last executing test programs:

31.065787745s ago: executing program 1 (id=21):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x24, 0x24, 0xf0b, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xffe0}}}, 0x24}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000026c0)=@newtfilter={0x87c, 0x2c, 0xd27, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, r1, {0xe}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_basic={{0xa}, {0x84c, 0x2, [@TCA_BASIC_POLICE={0x848, 0x4, [@TCA_POLICE_RATE={0x404, 0x2, [0x8, 0x5, 0x8, 0x401, 0x7, 0xffffffff, 0x6, 0x8, 0x7f, 0x101, 0x3, 0x9, 0x5, 0x4dc6, 0x7fff, 0x6, 0x8, 0x3, 0xd, 0x4, 0x3ae0, 0x5, 0x99, 0x1, 0xff, 0x1, 0x0, 0x80, 0x7f1b, 0x5, 0x5, 0x80000000, 0xfffffffa, 0xffffffff, 0x800, 0xf20d, 0x800, 0x0, 0x1, 0x4, 0xf6, 0x6, 0x9, 0x3, 0xff, 0x0, 0x9f0, 0x1ff, 0xdf7a, 0x7fffffff, 0x0, 0xff, 0x4000c, 0x20000014, 0x2, 0xc, 0x401, 0xffff, 0x9bf, 0x6f3c, 0x8, 0x6, 0x7ff, 0x3, 0x9, 0x8000, 0x8, 0xffffffc0, 0x4, 0x1, 0x2, 0x8, 0x4, 0x9, 0x200, 0x3ff, 0x8000, 0x81, 0x3, 0x8, 0x800, 0x1, 0x5, 0x80000000, 0x2, 0x5, 0x5, 0x1, 0x0, 0x0, 0x81, 0x5, 0x6, 0x80000001, 0x401, 0x6, 0x0, 0x3, 0x800, 0xf79, 0x6, 0x1, 0x4, 0xfff, 0x2, 0x1, 0x37800000, 0x0, 0x3, 0xae5, 0x4, 0x4, 0xae, 0xfffffffe, 0x1, 0x6, 0x1008, 0x6, 0x1, 0x8001, 0xc, 0x1, 0x8, 0x3, 0x95, 0x1, 0x6, 0x3, 0xca, 0x0, 0x0, 0x3, 0x401, 0xffffb09a, 0x2, 0xe, 0x9, 0x5, 0x6, 0x4b, 0x9, 0x4, 0x2, 0xfffffffc, 0x4, 0x69, 0x80000000, 0x2, 0x6c, 0x0, 0x5, 0x0, 0x4, 0x5, 0x2, 0x6, 0xffffffd1, 0x6, 0x1, 0xb3, 0x5, 0x5, 0x1, 0x9, 0x4, 0x3, 0x9, 0x0, 0x5, 0x2c9, 0x8bf, 0x0, 0xde39067, 0x9, 0x8, 0x6, 0x1534fe8b, 0x5, 0x0, 0x6, 0x2, 0x4, 0x81, 0xd16d, 0x0, 0xf9, 0x8, 0x401, 0xffffffff, 0xe19b, 0x80000000, 0x3ff, 0x81, 0x800, 0x9, 0x651, 0x10001, 0x6, 0x0, 0x5, 0x1000, 0x401, 0x3, 0x8002, 0x8, 0x36, 0x15a, 0x2, 0x6, 0x5, 0x7, 0x6, 0xffffffff, 0x8, 0x1da, 0x1, 0x9, 0x30, 0x10000000, 0xfffffff9, 0x9c06, 0x7, 0x0, 0x27b, 0x3, 0x1000, 0x3, 0x1, 0x6, 0x5, 0x64c, 0x4, 0xfffffff7, 0x9, 0x4, 0x0, 0x8000, 0x7, 0x7, 0x7, 0x3, 0x7, 0x8, 0xffff, 0x22, 0x9, 0x4, 0x3, 0x3, 0x9, 0xfffffffa, 0x1, 0x6, 0x3321, 0x5, 0x5]}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x80000001, 0x7, 0x3ff, 0x7, 0x4, 0x2, 0xffffffc0, 0x7ff, 0x86, 0x9, 0x9, 0x2, 0x8c, 0x1000200, 0x7, 0x5, 0x40000000, 0x5, 0x7, 0x0, 0x0, 0x4, 0x0, 0xc, 0xd, 0x3, 0x9, 0x49, 0x80000003, 0xd35, 0x25431060, 0xd2, 0x5, 0x9, 0xb5f0, 0x401, 0x7, 0x2, 0x6, 0x80000001, 0xa, 0x8, 0x9, 0x1, 0xccf1793, 0x2c800000, 0x5d, 0x1, 0x239, 0x5, 0x5a5057fd, 0x5, 0x4, 0x6, 0x8, 0x5, 0x200, 0x6, 0x10000, 0xf9, 0x6, 0x8, 0x7, 0x3, 0xfffffeff, 0x9, 0x1, 0x401, 0x1ff, 0x2, 0x0, 0x0, 0x800, 0x3, 0x0, 0x8, 0x10000, 0x6, 0x7c, 0x1, 0x9, 0xffffff01, 0x9, 0x8, 0x8052, 0x9, 0x5, 0x7, 0x142, 0x2d, 0x7, 0x8, 0xb, 0x81, 0x9, 0x3ff, 0x1, 0x10000, 0x9, 0x1, 0x7, 0xffffffff, 0x5, 0xe8, 0x6, 0x8, 0x8f, 0x3, 0x0, 0xff, 0xfffffffa, 0xfffffff7, 0x8001, 0x5, 0x9, 0x8, 0x5, 0x9, 0x0, 0x2, 0x10001, 0x8, 0x0, 0x6, 0x4, 0x866, 0x7fff, 0xe0, 0x8, 0xd3a, 0x6000000, 0xfffffffc, 0x9, 0x7fff, 0x7, 0x10000, 0x3, 0x7fff, 0x40000000, 0x1, 0x7, 0x1, 0x3, 0x1, 0x9, 0x0, 0x7, 0x6, 0x4, 0x700, 0x4, 0x1, 0x2, 0x0, 0x5, 0x7, 0x4, 0x7, 0x8, 0x8, 0xc, 0x9, 0x6, 0x5, 0x0, 0x7fff, 0x2, 0x2, 0x8, 0x9, 0x9, 0x9, 0x5847cb5c, 0x9, 0x2, 0xffffffd8, 0x10001, 0xfffffff9, 0x5, 0x401, 0x8, 0x1, 0x2, 0x0, 0x0, 0x1200, 0x2, 0x0, 0xffff, 0x80000001, 0xac5ae1dd, 0x0, 0x800, 0x1ff, 0x2, 0x3, 0x1, 0x8, 0x7785, 0x8005, 0x4, 0x5, 0x4, 0x7, 0x0, 0x6, 0xffffff2f, 0x8001, 0x3, 0x5, 0x3, 0x4, 0x7, 0x5, 0x7, 0xabd, 0x70000, 0x10001, 0x6, 0x4, 0x30000000, 0x5, 0x13c1, 0x3, 0x7, 0x1, 0x8, 0x2, 0x6, 0x1, 0x2, 0x2, 0xb, 0x8, 0xa, 0x9, 0xfffffff9, 0x7, 0x7, 0x3, 0x8, 0x9, 0xfffffffc, 0x6, 0xe7a9, 0x10001, 0x6, 0x0, 0xb9, 0x8cca, 0xdda5, 0x1, 0xa, 0x7fffffff, 0x10, 0x323]}, @TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x8, 0x4, 0x7f, 0x0, {0x6, 0x0, 0x6, 0x7ff, 0x6e6, 0xd74}, {0x8, 0x0, 0xffff, 0x8, 0x7f, 0x7fff}, 0x0, 0x8000, 0xbab2}}]}]}}]}, 0x87c}}, 0x4000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

29.28057889s ago: executing program 1 (id=27):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffd74, 0x40004, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0)
recvfrom$inet(r0, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000001300)={&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000001340)=0x40)

27.287989872s ago: executing program 1 (id=36):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000100)=""/217, &(0x7f0000000200)=0x18)

26.949168028s ago: executing program 1 (id=40):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_STOP_AP(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)={0x1c, r2, 0x512d00a4d384d591, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

26.5799984s ago: executing program 4 (id=42):
unshare(0x6020480)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r0, 0x6, 0x21, &(0x7f0000000000)="ad1a93c3f4d65ec1f7d7741531e4ffa4", 0x10)

26.478335798s ago: executing program 1 (id=43):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000240)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$inet(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="577d0390101180b486c39cbc2871d38c8e4eaf6f7b42fd1314496644fd78dcaac99d689ddd90a0a407970d93c6e86b2cbcffd002826b316c1727d2074c", 0x3d}, {&(0x7f0000000080)="4274ca6f2d1462939766b7408a08121fa01ad87031135f65fd5765e962ab0684ad807f420b28d3d6e9abf399ccca9c9909bee546ad672c6af592b7d40d1fb61fac880c987790872da36175c92a43e9971c8d08c8f28421137dd34d93c4b5e6b1808438e0b5", 0x65}, {&(0x7f0000000280)="9faf8679f047e32b8e32bb6aae900e85da7aeb8c292149b978eab121b75f7338774c7a4b8f9bc85c8188061447f2e08f6255621357338054c321b94150b12a0ebe25af4f16c884a996f7da543371e439424397ac69c6593c076c2c383b50934a75a1e13e5cfcecbfcb3a3ca150cb927067fc814b91ea9fe96b5e611a225ef94bd066a2dfec3d36c2640e2e536b5bc15c55e81bb02aa6d2e3b48e5d9c4936c38eaa1f313ef23590ed6d79dbd488ba39b8bb54859d031681edbf5ea2dfdc4b8e8c17fadee2edfd9869f9e6f0231ddbcc9f6a7aa7239ae674235c9e58d52c368c998092e17e434f38029178b194e710d5a822d7ae76ee8bf2859742ac111cd6e1d28bc2a0b243945305f86b1794a8a23935acce06a15251109524b26218bc8d2c6c9085b9a9539c1d538c5cc74baa8c013ac0836c7edc9a524a87de21da8372b5f8d8056c3d88717a13b8ab6eea6e6f9b6791f938984170b3932ee21647cbb289b693f47dc832c463ffd40b6d56aa17f8cc6fc2e32cd5e385311c28ed6a94becc48bef05e3b9286f74ee08aaa4ffe20178ebbcde33d4e05f49d40bddaf06e55ef15a9fc1b5aba4fad49e64f7c64a80c8abccbe25b1d577d73e76b7009ebe5086fc07c5810ae0fd7a3103b6fce1d21d95ea2d57d3f444f4269abb9a2e5cdb4be80d336770d6d0c051230232ca1da415da2a34d539a2d830fb57b775be8dea94aa46c0ed917397f00ab939f70b2dd257b3cde29f1ac025d4a19018578ad23bc7c7923e19f68d26cefea1a5309f8107fe8f821fe475ac6c80abbc9dc99f53edb32b9a49b354c97c1c5316ed790a6145fa48532cc269930f26f22fa97f08b249a86903b16177328df259b42c6ea4dc4d8d93764317f81a6ea7b7ddbe9862c25b51d4f6f18ea0e73c89d3f07ba223d355d75492e9e2103b66e12dbba7099cbfb00292ed5b46a1cf906d2af8a941a120d62528f325841a88520148bb5b61287b8b43b56005eac20c5c5443c3e22a7125ab67879d6bcfda4a298aec10e6e9d89f17b1b252e09785d2b818504cdbae7f55129761ad5bb52283714dfe9c6be80c8ea1104ec4dc37e918d6314fd22f452307098e3025fc193771b4f01ed6bf2414f8f28b30853d970c712c140655349769ccbff881be39d89c302b9e01246b8abdf24470b0d78b4e0c69d16010d4d428d03000000dafc7b4aac3b23", 0x355}, {&(0x7f00000006c0)="89c721e56715701b74a575f2140cedad26e2b2ef5e16c1a35a5b6322730ac9b33b96f175e0b24281f169a0e4384dcbe0102d49207fb83e17fb7a8433e58b4a2f9715e4d3a623ec642d20a5d18fc74238b49a2a2941880dd1a76f1ef64292a6f91e170da32cab0df318e3c33319457789662dbd0464bf8a3571f1d7b10099fc58554c62132f38fc37e9bb0931f53fbb3e7e5de371bfd4551a594d4ba71cfdc4635af68736951ed7687321b2fcdd35432ce37fd44de7ac4d", 0xb7}, {&(0x7f0000000140)="877eff5844d9808e9c47a77a6ef3e4f095f2be097064a8e8bb9e83156a45d5755dd7fe09163f8cdffe787bb1c987efd79dd93101c3b79d96decfbcaaa25b540488e4742db6f992349c411f21b14cc421b36c44aa091c82d303743b0a39d12bf4b1d5519ab23e4836076c20c4d6f52857a959cc0d43a11cb1bf0077467ce3", 0x7e}, {&(0x7f0000000780)="705d19fd5cefcc9c351f8ebee6b4ddfe40c9d8fd95b613ff7064081fbd0e27a3084d25766e2850ebd6172e9e70760d0990e0d5d7cbe2f92ec26144c190b7fff23703ea069ac2dd7eaee228f151d86515a5ba99e86fa4d5fa40191ffc8c97431f83d66c7f42705fad11ad6ac2dd86366a39dbdcd4a14090bdcd74070000001d03e3105bdf6a0400000000000000505f4e5f486471c4e969be420000000000000000000000007c3fc48f88cd49d6d439118146b5e4c0315ce751b4f77df0a5f980397e7de7747e0475f646d7b2221418993cc90d8e1600867b2f403632b605e5709ffd7a41c670", 0xe6}, {&(0x7f0000000880)="a1b31549acce9c2d3fcba82c9b3d02660efa93faeaea3b982cc7df823cb33f2a31536119a6d4297bf7a12ebafcbfa30747040ab9745137e9973b1fdeee2f1050e9332a2549bc10188e292bbcaf12eb7642900a4fdd3ef9a857dcfad3852101994cada44a0b2657a6db4ef7549f37dde1baae1a8585d4e2d198bb1498297a7db4fc3f3364234e59953a9a3333cf5479902bac7f790c2c8c27044e4034d5bcda680ff8227082621e794328d8569085f909d8a33c74f0acc6d25e975ff70265bd23b3c9fdb9820f977146c61d526724fe950afd7a259081ada3627f9a34909b28f26afcd590e5654a0a5efd2da2967910dc2731e12e39e7ecc3050f099f2256802794fd67", 0x103}, {&(0x7f0000001ac0)="5a91dc036950a633184152bb41a60707aa3059926b5a5bea537cec7fb5c5aa49690f8e884e5e56eb3d19004cb505f494967186a315ab737396674078cbc121d2095664b1ef2d892e96976e6f9615926d982e5328d33c7bae4898064b81b6f8efa90a43f5f307a0c8c7a9ce93655479ff9aa6940e21a568b79bad8b67280c18f9267a182aa91a94986963f0bd43ef08f84e940acbd392488a893c79fc036cfbdea63841267ba1d8966c2defb8bf36115f58d423ab2fedd97c6ad7c09a5502a2a7d1b585583448ef5de694bc51af8bdcfb6e29d37b934034582adb93d8edeaacff", 0xe0}], 0x8}}], 0x1, 0x20004010)

26.179734071s ago: executing program 4 (id=45):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, 0x0, 0x200, 0x70bd25, 0x25dfcbfb, {}, [@ETHTOOL_A_COALESCE_RX_USECS_LOW={0x8, 0xe, 0x5}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_RX={0x5, 0xb, 0x1}, @ETHTOOL_A_COALESCE_USE_ADAPTIVE_TX={0x5, 0xc, 0xff}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_LOW={0x8, 0x11, 0x9}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0x9}]}, 0x3c}}, 0x4145)
socket$inet6_sctp(0xa, 0x1, 0x84)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x5, 0xfffff034}, {0x80000006, 0x0, 0x12, 0xf9}]}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
socket$pptp(0x18, 0x1, 0x2)
write$tun(r3, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x20}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0x5, 0x0, 0xfe, 0x0, 0x18}}}}}, 0x36)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
epoll_create1(0x0)
unshare(0x480)
ioctl$TUNGETFEATURES(r3, 0x800454cf, &(0x7f0000000100))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x9, &(0x7f0000000340)=0xffffffff, 0x4)
unshare(0x4040400)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r5, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r5, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TLS_TX(r5, 0x11a, 0x2, &(0x7f0000000180)=@gcm_256={{0x303}, "c4915c7f49541ce8", "9b84f987950ff3df25fa8f46983d34157e047d27ae4a66a6d15608a32cbaa5bc", '\x00', "be0ea450d5a50003"}, 0x38)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x18, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c0017800400ad0014"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)

26.179492135s ago: executing program 1 (id=46):
socket$nl_route(0x10, 0x3, 0x0)
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_es_shrink_scan_exit\x00', r0}, 0x11)
getpid()
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x88, 0x1403, 0x1, 0x70bd28, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x8001}, 0x44014)

24.988960333s ago: executing program 4 (id=51):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff, 0x8]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, 0x8}, {0xa, 0x0, 0x4, @empty}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x89f, 0x8, 0x1]}}, 0x5c)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4)

24.377395092s ago: executing program 4 (id=56):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480), 0x4)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_GET(r0, 0x0, 0x200080c4)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)
socket$rxrpc(0x21, 0x2, 0xa)
poll(0x0, 0x0, 0x7)
r2 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r2, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
sendmmsg$inet6(r2, &(0x7f0000005440)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)='+', 0x1}], 0x1}}], 0x1, 0x400c404)
sendmmsg$inet6(r2, &(0x7f0000003640)=[{{0x0, 0x0, &(0x7f00000001c0)}}], 0x1, 0x4040005)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=@ipv6_newrule={0x44, 0x20, 0x1, 0x0, 0x0, {0xa, 0x20, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000c}, [@FRA_SRC={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @loopback}}, @FIB_RULE_POLICY=@FRA_IP_PROTO={0x5, 0x16, 0x2f}, @FIB_RULE_POLICY=@FRA_UID_RANGE={0xc}]}, 0x44}}, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r4, &(0x7f0000000000)="3f000000010000", 0x7)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x8}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0xfd0a}, 0x1, 0x0, 0x0, 0xc0d1}, 0x0)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r6 = socket(0x10, 0x2, 0x0)
connect$netrom(r5, &(0x7f0000000300)={{0x6, @bcast, 0x2}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default]}, 0x48)
listen(r1, 0x1ad72f7)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8982, &(0x7f00000002c0)={0x7, 'veth1_virt_wifi\x00', {0xa}, 0xfff7})
accept4(r1, 0x0, 0x0, 0x80000)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000600)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x83000000}, {0x85, 0x0, 0x0, 0x71}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x3, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000030a00006a0a00fe0000000c8500000061000000b70000004000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x200000, 0x10, &(0x7f0000000000), 0x143}, 0x48)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x50, 0x10, 0x403, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5, 0x17, 0x1}, @IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0x6}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x81}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x20000801}, 0x0)

22.883659398s ago: executing program 4 (id=67):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
write(r0, 0x0, 0x0)
connect$netlink(r0, 0x0, 0x0)
clock_gettime(0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_int(r0, 0x1, 0x21, 0x0, 0x0)
setsockopt$EBT_SO_SET_COUNTERS(0xffffffffffffffff, 0x0, 0x81, 0x0, 0x0)
unshare(0x68040200)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000)
socket$alg(0x26, 0x5, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
writev(r2, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)

11.096135392s ago: executing program 32 (id=46):
socket$nl_route(0x10, 0x3, 0x0)
getpid()
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_es_shrink_scan_exit\x00', r0}, 0x11)
getpid()
syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x88, 0x1403, 0x1, 0x70bd28, 0x25dfdbfc, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_to_team\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6gretap0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x8001}, 0x44014)

8.331037968s ago: executing program 4 (id=162):
unshare(0x66000080)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000001c0))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', <r1=>0x0})
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x5, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x94)
socket(0x40000000015, 0x5, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r2, &(0x7f0000000400)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r2, 0x80047437, &(0x7f0000001f00))
r3 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r3, &(0x7f0000000080)={0x18, 0x0, {0x15, @remote, 'bond0\x00'}}, 0x1e)
r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r4, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {}, {0xc, 0x14, 'syz0\x00'}}}, 0x28}, 0x1, 0x0, 0x0, 0x1080}, 0x0)
ioctl$PPPIOCATTCHAN(0xffffffffffffffff, 0x40047438, &(0x7f0000000040)=0x2)
ioctl$PPPIOCBRIDGECHAN(0xffffffffffffffff, 0x40047435, &(0x7f0000000200)=0x1)
sendmmsg(r2, &(0x7f00000008c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={0xffffffffffffffff, &(0x7f0000000380), 0x20000000}, 0x20)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendto$packet(r0, 0x0, 0x0, 0xffffffffffffc117, &(0x7f0000000140)={0x11, 0x0, r1}, 0x14)

7.022788049s ago: executing program 0 (id=169):
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$FUSE_LSEEK(0xffffffffffffffff, &(0x7f00000001c0)={0x18, 0xffffffffffffffda, 0x0, {0xfd}}, 0x18)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'wlan0\x00'})
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x101c088, &(0x7f00000006c0)=ANY=[@ANYBLOB="757466383d302c696f636861727365743d69736f383835392d312c61736b3d30303030303030303030303030303030303030303036362c756e695f786c6174653d312c756e695f786c6174653d302c726f6469722c73686f72746e616d653d6c6f7765722c756e695f786c6174653d302c757466383d302c757466383d312c73686f72746e616d653d77696e39352c726f6469722c6e66733d6e6f7374616c655f726f2c726f6469722c757466383d312c73686f72746e616d653d77696e6e742c636865636b3d72656c617865642c00c63b831754d4eeec4cf38c28cf1e3409b9950bbab09abe8d407d1c7c935e0344610000c3113829124efad15a202673b20ad011cb0f0cedb0cff9f6ec5e2634db26ef8581fd506844d0133ac021c0172b4b36a109949512e8dc6a8c7d603e3ef3cd57451eaee1b0e4804b9ea88fcad7afb59594dcfeaf8d34935fa0e54a36c57d964429e7ec869287810e5d97759017ace0c3f5969534e50000"], 0x6, 0x2c3, &(0x7f0000000900)="$eJzs3T+LHGUcB/Df7M3OrlrsFlYiOKCFVciltdlDEhCvMmyhFnqYC8jtItzBgX9wTWVrY2HhKxAEX4iN70CwFeyMEHhkZmeyu5dlcxuyJyafT5MnzzzfeX7Ps8PdXHHPffzq9OROGXfvffV79PtZdEYxivtZDKMTrW9ixei7AAD+z+6nFH+luW1yWUT0d1cWALBDl/v+ny+av1xJWQDADt1+/4N3Dw4Pb75Xlv24Nf32fFz9ZF/9O79+cDc+jUkcx/UYxIOI+kWhG/XbQtW8lVKa5WVlGG9MZ+fjKjn96Nfm/gd/RtT5/RjEsO56+LZR5985vLlfzi3lZ1UdLzbzj6r8jRjEyw/DK/kba/IxLuLN15fqvxaD+O2T+CwmcacuYpH/er8s307f//3lh1V5VT6bnY979biFtHfFHw0AAAAAAAAAAAAAAAAAAAAAAM+wa83ZOb2oz++puprzd/YeVP/pRtkarp7PM89n7Y2WzwdKKc1S/Nier3O9LMvUDFzk83glXz5YEAAAAAAAAAAAAAAAAAAAAJ5fZ59/cXI0mRyfPpVGexpAHhH/3I540vuMlnpei82De82cR5NJp2mujsmXe2KvHZNFbCyjWsST7kYeW639hUdqbho//bzt7P3Hj+mun+tpNtqn6+QoW7+HvWh7+s1G/VBELMYUccm5ios9aTC/T9rqIyjWXhpsvfbipbox2zAmsk2FvfXHfOeanuziKop6V9fGu01jKX7h2bjU8xz9efzRrxWZ0zoAAAAAAAAAAAAAAAAAAGCnFr/9u+bivY3RTurtrCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuFKLv/+/RWPWhI9Pz/LHDC7i9Ow/XiIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgX8DAAD//x0KWZ8=")
r2 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
open_by_handle_at(r2, &(0x7f0000000080)=ANY=[@ANYBLOB='K\x00'], 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x40000)
r3 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0xffffffff], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x2c0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x0, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x1a, 0x4, 0x8000, 0x713c, 'pptp\x00', 'syz1\x00', {0xfeb5}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})

5.924748092s ago: executing program 0 (id=172):
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="050000"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r0}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
close(0xffffffffffffffff)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)
socket$kcm(0x2b, 0x1, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x8922, &(0x7f0000002280)={'team0\x00', @random="2b0100004ec6"})

5.595463261s ago: executing program 0 (id=175):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000140)=""/191, 0xbf}, {&(0x7f0000000940)=""/208, 0xd0}, {&(0x7f0000002940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/64, 0x40}, {&(0x7f00000002c0)=""/67, 0x43}, {&(0x7f0000000340)=""/158, 0x9e}], 0x7}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x40010022)

3.954380564s ago: executing program 0 (id=183):
r0 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000001c0)=0xe, 0x800)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000280)={0xffffffffffffff7f, 0x20, '\x00', 0x0, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000400)={0x6, 0x0, [0x5, 0x10001, 0x7fffffffffffffff, 0x4], &(0x7f0000000380)})
r1 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000002c0)={'rose0\x00', 0x1})
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000300)={'rose0\x00', 0x4000})
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, 0x0, 0xf40c3d3eb1ed8dc0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef64bd465b9780e2bbe408ccc58187feb0e3d43347f98e1a298327e6f9b312ecb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259620618c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a30536455bb774f7f154263178151ea93f5774b56a7142047326f940e95b8489e1c5650f5c61299a295f79c88456521cffdef93e29f10f4a11f0ca134a375a7ecfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d9823659d1945258fc668950e5aacfa06e1a212661b3f57a266c90e64efc8d8f730867202a9ee94e6a1f851337c2c9671d98a19bdc132c153b3ad843bdd308a07ba8f50a20cfd2c8b94e86ea0af0a9e0e9789ffd38f9b86da101e2266700"/432], 0x0, 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000180), r4)
sendmsg$MPTCP_PM_CMD_SET_FLAGS(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000700)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010026bd7000fcdbdf2507000000140001800800fd007f0000010600010000000000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x441c0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000000240)=ANY=[@ANYBLOB="034886dd010000000000140000006000000000042f00fe88a43de1a400000000000000007d01ff02000000000000000000000000000100"], 0xfdef)
r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r9 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r9, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r9, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f0000000680)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10)
close(r9)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r9, 0x8983, &(0x7f0000000380)={0x2, 'veth1_to_team\x00', {0xb}, 0x7ff})
r10 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r8, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x0, 0xb, 0x89, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"}}, 0xfce)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x0)

3.790069707s ago: executing program 2 (id=185):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)="5c00000012006bab9a3fe3d86e17aa0b046b876c1d0048380019001931a0e69ee517d34460bc06000000a701251e6182949a3651f60a84c9f4d4938037e70e4509c51c268811000000000000000000002571cd53b9851b30599980bc", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000940)=""/208, 0xd0}, {&(0x7f0000002940)=""/4096, 0x1000}, {&(0x7f0000001940)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/64, 0x40}, {&(0x7f00000002c0)=""/67, 0x43}, {&(0x7f0000000340)=""/158, 0x9e}], 0x6}, 0x40012100)

3.392129438s ago: executing program 2 (id=186):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x97, &(0x7f0000000180)=[{&(0x7f0000000040)="d8000000100081044e81f782db44b904021d006a0f000000e8fe55a1290015000600142603600e120900040044000000a80016000a0003400200000000000000b94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162f7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d3220a7c9f8775730d16a4683f1aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x60044884)

3.010548115s ago: executing program 3 (id=188):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f00000002c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3, [@enum={0x1}]}, {0x0, [0x61]}}, 0x0, 0x27}, 0x28)

2.830875309s ago: executing program 2 (id=189):
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x809}, {0xa, 0x8, 0x0, @empty}, 0x2, {[0x0, 0x1, 0xfffffffe, 0x0, 0xffffffff, 0x8]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}, 0x0, {[0x1, 0x0, 0x0, 0x0, 0x9]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x4e22, 0x800, @empty}, 0x0, {[0x0, 0x8000]}}, 0x5c)
setsockopt$MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xcc, &(0x7f0000000000)={{0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x4}, 0x8}, {0xa, 0x0, 0x4, @empty}, 0x0, {[0x0, 0x0, 0x0, 0x0, 0x89f, 0x8, 0x1]}}, 0x5c)
setsockopt$MRT6_FLUSH(0xffffffffffffffff, 0x29, 0xd4, &(0x7f0000000340)=0x6, 0x4)

2.714299623s ago: executing program 3 (id=190):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1}, 0x50)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0xc)
ioctl$SIOCX25SFACILITIES(r2, 0x89e3, 0x0)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r1}, 0x38)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x9}, 0x0)
socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)

2.678916092s ago: executing program 2 (id=191):
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000340)=[@ip_retopts={{0x10}}], 0x10}, 0x20000000)

2.449933068s ago: executing program 5 (id=192):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00', @ANYRES16=r2, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r3], 0x44}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

2.308084116s ago: executing program 2 (id=193):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, &(0x7f0000000100)=""/217, &(0x7f0000000200)=0x18)

2.201251023s ago: executing program 3 (id=194):
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1e00"], 0x10)

2.132087254s ago: executing program 2 (id=195):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={0x0, 0x69, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000340)=""/255, 0xff}, {&(0x7f0000000a00)=""/223, 0xdf}, {&(0x7f0000003100)=""/4057, 0xfd9}, {&(0x7f0000000540)=""/212, 0xd4}, {&(0x7f0000000b00)=""/210, 0xd2}, {&(0x7f0000000240)=""/223, 0xdf}, {&(0x7f00000010c0)=""/4092, 0xffc}, {&(0x7f00000007c0)=""/184, 0xb8}, {&(0x7f0000000480)=""/176, 0xb0}, {&(0x7f0000000c00)=""/208, 0xd0}, {&(0x7f0000000700)=""/93, 0x5d}, {&(0x7f0000000140)=""/98, 0x62}, {&(0x7f00000020c0)=""/204, 0xcc}], 0xd}, 0x40012100)
recvmsg$kcm(r0, &(0x7f0000000900)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000680)={0x0, 0x0, 0x0}, 0x0)

2.044705274s ago: executing program 5 (id=196):
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x4)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpu.weight\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000040)=0x7, 0x12)

1.852027607s ago: executing program 3 (id=197):
bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb9040a1d080006007c095dd2086518000a800d00000003600e1208000f0000000406a80016c0080009", 0x37}], 0x1}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x0, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000720000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe0000180091c8b14a0778a8123d181d"], 0xfe33)

1.768456998s ago: executing program 5 (id=198):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0a000000040000000800000010"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0}, &(0x7f0000000180), &(0x7f0000000240)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

1.514579576s ago: executing program 3 (id=199):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8)
r3 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000340)="d80000001c0081044e81f782db44b904021d080201000000070007a1180002000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c11503c6bbace8017cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adbef3d93452a00"/216, 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0)
write$cgroup_int(r2, &(0x7f00000001c0), 0xfffffdef)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r4, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x5, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000000580)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, @fallback=0x856381b04f69649c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xffffffffffffff4a)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000013c0)={r2, 0x58, &(0x7f0000001340)}, 0x10)
ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f0000000440)={r3})

1.509645901s ago: executing program 0 (id=200):
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x1f00c00e}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffdbc, &(0x7f0000000080)=[{&(0x7f0000000040)="180000006a00f96b1324", 0x18}], 0x1}, 0x4080)

1.337623494s ago: executing program 5 (id=201):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xe, 0x4, 0x8, 0x7}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0xc, 0xc, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {0x3, 0x3, 0x3, 0xa, 0x5}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x1e}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.192714693s ago: executing program 5 (id=202):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000940)=ANY=[@ANYBLOB="b4050000200080066110000000000000c6000000000000009500d800000000009f33ef60916e55893f1eeb0b2ae13d922e6235592ce847e2566c43d72918a897323fd0723043c47c896ce0bce66a245ad9d6817fd98cd824498949714ffaac8a6f77ef0000ca5d82054d54d53cd2b6db714e75d9bdae214fa68a0557eb2c5ca683a4b6fcfcff0bffffffffffd47042eaebfa6fa26fa7a347c7faa8e700458c60897d4a6148a1c11428427c40de60beacf871ab5c2ff88a02084e5b5271e45f00003826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632f7a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffabe90ac5d08dd9d4e0359c41cf3626e1230bc1cd4c02c460ceb44276e9bd94d1c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd00000000000fbf940e6652d357474ed5f816f66ac3027460ae66317f83cdd7a7eb2a7003d1a6cf5478533584961c329fcf5a43e05c92bfef0dcd28000000003f2915a3039c9a78f63b8ec7e60a0000fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc5117c024185a062acb6b8eec31c21b3af8b9eedb4660ed2deb7acf2a33a376a5cb7d4266d5b0be14488d14b473502486ad8dd600000000000000000000c7766ea7c581782c0d90f42a85303835fc291c25d29e6bead5d7360f2e1929d7736ebc8558c4506407d3046022bdf25485bd5442169e9b4c1278343581b7a06f65e8ea6b042c4fd08381e5000000000000006398d6480000001a723b91030000006480304c66b217aea0156ce9eef911fe5b7370f79987303ecb3aabc53c60014a0101ab766754f596b41da9534d12b8306a1b36cf3b03f0d790879f523eabfbee83d8bd472ef69660cf6ec897106c51e54a17497f384c4956b41f3843e7c878b1e11316d8ddae1c6c3b85aaf7a9fcaf8f5d6186c42542d68ba72682c938d3c0a2e6e10eed71b1d31c9f300b41745329bf34495c63e43fb896e4903fb0fae54a8f0fe3b48a5b29d279070647e65097c8ecf32a15080000000000000001007ba4a70a084bd994ac5e00000000000000000000000000351a30cd97f83d72631d0fe92efa974a53f4dc1eb9a86df632a6d463688123f64d42a919bcfc44a90ffd680200000091f842a91c977f6075d07e39e669b0713af0498a99bf5261cb3269d499a5202d7a08b33ade7b38829b9bd39619688d5e9af22170ef83e5b92cbb32b655c45de1c154aad81bf64351668a3f76d5afa958aff76249e0ffdf8e45155536a1a44bfcbfbfd232af000052f9002a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x17, 0x3, &(0x7f0000000480)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000e40)=ANY=[@ANYRES32=r1, @ANYRES32=r0, @ANYRES8=r1], 0x10)
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680))
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r1}, &(0x7f00000000c0), &(0x7f0000000100)=r0}, 0x20)
close(0x3)

1.086994211s ago: executing program 5 (id=203):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f"], 0x6c}}, 0x840)

55.469213ms ago: executing program 0 (id=204):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="100000000000000000000000000000001800cd00"], 0x28}, 0x40000)

0s ago: executing program 3 (id=205):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x5, 0x1, 0x8e, 0xe7c9, 0x1}, 0x50)
r2 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r2, 0xc)
ioctl$SIOCX25SFACILITIES(r2, 0x89e3, 0x0)
bpf$MAP_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xe30a, r1}, 0x38)
bind$netlink(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x9}, 0x0)
socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
syz_genetlink_get_family_id$devlink(0x0, 0xffffffffffffffff)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.57' (ED25519) to the list of known hosts.
[  101.523724][   T24] cfg80211: failed to load regulatory.db
[  102.128930][ T5813] cgroup: Unknown subsys name 'net'
[  102.269270][ T5813] cgroup: Unknown subsys name 'cpuset'
[  102.280288][ T5813] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[  104.118988][ T5813] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[  107.323721][ T5836] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.335932][ T5846] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  107.343893][ T5846] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.351543][ T5846] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  107.359281][ T5846] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  107.366859][ T5846] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  107.374755][ T5846] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  107.382421][ T5846] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.382429][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  107.383755][ T5839] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  107.390048][ T5846] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  107.397816][ T5839] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  107.403557][ T5846] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  107.410939][ T5839] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  107.431524][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  107.432517][ T5839] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  107.446598][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.447804][ T5839] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  107.455333][ T5848] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  107.462188][ T5839] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  107.468293][ T5848] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  107.487626][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  107.495083][   T51] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  107.503488][ T5846] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  107.510972][ T5846] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  107.513178][ T5848] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.519509][ T5846] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  107.567007][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  107.576025][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  107.583877][ T5839] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  108.430948][ T5828] chnl_net:caif_netlink_parms(): no params data found
[  108.570632][ T5831] chnl_net:caif_netlink_parms(): no params data found
[  108.698187][ T5833] chnl_net:caif_netlink_parms(): no params data found
[  108.831164][ T5829] chnl_net:caif_netlink_parms(): no params data found
[  109.015060][ T5827] chnl_net:caif_netlink_parms(): no params data found
[  109.074582][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.081803][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.092997][ T5828] bridge_slave_0: entered allmulticast mode
[  109.100976][ T5828] bridge_slave_0: entered promiscuous mode
[  109.118554][ T5826] chnl_net:caif_netlink_parms(): no params data found
[  109.158038][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.165339][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.172541][ T5831] bridge_slave_0: entered allmulticast mode
[  109.181522][ T5831] bridge_slave_0: entered promiscuous mode
[  109.189680][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.197325][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.205295][ T5828] bridge_slave_1: entered allmulticast mode
[  109.213217][ T5828] bridge_slave_1: entered promiscuous mode
[  109.269494][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.277017][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.284487][ T5831] bridge_slave_1: entered allmulticast mode
[  109.292095][ T5831] bridge_slave_1: entered promiscuous mode
[  109.452349][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.460624][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.468620][ T5833] bridge_slave_0: entered allmulticast mode
[  109.476529][ T5833] bridge_slave_0: entered promiscuous mode
[  109.485700][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.492850][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.500435][ T5833] bridge_slave_1: entered allmulticast mode
[  109.508456][ T5833] bridge_slave_1: entered promiscuous mode
[  109.515679][ T5845] Bluetooth: hci1: command tx timeout
[  109.537179][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.550668][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.565109][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.593571][ T5845] Bluetooth: hci0: command tx timeout
[  109.651543][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.673809][ T5845] Bluetooth: hci2: command tx timeout
[  109.674320][ T5841] Bluetooth: hci5: command tx timeout
[  109.679329][ T5847] Bluetooth: hci3: command tx timeout
[  109.685383][ T5841] Bluetooth: hci4: command tx timeout
[  109.771620][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.778980][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.786355][ T5829] bridge_slave_0: entered allmulticast mode
[  109.795026][ T5829] bridge_slave_0: entered promiscuous mode
[  109.837508][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.844822][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.852009][ T5827] bridge_slave_0: entered allmulticast mode
[  109.860613][ T5827] bridge_slave_0: entered promiscuous mode
[  109.888569][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.899373][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.906741][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.915379][ T5829] bridge_slave_1: entered allmulticast mode
[  109.922957][ T5829] bridge_slave_1: entered promiscuous mode
[  109.933589][ T5831] team0: Port device team_slave_0 added
[  109.942582][ T5828] team0: Port device team_slave_0 added
[  109.949157][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.956779][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.964132][ T5827] bridge_slave_1: entered allmulticast mode
[  109.971979][ T5827] bridge_slave_1: entered promiscuous mode
[  109.979051][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.986933][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.994238][ T5826] bridge_slave_0: entered allmulticast mode
[  110.002121][ T5826] bridge_slave_0: entered promiscuous mode
[  110.012656][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.058623][ T5831] team0: Port device team_slave_1 added
[  110.085065][ T5828] team0: Port device team_slave_1 added
[  110.108071][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.115490][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.122727][ T5826] bridge_slave_1: entered allmulticast mode
[  110.131733][ T5826] bridge_slave_1: entered promiscuous mode
[  110.160950][ T5833] team0: Port device team_slave_0 added
[  110.252653][ T5833] team0: Port device team_slave_1 added
[  110.262372][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.275011][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.282063][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.308337][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.339656][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.387318][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.414328][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.421346][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.447515][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.460013][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.467331][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.493399][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.508869][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.521751][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  110.537366][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  110.592665][ T5829] team0: Port device team_slave_0 added
[  110.610511][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.618271][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.645103][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.736867][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[  110.744054][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.770233][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  110.786212][ T5829] team0: Port device team_slave_1 added
[  110.792932][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[  110.800578][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  110.826792][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  110.845384][ T5827] team0: Port device team_slave_0 added
[  110.855132][ T5826] team0: Port device team_slave_0 added
[  110.946432][ T5827] team0: Port device team_slave_1 added
[  110.956332][ T5826] team0: Port device team_slave_1 added
[  110.999754][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.013784][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.049971][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.067371][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.074970][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.101570][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.188171][ T5831] hsr_slave_0: entered promiscuous mode
[  111.196603][ T5831] hsr_slave_1: entered promiscuous mode
[  111.267179][ T5833] hsr_slave_0: entered promiscuous mode
[  111.274775][ T5833] hsr_slave_1: entered promiscuous mode
[  111.281141][ T5833] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.289510][ T5833] Cannot create hsr debugfs directory
[  111.303612][ T5828] hsr_slave_0: entered promiscuous mode
[  111.310172][ T5828] hsr_slave_1: entered promiscuous mode
[  111.316864][ T5828] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.324785][ T5828] Cannot create hsr debugfs directory
[  111.360144][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.367455][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.393834][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.424882][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.431907][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.458364][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.524830][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.531924][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.558425][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.572189][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.579291][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.605328][ T5841] Bluetooth: hci1: command tx timeout
[  111.610778][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.628714][ T5829] hsr_slave_0: entered promiscuous mode
[  111.635997][ T5829] hsr_slave_1: entered promiscuous mode
[  111.642221][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.649891][ T5829] Cannot create hsr debugfs directory
[  111.673622][ T5841] Bluetooth: hci0: command tx timeout
[  111.753219][ T5841] Bluetooth: hci2: command tx timeout
[  111.753343][ T5845] Bluetooth: hci4: command tx timeout
[  111.758674][ T5841] Bluetooth: hci5: command tx timeout
[  111.769582][ T5839] Bluetooth: hci3: command tx timeout
[  111.941621][ T5827] hsr_slave_0: entered promiscuous mode
[  111.948342][ T5827] hsr_slave_1: entered promiscuous mode
[  111.955479][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  111.963209][ T5827] Cannot create hsr debugfs directory
[  112.084653][ T5826] hsr_slave_0: entered promiscuous mode
[  112.092278][ T5826] hsr_slave_1: entered promiscuous mode
[  112.099343][ T5826] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  112.108782][ T5826] Cannot create hsr debugfs directory
[  112.683977][ T5833] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  112.706453][ T5833] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  112.734379][ T5833] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  112.747894][ T5833] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  112.836132][ T5828] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  112.852473][ T5828] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  112.885987][ T5828] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  112.899243][ T5828] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  112.978435][ T5829] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  112.997206][ T5829] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  113.009407][ T5829] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  113.051698][ T5829] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  113.155620][ T5827] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  113.200137][ T5827] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  113.232797][ T5827] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  113.247641][ T5827] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  113.386996][ T5831] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  113.402666][ T5831] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  113.426726][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.439332][ T5831] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  113.480057][ T5831] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  113.567147][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[  113.587590][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0
[  113.616495][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  113.633153][ T1081] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.640429][ T1081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.661000][ T1081] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.668180][ T1081] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.688234][ T5839] Bluetooth: hci1: command tx timeout
[  113.696066][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  113.739706][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  113.762202][ T5839] Bluetooth: hci0: command tx timeout
[  113.801105][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  113.834022][ T5839] Bluetooth: hci5: command tx timeout
[  113.834516][ T5841] Bluetooth: hci4: command tx timeout
[  113.839450][ T5839] Bluetooth: hci2: command tx timeout
[  113.844963][ T5841] Bluetooth: hci3: command tx timeout
[  113.879159][ T5828] 8021q: adding VLAN 0 to HW filter on device team0
[  113.938209][ T1081] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.945451][ T1081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  113.967866][ T5833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  114.018015][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.051464][  T794] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.058880][  T794] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.125337][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[  114.159235][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.177306][ T2988] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.184530][ T2988] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.295225][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[  114.322708][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.330037][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.410367][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.417718][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.467461][ T2988] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.474622][ T2988] bridge0: port 2(bridge_slave_1) entered forwarding state
[  114.491473][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.608480][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[  114.709629][ T5831] 8021q: adding VLAN 0 to HW filter on device team0
[  114.770433][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[  114.856699][ T1081] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.863956][ T1081] bridge0: port 1(bridge_slave_0) entered forwarding state
[  114.959405][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.966715][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.061254][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[  115.178195][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.185456][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.237920][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.245214][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.342086][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.517470][ T5826] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  115.755857][ T5841] Bluetooth: hci1: command tx timeout
[  115.833753][ T5841] Bluetooth: hci0: command tx timeout
[  115.907689][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.913892][ T5841] Bluetooth: hci3: command tx timeout
[  115.919963][ T5841] Bluetooth: hci2: command tx timeout
[  115.930134][ T5847] Bluetooth: hci4: command tx timeout
[  115.930464][ T5839] Bluetooth: hci5: command tx timeout
[  115.953868][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.080595][ T5833] veth0_vlan: entered promiscuous mode
[  116.130403][ T5833] veth1_vlan: entered promiscuous mode
[  116.279412][ T5829] veth0_vlan: entered promiscuous mode
[  116.291488][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.322823][ T5829] veth1_vlan: entered promiscuous mode
[  116.381092][ T5827] veth0_vlan: entered promiscuous mode
[  116.427573][ T5833] veth0_macvtap: entered promiscuous mode
[  116.456960][ T5827] veth1_vlan: entered promiscuous mode
[  116.468321][ T5833] veth1_macvtap: entered promiscuous mode
[  116.569467][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[  116.591154][ T5831] veth0_vlan: entered promiscuous mode
[  116.609192][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.624866][ T5829] veth0_macvtap: entered promiscuous mode
[  116.659421][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.672653][ T5833] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.683974][ T5833] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.692697][ T5833] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.701508][ T5833] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.719333][ T5831] veth1_vlan: entered promiscuous mode
[  116.746469][ T5829] veth1_macvtap: entered promiscuous mode
[  116.827779][ T5828] veth0_vlan: entered promiscuous mode
[  116.895418][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[  116.910999][ T5828] veth1_vlan: entered promiscuous mode
[  116.921791][ T5827] veth0_macvtap: entered promiscuous mode
[  116.948582][ T5826] veth0_vlan: entered promiscuous mode
[  116.988981][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.006594][ T5827] veth1_macvtap: entered promiscuous mode
[  117.051661][ T5946] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.053886][ T5829] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.075779][ T5829] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.077614][ T5946] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.090320][ T5829] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.100721][ T5829] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.119604][ T5831] veth0_macvtap: entered promiscuous mode
[  117.170944][ T5826] veth1_vlan: entered promiscuous mode
[  117.182646][ T5831] veth1_macvtap: entered promiscuous mode
[  117.246938][ T5828] veth0_macvtap: entered promiscuous mode
[  117.270065][ T5828] veth1_macvtap: entered promiscuous mode
[  117.282846][ T1081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.292043][ T1081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.307472][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.331078][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.368608][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.414867][ T5826] veth0_macvtap: entered promiscuous mode
[  117.445927][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.462851][ T5827] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.469151][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  117.473538][ T5827] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.496186][ T5827] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.505056][ T5827] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.528698][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0
[  117.553705][ T5831] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  117.562473][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  117.581289][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  117.591427][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  117.648695][ T5826] veth1_macvtap: entered promiscuous mode
[  117.692201][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1
[  117.717568][ T1081] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  117.744685][ T1081] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  117.835446][ T5975] loop5: detected capacity change from 0 to 256
[  117.848824][ T5975] vfat: Unknown parameter 'ask'
[  117.891472][ T5975] xt_hashlimit: invalid rate
[  118.250641][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  118.325774][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  118.353172][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  118.488689][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  118.590322][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[  118.610478][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[  118.709632][ T5826] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.752851][ T5826] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.769016][ T5826] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.778123][ T5826] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.796607][ T5828] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  118.813507][ T5828] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  118.822269][ T5828] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  118.838080][ T5828] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  118.899605][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  118.901266][ T5981] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  118.920940][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.074753][  T794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.082648][  T794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.243653][ T5986] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  119.267631][  T794] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.280209][  T794] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.347128][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.371843][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.448610][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.467829][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.571731][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.599270][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.783321][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  119.828330][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  119.915601][ T5995] netlink: 36 bytes leftover after parsing attributes in process `syz.3.13'.
[  119.959334][  T794] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.001773][  T794] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.103389][ T5999] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1'.
[  120.220899][ T2988] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  120.278864][ T2988] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  120.513375][ T6009] Zero length message leads to an empty skb
[  121.648546][ T6025] netlink: 'syz.0.17': attribute type 1 has an invalid length.
[  121.698917][ T6025] netlink: 224 bytes leftover after parsing attributes in process `syz.0.17'.
[  121.844146][ T6034] netlink: 'syz.2.18': attribute type 13 has an invalid length.
[  123.013918][ T6034] bridge0: port 2(bridge_slave_1) entered disabled state
[  123.021909][ T6034] bridge0: port 1(bridge_slave_0) entered disabled state
[  123.139755][ T6034] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  123.160926][ T6034] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  123.259666][ T6034] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.271177][ T6034] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.291189][ T6034] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.300255][ T6034] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  123.764737][ T6045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.23'.
[  123.939622][ T6052] netlink: 4 bytes leftover after parsing attributes in process `syz.4.25'.
[  124.393941][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[  124.403418][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  124.471453][ T6066] loop3: detected capacity change from 0 to 256
[  124.486874][ T6066] vfat: Unknown parameter 'ask'
[  124.519090][ T6066] xt_hashlimit: invalid rate
[  124.907663][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  125.105071][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  126.046868][ T6082] netlink: 40 bytes leftover after parsing attributes in process `syz.4.37'.
[  126.335087][ T6085] netlink: 'syz.3.39': attribute type 13 has an invalid length.
[  126.719977][ T6061] netlink: 'syz.0.28': attribute type 4 has an invalid length.
[  126.906428][ T6085] bridge0: port 2(bridge_slave_1) entered disabled state
[  126.915297][ T6085] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.110592][ T6085] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.139222][ T6085] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  127.140117][ T6108] openvswitch: netlink: Message has 20 unknown bytes.
[  127.153782][ T6108] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  127.285441][ T6085] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  127.298318][ T6085] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  127.333239][ T6085] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  127.350146][ T6085] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  127.506052][ T6106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.47'.
[  127.920899][ T6113] netlink: 12 bytes leftover after parsing attributes in process `syz.5.49'.
[  127.941387][ T6113] tipc: Started in network mode
[  127.973206][ T6113] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  128.014956][ T6113] tipc: Enabled bearer <udp:sy>, priority 10
[  128.058237][ T6110] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  128.352304][ T6127] netlink: 240 bytes leftover after parsing attributes in process `syz.0.54'.
[  128.722760][ T6134] netlink: 'syz.2.55': attribute type 1 has an invalid length.
[  128.725925][ T6103] infiniband syz0: set down
[  128.747561][ T6103] infiniband syz0: added ipvlan1
[  128.760729][ T6103] syz0: rxe_create_cq: returned err = -12
[  128.781931][ T6134] netlink: 224 bytes leftover after parsing attributes in process `syz.2.55'.
[  128.794351][ T6103] infiniband syz0: Couldn't create ib_mad CQ
[  128.824215][ T6103] infiniband syz0: Couldn't open port 1
[  128.987142][ T6103] RDS/IB: syz0: added
[  129.008334][ T6103] smc: adding ib device syz0 with port count 1
[  129.024257][ T6103] smc:    ib device syz0 port 1 has pnetid 
[  129.242646][ T6143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.60'.
[  129.290607][  T972] tipc: Node number set to 1
[  129.300331][ T6143] openvswitch: netlink: Flow key attr not present in new flow.
[  130.011297][ T6155] warning: `syz.0.65' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  130.101302][ T6160] Bluetooth: MGMT ver 1.23
[  130.483542][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  130.505346][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  130.573850][ T6167] loop0: detected capacity change from 0 to 256
[  130.587792][ T6167] vfat: Unknown parameter 'ask'
[  130.624353][ T6167] xt_hashlimit: invalid rate
[  131.606184][ T6174] netlink: 20 bytes leftover after parsing attributes in process `syz.0.71'.
[  131.629626][ T6179] netlink: 4 bytes leftover after parsing attributes in process `syz.5.73'.
[  132.125691][ T6184] syz.3.74 uses obsolete (PF_INET,SOCK_PACKET)
[  132.150605][ T6188] netlink: 24 bytes leftover after parsing attributes in process `syz.0.77'.
[  132.234379][ T6188] openvswitch: netlink: Flow key attr not present in new flow.
[  132.327698][ T6191] netlink: 'syz.4.67': attribute type 4 has an invalid length.
[  132.572653][ T6195] Bluetooth: MGMT ver 1.23
[  132.939237][ T6205] loop2: detected capacity change from 0 to 256
[  132.953160][ T6205] vfat: Unknown parameter 'ask'
[  132.984531][ T6205] xt_hashlimit: invalid rate
[  133.907122][ T6213] netlink: 28 bytes leftover after parsing attributes in process `syz.2.86'.
[  133.953220][ T6213] netlink: 8 bytes leftover after parsing attributes in process `syz.2.86'.
[  134.239927][ T6217] netlink: 'syz.0.88': attribute type 13 has an invalid length.
[  134.577972][ T6217] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.585917][ T6217] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.591336][ T6229] netlink: 36 bytes leftover after parsing attributes in process `syz.2.91'.
[  135.102710][ T6217] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  135.136433][ T6217] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  135.343662][ T6217] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.361156][ T6217] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.371248][ T6217] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.380973][ T6217] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  135.497831][ T6247] loop3: detected capacity change from 0 to 256
[  135.510465][ T6247] vfat: Unknown parameter 'ask'
[  135.536915][ T6247] xt_hashlimit: invalid rate
[  136.756667][ T6258] netlink: 4 bytes leftover after parsing attributes in process `syz.3.104'.
[  137.175495][ T6267] netlink: 4 bytes leftover after parsing attributes in process `syz.3.107'.
[  138.809570][ T6304] loop2: detected capacity change from 0 to 512
[  139.238303][ T6314] netlink: 'syz.5.128': attribute type 13 has an invalid length.
[  139.251446][ T6304] EXT4-fs (loop2): Test dummy encryption mode enabled
[  139.275202][ T6304] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  139.324450][ T6304] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  139.408415][ T6304] EXT4-fs error (device loop2): ext4_orphan_get:1419: comm syz.2.123: bad orphan inode 131083
[  139.466411][ T6304] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.505461][ T6314] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.513427][ T6314] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.573636][ T6304] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  139.617713][ T6304] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  139.665084][ T6314] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  139.682467][ T6314] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.721883][ T6326] netlink: 44 bytes leftover after parsing attributes in process `syz.3.131'.
[  139.871159][ T6326] netlink: 36 bytes leftover after parsing attributes in process `syz.3.131'.
[  140.041050][ T6304] overlayfs: missing 'lowerdir'
[  140.376950][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.523891][ T6314] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  140.542499][ T6314] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  140.583280][ T6314] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  140.593756][ T6314] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  141.445940][ T6360] netlink: 'syz.3.141': attribute type 1 has an invalid length.
[  141.463277][ T6360] netlink: 224 bytes leftover after parsing attributes in process `syz.3.141'.
[  141.802731][ T6365] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  142.483996][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  142.768705][ T6375] netlink: 'syz.5.150': attribute type 13 has an invalid length.
[  143.266927][ T5839] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  143.276475][ T5839] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  143.287078][ T5839] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  143.295788][ T5839] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  143.304952][ T5839] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  143.845329][ T2988] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  143.932161][ T6397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.156'.
[  143.954810][ T6397] netlink: 12 bytes leftover after parsing attributes in process `syz.3.156'.
[  143.991428][ T6397] netlink: 36 bytes leftover after parsing attributes in process `syz.3.156'.
[  144.138151][ T2988] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.396822][ T6405] netlink: 4 bytes leftover after parsing attributes in process `syz.5.160'.
[  144.449099][ T2988] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  144.477153][ T6408] loop0: detected capacity change from 0 to 512
[  144.500361][ T6408] EXT4-fs (loop0): Test dummy encryption mode enabled
[  144.521269][ T6408] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  144.558944][ T6403] netlink: 'syz.3.159': attribute type 29 has an invalid length.
[  144.572766][ T6408] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.161: bad orphan inode 131083
[  144.585324][ T6406] netlink: 'syz.3.159': attribute type 29 has an invalid length.
[  144.639760][ T6408] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.895860][ T6417] overlayfs: missing 'lowerdir'
[  145.311397][ T2988] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  145.374463][ T5845] Bluetooth: hci6: command tx timeout
[  145.421432][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.207903][ T6436] loop0: detected capacity change from 0 to 256
[  146.221539][ T6436] vfat: Unknown parameter 'ask'
[  146.250431][ T6436] xt_hashlimit: invalid rate
[  146.421924][ T6438] netlink: 8 bytes leftover after parsing attributes in process `syz.2.170'.
[  146.504134][ T6438] netlink: 12 bytes leftover after parsing attributes in process `syz.2.170'.
[  146.640422][ T6440] netlink: 36 bytes leftover after parsing attributes in process `syz.2.170'.
[  147.323930][ T2988] bridge_slave_1: left allmulticast mode
[  147.329816][ T2988] bridge_slave_1: left promiscuous mode
[  147.454134][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.463629][ T5845] Bluetooth: hci6: command tx timeout
[  147.583673][ T2988] bridge_slave_0: left allmulticast mode
[  147.589412][ T2988] bridge_slave_0: left promiscuous mode
[  147.632875][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.875226][ T6459] netlink: 4 bytes leftover after parsing attributes in process `syz.2.176'.
[  148.692000][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  148.720452][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  148.752914][ T2988] bond0 (unregistering): Released all slaves
[  148.824892][ T6453] netlink: 60 bytes leftover after parsing attributes in process `syz.0.175'.
[  148.855387][ T6459] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  149.291254][ T6492] netlink: 60 bytes leftover after parsing attributes in process `syz.2.185'.
[  149.429192][ T6495] netlink: 60 bytes leftover after parsing attributes in process `syz.2.185'.
[  149.516761][ T5845] Bluetooth: hci6: command tx timeout
[  149.621316][ T6493] syzkaller1: entered promiscuous mode
[  149.665685][ T6493] syzkaller1: entered allmulticast mode
[  149.686124][ T6501] netlink: 'syz.2.186': attribute type 4 has an invalid length.
[  149.705358][ T6501] netlink: 152 bytes leftover after parsing attributes in process `syz.2.186'.
[  149.779111][ T6485] syzkaller1: left promiscuous mode
[  149.791747][ T6485] syzkaller1: left allmulticast mode
[  149.836619][ T6501] : renamed from bond0
[  149.890412][ T6505] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  150.135412][ T6382] chnl_net:caif_netlink_parms(): no params data found
[  151.163342][ T6528] netlink: 'syz.2.195': attribute type 29 has an invalid length.
[  151.219171][ T6532] netlink: 'syz.2.195': attribute type 29 has an invalid length.
[  151.276708][ T6534] netlink: 'syz.3.197': attribute type 10 has an invalid length.
[  151.295241][ T6534] netlink: 65015 bytes leftover after parsing attributes in process `syz.3.197'.
[  151.418103][ T2988] hsr_slave_0: left promiscuous mode
[  151.455043][ T2988] hsr_slave_1: left promiscuous mode
[  151.470368][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  151.500802][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  151.547715][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  151.579428][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  151.607153][ T5839] Bluetooth: hci6: command tx timeout
[  151.717232][ T2988] veth1_macvtap: left promiscuous mode
[  151.732311][ T2988] veth0_macvtap: left promiscuous mode
[  151.745929][ T2988] veth1_vlan: left promiscuous mode
[  151.757409][ T2988] veth0_vlan: left promiscuous mode
[  151.999002][ T6558] netlink: 28 bytes leftover after parsing attributes in process `syz.5.203'.
[  152.035966][ T6558] netlink: 8 bytes leftover after parsing attributes in process `syz.5.203'.
[  152.177947][  T794] smc: removing ib device syz0
[  152.418627][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  152.453593][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  152.779802][ T6535] netlink: 'syz.2.195': attribute type 29 has an invalid length.
[  152.797940][ T6548] netlink: 132 bytes leftover after parsing attributes in process `syz.3.199'.
[  152.945075][ T5837] ==================================================================
[  152.953214][ T5837] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x1bf/0x200
[  152.962108][ T5837] Read of size 8 at addr ffff888054ef02e8 by task kworker/1:3/5837
[  152.970026][ T5837] 
[  152.972372][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: kworker/1:3 Not tainted 6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  152.972416][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  152.972440][ T5837] Workqueue: events smc_ib_port_event_work
[  152.972501][ T5837] Call Trace:
[  152.972512][ T5837]  <TASK>
[  152.972525][ T5837]  dump_stack_lvl+0x116/0x1f0
[  152.972580][ T5837]  print_report+0xcd/0x680
[  152.972621][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.972662][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.972703][ T5837]  ? __phys_addr+0xe8/0x180
[  152.972750][ T5837]  ? __ethtool_get_link_ksettings+0x1bf/0x200
[  152.972800][ T5837]  kasan_report+0xe0/0x110
[  152.972842][ T5837]  ? __ethtool_get_link_ksettings+0x1bf/0x200
[  152.972897][ T5837]  __ethtool_get_link_ksettings+0x1bf/0x200
[  152.972946][ T5837]  __ethtool_get_link_ksettings+0x148/0x200
[  152.972996][ T5837]  ib_get_eth_speed+0x122/0xb50
[  152.973031][ T5837]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  152.973063][ T5837]  ? __pfx___mutex_lock+0x10/0x10
[  152.973131][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973174][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  152.973215][ T5837]  rxe_query_port+0x108/0x330
[  152.973251][ T5837]  ib_query_port+0x441/0x8a0
[  152.973308][ T5837]  smc_ib_port_event_work+0x12f/0xbf0
[  152.973364][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973411][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973451][ T5837]  ? rcu_is_watching+0x12/0xc0
[  152.973497][ T5837]  process_one_work+0x9cf/0x1b70
[  152.973541][ T5837]  ? __pfx_process_one_work+0x10/0x10
[  152.973575][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973622][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973663][ T5837]  ? assign_work+0x1a0/0x250
[  152.973720][ T5837]  worker_thread+0x6c8/0xf10
[  152.973764][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973806][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973847][ T5837]  ? __kthread_parkme+0x19e/0x250
[  152.973893][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.973936][ T5837]  ? __pfx_worker_thread+0x10/0x10
[  152.973970][ T5837]  kthread+0x3c5/0x780
[  152.974000][ T5837]  ? __pfx_kthread+0x10/0x10
[  152.974030][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  152.974071][ T5837]  ? rcu_is_watching+0x12/0xc0
[  152.974113][ T5837]  ? __pfx_kthread+0x10/0x10
[  152.974143][ T5837]  ret_from_fork+0x5d7/0x6f0
[  152.974193][ T5837]  ? __pfx_kthread+0x10/0x10
[  152.974223][ T5837]  ret_from_fork_asm+0x1a/0x30
[  152.974270][ T5837]  </TASK>
[  152.974281][ T5837] 
[  153.218417][ T5837] Allocated by task 5826:
[  153.222757][ T5837]  kasan_save_stack+0x33/0x60
[  153.227466][ T5837]  kasan_save_track+0x14/0x30
[  153.232169][ T5837]  __kasan_kmalloc+0xaa/0xb0
[  153.236783][ T5837]  __kvmalloc_node_noprof+0x27b/0x620
[  153.242177][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  153.247071][ T5837]  rtnl_create_link+0xc08/0xf90
[  153.251965][ T5837]  rtnl_newlink+0xb69/0x2000
[  153.256604][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  153.261581][ T5837]  netlink_rcv_skb+0x158/0x420
[  153.266481][ T5837]  netlink_unicast+0x53d/0x7f0
[  153.271274][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  153.276063][ T5837]  __sys_sendto+0x4a3/0x520
[  153.280597][ T5837]  __x64_sys_sendto+0xe0/0x1c0
[  153.285399][ T5837]  do_syscall_64+0xcd/0x4c0
[  153.289917][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  153.295828][ T5837] 
[  153.298153][ T5837] Freed by task 2988:
[  153.302139][ T5837]  kasan_save_stack+0x33/0x60
[  153.306841][ T5837]  kasan_save_track+0x14/0x30
[  153.311539][ T5837]  kasan_save_free_info+0x3b/0x60
[  153.316598][ T5837]  __kasan_slab_free+0x51/0x70
[  153.321384][ T5837]  kfree+0x2b4/0x4d0
[  153.325317][ T5837]  device_release+0xa4/0x240
[  153.329928][ T5837]  kobject_put+0x1e7/0x5a0
[  153.334359][ T5837]  netdev_run_todo+0x7e9/0x1320
[  153.339223][ T5837]  default_device_exit_batch+0x858/0xaf0
[  153.344871][ T5837]  ops_undo_list+0x363/0xab0
[  153.349475][ T5837]  cleanup_net+0x408/0x890
[  153.353907][ T5837]  process_one_work+0x9cf/0x1b70
[  153.358862][ T5837]  worker_thread+0x6c8/0xf10
[  153.363466][ T5837]  kthread+0x3c5/0x780
[  153.367546][ T5837]  ret_from_fork+0x5d7/0x6f0
[  153.372164][ T5837]  ret_from_fork_asm+0x1a/0x30
[  153.376952][ T5837] 
[  153.379275][ T5837] The buggy address belongs to the object at ffff888054ef0000
[  153.379275][ T5837]  which belongs to the cache kmalloc-cg-4k of size 4096
[  153.393614][ T5837] The buggy address is located 744 bytes inside of
[  153.393614][ T5837]  freed 4096-byte region [ffff888054ef0000, ffff888054ef1000)
[  153.407522][ T5837] 
[  153.409849][ T5837] The buggy address belongs to the physical page:
[  153.416262][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54ef0
[  153.425036][ T5837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  153.433545][ T5837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  153.441109][ T5837] page_type: f5(slab)
[  153.445109][ T5837] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  153.453711][ T5837] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  153.462321][ T5837] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  153.471009][ T5837] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  153.479700][ T5837] head: 00fff00000000003 ffffea000153bc01 00000000ffffffff 00000000ffffffff
[  153.488396][ T5837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  153.497083][ T5837] page dumped because: kasan: bad access detected
[  153.503501][ T5837] page_owner tracks the page as allocated
[  153.509214][ T5837] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5826, tgid 5826 (syz-executor), ts 112382084264, free_ts 37840724192
[  153.532452][ T5837]  post_alloc_hook+0x1c0/0x230
[  153.537248][ T5837]  get_page_from_freelist+0x1321/0x3890
[  153.542816][ T5837]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  153.548732][ T5837]  alloc_pages_mpol+0x1fb/0x550
[  153.553615][ T5837]  new_slab+0x23b/0x330
[  153.557811][ T5837]  ___slab_alloc+0xd9c/0x1940
[  153.562523][ T5837]  __slab_alloc.constprop.0+0x56/0xb0
[  153.567948][ T5837]  __kvmalloc_node_noprof+0x3b1/0x620
[  153.573348][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  153.578244][ T5837]  rtnl_create_link+0xc08/0xf90
[  153.583148][ T5837]  rtnl_newlink+0xb69/0x2000
[  153.587787][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  153.592765][ T5837]  netlink_rcv_skb+0x158/0x420
[  153.597554][ T5837]  netlink_unicast+0x53d/0x7f0
[  153.602340][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  153.607127][ T5837]  __sys_sendto+0x4a3/0x520
[  153.611658][ T5837] page last free pid 1 tgid 1 stack trace:
[  153.617467][ T5837]  __free_frozen_pages+0x7fe/0x1180
[  153.622740][ T5837]  free_contig_range+0x183/0x4b0
[  153.627716][ T5837]  destroy_args+0x7f6/0xa60
[  153.632262][ T5837]  debug_vm_pgtable+0x13b8/0x2d00
[  153.637300][ T5837]  do_one_initcall+0x123/0x6e0
[  153.642095][ T5837]  kernel_init_freeable+0x5c2/0x900
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  153.647325][ T5837]  kernel_init+0x1c/0x2b0
[  153.651674][ T5837]  ret_from_fork+0x5d7/0x6f0
[  153.656300][ T5837]  ret_from_fork_asm+0x1a/0x30
[  153.661086][ T5837] 
[  153.663411][ T5837] Memory state around the buggy address:
[  153.669152][ T5837]  ffff888054ef0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.677225][ T5837]  ffff888054ef0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.685305][ T5837] >ffff888054ef0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.693379][ T5837]                                                           ^
[  153.700845][ T5837]  ffff888054ef0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.708920][ T5837]  ffff888054ef0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.716989][ T5837] ==================================================================
[  153.847210][ T5837] Disabling lock debugging due to kernel taint
[  153.853582][ T5837] ==================================================================
[  153.861672][ T5837] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0xa4/0x200
[  153.870493][ T5837] Read of size 8 at addr ffff888054ef00a8 by task kworker/1:3/5837
[  153.878410][ T5837] 
[  153.880756][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: kworker/1:3 Tainted: G    B               6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  153.880816][ T5837] Tainted: [B]=BAD_PAGE
[  153.880829][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  153.880855][ T5837] Workqueue: events smc_ib_port_event_work
[  153.880920][ T5837] Call Trace:
[  153.880935][ T5837]  <TASK>
[  153.880948][ T5837]  dump_stack_lvl+0x116/0x1f0
[  153.881017][ T5837]  print_report+0xcd/0x680
[  153.881062][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.881109][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.881157][ T5837]  ? __phys_addr+0xe8/0x180
[  153.881201][ T5837]  ? __ethtool_get_link_ksettings+0xa4/0x200
[  153.881255][ T5837]  kasan_report+0xe0/0x110
[  153.881304][ T5837]  ? __ethtool_get_link_ksettings+0xa4/0x200
[  153.881364][ T5837]  kasan_check_range+0x100/0x1b0
[  153.881420][ T5837]  __ethtool_get_link_ksettings+0xa4/0x200
[  153.881474][ T5837]  __ethtool_get_link_ksettings+0x148/0x200
[  153.881529][ T5837]  ib_get_eth_speed+0x122/0xb50
[  153.881566][ T5837]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  153.881600][ T5837]  ? __pfx___mutex_lock+0x10/0x10
[  153.881670][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.881715][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  153.881760][ T5837]  rxe_query_port+0x108/0x330
[  153.881799][ T5837]  ib_query_port+0x441/0x8a0
[  153.881860][ T5837]  smc_ib_port_event_work+0x12f/0xbf0
[  153.881920][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.881971][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882021][ T5837]  ? rcu_is_watching+0x12/0xc0
[  153.882071][ T5837]  process_one_work+0x9cf/0x1b70
[  153.882119][ T5837]  ? __pfx_process_one_work+0x10/0x10
[  153.882156][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882207][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882252][ T5837]  ? assign_work+0x1a0/0x250
[  153.882314][ T5837]  worker_thread+0x6c8/0xf10
[  153.882356][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882403][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882448][ T5837]  ? __kthread_parkme+0x19e/0x250
[  153.882498][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882545][ T5837]  ? __pfx_worker_thread+0x10/0x10
[  153.882583][ T5837]  kthread+0x3c5/0x780
[  153.882615][ T5837]  ? __pfx_kthread+0x10/0x10
[  153.882648][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  153.882693][ T5837]  ? rcu_is_watching+0x12/0xc0
[  153.882738][ T5837]  ? __pfx_kthread+0x10/0x10
[  153.882771][ T5837]  ret_from_fork+0x5d7/0x6f0
[  153.882824][ T5837]  ? __pfx_kthread+0x10/0x10
[  153.882857][ T5837]  ret_from_fork_asm+0x1a/0x30
[  153.882907][ T5837]  </TASK>
[  153.882919][ T5837] 
[  154.137335][ T5837] Allocated by task 5826:
[  154.141669][ T5837]  kasan_save_stack+0x33/0x60
[  154.146375][ T5837]  kasan_save_track+0x14/0x30
[  154.151076][ T5837]  __kasan_kmalloc+0xaa/0xb0
[  154.155700][ T5837]  __kvmalloc_node_noprof+0x27b/0x620
[  154.161090][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  154.165984][ T5837]  rtnl_create_link+0xc08/0xf90
[  154.170872][ T5837]  rtnl_newlink+0xb69/0x2000
[  154.175502][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  154.180482][ T5837]  netlink_rcv_skb+0x158/0x420
[  154.185268][ T5837]  netlink_unicast+0x53d/0x7f0
[  154.190052][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  154.194835][ T5837]  __sys_sendto+0x4a3/0x520
[  154.199370][ T5837]  __x64_sys_sendto+0xe0/0x1c0
[  154.204165][ T5837]  do_syscall_64+0xcd/0x4c0
[  154.208685][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.214599][ T5837] 
[  154.216924][ T5837] Freed by task 2988:
[  154.220905][ T5837]  kasan_save_stack+0x33/0x60
[  154.225606][ T5837]  kasan_save_track+0x14/0x30
[  154.230303][ T5837]  kasan_save_free_info+0x3b/0x60
[  154.235363][ T5837]  __kasan_slab_free+0x51/0x70
[  154.240149][ T5837]  kfree+0x2b4/0x4d0
[  154.244083][ T5837]  device_release+0xa4/0x240
[  154.248694][ T5837]  kobject_put+0x1e7/0x5a0
[  154.253126][ T5837]  netdev_run_todo+0x7e9/0x1320
[  154.257994][ T5837]  default_device_exit_batch+0x858/0xaf0
[  154.263647][ T5837]  ops_undo_list+0x363/0xab0
[  154.268274][ T5837]  cleanup_net+0x408/0x890
[  154.272717][ T5837]  process_one_work+0x9cf/0x1b70
[  154.277675][ T5837]  worker_thread+0x6c8/0xf10
[  154.282286][ T5837]  kthread+0x3c5/0x780
[  154.286370][ T5837]  ret_from_fork+0x5d7/0x6f0
[  154.290994][ T5837]  ret_from_fork_asm+0x1a/0x30
[  154.295782][ T5837] 
[  154.298110][ T5837] The buggy address belongs to the object at ffff888054ef0000
[  154.298110][ T5837]  which belongs to the cache kmalloc-cg-4k of size 4096
[  154.312441][ T5837] The buggy address is located 168 bytes inside of
[  154.312441][ T5837]  freed 4096-byte region [ffff888054ef0000, ffff888054ef1000)
[  154.326348][ T5837] 
[  154.328672][ T5837] The buggy address belongs to the physical page:
[  154.335084][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54ef0
[  154.343868][ T5837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  154.352375][ T5837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  154.359984][ T5837] page_type: f5(slab)
[  154.363978][ T5837] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  154.372576][ T5837] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  154.381311][ T5837] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  154.390015][ T5837] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  154.398748][ T5837] head: 00fff00000000003 ffffea000153bc01 00000000ffffffff 00000000ffffffff
[  154.407441][ T5837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  154.416127][ T5837] page dumped because: kasan: bad access detected
[  154.422543][ T5837] page_owner tracks the page as allocated
[  154.428260][ T5837] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5826, tgid 5826 (syz-executor), ts 112382084264, free_ts 37840724192
[  154.451496][ T5837]  post_alloc_hook+0x1c0/0x230
[  154.456285][ T5837]  get_page_from_freelist+0x1321/0x3890
[  154.461858][ T5837]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  154.467778][ T5837]  alloc_pages_mpol+0x1fb/0x550
[  154.472654][ T5837]  new_slab+0x23b/0x330
[  154.476848][ T5837]  ___slab_alloc+0xd9c/0x1940
[  154.481559][ T5837]  __slab_alloc.constprop.0+0x56/0xb0
[  154.486970][ T5837]  __kvmalloc_node_noprof+0x3b1/0x620
[  154.492362][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  154.497254][ T5837]  rtnl_create_link+0xc08/0xf90
[  154.502146][ T5837]  rtnl_newlink+0xb69/0x2000
[  154.506775][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  154.511752][ T5837]  netlink_rcv_skb+0x158/0x420
[  154.516535][ T5837]  netlink_unicast+0x53d/0x7f0
[  154.521316][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  154.526099][ T5837]  __sys_sendto+0x4a3/0x520
[  154.530631][ T5837] page last free pid 1 tgid 1 stack trace:
[  154.536442][ T5837]  __free_frozen_pages+0x7fe/0x1180
[  154.541680][ T5837]  free_contig_range+0x183/0x4b0
[  154.546656][ T5837]  destroy_args+0x7f6/0xa60
[  154.551225][ T5837]  debug_vm_pgtable+0x13b8/0x2d00
[  154.556262][ T5837]  do_one_initcall+0x123/0x6e0
[  154.561042][ T5837]  kernel_init_freeable+0x5c2/0x900
[  154.566283][ T5837]  kernel_init+0x1c/0x2b0
[  154.570638][ T5837]  ret_from_fork+0x5d7/0x6f0
[  154.575256][ T5837]  ret_from_fork_asm+0x1a/0x30
[  154.580037][ T5837] 
[  154.582356][ T5837] Memory state around the buggy address:
[  154.587996][ T5837]  ffff888054eeff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  154.596065][ T5837]  ffff888054ef0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.604136][ T5837] >ffff888054ef0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.612198][ T5837]                                   ^
[  154.617570][ T5837]  ffff888054ef0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.625639][ T5837]  ffff888054ef0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  154.633706][ T5837] ==================================================================
[  154.643521][ T5837] ==================================================================
[  154.651627][ T5837] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x1cc/0x200
[  154.660534][ T5837] Read of size 8 at addr ffff888054ef00a8 by task kworker/1:3/5837
[  154.668463][ T5837] 
[  154.670817][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: kworker/1:3 Tainted: G    B               6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  154.670877][ T5837] Tainted: [B]=BAD_PAGE
[  154.670891][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  154.670917][ T5837] Workqueue: events smc_ib_port_event_work
[  154.670987][ T5837] Call Trace:
[  154.670999][ T5837]  <TASK>
[  154.671013][ T5837]  dump_stack_lvl+0x116/0x1f0
[  154.671073][ T5837]  print_report+0xcd/0x680
[  154.671119][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.671165][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.671211][ T5837]  ? __phys_addr+0xe8/0x180
[  154.671254][ T5837]  ? __ethtool_get_link_ksettings+0x1cc/0x200
[  154.671308][ T5837]  kasan_report+0xe0/0x110
[  154.671355][ T5837]  ? __ethtool_get_link_ksettings+0x1cc/0x200
[  154.671414][ T5837]  __ethtool_get_link_ksettings+0x1cc/0x200
[  154.671470][ T5837]  __ethtool_get_link_ksettings+0x148/0x200
[  154.671525][ T5837]  ib_get_eth_speed+0x122/0xb50
[  154.671562][ T5837]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  154.671597][ T5837]  ? __pfx___mutex_lock+0x10/0x10
[  154.671668][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.671714][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  154.671759][ T5837]  rxe_query_port+0x108/0x330
[  154.671798][ T5837]  ib_query_port+0x441/0x8a0
[  154.671860][ T5837]  smc_ib_port_event_work+0x12f/0xbf0
[  154.671921][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.671972][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672022][ T5837]  ? rcu_is_watching+0x12/0xc0
[  154.672072][ T5837]  process_one_work+0x9cf/0x1b70
[  154.672120][ T5837]  ? __pfx_process_one_work+0x10/0x10
[  154.672158][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672209][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672254][ T5837]  ? assign_work+0x1a0/0x250
[  154.672317][ T5837]  worker_thread+0x6c8/0xf10
[  154.672439][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672490][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672535][ T5837]  ? __kthread_parkme+0x19e/0x250
[  154.672585][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672632][ T5837]  ? __pfx_worker_thread+0x10/0x10
[  154.672670][ T5837]  kthread+0x3c5/0x780
[  154.672702][ T5837]  ? __pfx_kthread+0x10/0x10
[  154.672735][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  154.672780][ T5837]  ? rcu_is_watching+0x12/0xc0
[  154.672826][ T5837]  ? __pfx_kthread+0x10/0x10
[  154.672860][ T5837]  ret_from_fork+0x5d7/0x6f0
[  154.672914][ T5837]  ? __pfx_kthread+0x10/0x10
[  154.672947][ T5837]  ret_from_fork_asm+0x1a/0x30
[  154.673002][ T5837]  </TASK>
[  154.673015][ T5837] 
[  154.922664][ T5837] Allocated by task 5826:
[  154.927008][ T5837]  kasan_save_stack+0x33/0x60
[  154.931707][ T5837]  kasan_save_track+0x14/0x30
[  154.936402][ T5837]  __kasan_kmalloc+0xaa/0xb0
[  154.941022][ T5837]  __kvmalloc_node_noprof+0x27b/0x620
[  154.946408][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  154.951297][ T5837]  rtnl_create_link+0xc08/0xf90
[  154.956186][ T5837]  rtnl_newlink+0xb69/0x2000
[  154.960817][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  154.965792][ T5837]  netlink_rcv_skb+0x158/0x420
[  154.970575][ T5837]  netlink_unicast+0x53d/0x7f0
[  154.975357][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  154.980137][ T5837]  __sys_sendto+0x4a3/0x520
[  154.984673][ T5837]  __x64_sys_sendto+0xe0/0x1c0
[  154.989472][ T5837]  do_syscall_64+0xcd/0x4c0
[  154.993989][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.999907][ T5837] 
[  155.002231][ T5837] Freed by task 2988:
[  155.006212][ T5837]  kasan_save_stack+0x33/0x60
[  155.010949][ T5837]  kasan_save_track+0x14/0x30
[  155.015683][ T5837]  kasan_save_free_info+0x3b/0x60
[  155.020825][ T5837]  __kasan_slab_free+0x51/0x70
[  155.025616][ T5837]  kfree+0x2b4/0x4d0
[  155.029549][ T5837]  device_release+0xa4/0x240
[  155.034159][ T5837]  kobject_put+0x1e7/0x5a0
[  155.038588][ T5837]  netdev_run_todo+0x7e9/0x1320
[  155.043452][ T5837]  default_device_exit_batch+0x858/0xaf0
[  155.049101][ T5837]  ops_undo_list+0x363/0xab0
[  155.053704][ T5837]  cleanup_net+0x408/0x890
[  155.058142][ T5837]  process_one_work+0x9cf/0x1b70
[  155.063098][ T5837]  worker_thread+0x6c8/0xf10
[  155.067703][ T5837]  kthread+0x3c5/0x780
[  155.071781][ T5837]  ret_from_fork+0x5d7/0x6f0
[  155.076493][ T5837]  ret_from_fork_asm+0x1a/0x30
[  155.081278][ T5837] 
[  155.083605][ T5837] The buggy address belongs to the object at ffff888054ef0000
[  155.083605][ T5837]  which belongs to the cache kmalloc-cg-4k of size 4096
[  155.097937][ T5837] The buggy address is located 168 bytes inside of
[  155.097937][ T5837]  freed 4096-byte region [ffff888054ef0000, ffff888054ef1000)
[  155.111851][ T5837] 
[  155.114184][ T5837] The buggy address belongs to the physical page:
[  155.120600][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54ef0
[  155.129379][ T5837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  155.137896][ T5837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  155.145558][ T5837] page_type: f5(slab)
[  155.149555][ T5837] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  155.158158][ T5837] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  155.166763][ T5837] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  155.175451][ T5837] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  155.184142][ T5837] head: 00fff00000000003 ffffea000153bc01 00000000ffffffff 00000000ffffffff
[  155.192831][ T5837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  155.201510][ T5837] page dumped because: kasan: bad access detected
[  155.207929][ T5837] page_owner tracks the page as allocated
[  155.213645][ T5837] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5826, tgid 5826 (syz-executor), ts 112382084264, free_ts 37840724192
[  155.236881][ T5837]  post_alloc_hook+0x1c0/0x230
[  155.241672][ T5837]  get_page_from_freelist+0x1321/0x3890
[  155.247244][ T5837]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  155.253169][ T5837]  alloc_pages_mpol+0x1fb/0x550
[  155.258051][ T5837]  new_slab+0x23b/0x330
[  155.262270][ T5837]  ___slab_alloc+0xd9c/0x1940
[  155.266989][ T5837]  __slab_alloc.constprop.0+0x56/0xb0
[  155.272407][ T5837]  __kvmalloc_node_noprof+0x3b1/0x620
[  155.277804][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  155.282694][ T5837]  rtnl_create_link+0xc08/0xf90
[  155.287581][ T5837]  rtnl_newlink+0xb69/0x2000
[  155.292208][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  155.297184][ T5837]  netlink_rcv_skb+0x158/0x420
[  155.301968][ T5837]  netlink_unicast+0x53d/0x7f0
[  155.306756][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  155.311541][ T5837]  __sys_sendto+0x4a3/0x520
[  155.316083][ T5837] page last free pid 1 tgid 1 stack trace:
[  155.321894][ T5837]  __free_frozen_pages+0x7fe/0x1180
[  155.327310][ T5837]  free_contig_range+0x183/0x4b0
[  155.332287][ T5837]  destroy_args+0x7f6/0xa60
[  155.336830][ T5837]  debug_vm_pgtable+0x13b8/0x2d00
[  155.341871][ T5837]  do_one_initcall+0x123/0x6e0
[  155.346652][ T5837]  kernel_init_freeable+0x5c2/0x900
[  155.351877][ T5837]  kernel_init+0x1c/0x2b0
[  155.356230][ T5837]  ret_from_fork+0x5d7/0x6f0
[  155.360855][ T5837]  ret_from_fork_asm+0x1a/0x30
[  155.365636][ T5837] 
[  155.367978][ T5837] Memory state around the buggy address:
[  155.373614][ T5837]  ffff888054eeff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  155.381682][ T5837]  ffff888054ef0000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.389757][ T5837] >ffff888054ef0080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.397839][ T5837]                                   ^
[  155.403215][ T5837]  ffff888054ef0100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.411289][ T5837]  ffff888054ef0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  155.419357][ T5837] ==================================================================
[  155.434172][ T5837] ==================================================================
[  155.442269][ T5837] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x1e3/0x200
[  155.451257][ T5837] Read of size 8 at addr ffff888054ef02e8 by task kworker/1:3/5837
[  155.459165][ T5837] 
[  155.461504][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: kworker/1:3 Tainted: G    B               6.16.0-rc4-syzkaller-00049-gb4911fb0b060 #0 PREEMPT(full) 
[  155.461557][ T5837] Tainted: [B]=BAD_PAGE
[  155.461569][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  155.461593][ T5837] Workqueue: events smc_ib_port_event_work
[  155.461652][ T5837] Call Trace:
[  155.461664][ T5837]  <TASK>
[  155.461676][ T5837]  dump_stack_lvl+0x116/0x1f0
[  155.461732][ T5837]  print_report+0xcd/0x680
[  155.461774][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.461817][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.461857][ T5837]  ? __phys_addr+0xe8/0x180
[  155.461898][ T5837]  ? __ethtool_get_link_ksettings+0x1e3/0x200
[  155.461947][ T5837]  kasan_report+0xe0/0x110
[  155.461989][ T5837]  ? __ethtool_get_link_ksettings+0x1e3/0x200
[  155.462053][ T5837]  __ethtool_get_link_ksettings+0x1e3/0x200
[  155.462106][ T5837]  __ethtool_get_link_ksettings+0x148/0x200
[  155.462156][ T5837]  ib_get_eth_speed+0x122/0xb50
[  155.462190][ T5837]  ? __pfx_ib_get_eth_speed+0x10/0x10
[  155.462221][ T5837]  ? __pfx___mutex_lock+0x10/0x10
[  155.462286][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462327][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  155.462369][ T5837]  rxe_query_port+0x108/0x330
[  155.462405][ T5837]  ib_query_port+0x441/0x8a0
[  155.462461][ T5837]  smc_ib_port_event_work+0x12f/0xbf0
[  155.462516][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462562][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462603][ T5837]  ? rcu_is_watching+0x12/0xc0
[  155.462649][ T5837]  process_one_work+0x9cf/0x1b70
[  155.462692][ T5837]  ? __pfx_process_one_work+0x10/0x10
[  155.462727][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462773][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462815][ T5837]  ? assign_work+0x1a0/0x250
[  155.462871][ T5837]  worker_thread+0x6c8/0xf10
[  155.462910][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462952][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.462993][ T5837]  ? __kthread_parkme+0x19e/0x250
[  155.463047][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.463091][ T5837]  ? __pfx_worker_thread+0x10/0x10
[  155.463125][ T5837]  kthread+0x3c5/0x780
[  155.463154][ T5837]  ? __pfx_kthread+0x10/0x10
[  155.463185][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  155.463226][ T5837]  ? rcu_is_watching+0x12/0xc0
[  155.463267][ T5837]  ? __pfx_kthread+0x10/0x10
[  155.463297][ T5837]  ret_from_fork+0x5d7/0x6f0
[  155.463347][ T5837]  ? __pfx_kthread+0x10/0x10
[  155.463376][ T5837]  ret_from_fork_asm+0x1a/0x30
[  155.463423][ T5837]  </TASK>
[  155.463434][ T5837] 
[  155.713134][ T5837] Allocated by task 5826:
[  155.717464][ T5837]  kasan_save_stack+0x33/0x60
[  155.722165][ T5837]  kasan_save_track+0x14/0x30
[  155.726860][ T5837]  __kasan_kmalloc+0xaa/0xb0
[  155.731465][ T5837]  __kvmalloc_node_noprof+0x27b/0x620
[  155.736859][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  155.741759][ T5837]  rtnl_create_link+0xc08/0xf90
[  155.746647][ T5837]  rtnl_newlink+0xb69/0x2000
[  155.751271][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  155.756245][ T5837]  netlink_rcv_skb+0x158/0x420
[  155.761029][ T5837]  netlink_unicast+0x53d/0x7f0
[  155.765819][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  155.770599][ T5837]  __sys_sendto+0x4a3/0x520
[  155.775129][ T5837]  __x64_sys_sendto+0xe0/0x1c0
[  155.779923][ T5837]  do_syscall_64+0xcd/0x4c0
[  155.784441][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  155.790349][ T5837] 
[  155.792669][ T5837] Freed by task 2988:
[  155.796649][ T5837]  kasan_save_stack+0x33/0x60
[  155.801343][ T5837]  kasan_save_track+0x14/0x30
[  155.806037][ T5837]  kasan_save_free_info+0x3b/0x60
[  155.811095][ T5837]  __kasan_slab_free+0x51/0x70
[  155.815879][ T5837]  kfree+0x2b4/0x4d0
[  155.819811][ T5837]  device_release+0xa4/0x240
[  155.824421][ T5837]  kobject_put+0x1e7/0x5a0
[  155.828851][ T5837]  netdev_run_todo+0x7e9/0x1320
[  155.833717][ T5837]  default_device_exit_batch+0x858/0xaf0
[  155.839368][ T5837]  ops_undo_list+0x363/0xab0
[  155.843970][ T5837]  cleanup_net+0x408/0x890
[  155.848405][ T5837]  process_one_work+0x9cf/0x1b70
[  155.853358][ T5837]  worker_thread+0x6c8/0xf10
[  155.857962][ T5837]  kthread+0x3c5/0x780
[  155.862044][ T5837]  ret_from_fork+0x5d7/0x6f0
[  155.866667][ T5837]  ret_from_fork_asm+0x1a/0x30
[  155.871449][ T5837] 
[  155.873773][ T5837] The buggy address belongs to the object at ffff888054ef0000
[  155.873773][ T5837]  which belongs to the cache kmalloc-cg-4k of size 4096
[  155.888100][ T5837] The buggy address is located 744 bytes inside of
[  155.888100][ T5837]  freed 4096-byte region [ffff888054ef0000, ffff888054ef1000)
[  155.902003][ T5837] 
[  155.904331][ T5837] The buggy address belongs to the physical page:
[  155.910738][ T5837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x54ef0
[  155.919511][ T5837] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  155.928023][ T5837] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  155.935581][ T5837] page_type: f5(slab)
[  155.939574][ T5837] raw: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  155.948174][ T5837] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  155.956776][ T5837] head: 00fff00000000040 ffff88801b84b500 dead000000000122 0000000000000000
[  155.965462][ T5837] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[  155.974148][ T5837] head: 00fff00000000003 ffffea000153bc01 00000000ffffffff 00000000ffffffff
[  155.982833][ T5837] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  155.991508][ T5837] page dumped because: kasan: bad access detected
[  155.997927][ T5837] page_owner tracks the page as allocated
[  156.003643][ T5837] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5826, tgid 5826 (syz-executor), ts 112382084264, free_ts 37840724192
[  156.026868][ T5837]  post_alloc_hook+0x1c0/0x230
[  156.031653][ T5837]  get_page_from_freelist+0x1321/0x3890
[  156.037222][ T5837]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  156.043142][ T5837]  alloc_pages_mpol+0x1fb/0x550
[  156.048030][ T5837]  new_slab+0x23b/0x330
[  156.052220][ T5837]  ___slab_alloc+0xd9c/0x1940
[  156.056933][ T5837]  __slab_alloc.constprop.0+0x56/0xb0
[  156.062349][ T5837]  __kvmalloc_node_noprof+0x3b1/0x620
[  156.067738][ T5837]  alloc_netdev_mqs+0xd2/0x1570
[  156.072625][ T5837]  rtnl_create_link+0xc08/0xf90
[  156.077514][ T5837]  rtnl_newlink+0xb69/0x2000
[  156.082140][ T5837]  rtnetlink_rcv_msg+0x95e/0xe90
[  156.087114][ T5837]  netlink_rcv_skb+0x158/0x420
[  156.091896][ T5837]  netlink_unicast+0x53d/0x7f0
[  156.096680][ T5837]  netlink_sendmsg+0x8d1/0xdd0
[  156.101466][ T5837]  __sys_sendto+0x4a3/0x520
[  156.106001][ T5837] page last free pid 1 tgid 1 stack trace:
[  156.111809][ T5837]  __free_frozen_pages+0x7fe/0x1180
[  156.117050][ T5837]  free_contig_range+0x183/0x4b0
[  156.122029][ T5837]  destroy_args+0x7f6/0xa60
[  156.126567][ T5837]  debug_vm_pgtable+0x13b8/0x2d00
[  156.131604][ T5837]  do_one_initcall+0x123/0x6e0
[  156.136382][ T5837]  kernel_init_freeable+0x5c2/0x900
[  156.141605][ T5837]  kernel_init+0x1c/0x2b0
[  156.145957][ T5837]  ret_from_fork+0x5d7/0x6f0
[  156.150584][ T5837]  ret_from_fork_asm+0x1a/0x30
[  156.155364][ T5837] 
[  156.157687][ T5837] Memory state around the buggy address:
[  156.163322][ T5837]  ffff888054ef0180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.171537][ T5837]  ffff888054ef0200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.179618][ T5837] >ffff888054ef0280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.187684][ T5837]                                                           ^
[  156.195156][ T5837]  ffff888054ef0300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.203226][ T5837]  ffff888054ef0380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.211293][ T5837] ==================================================================
[  157.704784][ T2988] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.741405][ T2988] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.809926][ T2988] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  157.860627][ T2988] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.843291][ T2988] bridge_slave_1: left allmulticast mode
[  158.849010][ T2988] bridge_slave_1: left promiscuous mode
[  158.856847][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.867172][ T2988] bridge_slave_0: left allmulticast mode
[  158.872840][ T2988] bridge_slave_0: left promiscuous mode
[  158.879295][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.891734][ T2988] bridge_slave_1: left allmulticast mode
[  158.898123][ T2988] bridge_slave_1: left promiscuous mode
[  158.903998][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.912645][ T2988] bridge_slave_0: left allmulticast mode
[  158.921194][ T2988] bridge_slave_0: left promiscuous mode
[  158.931120][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  158.944452][ T2988] bridge_slave_1: left allmulticast mode
[  158.950143][ T2988] bridge_slave_1: left promiscuous mode
[  158.962034][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  158.970974][ T2988] bridge_slave_0: left allmulticast mode
[  158.979827][ T2988] bridge_slave_0: left promiscuous mode
[  158.988373][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.001388][ T2988] bridge_slave_1: left allmulticast mode
[  159.007923][ T2988] bridge_slave_1: left promiscuous mode
[  159.016246][ T2988] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.026954][ T2988] bridge_slave_0: left allmulticast mode
[  159.032624][ T2988] bridge_slave_0: left promiscuous mode
[  159.041609][ T2988] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.210764][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.221006][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.231662][ T2988] bond0 (unregistering): Released all slaves
[  159.242959][ T2988] bond1 (unregistering): Released all slaves
[  159.294784][ T2988] bond0 (unregistering): Released all slaves
[  159.512112][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.521808][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.531251][ T2988] bond0 (unregistering): Released all slaves
[  159.732669][ T2988] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.742348][ T2988] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.751682][ T2988] bond0 (unregistering): Released all slaves
[  159.762040][ T2988] bond1 (unregistering): Released all slaves
[  159.775288][ T2988] bond2 (unregistering): Released all slaves
[  159.962173][ T2988]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.971366][ T2988]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.980239][ T2988]  (unregistering): Released all slaves
[  160.078298][ T2988] tipc: Disabling bearer <udp:sy>
[  160.086478][ T2988] tipc: Left network mode
[  160.582447][ T2988] hsr_slave_0: left promiscuous mode
[  160.588407][ T2988] hsr_slave_1: left promiscuous mode
[  160.596017][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  160.603703][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.611507][ T2988] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  160.619354][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.643433][ T2988] hsr_slave_0: left promiscuous mode
[  160.649263][ T2988] hsr_slave_1: left promiscuous mode
[  160.655425][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.663317][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.675636][ T2988] hsr_slave_0: left promiscuous mode
[  160.681482][ T2988] hsr_slave_1: left promiscuous mode
[  160.689819][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.699001][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.715114][ T2988] hsr_slave_0: left promiscuous mode
[  160.721044][ T2988] hsr_slave_1: left promiscuous mode
[  160.728876][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_0
[  160.739239][ T2988] batman_adv: batadv0: Removing interface: batadv_slave_1
[  160.757002][ T2988] veth1_macvtap: left promiscuous mode
[  160.762751][ T2988] veth0_macvtap: left promiscuous mode
[  160.768802][ T2988] veth1_vlan: left promiscuous mode
[  160.774529][ T2988] veth0_vlan: left promiscuous mode
[  160.982113][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  161.003103][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  161.264971][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  161.301522][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  161.635833][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  161.659256][ T2988] team0 (unregistering): Port device team_slave_0 removed
[  161.988474][ T2988] team0 (unregistering): Port device team_slave_1 removed
[  162.014320][ T2988] team0 (unregistering): Port device team_slave_0 removed