last executing test programs:

2.700903115s ago: executing program 2:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

2.311454809s ago: executing program 3:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='rpc_xdr_alignment\x00'}, 0x10) (async)
r0 = socket$unix(0x1, 0x2, 0x0) (async)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
close(r1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000000080)={0x9, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108) (async)
setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f0000000440)={0x9, {{0x2, 0x0, @multicast2}}, 0x0, 0x2, [{{0x2, 0x0, @local}}, {{0x2, 0x0, @remote}}]}, 0x190) (async)
unshare(0x2c060000)
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x15, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000071101700000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) (async)
unshare(0x24020400) (async)
bind$unix(r0, &(0x7f0000000000)=@file={0x1, './file0\x00'}, 0x6e) (async)
bind$unix(r0, &(0x7f00000000c0)=@abs={0x1, 0x2e}, 0x6e)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000780)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a0, 0x170, 0xd0, 0x8, 0x170, 0x5803, 0x2d0, 0x2e8, 0x2e8, 0x2d0, 0x2e8, 0x3, 0x0, {[{{@ipv6={@local, @private1, [], [], 'pim6reg0\x00', 'veth0\x00'}, 0x0, 0x108, 0x170, 0x0, {0x0, 0x2000000000000}, [@common=@srh={{0x30}}, @common=@frag={{0x30}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x3, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0x118, 0x160, 0x0, {}, [@common=@unspec=@limit={{0x48}}, @inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1}, 0x48) (async)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) (async)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000890a00000000000000030000850000007b00000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x25) (async)
r6 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r6, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r7 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
bind$tipc(r6, 0x0, 0x0) (async)
bind$tipc(r6, 0x0, 0x0) (async)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="18100000000000000000cb5d5330482166fd7588", @ANYRES32=r4], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f00000002c0)='kmem_cache_free\x00', r8}, 0x10) (async)
socket$tipc(0x1e, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)

2.268781603s ago: executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r2, &(0x7f0000000480), 0x8)
listen(r2, 0x0)
bind$bt_sco(r1, &(0x7f0000000040)={0x1f, @none}, 0x8)
listen(r1, 0x0)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'macvlan0\x00', <r4=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="5c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800c0001006d6163766c616e00240002800800010010000000100005800a000400d8928afb70280000000000000300000008000500", @ANYRES32=r4, @ANYBLOB], 0x5c}}, 0x0)

2.073217504s ago: executing program 3:
socket$inet6(0xa, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x8000)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socket(0x10, 0x3, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010000300"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000140012800b00010067656e6576650000040002800c001a"], 0x40}, 0x1, 0x2}, 0x0)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
socket$inet_tcp(0x2, 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x3, 0x0, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
unshare(0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0xffffffe1, 0x3, 0x1, 0x2000, 0xffffffffffffffff, 0x4}, 0x48)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x21, &(0x7f0000000000)=0x101, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0x3, &(0x7f0000000200)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(0xffffffffffffffff, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)

2.026803325s ago: executing program 2:
r0 = socket$key(0xf, 0x3, 0x2)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0207a20802"], 0x10}, 0x1, 0x800000000000000}, 0x0)

1.806475521s ago: executing program 3:
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000a40)="0036d551863e1902129da79f5986e05288f50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a0eab976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd", 0x60}, {&(0x7f0000000d40)="316f825a3d29f96a2093a917017b4cd300000000bee70035ed313e19d6dd1fb41a20baf7f7343067fd40cdd4b16742e94b62f4eb1c5d9faab7f3028100ae8180db94b9de7456ae62b0e6fe7766a0842912179154a96fa88e161d4adf77a486e10d1d50e44155790748b7226fa4bb5d77e85729336ba6369a4c33ac53b45d46a92db9fda99af4429dc23db6a1706328df4e75eb173a81bd4af8b89d1870c9b2382a759d67b1cd03b076bf90286b63eb7aaea4cbb1280955e9a59cd8e5e8ac68c27da3d542aece1ba7920e8f39b270458224e74afa52db1ac07f7cce47d5e8ce5b2806ff7171c64a689a0ba35e934506a46a10b9a579dc43630831e2c5400853b58e020c9cb65e44d4957b00ed35a858d44b25d5b8dad1be420467333d9ce17dddc425dad69c4c9395a5c170170a4fa63091786e2a563e3d5982a73c15edf854046e1a33b2728e74c856a58ba74c80f4f4166ac51d720f507c2c205ef5a04370c77928dfde47e15d533060084d4fc271eab837367369218b1bfc59752696396f49c2f58268", 0x184}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af", 0xf}], 0x3}}], 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
sendmsg$inet(r0, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000000)="14fafa37bf25f04bda99eefbbdd8d76b8136ee6cfdee25bdb2d1873ce3716347c7b623dd3140cfb2326fa1bf9f1dc2335eeba254f45aefdb3c49a4e7ff0600d7181180bde98af644", 0x48}, {&(0x7f0000000240)="16a6fca1943502d7ac24a672321690c0215b73b201e67576ef51abd7cb2bcd21ebc41893e255eea9bba2639084f4dec0", 0x30}, {&(0x7f0000000580)="c3e361cabaa484b0c035139c64932a377f926342f6b052b6a3b273c187a5e0c26fe049092a54eb9b6be2ac2df69e6a36fad43d88851aa162b6aa0d4734e36aad318ea99586ca9f642920068473af2e996703149f0c13bcfae9beeb8d0db1a62525fe8d35518c4f382090dae83362e60a49", 0x71}, {&(0x7f0000000800)="8434335f69e5291f7ebbc2424bb7eea9d44b70e56528c2f93c4ad4f9343e78f0ab4905fd5197956540e7a587c2206b3d04eb4e90b30000", 0x37}, {&(0x7f0000001500)="93f60bfae50c637bbb9c6bb78105f5bde1e388decf21945e56c5550eee2dd10fb527bb872344b14de696150c1f51469302ce85f9b92c15f9df515c36940a55cb9dc1a534ad973b488ce689935f1759c0b4a3927a7e0a3ddf404502fe86cc67b9ccbad1d766edbaffca46c81c506e0791ac55674ab2", 0x75}, {&(0x7f0000001600)="33ead8faf8975e779a5c4eb8cb4ba0326593b765503aa86eef1ef9a0de1e75b488ff9e0172e5b60b9d8b630d1a62cdb3d6ab17e67a02037d", 0x38}, {&(0x7f00000019c0)="a8bb606b6fba2acf1bd30c67ae5f93f921695ba2c79d5d8a5d22108bb35af87c5b64b1d4e244cc1cce138b3c7d34c9a365e53ad1979fc2780dc50747e8ecc1a8a224fe921caa7c202fcce1810b2cd1219b1509722125fe968632797047a8b6274a450e7131f7c1ebff6afc9953a971a06fe98093d501ae8846a3d62e315e87b73929e9774a48f86b28c8c4852f02ba07ce97a6857b612c27cd16ade2806489b9229a8bd3c09d94725e89eedf6391d08b12401a280d9808894bd4bc9c48ab5c6a9bb8c014b858e280eefbab8828bde3803a196c6b51aa4f03b5", 0xd9}, {&(0x7f0000001ac0)="81ddf2e3380602a6fc3d7dad59d2d331908db12ccc6d34dd59d2475deb65aa2e2a83fe9f4c50b5c95d58c84548dbe6754c9b69554099ffd50264964936bb945c098ae3d0f43b67aba9905db34827853f7ce1420c25f91e932a8deea5c55c1eb87d087a9b422f0c298e18d76eca62bd122d1a619df2931ce16ef6dd88af0e1106224651bc49841ea4e0105e6b93563d40cc2ef9ba3fc3064f44695403f9297f2ae94be22bef0296ac8ccccfb46a70e3b8bba2c114e31c700b06df75a7e4a41e2d4a23532f9bc5a3a16a87c4a7e36a8265638559479b05236aa3e232f3c823dffcce9062df4139fca24b51495670e2e9c8bb9af2ef6d693eb9cde56edc603f58e11d3313ae1efcbfa119e8e5988f9c65307b9936b398db987d24077b5cee9fd5d2b85df56bf9873e0b43478c4727322ec77f998a8f4ba1b7007c6a6fa8d247932177ae713ef398eb3709ed3c9042cd1a0cf766d99b9c40db9a113d47c30482d0f42e9adae2ea436ed31c2a2cef18aa132a56096c88b6a5fcc0ff3930bde8cc653affa3f40a5853fe8b9b99c5f95cbc76bf65b6407225a526e6413d9bbc8da3e2f19ac4aa541ef197e994118622168465fc5eb2ee481129d42d4b4e44dd7972b7cba47d4b6338e2ae8cb68300a574c62529591b44ef45a437c4c6691e4bda5cdac90d1aada48da977556165cd315dc5bc32a53f31d2c9c2cdd1a4fad990f946101b2743512c1956e18802c55096a425c487e4d73ae246c5813a034510b3ae3c7fe6940453594e23af591bb97ad9e6dc7e386388e907ab13af4ba44cd0d81be4ce7673db0425480cb66f595feb5da47ecfbbdf5b2fac575f043ce159f0f16ddfe99ce9ea4911a19ee6d8d78eeaa196d8b46182e0c6a7501e21c7a563871755c2d93ead54a8b9d86c6f5a18c87f7998ce42b2d669f934a4582801ef32e2fbb4f118804a498734ad8d51d0769ff0e3e413e35ed2dcd0d04d3d85c27783b74b7f353de305d94e31771d53624623bd0f3f3784e4e6061a3ef755c31d82940cb0b486cc4870aad78e73644917d525d4b1a1189ca7f806d5ed6794f9bcbfb668c65adcefa57d886b21d5606e5a9e73ae4400dcffccbee85734488962e768776d353ac3520faa3707d5a7e966ecc2c7edf31d31a1e36bee4cee5f718e523b4dad42fdc5d94dc9c6682a41a7b6fa9ceda240ba05ad8a1165cb718f86c68355c73c4b9cfd60edeef30a4da817011d25c7f17f8dd21064351f9de2ed3a1b0be052ebd9416baa6dbe784bc02e8e2a640e32abae4a838a58d738e4f45b8f6cebc4887152c02bf0ba6147a7ec", 0x3a4}], 0x8, 0x0, 0x0, 0x4102}, 0x0)

1.770506579s ago: executing program 4:
r0 = socket$inet(0x2, 0x0, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

1.710567116s ago: executing program 1:
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @vti={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_VTI_REMOTE={0x8}, @vti_common_policy=[@IFLA_VTI_FWMARK={0x8}]]}}}]}, 0x40}}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$SIOCPNGETOBJECT(r3, 0x89e0, &(0x7f0000000100)=0x1000)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_DQ_RATE_ESTIMATOR={0x8}, @TCA_FQ_PIE_BYTEMODE={0x8}]}}]}, 0x44}}, 0x0)

1.626411737s ago: executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x8, 0x2, 0x4}, 0x48)
close(r1)
close(0xffffffffffffffff)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x7}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c3a00000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000080000850000000600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r7, 0x114, 0x8, &(0x7f0000000000), 0x4)
bind$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="0118004faec8e642f8dcaf9f95ad0aaed43d92b3141a154ce612def3c6ac4ddec1bace07532221df7173adde039e9dece1407c71aa8874da5d7f9077a4c58c06b79b133a08d87c2c26a642887876a6491b1eb4d54dfb2df89bb95585cd8a3f31e46dbe2cfee6ac03b8b6e66e88a544509aa0d75d0b6533018614", @ANYRES32=r8, @ANYBLOB="0c00990000000000390000000800b70000000000"], 0x30}}, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
r10 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r11 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="010000000000000000002e0000000c000580"], 0x34}}, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000d80)={<r12=>r3, 0x0, 0x1, 0x800})
sendmsg$NL80211_CMD_SET_BSS(r12, &(0x7f0000002640)={&(0x7f0000002240), 0xc, &(0x7f0000002600)={&(0x7f0000002400)={0x3c, r5, 0x2, 0x70bd27, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0xad}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x8}, @NL80211_ATTR_P2P_OPPPS={0x5}, @NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x7}, @NL80211_ATTR_P2P_CTWINDOW={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x440d1}, 0x800)
r13 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0xc0241, 0x0)
ioctl$TUNSETIFF(r13, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r14 = socket$kcm(0x2, 0xa, 0x2)
recvmmsg$unix(r4, &(0x7f0000002440)=[{{&(0x7f0000000340)=@abs, 0x6e, &(0x7f0000000680)=[{&(0x7f0000000580)=""/166, 0xa6}, {&(0x7f0000000640)=""/37, 0x25}], 0x2, &(0x7f00000006c0)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000000700), 0x6e, &(0x7f0000000a80)=[{&(0x7f0000000780)=""/146, 0x92}, {&(0x7f00000008c0)=""/90, 0x5a}, {&(0x7f0000000940)=""/122, 0x7a}, {&(0x7f0000000a40)=""/36, 0x24}], 0x4, &(0x7f0000000b00)=[@cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xa0}}, {{&(0x7f0000000bc0), 0x6e, &(0x7f0000000cc0)=[{&(0x7f0000000c40)=""/26, 0x1a}, {&(0x7f0000000c80)=""/14, 0xe}], 0x2}}, {{&(0x7f0000000d00)=@abs, 0x6e, &(0x7f0000000dc0)=[{&(0x7f0000000d80)}], 0x1, &(0x7f0000000e00)=[@cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x190}}, {{0x0, 0x0, &(0x7f0000002080)=[{&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000001fc0)=""/164, 0xa4}], 0x2}}, {{&(0x7f00000020c0)=@abs, 0x6e, &(0x7f00000023c0)=[{&(0x7f0000002140)=""/206, 0xce}, {&(0x7f0000002240)}, {&(0x7f0000002280)=""/127, 0x7f}, {&(0x7f0000002300)=""/138, 0x8a}], 0x4, &(0x7f0000002400)}}], 0x6, 0x40002020, &(0x7f00000025c0)={0x77359400})
ioctl$SIOCSIFHWADDR(r14, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r13, &(0x7f0000000ac0)=ANY=[@ANYBLOB="022786dd020028000300300000006000000601002f0081e949b938a9bc3b0000000000007d01ff02000000000000000000000000000112"], 0xfdef)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r9, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x2c, 0x3, 0x1, 0x5, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x4, 0x1, @remote}, {0x8, 0x2, @remote}}}]}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000004c0)=@newtaction={0x8c, 0x30, 0xb, 0x0, 0x0, {}, [{0x78, 0x1, [@m_ct={0x74, 0x1, 0x0, 0x0, {{0x7}, {0x4c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x5}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @dev}}, @TCA_CT_NAT_IPV6_MAX={0x14, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x8c}}, 0x0)

1.440616554s ago: executing program 0:
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet(0x2, 0x4000000805, 0x0)
listen(r1, 0x0)
sendmmsg(r1, &(0x7f0000000e40)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local}, 0x80, &(0x7f0000000300)=[{&(0x7f00000000c0)="ae", 0x1}], 0x1}}], 0x1, 0x0)
socket(0x10, 0x803, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000180)={{0x2, 0x0, @remote}, {0x20000010304, @broadcast}, 0x4, {0x2, 0x5c, @multicast1=0xe000cc02}})

1.398930019s ago: executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}, [@printk={@lli, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000040)='syzkaller\x00', 0xd, 0xfe7, &(0x7f0000001e00)=""/4071}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x13, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c1300000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000048aa0080850000002d0000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='ext4_mark_inode_dirty\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00', r3}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)

1.366502741s ago: executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r1, &(0x7f0000000280)={@val={0x0, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x700, 0x0, 0x700, {[@window={0xa, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWFLOWTABLE={0x58, 0x16, 0xa, 0x203, 0x0, 0x0, {0x2}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x2c, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x1, 'syz_tun\x00'}]}]}]}], {0x14}}, 0x80}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000880)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x4}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_MACSEC_INC_SCI={0x5}, @IFLA_MACSEC_ES={0x5, 0xa, 0xf7}]}}}]}, 0x44}}, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000002c40)={0xd, 0xf, &(0x7f00000007c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0xbb}}, {}, [], {{}, {0x5}}}, &(0x7f00000010c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_emit_ethernet(0x32, &(0x7f0000001500)={@local, @random="bf7d132b5a64", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x8, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8}, 0x48)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r7}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r6}, &(0x7f0000000040), &(0x7f0000000500)}, 0x20)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x800, 0x0, 0x103, 0x1}, 0x20)
sendmsg$inet6(r5, &(0x7f0000000100)={&(0x7f0000000040)={0xa, 0x4e24, 0x0, @dev}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='`\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x00\v\x00\x00\x00\x00\b'], 0x60}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x16, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509011f00000000950000000000000018100000", @ANYRES32, @ANYBLOB="000000000000000018120000", @ANYRES32, @ANYBLOB="000000e8ff000000b703000000000000850000020c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x90)
socket$netlink(0x10, 0x3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r8 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="10000000110c01"], 0x10}}, 0x0)
unshare(0x22020600)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
r10 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='sched_process_wait\x00', r9}, 0x10)
bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r10}, 0x8)

1.345075759s ago: executing program 4:
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x0, 0x1}, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x5452, &(0x7f0000000000)={'vxcan0\x00'})
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
close(r0)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0xda00)

1.228782039s ago: executing program 0:
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x80002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x800000003, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x3, 0x0)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="441200001000010400"/20, @ANYRES32=0x0, @ANYBLOB="1100010000000000140012800c0001006d6163766c616e000400028008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0)

1.221056351s ago: executing program 1:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99bfa00180133070000000f0000bd30", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000001800)=[{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)="0bd905ef33ee288dc4ef47", 0xb}, {&(0x7f00000001c0)="75bbf8406512d05b5f0d20e228166f9c4e9e6b75da", 0x15}], 0x2, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000002c0)=""/30, 0x1e}, {&(0x7f0000003980)=""/4103, 0x2}], 0x2}}], 0x1, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x1}, 0x48)
close(r2)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r3}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000400)={<r4=>0xffffffffffffffff})
sendto(r4, &(0x7f0000000440)="7a89f6a2810cff39265d49ce40df3440789b5422293d415d38b32044e0e53b021dc2e38a886dbc65ee84f3e881b70df855483cf12e2cd447d409d88b74aec944f97ca7cc898e438c2e5b30f3513dfbc225f1ebc49cf071f567826c89c9d5016fc2fe2c6740e2b2d362632cbc5f5b3e54560b1ea3116e639624f791b99e3f2ab4a770bec51e23be71b0d71b235b714f4dde3f48deb0d64957a5e6f40562712c01361c6e96c1ad661146062753bee8bbb3614b84bf1001cdbcaf4b723ebee61989556f050eb9306da35bd2540b13f779bb1b361698cc62c48c836521e9d0713a91e31568d5f878e17235cc41627afa04005c", 0xf1, 0x4000000, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
r5 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0xe0, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c)

1.218237151s ago: executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
write$tun(r0, &(0x7f0000000540)={@val={0x8}, @val={0x0, 0x68}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x2, 0x0}, @broadcast}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}, 0x36)

1.087464539s ago: executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000006c0)=@raw={'raw\x00', 0x8, 0x3, 0x12e8, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xfffffffe, 0x1218, 0xffffffff, 0xffffffff, 0x1218, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@loopback, @loopback, [], [], 'vcan0\x00', 'ip6tnl0\x00'}, 0x0, 0xd0, 0xf0, 0x60030000, {0x0, 0xff000000}, [@common=@hl={{0x28}}]}, @unspec=@TRACE={0x20}}, {{@ipv6={@dev, @dev, [], [], 'batadv_slave_0\x00', 'netpci0\x00', {}, {}, 0x87}, 0x0, 0x1100, 0x1128, 0x0, {}, [@common=@mh={{0x28}, {"d75b", 0xfd}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x0, 0x0, 0x0, './cgroup.cpu/syz0\x00'}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x1348)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000008000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r4}, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_int(r7, &(0x7f0000000080)='cpuset.mems\x00', 0x2, 0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r8, &(0x7f0000000200)={0x80000019})
epoll_wait(r9, &(0x7f0000000240)=[{}], 0x1, 0x0)
sendmsg$SMC_PNETID_DEL(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={0x28, r6, 0x1, 0x0, 0x0, {0x2, 0x2, 0x2}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'erspan0\x00'}]}, 0x28}, 0x1, 0x40030000000000}, 0x0)
pipe(&(0x7f00000000c0)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r11, 0x0, 0x0, 0x0)
tee(r10, r3, 0x8, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0)

1.086572144s ago: executing program 0:
syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0), 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0x2, 0x4}, 0x6)
ioctl$HCIINQUIRY(r0, 0x800448f0, &(0x7f00000000c0)={0xffffffffffffffff, 0x375, "d9e67b", 0x7, 0xd3})
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
write(r0, &(0x7f0000000000)="2e0004f4010001", 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x0, 0x800}, 0x20)
socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000140)=0x20, 0x4)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'})
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f00000003c0)=0x40, 0x4)
setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000100)=0x20, 0x4)
bind$xdp(r1, &(0x7f00000002c0), 0x10)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}}], 0x1, 0x840)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000240)="6e6dcf1c6013d183c52d8612d6e22c")
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0x3, 0x3}, 0x6)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x3c1, 0x3, 0x2f8, 0x120, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x278, 0x20a, 0x278, 0x278, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00'}, 0x0, 0xa8, 0xd0}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@ipv6={@loopback, @private1, [], [], 'veth1_to_hsr\x00', 'pim6reg1\x00'}, 0x0, 0xf0, 0x158, 0x0, {}, [@common=@unspec=@nfacct={{0x48}, {'syz1\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x358)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_ENTRIES(r3, 0x29, 0x41, &(0x7f0000000800)={'security\x00', 0x4, "38b15cb0"}, &(0x7f00000008c0)=0x2c)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, &(0x7f0000000140))
ioctl$sock_bt_hci(r0, 0x400448df, &(0x7f00000001c0))
socket$igmp6(0xa, 0x3, 0x2)

1.064464026s ago: executing program 1:
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_VENDOR(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x4c, r1, 0x100, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x56}, @val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_VENDOR_DATA={0xd, 0xc5, "d3bdfc936323cd4404"}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0xfffffff8}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x3}, @NL80211_ATTR_VENDOR_SUBCMD={0x8, 0xc4, 0x21}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4008880}, 0x8080)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0xf5, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000800012000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000058000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0c00098008000140ffffff1f0800084000000001080003000000"], 0xa0}}, 0x0)

959.264712ms ago: executing program 4:
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) (async)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) (async)
sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='htcp\x00', 0xfedd) (async)
sendto$inet(r1, &(0x7f0000000180)='{', 0x1, 0x0, 0x0, 0x0) (async, rerun: 64)
socket$packet(0x11, 0x2, 0x300) (async, rerun: 64)
syz_emit_ethernet(0x6a, &(0x7f00000002c0)=ANY=[@ANYBLOB="a5050f0000b5aaaaaaaaaaaa08004500005c0000000000019078ac1e0001ac1414aa05009078e00000e04000000000000000006c0000ac1414aaac1414aa89030007030044240003e0000000000200000100000000ac1414bb000000000000000000000000000000000009f1d0a170e6c1e50b93511435d130022fa4b1084ffb1d92196af2ef6dcae2eed6beb7f6b50834daa4f9b21afb4bce261441cb0d8198103459930ee29ab6e0cf6d5fe2a6eb2fa1"], 0x0) (async, rerun: 32)
sendmmsg$inet(r1, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000001cc0)=[{&(0x7f0000000580)="014bb6a68759182ab7e144f718ee0b9d487461d1891d71f57a540210b1b32e260da68c9e5042f43d8e39a995d58933e85e8f3166bcc26b57e038599805becad925bd3f30fe3ab8f293da067003b56ad9b156551cac1a3c29a69d9b73c28fb6a555e3c2b865c95149e67b99a53a0e5b3285d5c1e04de9540cb2f6d7fd8bc8b8f9904de76e314fd066e892b298316cba9a4d8d6130e370e0b07e48836ac36d6c470326be20a6cf954adb52946624", 0xad}, {&(0x7f0000000a40)="21f02d2311f55c81f75de721f94193fcba94c81f988b26192586b1586b785fac4c869df7ac4fdb80df219cb24079d2cada7ebb435f87b5b0834d6b2ed27c8c0ebadc122e87dfaa59ca05ea42f441bd71f0a2f5a4df39208ecf5efeb9ee921a0970eb0000baae9da9d927aa37ff7fd79a0fdefed00000000000000099e05698c4f3d98a752737afe547ff63809e8e932a58cff837e36a9bdcf522c217ec490ad2c9464ce8013cabd36ba31a4a4c9a311c864a0be963fb605d9cf9a3b1972139fc71fdb37f84390f8e8b6f5e4fde2a85f63560ccb027dc25a3a057741872bb1fea64f1b6f9", 0xe4}, {&(0x7f0000000440)="40148a0ddfc80a6cd88ead2670e8aa3223650f75686be8d22913e9ac0bd01f6a79d9252b409484433380bc05610dfe3706ca31bbeaf4295fafcb1f2a57befe1d3eac0cca4413ba6fc398e0958bdd292236a09ddad602a1bf7784de4904a23122712c6d321f4713d29f9825fb785f676c0da8c98dec33fe5e255592ccbf533d614d2cac04b2509fb97313f636d3d510e3158c546e1e08c25fb57188b20b0d7909ebf17981c5802446188881f29408e82d6880ac650977416800000000000000000000260f3dca09ba0f54544d6baad3f92bb8e41474f2605c9121006b787e1c442c073e7faa680fa22a8c5b237821a3ca681b44ce3282ed5f6a3a035e2476f6cc93dc53729ed725d9097f72bbca9a3efe3bb045687cc34800489d2bdf88b3ba8ecb5ffc634beb04332fde9429f7e1b8abd7c7e60f9f15f212f5", 0x139}, {&(0x7f00000012c0)="d51bea8a3a04d260ddb6a37b69751f4fc9b43c211d9dccf8de698ab41303e10068ea5deb65e3a8e78dce6207179f92118585938a4509c5fb36a6519358da1cffd32cec80da48998b2a98c0bbec29a972cb61bed21830a974b9e0303beea60607d728888c6ffbfc04446df912c9e5f02ddc1000c77480edb8a30e9badfe45fbfe26f1aeff4e9a6b61762060c40c99a293a8403760985ae64734abda01e8ede5a55d675385f6c3477a76fa39e9c4214f943d638ea03f71b9c191678e7519fb352d4055b4055985107dc10b2b6b9fc4fe45d8fbe03230c055255370089eb08e9f58ecdb24cf8c10cae443053f1ac8561c1978582c1e4a29315b7cc3af05f98a220d60e58686479f664c60972633472fb111d584b9936462af095f5c8d3e8a4874c61ad02ce53007cd66d834014fa8ec8e5728a0994332654728861b628c5fe798c9f4ef20707f67cbdde77fb1245c9e2604010fd7bfec7e62e3d7c5c9dd42363493d5c7c11c6e11d35a0cda192caceb59868b11371617df594be36ff2ef4729b1a154b936a467ccf5062b5f2d8512f0fcf5a7f1b4ee14d8a84b29818d3952bac0127c53725bc5a7d04eb21d7d0315d19af0767cd2cc5e1cef880efa3d6c748126b1a13c9b946a702da3b5bbc73d4038268ceb3f72f2b2655055917c7bef03805989a2021d584eb4cee5d35c869fb8e62f3c33c2dec68f0394a92d47a7703c39828a4b97a040f1eac15756f52217720632eb9b4c1985e56cf5f9191fea6494955b5d1588d5584dd775a63f33329d22a0d5c93538d9ee44e6785618e4427b5993de07d9ed20bd894bedc81b1a244abac867452ffe6761d813d9d0e91156f5a0bbbafc20eb9a11c4bedf40997a4033536186fe4711e8deba3b09b1c4968f2d2f8eecc270e8fc9dfac0c6e61a45770a8fd93b3727e8437bad2dc82bad7df2865f2eefcf2193718f37ad63d2e3e93c7962fb2c8c743b258b8b6e1c892fe2586ca91bd87119fe0841c85b2133f5070c075165ae02c2a20310155829d0b25068c5833b364d7e9a3fc18d1ec7c675f1408889a61302cad962b6b334fb0390ad5d6e8d9d8b8ca48648d58ad67e0aa466316c918ccec0eed937dfb1abab53bee56a3b12a73373414f52730bf5eab605458b8a2893db3459f5ba0519a2fcc91648d1e22cc2f8c1a4590866ff0fcabb5b58fe0ad175ad5660060c6ae6bba76a8bca1f1dd5dcd6c72bb684ae013f603a6710449e2551cc8f81d97fff7373c83e9c26b9cb7cc727a0ce73f719e687a1e2e6c5e6371abee61562092b2f0241e94d027cd1d7f127a330264758c3e2790aafaa5ea14f258632f0dff9525d0e9a903b97adc77eb0968e02543557949d5ec92864490f055803a163825115202022a704a3e7f75431030603bbf9476bdc0a5e5430e0d67bb67f31de3e338953993569f048032a934249b98f553c35275d8483ad200eb07240278d02097653a7f1795e8c05e1d3a5eeb73d70fd896ea24fde4f610e8522ab7439331eb2b34105d85b4a7c3281358e0a821d7d36764e09b9e887d0259de789c85bfe2c848320976a93b9f70303c83b445300f8ee0046fe55a812fe5faee1912307c87114443c691bf738795a5174d93481afe1175632ccd6e91a0871cfc4db6b51905cd9a8623cff5edeb9c728403fcbf8c5c00282c7b57bf00a046726c78ca0596dd32f8da931d6bc49f3c10154410adf8353dc7a0a171bedda2ab5d8e01adf3794d6143c1412cfa7108dbff3773f9344c5124c7fee0fe0e709c1491af1862d6c3a2eecff75f498a4350bd1236635aaa54f5271afc3c000fd084dda847c8d8f6fd52dca7bc7c0967a0eb390787a5a8e1899a70011b71c0212ad539412e9250a9dba0013019984fa79af01b2774ba5e7ab86b2b9f174ce239f22c06e7309be351e84e757982c013db4eb187d830b752654e8a2b2cc58aa6de89e5d5e34705ac71314eed226dff8a900fbd1e3caeaf439577b09c066b7475f06ad3ebfe5db9d6d0fb508d7d25c4c6ed3b2315043b1f09d641335b6e10e614bca1a3912c63212b5784f25c60fecad71225b96cf87439c687621988ab33cab7036f7b00306a07992d76f042c5b797e8ae42c77516fa45de207d7634a0b56fa99718af653a52a91fd7a59271b78aef151c9340b3d1bf2e3aed19d617544c2586ea254e06a72728bbcdd962f4bc40cd15a9138a0faa1022d231d7129632210651f60a272fc9f7ed25d307c1cf81632d73ea916503b8b661a2811a176f95b6c768f59cde0e188f201251889c5e642450e038d906ac398064c07eeadda248cc08a86c1620b262ef64c9db456", 0x66f}], 0x4}}], 0x1, 0x0) (async, rerun: 32)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r2}, 0x10) (async)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x1, 0x4) (async, rerun: 32)
r3 = socket$alg(0x26, 0x5, 0x0) (rerun: 32)
bind$alg(r3, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha512\x00'}, 0x58)
accept$alg(r3, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) (async, rerun: 32)
getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000001c0), 0x10) (rerun: 32)
write$binfmt_script(r0, &(0x7f0000000640)={'#! ', '', [], 0xa, "be730e65daca1acb74c6ecff5c4e1db0f5837623bf24db0f25e600a1c89f5d092617c7766094750c7f4ed633ee8807f4d5479c53bafe25bc58a0ec4dc58d3eea"}, 0x44)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000080)={'\x00', 0x52d35ce30131f272}) (async)
ioctl$TUNSETOFFLOAD(r5, 0x400454d0, 0x11)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$NL80211_CMD_SET_CQM(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[], 0x33fe0}, 0x7}, 0x0) (async)
ioctl$sock_inet6_tcp_SIOCINQ(r6, 0x541b, &(0x7f0000000e80)) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x12, r4, 0x0) (async)
ioctl$int_out(r4, 0x1, &(0x7f0000000040))
bind$alg(r3, &(0x7f00000003c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4309(aegis128)\x00'}, 0x6e) (async)
syz_emit_ethernet(0x167, &(0x7f0000000b40)=ANY=[@ANYBLOB="bb6f34bbbbbbcaf6e222e6aa86dd6f44c00801312101fc000000000000000000000000000001ff0100000000000000000000000000010207000000000000000100c910fe80000000000000000000000000003bc910fe800000000000d1919fc5e7dc780d934b2baafd0000000000000000bbc910fe8000000000000000000000000000bb000000000000004e244e2204319078828faf513ed6c012890714418132dc85246c735ac55e32c350e5ff86826fe1535a510d97f977f81fc9d60d8368d3c76febe8819c9ac54a775d2ebb07bfc9ff4e8bf73864153c3805e14cb4fe09587b060f30ce904f5fd6011e894cf8b53f3b4e4605e207c87dbcbc7095aabe5095b05e78ba06b62f6a13607a3bc09f2b346f132200000000000000014ec49c2c9cd54624d43e002e91df630550fdcfc0cd2f6bb0c58c9fa90a485e5a9d64ab058d5f99d8e7ef6e9655d088b7f3b2bcc77451e641a8771f8922854d6f4800ef5505fca66dd640048141e02e82e9fb8c2d97cd56895bafbd3507ebfe811b3179ccd0ce3ed0dc9250b902904c0d6c8983a5969e8c0ce31c243eda2e4f6a7ab49af3badb5f1e63d4bdf6b8004a0b45e83bebee00304e87efbd9e0f924ff74d757521ddce7fc2bdcc1065aa70859e85bb8b6706d25c35811d069f2cd1f1bd72ff76a6224cf1e4f5047b8c0f40b9b4917499180125ddc9df3c3aa91c67b66bfe407d0a3316bef7430dac7bf0554ad98697cc02bb125a1d905063a70c5e371bf2031206deb275828151370e4b64555de500e71e50a160258923311d39df25b20e54fd0881ab06bef3981ecc717211910081ab90a1b99166eaac"], 0x0)

918.951942ms ago: executing program 0:
socket$inet6(0xa, 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x3400}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x34, 0x0, 0x8, 0x301, 0x0, 0x0, {}, [@CTA_TIMEOUT_DATA={0x4, 0x4, 0x0, 0x1, @tcp}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x21}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}, @CTA_TIMEOUT_L3PROTO={0x6}]}, 0x34}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
accept4$phonet_pipe(0xffffffffffffffff, 0x0, 0x0, 0x800)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
socket(0x0, 0x0, 0x0)
getsockopt$nfc_llcp(0xffffffffffffffff, 0x6a, 0x0, 0x0, 0x20000071)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)

819.332548ms ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1088d8b8588d72ec29c48f0af5f2d9f51c4b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465ad32b77a74e802a0dc6bf25cca242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000126abfb0767042361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae645ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1fb8f72cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa7956488bef241875f3b4b6ab7929a57affe760e797724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f870b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3acb2003016f154772f514216bdf57d2a40d40b51ab67903ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1594e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c784ae7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec30cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f0000377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f0059161c5e0000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe34124172e436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e457060000007ac691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104ebc1581848f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426ca85e82ccf821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ad6acf5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bdc4a60d637545ed4c8a1c649c3ce54ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c5140200000054d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a3bc38613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae0040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483f02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e9180100000000000000654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272ab28a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece98c077b358e752b439132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae69990a9419456247bbaeb7948de84d2ff875414883bb1e503d4bfebc01bc12a53ea06bf38e571157bd642dac25dbee7832c58378374a39483d6721eec96c28911db21c0c006b42afc90000000000000000000000700000000000000000008ce4ea442c1a207108b35511186c5e860278f6463f52f3990ce08b1bfccc3cff4b5ae27b610aa9ba11b47d4f94c439e055cdbb2b12c9"], &(0x7f0000000100)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x68, 0x24, 0xf0b, 0xf0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x2c, 0x2, [@TCA_FQ_CODEL_INTERVAL={0x8}, @TCA_FQ_CODEL_FLOWS={0x8}, @TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x7fff}, @TCA_FQ_CODEL_DROP_BATCH_SIZE={0x19}, @TCA_FQ_CODEL_INTERVAL]}}, @TCA_RATE={0x6}]}, 0x68}}, 0x0)

761.762966ms ago: executing program 2:
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
writev(r1, &(0x7f0000000100)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
setsockopt$inet_mreqsrc(r0, 0x0, 0x24, &(0x7f0000000440)={@multicast2, @loopback, @empty}, 0xc)

509.975411ms ago: executing program 4:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000180)={&(0x7f0000000000), 0xc, 0x0}, 0x0)
close(0xffffffffffffffff)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$smc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24048010}, 0x1)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$l2tp6(0xa, 0x2, 0x73)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x8, 0x8, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@map_fd={0x18, 0x0, 0x0}, @generic={0x64}, @initr0]}, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0xea, &(0x7f0000000340)=""/234}, 0x90)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}]}, 0x60}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r2, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfe30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
r4 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1={0x0}, 0x0, 0x0, 0x1}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_SAVE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000080603000000000000000000020000000500010007"], 0x1c}}, 0x0)
recvfrom(r5, 0x0, 0x800000000000000, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
syz_emit_ethernet(0x5a, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60ff00f500240600fe8000000000000000000000000000aafe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="90c20000907800001e048200ac031400000020bbc6770919f0ddf9a66acd6201602f68f88c0e38c79b0876ef2eb6c78e74e0f1da3f35f8244046331ba987bfd2ee90267c6e976ba9fd46870c1f129b60200ec8a3ae70dac88ba5819af7b51e0ec184ffe2edc7bfd805d2809a8eca07e741e0cf0e4f2ccc7dd4c53b35b5ee455f805d35eacb237e351b88a3deaeede9716a76449b8ae7b3e5590c5b761f8696bba3a5d92f001523f38efc2fc69cba96f2a1e2167366c230f04c6c6b99bc3a604f256ff07b17cdb45e00000000000004016d94"], 0x0)
r6 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r7=>0x0})
connect$can_bcm(r6, &(0x7f0000000300)={0x1d, r7}, 0x10)
sendmsg$can_bcm(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000480)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$can_bcm(r6, &(0x7f00000001c0)={&(0x7f0000000040), 0x10, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="0500"/14, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

409.918651ms ago: executing program 0:
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x20}}, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f00000001c0)=[{{0x0, 0x9b4c, 0x0, 0xd4ff}}], 0x500, 0x0)

229.832881ms ago: executing program 1:
r0 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000001c0)='mm_page_alloc\x00', r2}, 0x10)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000f2ffffff0000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={r3, 0x4000000, 0x2000, 0x2000, &(0x7f0000000040)="976d9023d56482cd284a63da539706d7009be646625bd75b025352ebe557df463106baeed6c2d75549b140f143fb8bb67bfe5b308b8d05758115c7ad", &(0x7f0000000180)=""/114, 0x0, 0x0, 0xd8, 0xc4, &(0x7f0000000400)="cf2240e6919817e49555d221b4e6c6ba11c4d974ddab2318db7b52cee499399a00be4b710e9246d7bca28cc8346eb84414e45f3f4633f4acb77bf8cc38c4c16fe035905db79cdc0be634a915662c4cac58ae94706f86ea320f339c21399b5bb7607044916c63c528ab4149718d6215a9a3749113c268e49b2b9dae91ed804e5ac5d4ec7ac9c5fd67a76f9a2b06f7304f6e81221a751008e786e1edde82cf1ecb76cb4cd71cf781ea3a19b917a1e215b1a6c7ee605b32b91eaae38517fde4303d5f2b1e63e9e52ae4b197fd72de1f71801e1f9f1369d1f530", &(0x7f0000000280)="bf049fd184f7b03c21d9bcddc4eef9ebb6a0da3eb91c56454e873dd7336ccf21a1eeb8da7adf80d6e06ef46c7f36222fadaed2103c286468b3f44adee51445bd1bedf8fcc1c0b9fdc8b3829b1bf0c9d2d409cdecb12ad033e299c029331993ae9760345bf7feb91ee96b0eee19454ad3dbce5019b68c114ff1921a9b4665744c7784ac6736101a70592d83c448a84c31ec60bb901d96ea99471d823ee523318878ee704a8d9502b566cad45587cb74ea8259c1c0a926fc09499395b2db5af40bb6f4c526", 0x0, 0x8000}, 0x24)
sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000880)=@l2tp6={0xa, 0x1100, 0x0, @mcast1, 0x5}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000780)="f4000900062b2f25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)

70.124185ms ago: executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETFLOWTABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x17, 0xa, 0x5, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x20}}, 0x0)
r1 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000100)={0xffffffffffffffff, 0x10001, 0x18}, 0xc)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0x1, <r2=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)}, 0x20)
r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000002c0)={0xffffffffffffffff, 0x3f, 0x8}, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x9, 0x25, &(0x7f0000000300)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x81}, @call={0x85, 0x0, 0x0, 0x3c}, @alu={0x7, 0x0, 0x5, 0xa, 0x8, 0xfffffffffffffff0, 0x1}, @btf_id={0x18, 0x1}, @map_fd={0x18, 0x5, 0x1, 0x0, r3}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x114c}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00'}, 0x90)

64.442816ms ago: executing program 4:
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
gettid()
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r1, &(0x7f0000000140)="f4", 0x1, 0x0, &(0x7f0000000240)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x4)
writev(r2, &(0x7f0000000000)=[{&(0x7f0000000140)="480000001400190d09004beafd0d8c560a84476080ffe00600001000590000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x40b}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000080)={@multicast1, @loopback}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
socket(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)

61.518078ms ago: executing program 3:
socket$inet6(0xa, 0x3, 0x6)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x2c0, 0xd8, 0xffffffff, 0xffffffff, 0xd8, 0xffffffff, 0x1f0, 0xffffffff, 0xffffffff, 0x1f0, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@mcast2, @local, [], [], 'vlan0\x00', 'wlan1\x00'}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [], [], 'hsr0\x00', 'veth1_to_hsr\x00'}, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x320)
syz_extract_tcp_res$synack(&(0x7f0000000000)={<r0=>0x41424344}, 0x1, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000002480)={0x6, 0xc, &(0x7f0000002700)=ANY=[@ANYBLOB="0300000000000000562a7d5736260b00da85100000000000000000000000183d00"/45, @ANYBLOB="b0389cea57e25b246427ce5949227b961a851908f151d5721337ae498395ffcad95331adf3b40223cab558ff0300001a770537246bc1656bb25509ee5e0e3a24e3be3e452f74e1a1b32853e9c5fedac4394d365727a9b66fadbc30651d6255732690149d6d16dd8fd1761e3808d9d9d45b632aa1854861ac7be50a514c767e98acd37234090470841215106a9ed9ba457ca5eca3f1db38f24c884dce775edcc9c930c5bd938d0000000400000000", @ANYRES16, @ANYRES16], &(0x7f0000001cc0)='syzkaller\x00', 0x9, 0x30, &(0x7f0000000200)=""/48, 0x41100, 0x9, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000002440)={0x0, 0xf, 0x1}, 0x10}, 0x90)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x34, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_CH_SWITCH_COUNT={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x34}}, 0x0)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r5, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
sendmmsg$inet6(r5, &(0x7f0000007e40)=[{{&(0x7f0000000340)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @multicast1=0xe0000010}}, 0x1c, 0x0}}], 0x6c00, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002600)=[{{0x0, 0x0, &(0x7f0000000740)=[{0x0}, {&(0x7f00000002c0)="b4ce26100cdadb46b08eca31e2058e96432a76466e6ea70ee835efa3fa51b2fa554115ec00aacd6790bb0f21e6c78a2eaec99d0ec205aba84838f5630324e0e62f8a4cbb1d0fac332597a675e2373c688fe5eaf662ad53cfc37eddabba1e70aee42d18ddea80832a3c40e250fdf18920290842d798dde1f4cc7e1ae24145eaff545802d6e795436d847a9ca35168", 0x8e}, {&(0x7f0000000e40)="8f9ffc2ff02ff20924876156c6f3cb25b9c5163b7574550c23fd359ef839543043cdf074839544caa76bce86fb5396aee708868daa5bab4e15be7d9f7b3ecdde74544602f84cf5c9bb565e3d51f79f48452fc3b06efcb3670500b19731297d18b23897a51591c8a4e80f0342640a6b4ccd827f78c7e4c26590df354e729e7d6449cbe17256c60e9eb2c64ae2dd3f705730cf72016c929c46997fadb5917083c570203a7fe086d1e00b422184", 0xac}, {&(0x7f0000000a40)="34ef0ee7f20accebe691988f0000001f5896c4a22c2d94bb05558c724e68526b8e20cf6c69dc36229cf1f29e36c77ef61f5686a0e3", 0x35}, {&(0x7f0000001200)="b7bd849b0249701d59f4ad516376f9e969bbba49d37e54870b21cf9fc59303f35a81f3cda6eb16ed753944790fe2b6cdb12f48afd3e4df5450169c5a6eba940c5ab1626b11ffd6b37dc9bf8a065e825c074b0010c51365f6c46c1afd4677e91376793f1fb7abf0f6c9825280591dbc51791ab224cfa835581b7b8de2fa3b6218e91f02379496314759f293f264ca34dcedbaa241a6cb29c05280a116fc5d55f10e7fe3a1a943d38c938d964bf400f5753f19b80e1589d067c8c303df70c74b23727108de200000000000000000", 0xcd}, {&(0x7f00000005c0)="6ed674038af06c94f0f460ef07daa761605e70698dff93786d697709bb3659d42935f66677d0639ed8858c86cb86ddd7f68f32a598a11c70f7b697543249edd3575514c7c6414b4e87af19839e0d67443fa2ada515376442a09b9f9445504fd5f6237d3a415d8bdd56a0ac000e81ac89039de48bb60759480554395d8f2cd74034e5", 0x82}, {&(0x7f0000000040)}], 0x7, &(0x7f00000007c0), 0x0, 0x24040000}}, {{&(0x7f0000000800)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001c40)=[{&(0x7f0000000980)="d611afdefa3e3862b8cca9ab08858abe75aa75d3c36f306c725b1a6687359d3f4558a52aa5c0f874c3253c76d6173ded86de19747bb27a7455", 0x39}, {&(0x7f00000008c0)="ed4f3807be6c3186f4a33922e2c50ecaf73f486f15499aaf1866f1684e904427ea69f7a2c0866121ede86a5dfe1d6576f8ebc677a6e5723072d84cdca0a7215647f5683ce219658ad665f82ab615cae84001b9b712a69658d5948c19a6ee9799782bc159253f62733a267522088c8d7361da0f0b8cd0abecd56cb4c7cdb8ab31112f214b73b658dde5efbf74832aced73824d669febec739a1fcc28bbdfa009f", 0xa0}, {&(0x7f0000001d00)="197858d2b1cf2144b3673edf5ee8aba1dc4a3d49ed6f2f893093d3ce44f7e8a1320d137535d48b4ac247dc686b79bd90a81f051045", 0x35}, {&(0x7f0000000bc0)="babd07f758c7294695ad3fb5f83af5a0a8a7c09c863823e069ea1eae2002f88859d2d83ac422b2cb3910cbd2f6fdda5347d04d76fb95fb4396de0672992d5063be0d3d7777523c809726ac297174ad93f6e4da279edf1f1a5f9950b3d015a03c38ee31ff5bddfe71", 0x68}], 0x4, &(0x7f0000000a00)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}], 0x20, 0x4c804}}, {{0x0, 0x0, &(0x7f0000002000), 0x0, 0x0, 0x0, 0x80}}, {{&(0x7f0000002040)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002180)=[{&(0x7f00000020c0)="21ffaaeef8b3452163f4e8ef1a54678d8392a55617f4b57d640c490c0e9bcd909af4964db2f6a54d24e152bce0fd9161621114477274d8df8d76e7823beef946baf8f6af8591f4fd2f2e4ea4ec6bdbc169e2b8251e2c107c1d8bb17edaf7621d4b0804c605f1cfd6b254875036e2b8f9983af91ac53e95212da1659866bcd17d51ad15498ade6eaa3671da3fa17fd2410085a80224cfc3c820a3705a97ea2f62f234", 0xa2}], 0x1, &(0x7f0000001780)=ANY=[@ANYRESHEX=r1, @ANYRES32, @ANYRES64, @ANYBLOB, @ANYRES64=<r6=>0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES8=r4, @ANYRES8=<r7=>0xffffffffffffffff, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000100001c000000000000000100000002000000814e4e0c11ab971ec85db893dcbdd09b87480f02b6ede7cd21f6f5be7e9ab08b446ce71282b0594d90d1eca541c501b8bd24c90b058dfd72ea6769a780dd2e3dd21c890085ae2e454e68101670783fb274fd400b0c943688985315eb617844023c82560ea6bd83ba054d62158ceb82c45af5b276c5ba075cc662ee4ff04c932bc678a34538b9be76ec14c32f3ba42a72c530330c2a616b4dfa57c274d92ba5260a46f72fa7e922ea2988196143d9d5e22e9912c27c52a9b5db0cc15b959693a00d17f121a20062285c253b5dd4153b8b42c7ad58e285067c7a470b93440b9fc800a32ae06864efd04418cdf798e70df2d4a0000000fffb0000000000000000000000000000000000a89bffec4f8622b13ec98180cc372af50b9d1af4f1b75338cfd38ff7880acb4374165f45bd8e45224dbad9e43d107e88297b0922eb39e6922b644c074d24661251405349ca06a2284d4b1e5a3558fd463b0ccb37f740b5f3f0fffc7606ca27e725389253", @ANYRES16, @ANYRES32, @ANYRES32=0x0, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES16, @ANYRESOCT, @ANYRES32=r1, @ANYRES32], 0xd8, 0x4010}}], 0x4, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000240)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001300)=[{&(0x7f0000000440)="ff915a45d7c5f7c8568ebdc57386a19e302e55f53d1b2a9388fd12ad903c29d3e976d8100612cd0800000000000000d7a274b8c2401413676458fa504e09e887ef6ff0cdd758010df00f564a11c1713dbcabd72ba811021faee1ac8d79bebdc3fe43f43c66e89dd70c176a25738767a6a417a9ef94cf1b85c3d2", 0x7a}, {&(0x7f0000000500)="06bab072b09e636fc7e486e1c1f30ed7b8376c131e7753d31930827e07d44a4c06c3a6a3630fbb1ed4b84bb6e674968e67310078013dc9f2503bf09b4c93ba0f48a556bae048a362dd2f", 0x4a}, {&(0x7f0000000cc0)="ec32075af1322e1c7e56eb9fcbba3252033944c118ac35c5373becbd764a233e3efd6d4476014f4bdb6c4de024a1b6565077626daaac314db078b7568221bd5e8259c1e32a3af2c680a86a67ff0df96ac34f6a0047c01d1f86fdb08947a040b598998e26875b31681eee24cdf8184fa021668b31cad5a4c6a8a09b2c8daafa64e044ddc08d7207b619a0504d7d067fb5cadc0471597e355c1709d30bdd36e9e7261658dce200c0c36464d13d8a3c11e0d50d0dccebd4dcade0c492823656f254995bdbc6ee546a5cfa4ef9631074b2caeb8167de2cd021733683f81983bc46f9b429c4db8d1fabf0c4e7d4dab941454067fae07567fd7ee0178574d04cbd282ee878cdfc63", 0x105}, {&(0x7f0000000f00)="a9ef4d07e893054155829967a251655a0f074e8c92d77db90c391c6fc8e119ad2021b5aa814e26805a1de486be6a34e7d46dfe23ed511e7c803b84272cbef991ce0b0b6600e9c680beae8e6bf430ebfdfd9c807862ef45320caf34c60f7b2083256d2d5e91ca2ceb9d2492c2f507bbf77adbfffda6b088582edb495fb2526892750995e30868b8c897cc972329a6ddef3ba1922141981efdd51c2a495a181d1de8a9d0b3", 0xa4}, {&(0x7f00000006c0)="057fd08656a165bd0dccb631c436c81971cae814c374abb2401493d87b7ecdf51e98b91c95c1d78878911c02c326cec93b8bfa168428fce1e9eeed0444eacbe8a3c5992f844221b9651a50fbe693675fcdbabc590979027e059bf227e65108bbb0a9f337a3f110fd12cb4141d126d600cd4b5aeed5019bb1d589523b61ef61cde70d51f84d9d719b300084552c3ba2d9c799de1c75e1049889dc118828b7764e30291077aefb1535d1a1d51dd8beb2435713b5eff84397a4a4c03db093dfc74840835bb91d4dffea1051fdc62f6b81da8336aee50300b2b2922323ed021d", 0xde}, {&(0x7f00000007c0)="a854f23e82daddef695070a2506f0bfc18f4a49b377f160b7037122633343c67302980e5bb01c03eb16e705487c7399acc513292", 0x34}, {&(0x7f0000000b80)="5e87b031fe712e8de6bb10501abd040060cf15164380fca4eec08f765031d040208cf6f3b5cc", 0x26}], 0x7, &(0x7f0000000fc0)=ANY=[@ANYBLOB="dbe3702e4275c91474df4698ed223f2fce557a", @ANYRES16=r7, @ANYRESOCT, @ANYRES32, @ANYBLOB="9ac0318a06861d16cb6ba9d6b3547243cee654195db4c67797175eb9ea3f0949a020a569a7855efcae81ca70c5762995e58cfc7d94d32bcd0dd7948bd66c81ecb00437476649690dcbe96b81878533e145e7cd7353872bd10dd8dea7b203e2c491f64344e196131dbf233db51e7bac967a4eb80fb81d4ae954131c7f4c246565cc07798781bc4667f63e7dd7f3998eb6e4803b12d3c704b2e35b8c2d7b65fe0a59396177e764b9af6f52509b739f550eff9aeb2b47ad60c9e5df5b57ddba42e350b652cf47535b6d37f769c6f5c38fe4b70ecc90c1d208c8c0f5aaa9ddbaf5d414dbcf1afe615276ca73de45adb4fc4e", @ANYRES64, @ANYRES32, @ANYRES32=0x0, @ANYRESHEX=r0, @ANYRESOCT=r6, @ANYRES32=0x0, @ANYRES8=<r8=>r5, @ANYRESOCT, @ANYRESOCT], 0xffffffa1, 0x8000}, 0x0)
syz_extract_tcp_res$synack(&(0x7f0000000000)={<r9=>0x41424344}, 0x1, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd600000f500140600fe8000000000000000000000000000aafe8000000000000000000000000000aa00000000", @ANYRES32=r9, @ANYRES32=0x41424344, @ANYBLOB="6c0000ff80780040"], 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000a80)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20a000088a827008100260086dd600a843500140600fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e22", @ANYRES32=r9, @ANYRES16=r8], 0x0)

0s ago: executing program 2:
r0 = socket$packet(0x11, 0x3, 0x300)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
sendmsg$NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, 0x0, 0x0)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000080)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x48}, {0x6}]}, 0x10)
r1 = socket$kcm(0x11, 0x3, 0x0)
sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f00000000c0)=@hci={0x1f, 0x0, 0x41}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000240)="623bed114d4241fc1c60ea4388a8", 0xe}], 0x1}, 0x0) (fail_nth: 4)

kernel console output (not intermixed with test programs):

netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  454.116835][T19692] x_tables: duplicate underflow at hook 1
[  454.235010][T19671] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  454.288456][T19671] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  454.313768][T19671] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  454.332468][T19671] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.107188][T19729] x_tables: duplicate underflow at hook 1
[  455.126780][   T51] wlan1: Trigger new scan to find an IBSS to join
[  455.449603][T19753] x_tables: duplicate underflow at hook 2
[  455.489367][T19753] syzkaller1: entered promiscuous mode
[  455.495091][T19753] syzkaller1: entered allmulticast mode
[  455.524639][T19753] sctp: [Deprecated]: syz-executor.1 (pid 19753) Use of struct sctp_assoc_value in delayed_ack socket option.
[  455.524639][T19753] Use struct sctp_sack_info instead
[  455.726533][T19765] __nla_validate_parse: 3 callbacks suppressed
[  455.726554][T19765] netlink: 116 bytes leftover after parsing attributes in process `syz-executor.4'.
[  455.757147][T19766] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  455.833620][T19769] ip6tnl2: entered promiscuous mode
[  455.848069][T19769] ip6tnl2: entered allmulticast mode
[  455.909225][T19776] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  455.985174][T19779] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  456.417037][T19809] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  456.560998][T19812] xt_cgroup: invalid path, errno=-2
[  456.835331][T19827] EXT4-fs warning (device sda1): verify_group_input:162: Bad blocks count 0
[  456.927922][T19828] netlink: 80 bytes leftover after parsing attributes in process `syz-executor.4'.
[  457.071564][T19832] FAULT_INJECTION: forcing a failure.
[  457.071564][T19832] name failslab, interval 1, probability 0, space 0, times 0
[  457.084301][T19832] CPU: 0 PID: 19832 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  457.094849][T19832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  457.104950][T19832] Call Trace:
[  457.108272][T19832]  <TASK>
[  457.111237][T19832]  dump_stack_lvl+0x241/0x360
[  457.115968][T19832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  457.121214][T19832]  ? __pfx__printk+0x10/0x10
[  457.125848][T19832]  ? __pfx___might_resched+0x10/0x10
[  457.131189][T19832]  should_fail_ex+0x3b0/0x4e0
[  457.135919][T19832]  ? __d_alloc+0x31/0x700
[  457.140289][T19832]  should_failslab+0x9/0x20
[  457.144846][T19832]  kmem_cache_alloc_lru_noprof+0x71/0x2b0
[  457.150618][T19832]  ? alloc_fd+0x5a1/0x640
[  457.154992][T19832]  __d_alloc+0x31/0x700
[  457.159180][T19832]  d_alloc_pseudo+0x1f/0xb0
[  457.163721][T19832]  alloc_file_pseudo+0x123/0x290
[  457.168687][T19832]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  457.174151][T19832]  ? alloc_fd+0x5a1/0x640
[  457.178513][T19832]  anon_inode_getfd+0xce/0x1e0
[  457.183363][T19832]  map_create+0xe5b/0x1200
[  457.187808][T19832]  ? security_bpf+0x87/0xb0
[  457.192360][T19832]  __sys_bpf+0x6d1/0x810
[  457.196660][T19832]  ? __pfx___sys_bpf+0x10/0x10
[  457.201486][T19832]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  457.207604][T19832]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  457.213950][T19832]  ? do_syscall_64+0x100/0x230
[  457.218855][T19832]  __x64_sys_bpf+0x7c/0x90
[  457.223330][T19832]  do_syscall_64+0xf3/0x230
[  457.227880][T19832]  ? clear_bhb_loop+0x35/0x90
[  457.232599][T19832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  457.238548][T19832] RIP: 0033:0x7fae3d27d0a9
[  457.242989][T19832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  457.262623][T19832] RSP: 002b:00007fae3df390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  457.271068][T19832] RAX: ffffffffffffffda RBX: 00007fae3d3b3f80 RCX: 00007fae3d27d0a9
[  457.272607][T19836] team0: Port device virt_wifi0 added
[  457.279064][T19832] RDX: 0000000000000048 RSI: 0000000020000240 RDI: 0000000000000000
[  457.279085][T19832] RBP: 00007fae3df39120 R08: 0000000000000000 R09: 0000000000000000
[  457.279102][T19832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  457.279119][T19832] R13: 000000000000000b R14: 00007fae3d3b3f80 R15: 00007ffc65074f48
[  457.316477][T19832]  </TASK>
[  457.671967][T19838] team0 (unregistering): Port device team_slave_0 removed
[  457.681541][T19852] xt_cgroup: invalid path, errno=-2
[  457.701481][T19838] team0 (unregistering): Port device team_slave_1 removed
[  457.742924][T19838] bridge0: left allmulticast mode
[  457.752600][T19838] bridge0: left promiscuous mode
[  457.805029][T19838] team0 (unregistering): Port device macvlan3 removed
[  457.846191][T19838] team0 (unregistering): Port device virt_wifi0 removed
[  458.088964][   T12] wlan1: Trigger new scan to find an IBSS to join
[  458.198222][T19875] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  458.254269][T19877] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.4'.
[  458.517678][T19890] xt_cgroup: invalid path, errno=-2
[  458.665310][T19909] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  459.029794][T19924] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'.
[  459.039802][   T12] wlan1: Creating new IBSS network, BSSID 00:00:03:00:00:00
[  459.192359][T19931] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  459.218809][T19931] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  459.464007][T19946] veth1_to_bridge: entered allmulticast mode
[  459.477659][T19946] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.1'.
[  459.491989][T19946] gretap0: entered promiscuous mode
[  459.534254][T19946] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'.
[  459.544794][T19946] 0ªX¹¦D: renamed from gretap0
[  459.552775][T19946] 0ªX¹¦D: left promiscuous mode
[  459.559179][T19946] 0ªX¹¦D: entered allmulticast mode
[  459.566730][T19946] A link change request failed with some changes committed already. Interface 
30ªX¹¦D may have been left with an inconsistent configuration, please check.
[  460.036092][T19953] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  460.697213][T19983] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  460.910219][T20003] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  461.000852][T20003] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  461.012119][T20003] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.070274][T20007] 
: renamed from bond0 (while UP)
[  461.131391][T20003] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  461.152452][T20003] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.280026][T20003] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  461.292549][T20003] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.341861][T20017] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.0'.
[  461.358743][T20003] batman_adv: batadv1: Interface deactivated: netdevsim0
[  461.403874][T20003] batman_adv: batadv1: Removing interface: netdevsim0
[  461.414487][T20003] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  461.425153][T20003] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  461.553770][T20003] netdevsim netdevsim3 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  461.574655][T20003] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  461.606712][T20003] netdevsim netdevsim3 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  461.622353][T20003] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  461.644922][T20003] netdevsim netdevsim3 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  461.665464][T20003] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  461.692916][T20003] netdevsim netdevsim3 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  461.712511][T20003] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  462.265075][T20044] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  462.484250][T20052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  462.799714][T20063] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  462.816039][T20063] team_slave_0: entered promiscuous mode
[  462.823395][T20063] team_slave_1: entered promiscuous mode
[  462.829296][T20063] mac80211_hwsim hwsim35 wlan1: entered promiscuous mode
[  462.840423][T20063] macvtap1: entered promiscuous mode
[  462.845751][T20063] team0: entered promiscuous mode
[  462.854752][T20063] macvtap1: entered allmulticast mode
[  462.870382][T20063] team0: entered allmulticast mode
[  462.883369][T20063] team_slave_0: entered allmulticast mode
[  462.890471][T20063] team_slave_1: entered allmulticast mode
[  462.906465][T20063] mac80211_hwsim hwsim35 wlan1: entered allmulticast mode
[  462.928440][T20063] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  462.948957][T20066] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  462.970083][T20066] team0: left allmulticast mode
[  462.974998][T20066] team_slave_0: left allmulticast mode
[  462.982655][T20066] team_slave_1: left allmulticast mode
[  462.988477][T20066] mac80211_hwsim hwsim35 wlan1: left allmulticast mode
[  462.995710][T20066] team0: left promiscuous mode
[  463.002127][T20066] team_slave_0: left promiscuous mode
[  463.007663][T20066] team_slave_1: left promiscuous mode
[  463.013352][T20066] mac80211_hwsim hwsim35 wlan1: left promiscuous mode
[  463.031581][T20066] macvtap1: left promiscuous mode
[  463.044084][T20066] macvtap1: left allmulticast mode
[  463.078086][T20073] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'.
[  463.162074][T20075] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  463.358401][T20089] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  463.382865][T20089] batman_adv: batadv0: Adding interface: team0
[  463.396380][T20089] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  463.430087][T20089] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  463.449129][T20093] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  463.458526][T20093] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.3'.
[  463.468196][T20093] team0: entered promiscuous mode
[  463.473378][T20093] team_slave_0: entered promiscuous mode
[  463.483373][T20091] can: request_module (can-proto-0) failed.
[  463.489956][T20093] team_slave_1: entered promiscuous mode
[  463.505573][T20093] mac80211_hwsim hwsim35 wlan1: entered promiscuous mode
[  463.528572][T20093] 8021q: adding VLAN 0 to HW filter on device team0
[  463.535583][T20093] batman_adv: batadv0: Interface activated: team0
[  463.542844][T20093] batman_adv: batadv0: Interface deactivated: team0
[  463.551846][T20093] batman_adv: batadv0: Removing interface: team0
[  463.567163][T20093] bridge0: port 3(team0) entered blocking state
[  463.574214][T20093] bridge0: port 3(team0) entered disabled state
[  463.581348][T20093] team0: entered allmulticast mode
[  463.586625][T20093] team_slave_0: entered allmulticast mode
[  463.596597][T20093] team_slave_1: entered allmulticast mode
[  463.609871][T20093] mac80211_hwsim hwsim35 wlan1: entered allmulticast mode
[  463.630778][T20093] team0: left allmulticast mode
[  463.635788][T20093] team_slave_0: left allmulticast mode
[  463.654354][T20093] team_slave_1: left allmulticast mode
[  463.663159][T20093] mac80211_hwsim hwsim35 wlan1: left allmulticast mode
[  463.679539][T20100] IPVS: sync thread started: state = BACKUP, mcast_ifn = dummy0, syncid = 3, id = 0
[  463.726115][T20099] wireguard1: entered promiscuous mode
[  463.736493][T20099] wireguard1: entered allmulticast mode
[  463.873387][T20109] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  463.943959][T20114] openvswitch: netlink: Key type 14086 is out of range max 32
[  464.318596][T20129] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  464.973158][T20147] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  465.076408][T20151] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  465.177491][T20155] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  465.227591][T20159] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  465.249175][T20157] dccp_invalid_packet: P.Data Offset(4) too small
[  465.268268][T20159] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  465.299347][   T29] audit: type=1800 audit(1719127160.625:60): pid=20157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1970 res=0 errno=0
[  465.376024][   T29] audit: type=1800 audit(1719127160.675:61): pid=20157 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="memory.events" dev="sda1" ino=1970 res=0 errno=0
[  465.624656][T20180] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  466.245685][T20204] IPVS: set_ctl: invalid protocol: 94 255.255.255.255:20002
[  466.343821][T20206] __nla_validate_parse: 2 callbacks suppressed
[  466.343845][T20206] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  466.367136][T20208] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  466.385066][T20208] netlink: 168864 bytes leftover after parsing attributes in process `syz-executor.0'.
[  466.474115][T20213] netlink: 'syz-executor.4': attribute type 11 has an invalid length.
[  467.085590][T20212] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  467.254263][T20244] ip6tnl2: entered promiscuous mode
[  467.260080][T20244] ip6tnl2: entered allmulticast mode
[  467.559420][T20257] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  467.773855][T20268] x_tables: duplicate underflow at hook 1
[  467.962924][T20277] netlink: 'syz-executor.1': attribute type 3 has an invalid length.
[  467.984488][T20277] netlink: 130984 bytes leftover after parsing attributes in process `syz-executor.1'.
[  468.061764][T20277] syzkaller1: entered promiscuous mode
[  468.076754][T20277] syzkaller1: entered allmulticast mode
[  468.238553][T20285] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  468.687870][T20306] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  468.746795][T20314] x_tables: duplicate underflow at hook 1
[  469.338356][T20334] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  469.431207][T20331] xt_cgroup: invalid path, errno=-2
[  470.027730][T20361] x_tables: duplicate underflow at hook 1
[  470.075599][T20364] FAULT_INJECTION: forcing a failure.
[  470.075599][T20364] name failslab, interval 1, probability 0, space 0, times 0
[  470.116258][T20364] CPU: 1 PID: 20364 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  470.126838][T20364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  470.136939][T20364] Call Trace:
[  470.140255][T20364]  <TASK>
[  470.143217][T20364]  dump_stack_lvl+0x241/0x360
[  470.147948][T20364]  ? __pfx_dump_stack_lvl+0x10/0x10
[  470.153186][T20364]  ? __pfx__printk+0x10/0x10
[  470.157833][T20364]  should_fail_ex+0x3b0/0x4e0
[  470.162560][T20364]  ? __alloc_skb+0x1c3/0x440
[  470.167196][T20364]  should_failslab+0x9/0x20
[  470.171741][T20364]  kmem_cache_alloc_node_noprof+0x71/0x320
[  470.177611][T20364]  __alloc_skb+0x1c3/0x440
[  470.182078][T20364]  ? __pfx___alloc_skb+0x10/0x10
[  470.187059][T20364]  ? __mutex_trylock_common+0x183/0x2e0
[  470.192650][T20364]  netlink_dump+0x2cd/0xd80
[  470.197189][T20364]  ? trace_contention_end+0x3c/0x120
[  470.202519][T20364]  ? __pfx_netlink_dump+0x10/0x10
[  470.207606][T20364]  ? __pfx_lock_acquire+0x10/0x10
[  470.212669][T20364]  __netlink_dump_start+0x59f/0x780
[  470.217885][T20364]  ? __pfx_ip6mr_rtm_dumproute+0x10/0x10
[  470.223533][T20364]  rtnetlink_rcv_msg+0xda5/0x1180
[  470.228565][T20364]  ? __pfx_ip6mr_rtm_dumproute+0x10/0x10
[  470.234194][T20364]  ? rtnetlink_rcv_msg+0x208/0x1180
[  470.239395][T20364]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  470.244860][T20364]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  470.250847][T20364]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  470.257187][T20364]  ? __local_bh_enable_ip+0x168/0x200
[  470.262561][T20364]  ? lockdep_hardirqs_on+0x99/0x150
[  470.267778][T20364]  ? __local_bh_enable_ip+0x168/0x200
[  470.273147][T20364]  ? dev_hard_start_xmit+0x773/0x7e0
[  470.278437][T20364]  ? __dev_queue_xmit+0x2d2/0x3d30
[  470.283560][T20364]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  470.289293][T20364]  ? __dev_queue_xmit+0x2d2/0x3d30
[  470.294417][T20364]  ? __dev_queue_xmit+0x16c9/0x3d30
[  470.299647][T20364]  ? __dev_queue_xmit+0x2d2/0x3d30
[  470.304799][T20364]  ? __pfx_rtnl_dumpit+0x10/0x10
[  470.309739][T20364]  ? __pfx_ip6mr_rtm_dumproute+0x10/0x10
[  470.315380][T20364]  ? ref_tracker_free+0x643/0x7e0
[  470.320423][T20364]  netlink_rcv_skb+0x1e3/0x430
[  470.325209][T20364]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  470.330693][T20364]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  470.336005][T20364]  ? netlink_deliver_tap+0x2e/0x1b0
[  470.341217][T20364]  netlink_unicast+0x7f0/0x990
[  470.346009][T20364]  ? __pfx_netlink_unicast+0x10/0x10
[  470.351304][T20364]  ? __virt_addr_valid+0x183/0x520
[  470.356440][T20364]  ? __check_object_size+0x49c/0x900
[  470.361747][T20364]  ? bpf_lsm_netlink_send+0x9/0x10
[  470.366877][T20364]  netlink_sendmsg+0x8e4/0xcb0
[  470.371661][T20364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.376973][T20364]  ? aa_sock_msg_perm+0x91/0x160
[  470.381926][T20364]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  470.387216][T20364]  ? security_socket_sendmsg+0x87/0xb0
[  470.392685][T20364]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.397986][T20364]  __sock_sendmsg+0x221/0x270
[  470.402666][T20364]  sock_write_iter+0x2dd/0x400
[  470.407456][T20364]  ? __pfx_sock_write_iter+0x10/0x10
[  470.412770][T20364]  ? bpf_lsm_file_permission+0x9/0x10
[  470.418150][T20364]  ? security_file_permission+0x7f/0xa0
[  470.423719][T20364]  vfs_write+0xa72/0xc90
[  470.427973][T20364]  ? __pfx_sock_write_iter+0x10/0x10
[  470.433263][T20364]  ? __pfx_vfs_write+0x10/0x10
[  470.438069][T20364]  ksys_write+0x1a0/0x2c0
[  470.442412][T20364]  ? __pfx_ksys_write+0x10/0x10
[  470.447282][T20364]  ? do_syscall_64+0x100/0x230
[  470.452064][T20364]  ? do_syscall_64+0xb6/0x230
[  470.456752][T20364]  do_syscall_64+0xf3/0x230
[  470.461264][T20364]  ? clear_bhb_loop+0x35/0x90
[  470.465953][T20364]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  470.471874][T20364] RIP: 0033:0x7f9a6f87d0a9
[  470.476299][T20364] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  470.495913][T20364] RSP: 002b:00007f9a7057c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  470.504335][T20364] RAX: ffffffffffffffda RBX: 00007f9a6f9b3f80 RCX: 00007f9a6f87d0a9
[  470.512324][T20364] RDX: 000000000000001c RSI: 0000000020000000 RDI: 0000000000000003
[  470.520321][T20364] RBP: 00007f9a7057c120 R08: 0000000000000000 R09: 0000000000000000
[  470.528319][T20364] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  470.536294][T20364] R13: 000000000000000b R14: 00007f9a6f9b3f80 R15: 00007ffe37a0b348
[  470.544293][T20364]  </TASK>
[  470.726688][T20372] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  470.746183][T20372] bridge_slave_1: left allmulticast mode
[  470.752952][T20372] bridge_slave_1: left promiscuous mode
[  470.762784][T20372] bridge0: port 2(bridge_slave_1) entered disabled state
[  470.790966][T20372] bridge_slave_0: left allmulticast mode
[  470.816498][T20372] bridge_slave_0: left promiscuous mode
[  470.823556][T20372] bridge0: port 1(bridge_slave_0) entered disabled state
[  470.961435][T20387] xt_cgroup: invalid path, errno=-2
[  471.673286][T20411] netlink: 31 bytes leftover after parsing attributes in process `syz-executor.0'.
[  471.887945][T20423] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.1'.
[  472.992482][   T29] audit: type=1107 audit(1719127168.315:62): pid=20446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='<|K֒'
[  473.858396][T20509] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  474.493533][T20528] netlink: 'syz-executor.0': attribute type 21 has an invalid length.
[  474.532031][T20528] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'.
[  474.562699][T20530] netlink: 'syz-executor.0': attribute type 21 has an invalid length.
[  474.587109][T20530] netlink: 132 bytes leftover after parsing attributes in process `syz-executor.0'.
[  474.991516][ T5126] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  475.002223][ T5126] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  475.012604][ T5126] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  475.034177][ T5126] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  475.042261][ T5126] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  475.050254][ T5126] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  475.136879][ T5122] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  475.338085][T20559] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  475.356902][T20561] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  475.386702][T20561] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  475.449715][T20545] chnl_net:caif_netlink_parms(): no params data found
[  475.703129][T20577] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  475.739362][T20545] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.769273][T20545] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.795838][T20545] bridge_slave_0: entered allmulticast mode
[  475.830818][T20545] bridge_slave_0: entered promiscuous mode
[  475.878293][T20545] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.898289][T20545] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.918611][T20583] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  475.930364][T20545] bridge_slave_1: entered allmulticast mode
[  475.951013][T20545] bridge_slave_1: entered promiscuous mode
[  475.970836][   T29] audit: type=1800 audit(1719127171.295:63): pid=20583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1961 res=0 errno=0
[  476.059971][T20545] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  476.092779][T20545] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  476.222798][T20545] team0: Port device team_slave_0 added
[  476.257415][T20545] team0: Port device team_slave_1 added
[  476.329633][T20592] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  476.435428][T20592] bond1: entered promiscuous mode
[  476.474690][T20595] FAULT_INJECTION: forcing a failure.
[  476.474690][T20595] name failslab, interval 1, probability 0, space 0, times 0
[  476.523395][T20595] CPU: 0 PID: 20595 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  476.533955][T20595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  476.544136][T20595] Call Trace:
[  476.547449][T20595]  <TASK>
[  476.550407][T20595]  dump_stack_lvl+0x241/0x360
[  476.555145][T20595]  ? __pfx_dump_stack_lvl+0x10/0x10
[  476.560390][T20595]  ? __pfx__printk+0x10/0x10
[  476.565016][T20595]  ? dev_prep_valid_name+0x916/0xa40
[  476.570355][T20595]  should_fail_ex+0x3b0/0x4e0
[  476.575099][T20595]  ? register_netdevice+0x4e2/0x19e0
[  476.580518][T20595]  should_failslab+0x9/0x20
[  476.585067][T20595]  kmalloc_trace_noprof+0x6c/0x2c0
[  476.590221][T20595]  register_netdevice+0x4e2/0x19e0
[  476.595400][T20595]  ? __pfx_register_netdevice+0x10/0x10
[  476.601037][T20595]  ? __xdp_rxq_info_reg+0x142/0x290
[  476.606281][T20595]  ? alloc_netdev_mqs+0xbc3/0xf80
[  476.611362][T20595]  ? validate_linkmsg+0x71e/0x900
[  476.616455][T20595]  br_dev_newlink+0x27/0x100
[  476.621100][T20595]  ? __pfx_br_dev_newlink+0x10/0x10
[  476.626365][T20595]  rtnl_newlink+0x1591/0x20a0
[  476.631122][T20595]  ? __pfx_rtnl_newlink+0x10/0x10
[  476.636228][T20595]  ? do_raw_spin_unlock+0x13c/0x8b0
[  476.641577][T20595]  ? __mutex_lock+0x9a5/0xd70
[  476.646299][T20595]  ? __mutex_lock+0x527/0xd70
[  476.651044][T20595]  ? __pfx_rtnl_newlink+0x10/0x10
[  476.656115][T20595]  rtnetlink_rcv_msg+0x89b/0x1180
[  476.661199][T20595]  ? rtnetlink_rcv_msg+0x208/0x1180
[  476.666457][T20595]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  476.671960][T20595]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  476.677987][T20595]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  476.684352][T20595]  ? __local_bh_enable_ip+0x168/0x200
[  476.689841][T20595]  ? lockdep_hardirqs_on+0x99/0x150
[  476.695094][T20595]  ? __local_bh_enable_ip+0x168/0x200
[  476.700511][T20595]  ? dev_hard_start_xmit+0x773/0x7e0
[  476.705832][T20595]  ? __dev_queue_xmit+0x2d2/0x3d30
[  476.710974][T20595]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  476.716725][T20595]  ? __dev_queue_xmit+0x2d2/0x3d30
[  476.721877][T20595]  ? __dev_queue_xmit+0x16c9/0x3d30
[  476.727134][T20595]  ? __dev_queue_xmit+0x2d2/0x3d30
[  476.732323][T20595]  ? ref_tracker_free+0x643/0x7e0
[  476.737405][T20595]  netlink_rcv_skb+0x1e3/0x430
[  476.742204][T20595]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  476.747785][T20595]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  476.753127][T20595]  ? netlink_deliver_tap+0x2e/0x1b0
[  476.758358][T20595]  netlink_unicast+0x7f0/0x990
[  476.763170][T20595]  ? __pfx_netlink_unicast+0x10/0x10
[  476.768502][T20595]  ? __virt_addr_valid+0x183/0x520
[  476.773650][T20595]  ? __check_object_size+0x49c/0x900
[  476.778975][T20595]  ? bpf_lsm_netlink_send+0x9/0x10
[  476.784140][T20595]  netlink_sendmsg+0x8e4/0xcb0
[  476.788957][T20595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.794289][T20595]  ? __import_iovec+0x536/0x820
[  476.799174][T20595]  ? aa_sock_msg_perm+0x91/0x160
[  476.804170][T20595]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  476.809486][T20595]  ? security_socket_sendmsg+0x87/0xb0
[  476.814983][T20595]  ? __pfx_netlink_sendmsg+0x10/0x10
[  476.820361][T20595]  __sock_sendmsg+0x221/0x270
[  476.825163][T20595]  ____sys_sendmsg+0x525/0x7d0
[  476.829994][T20595]  ? __pfx_____sys_sendmsg+0x10/0x10
[  476.835347][T20595]  __sys_sendmsg+0x2b0/0x3a0
[  476.839997][T20595]  ? __pfx___sys_sendmsg+0x10/0x10
[  476.845136][T20595]  ? vfs_write+0x7c4/0xc90
[  476.849626][T20595]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  476.855993][T20595]  ? do_syscall_64+0x100/0x230
[  476.860802][T20595]  ? do_syscall_64+0xb6/0x230
[  476.865515][T20595]  do_syscall_64+0xf3/0x230
[  476.870051][T20595]  ? clear_bhb_loop+0x35/0x90
[  476.874785][T20595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.880717][T20595] RIP: 0033:0x7fae3d27d0a9
[  476.885164][T20595] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  476.904797][T20595] RSP: 002b:00007fae3df180c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  476.913240][T20595] RAX: ffffffffffffffda RBX: 00007fae3d3b4050 RCX: 00007fae3d27d0a9
[  476.921245][T20595] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000005
[  476.929260][T20595] RBP: 00007fae3df18120 R08: 0000000000000000 R09: 0000000000000000
[  476.937279][T20595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  476.945291][T20595] R13: 000000000000006e R14: 00007fae3d3b4050 R15: 00007ffc65074f48
[  476.953319][T20595]  </TASK>
[  477.058704][T20600] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  477.111679][T20604] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  477.127024][ T5122] Bluetooth: hci6: command tx timeout
[  477.174859][T20545] batman_adv: batadv0: Adding interface: batadv_slave_0
[  477.203828][T20545] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.282285][T20545] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  477.316028][T20545] batman_adv: batadv0: Adding interface: batadv_slave_1
[  477.338035][T20545] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  477.382551][T20545] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  477.537965][T20623] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  477.600366][T20545] hsr_slave_0: entered promiscuous mode
[  477.650467][T20545] hsr_slave_1: entered promiscuous mode
[  477.694889][T20545] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  477.708547][T20630] Only authenc() type AEADs are supported by ESSIV
[  477.714398][T20545] Cannot create hsr debugfs directory
[  477.767050][T20632] FAULT_INJECTION: forcing a failure.
[  477.767050][T20632] name failslab, interval 1, probability 0, space 0, times 0
[  477.779833][T20632] CPU: 1 PID: 20632 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  477.790362][T20632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  477.800444][T20632] Call Trace:
[  477.803747][T20632]  <TASK>
[  477.806700][T20632]  dump_stack_lvl+0x241/0x360
[  477.811429][T20632]  ? __pfx_dump_stack_lvl+0x10/0x10
[  477.816673][T20632]  ? __pfx__printk+0x10/0x10
[  477.821315][T20632]  should_fail_ex+0x3b0/0x4e0
[  477.826046][T20632]  ? skb_clone+0x20c/0x390
[  477.830500][T20632]  should_failslab+0x9/0x20
[  477.835047][T20632]  kmem_cache_alloc_noprof+0x6c/0x2a0
[  477.840477][T20632]  skb_clone+0x20c/0x390
[  477.844773][T20632]  ? dev_queue_xmit_nit+0x220/0xc10
[  477.850013][T20632]  dev_queue_xmit_nit+0x419/0xc10
[  477.855090][T20632]  ? dev_queue_xmit_nit+0x2b/0xc10
[  477.860243][T20632]  ? validate_xmit_skb+0x9f9/0x1120
[  477.865483][T20632]  dev_hard_start_xmit+0x15f/0x7e0
[  477.870636][T20632]  ? __pfx_validate_xmit_skb+0x10/0x10
[  477.876163][T20632]  __dev_queue_xmit+0x1b0e/0x3d30
[  477.881248][T20632]  ? __dev_queue_xmit+0x2d2/0x3d30
[  477.886417][T20632]  ? __pfx___dev_queue_xmit+0x10/0x10
[  477.891832][T20632]  ? __copy_skb_header+0x437/0x5b0
[  477.896991][T20632]  ? __asan_memcpy+0x40/0x70
[  477.901628][T20632]  ? __copy_skb_header+0x437/0x5b0
[  477.906788][T20632]  ? __skb_clone+0x454/0x6c0
[  477.911427][T20632]  ? skb_clone+0x240/0x390
[  477.915895][T20632]  __netlink_deliver_tap+0x54d/0x7c0
[  477.921245][T20632]  ? netlink_deliver_tap+0x2e/0x1b0
[  477.926489][T20632]  netlink_deliver_tap+0x19d/0x1b0
[  477.931654][T20632]  netlink_unicast+0x7be/0x990
[  477.936489][T20632]  ? __pfx_netlink_unicast+0x10/0x10
[  477.941823][T20632]  ? __virt_addr_valid+0x183/0x520
[  477.946996][T20632]  netlink_sendmsg+0x8e4/0xcb0
[  477.951835][T20632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.957162][T20632]  ? __import_iovec+0x536/0x820
[  477.962049][T20632]  ? aa_sock_msg_perm+0x91/0x160
[  477.967040][T20632]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  477.972374][T20632]  ? security_socket_sendmsg+0x87/0xb0
[  477.977873][T20632]  ? __pfx_netlink_sendmsg+0x10/0x10
[  477.983207][T20632]  __sock_sendmsg+0x221/0x270
[  477.987917][T20632]  ____sys_sendmsg+0x525/0x7d0
[  477.992723][T20632]  ? __pfx_____sys_sendmsg+0x10/0x10
[  477.998060][T20632]  __sys_sendmsg+0x2b0/0x3a0
[  478.002701][T20632]  ? __pfx___sys_sendmsg+0x10/0x10
[  478.007852][T20632]  ? vfs_write+0x7c4/0xc90
[  478.012368][T20632]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  478.018723][T20632]  ? do_syscall_64+0x100/0x230
[  478.023532][T20632]  ? do_syscall_64+0xb6/0x230
[  478.028265][T20632]  do_syscall_64+0xf3/0x230
[  478.032817][T20632]  ? clear_bhb_loop+0x35/0x90
[  478.037535][T20632]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  478.043470][T20632] RIP: 0033:0x7fae3d27d0a9
[  478.047914][T20632] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  478.067547][T20632] RSP: 002b:00007fae3df390c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  478.075999][T20632] RAX: ffffffffffffffda RBX: 00007fae3d3b3f80 RCX: 00007fae3d27d0a9
[  478.084001][T20632] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003
[  478.092004][T20632] RBP: 00007fae3df39120 R08: 0000000000000000 R09: 0000000000000000
[  478.100027][T20632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  478.108040][T20632] R13: 000000000000000b R14: 00007fae3d3b3f80 R15: 00007ffc65074f48
[  478.116085][T20632]  </TASK>
[  478.176392][T20632] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  478.537062][   T29] audit: type=1804 audit(1719127173.855:64): pid=20648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1288171382/syzkaller.vYD7gQ/153/cgroup.controllers" dev="sda1" ino=1967 res=1 errno=0
[  478.621582][T20651] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.0'.
[  478.708801][T20545] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  478.722352][T20545] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  478.745764][T20650] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  478.795331][T20644] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  478.816846][T20656] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  478.940492][T20545] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  478.966899][T20545] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.009821][T20658] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  479.110811][T20545] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  479.132757][T20545] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.206907][ T5122] Bluetooth: hci6: command tx timeout
[  479.240777][T20545] batman_adv: batadv1: Interface deactivated: netdevsim0
[  479.544423][T20545] batman_adv: batadv1: Removing interface: netdevsim0
[  479.581641][T20545] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  479.616806][T20545] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  479.994563][T20545] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  480.022346][T20545] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  480.053957][T20545] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  480.072364][T20545] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  480.355321][T20545] 8021q: adding VLAN 0 to HW filter on device bond0
[  480.459833][T20545] 8021q: adding VLAN 0 to HW filter on device team0
[  480.479207][T20703] ebt_among: dst integrity fail: 200
[  480.509892][ T5170] bridge0: port 1(bridge_slave_0) entered blocking state
[  480.517310][ T5170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  480.587675][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state
[  480.594920][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  480.735018][T20545] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  480.775800][T20545] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  480.938606][T20725] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'.
[  480.961380][T20725] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.0'.
[  480.982075][T20725] netlink: 'syz-executor.0': attribute type 6 has an invalid length.
[  481.002900][T20725] netlink: 'syz-executor.0': attribute type 5 has an invalid length.
[  481.025788][T20733] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  481.032213][T20725] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.0'.
[  481.087464][T20725] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  481.107175][T20738] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  481.183920][T20545] 8021q: adding VLAN 0 to HW filter on device batadv0
[  481.286838][ T5122] Bluetooth: hci6: command tx timeout
[  481.333032][   T29] audit: type=1804 audit(1719127176.655:65): pid=20746 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2472441113/syzkaller.5qCsse/1130/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0
[  481.417125][T20545] veth0_vlan: entered promiscuous mode
[  481.444724][T20545] veth1_vlan: entered promiscuous mode
[  481.541465][T20545] veth0_macvtap: entered promiscuous mode
[  481.568565][T20545] veth1_macvtap: entered promiscuous mode
[  481.632649][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.654216][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.677908][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.704345][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.742191][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.777504][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.796277][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.814397][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.837759][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  481.852148][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.868410][T20545] batman_adv: batadv0: Interface activated: batadv_slave_0
[  481.911240][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.936368][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  481.956325][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  481.996381][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.026259][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.050306][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.080099][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.110167][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.131995][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.152975][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.164545][T20545] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  482.176750][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.200842][T20545] batman_adv: batadv0: Interface activated: batadv_slave_1
[  482.227030][T20545] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  482.259092][T20545] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  482.279665][T20545] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  482.300996][T20545] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  482.330463][ T1794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.340898][T20775] bridge0: entered promiscuous mode
[  482.353284][T20774] bridge0: left promiscuous mode
[  482.489961][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.499054][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  482.533882][T20788] ax25_connect(): syz-executor.3 uses autobind, please contact jreuter@yaina.de
[  482.584203][T20545] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  482.618214][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.628477][T20545] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  482.639874][T20545] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  482.691606][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.721911][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  482.802041][ T8028] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  482.826597][ T8028] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  483.006991][T20805] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  483.148431][T20805] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  483.315490][T20822] __nla_validate_parse: 2 callbacks suppressed
[  483.315513][T20822] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  483.366804][ T5122] Bluetooth: hci6: command tx timeout
[  483.379325][ T5170] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  483.605188][T20832] syz_tun: entered promiscuous mode
[  483.661171][T20831] syz_tun: left promiscuous mode
[  483.664515][T20835] xt_TCPMSS: Only works on TCP SYN packets
[  483.698424][   T29] audit: type=1804 audit(1719127179.025:66): pid=20835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2472441113/syzkaller.5qCsse/1137/memory.events" dev="sda1" ino=1971 res=1 errno=0
[  483.747726][T20839] dccp_invalid_packet: P.Data Offset(100) too large
[  483.782607][   T29] audit: type=1804 audit(1719127179.095:67): pid=20843 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2472441113/syzkaller.5qCsse/1137/memory.events" dev="sda1" ino=1971 res=1 errno=0
[  483.851126][   T29] audit: type=1804 audit(1719127179.105:68): pid=20835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir2472441113/syzkaller.5qCsse/1137/memory.events" dev="sda1" ino=1971 res=1 errno=0
[  484.227438][T20867] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  484.363816][T20876] pimreg: entered allmulticast mode
[  484.395563][T20872] pimreg: left allmulticast mode
[  484.408760][ T5200] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  484.963675][T20906] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  484.990968][T20907] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  485.049327][T20907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  485.111311][T20907] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  485.144396][T20907] vlan0: entered promiscuous mode
[  485.171446][T20907] bridge0: entered promiscuous mode
[  485.186601][T20907] bridge0: port 1(vlan0) entered blocking state
[  485.204506][T20907] bridge0: port 1(vlan0) entered disabled state
[  485.224138][T20907] vlan0: entered allmulticast mode
[  485.233693][   T29] audit: type=1800 audit(1719127180.545:69): pid=20918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="memory.events" dev="sda1" ino=1971 res=0 errno=0
[  485.255867][T20907] bridge0: entered allmulticast mode
[  485.273320][T20907] vlan0: left allmulticast mode
[  485.287438][   T29] audit: type=1804 audit(1719127180.585:70): pid=20919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2472441113/syzkaller.5qCsse/1143/cgroup.controllers" dev="sda1" ino=1976 res=1 errno=0
[  485.290951][T20907] bridge0: left allmulticast mode
[  485.412326][T20907] bridge0: left promiscuous mode
[  485.449149][ T1794] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.528333][ T5169] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.536891][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  485.550733][T20927] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  485.618920][T20932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  485.671241][T20932] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  485.843171][T20943] sctp: [Deprecated]: syz-executor.4 (pid 20943) Use of struct sctp_assoc_value in delayed_ack socket option.
[  485.843171][T20943] Use struct sctp_sack_info instead
[  485.892528][T20937] FAULT_INJECTION: forcing a failure.
[  485.892528][T20937] name failslab, interval 1, probability 0, space 0, times 0
[  485.911987][T20937] CPU: 1 PID: 20937 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  485.922656][T20937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  485.932759][T20937] Call Trace:
[  485.936082][T20937]  <TASK>
[  485.939056][T20937]  dump_stack_lvl+0x241/0x360
[  485.943795][T20937]  ? __pfx_dump_stack_lvl+0x10/0x10
[  485.949043][T20937]  ? __pfx__printk+0x10/0x10
[  485.953686][T20937]  should_fail_ex+0x3b0/0x4e0
[  485.958402][T20937]  ? __alloc_skb+0x1c3/0x440
[  485.963048][T20937]  should_failslab+0x9/0x20
[  485.967593][T20937]  kmem_cache_alloc_node_noprof+0x71/0x320
[  485.973444][T20937]  ? br_get_link_af_size_filtered+0xdb/0xd30
[  485.979476][T20937]  __alloc_skb+0x1c3/0x440
[  485.983926][T20937]  ? __pfx___alloc_skb+0x10/0x10
[  485.988892][T20937]  ? if_nlmsg_size+0x74f/0x7a0
[  485.993681][T20937]  ? if_nlmsg_size+0x53a/0x7a0
[  485.998482][T20937]  rtmsg_ifinfo_build_skb+0x84/0x260
[  486.003794][T20937]  ? in6_dev_get+0x22a/0x290
[  486.008408][T20937]  ? notifier_call_chain+0x162/0x3e0
[  486.013717][T20937]  rtmsg_ifinfo+0x91/0x1b0
[  486.018163][T20937]  netdev_state_change+0x139/0x1a0
[  486.023302][T20937]  ? __pfx_netdev_state_change+0x10/0x10
[  486.028962][T20937]  ? rtnl_linkprop+0x53e/0x8b0
[  486.033741][T20937]  ? rcu_is_watching+0x15/0xb0
[  486.038526][T20937]  ? kfree+0x4e/0x360
[  486.042535][T20937]  rtnl_linkprop+0x75d/0x8b0
[  486.047147][T20937]  ? __pfx_rtnl_linkprop+0x10/0x10
[  486.052358][T20937]  ? __pfx___mutex_lock+0x10/0x10
[  486.057414][T20937]  ? __pfx_rtnl_newlinkprop+0x10/0x10
[  486.062834][T20937]  rtnetlink_rcv_msg+0x89b/0x1180
[  486.067879][T20937]  ? rtnetlink_rcv_msg+0x208/0x1180
[  486.073114][T20937]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  486.078614][T20937]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  486.084626][T20937]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  486.091037][T20937]  ? __local_bh_enable_ip+0x168/0x200
[  486.096427][T20937]  ? lockdep_hardirqs_on+0x99/0x150
[  486.101666][T20937]  ? __local_bh_enable_ip+0x168/0x200
[  486.107063][T20937]  ? dev_hard_start_xmit+0x773/0x7e0
[  486.112472][T20937]  ? __dev_queue_xmit+0x2d2/0x3d30
[  486.117602][T20937]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  486.123368][T20937]  ? __dev_queue_xmit+0x2d2/0x3d30
[  486.128532][T20937]  ? __dev_queue_xmit+0x16c9/0x3d30
[  486.133775][T20937]  ? __dev_queue_xmit+0x2d2/0x3d30
[  486.139011][T20937]  ? ref_tracker_free+0x643/0x7e0
[  486.144097][T20937]  netlink_rcv_skb+0x1e3/0x430
[  486.148905][T20937]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  486.154397][T20937]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  486.159719][T20937]  ? netlink_deliver_tap+0x2e/0x1b0
[  486.164954][T20937]  netlink_unicast+0x7f0/0x990
[  486.169759][T20937]  ? __pfx_netlink_unicast+0x10/0x10
[  486.175068][T20937]  ? __virt_addr_valid+0x183/0x520
[  486.180206][T20937]  ? __check_object_size+0x49c/0x900
[  486.185521][T20937]  ? bpf_lsm_netlink_send+0x9/0x10
[  486.190752][T20937]  netlink_sendmsg+0x8e4/0xcb0
[  486.195540][T20937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.200841][T20937]  ? __import_iovec+0x536/0x820
[  486.205725][T20937]  ? aa_sock_msg_perm+0x91/0x160
[  486.210700][T20937]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  486.216010][T20937]  ? security_socket_sendmsg+0x87/0xb0
[  486.221508][T20937]  ? __pfx_netlink_sendmsg+0x10/0x10
[  486.226817][T20937]  __sock_sendmsg+0x221/0x270
[  486.231520][T20937]  ____sys_sendmsg+0x525/0x7d0
[  486.236330][T20937]  ? __pfx_____sys_sendmsg+0x10/0x10
[  486.241661][T20937]  __sys_sendmsg+0x2b0/0x3a0
[  486.246280][T20937]  ? __pfx___sys_sendmsg+0x10/0x10
[  486.251415][T20937]  ? vfs_write+0x7c4/0xc90
[  486.255916][T20937]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  486.262267][T20937]  ? do_syscall_64+0x100/0x230
[  486.267067][T20937]  ? do_syscall_64+0xb6/0x230
[  486.271768][T20937]  do_syscall_64+0xf3/0x230
[  486.276308][T20937]  ? clear_bhb_loop+0x35/0x90
[  486.281026][T20937]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  486.287034][T20937] RIP: 0033:0x7f9d0c67d0a9
[  486.291468][T20937] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  486.311096][T20937] RSP: 002b:00007f9d0d4d20c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  486.319555][T20937] RAX: ffffffffffffffda RBX: 00007f9d0c7b3f80 RCX: 00007f9d0c67d0a9
[  486.327546][T20937] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003
[  486.335563][T20937] RBP: 00007f9d0d4d2120 R08: 0000000000000000 R09: 0000000000000000
[  486.343549][T20937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  486.351532][T20937] R13: 000000000000000b R14: 00007f9d0c7b3f80 R15: 00007fffbc00dbd8
[  486.359532][T20937]  </TASK>
[  486.425148][T20942] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  486.464000][T20947] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  486.488156][ T8019] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  486.560237][T20947] 
: (slave netdevsim0): Releasing backup interface
[  486.598037][T20952] bridge0: port 2(bridge_slave_1) entered forwarding state
[  486.708124][T20955] netlink: 212408 bytes leftover after parsing attributes in process `syz-executor.3'.
[  486.742257][T20960] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  486.785180][T20963] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  486.815875][T20960] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  486.823190][T20960] IPv6: NLM_F_CREATE should be set when creating new route
[  486.859946][T20972] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  486.889830][T20960] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  486.954157][T20960] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  486.980249][T20960] nbd: illegal input index 19464200
[  487.003884][   T29] audit: type=1804 audit(1719127182.325:71): pid=20977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir748512120/syzkaller.nFiJsx/477/cgroup.controllers" dev="sda1" ino=1949 res=1 errno=0
[  487.074144][T20982] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  487.240489][T20994] x_tables: duplicate underflow at hook 1
[  487.695757][T21016] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  487.946939][T21029] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  488.005151][T21033] netlink: 'syz-executor.3': attribute type 25 has an invalid length.
[  488.035385][T21035] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  488.216086][T21046] x_tables: duplicate underflow at hook 1
[  488.247182][    C1] net_ratelimit: 2 callbacks suppressed
[  488.247203][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  488.465970][T21058] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
[  488.507569][T21058] bond0: entered promiscuous mode
[  488.516439][T21058] bond_slave_0: entered promiscuous mode
[  488.522365][T21058] bond_slave_1: entered promiscuous mode
[  488.547685][T21058] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  488.569517][T21058] bond0: left promiscuous mode
[  488.581182][T21058] bond_slave_0: left promiscuous mode
[  488.599760][T21058] bond_slave_1: left promiscuous mode
[  488.782420][T21074] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  488.814235][T21074] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  489.001047][T21090] __nla_validate_parse: 3 callbacks suppressed
[  489.001069][T21090] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  489.055878][T21090] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  489.194988][T21098] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0
[  489.214843][T21098] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0
[  489.224108][T21098] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0
[  489.294854][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  489.306117][T21098] netdevsim netdevsim0 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0
[  489.326713][T21098] netdevsim netdevsim0 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0
[  489.350676][T21098] netdevsim netdevsim0 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0
[  489.377369][T21107] sctp: [Deprecated]: syz-executor.4 (pid 21107) Use of int in max_burst socket option deprecated.
[  489.377369][T21107] Use struct sctp_assoc_value instead
[  489.405213][T21098] geneve3: entered promiscuous mode
[  489.425961][T21098] geneve3: entered allmulticast mode
[  489.615748][T21114] syzkaller1: entered promiscuous mode
[  489.622677][T21114] syzkaller1: entered allmulticast mode
[  489.768410][T21128] netlink: 52 bytes leftover after parsing attributes in process `syz-executor.0'.
[  490.045916][T21142] syz-executor.0: vmalloc error: size 8392704, failed to allocated page array size 16392, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz0,mems_allowed=0-1
[  490.079585][T21142] CPU: 1 PID: 21142 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  490.090143][T21142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  490.095633][T21147] netlink: 56 bytes leftover after parsing attributes in process `syz-executor.4'.
[  490.100205][T21142] Call Trace:
[  490.100220][T21142]  <TASK>
[  490.100232][T21142]  dump_stack_lvl+0x241/0x360
[  490.100275][T21142]  ? __pfx_dump_stack_lvl+0x10/0x10
[  490.100307][T21142]  ? __pfx__printk+0x10/0x10
[  490.100347][T21142]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  490.100383][T21142]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  490.100419][T21142]  warn_alloc+0x278/0x410
[  490.100460][T21142]  ? __pfx_warn_alloc+0x10/0x10
[  490.116755][T21147] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  490.120663][T21142]  ? xskq_create+0xb6/0x170
[  490.120707][T21142]  ? __get_vm_area_node+0x23d/0x270
[  490.120743][T21142]  __vmalloc_node_range_noprof+0x69f/0x1460
[  490.177577][T21142]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  490.183960][T21142]  ? __kasan_kmalloc+0x98/0xb0
[  490.188767][T21142]  ? xskq_create+0x54/0x170
[  490.193315][T21142]  vmalloc_user_noprof+0x74/0x80
[  490.198310][T21142]  ? xskq_create+0xb6/0x170
[  490.202872][T21142]  xskq_create+0xb6/0x170
[  490.207248][T21142]  xsk_init_queue+0xa1/0x100
[  490.211890][T21142]  xsk_setsockopt+0x4ea/0x950
[  490.216636][T21142]  ? __pfx_xsk_setsockopt+0x10/0x10
[  490.221896][T21142]  ? __pfx_lock_acquire+0x10/0x10
[  490.226967][T21142]  ? aa_sock_opt_perm+0x79/0x120
[  490.231972][T21142]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  490.237569][T21142]  ? security_socket_setsockopt+0x87/0xb0
[  490.243338][T21142]  ? __pfx_xsk_setsockopt+0x10/0x10
[  490.248575][T21142]  do_sock_setsockopt+0x3af/0x720
[  490.253653][T21142]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  490.259245][T21142]  ? __fget_files+0x29/0x470
[  490.263873][T21142]  ? __fget_files+0x3f6/0x470
[  490.268656][T21142]  __sys_setsockopt+0x1ae/0x250
[  490.273553][T21142]  __x64_sys_setsockopt+0xb5/0xd0
[  490.278626][T21142]  do_syscall_64+0xf3/0x230
[  490.283168][T21142]  ? clear_bhb_loop+0x35/0x90
[  490.287898][T21142]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  490.293826][T21142] RIP: 0033:0x7f9a6f87d0a9
[  490.298271][T21142] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  490.312616][T21153] Bluetooth: MGMT ver 1.22
[  490.317901][T21142] RSP: 002b:00007f9a7057c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  490.317935][T21142] RAX: ffffffffffffffda RBX: 00007f9a6f9b3f80 RCX: 00007f9a6f87d0a9
[  490.317954][T21142] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  490.317970][T21142] RBP: 00007f9a6f8ec074 R08: 0000000000000004 R09: 0000000000000000
[  490.317987][T21142] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  490.318002][T21142] R13: 000000000000000b R14: 00007f9a6f9b3f80 R15: 00007ffe37a0b348
[  490.318039][T21142]  </TASK>
[  490.381201][T21142] Mem-Info:
[  490.384367][T21142] active_anon:16314 inactive_anon:0 isolated_anon:0
[  490.384367][T21142]  active_file:0 inactive_file:47153 isolated_file:0
[  490.384367][T21142]  unevictable:768 dirty:73 writeback:0
[  490.384367][T21142]  slab_reclaimable:11510 slab_unreclaimable:108008
[  490.384367][T21142]  mapped:22609 shmem:1712 pagetables:690
[  490.384367][T21142]  sec_pagetables:0 bounce:0
[  490.384367][T21142]  kernel_misc_reclaimable:0
[  490.384367][T21142]  free:1355179 free_pcp:1469 free_cma:0
[  490.429758][T21142] Node 0 active_anon:65256kB inactive_anon:0kB active_file:0kB inactive_file:188544kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:90436kB dirty:288kB writeback:0kB shmem:5312kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11416kB pagetables:2760kB sec_pagetables:0kB all_unreclaimable? no
[  490.461758][T21142] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  490.461824][T21142] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  490.461893][T21142] lowmem_reserve[]: 0 2571 2571 0 0
[  490.461947][T21142] Node 0 DMA32 free:1456972kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:65216kB inactive_anon:0kB active_file:0kB inactive_file:188224kB unevictable:1536kB writepending:284kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:2284kB local_pcp:780kB free_cma:0kB
[  490.462015][T21142] lowmem_reserve[]: 0 0 0 0 0
[  490.462064][T21142] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:4kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  490.595567][T21159] netlink: 181400 bytes leftover after parsing attributes in process `syz-executor.2'.
[  490.607047][T21142] lowmem_reserve[]: 0 0 0 0 0
[  490.626737][T21142] Node 1 Normal free:3948384kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:3520kB local_pcp:0kB free_cma:0kB
[  490.720197][T21142] lowmem_reserve[]: 0 0 0 0 0
[  490.725052][T21142] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  490.773180][T21142] Node 0 DMA32: 127*4kB (UE) 354*8kB (UME) 378*16kB (UME) 152*32kB (UM) 75*64kB (UME) 159*128kB (UME) 109*256kB (UM) 45*512kB (UME) 25*1024kB (UME) 7*2048kB (UME) 324*4096kB (UM) = 1457388kB
[  490.842092][T21142] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  490.888269][T21142] Node 1 Normal: 1*4kB (M) 2*8kB (UM) 2*16kB (UM) 1*32kB (M) 1*64kB (U) 0*128kB 1*256kB (M) 1*512kB (M) 1*1024kB (U) 1*2048kB (U) 963*4096kB (UM) = 3948436kB
[  490.924877][T21142] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  490.952941][T21142] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  490.985176][T21142] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  491.015691][T21142] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  491.036702][T21142] 48831 total pagecache pages
[  491.041431][T21142] 0 pages in swap cache
[  491.045612][T21142] Free swap  = 124996kB
[  491.063392][T21142] Total swap = 124996kB
[  491.070143][T21142] 2097051 pages RAM
[  491.076979][T21142] 0 pages HighMem/MovableOnly
[  491.087659][T21142] 400873 pages reserved
[  491.097203][T21142] 0 pages cma reserved
[  491.260017][T21192] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  491.294020][T21196] No such timeout policy "syz0"
[  491.329458][T21194] netlink: 130976 bytes leftover after parsing attributes in process `syz-executor.3'.
[  491.476165][   T12] bridge_slave_1: left allmulticast mode
[  491.482451][   T12] bridge_slave_1: left promiscuous mode
[  491.515573][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  491.543520][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  491.742748][   T12] batman_adv: batadv0: Removing interface: ip6gretap1
[  492.137433][T21219] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  492.249894][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  492.274641][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  492.289627][   T12] bond0 (unregistering): (slave batadv0): Releasing backup interface
[  492.305258][   T12] bond0 (unregistering): Released all slaves
[  492.327951][T21228] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  492.404487][T21226] validate_nla: 4 callbacks suppressed
[  492.404509][T21226] netlink: 'syz-executor.3': attribute type 10 has an invalid length.
[  492.470830][T21226] bridge0: port 2(–eth0_vlan) entered disabled state
[  492.478331][T21226] bridge0: port 1(bridge_slave_0) entered disabled state
[  492.520614][T21226] bridge0: port 2(–eth0_vlan) entered blocking state
[  492.527644][T21226] bridge0: port 2(–eth0_vlan) entered forwarding state
[  492.534884][T21226] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.542242][T21226] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.578731][T21226] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  492.694162][T21234] netlink: 'syz-executor.1': attribute type 37 has an invalid length.
[  493.029558][   T12] hsr_slave_0: left promiscuous mode
[  493.057080][   T12] hsr_slave_1: left promiscuous mode
[  493.076929][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  493.096991][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  493.108289][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  493.122768][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  493.177024][   T12] veth1_macvtap: left promiscuous mode
[  493.185547][   T12] veth0_macvtap: left promiscuous mode
[  493.195852][   T12] veth1_vlan: left promiscuous mode
[  493.206615][   T12] veth0_vlan: left promiscuous mode
[  493.569632][   T12] pim6reg (unregistering): left allmulticast mode
[  495.394185][T21279] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  495.426527][T21279] __nla_validate_parse: 3 callbacks suppressed
[  495.426550][T21279] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'.
[  495.784996][T21294] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  495.887749][T21299] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  495.979746][T21300] infiniband Syz1: RDMA CMA: cma_listen_on_dev, error -98
[  495.990073][   T12] IPVS: stop unused estimator thread 0...
[  496.019124][T21305] mac80211_hwsim hwsim37 wlan1: entered promiscuous mode
[  496.181157][T21311] sctp: [Deprecated]: syz-executor.4 (pid 21311) Use of int in max_burst socket option deprecated.
[  496.181157][T21311] Use struct sctp_assoc_value instead
[  496.456811][   T29] audit: type=1804 audit(1719127191.785:72): pid=21325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir1288171382/syzkaller.vYD7gQ/199/cgroup.controllers" dev="sda1" ino=1948 res=1 errno=0
[  496.501921][T21325] FAULT_INJECTION: forcing a failure.
[  496.501921][T21325] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  496.529588][T21325] CPU: 1 PID: 21325 Comm: syz-executor.4 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  496.540247][T21325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  496.550350][T21325] Call Trace:
[  496.553649][T21325]  <TASK>
[  496.556592][T21325]  dump_stack_lvl+0x241/0x360
[  496.561298][T21325]  ? __pfx_dump_stack_lvl+0x10/0x10
[  496.566524][T21325]  ? __pfx__printk+0x10/0x10
[  496.571167][T21325]  should_fail_ex+0x3b0/0x4e0
[  496.575875][T21325]  prepare_alloc_pages+0x1da/0x5d0
[  496.581021][T21325]  __alloc_pages_noprof+0x166/0x6c0
[  496.586240][T21325]  ? __pfx___alloc_pages_noprof+0x10/0x10
[  496.591991][T21325]  ? do_splice_direct+0x28c/0x3e0
[  496.597028][T21325]  ? __se_sys_sendfile64+0x17c/0x1e0
[  496.602331][T21325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.608424][T21325]  alloc_pages_bulk_noprof+0x729/0xd40
[  496.613915][T21325]  ? __pfx_alloc_pages_bulk_noprof+0x10/0x10
[  496.619923][T21325]  ? copy_splice_read+0x18d/0xb60
[  496.624956][T21325]  ? copy_splice_read+0x18d/0xb60
[  496.630080][T21325]  ? __kmalloc_noprof+0x217/0x400
[  496.635128][T21325]  copy_splice_read+0x1c5/0xb60
[  496.639988][T21325]  ? __asan_memset+0x23/0x50
[  496.644585][T21325]  ? __pfx_copy_splice_read+0x10/0x10
[  496.649987][T21325]  ? __raw_spin_lock_init+0x45/0x100
[  496.655289][T21325]  ? alloc_pipe_info+0x370/0x4d0
[  496.660243][T21325]  splice_direct_to_actor+0x502/0xc90
[  496.665641][T21325]  ? __pfx_direct_splice_actor+0x10/0x10
[  496.671287][T21325]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  496.677193][T21325]  ? __fget_files+0x29/0x470
[  496.681793][T21325]  ? __pfx_lock_release+0x10/0x10
[  496.686831][T21325]  do_splice_direct+0x28c/0x3e0
[  496.691696][T21325]  ? __pfx_do_splice_direct+0x10/0x10
[  496.697082][T21325]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  496.703004][T21325]  ? security_file_permission+0x7f/0xa0
[  496.708561][T21325]  ? rw_verify_area+0x1d2/0x6b0
[  496.713422][T21325]  do_sendfile+0x56d/0xe10
[  496.717849][T21325]  ? __pfx_do_sendfile+0x10/0x10
[  496.722831][T21325]  __se_sys_sendfile64+0x17c/0x1e0
[  496.727962][T21325]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  496.733612][T21325]  ? do_syscall_64+0x100/0x230
[  496.738665][T21325]  ? do_syscall_64+0xb6/0x230
[  496.743368][T21325]  do_syscall_64+0xf3/0x230
[  496.747890][T21325]  ? clear_bhb_loop+0x35/0x90
[  496.752589][T21325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  496.758517][T21325] RIP: 0033:0x7fae3d27d0a9
[  496.762936][T21325] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  496.782572][T21325] RSP: 002b:00007fae3df390c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  496.791001][T21325] RAX: ffffffffffffffda RBX: 00007fae3d3b3f80 RCX: 00007fae3d27d0a9
[  496.798978][T21325] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000008
[  496.806952][T21325] RBP: 00007fae3df39120 R08: 0000000000000000 R09: 0000000000000000
[  496.814965][T21325] R10: 000000010000a006 R11: 0000000000000246 R12: 0000000000000001
[  496.822941][T21325] R13: 000000000000000b R14: 00007fae3d3b3f80 R15: 00007ffc65074f48
[  496.830931][T21325]  </TASK>
[  496.871634][T21329] pim6reg: entered allmulticast mode
[  496.909354][T21329] pim6reg: left allmulticast mode
[  496.966333][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  497.046590][T21342] x_tables: duplicate underflow at hook 1
[  497.129560][T21336] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  497.177133][T21351] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[  497.216164][T21351] netlink: 'syz-executor.4': attribute type 3 has an invalid length.
[  497.266488][T21351] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.4'.
[  497.613324][T21373] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'.
[  497.643041][T21373] netlink: 'syz-executor.2': attribute type 2 has an invalid length.
[  497.676322][T21373] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  497.797070][T21374] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  498.006300][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  498.161970][T21391] x_tables: duplicate underflow at hook 1
[  499.292414][T21414] hsr0: entered promiscuous mode
[  499.927618][T21421] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  500.072438][ T5123] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  500.082537][ T5123] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  500.096387][ T5123] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  500.113089][ T5123] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  500.121812][ T5123] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  500.129557][ T5123] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  500.221382][T21426] netlink: 209840 bytes leftover after parsing attributes in process `syz-executor.3'.
[  500.257279][T21425] netlink: set zone limit has 4 unknown bytes
[  500.539013][T21437] vlan2: entered promiscuous mode
[  500.544197][T21437] ip6gretap0: entered promiscuous mode
[  500.657175][T21441] netlink: 256 bytes leftover after parsing attributes in process `syz-executor.1'.
[  500.694951][T21446] netlink: 'syz-executor.3': attribute type 11 has an invalid length.
[  500.808752][ T1088] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  500.942485][ T1088] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.009458][T21460] netlink: 209852 bytes leftover after parsing attributes in process `syz-executor.1'.
[  501.022186][T21422] chnl_net:caif_netlink_parms(): no params data found
[  501.060417][ T1088] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.080358][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b2f2400: rx timeout, send abort
[  501.108706][T21460] sysfs: cannot create duplicate filename '/class/ieee80211/!!ô'
[  501.124118][T21460] CPU: 0 PID: 21460 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  501.134692][T21460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  501.144784][T21460] Call Trace:
[  501.148099][T21460]  <TASK>
[  501.151056][T21460]  dump_stack_lvl+0x241/0x360
[  501.155802][T21460]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.161045][T21460]  ? __pfx__printk+0x10/0x10
[  501.165687][T21460]  ? sysfs_warn_dup+0x51/0xa0
[  501.170421][T21460]  ? kmalloc_trace_noprof+0x19c/0x2c0
[  501.175830][T21460]  sysfs_warn_dup+0x8e/0xa0
[  501.180383][T21460]  sysfs_do_create_link_sd+0xbe/0x110
[  501.185815][T21460]  device_add_class_symlinks+0x1c5/0x250
[  501.191504][T21460]  device_add+0x553/0xbf0
[  501.195890][T21460]  wiphy_register+0x1d3f/0x2b30
[  501.200800][T21460]  ? __pfx_wiphy_register+0x10/0x10
[  501.206032][T21460]  ? minstrel_ht_alloc+0x72b/0x860
[  501.211213][T21460]  ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620
[  501.217342][T21460]  ieee80211_register_hw+0x3098/0x3d80
[  501.222866][T21460]  ? ieee80211_register_hw+0x1161/0x3d80
[  501.228559][T21460]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  501.234429][T21460]  ? __asan_memset+0x23/0x50
[  501.239083][T21460]  ? __hrtimer_init+0x170/0x250
[  501.243976][T21460]  mac80211_hwsim_new_radio+0x2597/0x44d0
[  501.249767][T21460]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  501.255869][T21460]  ? kmalloc_node_track_caller_noprof+0x242/0x440
[  501.262325][T21460]  ? kstrndup+0x5c/0xb0
[  501.266525][T21460]  ? __asan_memcpy+0x40/0x70
[  501.271176][T21460]  hwsim_new_radio_nl+0xe4c/0x21d0
[  501.276352][T21460]  ? __pfx___nla_validate_parse+0x10/0x10
[  501.282128][T21460]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  501.287761][T21460]  ? genl_family_rcv_msg_attrs_parse+0x1d1/0x290
[  501.294160][T21460]  genl_rcv_msg+0xb14/0xec0
[  501.298715][T21460]  ? mark_lock+0x9a/0x350
[  501.303097][T21460]  ? __pfx_genl_rcv_msg+0x10/0x10
[  501.308190][T21460]  ? __pfx_lock_acquire+0x10/0x10
[  501.313272][T21460]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  501.318897][T21460]  ? __pfx___might_resched+0x10/0x10
[  501.324200][T21460]  netlink_rcv_skb+0x1e3/0x430
[  501.328969][T21460]  ? __pfx_genl_rcv_msg+0x10/0x10
[  501.334013][T21460]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  501.339324][T21460]  ? __netlink_deliver_tap+0x77e/0x7c0
[  501.344820][T21460]  genl_rcv+0x28/0x40
[  501.348830][T21460]  netlink_unicast+0x7f0/0x990
[  501.353617][T21460]  ? __pfx_netlink_unicast+0x10/0x10
[  501.358921][T21460]  ? __virt_addr_valid+0x183/0x520
[  501.364053][T21460]  ? __check_object_size+0x49c/0x900
[  501.369374][T21460]  ? bpf_lsm_netlink_send+0x9/0x10
[  501.374516][T21460]  netlink_sendmsg+0x8e4/0xcb0
[  501.379312][T21460]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.384641][T21460]  ? __import_iovec+0x536/0x820
[  501.389526][T21460]  ? aa_sock_msg_perm+0x91/0x160
[  501.394493][T21460]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  501.399782][T21460]  ? security_socket_sendmsg+0x87/0xb0
[  501.405248][T21460]  ? __pfx_netlink_sendmsg+0x10/0x10
[  501.410532][T21460]  __sock_sendmsg+0x221/0x270
[  501.415213][T21460]  ____sys_sendmsg+0x525/0x7d0
[  501.420010][T21460]  ? __pfx_____sys_sendmsg+0x10/0x10
[  501.425341][T21460]  __sys_sendmsg+0x2b0/0x3a0
[  501.429945][T21460]  ? __pfx___sys_sendmsg+0x10/0x10
[  501.435118][T21460]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  501.441452][T21460]  ? do_syscall_64+0x100/0x230
[  501.446246][T21460]  ? do_syscall_64+0xb6/0x230
[  501.450944][T21460]  do_syscall_64+0xf3/0x230
[  501.455458][T21460]  ? clear_bhb_loop+0x35/0x90
[  501.460147][T21460]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.466128][T21460] RIP: 0033:0x7f9d0c67d0a9
[  501.470555][T21460] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  501.490212][T21460] RSP: 002b:00007f9d0d4d20c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  501.498636][T21460] RAX: ffffffffffffffda RBX: 00007f9d0c7b3f80 RCX: 00007f9d0c67d0a9
[  501.506616][T21460] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  501.514599][T21460] RBP: 00007f9d0c6ec074 R08: 0000000000000000 R09: 0000000000000000
[  501.522571][T21460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  501.530554][T21460] R13: 000000000000000b R14: 00007f9d0c7b3f80 R15: 00007fffbc00dbd8
[  501.538544][T21460]  </TASK>
[  501.588674][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b2f2400: abort rx timeout. Force session deactivation
[  501.615629][ T1088] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  501.807644][T21479] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  501.951725][T21422] bridge0: port 1(bridge_slave_0) entered blocking state
[  501.966633][T21422] bridge0: port 1(bridge_slave_0) entered disabled state
[  501.996831][T21422] bridge_slave_0: entered allmulticast mode
[  502.004539][T21422] bridge_slave_0: entered promiscuous mode
[  502.033772][T21486] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  502.088937][T21422] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.096120][T21422] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.128380][T21422] bridge_slave_1: entered allmulticast mode
[  502.138148][T21422] bridge_slave_1: entered promiscuous mode
[  502.166546][ T5122] Bluetooth: hci7: command tx timeout
[  502.365017][T21422] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  502.395113][T21422] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  502.608648][T21422] team0: Port device team_slave_0 added
[  503.856315][ T1088] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  503.872262][ T1088] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  503.883906][ T1088] bond0 (unregistering): Released all slaves
[  503.902009][ T1088] bond1 (unregistering): Released all slaves
[  503.918388][T21422] team0: Port device team_slave_1 added
[  503.942365][T21513] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  503.969613][T21528] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  504.148216][ T1088] IPVS: stopping backup sync thread 20100 ...
[  504.247653][ T5122] Bluetooth: hci7: command tx timeout
[  504.354857][T21555] xt_cgroup: invalid path, errno=-2
[  504.893641][T21575] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.3'.
[  505.847109][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  505.877227][T21422] batman_adv: batadv0: Adding interface: batadv_slave_0
[  505.895117][T21422] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  505.943298][T21422] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  505.970820][T21422] batman_adv: batadv0: Adding interface: batadv_slave_1
[  505.985646][T21422] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  506.024897][T21422] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  506.321248][T21593] IPv6: NLM_F_REPLACE set, but no existing node found!
[  506.326136][T21600] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  506.336298][ T5122] Bluetooth: hci7: command tx timeout
[  506.409174][T21422] hsr_slave_0: entered promiscuous mode
[  506.433125][T21422] hsr_slave_1: entered promiscuous mode
[  506.458609][T21422] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  506.485391][T21422] Cannot create hsr debugfs directory
[  506.491991][T21600] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  506.495992][T21606] FAULT_INJECTION: forcing a failure.
[  506.495992][T21606] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  506.514141][T21606] CPU: 1 PID: 21606 Comm: syz-executor.0 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  506.524676][T21606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  506.534764][T21606] Call Trace:
[  506.538057][T21606]  <TASK>
[  506.540997][T21606]  dump_stack_lvl+0x241/0x360
[  506.545700][T21606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  506.550910][T21606]  ? __pfx__printk+0x10/0x10
[  506.555513][T21606]  ? __pfx_lock_release+0x10/0x10
[  506.560561][T21606]  should_fail_ex+0x3b0/0x4e0
[  506.565264][T21606]  _copy_from_user+0x2f/0xe0
[  506.569886][T21606]  copy_msghdr_from_user+0xae/0x680
[  506.575103][T21606]  ? _parse_integer_limit+0x1b5/0x200
[  506.580491][T21606]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  506.586327][T21606]  __sys_sendmmsg+0x374/0x740
[  506.591027][T21606]  ? __pfx___sys_sendmmsg+0x10/0x10
[  506.596281][T21606]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  506.602209][T21606]  ? ksys_write+0x23e/0x2c0
[  506.606729][T21606]  ? __pfx_lock_release+0x10/0x10
[  506.611767][T21606]  ? vfs_write+0x7c4/0xc90
[  506.616213][T21606]  ? __mutex_unlock_slowpath+0x21d/0x750
[  506.621866][T21606]  ? __pfx_vfs_write+0x10/0x10
[  506.626677][T21606]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  506.632690][T21606]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  506.639038][T21606]  ? do_syscall_64+0x100/0x230
[  506.643819][T21606]  __x64_sys_sendmmsg+0xa0/0xb0
[  506.648709][T21606]  do_syscall_64+0xf3/0x230
[  506.653240][T21606]  ? clear_bhb_loop+0x35/0x90
[  506.657946][T21606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  506.663863][T21606] RIP: 0033:0x7f9a6f87d0a9
[  506.668292][T21606] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  506.687934][T21606] RSP: 002b:00007f9a7057c0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  506.696359][T21606] RAX: ffffffffffffffda RBX: 00007f9a6f9b3f80 RCX: 00007f9a6f87d0a9
[  506.704336][T21606] RDX: 0000000000000002 RSI: 0000000020002e40 RDI: 0000000000000003
[  506.712329][T21606] RBP: 00007f9a7057c120 R08: 0000000000000000 R09: 0000000000000000
[  506.720315][T21606] R10: 00000000040000c0 R11: 0000000000000246 R12: 0000000000000001
[  506.728296][T21606] R13: 000000000000000b R14: 00007f9a6f9b3f80 R15: 00007ffe37a0b348
[  506.736295][T21606]  </TASK>
[  506.755827][    C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0)
[  506.877894][T21601] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  506.902324][T21612] netem: incorrect ge model size
[  506.927725][T21612] netem: change failed
[  506.947916][T21614] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  506.974258][T21604] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  507.129379][ T1088] hsr_slave_0: left promiscuous mode
[  507.135664][ T1088] hsr_slave_1: left promiscuous mode
[  507.177859][ T1088] veth1_macvtap: left promiscuous mode
[  507.183519][ T1088] veth0_macvtap: left promiscuous mode
[  507.197657][ T1088] veth1_vlan: left promiscuous mode
[  507.202956][ T1088] veth0_vlan: left promiscuous mode
[  507.971366][ T1088] team0 (unregistering): Port device team_slave_1 removed
[  508.020238][ T1088] team0 (unregistering): Port device team_slave_0 removed
[  508.333509][T21647] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.0'.
[  508.408075][ T5122] Bluetooth: hci7: command tx timeout
[  508.636671][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.446571][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  509.533144][T21686] dvmrp0: entered allmulticast mode
[  509.557879][T21686] dvmrp0: left allmulticast mode
[  509.597833][T21688] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  509.626793][T21688] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  509.782885][T21422] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  509.814216][T21422] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  509.873705][T21701] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  509.986573][T21422] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  510.011872][T21422] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  510.065425][T21713] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  510.127345][T21710] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  510.161536][T21718] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  510.452390][T21733] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  510.477543][T21733] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  510.505478][T21422] 8021q: adding VLAN 0 to HW filter on device bond0
[  510.597534][T21422] 8021q: adding VLAN 0 to HW filter on device team0
[  510.658088][ T5170] bridge0: port 1(bridge_slave_0) entered blocking state
[  510.665267][ T5170] bridge0: port 1(bridge_slave_0) entered forwarding state
[  510.708473][ T5170] bridge0: port 2(bridge_slave_1) entered blocking state
[  510.715658][ T5170] bridge0: port 2(bridge_slave_1) entered forwarding state
[  510.798130][T21744] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  510.838838][T21749] xt_AUDIT: Audit type out of range (valid range: 0..2)
[  511.235889][T21767] Cannot find set identified by id 0 to match
[  511.435741][T21422] 8021q: adding VLAN 0 to HW filter on device batadv0
[  511.458548][T21774] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  511.468974][T21772] team0: entered promiscuous mode
[  511.475219][T21774] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'.
[  511.496458][T21772] team_slave_0: entered promiscuous mode
[  511.502329][T21772] team_slave_1: entered promiscuous mode
[  511.593903][T21771] team0: left promiscuous mode
[  511.612322][T21771] team_slave_0: left promiscuous mode
[  511.633814][T21771] team_slave_1: left promiscuous mode
[  511.722986][T21727] syz-executor.1: vmalloc error: size 536870912, failed to allocated page array size 1048576, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  511.760020][T21727] CPU: 0 PID: 21727 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  511.770568][T21727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  511.780648][T21727] Call Trace:
[  511.783933][T21727]  <TASK>
[  511.786870][T21727]  dump_stack_lvl+0x241/0x360
[  511.791565][T21727]  ? __pfx_dump_stack_lvl+0x10/0x10
[  511.796788][T21727]  ? __pfx__printk+0x10/0x10
[  511.801393][T21727]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  511.807829][T21727]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  511.814341][T21727]  warn_alloc+0x278/0x410
[  511.818693][T21727]  ? __pfx_warn_alloc+0x10/0x10
[  511.823568][T21727]  ? translate_table+0x174/0x2260
[  511.828633][T21727]  ? __get_vm_area_node+0x23d/0x270
[  511.833849][T21727]  __vmalloc_node_range_noprof+0x69f/0x1460
[  511.839777][T21727]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  511.846114][T21727]  ? rcu_is_watching+0x15/0xb0
[  511.850887][T21727]  ? trace_kmalloc+0x1f/0xd0
[  511.855482][T21727]  ? __kmalloc_node_noprof+0x247/0x440
[  511.860953][T21727]  ? kvmalloc_node_noprof+0x72/0x190
[  511.866262][T21727]  kvmalloc_node_noprof+0x142/0x190
[  511.871480][T21727]  ? translate_table+0x174/0x2260
[  511.876524][T21727]  translate_table+0x174/0x2260
[  511.881415][T21727]  ? __pfx_translate_table+0x10/0x10
[  511.886724][T21727]  ? __might_fault+0xaa/0x120
[  511.891412][T21727]  ? __pfx_lock_release+0x10/0x10
[  511.896455][T21727]  ? __might_fault+0xaa/0x120
[  511.901132][T21727]  ? __might_fault+0xc6/0x120
[  511.905830][T21727]  ? _copy_from_user+0xa6/0xe0
[  511.910607][T21727]  ? copy_from_sockptr_offset+0x6b/0xb0
[  511.916162][T21727]  do_ipt_set_ctl+0xe3d/0x1250
[  511.921054][T21727]  ? __pfx___might_resched+0x10/0x10
[  511.926356][T21727]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  511.931594][T21727]  ? __pfx_lock_release+0x10/0x10
[  511.936655][T21727]  ? __mutex_unlock_slowpath+0x21d/0x750
[  511.942298][T21727]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  511.947710][T21727]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  511.953717][T21727]  ? __pfx_aa_sk_perm+0x10/0x10
[  511.958597][T21727]  ? module_put+0x13a/0x2d0
[  511.963137][T21727]  nf_setsockopt+0x295/0x2c0
[  511.967780][T21727]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  511.973700][T21727]  do_sock_setsockopt+0x3af/0x720
[  511.978760][T21727]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  511.984323][T21727]  ? __fget_files+0x29/0x470
[  511.988937][T21727]  ? __fget_files+0x3f6/0x470
[  511.993637][T21727]  __sys_setsockopt+0x1ae/0x250
[  511.998506][T21727]  __x64_sys_setsockopt+0xb5/0xd0
[  512.003572][T21727]  do_syscall_64+0xf3/0x230
[  512.008100][T21727]  ? clear_bhb_loop+0x35/0x90
[  512.012794][T21727]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  512.018703][T21727] RIP: 0033:0x7f9d0c67d0a9
[  512.023118][T21727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  512.042722][T21727] RSP: 002b:00007f9d0d4d20c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  512.051137][T21727] RAX: ffffffffffffffda RBX: 00007f9d0c7b3f80 RCX: 00007f9d0c67d0a9
[  512.059115][T21727] RDX: 0000000000000040 RSI: 0004000000000000 RDI: 0000000000000003
[  512.067081][T21727] RBP: 00007f9d0c6ec074 R08: 0000000000000298 R09: 0000000000000000
[  512.075047][T21727] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000000
[  512.083018][T21727] R13: 000000000000000b R14: 00007f9d0c7b3f80 R15: 00007fffbc00dbd8
[  512.091030][T21727]  </TASK>
[  512.152030][T21727] Mem-Info:
[  512.155325][T21727] active_anon:16283 inactive_anon:0 isolated_anon:0
[  512.155325][T21727]  active_file:0 inactive_file:47179 isolated_file:0
[  512.155325][T21727]  unevictable:768 dirty:29 writeback:0
[  512.155325][T21727]  slab_reclaimable:11444 slab_unreclaimable:110786
[  512.155325][T21727]  mapped:22607 shmem:1712 pagetables:651
[  512.155325][T21727]  sec_pagetables:0 bounce:0
[  512.155325][T21727]  kernel_misc_reclaimable:0
[  512.155325][T21727]  free:1336755 free_pcp:1224 free_cma:0
[  512.296347][T21727] Node 0 active_anon:65012kB inactive_anon:0kB active_file:0kB inactive_file:188648kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:90424kB dirty:112kB writeback:0kB shmem:5312kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11032kB pagetables:2592kB sec_pagetables:0kB all_unreclaimable? no
[  512.360504][T21422] veth0_vlan: entered promiscuous mode
[  512.366502][T21727] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  512.399142][T21422] veth1_vlan: entered promiscuous mode
[  512.451870][T21727] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  512.484147][T21727] lowmem_reserve[]: 0 2571 2571 0 0
[  512.513635][T21727] Node 0 DMA32 free:1381304kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:64972kB inactive_anon:0kB active_file:0kB inactive_file:188328kB unevictable:1536kB writepending:112kB present:3129332kB managed:2659872kB mlocked:0kB bounce:0kB free_pcp:3456kB local_pcp:1840kB free_cma:0kB
[  512.553036][T21422] veth0_macvtap: entered promiscuous mode
[  512.602945][T21422] veth1_macvtap: entered promiscuous mode
[  512.616558][T21727] lowmem_reserve[]: 0 0 0 0 0
[  512.621350][T21727] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:40kB inactive_anon:0kB active_file:0kB inactive_file:320kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  512.628990][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  512.706289][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  512.716144][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  512.746483][T21727] lowmem_reserve[]: 0 0 0 0 0
[  512.757000][T21727] Node 1 Normal free:3950148kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:68kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109120kB mlocked:0kB bounce:0kB free_pcp:1756kB local_pcp:0kB free_cma:0kB
[  512.781122][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  512.829175][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  512.850608][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  512.861165][T21727] lowmem_reserve[]: 0 0 0 0 0
[  512.865951][T21727] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 
[  512.867883][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  512.890063][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  512.896376][T21727] 3*4096kB (M) = 15360kB
[  512.902139][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  512.924618][T21727] Node 0 DMA32: 86*4kB (UE) 329*8kB (UME) 404*16kB (UME) 179*32kB (UME) 71*64kB (UME) 55*128kB (UME) 19*256kB (UM) 8*512kB (UME) 12*1024kB (UME) 6*2048kB (ME) 323*4096kB (UM) = 1383296kB
[  512.936704][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  512.965120][T21422] batman_adv: batadv0: Interface activated: batadv_slave_0
[  512.975552][T21801] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  512.985876][T21801] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  512.993223][T21727] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  513.021543][T21795] A link change request failed with some changes committed already. Interface veth0_to_bridge may have been left with an inconsistent configuration, please check.
[  513.038089][T21727] Node 1 Normal: 2*4kB (UM) 2*8kB (UM) 2*16kB (UM) 2*32kB (UM) 0*64kB 0*128kB 2*256kB (UM) 2*512kB (UM) 0*1024kB 2*2048kB (U) 963*4096kB (UM) = 3950200kB
[  513.083153][T21727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  513.106000][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.118516][T21727] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  513.151837][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.156706][T21727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  513.185959][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.206302][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.206913][T21727] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  513.242891][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.263184][T21727] 48888 total pagecache pages
[  513.273329][T21727] 0 pages in swap cache
[  513.274158][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.277571][T21727] Free swap  = 124996kB
[  513.277585][T21727] Total swap = 124996kB
[  513.277597][T21727] 2097051 pages RAM
[  513.277606][T21727] 0 pages HighMem/MovableOnly
[  513.277614][T21727] 400873 pages reserved
[  513.277624][T21727] 0 pages cma reserved
[  513.339782][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.350646][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.360887][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.372181][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.408783][T21422] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  513.432400][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  513.467865][T21422] batman_adv: batadv0: Interface activated: batadv_slave_1
[  513.564472][T21815] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  513.578149][T21821] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  513.605347][T21821] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'.
[  513.626719][T21815] bond0: entered promiscuous mode
[  513.668891][T21816] bond2: entered promiscuous mode
[  513.673997][T21816] bond2: entered allmulticast mode
[  513.708139][T21816] 8021q: adding VLAN 0 to HW filter on device bond2
[  513.729462][T21816] bond0: (slave bond2): Enslaving as an active interface with an up link
[  513.738234][T21818] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  513.802519][T21818] bond0 (unregistering): (slave bond2): Releasing backup interface
[  513.826087][T21831] x_tables: duplicate underflow at hook 1
[  513.898565][T21818] bond0 (unregistering): Released all slaves
[  513.909690][   T29] audit: type=1804 audit(1719127209.235:73): pid=21828 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2307345315/syzkaller.ol15Qg/72/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0
[  514.034285][T21422] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  514.066838][T21422] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  514.093278][T21422] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  514.117344][T21422] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  514.405453][T21422] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  514.443680][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  514.479726][T21422] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  514.497745][T21422] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  514.567375][T21842] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  514.588995][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  514.611122][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  514.644904][T21848] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  514.762536][T21849] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  514.854864][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  514.875957][   T51] batman_adv: batadv0: IGMP Querier appeared
[  514.882399][   T51] batman_adv: batadv0: MLD Querier appeared
[  514.892501][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  514.975801][T21859] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  514.987580][T21860] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  515.029830][T21860] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'.
[  515.049032][T21863] x_tables: duplicate underflow at hook 1
[  515.637642][T21892] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  515.710315][T21898] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  515.767119][T21899] xt_cgroup: invalid path, errno=-2
[  516.066496][T21915] x_tables: duplicate underflow at hook 1
[  516.335321][T21924] dccp_invalid_packet: P.Data Offset(246) too large
[  516.392121][   T29] audit: type=1800 audit(1719127211.715:74): pid=21924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1948 res=0 errno=0
[  516.451072][   T29] audit: type=1800 audit(1719127211.755:75): pid=21924 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="memory.events" dev="sda1" ino=1948 res=0 errno=0
[  516.612712][T21937] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  516.721334][T21943] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  516.808218][T21951] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 2147221507 (only 8 groups)
[  517.072644][T21955] netlink: 'syz-executor.4': attribute type 10 has an invalid length.
[  517.197186][T21970] x_tables: duplicate underflow at hook 1
[  517.488810][T21985] netlink: 'syz-executor.2': attribute type 13 has an invalid length.
[  517.641819][T21992] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  517.687501][T21992] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  518.010681][T22010] __nla_validate_parse: 14 callbacks suppressed
[  518.010705][T22010] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  518.170414][T22025] x_tables: duplicate underflow at hook 1
[  518.244545][T22030] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[  518.452074][T22042] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  518.462033][T22035] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  518.475409][T22042] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  519.126470][ T5123] Bluetooth: hci5: command 0x0406 tx timeout
[  519.263581][T22054] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  519.450638][T22070] x_tables: duplicate underflow at hook 1
[  519.669577][T22084] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  519.706899][T22084] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  519.786060][T22088] validate_nla: 4 callbacks suppressed
[  519.792187][T22088] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  519.959544][T22096] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.4'.
[  520.054031][T22101] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  520.147421][T22104] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  520.167957][T22108] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  520.239385][T22114] x_tables: duplicate underflow at hook 1
[  520.339721][T22121] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
[  520.358688][T22121] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  520.366027][T22121] IPv6: NLM_F_CREATE should be set when creating new route
[  520.373366][T22121] IPv6: NLM_F_CREATE should be set when creating new route
[  520.479098][T22127] netlink: 'syz-executor.4': attribute type 12 has an invalid length.
[  520.498405][T22130] Unsupported ieee802154 address type: 0
[  520.508733][T22133] syzkaller1: entered promiscuous mode
[  520.521112][T22133] syzkaller1: entered allmulticast mode
[  520.698197][T22136] can: request_module (can-proto-4) failed.
[  521.033234][T22152] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  521.072395][T22152] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  521.202755][T22160] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  521.259692][T22164] x_tables: duplicate underflow at hook 1
[  521.379006][T22169] smc: net device lo applied user defined pnetid SYZ2
[  521.398026][T22169] smc: net device lo erased user defined pnetid SYZ2
[  521.499864][T22175] syz-executor.0[22175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  521.500130][T22175] syz-executor.0[22175] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  521.786699][T22192] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  521.897524][T22196] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  522.799163][T22238] netlink: 'syz-executor.0': attribute type 4 has an invalid length.
[  524.033875][T22277] __nla_validate_parse: 12 callbacks suppressed
[  524.033895][T22277] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'.
[  524.485525][T22313] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check.
[  524.607155][T22316] netlink: 5 bytes leftover after parsing attributes in process `syz-executor.1'.
[  524.659895][T22316] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  524.684239][T22323] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  524.799593][T22330] validate_nla: 10 callbacks suppressed
[  524.799617][T22330] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  524.823548][T22330] netlink: 224 bytes leftover after parsing attributes in process `syz-executor.1'.
[  524.913588][T22334] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  524.977649][T22338] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  525.016627][T22338] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  525.118947][T22349] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  525.203136][T22349] bond0 (unregistering): Released all slaves
[  525.418875][T22365] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[  525.430467][T22366] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  525.483548][T22366] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  525.510195][T22366] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  525.679427][T22376] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  525.686753][T22376] IPv6: NLM_F_CREATE should be set when creating new route
[  525.865766][T22388] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  525.907804][T22389] netlink: 'syz-executor.4': attribute type 13 has an invalid length.
[  525.925475][T22387] Bluetooth: MGMT ver 1.22
[  525.930193][T22388] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  525.981013][T22392] 
: entered promiscuous mode
[  526.012436][T22392] bond_slave_0: entered promiscuous mode
[  526.038084][T22392] bond_slave_1: entered promiscuous mode
[  526.043984][T22392] syz_tun: entered promiscuous mode
[  526.251186][T22407] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  526.300343][T22406] Dead loop on virtual device ip6_vti0, fix it urgently!
[  526.348042][T22415] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  526.561221][T22427] x_tables: duplicate underflow at hook 1
[  527.043014][T22442] bond0: entered promiscuous mode
[  527.088236][T22442] bond_slave_0: entered promiscuous mode
[  527.119738][T22442] bond_slave_1: entered promiscuous mode
[  527.366312][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  527.557338][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  527.571064][ T5123] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  527.595189][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  527.609001][ T5123] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  527.618463][ T5123] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  527.626731][ T5123] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  528.019125][T22461] chnl_net:caif_netlink_parms(): no params data found
[  528.239865][T22461] bridge0: port 1(bridge_slave_0) entered blocking state
[  528.276542][T22461] bridge0: port 1(bridge_slave_0) entered disabled state
[  528.293953][T22461] bridge_slave_0: entered allmulticast mode
[  528.302156][T22461] bridge_slave_0: entered promiscuous mode
[  528.406327][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  528.429351][ T8019] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.468940][T22461] bridge0: port 2(bridge_slave_1) entered blocking state
[  528.482365][T22461] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.491936][T22461] bridge_slave_1: entered allmulticast mode
[  528.507081][T22461] bridge_slave_1: entered promiscuous mode
[  528.562697][T22461] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  528.605280][ T8019] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.642812][T22461] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  528.705118][ T8019] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.843538][ T8019] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  528.925544][T22461] team0: Port device team_slave_0 added
[  528.955308][T22461] team0: Port device team_slave_1 added
[  529.112987][T22521] __nla_validate_parse: 16 callbacks suppressed
[  529.113010][T22521] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  529.151630][T22523] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  529.177563][T22461] batman_adv: batadv0: Adding interface: batadv_slave_0
[  529.195128][T22461] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  529.233670][T22461] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  529.250796][T22525] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'.
[  529.281896][T22461] batman_adv: batadv0: Adding interface: batadv_slave_1
[  529.293350][T22461] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  529.320331][T22461] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  529.347824][T22529] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  529.468387][T22461] hsr_slave_0: entered promiscuous mode
[  529.477609][T22461] hsr_slave_1: entered promiscuous mode
[  529.488815][T22461] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  529.500279][T22461] Cannot create hsr debugfs directory
[  529.507425][ T8019] bridge_slave_1: left allmulticast mode
[  529.514040][ T8019] bridge_slave_1: left promiscuous mode
[  529.521857][ T8019] bridge0: port 2(bridge_slave_1) entered disabled state
[  529.533211][ T8019] bridge_slave_0: left promiscuous mode
[  529.540161][ T8019] bridge0: port 1(bridge_slave_0) entered disabled state
[  529.686769][ T5122] Bluetooth: hci2: command tx timeout
[  529.955950][T22536] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  531.003432][ T8019] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  531.015368][ T8019] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  531.031452][ T8019] bond0 (unregistering): Released all slaves
[  531.227814][T22550] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  531.395362][T22551] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  531.428915][T22551] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  531.539138][T22551] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  531.568974][T22551] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'.
[  531.589686][T22568] netlink: 108 bytes leftover after parsing attributes in process `syz-executor.1'.
[  531.619007][T22569] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  531.689207][ T8019] hsr_slave_0: left promiscuous mode
[  531.708206][ T8019] hsr_slave_1: left promiscuous mode
[  531.721854][ T8019] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  531.739070][ T8019] batman_adv: batadv0: Removing interface: batadv_slave_0
[  531.749781][ T8019] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  531.758249][ T8019] batman_adv: batadv0: Removing interface: batadv_slave_1
[  531.767088][ T5122] Bluetooth: hci2: command tx timeout
[  531.799038][ T8019] veth1_macvtap: left promiscuous mode
[  531.804623][ T8019] veth0_macvtap: left promiscuous mode
[  531.810611][ T8019] veth1_vlan: left promiscuous mode
[  531.815921][ T8019] veth0_vlan: left promiscuous mode
[  532.613939][T22588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  532.758548][ T8019] team0 (unregistering): Port device team_slave_1 removed
[  532.809721][ T8019] team0 (unregistering): Port device team_slave_0 removed
[  533.322507][T22577] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  533.667817][T22606] netlink: 'syz-executor.0': attribute type 10 has an invalid length.
[  533.687876][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.849226][ T5122] Bluetooth: hci2: command tx timeout
[  534.354444][T22461] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  534.665822][T22461] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  534.715323][T22461] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  534.726367][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.758399][T22461] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  534.974369][T22661] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  534.988776][T22664] FAULT_INJECTION: forcing a failure.
[  534.988776][T22664] name failslab, interval 1, probability 0, space 0, times 0
[  535.019897][T22461] 8021q: adding VLAN 0 to HW filter on device bond0
[  535.028833][T22664] CPU: 1 PID: 22664 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  535.032969][T22663] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  535.039351][T22664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  535.039369][T22664] Call Trace:
[  535.039380][T22664]  <TASK>
[  535.039391][T22664]  dump_stack_lvl+0x241/0x360
[  535.039434][T22664]  ? __pfx_dump_stack_lvl+0x10/0x10
[  535.039467][T22664]  ? __pfx__printk+0x10/0x10
[  535.039511][T22664]  should_fail_ex+0x3b0/0x4e0
[  535.084348][T22664]  ? sctp_add_bind_addr+0x89/0x3a0
[  535.089496][T22664]  should_failslab+0x9/0x20
[  535.094058][T22664]  kmalloc_trace_noprof+0x6c/0x2c0
[  535.099212][T22664]  sctp_add_bind_addr+0x89/0x3a0
[  535.104209][T22664]  sctp_copy_local_addr_list+0x311/0x500
[  535.109895][T22664]  ? sctp_copy_local_addr_list+0xab/0x500
[  535.115656][T22664]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  535.121857][T22664]  ? sctp_v4_is_any+0x35/0x60
[  535.126599][T22664]  sctp_bind_addr_copy+0xad/0x3b0
[  535.131660][T22664]  ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190
[  535.138023][T22664]  sctp_connect_new_asoc+0x2f3/0x6c0
[  535.143330][T22664]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  535.149153][T22664]  ? sctp_sendmsg+0xbb9/0x3520
[  535.153954][T22664]  ? bpf_lsm_sctp_bind_connect+0x9/0x10
[  535.159534][T22664]  ? security_sctp_bind_connect+0x90/0xb0
[  535.165270][T22664]  sctp_sendmsg+0x219a/0x3520
[  535.169990][T22664]  ? __pfx_sctp_sendmsg+0x10/0x10
[  535.175035][T22664]  ? __pfx_aa_sk_perm+0x10/0x10
[  535.179919][T22664]  ? __pfx_lock_release+0x10/0x10
[  535.184959][T22664]  ? inet_sendmsg+0x330/0x390
[  535.189650][T22664]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  535.194943][T22664]  ? security_socket_sendmsg+0x87/0xb0
[  535.200417][T22664]  __sock_sendmsg+0x1a6/0x270
[  535.205102][T22664]  ____sys_sendmsg+0x525/0x7d0
[  535.209883][T22664]  ? __pfx_____sys_sendmsg+0x10/0x10
[  535.215212][T22664]  __sys_sendmsg+0x2b0/0x3a0
[  535.219835][T22664]  ? __pfx___sys_sendmsg+0x10/0x10
[  535.224950][T22664]  ? vfs_write+0x7c4/0xc90
[  535.229404][T22664]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  535.235737][T22664]  ? do_syscall_64+0x100/0x230
[  535.240523][T22664]  ? do_syscall_64+0xb6/0x230
[  535.245215][T22664]  do_syscall_64+0xf3/0x230
[  535.249729][T22664]  ? clear_bhb_loop+0x35/0x90
[  535.254439][T22664]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  535.260350][T22664] RIP: 0033:0x7f9d0c67d0a9
[  535.264766][T22664] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  535.284374][T22664] RSP: 002b:00007f9d0d4b10c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  535.292803][T22664] RAX: ffffffffffffffda RBX: 00007f9d0c7b4050 RCX: 00007f9d0c67d0a9
[  535.300778][T22664] RDX: 0000000000000000 RSI: 0000000020000b00 RDI: 0000000000000003
[  535.308751][T22664] RBP: 00007f9d0d4b1120 R08: 0000000000000000 R09: 0000000000000000
[  535.316724][T22664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  535.324695][T22664] R13: 000000000000006e R14: 00007f9d0c7b4050 R15: 00007fffbc00dbd8
[  535.332686][T22664]  </TASK>
[  535.410218][T22461] 8021q: adding VLAN 0 to HW filter on device team0
[  535.435318][ T1794] bridge0: port 1(bridge_slave_0) entered blocking state
[  535.442562][ T1794] bridge0: port 1(bridge_slave_0) entered forwarding state
[  535.511806][ T1794] bridge0: port 2(bridge_slave_1) entered blocking state
[  535.519070][ T1794] bridge0: port 2(bridge_slave_1) entered forwarding state
[  535.643929][T22681] vlan3: entered promiscuous mode
[  535.733713][T22685] wg0: Master is either lo or non-ether device
[  535.847613][T22689] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  535.891003][T22693] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  535.906031][T22692] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:0
[  535.920011][T22693] netlink: 127988 bytes leftover after parsing attributes in process `syz-executor.3'.
[  535.930829][ T5122] Bluetooth: hci2: command tx timeout
[  535.997238][T22696] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'.
[  536.074227][T22461] 8021q: adding VLAN 0 to HW filter on device batadv0
[  536.242081][T22461] veth0_vlan: entered promiscuous mode
[  536.278784][T22461] veth1_vlan: entered promiscuous mode
[  536.336879][T22713] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  536.375197][T22461] veth0_macvtap: entered promiscuous mode
[  536.407509][T22713] netlink: 'syz-executor.1': attribute type 4 has an invalid length.
[  536.437602][T22461] veth1_macvtap: entered promiscuous mode
[  536.528939][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.570399][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.591577][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.613703][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.632245][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.655114][T22727] x_tables: unsorted underflow at hook 3
[  536.666691][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.696426][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.728970][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.750598][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  536.765879][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.779778][T22461] batman_adv: batadv0: Interface activated: batadv_slave_0
[  536.792083][T22723] syzkaller0: entered allmulticast mode
[  536.813602][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  536.825661][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.836858][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  536.866783][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.911732][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  536.932909][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.946842][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  536.957782][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.972951][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  536.984752][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  536.997536][T22461] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  537.008648][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.025050][T22461] batman_adv: batadv0: Interface activated: batadv_slave_1
[  537.034524][T22723] syzkaller0: left allmulticast mode
[  537.067232][T22461] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  537.078617][T22461] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  537.088399][T22461] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  537.097775][T22461] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  537.142568][T22734] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  537.184407][T22734] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'.
[  537.341356][T22461] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  537.361903][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.367846][T22744] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  537.382373][T22461] batman_adv: The newly added mac address (08:02:11:00:00:00) already exists on: wlan0
[  537.403694][T22461] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  537.460418][ T8019] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.486320][ T8019] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  537.508958][   T29] audit: type=1804 audit(1719127232.825:76): pid=22751 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir748512120/syzkaller.nFiJsx/599/cgroup.controllers" dev="sda1" ino=1965 res=1 errno=0
[  537.632327][ T8019] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  537.662875][ T8019] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.062895][T22778] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  538.145344][T22781] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  538.337070][T22793] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  538.438748][T22798] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'.
[  538.483962][T22798] dummy0: entered promiscuous mode
[  538.898693][T22830] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  539.029093][T22832] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  539.131966][T22833] netlink: 'syz-executor.3': attribute type 1 has an invalid length.
[  539.166282][T22833] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  539.174943][T22843] netlink: 'syz-executor.0': attribute type 12 has an invalid length.
[  539.986747][T22871] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  540.128185][T22875] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  540.386338][T22879] netlink: 'syz-executor.2': attribute type 4 has an invalid length.
[  540.474211][T22883] 
[  540.476607][T22883] ======================================================
[  540.483639][T22883] WARNING: possible circular locking dependency detected
[  540.490691][T22883] 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0 Not tainted
[  540.497817][T22883] ------------------------------------------------------
[  540.504853][T22883] syz-executor.1/22883 is trying to acquire lock:
[  540.511285][T22883] ffff88805f4b4218 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}, at: __dev_queue_xmit+0x22f7/0x3d30
2024/06/23 07:20:35 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  540.523530][T22883] 
[  540.523530][T22883] but task is already holding lock:
[  540.530915][T22883] ffff8880791700d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0
[  540.540831][T22883] 
[  540.540831][T22883] which lock already depends on the new lock.
[  540.540831][T22883] 
[  540.551255][T22883] 
[  540.551255][T22883] the existing dependency chain (in reverse order) is:
[  540.560285][T22883] 
[  540.560285][T22883] -> #1 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}:
[  540.568592][T22883]        lock_acquire+0x1ed/0x550
[  540.573656][T22883]        _raw_spin_lock+0x2e/0x40
[  540.578714][T22883]        sch_direct_xmit+0x1c4/0x5f0
[  540.584018][T22883]        __dev_queue_xmit+0x1a24/0x3d30
[  540.589602][T22883]        ip6_finish_output2+0xffa/0x1680
[  540.595262][T22883]        ip6_finish_output+0x41e/0x810
[  540.600832][T22883]        NF_HOOK+0x9e/0x430
[  540.605370][T22883]        mld_sendpack+0x843/0xdb0
[  540.610419][T22883]        mld_ifc_work+0x7d6/0xd90
[  540.615468][T22883]        process_scheduled_works+0xa2c/0x1830
[  540.621559][T22883]        worker_thread+0x86d/0xd70
[  540.626701][T22883]        kthread+0x2f0/0x390
[  540.631323][T22883]        ret_from_fork+0x4b/0x80
[  540.636314][T22883]        ret_from_fork_asm+0x1a/0x30
[  540.641629][T22883] 
[  540.641629][T22883] -> #0 (dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2){+...}-{2:2}:
[  540.652022][T22883]        validate_chain+0x18e0/0x5900
[  540.657454][T22883]        __lock_acquire+0x1346/0x1fd0
[  540.662882][T22883]        lock_acquire+0x1ed/0x550
[  540.667959][T22883]        _raw_spin_lock+0x2e/0x40
[  540.673016][T22883]        __dev_queue_xmit+0x22f7/0x3d30
[  540.678600][T22883]        ip6_finish_output2+0xffa/0x1680
[  540.684262][T22883]        ip6_finish_output+0x41e/0x810
[  540.689750][T22883]        ndisc_send_skb+0xab2/0x1380
[  540.695076][T22883]        ndisc_solicit+0x493/0x6a0
[  540.700221][T22883]        __neigh_event_send+0xece/0x15b0
[  540.705900][T22883]        neigh_resolve_output+0x1b5/0x740
[  540.711744][T22883]        ip6_finish_output2+0xffa/0x1680
[  540.717413][T22883]        ip6_finish_output+0x41e/0x810
[  540.722898][T22883]        ip6_send_skb+0x112/0x230
[  540.727954][T22883]        icmp6_send+0x15fc/0x2070
[  540.733018][T22883]        ip6_link_failure+0x3c/0x4f0
[  540.738331][T22883]        ip_tunnel_xmit+0x1653/0x2950
[  540.743727][T22883]        __gre_xmit+0x1cf/0x260
[  540.748603][T22883]        erspan_xmit+0xabe/0x1310
[  540.753676][T22883]        dev_hard_start_xmit+0x27a/0x7e0
[  540.759341][T22883]        sch_direct_xmit+0x2b6/0x5f0
[  540.764639][T22883]        __qdisc_run+0xbfd/0x2170
[  540.769685][T22883]        __dev_queue_xmit+0x14f0/0x3d30
[  540.775260][T22883]        ip6_finish_output2+0xffa/0x1680
[  540.780918][T22883]        ip6_finish_output+0x41e/0x810
[  540.786402][T22883]        rawv6_send_hdrinc+0xcfc/0x1890
[  540.791978][T22883]        rawv6_sendmsg+0x1962/0x23c0
[  540.797317][T22883]        __sock_sendmsg+0x1a6/0x270
[  540.802545][T22883]        ____sys_sendmsg+0x525/0x7d0
[  540.807860][T22883]        __sys_sendmsg+0x2b0/0x3a0
[  540.813003][T22883]        do_syscall_64+0xf3/0x230
[  540.818062][T22883]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  540.824523][T22883] 
[  540.824523][T22883] other info that might help us debug this:
[  540.824523][T22883] 
[  540.834776][T22883]  Possible unsafe locking scenario:
[  540.834776][T22883] 
[  540.842252][T22883]        CPU0                    CPU1
[  540.847632][T22883]        ----                    ----
[  540.853002][T22883]   lock(&qdisc_xmit_lock_key#3);
[  540.858071][T22883]                                lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2);
[  540.867730][T22883]                                lock(&qdisc_xmit_lock_key#3);
[  540.875303][T22883]   lock(dev->qdisc_tx_busylock ?: &qdisc_tx_busylock#2);
[  540.882454][T22883] 
[  540.882454][T22883]  *** DEADLOCK ***
[  540.882454][T22883] 
[  540.890625][T22883] 10 locks held by syz-executor.1/22883:
[  540.896299][T22883]  #0: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: rawv6_send_hdrinc+0xb7a/0x1890
[  540.906115][T22883]  #1: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1680
[  540.916012][T22883]  #2: ffffffff8e334000 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30
[  540.925984][T22883]  #3: ffff8880791700d8 (&qdisc_xmit_lock_key#3){+.-.}-{2:2}, at: sch_direct_xmit+0x1c4/0x5f0
[  540.936326][T22883]  #4: ffff88802aab0918 (k-slock-AF_INET6){+.-.}-{2:2}, at: icmp6_send+0xc45/0x2070
[  540.945774][T22883]  #5: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: icmp6_send+0xba4/0x2070
[  540.954976][T22883]  #6: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1680
[  540.964863][T22883]  #7: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ndisc_send_skb+0x574/0x1380
[  540.974406][T22883]  #8: ffffffff8e333fa0 (rcu_read_lock){....}-{1:2}, at: ip6_finish_output2+0x712/0x1680
[  540.984290][T22883]  #9: ffffffff8e334000 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x2d2/0x3d30
[  540.994269][T22883] 
[  540.994269][T22883] stack backtrace:
[  541.000171][T22883] CPU: 1 PID: 22883 Comm: syz-executor.1 Not tainted 6.10.0-rc4-syzkaller-00869-g185d72112b95 #0
[  541.010706][T22883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  541.020787][T22883] Call Trace:
[  541.024083][T22883]  <TASK>
[  541.027029][T22883]  dump_stack_lvl+0x241/0x360
[  541.031745][T22883]  ? __pfx_dump_stack_lvl+0x10/0x10
[  541.037007][T22883]  ? print_circular_bug+0x130/0x1a0
[  541.042244][T22883]  check_noncircular+0x36a/0x4a0
[  541.047219][T22883]  ? __pfx_check_noncircular+0x10/0x10
[  541.052702][T22883]  ? __bfs+0x368/0x6f0
[  541.056800][T22883]  ? __pfx_usage_skip+0x10/0x10
[  541.061690][T22883]  validate_chain+0x18e0/0x5900
[  541.066589][T22883]  ? __pfx_validate_chain+0x10/0x10
[  541.071820][T22883]  ? __pfx_validate_chain+0x10/0x10
[  541.077077][T22883]  ? register_lock_class+0x102/0x980
[  541.082407][T22883]  ? __pfx_register_lock_class+0x10/0x10
[  541.088069][T22883]  ? mark_lock+0x9a/0x350
[  541.092423][T22883]  __lock_acquire+0x1346/0x1fd0
[  541.097309][T22883]  lock_acquire+0x1ed/0x550
[  541.101849][T22883]  ? __dev_queue_xmit+0x22f7/0x3d30
[  541.107100][T22883]  ? __pfx_lock_acquire+0x10/0x10
[  541.112165][T22883]  ? __pfx_lock_acquire+0x10/0x10
[  541.117235][T22883]  ? rcu_lockdep_current_cpu_online+0x37/0x120
[  541.123432][T22883]  ? rcu_read_lock_bh_he