc000a00000010000100636f6e6e6d61726b00000000200002001c000100a40e0000000000000f000010a83300000000000014080000c4000600f4d55b96f284ddacfa7e6801c98590735e55db43c2ea8968cb93c5a414662db20cee62b5cce356860237718f75349d399d6a6cc09d9829e106ceaaf0722025c9a2943fe6826320b4b2fe350a5690b579e5c59bf95fd7959f62330f3d14579a7b77a9b69711a9d5fe292abbf7007233e8622af36c01844d1af4fc71822401595c9dd8e7153d779ce3e40eb02d2fcbf597a982e2495e3cad6484702a8caad629952225d5ec801019ecf1a10f756ea7b9519cf5b839b501cc22e500000000cc000100c80004000000080001006970740034000200140001007261770000000000000000000000000008000200010000001400010073656375726974790000000000000000840006004336f39926d572d8d8b6569fcf3c7eda4448efe5003ba4186fd7121cd57d24bb3cc1d4d3cda86d87e5060427368b020bfbe96f6ac3435b1e53dc2ad1f03728d96c001557ae47f43171f93e4fd930ca3ebe706ad5d7496e811d1b9546b50a347e73cdc7885d02a61350667f83b34d4c92b9717b362c38f090c8aab9f8f300"/480], 0x1e0}, 0x1, 0x0, 0x0, 0x10}, 0x10)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r7=>0x0})
readlinkat(r3, &(0x7f0000001740)='./file0\x00', &(0x7f0000001780)=""/155, 0x9b)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0)
ioctl$FS_IOC_FSSETXATTR(r5, 0x401c5820, &(0x7f0000001700)={0x4, 0x40, 0x4, 0xfffffffffffffff7, 0x8})
vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
r8 = fcntl$getown(r0, 0x9)
sched_getscheduler(r8)

[ 1140.084970][T32222] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.084976][T32222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1140.084983][T32222] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1140.146421][T32222] Bluetooth: Can't register HCI device
12:25:54 executing program 4 (fault-call:2 fault-nth:19):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:25:54 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18826, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:54 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8981, 0x4)

12:25:54 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf4a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1140.351216][T32593] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1140.351804][T32588] FAULT_INJECTION: forcing a failure.
[ 1140.351804][T32588] name failslab, interval 1, probability 0, space 0, times 0
[ 1140.403918][T32588] CPU: 1 PID: 32588 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1140.412215][T32588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1140.423003][T32588] Call Trace:
[ 1140.426669][T32588]  dump_stack+0x172/0x1f0
[ 1140.431318][T32588]  should_fail.cold+0xa/0x15
[ 1140.436395][T32588]  ? fault_create_debugfs_attr+0x180/0x180
[ 1140.443204][T32588]  ? page_to_nid.part.0+0x20/0x20
[ 1140.450910][T32588]  ? ___might_sleep+0x163/0x280
[ 1140.457017][T32588]  __should_failslab+0x121/0x190
[ 1140.457033][T32588]  should_failslab+0x9/0x14
[ 1140.457046][T32588]  kmem_cache_alloc+0x2aa/0x710
[ 1140.457064][T32588]  __d_alloc+0x2e/0x8c0
[ 1140.457080][T32588]  d_alloc+0x4d/0x280
[ 1140.457096][T32588]  d_alloc_parallel+0xf4/0x1c30
[ 1140.457109][T32588]  ? save_stack+0x5c/0x90
[ 1140.457129][T32588]  ? save_stack+0x23/0x90
[ 1140.467186][T32588]  ? __kasan_slab_free+0x102/0x150
[ 1140.477085][T32588]  ? kasan_slab_free+0xe/0x10
[ 1140.477098][T32588]  ? kfree+0x10a/0x2c0
[ 1140.477115][T32588]  ? apply_wqattrs_cleanup.part.0+0x139/0x160
[ 1140.477131][T32588]  ? mark_held_locks+0xf0/0xf0
[ 1140.477143][T32588]  ? ksys_ioctl+0xab/0xd0
[ 1140.477166][T32588]  ? do_syscall_64+0xfd/0x6a0
[ 1140.477180][T32588]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1140.477194][T32588]  ? pwq_adjust_max_active+0x3b1/0x5c0
[ 1140.477209][T32588]  ? __d_lookup_rcu+0x6c0/0x6c0
[ 1140.477230][T32588]  ? lock_acquire+0x190/0x410
[ 1140.486422][T32588]  ? lockdep_init_map+0x1be/0x6d0
[ 1140.486438][T32588]  ? lockdep_init_map+0x1be/0x6d0
[ 1140.486457][T32588]  __lookup_slow+0x1ab/0x500
[ 1140.486472][T32588]  ? vfs_unlink+0x620/0x620
[ 1140.486489][T32588]  ? lookup_dcache+0x23/0x140
[ 1140.486508][T32588]  ? d_lookup+0x19e/0x260
[ 1140.486528][T32588]  lookup_one_len+0x16d/0x1a0
[ 1140.495986][T32588]  ? lookup_one_len_unlocked+0x100/0x100
[ 1140.496000][T32588]  ? do_raw_spin_unlock+0x57/0x270
[ 1140.496014][T32588]  ? mntput+0x74/0xa0
[ 1140.496030][T32588]  start_creating+0xc5/0x1d0
[ 1140.496045][T32588]  debugfs_create_dir+0x26/0x380
[ 1140.496061][T32588]  hci_register_dev+0x299/0x8f0
[ 1140.496080][T32588]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1140.496103][T32588]  tty_ioctl+0xaf9/0x14f0
[ 1140.506181][T32588]  ? hci_uart_init_work+0x180/0x180
[ 1140.506196][T32588]  ? do_tty_hangup+0x30/0x30
[ 1140.506213][T32588]  ? tomoyo_path_number_perm+0x459/0x520
[ 1140.506233][T32588]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1140.506247][T32588]  ? tomoyo_path_number_perm+0x263/0x520
[ 1140.506264][T32588]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1140.506286][T32588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1140.516767][T32588]  ? __kasan_check_read+0x11/0x20
[ 1140.516786][T32588]  ? do_tty_hangup+0x30/0x30
[ 1140.516800][T32588]  do_vfs_ioctl+0xdb6/0x13e0
[ 1140.516815][T32588]  ? ioctl_preallocate+0x210/0x210
[ 1140.516828][T32588]  ? __fget+0x384/0x560
[ 1140.516843][T32588]  ? ksys_dup3+0x3e0/0x3e0
12:25:54 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x89b7, 0x4)

[ 1140.516859][T32588]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1140.516871][T32588]  ? fput_many+0x12c/0x1a0
[ 1140.516886][T32588]  ? tomoyo_file_ioctl+0x23/0x30
[ 1140.516908][T32588]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1140.526589][T32588]  ? security_file_ioctl+0x8d/0xc0
[ 1140.526606][T32588]  ksys_ioctl+0xab/0xd0
[ 1140.526621][T32588]  __x64_sys_ioctl+0x73/0xb0
[ 1140.526638][T32588]  do_syscall_64+0xfd/0x6a0
[ 1140.526655][T32588]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1140.526666][T32588] RIP: 0033:0x459829
[ 1140.526680][T32588] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1140.526695][T32588] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1140.537894][T32588] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1140.537902][T32588] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
12:25:55 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x89e2, 0x4)

[ 1140.537909][T32588] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1140.537916][T32588] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1140.537923][T32588] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1140.840725][T32601] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1140.893341][T32602] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:25:55 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf5a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:55 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:25:55 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18827, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:25:55 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae01, 0x4)

12:25:55 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000480)={<r2=>0x0}, &(0x7f00000004c0)=0xc)
ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000500)=r2)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000100)=<r4=>0x0)
wait4(r4, &(0x7f0000000300), 0x1, 0x0)
ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000580))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r6, &(0x7f0000000340), 0x41395527)
r7 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000400)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$RDS_FREE_MR(r5, 0x114, 0x3, &(0x7f0000000540)={{0x5, 0x9}, 0x10}, 0x10)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00')
sendmsg$TIPC_CMD_ENABLE_BEARER(r7, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1080100}, 0xc, &(0x7f0000000340)={&(0x7f00000005c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="000525bd7000ffdbdf2e001ef90100017564703a6a01bf73797a310000000000000000000000000000000000000000000036bcd96a1a777d947a4fe9b766addf61f83b949d1524788bf5c3524d7357f82c2049646c72265a6a966ccfca37974b0122f92aa3294f65c96e41aaf1c9054c9b8cdca0414980acf214253044d9476f7f8c6f2993463a5a246a8f4ea60997271f06e11b3c35248e5fe188393958ab72b0db9fe94a7d6239cd4cf83f881ff1e5e49dae3192821ca32ad119a6eb6d2756a26192f1233599dcc9ed98d5ef79593cebdcef5a0026f2d00046ce6cf4525d7be3858b829c6fbb495d7c4af1615ef87523c89ba03f3dcbc78dfa6d396e34f3ee4eede0e3bb420b0000dfeb46e621d6d2a42756e7946bf5eb7c09e5"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x10)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r9=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r9+30000000}, 0x0)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1142.794899][ T5699] Bluetooth: hci0: command 0x1003 tx timeout
[ 1142.801836][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1144.875013][ T5699] Bluetooth: hci0: command 0x1001 tx timeout
[ 1144.881294][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1146.955076][T14328] Bluetooth: hci0: command 0x1009 tx timeout
12:26:05 executing program 4 (fault-call:2 fault-nth:20):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf6a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:05 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae03, 0x4)

12:26:05 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18828, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:05 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
ioctl$VFIO_IOMMU_MAP_DMA(r1, 0x3b71, &(0x7f0000000280)={0x20, 0x3, 0x2, 0xb11b})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1150.834398][  T642] validate_nla: 4 callbacks suppressed
[ 1150.834408][  T642] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1150.871673][  T652] FAULT_INJECTION: forcing a failure.
[ 1150.871673][  T652] name failslab, interval 1, probability 0, space 0, times 0
[ 1150.894784][  T652] CPU: 0 PID: 652 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1150.902792][  T652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1150.912849][  T652] Call Trace:
[ 1150.916149][  T652]  dump_stack+0x172/0x1f0
[ 1150.920498][  T652]  should_fail.cold+0xa/0x15
[ 1150.925096][  T652]  ? fault_create_debugfs_attr+0x180/0x180
[ 1150.930911][  T652]  ? page_to_nid.part.0+0x20/0x20
[ 1150.936022][  T652]  ? ___might_sleep+0x163/0x280
[ 1150.936039][  T652]  __should_failslab+0x121/0x190
[ 1150.936053][  T652]  should_failslab+0x9/0x14
[ 1150.936065][  T652]  kmem_cache_alloc+0x2aa/0x710
[ 1150.936087][  T652]  ? lookup_one_len+0x10e/0x1a0
[ 1150.960231][  T652]  ? lookup_one_len_unlocked+0x100/0x100
[ 1150.965897][  T652]  alloc_inode+0x16f/0x1e0
[ 1150.970409][  T652]  new_inode_pseudo+0x19/0xf0
[ 1150.975091][  T652]  new_inode+0x1f/0x40
[ 1150.979165][  T652]  debugfs_get_inode+0x1a/0x130
[ 1150.984070][  T652]  debugfs_create_dir+0x7a/0x380
[ 1150.989011][  T652]  hci_register_dev+0x299/0x8f0
[ 1150.994060][  T652]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1150.999092][  T652]  tty_ioctl+0xaf9/0x14f0
[ 1151.003425][  T652]  ? hci_uart_init_work+0x180/0x180
[ 1151.008744][  T652]  ? do_tty_hangup+0x30/0x30
[ 1151.013339][  T652]  ? tomoyo_path_number_perm+0x459/0x520
[ 1151.018981][  T652]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1151.025232][  T652]  ? tomoyo_path_number_perm+0x263/0x520
[ 1151.030874][  T652]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1151.036692][  T652]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1151.043018][  T652]  ? __kasan_check_read+0x11/0x20
[ 1151.048056][  T652]  ? do_tty_hangup+0x30/0x30
[ 1151.048070][  T652]  do_vfs_ioctl+0xdb6/0x13e0
[ 1151.048085][  T652]  ? ioctl_preallocate+0x210/0x210
[ 1151.048105][  T652]  ? __fget+0x384/0x560
[ 1151.066521][  T652]  ? ksys_dup3+0x3e0/0x3e0
[ 1151.070941][  T652]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1151.077191][  T652]  ? fput_many+0x12c/0x1a0
[ 1151.081712][  T652]  ? tomoyo_file_ioctl+0x23/0x30
[ 1151.086747][  T652]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1151.092999][  T652]  ? security_file_ioctl+0x8d/0xc0
[ 1151.098122][  T652]  ksys_ioctl+0xab/0xd0
[ 1151.102276][  T652]  __x64_sys_ioctl+0x73/0xb0
[ 1151.106908][  T652]  do_syscall_64+0xfd/0x6a0
[ 1151.111429][  T652]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1151.117325][  T652] RIP: 0033:0x459829
[ 1151.121217][  T652] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
12:26:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae41, 0x4)

12:26:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae44, 0x4)

12:26:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae80, 0x4)

[ 1151.140849][  T652] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1151.149260][  T652] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1151.157401][  T652] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1151.157408][  T652] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1151.157415][  T652] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1151.157421][  T652] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:26:05 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf7a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1151.199394][  T652] debugfs: out of free dentries, can not create directory 'hci0'
[ 1151.210190][ T1001] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1151.243782][T10887] Bluetooth: hci0: Frame reassembly failed (-84)
12:26:05 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xae9a, 0x4)

[ 1151.293892][ T1002] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:26:05 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18829, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1151.374099][ T1131] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1151.506265][ T1258] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1151.592672][ T1258] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1153.274846][  T637] Bluetooth: hci0: command 0x1003 tx timeout
[ 1153.280940][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1155.354873][  T637] Bluetooth: hci0: command 0x1001 tx timeout
[ 1155.360958][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1157.434905][T14328] Bluetooth: hci0: command 0x1009 tx timeout
12:26:15 executing program 4 (fault-call:2 fault-nth:21):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:15 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400445a0, 0x4)

12:26:15 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf8a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:15 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:15 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:15 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
getsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000280), &(0x7f00000002c0)=0x8)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
prctl$PR_GET_NAME(0x10, &(0x7f0000000480)=""/184)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1161.729913][ T1274] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1161.812618][ T1293] FAULT_INJECTION: forcing a failure.
[ 1161.812618][ T1293] name failslab, interval 1, probability 0, space 0, times 0
[ 1161.855013][ T1293] CPU: 0 PID: 1293 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1161.863024][ T1293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1161.873074][ T1293] Call Trace:
[ 1161.876365][ T1293]  dump_stack+0x172/0x1f0
[ 1161.880696][ T1293]  should_fail.cold+0xa/0x15
[ 1161.885373][ T1293]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1161.891615][ T1293]  ? fault_create_debugfs_attr+0x180/0x180
[ 1161.897429][ T1293]  ? page_to_nid.part.0+0x20/0x20
[ 1161.902454][ T1293]  ? ___might_sleep+0x163/0x280
[ 1161.907306][ T1293]  __should_failslab+0x121/0x190
[ 1161.912247][ T1293]  should_failslab+0x9/0x14
[ 1161.916799][ T1293]  kmem_cache_alloc_node+0x268/0x740
[ 1161.922098][ T1293]  alloc_unbound_pwq+0x4c5/0xcb0
[ 1161.927040][ T1293]  apply_wqattrs_prepare+0x354/0x960
[ 1161.932327][ T1293]  ? alloc_workqueue+0x8d8/0xf40
[ 1161.937281][ T1293]  apply_workqueue_attrs_locked+0xcf/0x120
[ 1161.943091][ T1293]  alloc_workqueue+0x8f1/0xf40
[ 1161.947856][ T1293]  ? workqueue_sysfs_register+0x3e0/0x3e0
[ 1161.953576][ T1293]  ? kasan_kmalloc+0x9/0x10
[ 1161.958072][ T1293]  ? kmem_cache_alloc_trace+0x346/0x790
[ 1161.958090][ T1293]  hci_register_dev+0x209/0x8f0
[ 1161.958116][ T1293]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1161.973502][ T1293]  tty_ioctl+0xaf9/0x14f0
[ 1161.977868][ T1293]  ? hci_uart_init_work+0x180/0x180
[ 1161.977881][ T1293]  ? do_tty_hangup+0x30/0x30
[ 1161.977897][ T1293]  ? tomoyo_path_number_perm+0x459/0x520
[ 1161.977915][ T1293]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1161.977937][ T1293]  ? tomoyo_path_number_perm+0x263/0x520
[ 1161.987703][ T1293]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1161.987718][ T1293]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1161.987737][ T1293]  ? __kasan_check_read+0x11/0x20
[ 1161.987753][ T1293]  ? do_tty_hangup+0x30/0x30
[ 1161.987775][ T1293]  do_vfs_ioctl+0xdb6/0x13e0
[ 1162.017283][ T1293]  ? ioctl_preallocate+0x210/0x210
[ 1162.017297][ T1293]  ? __fget+0x384/0x560
[ 1162.017322][ T1293]  ? ksys_dup3+0x3e0/0x3e0
[ 1162.026922][ T1293]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.026947][ T1293]  ? fput_many+0x12c/0x1a0
[ 1162.051378][ T1293]  ? tomoyo_file_ioctl+0x23/0x30
[ 1162.051397][ T1293]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.051421][ T1293]  ? security_file_ioctl+0x8d/0xc0
[ 1162.072069][ T1293]  ksys_ioctl+0xab/0xd0
[ 1162.076224][ T1293]  __x64_sys_ioctl+0x73/0xb0
[ 1162.080825][ T1293]  do_syscall_64+0xfd/0x6a0
[ 1162.080844][ T1293]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1162.080855][ T1293] RIP: 0033:0x459829
12:26:16 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x40045431, 0x4)

[ 1162.080876][ T1293] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1162.114750][ T1293] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1162.114765][ T1293] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1162.114773][ T1293] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1162.114781][ T1293] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1162.114788][ T1293] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1162.114795][ T1293] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1162.189625][ T1272] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1162.205622][ T1293] Bluetooth: Can't register HCI device
12:26:16 executing program 4 (fault-call:2 fault-nth:22):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:16 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x40045436, 0x4)

[ 1162.256523][ T1322] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:16 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf9a10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1162.388647][ T1542] FAULT_INJECTION: forcing a failure.
[ 1162.388647][ T1542] name failslab, interval 1, probability 0, space 0, times 0
[ 1162.405287][ T1278] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1162.409292][ T1542] CPU: 1 PID: 1542 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1162.421688][ T1542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1162.431741][ T1542] Call Trace:
12:26:16 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:16 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1162.435039][ T1542]  dump_stack+0x172/0x1f0
[ 1162.439376][ T1542]  should_fail.cold+0xa/0x15
[ 1162.444080][ T1542]  ? fault_create_debugfs_attr+0x180/0x180
[ 1162.449893][ T1542]  ? page_to_nid.part.0+0x20/0x20
[ 1162.455006][ T1542]  ? ___might_sleep+0x163/0x280
[ 1162.459869][ T1542]  __should_failslab+0x121/0x190
[ 1162.464811][ T1542]  should_failslab+0x9/0x14
[ 1162.469322][ T1542]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1162.474790][ T1542]  ? __kasan_check_read+0x11/0x20
[ 1162.478332][ T1589] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1162.479819][ T1542]  ? do_raw_spin_unlock+0x57/0x270
[ 1162.479840][ T1542]  get_device_parent.isra.0+0x34c/0x560
[ 1162.479855][ T1542]  device_add+0x2df/0x17a0
[ 1162.479876][ T1542]  ? get_device_parent.isra.0+0x560/0x560
[ 1162.498749][ T1542]  ? up_write+0x9d/0x280
[ 1162.498777][ T1542]  hci_register_dev+0x2e8/0x8f0
[ 1162.498797][ T1542]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1162.498819][ T1542]  tty_ioctl+0xaf9/0x14f0
[ 1162.508928][ T1542]  ? hci_uart_init_work+0x180/0x180
[ 1162.508944][ T1542]  ? do_tty_hangup+0x30/0x30
[ 1162.508961][ T1542]  ? tomoyo_path_number_perm+0x459/0x520
[ 1162.508985][ T1542]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.518065][ T1542]  ? tomoyo_path_number_perm+0x263/0x520
[ 1162.518084][ T1542]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1162.518100][ T1542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.518122][ T1542]  ? __kasan_check_read+0x11/0x20
[ 1162.527451][ T1542]  ? do_tty_hangup+0x30/0x30
[ 1162.527468][ T1542]  do_vfs_ioctl+0xdb6/0x13e0
[ 1162.527484][ T1542]  ? ioctl_preallocate+0x210/0x210
[ 1162.527496][ T1542]  ? __fget+0x384/0x560
[ 1162.527512][ T1542]  ? ksys_dup3+0x3e0/0x3e0
[ 1162.527535][ T1542]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.602077][ T1542]  ? fput_many+0x12c/0x1a0
[ 1162.606489][ T1542]  ? tomoyo_file_ioctl+0x23/0x30
[ 1162.611414][ T1542]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.617660][ T1542]  ? security_file_ioctl+0x8d/0xc0
[ 1162.622760][ T1542]  ksys_ioctl+0xab/0xd0
[ 1162.626912][ T1542]  __x64_sys_ioctl+0x73/0xb0
[ 1162.631502][ T1542]  do_syscall_64+0xfd/0x6a0
[ 1162.635988][ T1542]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1162.641863][ T1542] RIP: 0033:0x459829
[ 1162.645756][ T1542] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1162.665615][ T1542] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1162.674016][ T1542] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
12:26:16 executing program 4 (fault-call:2 fault-nth:23):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1162.682010][ T1542] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1162.690247][ T1542] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1162.698325][ T1542] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1162.706296][ T1542] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1162.722874][ T1542] Bluetooth: Can't register HCI device
12:26:17 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400454ca, 0x4)

[ 1162.753577][ T1571] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:17 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pread64(r1, &(0x7f0000000280)=""/196, 0xc4, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f00000003c0)="164910122ed6e12cf8c8c40ec944ee5930c6034f42a8ca621f", 0xffffffffffffffe2)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)

[ 1162.855228][ T1680] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1162.875041][ T1680] FAULT_INJECTION: forcing a failure.
[ 1162.875041][ T1680] name failslab, interval 1, probability 0, space 0, times 0
[ 1162.887867][ T1680] CPU: 1 PID: 1680 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1162.895867][ T1680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1162.895873][ T1680] Call Trace:
[ 1162.895900][ T1680]  dump_stack+0x172/0x1f0
[ 1162.895921][ T1680]  should_fail.cold+0xa/0x15
[ 1162.895940][ T1680]  ? fault_create_debugfs_attr+0x180/0x180
[ 1162.895961][ T1680]  ? page_to_nid.part.0+0x20/0x20
[ 1162.895978][ T1680]  ? ___might_sleep+0x163/0x280
[ 1162.895995][ T1680]  __should_failslab+0x121/0x190
[ 1162.896011][ T1680]  should_failslab+0x9/0x14
[ 1162.896023][ T1680]  kmem_cache_alloc+0x2aa/0x710
[ 1162.896037][ T1680]  ? __kasan_check_write+0x14/0x20
[ 1162.896053][ T1680]  ? lock_downgrade+0x920/0x920
[ 1162.896077][ T1680]  __kernfs_new_node+0xf0/0x6c0
[ 1162.909416][ T1680]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1162.909438][ T1680]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1162.909450][ T1680]  ? irq_work_claim+0x98/0xc0
[ 1162.909471][ T1680]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.918359][ T1680]  ? irq_work_queue+0x30/0x90
[ 1162.918375][ T1680]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.918388][ T1680]  ? wake_up_klogd+0x99/0xd0
[ 1162.918408][ T1680]  kernfs_new_node+0x96/0x120
[ 1162.918426][ T1680]  kernfs_create_dir_ns+0x52/0x160
[ 1162.918442][ T1680]  sysfs_create_dir_ns+0x136/0x290
[ 1162.918462][ T1680]  ? sysfs_create_mount_point+0xa0/0xa0
[ 1162.929284][ T1680]  ? kobject_add_internal+0x177/0x380
[ 1162.929307][ T1680]  kobject_add_internal.cold+0x116/0x662
[ 1162.929325][ T1680]  kobject_add+0x150/0x1c0
[ 1162.929347][ T1680]  ? kset_create_and_add+0x1a0/0x1a0
[ 1162.939200][ T1680]  ? kasan_kmalloc+0x9/0x10
[ 1162.939216][ T1680]  ? kmem_cache_alloc_trace+0x346/0x790
12:26:17 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400454ce, 0x4)

[ 1162.939238][ T1680]  get_device_parent.isra.0+0x413/0x560
[ 1162.939257][ T1680]  device_add+0x2df/0x17a0
[ 1162.948599][ T1680]  ? get_device_parent.isra.0+0x560/0x560
[ 1162.948611][ T1680]  ? start_creating+0x116/0x1d0
[ 1162.948629][ T1680]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1162.948646][ T1680]  hci_register_dev+0x2e8/0x8f0
[ 1162.948672][ T1680]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1162.948693][ T1680]  tty_ioctl+0xaf9/0x14f0
[ 1162.958626][ T1680]  ? hci_uart_init_work+0x180/0x180
[ 1162.958643][ T1680]  ? do_tty_hangup+0x30/0x30
[ 1162.958660][ T1680]  ? tomoyo_path_number_perm+0x459/0x520
[ 1162.958686][ T1680]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.968976][ T1680]  ? tomoyo_path_number_perm+0x263/0x520
[ 1162.968995][ T1680]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1162.969012][ T1680]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.969030][ T1680]  ? __kasan_check_read+0x11/0x20
[ 1162.969047][ T1680]  ? do_tty_hangup+0x30/0x30
[ 1162.969068][ T1680]  do_vfs_ioctl+0xdb6/0x13e0
[ 1162.979964][ T1680]  ? ioctl_preallocate+0x210/0x210
[ 1162.979978][ T1680]  ? __fget+0x384/0x560
[ 1162.979994][ T1680]  ? ksys_dup3+0x3e0/0x3e0
[ 1162.980011][ T1680]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1162.980031][ T1680]  ? fput_many+0x12c/0x1a0
[ 1162.991030][ T1680]  ? tomoyo_file_ioctl+0x23/0x30
[ 1162.991049][ T1680]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1162.991064][ T1680]  ? security_file_ioctl+0x8d/0xc0
[ 1162.991084][ T1680]  ksys_ioctl+0xab/0xd0
[ 1163.001900][ T1680]  __x64_sys_ioctl+0x73/0xb0
12:26:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfaa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1163.001920][ T1680]  do_syscall_64+0xfd/0x6a0
[ 1163.001937][ T1680]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1163.001955][ T1680] RIP: 0033:0x459829
[ 1163.015925][ T1595] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1163.016851][ T1680] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1163.143015][ T1680] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
12:26:17 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455cb, 0x4)

[ 1163.152785][ T1680] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1163.152793][ T1680] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1163.152800][ T1680] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1163.152809][ T1680] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1163.152817][ T1680] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1163.158185][ T1680] kobject_add_internal failed for bluetooth (error: -12 parent: virtual)
12:26:17 executing program 4 (fault-call:2 fault-nth:24):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:17 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1163.316130][ T1680] Bluetooth: Can't register HCI device
[ 1163.346844][ T1931] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:17 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfba10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1163.460488][ T2037] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1163.489411][ T2037] FAULT_INJECTION: forcing a failure.
[ 1163.489411][ T2037] name failslab, interval 1, probability 0, space 0, times 0
[ 1163.498214][ T2063] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:17 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1163.519447][ T2037] CPU: 1 PID: 2037 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1163.527461][ T2037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1163.537521][ T2037] Call Trace:
[ 1163.540820][ T2037]  dump_stack+0x172/0x1f0
[ 1163.545157][ T2037]  should_fail.cold+0xa/0x15
[ 1163.549759][ T2037]  ? page_to_nid.part.0+0x20/0x20
[ 1163.554798][ T2037]  ? fault_create_debugfs_attr+0x180/0x180
[ 1163.560624][ T2037]  ? page_to_nid.part.0+0x20/0x20
[ 1163.565655][ T2037]  ? ___might_sleep+0x163/0x280
[ 1163.570512][ T2037]  __should_failslab+0x121/0x190
[ 1163.570530][ T2037]  should_failslab+0x9/0x14
[ 1163.570550][ T2037]  kmem_cache_alloc+0x2aa/0x710
[ 1163.584822][ T2037]  ? memcpy+0x46/0x50
[ 1163.584841][ T2037]  ? kstrdup+0x5a/0x70
[ 1163.584860][ T2037]  __kernfs_new_node+0xf0/0x6c0
[ 1163.584876][ T2037]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1163.584903][ T2037]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1163.599245][ T2037]  ? irq_work_claim+0x98/0xc0
[ 1163.599264][ T2037]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1163.599276][ T2037]  ? irq_work_queue+0x30/0x90
[ 1163.599299][ T2037]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1163.611402][ T2037]  ? wake_up_klogd+0x99/0xd0
[ 1163.611424][ T2037]  kernfs_new_node+0x96/0x120
[ 1163.611446][ T2037]  kernfs_create_dir_ns+0x52/0x160
[ 1163.611469][ T2037]  sysfs_create_dir_ns+0x136/0x290
[ 1163.622374][ T2037]  ? sysfs_create_mount_point+0xa0/0xa0
[ 1163.622393][ T2037]  ? kobject_add_internal+0x177/0x380
[ 1163.622410][ T2037]  ? class_dir_child_ns_type+0xd/0x60
[ 1163.622432][ T2037]  kobject_add_internal.cold+0x116/0x662
[ 1163.633337][ T2037]  kobject_add+0x150/0x1c0
[ 1163.633354][ T2037]  ? kset_create_and_add+0x1a0/0x1a0
[ 1163.633375][ T2037]  ? mutex_unlock+0xd/0x10
[ 1163.633397][ T2037]  device_add+0x3b7/0x17a0
[ 1163.642638][ T2037]  ? get_device_parent.isra.0+0x560/0x560
[ 1163.642652][ T2037]  ? start_creating+0x116/0x1d0
[ 1163.642671][ T2037]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1163.642692][ T2037]  hci_register_dev+0x2e8/0x8f0
12:26:17 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x40047451, 0x4)

[ 1163.652894][ T2037]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1163.652912][ T2037]  tty_ioctl+0xaf9/0x14f0
[ 1163.652926][ T2037]  ? hci_uart_init_work+0x180/0x180
[ 1163.652940][ T2037]  ? do_tty_hangup+0x30/0x30
[ 1163.652964][ T2037]  ? tomoyo_path_number_perm+0x459/0x520
[ 1163.663849][ T2037]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1163.663867][ T2037]  ? tomoyo_path_number_perm+0x263/0x520
[ 1163.663884][ T2037]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1163.663906][ T2037]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1163.674892][ T2037]  ? __kasan_check_read+0x11/0x20
12:26:18 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x7, &(0x7f00000002c0)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1163.674911][ T2037]  ? do_tty_hangup+0x30/0x30
[ 1163.674927][ T2037]  do_vfs_ioctl+0xdb6/0x13e0
[ 1163.674942][ T2037]  ? ioctl_preallocate+0x210/0x210
[ 1163.674964][ T2037]  ? __fget+0x384/0x560
[ 1163.685121][ T2037]  ? ksys_dup3+0x3e0/0x3e0
[ 1163.685139][ T2037]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1163.685153][ T2037]  ? fput_many+0x12c/0x1a0
[ 1163.685170][ T2037]  ? tomoyo_file_ioctl+0x23/0x30
[ 1163.685186][ T2037]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1163.685207][ T2037]  ? security_file_ioctl+0x8d/0xc0
[ 1163.694034][ T2037]  ksys_ioctl+0xab/0xd0
[ 1163.694051][ T2037]  __x64_sys_ioctl+0x73/0xb0
[ 1163.694068][ T2037]  do_syscall_64+0xfd/0x6a0
[ 1163.694097][ T2037]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1163.704631][ T2037] RIP: 0033:0x459829
[ 1163.715695][ T2037] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1163.715704][ T2037] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1163.715718][ T2037] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1163.715727][ T2037] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1163.715735][ T2037] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1163.715743][ T2037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1163.715750][ T2037] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1163.912324][ T2037] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth)
12:26:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x40049409, 0x4)

[ 1163.935663][ T2037] Bluetooth: Can't register HCI device
12:26:18 executing program 4 (fault-call:2 fault-nth:25):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1163.976548][ T2072] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:18 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1164.052983][ T2201] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
12:26:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882d, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfca10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1164.123376][ T2201] FAULT_INJECTION: forcing a failure.
[ 1164.123376][ T2201] name failslab, interval 1, probability 0, space 0, times 0
[ 1164.202336][ T2201] CPU: 0 PID: 2201 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1164.210443][ T2201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1164.220507][ T2201] Call Trace:
[ 1164.223834][ T2201]  dump_stack+0x172/0x1f0
[ 1164.228179][ T2201]  should_fail.cold+0xa/0x15
[ 1164.232784][ T2201]  ? fault_create_debugfs_attr+0x180/0x180
[ 1164.238608][ T2201]  ? page_to_nid.part.0+0x20/0x20
[ 1164.243644][ T2201]  ? ___might_sleep+0x163/0x280
12:26:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4008ae89, 0x4)

[ 1164.248520][ T2201]  __should_failslab+0x121/0x190
[ 1164.253470][ T2201]  should_failslab+0x9/0x14
[ 1164.257987][ T2201]  __kmalloc_track_caller+0x2dc/0x760
[ 1164.263364][ T2201]  ? __kasan_check_read+0x11/0x20
[ 1164.268409][ T2201]  ? __mutex_lock+0x3da/0x1340
[ 1164.273174][ T2201]  ? kstrdup_const+0x66/0x80
[ 1164.277767][ T2201]  kstrdup+0x3a/0x70
[ 1164.277781][ T2201]  kstrdup_const+0x66/0x80
[ 1164.277796][ T2201]  __kernfs_new_node+0xb1/0x6c0
[ 1164.277813][ T2201]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1164.277829][ T2201]  ? wait_for_completion+0x440/0x440
12:26:18 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfda10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1164.277850][ T2201]  ? sysfs_do_create_link_sd.isra.0+0x82/0x130
[ 1164.307830][ T2201]  ? __kasan_check_read+0x11/0x20
[ 1164.312856][ T2201]  ? __kasan_check_write+0x14/0x20
[ 1164.317970][ T2201]  kernfs_new_node+0x96/0x120
[ 1164.317991][ T2201]  kernfs_create_link+0xd7/0x250
[ 1164.327599][ T2201]  sysfs_do_create_link_sd.isra.0+0x90/0x130
[ 1164.333585][ T2201]  sysfs_create_link+0x65/0xc0
[ 1164.333602][ T2201]  device_add+0x75c/0x17a0
[ 1164.333620][ T2201]  ? get_device_parent.isra.0+0x560/0x560
[ 1164.333640][ T2201]  ? start_creating+0x116/0x1d0
[ 1164.353432][ T2201]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1164.359678][ T2201]  hci_register_dev+0x2e8/0x8f0
[ 1164.359699][ T2201]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1164.359716][ T2201]  tty_ioctl+0xaf9/0x14f0
[ 1164.359736][ T2201]  ? hci_uart_init_work+0x180/0x180
[ 1164.373936][ T2201]  ? do_tty_hangup+0x30/0x30
[ 1164.373955][ T2201]  ? tomoyo_path_number_perm+0x459/0x520
[ 1164.373974][ T2201]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1164.373995][ T2201]  ? tomoyo_path_number_perm+0x263/0x520
12:26:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4018620d, 0x4)

[ 1164.383764][ T2201]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1164.401221][ T2201]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1164.401243][ T2201]  ? __kasan_check_read+0x11/0x20
[ 1164.418263][ T2201]  ? do_tty_hangup+0x30/0x30
[ 1164.418284][ T2201]  do_vfs_ioctl+0xdb6/0x13e0
[ 1164.427535][ T2201]  ? ioctl_preallocate+0x210/0x210
[ 1164.432650][ T2201]  ? __fget+0x384/0x560
[ 1164.436827][ T2201]  ? ksys_dup3+0x3e0/0x3e0
[ 1164.441247][ T2201]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1164.441263][ T2201]  ? fput_many+0x12c/0x1a0
[ 1164.441281][ T2201]  ? tomoyo_file_ioctl+0x23/0x30
[ 1164.441302][ T2201]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1164.456853][ T2201]  ? security_file_ioctl+0x8d/0xc0
[ 1164.456868][ T2201]  ksys_ioctl+0xab/0xd0
[ 1164.456882][ T2201]  __x64_sys_ioctl+0x73/0xb0
[ 1164.456899][ T2201]  do_syscall_64+0xfd/0x6a0
[ 1164.456921][ T2201]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1164.468238][ T2201] RIP: 0033:0x459829
[ 1164.468254][ T2201] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1164.468262][ T2201] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1164.468274][ T2201] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1164.468281][ T2201] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1164.468289][ T2201] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1164.468296][ T2201] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1164.468303][ T2201] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1164.566830][ T2201] Bluetooth: Can't register HCI device
12:26:18 executing program 4 (fault-call:2 fault-nth:26):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:18 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4020940d, 0x4)

12:26:18 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1164.737390][ T2587] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
12:26:19 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
creat(&(0x7f0000000280)='./file0\x00', 0x108)

12:26:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfea10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:19 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1164.782859][ T2587] FAULT_INJECTION: forcing a failure.
[ 1164.782859][ T2587] name failslab, interval 1, probability 0, space 0, times 0
[ 1164.849914][ T2587] CPU: 0 PID: 2587 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1164.857936][ T2587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1164.867985][ T2587] Call Trace:
[ 1164.868008][ T2587]  dump_stack+0x172/0x1f0
[ 1164.868028][ T2587]  should_fail.cold+0xa/0x15
[ 1164.868043][ T2587]  ? page_to_nid.part.0+0x20/0x20
[ 1164.868059][ T2587]  ? fault_create_debugfs_attr+0x180/0x180
[ 1164.868081][ T2587]  ? page_to_nid.part.0+0x20/0x20
[ 1164.875676][ T2587]  ? ___might_sleep+0x163/0x280
[ 1164.875696][ T2587]  __should_failslab+0x121/0x190
[ 1164.875712][ T2587]  should_failslab+0x9/0x14
[ 1164.875724][ T2587]  kmem_cache_alloc+0x2aa/0x710
[ 1164.875735][ T2587]  ? memcpy+0x46/0x50
[ 1164.875750][ T2587]  ? kstrdup+0x5a/0x70
[ 1164.875769][ T2587]  __kernfs_new_node+0xf0/0x6c0
[ 1164.875790][ T2587]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1164.896166][ T2587]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1164.896178][ T2587]  ? irq_work_claim+0x98/0xc0
[ 1164.896194][ T2587]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1164.896204][ T2587]  ? irq_work_queue+0x30/0x90
[ 1164.896219][ T2587]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1164.896241][ T2587]  ? wake_up_klogd+0x99/0xd0
[ 1164.928195][ T2587]  kernfs_new_node+0x96/0x120
[ 1164.939858][ T2587]  kernfs_create_dir_ns+0x52/0x160
[ 1164.939873][ T2587]  sysfs_create_dir_ns+0x136/0x290
[ 1164.939886][ T2587]  ? sysfs_create_mount_point+0xa0/0xa0
[ 1164.939902][ T2587]  ? kobject_add_internal+0x177/0x380
[ 1164.939927][ T2587]  ? class_dir_child_ns_type+0xd/0x60
[ 1164.950820][ T2587]  kobject_add_internal.cold+0x116/0x662
[ 1164.950839][ T2587]  kobject_add+0x150/0x1c0
[ 1164.950861][ T2587]  ? kset_create_and_add+0x1a0/0x1a0
[ 1164.961753][ T2587]  ? mutex_unlock+0xd/0x10
[ 1164.961773][ T2587]  device_add+0x3b7/0x17a0
[ 1164.961799][ T2587]  ? get_device_parent.isra.0+0x560/0x560
[ 1164.976217][ T2587]  ? start_creating+0x116/0x1d0
[ 1164.976237][ T2587]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1164.976259][ T2587]  hci_register_dev+0x2e8/0x8f0
[ 1164.986911][ T2587]  hci_uart_tty_ioctl+0x87e/0xc00
12:26:19 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4020ae46, 0x4)

[ 1164.986929][ T2587]  tty_ioctl+0xaf9/0x14f0
[ 1164.986943][ T2587]  ? hci_uart_init_work+0x180/0x180
[ 1164.986956][ T2587]  ? do_tty_hangup+0x30/0x30
[ 1164.986971][ T2587]  ? tomoyo_path_number_perm+0x459/0x520
[ 1164.986995][ T2587]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1164.997703][ T2587]  ? tomoyo_path_number_perm+0x263/0x520
[ 1164.997721][ T2587]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1164.997737][ T2587]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1164.997758][ T2587]  ? __kasan_check_read+0x11/0x20
[ 1164.997774][ T2587]  ? do_tty_hangup+0x30/0x30
[ 1164.997788][ T2587]  do_vfs_ioctl+0xdb6/0x13e0
[ 1164.997803][ T2587]  ? ioctl_preallocate+0x210/0x210
[ 1164.997815][ T2587]  ? __fget+0x384/0x560
[ 1164.997836][ T2587]  ? ksys_dup3+0x3e0/0x3e0
[ 1165.007866][ T2587]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1165.007883][ T2587]  ? fput_many+0x12c/0x1a0
[ 1165.007900][ T2587]  ? tomoyo_file_ioctl+0x23/0x30
[ 1165.007922][ T2587]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1165.017605][ T2587]  ? security_file_ioctl+0x8d/0xc0
[ 1165.017622][ T2587]  ksys_ioctl+0xab/0xd0
[ 1165.017637][ T2587]  __x64_sys_ioctl+0x73/0xb0
[ 1165.017654][ T2587]  do_syscall_64+0xfd/0x6a0
[ 1165.017670][ T2587]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1165.017679][ T2587] RIP: 0033:0x459829
[ 1165.017695][ T2587] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1165.017710][ T2587] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1165.027827][ T2587] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1165.027836][ T2587] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1165.027844][ T2587] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1165.027853][ T2587] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1165.027861][ T2587] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1165.081626][ T2587] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth)
12:26:19 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x402c5342, 0x4)

[ 1165.127416][ T2587] Bluetooth: Can't register HCI device
12:26:19 executing program 4 (fault-call:2 fault-nth:27):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1165.331401][ T2860] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1165.343373][ T2860] FAULT_INJECTION: forcing a failure.
[ 1165.343373][ T2860] name failslab, interval 1, probability 0, space 0, times 0
[ 1165.373359][ T2860] CPU: 0 PID: 2860 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1165.381381][ T2860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1165.391447][ T2860] Call Trace:
[ 1165.391472][ T2860]  dump_stack+0x172/0x1f0
[ 1165.391491][ T2860]  should_fail.cold+0xa/0x15
[ 1165.391506][ T2860]  ? page_to_nid.part.0+0x20/0x20
[ 1165.391521][ T2860]  ? fault_create_debugfs_attr+0x180/0x180
[ 1165.391536][ T2860]  ? page_to_nid.part.0+0x20/0x20
12:26:19 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x4090ae82, 0x4)

[ 1165.391551][ T2860]  ? ___might_sleep+0x163/0x280
[ 1165.391574][ T2860]  __should_failslab+0x121/0x190
[ 1165.429427][ T2860]  should_failslab+0x9/0x14
[ 1165.433941][ T2860]  kmem_cache_alloc+0x2aa/0x710
[ 1165.438792][ T2860]  ? memcpy+0x46/0x50
[ 1165.442772][ T2860]  ? kstrdup+0x5a/0x70
[ 1165.442799][ T2860]  __kernfs_new_node+0xf0/0x6c0
[ 1165.451700][ T2860]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1165.451725][ T2860]  ? wait_for_completion+0x440/0x440
[ 1165.462447][ T2860]  ? sysfs_do_create_link_sd.isra.0+0x82/0x130
[ 1165.462462][ T2860]  ? __kasan_check_read+0x11/0x20
[ 1165.462482][ T2860]  ? __kasan_check_write+0x14/0x20
[ 1165.478728][ T2860]  kernfs_new_node+0x96/0x120
[ 1165.478743][ T2860]  kernfs_create_link+0xd7/0x250
[ 1165.478761][ T2860]  sysfs_do_create_link_sd.isra.0+0x90/0x130
[ 1165.478775][ T2860]  sysfs_create_link+0x65/0xc0
[ 1165.478788][ T2860]  device_add+0x75c/0x17a0
[ 1165.478803][ T2860]  ? get_device_parent.isra.0+0x560/0x560
[ 1165.478824][ T2860]  ? start_creating+0x116/0x1d0
[ 1165.499745][ T2860]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1165.499764][ T2860]  hci_register_dev+0x2e8/0x8f0
[ 1165.499783][ T2860]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1165.499804][ T2860]  tty_ioctl+0xaf9/0x14f0
[ 1165.509911][ T2860]  ? hci_uart_init_work+0x180/0x180
[ 1165.509925][ T2860]  ? do_tty_hangup+0x30/0x30
[ 1165.509942][ T2860]  ? tomoyo_path_number_perm+0x459/0x520
[ 1165.509961][ T2860]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1165.509975][ T2860]  ? tomoyo_path_number_perm+0x263/0x520
[ 1165.509990][ T2860]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1165.510004][ T2860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1165.510025][ T2860]  ? __kasan_check_read+0x11/0x20
[ 1165.521098][ T2860]  ? do_tty_hangup+0x30/0x30
[ 1165.521114][ T2860]  do_vfs_ioctl+0xdb6/0x13e0
[ 1165.521130][ T2860]  ? ioctl_preallocate+0x210/0x210
[ 1165.521150][ T2860]  ? __fget+0x384/0x560
[ 1165.531118][ T2860]  ? ksys_dup3+0x3e0/0x3e0
[ 1165.531135][ T2860]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1165.531149][ T2860]  ? fput_many+0x12c/0x1a0
[ 1165.531170][ T2860]  ? tomoyo_file_ioctl+0x23/0x30
12:26:19 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xff7f0000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1165.540669][ T2860]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1165.540687][ T2860]  ? security_file_ioctl+0x8d/0xc0
[ 1165.540702][ T2860]  ksys_ioctl+0xab/0xd0
[ 1165.540721][ T2860]  __x64_sys_ioctl+0x73/0xb0
[ 1165.550955][ T2860]  do_syscall_64+0xfd/0x6a0
[ 1165.550973][ T2860]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1165.550984][ T2860] RIP: 0033:0x459829
[ 1165.551005][ T2860] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1165.563121][ T2860] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1165.563134][ T2860] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1165.563142][ T2860] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1165.563150][ T2860] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1165.563158][ T2860] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
12:26:19 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x800443d2, 0x4)

[ 1165.563166][ T2860] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1165.706564][ T2860] Bluetooth: Can't register HCI device
12:26:20 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1882f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:20 executing program 4 (fault-call:2 fault-nth:28):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:20 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
lseek(r0, 0x0, 0x2)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f00000002c0)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f0000000280), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:26:20 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:20 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xffa10100, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:20 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80045430, 0x4)

[ 1165.911953][ T3180] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1165.983354][ T3180] FAULT_INJECTION: forcing a failure.
[ 1165.983354][ T3180] name failslab, interval 1, probability 0, space 0, times 0
[ 1166.069797][ T3180] CPU: 1 PID: 3180 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1166.077812][ T3180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1166.077819][ T3180] Call Trace:
[ 1166.077844][ T3180]  dump_stack+0x172/0x1f0
[ 1166.077867][ T3180]  should_fail.cold+0xa/0x15
[ 1166.077892][ T3180]  ? fault_create_debugfs_attr+0x180/0x180
[ 1166.095581][ T3180]  ? page_to_nid.part.0+0x20/0x20
[ 1166.095597][ T3180]  ? ___might_sleep+0x163/0x280
[ 1166.095616][ T3180]  __should_failslab+0x121/0x190
[ 1166.095639][ T3180]  should_failslab+0x9/0x14
[ 1166.106013][ T3180]  kmem_cache_alloc+0x2aa/0x710
[ 1166.106031][ T3180]  ? mutex_unlock+0xd/0x10
[ 1166.106049][ T3180]  __kernfs_new_node+0xf0/0x6c0
[ 1166.106072][ T3180]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1166.115962][ T3180]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1166.115977][ T3180]  ? __kernfs_create_file+0x2a3/0x33b
[ 1166.115993][ T3180]  ? sysfs_do_create_link_sd.isra.0+0x82/0x130
[ 1166.116006][ T3180]  ? __kasan_check_read+0x11/0x20
[ 1166.116026][ T3180]  ? __kasan_check_write+0x14/0x20
[ 1166.125454][ T3180]  kernfs_new_node+0x96/0x120
[ 1166.125471][ T3180]  kernfs_create_link+0xd7/0x250
[ 1166.125494][ T3180]  sysfs_do_create_link_sd.isra.0+0x90/0x130
[ 1166.125509][ T3180]  sysfs_create_link+0x65/0xc0
[ 1166.125532][ T3180]  device_add+0x635/0x17a0
[ 1166.134783][ T3180]  ? get_device_parent.isra.0+0x560/0x560
[ 1166.134796][ T3180]  ? start_creating+0x116/0x1d0
[ 1166.134814][ T3180]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1166.134831][ T3180]  hci_register_dev+0x2e8/0x8f0
[ 1166.134853][ T3180]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1166.145174][ T3180]  tty_ioctl+0xaf9/0x14f0
[ 1166.145192][ T3180]  ? hci_uart_init_work+0x180/0x180
[ 1166.145205][ T3180]  ? do_tty_hangup+0x30/0x30
[ 1166.145220][ T3180]  ? tomoyo_path_number_perm+0x459/0x520
[ 1166.145261][ T3180]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1166.168006][ T3180]  ? tomoyo_path_number_perm+0x263/0x520
[ 1166.182719][ T3180]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1166.182736][ T3180]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
12:26:20 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18830, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1166.182758][ T3180]  ? __kasan_check_read+0x11/0x20
[ 1166.203719][ T3180]  ? do_tty_hangup+0x30/0x30
[ 1166.203737][ T3180]  do_vfs_ioctl+0xdb6/0x13e0
[ 1166.203754][ T3180]  ? ioctl_preallocate+0x210/0x210
[ 1166.203774][ T3180]  ? __fget+0x384/0x560
[ 1166.224779][ T3180]  ? ksys_dup3+0x3e0/0x3e0
[ 1166.224798][ T3180]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1166.224811][ T3180]  ? fput_many+0x12c/0x1a0
[ 1166.224828][ T3180]  ? tomoyo_file_ioctl+0x23/0x30
[ 1166.224842][ T3180]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
12:26:20 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80045432, 0x4)

[ 1166.224866][ T3180]  ? security_file_ioctl+0x8d/0xc0
[ 1166.239014][ T3180]  ksys_ioctl+0xab/0xd0
[ 1166.239031][ T3180]  __x64_sys_ioctl+0x73/0xb0
[ 1166.239049][ T3180]  do_syscall_64+0xfd/0x6a0
[ 1166.239078][ T3180]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1166.262458][ T3180] RIP: 0033:0x459829
[ 1166.262475][ T3180] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1166.262483][ T3180] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1166.262497][ T3180] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1166.262513][ T3180] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1166.288024][ T3180] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1166.288033][ T3180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1166.288042][ T3180] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:26:20 executing program 4 (fault-call:2 fault-nth:29):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1166.416680][ T3180] Bluetooth: Can't register HCI device
12:26:20 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80045438, 0x4)

[ 1166.558398][ T3549] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1166.586412][ T3549] FAULT_INJECTION: forcing a failure.
[ 1166.586412][ T3549] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1166.600104][ T3549] CPU: 1 PID: 3549 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1166.600114][ T3549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1166.600119][ T3549] Call Trace:
[ 1166.600146][ T3549]  dump_stack+0x172/0x1f0
[ 1166.600168][ T3549]  should_fail.cold+0xa/0x15
[ 1166.600183][ T3549]  ? __x64_sys_ioctl+0x73/0xb0
[ 1166.600202][ T3549]  ? fault_create_debugfs_attr+0x180/0x180
[ 1166.600231][ T3549]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1166.630518][ T3549]  ? node_tag_clear+0xf8/0x1f0
[ 1166.630538][ T3549]  should_fail_alloc_page+0x50/0x60
[ 1166.630560][ T3549]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1166.641124][ T3549]  ? __kasan_check_read+0x11/0x20
[ 1166.641142][ T3549]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1166.641166][ T3549]  ? __alloc_pages_slowpath+0x2520/0x2520
[ 1166.652149][ T3549]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1166.652165][ T3549]  ? __kasan_check_read+0x11/0x20
[ 1166.652193][ T3549]  ? fault_create_debugfs_attr+0x180/0x180
[ 1166.662823][ T3549]  cache_grow_begin+0x90/0xd20
[ 1166.662842][ T3549]  ? __kernfs_new_node+0xf0/0x6c0
[ 1166.662866][ T3549]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1166.674105][ T3549]  kmem_cache_alloc+0x64e/0x710
[ 1166.674119][ T3549]  ? memcpy+0x46/0x50
[ 1166.674143][ T3549]  __kernfs_new_node+0xf0/0x6c0
[ 1166.685469][ T3549]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1166.685487][ T3549]  ? wait_for_completion+0x440/0x440
[ 1166.685503][ T3549]  ? sysfs_do_create_link_sd.isra.0+0x82/0x130
[ 1166.685524][ T3549]  ? __kasan_check_read+0x11/0x20
[ 1166.696366][ T3549]  ? __kasan_check_write+0x14/0x20
[ 1166.696386][ T3549]  kernfs_new_node+0x96/0x120
12:26:21 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
ioctl$ASHMEM_PURGE_ALL_CACHES(r1, 0x770a, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000480)={<r2=>0x0, 0x1000, "8184270d4eff3b45cf89142746708062b5545726b2bd8f1eafd622431c5391bb1189acd3f57b25f7ad4c1f75aba697b24ef5ea83979635e26203d532365ceab4f742a4b1f28556cae26afa376c44fb9259f4737741a72b0cef7b5fd1e214a836152ff35b5d4627be26b53a43f587dec228dd20eaf6b8182bba5a5ee996fd93d0dfa99f6a8a502d56bdb56577df08499c0c2e266c949b26a664115306e42526f933b869696dc3d6cbcae453ffdcb1d66d106ae8f3d3111694577568675c8209b3ce5f0c8ddd0456c96232b640cb1408851114a2282827c56eb30828878066f761b0ba82073458316b7e8189cef87700e3d5fd14cb73d2fd5d5190c7ca8c20241090524e80d619eaa5dccb5707583dc0ee2fb2948d87d3a8d4b0241139085ca99e673a6f9b9aec08ff1ed40f70de4a8c68e964ede07f6833535a8e3174164249e2a4f25213c3286b8094ef27588defc949abc0b85c7db8c870b5766a2f5daa8fc09ad99d99de41512113f7638dd43d44a8a9b0cbc30ea418d4f350e37ea1952da9df369d26528c22dc79ce9ed5f0ac46a3e20e7f81968319f16486fa53d110cf4deb4ed7f1cfb3f2cc15bd9a2bc33e4bfbeb6923e090e51a1f11bb7c5efa194e32f08ba556ae83817f90e213f0d663c51214fb1e952d3854d2c0a51ed03b7a4054f03b08f79748a87eef5d6b0b389d1bce60ae9b9eaed25a0a3e2d7e4f5f7f6695f923a9d0fa73bd7dda3ce264acad95bb84c260f075fcd8dd7a65a0a23560a1f8259d9b0ba2e1b94aa8af15ae8263fed87fbe0dfe38075273ba8366bae4d3e35caae78288aa77de0e7be71440181da35a6e418878414f55cca6e6bc955c949b4acdd2ce065cb9fd98faca9db09fde0c4514f2ff50566e5f01f7363b80e166f955315684c03f339cc62113c68e2538487c9fc9b935bd876e85e04e00d531da603ee687bf7206ed4dfc5c5fbd6798cda228415ec61898fbc0e248748f7d3f6b75612adfc58027b8a340d44bfe72e6d9db770f10769b0ec7af3cd9eecca9ee6a33a5bbb365a9e65b8f1187251cfed884164d8316a89d92bdee0c8f426450305e974e87ca170962859d25ee912c5a0135ec7700e2177ce1110814f343a33ee6b561641a914f3df5cbc63a0f31a66cb73ee6b30cc8c5c332674f6c52d03796147ac5ae9302c541576973d0f543525f31e4b6b85abfb3f55aa8d4309e43b1a0603d2e34adbdc15e922cf43198feee15d31d82cbfd616055da058dadbc0b04a60d497c7380838e9a3c5f6d7ed606a719cb6dcfe2ba1f3603297387f7555287ddd16f1aec6ff2dd7c5e2807037408a78ec4fb240bfe9ee33d2acf5e0372c68e1a11288d3d02dff8a559e91cd4d9ac0264bb83141f11f5a3d3253f8d9791b8ca9f071483baadad37c82831a3280a77c4bc56350e16b33b35fc2c004df4978279ee0ea7d2029c5a077851858a04ca2a6d278e7c5a83b8aaaba8ee7ca4aee06bf027744f67dd03a539c5ff629099f707347aa2acc8755f39277d76499e86e02d01e1e6f792d6ee15bf5d0cdae63ec9bedb6f342f48265d2ea17313b173b1fe7392b1de987ab0db038fad691825af6c80a75e4ef6f8b3f60dae375b6a096f9739a023767415a868986d02369350365dd2b9870a0b22fb318d82c6a18fd327023cc08becaeca79ca3ca7e17b088102de6992a0fa74c9892df76b1ecbb4f5aee9309d03226045f2decda540f7286758ce10772ef91e6ea12f022f4f13b9eb130a142ce3cbb4d9467595b6e306c106aeaa5746efd84f90238466e3f55096b684770a4df697b773f49d72ad3ce97afca95355e911bbb0d013616373a0731167d37959a7ad9304dd84627d2ad26192bd79fadeddd7014fc777ee7a41488cae9e6a88c4b122e4d5518429c4e20dd8065b25abfd2bd966fd4515ed97b2521bfbe776812e0e0ccecb7ecff1753703f9b1d662432ace93e6cb0f7a92f28071bf712d19f30fbf8d14af5a1344464ba30321a519a03da557615c2722702e5c9f6a8600a3069468ce01cfbab5fdf7cfd92f1560c86a549cf170a36624397d3202894f381f469009f3dd29a97747ef56fd4bc0e58eadd7467020a52b42533e22804585d62463d2b684787591ee25bd9c6cae8038c11ab12df7519a979365ac99df568eb95b013234175ef23cff1561e3421d589a2a8c1e9811f1bbc2729381b0d80c487d6f70e270fa3a48eed3f35908cd8a90e5407f7cbd6331a824ef7a06504f12ee2a4f31c47ee5eb840a74252643697930d7a8e24c800857f2ec04bf5ec10f0e25faf3a825eb3a8138ffe270f50f04d7a600b1a1ef559d88284e367a9c1d26809d60b7cd345142e34ea9131fcbb87fd3500a25212789613adc24ba4c6cc3c2eda1a78647a11f8b4ff4331637308b697a51c5ca61e2049cfe49f517e49f6be38ba3c75e3cfd067a8aea534228c82b9b1baeffa4a0edef57e9d6dc9f85f527b168552f7dc74dfbbce5364d93dbc141591496bb33f61d59c1909a71c37ca7843efb82a83afedb3d1aa61b1361d00d8d14e7d79098c493d22f8c287c6af78080aff61307835b2a22bb7236ada13f39c1a70174a04c80e7106918a8e91dd522a81b8675a4f054ac5f88170aee9a8530e95711189dd4a678b456347ca78fdb091b93002fb44eb32f4218bfcbe789776d9bab890bce4d489137a6eb514c6045e39583153e79790a499ce9a266adb1b4a46e7fb83d175a95ab0b5392aac6988d6113442e72ba92e9d24a6e378b604d7f2f7a9bc849c75383727b8588950a20adea82a76461c846f870eed2677d19e68d1ca2649461050b880b91ed469964e535a839eb0d48c8f3b35f7b030644e921e6d0992ad20e6ecfbb6da55c190c58bdc23760abe01539c1c85eec5b904a506fba4c80b4545b4b138f9acdadbd0c404ddf020f16641ff6d629ce87af5835a0c3594d7ecb6fdca2b45aa19b43609d7901df62ba072cd798041e376c89deaa960fdb728f579cbf36bfa182a4b122ae9d54461e0f3fe5ca739e06db901349707cbdf0be4c39ec9a5a406c4c4133d3823d7a0a2745a7f3077b3e2fb88c71eed92440b94db02014fa7ef9f5c8acce91c65527b704f4806ee28d481f1490f7d79d1fecbed1cb8d74051b9cdf6adaa260239020ac403f88c0c23c6f796eadfcbe88787a16bdee594d641369364e0e77fbb5b49483aa422202f418d33fda4e743befad84b1ed280d3b176ee91b3dc0b5df2afe368da99287cc7a94b571daf9f5514c2290ee4ea0dafda5df9ba3ccfaeaa58662350e252f0b571bba881195145797104f68160a9e2ac564c497c41825708535d525b980ffe7209e5a6a02565e8079ae3154c220bbce9de70b8f2178f8fc234f6e13b65fb18ada44fa349adf9c4acd36106d61d433f71776633832d90a1c3cc6db733e716e424df31eb56b8f08b36a81237db4cbcf461b9353fb264021a519d8f7fa6362683795b8ebd3a55550c3d88061db57a15c06990bb733c1d46bc5737f2cfaf5d965cbbc2953cfcb2182996d47ac078d47ebc8938f0f8401b015984e0be8bd5eac400497c6de1eb2d338b1dda8666839f12afa60194fae7f4b2ee01f02873be5c5325680f5aa57bb65abf74140787d6507455ad094ce1728ed60828a5c6dcf7a70f5053cc5ecd80c919f6267be6def51b08ac36d5d264393a2825af1fcf6841050f5ab738d5777f6401b2cb56f56bbf553abd2f58f6e15d7a7b3778cd26cf38c23cc9be3d6a9d4ed0ed3894674be285f371305e6255889cf678c5a570d83ef7070ea97170d4d8c06b9886352dd8934c0bd3ddd1fefa8785706d26950e38202df6ed3fb1eb497723292c9ff4fb0e7d26cf2ba04f7cc778d554906727276d4a7f966e042d10ca9be0f51e8b436ef3d1db941135166166ac01c0c55561cabc2b62ed3efded00ece3f3c8d210371724ba20b0fcc55ff16c0d3e65ea1c97833cf1e6d2d7298dded626ec21042057e3fee460cb052a75c9c9289c196080c1ad16124bda490061c0d044786d5e91f0a02d7838d69ca42694f2e22271a099a181c53f09a94d28cb88631651de117be4a9e80a872385e31c2e17772b5b6f5fb57b3a5e46588da784c8a45e0f0d19d04c4ae625a412cfdc941c3724ca0e8f8790fa8a9cc4e8e436b20a0ad691fe4be246aa6759afa0e9bb0fbdba412a42b290e98280243b5bfa45d7c795aaacfb5864c17823845239b3d70e32943b9eb2a8eed4fbdc39e321e7c9449f100126cf293d3a982e4357c2d5ef7b83445db97196d247a11627b8e2784604584ccd54f24c0bfd73f287782fe190b72240af4805e323adc686dae057447610deaea65293622794ad90e26bfc9330ba3942123422ed6b685aa39e41f717c0fd0b06c5eab44307553c7d8ef6ba96d23952c9105f79b6d382af3c0352fcd6d6209486ee0f55fcce6427f848ce2c48e32a50735b0b14bc237c1d1da656da48fde276d3933d761ae373bcf300becaae3ab0c1ba26dcd51532861317eddca37313a8e2d9c7ede3f4b60387d97fb7cd952b1c946e3410ba13faf20612b85eaf0ba0e3e52539b52bf57de7eefe3f89660919aedeb8f3152822d121f8375c468f03620478cfe31c7bfb3d5610de623d6462363baa17ad079f84cebe12d7154a666c5750506c04b95207dc00204462338cb05a350edfd23db228d11a3594207e655f938bf0a973c87495e82ebc43bd9a0bf793e2d857740ae2fa994ef1e81088da00b05184d5330742be30ca5c2c8f32533c3e2263b70886b009a4c21167e07c25a873e32646cce93199fdfab7695cb45fc236c78c91b543f96294419119df1ba555c6c200876f7c0f4514076af17e616c04beb7bb9f6fbc9e06dc8089df3eeb07cb000b810632843b7715d2a38b40b4794799b8abd50c398e7da637c8b6e318f4f650a37faac01232260894ea0099dbe48217df0b5c5085147baaf9223d3498171d8de2432cb7f03ef86f1c081ddb7f166b978e4b9d89e19c038c37d0bda35b219b24404680a99b4381db79156c76b634217c050aa186476be2e15e80447fbe2dd29811daa98ccd9616fa493dc9f66a223c6dc6202c482671537ad40af636df81d54c22f2e97e33242035217d454fd35eb98c4395d29ea49e2505e1e083e571aaa930866f210c0ac2bbf718b498d0005dc66f9633c59ec2dc6547b4818249a3f8c5d3057632f448a6110731d28385dbaee610001412bb92696aad7ebaf93375892cf1c9be718a13ffa56c190e18c5e971ea0462c4a165bc3b1f09b50eb6ee4d9b4f783e3f89e452364ce1ce2001751f51e820b126caa5e4de55a215b280677414d2748ea29e89d6aff7ff67ec32fbff3641ce5fac7a099d15617e7223f5fa8ee23a048a58037b7de652170411507560e04ca7b8be7a9163bf3e73d18bddcb15b1d515513a4456a24ce9dac05ccfdde5c7478176cacdcea4e06738e2809a10756d9430d6960338c421bea99ba27d239b31c810e64aaff11dc7f2ee5808828fb64fa619dcbf9a9be0ac7a25262642b7723204ee4f66316ebe33a3c63cbce517356ff142504fa79e0368b483f3f83f2c55ab8ca8bb6cea3de7433f600929f30c6fdc6f37a4d5471a0e409a35099b3a3b96b1b75f6570c6f83a2d94677d70ee94eb91f5dd2ab9919a97463909b12e6b6b3e0fc216f4dff4cdddc4da9e72e80f2d1a6528aa21388646b529f25d0d1730f1c378d39a202e124b27dd7c8879371b1e03ca464d5f55defe35142b4421fd74aa63d68bf2a05f544d09fb9c89efbaf4796a6740f027538e9cc399c7d36dd215a9a"}, &(0x7f0000000300)=0x1008)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000340)={0x2e9ea196, 0x200, 0xf36, 0x1, r2}, 0x10)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
ioctl$VIDIOC_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f00000014c0)={0x0, @reserved})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x8000, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
write$FUSE_NOTIFY_DELETE(r4, &(0x7f00000003c0)={0x35, 0x6, 0x0, {0x2, 0x3, 0xc, 0x0, '/dev/rfkill\x00'}}, 0x35)
getsockopt$TIPC_DEST_DROPPABLE(r3, 0x10f, 0x81, &(0x7f0000000280), &(0x7f00000002c0)=0x4)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000400)={0x4000001, 0x3, 0x1c})
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r5=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1166.696401][ T3549]  kernfs_create_link+0xd7/0x250
[ 1166.696417][ T3549]  sysfs_do_create_link_sd.isra.0+0x90/0x130
[ 1166.696437][ T3549]  sysfs_create_link+0x65/0xc0
[ 1166.706240][ T3549]  device_add+0x75c/0x17a0
[ 1166.706259][ T3549]  ? get_device_parent.isra.0+0x560/0x560
[ 1166.706271][ T3549]  ? start_creating+0x116/0x1d0
[ 1166.706289][ T3549]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1166.706311][ T3549]  hci_register_dev+0x2e8/0x8f0
[ 1166.717494][ T3549]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1166.717512][ T3549]  tty_ioctl+0xaf9/0x14f0
[ 1166.717525][ T3549]  ? hci_uart_init_work+0x180/0x180
[ 1166.717537][ T3549]  ? do_tty_hangup+0x30/0x30
[ 1166.717553][ T3549]  ? tomoyo_path_number_perm+0x459/0x520
[ 1166.717577][ T3549]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1166.726479][ T3549]  ? tomoyo_path_number_perm+0x263/0x520
[ 1166.726497][ T3549]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1166.726514][ T3549]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1166.726541][ T3549]  ? __kasan_check_read+0x11/0x20
[ 1166.737352][ T3549]  ? do_tty_hangup+0x30/0x30
[ 1166.737368][ T3549]  do_vfs_ioctl+0xdb6/0x13e0
[ 1166.737384][ T3549]  ? ioctl_preallocate+0x210/0x210
[ 1166.737395][ T3549]  ? __fget+0x384/0x560
[ 1166.737418][ T3549]  ? ksys_dup3+0x3e0/0x3e0
[ 1166.748570][ T3549]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1166.748594][ T3549]  ? fput_many+0x12c/0x1a0
[ 1166.748611][ T3549]  ? tomoyo_file_ioctl+0x23/0x30
[ 1166.748626][ T3549]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1166.748648][ T3549]  ? security_file_ioctl+0x8d/0xc0
[ 1166.758405][ T3549]  ksys_ioctl+0xab/0xd0
[ 1166.758421][ T3549]  __x64_sys_ioctl+0x73/0xb0
[ 1166.758444][ T3549]  do_syscall_64+0xfd/0x6a0
[ 1166.769361][ T3549]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1166.769372][ T3549] RIP: 0033:0x459829
[ 1166.769388][ T3549] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1166.769394][ T3549] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1166.769407][ T3549] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1166.769414][ T3549] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1166.769430][ T3549] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1166.779108][ T3549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1166.779116][ T3549] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:26:21 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80045439, 0x4)

12:26:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xffffa888, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1167.008868][ T3446] validate_nla: 11 callbacks suppressed
[ 1167.008876][ T3446] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:21 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80045440, 0x4)

12:26:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1167.145509][ T3687] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:21 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18831, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfffff000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1167.246930][ T3818] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:26:21 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x800454d2, 0x4)

[ 1167.350272][ T3901] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:21 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xffffff7f, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1167.403675][ T3915] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1167.424662][ T3897] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:21 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1167.535940][ T4001] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1167.636597][ T4074] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1169.034867][T24321] Bluetooth: hci0: command 0x1003 tx timeout
[ 1169.040942][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1171.115008][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[ 1171.121131][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1173.194952][T24321] Bluetooth: hci0: command 0x1009 tx timeout
12:26:31 executing program 4 (fault-call:2 fault-nth:30):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:31 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000480)='/proc/self/net/pfkey\x00', 0x80000000000003, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x6, &(0x7f0000000580))
clock_gettime(0x0, &(0x7f0000000280)={<r3=>0x0, <r4=>0x0})
pselect6(0x35c, &(0x7f00000000c0)={0x1, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1b7, 0xfffffffffffffffd}, &(0x7f0000000200)={r3, r4+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:26:31 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x800455c9, 0x4)

12:26:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18832, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xffffff9e, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:31 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1177.087793][ T4091] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1177.112337][ T4093] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1177.121215][ T4093] FAULT_INJECTION: forcing a failure.
[ 1177.121215][ T4093] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.135597][ T4093] CPU: 1 PID: 4093 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1177.143584][ T4093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1177.143591][ T4093] Call Trace:
[ 1177.143615][ T4093]  dump_stack+0x172/0x1f0
[ 1177.143644][ T4093]  should_fail.cold+0xa/0x15
[ 1177.161285][ T4093]  ? page_to_nid.part.0+0x20/0x20
[ 1177.161305][ T4093]  ? fault_create_debugfs_attr+0x180/0x180
[ 1177.161327][ T4093]  ? page_to_nid.part.0+0x20/0x20
[ 1177.170923][ T4093]  ? ___might_sleep+0x163/0x280
[ 1177.170942][ T4093]  __should_failslab+0x121/0x190
[ 1177.170964][ T4093]  should_failslab+0x9/0x14
[ 1177.181764][ T4093]  kmem_cache_alloc+0x2aa/0x710
[ 1177.181778][ T4093]  ? memcpy+0x46/0x50
[ 1177.181799][ T4093]  ? kstrdup+0x5a/0x70
[ 1177.191650][ T4093]  __kernfs_new_node+0xf0/0x6c0
[ 1177.191677][ T4093]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1177.200999][ T4093]  ? wait_for_completion+0x440/0x440
[ 1177.201019][ T4093]  ? sysfs_do_create_link_sd.isra.0+0x82/0x130
[ 1177.201040][ T4093]  ? __kasan_check_read+0x11/0x20
[ 1177.209070][ T4093]  ? __kasan_check_write+0x14/0x20
[ 1177.209096][ T4093]  kernfs_new_node+0x96/0x120
[ 1177.209116][ T4093]  kernfs_create_link+0xd7/0x250
[ 1177.219405][ T4093]  sysfs_do_create_link_sd.isra.0+0x90/0x130
[ 1177.219418][ T4093]  sysfs_create_link+0x65/0xc0
[ 1177.219433][ T4093]  device_add+0x75c/0x17a0
[ 1177.219450][ T4093]  ? get_device_parent.isra.0+0x560/0x560
[ 1177.219462][ T4093]  ? start_creating+0x116/0x1d0
[ 1177.219480][ T4093]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1177.219497][ T4093]  hci_register_dev+0x2e8/0x8f0
[ 1177.219516][ T4093]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1177.219538][ T4093]  tty_ioctl+0xaf9/0x14f0
[ 1177.230974][ T4093]  ? hci_uart_init_work+0x180/0x180
[ 1177.230990][ T4093]  ? do_tty_hangup+0x30/0x30
[ 1177.231007][ T4093]  ? tomoyo_path_number_perm+0x459/0x520
[ 1177.231031][ T4093]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1177.241142][ T4093]  ? tomoyo_path_number_perm+0x263/0x520
[ 1177.241160][ T4093]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1177.241178][ T4093]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1177.241200][ T4093]  ? __kasan_check_read+0x11/0x20
[ 1177.250800][ T4093]  ? do_tty_hangup+0x30/0x30
[ 1177.250817][ T4093]  do_vfs_ioctl+0xdb6/0x13e0
[ 1177.250838][ T4093]  ? ioctl_preallocate+0x210/0x210
[ 1177.261562][ T4093]  ? __fget+0x384/0x560
[ 1177.261580][ T4093]  ? ksys_dup3+0x3e0/0x3e0
[ 1177.261596][ T4093]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1177.261617][ T4093]  ? fput_many+0x12c/0x1a0
[ 1177.271720][ T4093]  ? tomoyo_file_ioctl+0x23/0x30
[ 1177.271738][ T4093]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1177.271761][ T4093]  ? security_file_ioctl+0x8d/0xc0
[ 1177.282820][ T4093]  ksys_ioctl+0xab/0xd0
[ 1177.282836][ T4093]  __x64_sys_ioctl+0x73/0xb0
[ 1177.282861][ T4093]  do_syscall_64+0xfd/0x6a0
[ 1177.292845][ T4093]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1177.292856][ T4093] RIP: 0033:0x459829
[ 1177.292877][ T4093] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1177.302367][ T4093] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1177.302381][ T4093] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1177.302389][ T4093] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1177.302397][ T4093] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1177.302405][ T4093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1177.302421][ T4093] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1177.397460][ T4093] Bluetooth: Can't register HCI device
12:26:31 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x800455ca, 0x4)

12:26:31 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xffffffe4, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:31 executing program 4 (fault-call:2 fault-nth:31):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1177.509355][ T4086] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:26:31 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18833, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1177.645141][ T4221] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1177.645402][ T4223] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1177.678237][ T4223] FAULT_INJECTION: forcing a failure.
[ 1177.678237][ T4223] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.728612][ T4223] CPU: 0 PID: 4223 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1177.736634][ T4223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1177.736640][ T4223] Call Trace:
[ 1177.736661][ T4223]  dump_stack+0x172/0x1f0
[ 1177.736682][ T4223]  should_fail.cold+0xa/0x15
[ 1177.736699][ T4223]  ? fault_create_debugfs_attr+0x180/0x180
[ 1177.736716][ T4223]  ? page_to_nid.part.0+0x20/0x20
[ 1177.736731][ T4223]  ? ___might_sleep+0x163/0x280
[ 1177.736750][ T4223]  __should_failslab+0x121/0x190
[ 1177.736766][ T4223]  should_failslab+0x9/0x14
[ 1177.736779][ T4223]  kmem_cache_alloc+0x2aa/0x710
[ 1177.736793][ T4223]  ? __mutex_lock+0x3da/0x1340
[ 1177.736807][ T4223]  ? __kasan_check_read+0x11/0x20
[ 1177.736825][ T4223]  __kernfs_new_node+0xf0/0x6c0
[ 1177.736847][ T4223]  ? kernfs_find_and_get_ns+0x26/0x70
[ 1177.764879][ T4223]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1177.764896][ T4223]  ? kernfs_find_and_get_ns+0x5a/0x70
[ 1177.764910][ T4223]  ? __kasan_check_read+0x11/0x20
[ 1177.764926][ T4223]  ? __mutex_lock+0x3da/0x1340
[ 1177.764949][ T4223]  ? lock_downgrade+0x920/0x920
[ 1177.779710][ T4223]  ? mutex_lock_io_nested+0x11d0/0x11d0
[ 1177.779727][ T4223]  ? kernfs_activate+0x192/0x1f0
[ 1177.779753][ T4223]  kernfs_new_node+0x96/0x120
[ 1177.789185][ T4223]  __kernfs_create_file+0x51/0x33b
[ 1177.798963][ T4223]  sysfs_add_file_mode_ns+0x222/0x560
[ 1177.798979][ T4223]  sysfs_merge_group+0x1a0/0x340
[ 1177.798994][ T4223]  ? sysfs_init_fs_context+0x370/0x370
[ 1177.799017][ T4223]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1177.809205][ T4223]  ? kernfs_create_link+0x1cc/0x250
[ 1177.809227][ T4223]  dpm_sysfs_add+0x21e/0x270
[ 1177.809243][ T4223]  device_add+0x9df/0x17a0
[ 1177.809264][ T4223]  ? get_device_parent.isra.0+0x560/0x560
[ 1177.820067][ T4223]  ? start_creating+0x116/0x1d0
[ 1177.820088][ T4223]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1177.820105][ T4223]  hci_register_dev+0x2e8/0x8f0
[ 1177.820126][ T4223]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1177.840459][ T4223]  tty_ioctl+0xaf9/0x14f0
[ 1177.860516][ T4223]  ? hci_uart_init_work+0x180/0x180
12:26:32 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x800455cc, 0x4)

[ 1177.860532][ T4223]  ? do_tty_hangup+0x30/0x30
[ 1177.860548][ T4223]  ? tomoyo_path_number_perm+0x459/0x520
[ 1177.860572][ T4223]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1177.871039][ T4223]  ? tomoyo_path_number_perm+0x263/0x520
[ 1177.871058][ T4223]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1177.871074][ T4223]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1177.871100][ T4223]  ? __kasan_check_read+0x11/0x20
[ 1177.882524][ T4223]  ? do_tty_hangup+0x30/0x30
[ 1177.882542][ T4223]  do_vfs_ioctl+0xdb6/0x13e0
[ 1177.882565][ T4223]  ? ioctl_preallocate+0x210/0x210
[ 1177.891556][ T4223]  ? __fget+0x384/0x560
[ 1177.891574][ T4223]  ? ksys_dup3+0x3e0/0x3e0
[ 1177.891596][ T4223]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1177.891617][ T4223]  ? fput_many+0x12c/0x1a0
[ 1177.902164][ T4223]  ? tomoyo_file_ioctl+0x23/0x30
[ 1177.902182][ T4223]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1177.902198][ T4223]  ? security_file_ioctl+0x8d/0xc0
[ 1177.902217][ T4223]  ksys_ioctl+0xab/0xd0
[ 1177.913368][ T4223]  __x64_sys_ioctl+0x73/0xb0
[ 1177.913386][ T4223]  do_syscall_64+0xfd/0x6a0
[ 1177.913403][ T4223]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1177.913421][ T4223] RIP: 0033:0x459829
[ 1177.922743][ T4223] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1177.922752][ T4223] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1177.922766][ T4223] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1177.922774][ T4223] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1177.922789][ T4223] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1177.932642][ T4223] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1177.932650][ T4223] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1178.041606][ T4223] Bluetooth: Can't register HCI device
12:26:32 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:32 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x8004562e, 0x4)

[ 1178.130495][ T4345] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:32 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
syslog(0x1, &(0x7f0000000280)=""/219, 0xdb)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:26:32 executing program 4 (fault-call:2 fault-nth:32):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:32 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xfffffff0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1178.296017][ T4473] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1178.326095][ T4473] FAULT_INJECTION: forcing a failure.
[ 1178.326095][ T4473] name failslab, interval 1, probability 0, space 0, times 0
[ 1178.339356][ T4473] CPU: 1 PID: 4473 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1178.347439][ T4473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1178.357486][ T4473] Call Trace:
[ 1178.360706][ T4484] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1178.360783][ T4473]  dump_stack+0x172/0x1f0
[ 1178.373292][ T4473]  should_fail.cold+0xa/0x15
[ 1178.377886][ T4473]  ? fault_create_debugfs_attr+0x180/0x180
[ 1178.383681][ T4473]  ? page_to_nid.part.0+0x20/0x20
[ 1178.388697][ T4473]  ? ___might_sleep+0x163/0x280
[ 1178.388721][ T4473]  __should_failslab+0x121/0x190
[ 1178.398510][ T4473]  should_failslab+0x9/0x14
[ 1178.398523][ T4473]  kmem_cache_alloc+0x2aa/0x710
[ 1178.398537][ T4473]  ? __mutex_lock+0x3da/0x1340
[ 1178.398550][ T4473]  ? __kasan_check_read+0x11/0x20
[ 1178.398568][ T4473]  __kernfs_new_node+0xf0/0x6c0
[ 1178.398600][ T4473]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1178.412982][ T4473]  ? wait_for_completion+0x440/0x440
[ 1178.413002][ T4473]  ? mutex_unlock+0xd/0x10
[ 1178.413025][ T4473]  ? kernfs_activate+0x192/0x1f0
[ 1178.422972][ T4473]  kernfs_new_node+0x96/0x120
[ 1178.422989][ T4473]  __kernfs_create_file+0x51/0x33b
[ 1178.423009][ T4473]  sysfs_add_file_mode_ns+0x222/0x560
[ 1178.433733][ T4473]  sysfs_merge_group+0x1a0/0x340
[ 1178.433749][ T4473]  ? sysfs_init_fs_context+0x370/0x370
[ 1178.433772][ T4473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1178.443167][ T4473]  ? kernfs_create_link+0x1cc/0x250
[ 1178.443188][ T4473]  dpm_sysfs_add+0x21e/0x270
[ 1178.443208][ T4473]  device_add+0x9df/0x17a0
[ 1178.452989][ T4473]  ? get_device_parent.isra.0+0x560/0x560
[ 1178.453011][ T4473]  ? kobject_set_name_vargs+0x101/0x150
[ 1178.453032][ T4473]  hci_register_dev+0x2e8/0x8f0
[ 1178.463665][ T4473]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1178.463682][ T4473]  tty_ioctl+0xaf9/0x14f0
[ 1178.463703][ T4473]  ? hci_uart_init_work+0x180/0x180
[ 1178.475372][ T4473]  ? do_tty_hangup+0x30/0x30
[ 1178.475391][ T4473]  ? tomoyo_path_number_perm+0x459/0x520
[ 1178.475410][ T4473]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1178.475425][ T4473]  ? tomoyo_path_number_perm+0x263/0x520
[ 1178.475441][ T4473]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1178.475463][ T4473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1178.485462][ T4473]  ? __kasan_check_read+0x11/0x20
[ 1178.485476][ T4473]  ? do_tty_hangup+0x30/0x30
[ 1178.485486][ T4473]  do_vfs_ioctl+0xdb6/0x13e0
[ 1178.485495][ T4473]  ? ioctl_preallocate+0x210/0x210
[ 1178.485503][ T4473]  ? __fget+0x384/0x560
[ 1178.485512][ T4473]  ? ksys_dup3+0x3e0/0x3e0
[ 1178.485522][ T4473]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1178.485531][ T4473]  ? fput_many+0x12c/0x1a0
[ 1178.485547][ T4473]  ? tomoyo_file_ioctl+0x23/0x30
[ 1178.495783][ T4473]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1178.495796][ T4473]  ? security_file_ioctl+0x8d/0xc0
[ 1178.495805][ T4473]  ksys_ioctl+0xab/0xd0
[ 1178.495814][ T4473]  __x64_sys_ioctl+0x73/0xb0
[ 1178.495832][ T4473]  do_syscall_64+0xfd/0x6a0
[ 1178.506527][ T4473]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1178.506536][ T4473] RIP: 0033:0x459829
12:26:32 executing program 4 (fault-call:2 fault-nth:33):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

[ 1178.506547][ T4473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1178.506551][ T4473] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1178.506559][ T4473] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1178.506564][ T4473] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1178.506568][ T4473] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1178.506573][ T4473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1178.506577][ T4473] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1178.565262][ T4473] Bluetooth: Can't register HCI device
[ 1178.693707][ T4525] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1178.732960][ T4480] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80086301, 0x4)

[ 1178.751420][ T4525] FAULT_INJECTION: forcing a failure.
[ 1178.751420][ T4525] name failslab, interval 1, probability 0, space 0, times 0
[ 1178.783242][ T4525] CPU: 1 PID: 4525 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1178.791245][ T4525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1178.801329][ T4525] Call Trace:
[ 1178.804630][ T4525]  dump_stack+0x172/0x1f0
[ 1178.808969][ T4525]  should_fail.cold+0xa/0x15
[ 1178.813664][ T4525]  ? fault_create_debugfs_attr+0x180/0x180
[ 1178.819489][ T4525]  ? page_to_nid.part.0+0x20/0x20
[ 1178.824525][ T4525]  ? ___might_sleep+0x163/0x280
[ 1178.829408][ T4525]  __should_failslab+0x121/0x190
[ 1178.834356][ T4525]  should_failslab+0x9/0x14
[ 1178.838865][ T4525]  kmem_cache_alloc+0x2aa/0x710
[ 1178.843724][ T4525]  ? __mutex_lock+0x3da/0x1340
12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x80345631, 0x4)

[ 1178.848504][ T4525]  ? __kasan_check_read+0x11/0x20
[ 1178.853545][ T4525]  __kernfs_new_node+0xf0/0x6c0
[ 1178.858407][ T4525]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1178.863873][ T4525]  ? wait_for_completion+0x440/0x440
[ 1178.869172][ T4525]  ? mutex_unlock+0xd/0x10
[ 1178.873762][ T4525]  ? kernfs_activate+0x192/0x1f0
[ 1178.878702][ T4525]  kernfs_new_node+0x96/0x120
[ 1178.883387][ T4525]  __kernfs_create_file+0x51/0x33b
[ 1178.888505][ T4525]  sysfs_add_file_mode_ns+0x222/0x560
[ 1178.893881][ T4525]  sysfs_merge_group+0x1a0/0x340
[ 1178.898822][ T4525]  ? sysfs_init_fs_context+0x370/0x370
[ 1178.904289][ T4525]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1178.910522][ T4525]  ? kernfs_create_link+0x1cc/0x250
[ 1178.910542][ T4525]  dpm_sysfs_add+0x21e/0x270
[ 1178.910556][ T4525]  device_add+0x9df/0x17a0
[ 1178.910571][ T4525]  ? get_device_parent.isra.0+0x560/0x560
[ 1178.910583][ T4525]  ? start_creating+0x116/0x1d0
[ 1178.910606][ T4525]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1178.941547][ T4525]  hci_register_dev+0x2e8/0x8f0
[ 1178.946413][ T4525]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1178.951434][ T4525]  tty_ioctl+0xaf9/0x14f0
[ 1178.955766][ T4525]  ? hci_uart_init_work+0x180/0x180
[ 1178.960969][ T4525]  ? do_tty_hangup+0x30/0x30
[ 1178.965570][ T4525]  ? tomoyo_path_number_perm+0x459/0x520
[ 1178.971219][ T4525]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1178.977478][ T4525]  ? tomoyo_path_number_perm+0x263/0x520
[ 1178.983119][ T4525]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1178.988935][ T4525]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1178.995188][ T4525]  ? __kasan_check_read+0x11/0x20
12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc0045540, 0x4)

[ 1179.000222][ T4525]  ? do_tty_hangup+0x30/0x30
[ 1179.004820][ T4525]  do_vfs_ioctl+0xdb6/0x13e0
[ 1179.009417][ T4525]  ? ioctl_preallocate+0x210/0x210
[ 1179.014540][ T4525]  ? __fget+0x384/0x560
[ 1179.018703][ T4525]  ? ksys_dup3+0x3e0/0x3e0
[ 1179.023125][ T4525]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1179.029365][ T4525]  ? fput_many+0x12c/0x1a0
[ 1179.029383][ T4525]  ? tomoyo_file_ioctl+0x23/0x30
[ 1179.029398][ T4525]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1179.029413][ T4525]  ? security_file_ioctl+0x8d/0xc0
[ 1179.029426][ T4525]  ksys_ioctl+0xab/0xd0
[ 1179.029453][ T4525]  __x64_sys_ioctl+0x73/0xb0
[ 1179.058929][ T4525]  do_syscall_64+0xfd/0x6a0
[ 1179.063452][ T4525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1179.069350][ T4525] RIP: 0033:0x459829
[ 1179.073248][ T4525] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1179.092860][ T4525] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
12:26:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18834, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1179.101355][ T4525] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1179.109334][ T4525] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1179.117309][ T4525] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1179.125723][ T4525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1179.133690][ T4525] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:26:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3e4cb1d296, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1179.190381][ T4844] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1179.221211][ T4525] Bluetooth: Can't register HCI device
12:26:33 executing program 4 (fault-call:2 fault-nth:34):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc0045878, 0x4)

[ 1179.294198][ T4968] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1179.386863][ T4966] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1179.400003][ T4974] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
12:26:33 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
write(r4, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000280)=<r5=>0x0)
r6 = getpid()
kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r2, &(0x7f0000000340)={r4, r0, 0x400})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r7=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r7+30000000}, 0x0)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
setrlimit(0x3, &(0x7f0000000300)={0x2, 0xff})

12:26:33 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18835, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:33 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x8087ffffffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1179.427177][ T4974] FAULT_INJECTION: forcing a failure.
[ 1179.427177][ T4974] name failslab, interval 1, probability 0, space 0, times 0
12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc0045878, 0x4)

[ 1179.510456][ T4974] CPU: 1 PID: 4974 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1179.523572][ T4974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1179.533633][ T4974] Call Trace:
[ 1179.536946][ T4974]  dump_stack+0x172/0x1f0
[ 1179.541289][ T4974]  should_fail.cold+0xa/0x15
[ 1179.545895][ T4974]  ? fault_create_debugfs_attr+0x180/0x180
[ 1179.551711][ T4974]  ? page_to_nid.part.0+0x20/0x20
[ 1179.556748][ T4974]  ? ___might_sleep+0x163/0x280
12:26:33 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1179.561709][ T4974]  __should_failslab+0x121/0x190
[ 1179.566707][ T4974]  should_failslab+0x9/0x14
[ 1179.571219][ T4974]  kmem_cache_alloc+0x2aa/0x710
[ 1179.576077][ T4974]  ? __mutex_lock+0x3da/0x1340
[ 1179.581213][ T4974]  ? __kasan_check_read+0x11/0x20
[ 1179.586244][ T4974]  __kernfs_new_node+0xf0/0x6c0
[ 1179.591222][ T4974]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1179.596691][ T4974]  ? wait_for_completion+0x440/0x440
[ 1179.601991][ T4974]  ? mutex_unlock+0xd/0x10
[ 1179.606419][ T4974]  ? kernfs_activate+0x192/0x1f0
[ 1179.611368][ T4974]  kernfs_new_node+0x96/0x120
[ 1179.616055][ T4974]  __kernfs_create_file+0x51/0x33b
[ 1179.621181][ T4974]  sysfs_add_file_mode_ns+0x222/0x560
[ 1179.626573][ T4974]  sysfs_merge_group+0x1a0/0x340
[ 1179.631607][ T4974]  ? sysfs_init_fs_context+0x370/0x370
[ 1179.637076][ T4974]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1179.643330][ T4974]  ? kernfs_create_link+0x1cc/0x250
[ 1179.648545][ T4974]  dpm_sysfs_add+0x21e/0x270
[ 1179.653161][ T4974]  device_add+0x9df/0x17a0
[ 1179.657595][ T4974]  ? get_device_parent.isra.0+0x560/0x560
[ 1179.663322][ T4974]  ? start_creating+0x116/0x1d0
[ 1179.668198][ T4974]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1179.674452][ T4974]  hci_register_dev+0x2e8/0x8f0
[ 1179.679328][ T4974]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1179.684363][ T4974]  tty_ioctl+0xaf9/0x14f0
[ 1179.688713][ T4974]  ? hci_uart_init_work+0x180/0x180
[ 1179.693922][ T4974]  ? do_tty_hangup+0x30/0x30
[ 1179.698521][ T4974]  ? tomoyo_path_number_perm+0x459/0x520
[ 1179.700385][ T5165] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
12:26:33 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc008ae09, 0x4)

[ 1179.704252][ T4974]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1179.704270][ T4974]  ? tomoyo_path_number_perm+0x263/0x520
[ 1179.704288][ T4974]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1179.704311][ T4974]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1179.736379][ T4974]  ? __kasan_check_read+0x11/0x20
[ 1179.741414][ T4974]  ? do_tty_hangup+0x30/0x30
[ 1179.746010][ T4974]  do_vfs_ioctl+0xdb6/0x13e0
[ 1179.750609][ T4974]  ? ioctl_preallocate+0x210/0x210
[ 1179.755724][ T4974]  ? __fget+0x384/0x560
[ 1179.759884][ T4974]  ? ksys_dup3+0x3e0/0x3e0
[ 1179.764311][ T4974]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1179.770570][ T4974]  ? fput_many+0x12c/0x1a0
[ 1179.775003][ T4974]  ? tomoyo_file_ioctl+0x23/0x30
[ 1179.779954][ T4974]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1179.786209][ T4974]  ? security_file_ioctl+0x8d/0xc0
[ 1179.791324][ T4974]  ksys_ioctl+0xab/0xd0
[ 1179.791341][ T4974]  __x64_sys_ioctl+0x73/0xb0
[ 1179.791359][ T4974]  do_syscall_64+0xfd/0x6a0
[ 1179.791382][ T4974]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1179.804591][ T4974] RIP: 0033:0x459829
[ 1179.814360][ T4974] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1179.833971][ T4974] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1179.842394][ T4974] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1179.842403][ T4974] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1179.842412][ T4974] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
12:26:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xa2010000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1179.842420][ T4974] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1179.842428][ T4974] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1179.904777][ T4974] Bluetooth: Can't register HCI device
12:26:34 executing program 4 (fault-call:2 fault-nth:35):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:34 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc0189436, 0x4)

12:26:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0xf0ffffffffffff, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:34 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18836, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:34 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1180.123636][ T5358] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1180.151347][ T5358] FAULT_INJECTION: forcing a failure.
[ 1180.151347][ T5358] name failslab, interval 1, probability 0, space 0, times 0
[ 1180.214203][ T5358] CPU: 1 PID: 5358 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1180.222250][ T5358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1180.232314][ T5358] Call Trace:
[ 1180.235616][ T5358]  dump_stack+0x172/0x1f0
[ 1180.239957][ T5358]  should_fail.cold+0xa/0x15
[ 1180.244560][ T5358]  ? fault_create_debugfs_attr+0x180/0x180
[ 1180.250375][ T5358]  ? page_to_nid.part.0+0x20/0x20
[ 1180.255401][ T5358]  ? ___might_sleep+0x163/0x280
[ 1180.260263][ T5358]  __should_failslab+0x121/0x190
[ 1180.265207][ T5358]  should_failslab+0x9/0x14
[ 1180.269713][ T5358]  kmem_cache_alloc+0x2aa/0x710
[ 1180.274581][ T5358]  ? __mutex_lock+0x3da/0x1340
[ 1180.279359][ T5358]  ? __kasan_check_read+0x11/0x20
[ 1180.284389][ T5358]  __kernfs_new_node+0xf0/0x6c0
[ 1180.289242][ T5358]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1180.294712][ T5358]  ? wait_for_completion+0x440/0x440
[ 1180.294732][ T5358]  ? mutex_unlock+0xd/0x10
[ 1180.294756][ T5358]  ? kernfs_activate+0x192/0x1f0
[ 1180.304447][ T5358]  kernfs_new_node+0x96/0x120
[ 1180.304464][ T5358]  __kernfs_create_file+0x51/0x33b
[ 1180.304479][ T5358]  sysfs_add_file_mode_ns+0x222/0x560
[ 1180.304500][ T5358]  sysfs_merge_group+0x1a0/0x340
[ 1180.329510][ T5358]  ? sysfs_init_fs_context+0x370/0x370
[ 1180.334983][ T5358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1180.341234][ T5358]  ? kernfs_create_link+0x1cc/0x250
[ 1180.346442][ T5358]  dpm_sysfs_add+0x21e/0x270
[ 1180.351034][ T5358]  device_add+0x9df/0x17a0
[ 1180.355456][ T5358]  ? get_device_parent.isra.0+0x560/0x560
[ 1180.355471][ T5358]  ? start_creating+0x116/0x1d0
[ 1180.355488][ T5358]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1180.355505][ T5358]  hci_register_dev+0x2e8/0x8f0
[ 1180.355524][ T5358]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1180.355546][ T5358]  tty_ioctl+0xaf9/0x14f0
[ 1180.366106][ T5358]  ? hci_uart_init_work+0x180/0x180
[ 1180.366122][ T5358]  ? do_tty_hangup+0x30/0x30
[ 1180.366138][ T5358]  ? tomoyo_path_number_perm+0x459/0x520
[ 1180.366184][ T5358]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1180.366206][ T5358]  ? tomoyo_path_number_perm+0x263/0x520
[ 1180.396437][ T5358]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1180.396455][ T5358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1180.396477][ T5358]  ? __kasan_check_read+0x11/0x20
[ 1180.396494][ T5358]  ? do_tty_hangup+0x30/0x30
[ 1180.396516][ T5358]  do_vfs_ioctl+0xdb6/0x13e0
[ 1180.408382][ T5358]  ? ioctl_preallocate+0x210/0x210
[ 1180.408396][ T5358]  ? __fget+0x384/0x560
[ 1180.408413][ T5358]  ? ksys_dup3+0x3e0/0x3e0
[ 1180.408436][ T5358]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1180.419857][ T5358]  ? fput_many+0x12c/0x1a0
12:26:34 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000280)={0x0, 0x0, 0x3, 0x35})
clock_gettime(0xd, &(0x7f0000000480)={0x0, <r3=>0x0})
bind$pptp(r2, &(0x7f00000002c0)={0x18, 0x2, {0x1, @dev={0xac, 0x14, 0x14, 0x10}}}, 0x1e)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

12:26:34 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc020660b, 0x4)

[ 1180.419876][ T5358]  ? tomoyo_file_ioctl+0x23/0x30
[ 1180.419893][ T5358]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1180.419915][ T5358]  ? security_file_ioctl+0x8d/0xc0
[ 1180.440371][ T5358]  ksys_ioctl+0xab/0xd0
[ 1180.440388][ T5358]  __x64_sys_ioctl+0x73/0xb0
[ 1180.440406][ T5358]  do_syscall_64+0xfd/0x6a0
[ 1180.440428][ T5358]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1180.460387][ T5358] RIP: 0033:0x459829
[ 1180.460405][ T5358] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1180.460412][ T5358] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1180.460435][ T5358] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1180.475979][ T5358] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1180.475987][ T5358] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1180.475996][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1180.476004][ T5358] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1180.574126][ T5358] Bluetooth: Can't register HCI device
12:26:34 executing program 4 (fault-call:2 fault-nth:36):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:34 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc028564e, 0x4)

12:26:34 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x100000000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1180.736837][ T5614] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1180.779262][ T5614] FAULT_INJECTION: forcing a failure.
[ 1180.779262][ T5614] name failslab, interval 1, probability 0, space 0, times 0
12:26:35 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1180.822859][ T5614] CPU: 1 PID: 5614 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1180.831049][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1180.841114][ T5614] Call Trace:
[ 1180.844425][ T5614]  dump_stack+0x172/0x1f0
[ 1180.848771][ T5614]  should_fail.cold+0xa/0x15
[ 1180.853379][ T5614]  ? fault_create_debugfs_attr+0x180/0x180
[ 1180.859197][ T5614]  ? page_to_nid.part.0+0x20/0x20
[ 1180.864245][ T5614]  ? ___might_sleep+0x163/0x280
[ 1180.869110][ T5614]  __should_failslab+0x121/0x190
[ 1180.874077][ T5614]  should_failslab+0x9/0x14
[ 1180.878609][ T5614]  kmem_cache_alloc+0x2aa/0x710
[ 1180.883467][ T5614]  ? __mutex_lock+0x3da/0x1340
[ 1180.888243][ T5614]  ? __kasan_check_read+0x11/0x20
[ 1180.893274][ T5614]  __kernfs_new_node+0xf0/0x6c0
[ 1180.898219][ T5614]  ? kernfs_dop_revalidate+0x3c0/0x3c0
[ 1180.903701][ T5614]  ? wait_for_completion+0x440/0x440
[ 1180.909003][ T5614]  ? mutex_unlock+0xd/0x10
[ 1180.913435][ T5614]  ? kernfs_activate+0x192/0x1f0
[ 1180.918379][ T5614]  kernfs_new_node+0x96/0x120
[ 1180.923069][ T5614]  __kernfs_create_file+0x51/0x33b
[ 1180.928195][ T5614]  sysfs_add_file_mode_ns+0x222/0x560
[ 1180.933589][ T5614]  sysfs_merge_group+0x1a0/0x340
[ 1180.938568][ T5614]  ? sysfs_init_fs_context+0x370/0x370
[ 1180.944044][ T5614]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1180.950301][ T5614]  ? kernfs_create_link+0x1cc/0x250
[ 1180.955523][ T5614]  dpm_sysfs_add+0x21e/0x270
[ 1180.960131][ T5614]  device_add+0x9df/0x17a0
[ 1180.964566][ T5614]  ? get_device_parent.isra.0+0x560/0x560
[ 1180.970295][ T5614]  ? start_creating+0x116/0x1d0
[ 1180.975169][ T5614]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1180.981432][ T5614]  hci_register_dev+0x2e8/0x8f0
[ 1180.986300][ T5614]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1180.991336][ T5614]  tty_ioctl+0xaf9/0x14f0
[ 1180.995680][ T5614]  ? hci_uart_init_work+0x180/0x180
[ 1181.000895][ T5614]  ? do_tty_hangup+0x30/0x30
[ 1181.005502][ T5614]  ? tomoyo_path_number_perm+0x459/0x520
[ 1181.011160][ T5614]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1181.017525][ T5614]  ? tomoyo_path_number_perm+0x263/0x520
[ 1181.023191][ T5614]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1181.029104][ T5614]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1181.035470][ T5614]  ? __kasan_check_read+0x11/0x20
[ 1181.040507][ T5614]  ? do_tty_hangup+0x30/0x30
[ 1181.045105][ T5614]  do_vfs_ioctl+0xdb6/0x13e0
[ 1181.049735][ T5614]  ? ioctl_preallocate+0x210/0x210
[ 1181.054858][ T5614]  ? __fget+0x384/0x560
[ 1181.059023][ T5614]  ? ksys_dup3+0x3e0/0x3e0
[ 1181.063448][ T5614]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1181.069697][ T5614]  ? fput_many+0x12c/0x1a0
[ 1181.074146][ T5614]  ? tomoyo_file_ioctl+0x23/0x30
[ 1181.079097][ T5614]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1181.085367][ T5614]  ? security_file_ioctl+0x8d/0xc0
[ 1181.090493][ T5614]  ksys_ioctl+0xab/0xd0
[ 1181.094655][ T5614]  __x64_sys_ioctl+0x73/0xb0
[ 1181.099253][ T5614]  do_syscall_64+0xfd/0x6a0
[ 1181.103769][ T5614]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1181.109663][ T5614] RIP: 0033:0x459829
[ 1181.113584][ T5614] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1181.133198][ T5614] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1181.141617][ T5614] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1181.149599][ T5614] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1181.157578][ T5614] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1181.165549][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
12:26:35 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0xc0845658, 0x4)

12:26:35 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18837, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1181.165558][ T5614] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1181.211453][ T5614] Bluetooth: Can't register HCI device
12:26:35 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1a2010000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:35 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000000)={0x3, 0x25d2bfee, 0x3, 0x72, 0xf, 0x7ff, 0x8000, 0xa1, 0x40, 0xffffffffffffffff})
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000600)="4cec1c0989078fce69420730fe441570e08e37dc21eee562e53c94e6f460d34aad118dc939f867bd2ffef2b79df19742470ba93f918aa1cb9098d9be1d0307f2a35605db4d689387e0c58e2a37ffc036f8c041e6bb5e6b374da1681eaedc32d9ef9ed648806b52defe135a3623498b8ba5313eed12a051f7f2cb0ca698e3b2573082aa04b212f234355baf07130d58d6d5d3d646800f324611f72076f8c8573b602f029cd2911d88410edb46ac4b02edc63fbbcb84400ae45b71513cdf76923686f2656302a46178b6684834f9da9dbcd85b2fcb74110a1ceca1d6e4982923fb871ece21663d826978ecfb2877a9629f27530298c0194bd81b0ccb8e990657686e4277ab4394843941d54c63643ba7777e2894202e8a69fc1a20fd7302d637ebda8ed57c267341d358d74a2d5ad5fbf24d9f986473da324308da86fffdccfcff2b7c5a91ad39142dda29e764473c8023b71e91897d01ecf337bd3a16bddb7b40546969b1d55c62a1f352233d241e5ffd905d830fb35c945d20f4d4a7c701d3b6902b63393a8ed3e23ab3060e4c7653b2368b99c915146ced9cdb447fe99622ffd7bc3c855ccd96bc0d1dcc96b99372d9571fcab21cf7871387d23548222d264fe33df6a2114645818ac0dc597b8325740135c551c1908bad629a5c3f0aaab270b1263d19bfc7d891d4102b14d277dbbcd3e93b3228c8a2a158db57aa0ae8ca67b883562aeec61fb8ffc6069b9190c1b623feb83237e4e75d3607cd56d6ff503a41baf6b33beabda16459d752e9b61c450ea826efbfa5b851dcc239067785c3ef08f9901918d1e9583fd031fb77cd1ae85280d230f9c112d50966db2f3f7bebcd10d4281a910cd055353eed385bd24c5bce8c458a9fbbbe47dd8739179df8680c0e1e26bd071b1ac45b12ac71985f441bc1396af4c3db59637b147223125469f6093c67e732a99b4cb32a067b7fa9cc1ac019a3f7e3c805e45d753b7b73eb6c61772e674a1e6ed58526e2085891adb9cc80222b0843623d374d9666743d2edb56f6ac3a7863b3c4c00911a1704c63808744886dbe28f20de988f48624dc2ab23becd5850dc34651e4af342203f50dd690a6734fdb6bf8aa7a295103e51223c748a98861bbd6995c9dc67e3cc73074bb299570856bc54506a9423b3d6f7c0db1a364ddca8c2d420f313dd7ebb1b0d925eb420a92503264a904650b5fca02cf35892aca2c15c47dfb53aa55c9406be6f269f5a4f456a4fb09ea7532b2f00f92be27e9a4086bfee18e171f28b594ed99eab6aba7829a973a5e229ee211aa3d955e6f971ccb172dd809338d6379ba60927821159ac6e4e81e9cd309ee41c457fae9218429ca79544569f83780b26099d2e9fdbefb3d1aa7b3ccf67afa89d05a656449f7e35b6596164577eb53a5b3eb90e112e19076508dcfa0609b4d918a066e625844800dc98bbfae1b07558b40b74e03095ab687a2054b59d8b6e57c44301b5cbace9d156121b07a353b05ab7f693798c97e6eda224b6146be3723be4771e3e46d50d38a45329dd7dbb96e4f0fe757ca858d9f0ff355cfe3680c9582f6997b41dd6f98358017521da9ca6ca6f05bc3865887e3fd63faacdb315b78aca040bc213324ec583041619c6e434d859ca72bd8cdd01094c811b7326bd9582f2c19b088f2b03bc09b6b80929ef3d0dd8977587db1f0694dc5d940ad139a6992b8354b6088f53eb557f1b974d111f7279c97a355b7aec9b36a34138d477f7098505802dff81be5b84435c1772708276c222f9f80268361d71f41f07ac18c5e76b8075487ea4e4977a9f9281c548ba2c91033d3892271e878f19190a30c9042d1ff2c24b07a37c201a611dbd180babf3e0ef2eae8dddcfaa559c45ee8c7cba27ae8ad458e8e76b8e73ed50f2250d0d9930baaf16a28f6bd91b338408760d040922b399992b75a12add33aa6b4939c2e987703700be850be74a179c1cd46face52b814220c2fe1e99ed4fc564aa2b0983fdd14fbe5b6a4aa571d76480bdfa980bd01aa59cf3caa9a9dc10a21e87043c409df063e9ccbfd428cf3ff1584f8a9539adf58ace2a77b1d7f1143d494576863a9fe9f28b5552dea945952faa3ea04c3e7362f55cb3f5cb735b24bc32aac6f340485e942b88aa09d80507f94e416091ad1aab78d0e18434e7905f74b2407240518d64b7f759d85142d60c795fc2542cc66200a1cf50d4b3b61cc37fa88db8d43a26ad116216f7675dca859ddd14c7b448f99735633dfc1375f3c7009d6d41b715565788e57701fed08740e7670be9d6163997a0c4aafa804861d72e75b8eb65c81497a3da3ed6de2b5b21f947f6b781973c993602ada85661f9551f4f7084ca54dbcf0acec8a9ebb0cea36431581c56edfb0c0f969358a2ef08abb4e23c54df890a45874de5cdcb98ef291ed89f505c5baa35a481b0c6433c3a3461dbf4f645043f6a3df056a8b798079be1e05efcf1504e9bac05bd941851bd6bbef68e73789608e6207229b4ff07f47697e2e03049e611d36723569c66039ecd01233d8e6e6a34902343eff8290135245a45ebe71b7bd4e21ab086bdb3a6c1e193c670d1d6968fdc45fd4a3d7ffa596e0c441074b2693fb6cb00e3c552fb9126ad104d973e767bf38f37db6419956a12ceacb623291295dba0079a5b99696029d2acafb606671976d032ebb9721f617ae16f3ebd1875bad6e2bb8dbaf6f88c68ef0143a2ab72765b37b3d07d42bc0e3f33abcc2abc68dfa017f3a624385fae2f95893e55b587989a22b2160f31ce128ca43aef306e024ca3eeb2b386f898cc899458126249e3cbd1366306ccbd8d43d651363b91eb7095719af0ee6532a4d7dd008c0b5870ef218e5a077008499a3921ec7ce1268f58b0ae83144cc36ecb2896851ee71c80e7e685cd33d33ab53543901550adc2b81c6fcf5e4dcba1c02a25627dafcc7221bb55c76d70035557093bf19bd266cd1049f98538f9e305a0db2f1590a71b13c50ac7d3d253baedad58038a74fe70ef344921e4c470cc004bb9e4eec50f2f0674b6874dd2f9dfebae6f75e9899500cc7c7877cb362117af6f9ee2d1236f1812e74f12cc38f9b2e508c18e2a45f3c907fba509abce75bff3f346730edc90ed733012c068958ef594f4bf908586a163146bef2f395ecdaca647939540f26d2644f87299e07e2d8991b243bab5c19b0f93f9768d01d3e41b6d3eb6d26315c1cb05f6b73fa030539aca25f1483c1e58a862467bfb2124fd6012f74245fe0418c1c0af99ae37fc68d2086c4de4377f247f43783b1d8b078dfa1676ff69b56c1a56f2d6e7869dbfa4e68339d7b60752dc9ccdc26056f1dd2b142ba70464fae82a45ef63293029f752aee21d9541b6f880e75509d6de3f0738e020f13c2504ada27cef4978d95538b468e50180ee4f34a0f63a7249a891fe59b78382605119a00a76d7530c54bdc8805e87a9c8fcef2543e3da7c26f5eddd2ccf05e0a9f83b3a839af78e679888e399d9d9896d5941bb92b41685d5ee60602fea8f0e64e963323657798b8555ff7c4a772eb5a91e76b0311a4ebab3497cac0be8809a4ebca9c7153dbb167fd1c4c5b4615e193ce6160ee1fc776ed6674793e687c329c410edb55cbe5de9df062dd33afc91e119ceea28e3593fc2fc4d9cfabfffca9138c7889f8196b937440c43fe1e4aa7a3bac5caeb97ac32636c69119e9e0a292801b4c6836e251dbce3fea1095d335dc5e0365167d940d53813c7b33e44260dad363bd6d5efad783ce05cab62ea73a55644cc4a655b75250bb93837930466390f26f35bfef11317f5c811061201af0e9cbe51ecec06c787215c818da7bb95ff52c8ee8d963057b8d5340ad841981a6c6de4346d29bb72df40a05c6cf9af9a25837e4c2e50da9938cd0d13b16a300b98ee844e63084302d3e1f3409c2083f9e6bd988a31e5c844018ddd7f82765ee0e1521868f29d901d3950202b903a75a854a49c4bc2b6fc553c8a3f3efcd6898b7c82ca59a78f28612a3d191864fb8fe13425766ac1575f3851a26cdccbba7441a21e5bfe99139f25902fc445e038097b895e762deb9cb69da2e9a31ca9752968202a604dc32f2bd07b89b81513ae69702a900bde3a6a3999f06ed64bb41c105c825b917dab0b453315a34a6b64296cf0eaa4cffa3854bc4e4c1c8246f7ec89979000c52e56289bcee5784cc9fe31263d561301b94a1731e62aa0618688e0569da394a47fe70e7d85618fb363021121b91ba882f8e21fa6aabc4829f5952162949bb661cd80cf47150b8265af121b11c38df94f9dee7d7f2a65e046b1091c7f0b93bfaa87af75d9a2c03883cb5cbf3554d19b4a43a38628879b90f8a91f3a144f31b20dddf7657b02eb0278afaf2cc10899e17c2d8bede691fcaf930884af72aea6ed43fd1b02719df304fbd978c79304dbe0caf5b5ae415a3c0ff1890ba4996794b6449c2cdd893e0c7950faa09ffcfc91f44b5e031fdd79ba5a9fd5e84e9b0b51446ef6072dc3695cecac6346641beafdcb231a0d3ca1fe7a59bf9e59727414a4a56a9ae5c000eeb1b885a3d595f6b2bfa1b58bb1c45da97bd966fdd34b6473f3464953211368072e3e7814c4dd16644ae9c08b55d6abe5c241ec5ed5fc84d71f5074dd5e3d84cbb665806198a9879b93c2a9bdbc81e25f0ad3937bc113ca20604c5b3c79f534f64bb271c468b4a27e6e6c9e381ddfdd8277f4435c0cf4c9a1c2c5cfb77d5ef907d84bfd65a2cec449c2b00e2c2ed1fea3dff8163a09ef3859f71e2fef25cee0ba83eff02f2908a9696c4f6775d2e356832bc0848e5fd7b88456f459cd9345cb8aba5c3b91c3715cee0c310217431932b5c84bb84dc12a1b798f5c4df2dd2b80f7b6d362f4d1783fdf20c7af204d6656251bb9c9682dbab5be0959b9bc2dac52322e3e9fafc662fdfd732ac356279c6da3c854c52f190f0e26dd2fff88aadd94c93323ee7a9c3cbb9f03ff1473cd5aad6866048a3c30d529a8cfdc677b969b09c1991cbd407832ed6f7bef4aad220a8bc0e848bc884e223127ac68e10fe64840d7c747ad81ace75120436205a543abeb6fa6ad390ab4bf52561312ec75469b653f122b67556d3eadd54a55beb1c71409b5500231828715536ff0347d8efb75e70a2645a738552ba2c65346bc1e5c94e946aaca90f94ba8143d1906c716fbbc8616bbaf9be13d853c8a2fa137fd43cbdd671bb3054acbe7c09ea01a0ef97cce2c1dc830eb577a8232b55b0b79c9d0b3bd7da759dbe7a45416d6bc74c4ca32bef4493a0793422fc0cf91aed44f6f6a7ef69e422fc7ab446fca92b3c7b6f023b0da7a2d295f65bf060b901b287df29888575f13d309d6c927380cd362f52ba180c40a551267c0904cc01763e2f664a83899841b48ab16c2ec579204e67a307d22e93d896dec921e44d4e0d961e492c443f1bca13e3570cd115b44669cb526b8bba309ae2ec1fdd7db239d4fd3ae324bf2713780fe8a3d41f215cd25cf230cef4befb02ae073ca2c1eb0f732a9f23a00edc4f1ddc9b1685c1f5c1302be732603819b35091c8ef9bdfe2682a9b73ed4e6d93f0e1b0f0b98d5f726ff4fff58b55c4cc3b5a30918b8099021934ebe363dcb7b71fc15ee7af536a2dc39d37aeaaf98b17e315d977904f04dbd731623eaa7ad89322019be95e329d8552695f891e2b525f9b0fa7dc19b2ca15dc6c3b5df0a19566692b5d567109fda8f9aec591b5b1e19801e2286c7eb4ef8f668d482933281f7b5dfc41e8a958b560ac9611d9f1410fa6ac7c2bae87179b0e9cab", 0x1000)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000300)=[{&(0x7f0000000540)="8c0e994e8a891f7c1cc57b3a84a1b3835fb0dc758792a47b7f1e71a870efa00335bb0582d5066f82cbb66de5386adc290a41f6c04c90de8a2b04d7d3f54de2e98531fb4c7c329143c13a02a6de70ffdf5a171e10625afb67a6e8d0e18315a601e768ae154c8789c60bd576429aaa811bbe9ab08025f6f5fe90276ddb81db4df677b6e746c10577a565"}], 0x246, 0xfffffffffffffffd)

12:26:35 executing program 4 (fault-call:2 fault-nth:37):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:35 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

[ 1181.457296][ T5771] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1181.467697][ T5771] FAULT_INJECTION: forcing a failure.
[ 1181.467697][ T5771] name failslab, interval 1, probability 0, space 0, times 0
[ 1181.483490][ T5771] CPU: 1 PID: 5771 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1181.491493][ T5771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1181.501550][ T5771] Call Trace:
[ 1181.501574][ T5771]  dump_stack+0x172/0x1f0
[ 1181.501591][ T5771]  should_fail.cold+0xa/0x15
[ 1181.501607][ T5771]  ? fault_create_debugfs_attr+0x180/0x180
[ 1181.501624][ T5771]  ? page_to_nid.part.0+0x20/0x20
[ 1181.501639][ T5771]  ? ___might_sleep+0x163/0x280
[ 1181.501657][ T5771]  __should_failslab+0x121/0x190
[ 1181.501673][ T5771]  should_failslab+0x9/0x14
[ 1181.501684][ T5771]  kmem_cache_alloc_trace+0x2d3/0x790
[ 1181.501697][ T5771]  ? __kasan_check_write+0x14/0x20
[ 1181.501720][ T5771]  ? __mutex_unlock_slowpath+0xf8/0x6b0
[ 1181.513905][ T5771]  ? device_pm_check_callbacks+0x23/0x3f0
[ 1181.513923][ T5771]  kobject_uevent_env+0x387/0x1023
[ 1181.513946][ T5771]  kobject_uevent+0x20/0x26
[ 1181.524772][ T5771]  device_add+0xad8/0x17a0
[ 1181.524791][ T5771]  ? get_device_parent.isra.0+0x560/0x560
[ 1181.524804][ T5771]  ? start_creating+0x116/0x1d0
[ 1181.524823][ T5771]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1181.524839][ T5771]  hci_register_dev+0x2e8/0x8f0
[ 1181.524858][ T5771]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1181.524875][ T5771]  tty_ioctl+0xaf9/0x14f0
12:26:35 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x2)

[ 1181.524895][ T5771]  ? hci_uart_init_work+0x180/0x180
[ 1181.534750][ T5771]  ? do_tty_hangup+0x30/0x30
[ 1181.534768][ T5771]  ? tomoyo_path_number_perm+0x459/0x520
[ 1181.534795][ T5771]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1181.544654][ T5771]  ? tomoyo_path_number_perm+0x263/0x520
[ 1181.544673][ T5771]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1181.544691][ T5771]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1181.544712][ T5771]  ? __kasan_check_read+0x11/0x20
[ 1181.555355][ T5771]  ? do_tty_hangup+0x30/0x30
[ 1181.555372][ T5771]  do_vfs_ioctl+0xdb6/0x13e0
[ 1181.555388][ T5771]  ? ioctl_preallocate+0x210/0x210
[ 1181.555401][ T5771]  ? __fget+0x384/0x560
[ 1181.555415][ T5771]  ? ksys_dup3+0x3e0/0x3e0
[ 1181.555429][ T5771]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1181.555451][ T5771]  ? fput_many+0x12c/0x1a0
[ 1181.566286][ T5771]  ? tomoyo_file_ioctl+0x23/0x30
[ 1181.566304][ T5771]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1181.566318][ T5771]  ? security_file_ioctl+0x8d/0xc0
[ 1181.566333][ T5771]  ksys_ioctl+0xab/0xd0
[ 1181.566348][ T5771]  __x64_sys_ioctl+0x73/0xb0
[ 1181.566365][ T5771]  do_syscall_64+0xfd/0x6a0
[ 1181.566381][ T5771]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1181.566392][ T5771] RIP: 0033:0x459829
[ 1181.566413][ T5771] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1181.575297][ T5771] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
12:26:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18838, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1181.575311][ T5771] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1181.575318][ T5771] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1181.575326][ T5771] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1181.575334][ T5771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
[ 1181.575342][ T5771] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
12:26:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x200000000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:36 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x3)

12:26:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x2a2010000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:36 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x18839, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:36 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:36 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x300000000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1182.159549][ T6145] validate_nla: 15 callbacks suppressed
[ 1182.159558][ T6145] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
12:26:36 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r1, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1182.271868][ T6150] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1182.344170][ T6161] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1183.674871][  T637] Bluetooth: hci0: command 0x1003 tx timeout
[ 1183.680980][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1185.754922][  T637] Bluetooth: hci0: command 0x1001 tx timeout
[ 1185.761029][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1187.834936][   T22] Bluetooth: hci0: command 0x1009 tx timeout
12:26:45 executing program 4 (fault-call:2 fault-nth:38):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:45 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x5)

12:26:45 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1883a, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:45 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x3a2010000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:45 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:45 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
ioctl$VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000280)={0x5, @raw_data="76b1cc7f8d768b1ec5d365d5013a9d88251b59c498b4b6e5fad4f9f750853c6d1eef141e2321743b910543995962c75605c184139725478d783dc71550ea11fc955f223b7d49bafcd5d0021c7cc4d31a3b2759841cd16c010e9693f708f893744820818fbfe90c4bd148ac689dd3ae654339ffdcfb59fc378566274c7cde5e5be928d15640fb89d82ed3ffde0d2af5bc835743ec3a12ce1a2d28fda966622ec1edb8727680e7e6c3f65cfb2dd994cc5f18640efe75760aa565af7a99db08cf9931798bce78a562cd"})
pipe(&(0x7f0000000440)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
write(r3, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r4=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0)
vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1191.795163][ T6171] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
[ 1191.829637][ T6183] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1191.838835][ T6183] FAULT_INJECTION: forcing a failure.
[ 1191.838835][ T6183] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1191.852137][ T6183] CPU: 1 PID: 6183 Comm: syz-executor.4 Not tainted 5.3.0-rc1+ #105
[ 1191.852148][ T6183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1191.852161][ T6183] Call Trace:
[ 1191.852194][ T6183]  dump_stack+0x172/0x1f0
[ 1191.870247][ T6183]  should_fail.cold+0xa/0x15
[ 1191.870264][ T6183]  ? rwlock_bug.part.0+0x90/0x90
[ 1191.870280][ T6183]  ? fault_create_debugfs_attr+0x180/0x180
[ 1191.870301][ T6183]  ? trace_hardirqs_on+0x67/0x240
[ 1191.877914][ T6183]  should_fail_alloc_page+0x50/0x60
[ 1191.877928][ T6183]  __alloc_pages_nodemask+0x1a1/0x8f0
[ 1191.877945][ T6183]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1191.877959][ T6183]  ? __alloc_pages_slowpath+0x2520/0x2520
[ 1191.877974][ T6183]  ? fs_reclaim_acquire.part.0+0x30/0x30
[ 1191.877987][ T6183]  ? __kasan_check_read+0x11/0x20
[ 1191.878012][ T6183]  ? fault_create_debugfs_attr+0x180/0x180
[ 1191.887630][ T6183]  cache_grow_begin+0x90/0xd20
[ 1191.887646][ T6183]  ? kobject_uevent_env+0x387/0x1023
[ 1191.887662][ T6183]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1191.887676][ T6183]  kmem_cache_alloc_trace+0x6b3/0x790
[ 1191.887688][ T6183]  ? __kasan_check_write+0x14/0x20
[ 1191.887705][ T6183]  kobject_uevent_env+0x387/0x1023
[ 1191.887728][ T6183]  kobject_uevent+0x20/0x26
[ 1191.898741][ T6183]  device_add+0xad8/0x17a0
[ 1191.898759][ T6183]  ? get_device_parent.isra.0+0x560/0x560
[ 1191.898771][ T6183]  ? start_creating+0x116/0x1d0
[ 1191.898789][ T6183]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1191.898806][ T6183]  hci_register_dev+0x2e8/0x8f0
[ 1191.898824][ T6183]  hci_uart_tty_ioctl+0x87e/0xc00
[ 1191.898846][ T6183]  tty_ioctl+0xaf9/0x14f0
[ 1191.909421][ T6183]  ? hci_uart_init_work+0x180/0x180
[ 1191.909438][ T6183]  ? do_tty_hangup+0x30/0x30
[ 1191.909455][ T6183]  ? tomoyo_path_number_perm+0x459/0x520
[ 1191.909474][ T6183]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1191.909497][ T6183]  ? tomoyo_path_number_perm+0x263/0x520
[ 1191.921449][ T6183]  ? tomoyo_execute_permission+0x4a0/0x4a0
[ 1191.921468][ T6183]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1191.921488][ T6183]  ? __kasan_check_read+0x11/0x20
[ 1191.921511][ T6183]  ? do_tty_hangup+0x30/0x30
[ 1191.932185][ T6183]  do_vfs_ioctl+0xdb6/0x13e0
[ 1191.932203][ T6183]  ? ioctl_preallocate+0x210/0x210
[ 1191.932217][ T6183]  ? __fget+0x384/0x560
[ 1191.932233][ T6183]  ? ksys_dup3+0x3e0/0x3e0
[ 1191.932257][ T6183]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1191.942817][ T6183]  ? fput_many+0x12c/0x1a0
[ 1191.942836][ T6183]  ? tomoyo_file_ioctl+0x23/0x30
12:26:46 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x6)

[ 1191.942854][ T6183]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1191.942869][ T6183]  ? security_file_ioctl+0x8d/0xc0
[ 1191.942890][ T6183]  ksys_ioctl+0xab/0xd0
[ 1191.954447][ T6183]  __x64_sys_ioctl+0x73/0xb0
[ 1191.954466][ T6183]  do_syscall_64+0xfd/0x6a0
[ 1191.954483][ T6183]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1191.954494][ T6183] RIP: 0033:0x459829
[ 1191.954516][ T6183] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1191.965065][ T6183] RSP: 002b:00007fce0525ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1191.965079][ T6183] RAX: ffffffffffffffda RBX: 00007fce0525ac90 RCX: 0000000000459829
[ 1191.965087][ T6183] RDX: 0000000000000004 RSI: 00000000400455c8 RDI: 0000000000000003
[ 1191.965095][ T6183] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000
[ 1191.965103][ T6183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce0525b6d4
12:26:46 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1883b, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

[ 1191.965110][ T6183] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004
[ 1192.032871][   T21] Bluetooth: hci0: Frame reassembly failed (-84)
12:26:46 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x400000000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:46 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:46 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x7)

[ 1192.284240][ T6424] netlink: 'syz-executor.5': attribute type 13 has an invalid length.
12:26:46 executing program 1:
socket$inet_tcp(0x2, 0x1, 0x0)
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x303000, 0x0)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
write(r2, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r0, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r3=>0x0})
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0)
r4 = getpid()
vmsplice(r2, &(0x7f00000003c0)=[{&(0x7f0000000280)="6d9df52ff4511fed7c1667816a0e97800a89635e5698706c14e0fbf44b67e1c741e56ca8f0c188fbae1a62c2a3f1c7284f89f60a43fff1eecada41d33d87877e183994fb3bf966aed40f230780b805ba9161d042baeb7be7e4432dbc9f65e1f78b45352033562df6cfc7bede3a59cc8efb701358af85eb2d397248dc8b221bf9331bb0ccb4e75baaf45b264108332227248202e7cb7b22da4807ebc17007ad73a319a1d4e9663948f0c53557115cbad8d0ce4cee1036eb9ecd8d5d6c830fa4f33a65a9e7d4a8a82bb718d923fa3422f9cc8832aa92572d", 0xd7}, {&(0x7f0000000480)="743617dd1d6b93a1ac9420254269b3798efe5e9c99ca7f5dab7dfd5a56aff6e5a16657b38a9b9253487a60b84414a6c8a0565743cf1d83e9c8a3b70ced2d8927e3eb4b87dc44ec24ae4c2eb0aa372735ec899e436d729b8fee67350b9a1301a35313caca07286ae06c7bba712f092c0175b6c78a5de2bfbc7c79eb63fd5bc7eed72accd22fb78710ef46ced8b14e4dba45685a278afc504fdeead7185001f0c618431aa878bba3199434cdeb16f171d3cb", 0xb1}], 0x2, 0x1)
ptrace$peekuser(0x3, r4, 0x8001)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000280), 0x3528a9c0}], 0xffffffffffffdd9, 0x0)

[ 1192.382633][ T6430] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[ 1192.486073][ T6449] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1194.074889][T14328] Bluetooth: hci0: command 0x1003 tx timeout
[ 1194.081513][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1196.154927][    T5] Bluetooth: hci0: command 0x1001 tx timeout
[ 1196.161055][T11860] Bluetooth: hci0: sending frame failed (-49)
[ 1198.234898][T14328] Bluetooth: hci0: command 0x1009 tx timeout
12:26:56 executing program 4 (fault-call:2 fault-nth:39):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x4)

12:26:56 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x4a2010000000000, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:56 executing program 3:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$KDADDIO(r0, 0x400455c8, 0x8)

12:26:56 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x1883c, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x400d}]}}}]}, 0x3c}}, 0x0)

12:26:56 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x4016}]}}}]}, 0x3c}}, 0x0)

12:26:56 executing program 1:
r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/qat_adf_ctl\x00', 0x2001, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, &(0x7f00000003c0)={'HL\x00'}, &(0x7f0000000400)=0x1e)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x20200, 0x0)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000280)={&(0x7f0000fe6000/0x3000)=nil, 0x3000}, &(0x7f0000000300)=0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x200001, 0x0)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x40, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000480)={0x1, 0x6, 0x1})
getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000500)={<r4=>0x0, 0x80000001, 0x30}, &(0x7f0000000540)=0xc)
getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000580)=@assoc_id=r4, &(0x7f00000005c0)=0x4)
syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, &(0x7f00000001c0)="66b8bd008ec0420f01c40f30640f300fc79b02ec000067410f07470f2003c4a1245c11400f30b8010000000f01c1", 0x2e}], 0x1, 0x4, 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0)
pipe(&(0x7f0000000440)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
write(r6, &(0x7f0000000340), 0x41395527)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000100)='/dev/rfkill\x00', 0x0, 0x0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000004c0)=<r7=>0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x1f, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x13949276, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r7, 0x0, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
clock_gettime(0x0, &(0x7f0000000380)={0x0, <r8=>0x0})
accept4(r2, 0x0, &(0x7f0000000600), 0x800)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r8+30000000}, 0x0)
vmsplice(r5, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)

[ 1202.698344][ T6579] netlink: 'syz-executor.0': attribute type 22 has an invalid length.
[ 1202.707703][ T6576] debugfs: Directory 'hci0' with parent 'bluetooth' already present!
[ 1202.730306][T15374] ------------[ cut here ]------------
[ 1202.736344][T15374] WARNING: CPU: 1 PID: 15374 at drivers/tty/tty_ioctl.c:319 tty_set_termios.cold+0x11/0x23
[ 1202.743193][ T6585] kobject: 'hci1' (000000002faeb79e): kobject_uevent_env
[ 1202.746327][T15374] Kernel panic - not syncing: panic_on_warn set ...
[ 1202.746342][T15374] CPU: 1 PID: 15374 Comm: kworker/u5:2 Not tainted 5.3.0-rc1+ #105
[ 1202.746349][T15374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1202.746367][T15374] Workqueue: hci0 hci_power_on
[ 1202.746374][T15374] Call Trace:
[ 1202.746393][T15374]  dump_stack+0x172/0x1f0
[ 1202.746408][T15374]  ? tty_unthrottle_safe+0x90/0x17d
[ 1202.746422][T15374]  panic+0x2dc/0x755
[ 1202.746434][T15374]  ? add_taint.cold+0x16/0x16
[ 1202.746458][T15374]  ? __kasan_check_write+0x14/0x20
[ 1202.769128][ T6585] FAULT_INJECTION: forcing a failure.
[ 1202.769128][ T6585] name failslab, interval 1, probability 0, space 0, times 0
[ 1202.778228][T15374]  ? __warn.cold+0x5/0x4c
[ 1202.778241][T15374]  ? __warn+0xe7/0x1e0
[ 1202.778257][T15374]  ? tty_set_termios.cold+0x11/0x23
[ 1202.778270][T15374]  __warn.cold+0x20/0x4c
[ 1202.778284][T15374]  ? tty_set_termios.cold+0x11/0x23
[ 1202.778300][T15374]  report_bug+0x263/0x2b0
[ 1202.778314][T15374]  do_error_trap+0x11b/0x200
[ 1202.778328][T15374]  do_invalid_op+0x37/0x50
[ 1202.778340][T15374]  ? tty_set_termios.cold+0x11/0x23
[ 1202.778351][T15374]  invalid_op+0x23/0x30
[ 1202.778365][T15374] RIP: 0010:tty_set_termios.cold+0x11/0x23
[ 1202.778379][T15374] Code: ef e8 46 0b 2c fe e9 e8 fe ff ff e8 3c 0b 2c fe eb ae e8 35 0b 2c fe eb 84 e8 3e f4 f1 fd 48 c7 c7 60 d3 d0 87 e8 86 94 db fd <0f> 0b e9 d5 d5 ff ff 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5
[ 1202.778386][T15374] RSP: 0018:ffff88805005f978 EFLAGS: 00010282
[ 1202.778396][T15374] RAX: 0000000000000024 RBX: ffff88805005fa38 RCX: 0000000000000000
[ 1202.778413][T15374] RDX: 0000000000000000 RSI: ffffffff815c5bd6 RDI: ffffed100a00bf21
[ 1202.783892][ T6579] kobject: 'bond967' (000000004adc1988): kobject_add_internal: parent: 'net', set: 'devices'
[ 1202.786535][T15374] RBP: ffff88805005fa60 R08: 0000000000000024 R09: fffffbfff134ac80
[ 1202.786543][T15374] R10: fffffbfff134ac7f R11: ffffffff89a563ff R12: ffff88805005faa0
[ 1202.786549][T15374] R13: 0000000000010004 R14: 1ffff1100a00bf4e R15: ffff888032257680
[ 1202.786575][T15374]  ? vprintk_func+0x86/0x189
[ 1202.786591][T15374]  ? tty_set_termios.cold+0x11/0x23
[ 1202.786604][T15374]  ? hci_dev_do_open+0xa7/0x1940
[ 1202.786617][T15374]  ? tty_wait_until_sent+0x580/0x580
[ 1202.786642][T15374]  ? __mutex_lock+0x3da/0x1340
[ 1202.796027][ T6579] kobject: 'bond967' (000000004adc1988): kobject_uevent_env
[ 1202.796269][T15374]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1202.807967][ T6579] kobject: 'bond967' (000000004adc1988): fill_kobj_path: path = '/devices/virtual/net/bond967'
[ 1202.809922][T15374]  ? tty_termios_encode_baud_rate+0x3ca/0x4e0
[ 1202.809944][T15374]  hci_uart_set_baudrate+0x157/0x1c0
[ 1202.809957][T15374]  ? hci_uart_set_speeds+0x90/0x90
[ 1202.809980][T15374]  ? cpuacct_charge+0x1db/0x360
[ 1202.839852][ T6579] kobject: 'queues' (0000000052261c01): kobject_add_internal: parent: 'bond967', set: '<NULL>'
[ 1202.840609][T15374]  ? __kasan_check_read+0x11/0x20
[ 1202.840638][T15374]  hci_uart_setup+0xa2/0x4a0
[ 1202.856371][ T6579] kobject: 'queues' (0000000052261c01): kobject_uevent_env
[ 1202.859500][T15374]  ? hci_uart_set_baudrate+0x1c0/0x1c0
[ 1202.859516][T15374]  hci_dev_do_open+0x3e3/0x1940
[ 1202.859530][T15374]  ? hci_rx_work+0xae0/0xae0
[ 1202.859550][T15374]  ? trace_hardirqs_off+0x62/0x240
[ 1202.877769][ T6579] kobject: 'queues' (0000000052261c01): kobject_uevent_env: filter function caused the event to drop!
[ 1202.895354][T15374]  ? __kasan_check_read+0x11/0x20
[ 1202.895372][T15374]  ? process_one_work+0x89d/0x1740
[ 1202.895387][T15374]  ? mark_held_locks+0xf0/0xf0
[ 1202.895403][T15374]  hci_power_on+0x12d/0x680
[ 1202.895416][T15374]  ? hci_error_reset+0xf0/0xf0
[ 1202.895429][T15374]  ? lock_acquire+0x190/0x410
[ 1202.895440][T15374]  ? process_one_work+0x8c1/0x1740
[ 1202.895452][T15374]  ? trace_hardirqs_on+0x67/0x240
[ 1202.895466][T15374]  process_one_work+0x9af/0x1740
[ 1202.895484][T15374]  ? pwq_dec_nr_in_flight+0x320/0x320
[ 1202.895496][T15374]  ? lock_acquire+0x190/0x410
[ 1202.895526][T15374]  worker_thread+0x98/0xe40
[ 1202.895546][T15374]  ? trace_hardirqs_on+0x67/0x240
[ 1202.924252][ T6579] kobject: 'rx-0' (00000000b05fe021): kobject_add_internal: parent: 'queues', set: 'queues'
[ 1202.927738][T15374]  kthread+0x361/0x430
[ 1202.927754][T15374]  ? process_one_work+0x1740/0x1740
[ 1202.927768][T15374]  ? kthread_cancel_delayed_work_sync+0x20/0x20
[ 1202.927783][T15374]  ret_from_fork+0x24/0x30
[ 1202.936762][T15374] Kernel Offset: disabled
[ 1203.178768][T15374] Rebooting in 86400 seconds..