last executing test programs: 1.313814236s ago: executing program 1 (id=2): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x0) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x20000400) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x40082, 0x0) ioctl$PPPIOCNEWUNIT(r4, 0xc004743e, &(0x7f0000000140)) ioctl$PPPIOCSMAXCID(r4, 0x40047451, &(0x7f0000000080)=0xfffffffe) ppoll(&(0x7f0000000500)=[{r2}], 0x1, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000480)='kfree\x00', r3, 0x0, 0x7fffffffffffffff}, 0x18) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701feffffff00000000027c0000000039a0040008000c0001800600060008"], 0x30}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x14e22, 0xfffffff9, @ipv4={'\x00', '\xff\xff', @multicast1}}, 0x1c) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r7, 0xfff) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x8001}, 0x8) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f0000000080)=0x9, 0x4) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$bt_hci(r8, 0x84, 0x7f, &(0x7f0000000080)=""/4057, &(0x7f0000000000)=0xfd9) r9 = socket$inet6_mptcp(0xa, 0x1, 0x106) connect$inet6(r9, &(0x7f0000000280)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r10, 0x0) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r11, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) 1.125365051s ago: executing program 3 (id=4): openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$inet(0xa, 0x801, 0x84) listen(r1, 0x8) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002300000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0xe) r3 = epoll_create(0x9) epoll_pwait(r3, &(0x7f0000000180)=[{}], 0x1, 0x3, &(0x7f0000000200)={[0xff]}, 0x8) socket$inet(0xa, 0x801, 0x84) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) ppoll(&(0x7f0000000500)=[{r4}], 0x1, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x2, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000240)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x400, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x8a}, 0x9c) accept(r0, &(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @dev}}}, 0x0) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) shutdown(r0, 0x2) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x200002, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b80)={0x2, 0x5c, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xae}, @exit], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, 0x2a}, 0x94) sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}]}, 0x4c}}, 0x0) 370.538132ms ago: executing program 4 (id=5): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="440000001000810500000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="14d00400000000002400128009000100626f6e64000000001400028008001f00ffffff7f0800090000000000c3af302db66101"], 0x44}, 0x1, 0x0, 0x0, 0x20004002}, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DEL(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="2c0000000ae604000000000000000000000000000900020073797a300007"], 0x2c}}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r5, 0x8914, &(0x7f0000000000)={'wlan1\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$alg(0x26, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYRESOCT=r1], 0x48) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9, 0x0, 0xffffffffffffffff}, 0xa) bind$alg(r7, &(0x7f0000000440)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(twofish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r10 = accept4(r7, 0x0, 0x0, 0x800) sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, 0x0}], 0x1, 0x40800) recvmsg$qrtr(r10, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x38, 0x10020) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r11, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x24, r12, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}]}, 0x24}}, 0x0) r14 = socket$inet6(0xa, 0x3, 0x87) connect$inet6(r14, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x9df}, 0x1c) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r4, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r15}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0) socket$kcm(0x10, 0x2, 0x0) 234.655407ms ago: executing program 1 (id=6): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x20000000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMK(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r4, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) getpeername$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0}, &(0x7f0000000100)=0x14) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@deltclass={0x54, 0x29, 0x800, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xffff, 0x10}, {0x5, 0xffe0}, {0x6, 0xe}}, [@tclass_kind_options=@c_qfq={{0x8}, {0x14, 0x2, [@TCA_QFQ_WEIGHT={0x8, 0x1, 0xfffffff9}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x480000}]}}, @TCA_RATE={0x6, 0x5, {0xf, 0x6a}}, @tclass_kind_options=@c_netem={0xa}]}, 0x54}, 0x1, 0x0, 0x0, 0x41}, 0x4000) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r7, 0x89f1, &(0x7f0000000840)={'syztnl2\x00', &(0x7f00000007c0)={'syztnl1\x00', r6, 0x4a07717bffa9a9a5, 0x25, 0xea, 0x10000, 0x30, @private1, @loopback, 0x40, 0x7fb0, 0x9a9, 0x2}}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000580)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x1}, 0x28) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$team(&(0x7f0000001880), 0xffffffffffffffff) sendmsg$TEAM_CMD_NOOP(r8, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001a00)={&(0x7f00000018c0)={0x14, r9, 0x1, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x20040090}, 0x4000080) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'ip6_vti0\x00', &(0x7f0000000480)={'syztnl0\x00', r6, 0x4, 0x4, 0x3, 0x10000, 0x32, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7800, 0x7, 0xffffffff, 0x6}}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000540)={'ip_vti0\x00', &(0x7f00000006c0)={'syztnl0\x00', r6, 0x10, 0x8000, 0x3, 0x0, {{0x22, 0x4, 0x1, 0x1a, 0x88, 0x67, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast2, {[@noop, @timestamp_prespec={0x44, 0x4c, 0xc4, 0x3, 0x2, [{@rand_addr=0x64010102, 0x1}, {@private=0xa010101, 0x3ef6e572}, {@broadcast, 0x8}, {@broadcast, 0x1}, {@private=0xa010102, 0xe}, {@rand_addr=0x64010101, 0x7ff}, {@rand_addr=0x64010101}, {@broadcast, 0xb}, {@rand_addr=0x64010100, 0x3}]}, @timestamp_prespec={0x44, 0x24, 0x32, 0x3, 0x2, [{@broadcast, 0x1}, {@rand_addr=0x64010102, 0x4df4}, {@dev={0xac, 0x14, 0x14, 0x40}, 0x80}, {@rand_addr=0x64010100, 0xae}]}]}}}}}) r12 = socket(0x10, 0x803, 0x0) r13 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'team_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x7c, 0x2c, 0xd2b, 0x70bd2b, 0x25dfdbfb, {0x0, 0x0, 0x0, r14, {0xf}, {}, {0x7, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x50, 0x2, [@TCA_U32_SEL={0x44, 0x5, {0x6, 0x1, 0x3, 0x1, 0x4, 0x2, 0x6, 0x7ffffffa, [{0x203, 0x500, 0x3, 0x6}, {0x6783, 0x2, 0x8001, 0x10}, {0x0, 0x53, 0xa9, 0x1}]}}, @TCA_U32_LINK={0x8, 0x3, 0x80000000}]}}]}, 0x7c}}, 0x24040084) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000780)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000005c0)={&(0x7f0000000ac0)={0x3b8, r9, 0x300, 0x70bd2b, 0x25dfdbfc, {}, [{{0x8, 0x1, r6}, {0x1c0, 0x2, 0x0, 0x1, [{0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0x6, 0x1, 0x6}, {0x3, 0xe, 0x3}, {0xfc18, 0xd3, 0x0, 0x3}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r10}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xaa87}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r6}, {0x1d4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xa5d4}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x320fce96}}}]}}]}, 0x3b8}, 0x1, 0x0, 0x0, 0x8001}, 0x4000000) sendmsg$NFT_MSG_GETOBJ(r2, &(0x7f0000000400)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0xfc, 0x13, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_OBJ_USERDATA={0x38, 0x8, "0d2e961dddf53a9146d50594d75df8006cce98cb8ddcb8c6bf66dd49e25969f502dbe9e0c1229f9299757f09c9610f9792754ad3"}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0x81, 0x8, "cc4173a720dea4848af76d5b65bfc133bb098e431dd5f95694709413b9177bc10fcf9e6a68e549c5ab9133f14c9668bc0ce46da583e4902121d09261c29cf2eac80fe7414d5f0b4372fbedfdbac8c7e44ed49e5816030012eb02c407edf3ceb7da23ec716c006b5255447d94bb5d18c61b527606327e08d629af115032"}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0xa}]}, 0xfc}, 0x1, 0x0, 0x0, 0x4000}, 0x4000080) 0s ago: executing program 0 (id=1): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000700)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000008480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1869d0d4d9cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd3641130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce7400dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f000006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08e774c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d32872c494160cb7f33ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe94ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d263e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd311a40030f9ffce75ffff996a80153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00bb02000000000000c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be1557951854c01dbc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e9994ca9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676590bd2047229e0237c1e34641848531712ff09e89fb062a3e66f4fced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a60a0290bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b239a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a03bda7b6222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b38038002d29b3193cea9cd0a0ef4f5bce1cdaa99705a8fa48f61071f548d411353965615c24c1860790dfae0f4cdf8c8f8645a289a79f9b919b674f0325d81eacaa8399324a304885da01733bb7917ec5e52718eb05f9c1ffd69f834150e9100c215968e8fb31c83526e6f66897569e28d01ca6135a2acca398c1415e0f9b58b63ee9dc33608ba7e5c4bdf3f37d8e4f4f424be263d9c2a5204f41e9b0ee01ad4cc0519395b69c310c98d3c8edc7d07b30617f3535634257f5472d9f3263a6f04778a920c12000721bb82f9884780ac294b8bb07ebf6e3f16584e95607e319b2ea9778289c19fb775514246159bbfa9dc0fdf711d3efa316a3323c915a40e6d7c8f8d7daf98824fd0bc955dc9731cc8c7a600d94b8049af764688c7ffdd26b741b03b065ba9c586914d8beb94c8a265ace34172ed003357ddd400557230b2caba00"/2219], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x57, 0x10, &(0x7f0000000000), 0xffffffffffffffc9}, 0x48) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000180)=r2) bpf$ENABLE_STATS(0x20, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e27, 0xffffffff, @mcast2, 0x5}, 0x1c) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000006ec0)=[{{&(0x7f0000003280)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r3) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.241' (ED25519) to the list of known hosts. [ 68.684063][ T5852] cgroup: Unknown subsys name 'net' [ 68.889042][ T5852] cgroup: Unknown subsys name 'cpuset' [ 68.897617][ T5852] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 70.341211][ T5852] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 71.517835][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.524787][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 72.767628][ T5875] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 72.775524][ T5875] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 72.777895][ T5878] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 72.783368][ T5875] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 72.800061][ T5875] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 72.805327][ T5878] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 72.809188][ T5881] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 72.815874][ T5878] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 72.835468][ T5881] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 72.845352][ T5878] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 72.855480][ T5881] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 72.858105][ T5879] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 72.864229][ T5881] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 72.877534][ T5878] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 72.887491][ T5879] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 72.895876][ T5879] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 72.897450][ T5881] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 72.912647][ T5880] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 72.916450][ T5878] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 72.921460][ T5880] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 72.928306][ T5878] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 72.935124][ T5881] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 72.941760][ T5878] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 72.949316][ T5880] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 72.964012][ T5878] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 73.736007][ T5873] chnl_net:caif_netlink_parms(): no params data found [ 73.754356][ T5865] chnl_net:caif_netlink_parms(): no params data found [ 73.839701][ T5864] chnl_net:caif_netlink_parms(): no params data found [ 73.850153][ T5862] chnl_net:caif_netlink_parms(): no params data found [ 73.928940][ T5863] chnl_net:caif_netlink_parms(): no params data found [ 74.085380][ T5873] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.092729][ T5873] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.101703][ T5873] bridge_slave_0: entered allmulticast mode [ 74.109054][ T5873] bridge_slave_0: entered promiscuous mode [ 74.118188][ T5865] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.125597][ T5865] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.132863][ T5865] bridge_slave_0: entered allmulticast mode [ 74.140214][ T5865] bridge_slave_0: entered promiscuous mode [ 74.189786][ T5873] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.197438][ T5873] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.204758][ T5873] bridge_slave_1: entered allmulticast mode [ 74.211827][ T5873] bridge_slave_1: entered promiscuous mode [ 74.219678][ T5865] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.227328][ T5865] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.235154][ T5865] bridge_slave_1: entered allmulticast mode [ 74.242294][ T5865] bridge_slave_1: entered promiscuous mode [ 74.269638][ T5862] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.276952][ T5862] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.284225][ T5862] bridge_slave_0: entered allmulticast mode [ 74.292895][ T5862] bridge_slave_0: entered promiscuous mode [ 74.334124][ T5864] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.341897][ T5864] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.349497][ T5864] bridge_slave_0: entered allmulticast mode [ 74.357037][ T5864] bridge_slave_0: entered promiscuous mode [ 74.364117][ T5862] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.372439][ T5862] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.380143][ T5862] bridge_slave_1: entered allmulticast mode [ 74.387374][ T5862] bridge_slave_1: entered promiscuous mode [ 74.430121][ T5864] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.437706][ T5864] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.445733][ T5864] bridge_slave_1: entered allmulticast mode [ 74.452756][ T5864] bridge_slave_1: entered promiscuous mode [ 74.476103][ T5873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.489062][ T5873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.501724][ T5865] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.564379][ T5865] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.588695][ T5863] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.596610][ T5863] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.604271][ T5863] bridge_slave_0: entered allmulticast mode [ 74.611866][ T5863] bridge_slave_0: entered promiscuous mode [ 74.636063][ T5862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.670564][ T5863] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.678459][ T5863] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.686451][ T5863] bridge_slave_1: entered allmulticast mode [ 74.693595][ T5863] bridge_slave_1: entered promiscuous mode [ 74.703764][ T5864] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.717036][ T5864] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.728700][ T5862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.753878][ T5873] team0: Port device team_slave_0 added [ 74.761484][ T5865] team0: Port device team_slave_0 added [ 74.822708][ T5873] team0: Port device team_slave_1 added [ 74.831197][ T5865] team0: Port device team_slave_1 added [ 74.855977][ T5863] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 74.868664][ T5863] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 74.891495][ T5862] team0: Port device team_slave_0 added [ 74.945267][ T5864] team0: Port device team_slave_0 added [ 74.952983][ T5862] team0: Port device team_slave_1 added [ 74.988434][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 74.995846][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.021987][ T5865] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.035836][ T5881] Bluetooth: hci1: command tx timeout [ 75.035840][ T5869] Bluetooth: hci2: command tx timeout [ 75.036029][ T5869] Bluetooth: hci0: command tx timeout [ 75.041640][ T5881] Bluetooth: hci3: command tx timeout [ 75.047305][ T5869] Bluetooth: hci4: command tx timeout [ 75.063745][ T5863] team0: Port device team_slave_0 added [ 75.070497][ T5863] team0: Port device team_slave_1 added [ 75.079110][ T5864] team0: Port device team_slave_1 added [ 75.097851][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.105197][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.131477][ T5873] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.143303][ T5865] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.150752][ T5865] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.178094][ T5865] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.240999][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.248020][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.275416][ T5862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.288527][ T5862] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.295738][ T5862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.322756][ T5862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.335102][ T5873] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.342049][ T5873] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.370617][ T5873] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.420820][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.427925][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.455065][ T5864] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.473242][ T5864] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.480620][ T5864] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.507606][ T5864] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.556856][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 75.563828][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.590023][ T5863] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 75.602712][ T5863] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 75.610083][ T5863] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 75.637661][ T5863] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 75.680294][ T5865] hsr_slave_0: entered promiscuous mode [ 75.686744][ T5865] hsr_slave_1: entered promiscuous mode [ 75.699500][ T5873] hsr_slave_0: entered promiscuous mode [ 75.706102][ T5873] hsr_slave_1: entered promiscuous mode [ 75.712414][ T5873] debugfs: 'hsr0' already exists in 'hsr' [ 75.718770][ T5873] Cannot create hsr debugfs directory [ 75.804889][ T5864] hsr_slave_0: entered promiscuous mode [ 75.811211][ T5864] hsr_slave_1: entered promiscuous mode [ 75.817523][ T5864] debugfs: 'hsr0' already exists in 'hsr' [ 75.823425][ T5864] Cannot create hsr debugfs directory [ 75.857468][ T5862] hsr_slave_0: entered promiscuous mode [ 75.863844][ T5862] hsr_slave_1: entered promiscuous mode [ 75.870468][ T5862] debugfs: 'hsr0' already exists in 'hsr' [ 75.876387][ T5862] Cannot create hsr debugfs directory [ 75.998490][ T5863] hsr_slave_0: entered promiscuous mode [ 76.006310][ T5863] hsr_slave_1: entered promiscuous mode [ 76.012569][ T5863] debugfs: 'hsr0' already exists in 'hsr' [ 76.018632][ T5863] Cannot create hsr debugfs directory [ 76.553971][ T5865] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 76.568982][ T5865] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 76.579726][ T5865] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 76.599809][ T5865] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 76.655462][ T5873] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 76.668544][ T5873] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 76.683430][ T5873] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 76.696872][ T5873] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 76.784105][ T5862] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 76.807967][ T5862] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 76.820526][ T5862] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 76.849228][ T5862] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 76.935801][ T5864] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 76.966550][ T5864] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 76.998480][ T5864] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 77.008516][ T5864] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 77.083490][ T5865] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.103852][ T5863] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 77.114932][ T5874] Bluetooth: hci0: command tx timeout [ 77.114992][ T51] Bluetooth: hci2: command tx timeout [ 77.120382][ T5874] Bluetooth: hci4: command tx timeout [ 77.126478][ T5881] Bluetooth: hci1: command tx timeout [ 77.131704][ T5869] Bluetooth: hci3: command tx timeout [ 77.162536][ T5863] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 77.183392][ T5863] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 77.193491][ T5863] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 77.226793][ T5865] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.248997][ T5873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.277444][ T3002] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.284931][ T3002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.301702][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.309431][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.338722][ T5873] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.368238][ T1160] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.375651][ T1160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.411549][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.418877][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.442839][ T5862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.508800][ T5862] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.541323][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.548554][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.627638][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.634840][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.722332][ T5873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.787194][ T5864] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.876906][ T5864] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.893292][ T5863] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.950375][ T5863] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.977952][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.985213][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.053366][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.060732][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.082774][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.090099][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 78.110344][ T5865] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.136443][ T1160] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.144061][ T1160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 78.264156][ T5865] veth0_vlan: entered promiscuous mode [ 78.285540][ T5873] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.351009][ T5865] veth1_vlan: entered promiscuous mode [ 78.393791][ T5862] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.535036][ T5873] veth0_vlan: entered promiscuous mode [ 78.611994][ T5873] veth1_vlan: entered promiscuous mode [ 78.637289][ T5865] veth0_macvtap: entered promiscuous mode [ 78.653274][ T5865] veth1_macvtap: entered promiscuous mode [ 78.732433][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 78.781951][ T5865] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 78.830239][ T5873] veth0_macvtap: entered promiscuous mode [ 78.857063][ T5873] veth1_macvtap: entered promiscuous mode [ 78.887952][ T994] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.903023][ T5864] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 78.950154][ T994] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.972424][ T994] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 78.997667][ T994] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.020657][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.044431][ T5863] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 79.061581][ T5873] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.159502][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.168432][ T3002] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.182283][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.187727][ T3002] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.200839][ T5869] Bluetooth: hci1: command tx timeout [ 79.200865][ T5881] Bluetooth: hci2: command tx timeout [ 79.206501][ T5878] Bluetooth: hci0: command tx timeout [ 79.211874][ T5881] Bluetooth: hci3: command tx timeout [ 79.218198][ T5874] Bluetooth: hci4: command tx timeout [ 79.240618][ T5862] veth0_vlan: entered promiscuous mode [ 79.258148][ T3002] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.267618][ T3002] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.338814][ T4568] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.340681][ T5862] veth1_vlan: entered promiscuous mode [ 79.348843][ T4568] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.355195][ T5864] veth0_vlan: entered promiscuous mode [ 79.430842][ T5864] veth1_vlan: entered promiscuous mode [ 79.469216][ T5863] veth0_vlan: entered promiscuous mode [ 79.482017][ T5865] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 79.503822][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.517957][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.526008][ T5863] veth1_vlan: entered promiscuous mode [ 79.557665][ T5862] veth0_macvtap: entered promiscuous mode [ 79.610219][ T5862] veth1_macvtap: entered promiscuous mode [ 79.670846][ T1160] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 79.686522][ T1160] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.692662][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.712960][ T5864] veth0_macvtap: entered promiscuous mode [ 79.729576][ T5863] veth0_macvtap: entered promiscuous mode [ 79.745902][ T5862] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 79.776277][ T5987] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 79.777083][ T5864] veth1_macvtap: entered promiscuous mode [ 79.822925][ T1160] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.839121][ T1160] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.868818][ T1160] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.879831][ T5863] veth1_macvtap: entered promiscuous mode [ 79.899681][ T1160] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 79.920839][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 79.971958][ T5864] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.050687][ T4568] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.059775][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.081009][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.089999][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.112314][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.184214][ T5863] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.219543][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.223729][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.237249][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.252971][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.284037][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.298964][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.337680][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.350498][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.469232][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.487003][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.528017][ T1160] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.550259][ T1160] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.680574][ T3002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.719972][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.734681][ T3002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.755175][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.843527][ T6001] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list Connection to 10.128.1.241 closed by remote host. [ 81.274753][ C0] ------------[ cut here ]------------ [ 81.280872][ C0] workqueue: cannot queue hci_cmd_timeout on wq hci0 [ 81.287666][ C0] WARNING: CPU: 0 PID: 5860 at kernel/workqueue.c:2256 __queue_work+0xd38/0xfb0 [ 81.296761][ C0] Modules linked in: [ 81.300805][ C0] CPU: 0 UID: 0 PID: 5860 Comm: syz-executor Not tainted 6.16.0-syzkaller-12065-gbc4c0a48bdad #0 PREEMPT(full) [ 81.312629][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.322982][ C0] RIP: 0010:__queue_work+0xd38/0xfb0 [ 81.327399][ T5874] Bluetooth: hci3: command tx timeout [ 81.328287][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 83 06 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 df 89 8b 4c 89 fa e8 49 3a f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 ba 9b 35 00 90 0f 0b 90 e9 dd fc ff [ 81.333678][ T5874] Bluetooth: hci2: command tx timeout [ 81.353501][ C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010046 [ 81.353522][ C0] RAX: 26ac8da7895a7400 RBX: 0000000000000100 RCX: ffff88802a495a00 [ 81.353535][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 81.353545][ C0] RBP: 1ffff1100501ae38 R08: 0000000000000003 R09: 0000000000000004 [ 81.353557][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 81.353570][ C0] R13: ffff8880318c8988 R14: 0000000000000008 R15: ffff8880280d7178 [ 81.353583][ C0] FS: 0000000000000000(0000) GS:ffff888125c21000(0000) knlGS:0000000000000000 [ 81.353597][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.353610][ C0] CR2: 0000001b33409ff8 CR3: 000000000df36000 CR4: 00000000003526f0 [ 81.353627][ C0] Call Trace: [ 81.353636][ C0] [ 81.353658][ C0] call_timer_fn+0x17e/0x5f0 [ 81.353691][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 81.353714][ C0] ? call_timer_fn+0xbe/0x5f0 [ 81.353742][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 81.353777][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 81.353804][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 81.353829][ C0] __run_timer_base+0x646/0x860 [ 81.353855][ C0] ? ktime_get+0x3e/0x1f0 [ 81.353884][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 81.481016][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 81.487267][ C0] run_timer_softirq+0xb7/0x180 [ 81.492111][ C0] handle_softirqs+0x283/0x870 [ 81.496874][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 81.501639][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 81.506926][ C0] __irq_exit_rcu+0xca/0x1f0 [ 81.511522][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 81.516721][ C0] irq_exit_rcu+0x9/0x30 [ 81.521011][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 81.526640][ C0] [ 81.529575][ C0] [ 81.532494][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 81.538472][ C0] RIP: 0010:lock_release+0x2b5/0x3e0 [ 81.543757][ C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 7b 81 02 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e [ 81.563353][ C0] RSP: 0018:ffffc900040ef4d0 EFLAGS: 00000206 [ 81.569501][ C0] RAX: 26ac8da7895a7400 RBX: 0000000000000202 RCX: 26ac8da7895a7400 [ 81.577636][ C0] RDX: 0000000000000000 RSI: ffffffff8dba3961 RDI: ffffffff8be32680 [ 81.585607][ C0] RBP: ffff88802a4964f0 R08: ffffc900040ef667 R09: 0000000000000000 [ 81.593577][ C0] R10: ffffc900040ef658 R11: fffff5200081decd R12: 0000000000000000 [ 81.601628][ C0] R13: 0000000000000000 R14: ffffffff8e139ee0 R15: ffff88802a495a00 [ 81.609710][ C0] ? unwind_next_frame+0xa5/0x2390 [ 81.614825][ C0] ? unwind_next_frame+0xa5/0x2390 [ 81.619941][ C0] unwind_next_frame+0x19a9/0x2390 [ 81.625367][ C0] ? unwind_next_frame+0xa5/0x2390 [ 81.630477][ C0] ? exit_to_user_mode_loop+0x75/0x110 [ 81.635944][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 81.642115][ C0] arch_stack_walk+0x11c/0x150 [ 81.646880][ C0] ? do_syscall_64+0x2bd/0x3b0 [ 81.651657][ C0] stack_trace_save+0x9c/0xe0 [ 81.656326][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 81.661700][ C0] save_stack+0xf5/0x1f0 [ 81.665943][ C0] ? __pfx_save_stack+0x10/0x10 [ 81.670816][ C0] ? __free_frozen_pages+0xbc4/0xd30 [ 81.676118][ C0] ? vfree+0x25a/0x400 [ 81.680201][ C0] ? kcov_close+0x28/0x50 [ 81.684553][ C0] ? __fput+0x44c/0xa70 [ 81.688716][ C0] ? task_work_run+0x1d4/0x260 [ 81.693608][ C0] ? do_exit+0x6b5/0x2300 [ 81.697954][ C0] ? do_group_exit+0x21c/0x2d0 [ 81.702733][ C0] ? get_signal+0x1286/0x1340 [ 81.707505][ C0] ? arch_do_signal_or_restart+0x9a/0x750 [ 81.713237][ C0] ? exit_to_user_mode_loop+0x75/0x110 [ 81.718705][ C0] __reset_page_owner+0x71/0x1f0 [ 81.723641][ C0] __free_frozen_pages+0xbc4/0xd30 [ 81.728753][ C0] vfree+0x25a/0x400 [ 81.732643][ C0] ? __pfx_kcov_close+0x10/0x10 [ 81.737575][ C0] kcov_close+0x28/0x50 [ 81.741812][ C0] __fput+0x44c/0xa70 [ 81.745879][ C0] task_work_run+0x1d4/0x260 [ 81.750640][ C0] ? __pfx_task_work_run+0x10/0x10 [ 81.755755][ C0] ? kmem_cache_free+0x18f/0x400 [ 81.760789][ C0] do_exit+0x6b5/0x2300 [ 81.764944][ C0] ? do_raw_spin_lock+0x121/0x290 [ 81.769962][ C0] ? __pfx_do_exit+0x10/0x10 [ 81.774557][ C0] do_group_exit+0x21c/0x2d0 [ 81.779231][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 81.784436][ C0] get_signal+0x1286/0x1340 [ 81.788952][ C0] arch_do_signal_or_restart+0x9a/0x750 [ 81.794506][ C0] ? __pfx___x64_sys_wait4+0x10/0x10 [ 81.799873][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 81.806218][ C0] ? exit_to_user_mode_loop+0x40/0x110 [ 81.811682][ C0] exit_to_user_mode_loop+0x75/0x110 [ 81.816991][ C0] do_syscall_64+0x2bd/0x3b0 [ 81.821594][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 81.826878][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.832960][ C0] ? clear_bhb_loop+0x60/0xb0 [ 81.837668][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.843672][ C0] RIP: 0033:0x7f3eac184e13 [ 81.848273][ C0] Code: Unable to access opcode bytes at 0x7f3eac184de9. [ 81.855287][ C0] RSP: 002b:00007ffc8a7f6918 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 81.863704][ C0] RAX: fffffffffffffe00 RBX: 00000000000016f1 RCX: 00007f3eac184e13 [ 81.871669][ C0] RDX: 0000000040000000 RSI: 00007ffc8a7f692c RDI: 00000000ffffffff [ 81.879807][ C0] RBP: 00007ffc8a7f692c R08: 0000000000000000 R09: 0000000000000000 [ 81.887768][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 81.895730][ C0] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 81.903720][ C0] [ 81.906754][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 81.914233][ C0] CPU: 0 UID: 0 PID: 5860 Comm: syz-executor Not tainted 6.16.0-syzkaller-12065-gbc4c0a48bdad #0 PREEMPT(full) [ 81.926204][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 81.936260][ C0] Call Trace: [ 81.939551][ C0] [ 81.942481][ C0] dump_stack_lvl+0x99/0x250 [ 81.947078][ C0] ? __asan_memcpy+0x40/0x70 [ 81.951676][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 81.956903][ C0] ? __pfx__printk+0x10/0x10 [ 81.961585][ C0] vpanic+0x281/0x750 [ 81.965659][ C0] ? __pfx__printk+0x10/0x10 [ 81.970265][ C0] ? __pfx_vpanic+0x10/0x10 [ 81.974766][ C0] ? is_bpf_text_address+0x292/0x2b0 [ 81.980200][ C0] panic+0xb9/0xc0 [ 81.983933][ C0] ? __pfx_panic+0x10/0x10 [ 81.988455][ C0] __warn+0x31b/0x4b0 [ 81.992563][ C0] ? __queue_work+0xd38/0xfb0 [ 81.997236][ C0] ? __queue_work+0xd38/0xfb0 [ 82.001992][ C0] report_bug+0x2be/0x4f0 [ 82.006406][ C0] ? __queue_work+0xd38/0xfb0 [ 82.011118][ C0] ? __queue_work+0xd38/0xfb0 [ 82.015784][ C0] ? __queue_work+0xd3a/0xfb0 [ 82.020450][ C0] handle_bug+0x84/0x160 [ 82.024690][ C0] exc_invalid_op+0x1a/0x50 [ 82.029278][ C0] asm_exc_invalid_op+0x1a/0x20 [ 82.034117][ C0] RIP: 0010:__queue_work+0xd38/0xfb0 [ 82.039391][ C0] Code: 42 80 3c 20 00 74 08 4c 89 ef e8 83 06 99 00 49 8b 75 00 49 81 c7 78 01 00 00 48 c7 c7 20 df 89 8b 4c 89 fa e8 49 3a f9 ff 90 <0f> 0b 90 90 e9 1a f5 ff ff e8 ba 9b 35 00 90 0f 0b 90 e9 dd fc ff [ 82.058989][ C0] RSP: 0018:ffffc90000007b10 EFLAGS: 00010046 [ 82.065150][ C0] RAX: 26ac8da7895a7400 RBX: 0000000000000100 RCX: ffff88802a495a00 [ 82.073192][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 82.081158][ C0] RBP: 1ffff1100501ae38 R08: 0000000000000003 R09: 0000000000000004 [ 82.089297][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa1ec R12: dffffc0000000000 [ 82.097438][ C0] R13: ffff8880318c8988 R14: 0000000000000008 R15: ffff8880280d7178 [ 82.105438][ C0] call_timer_fn+0x17e/0x5f0 [ 82.110146][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 82.115984][ C0] ? call_timer_fn+0xbe/0x5f0 [ 82.120748][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 82.125870][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 82.131060][ C0] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 82.136943][ C0] __run_timer_base+0x646/0x860 [ 82.141786][ C0] ? ktime_get+0x3e/0x1f0 [ 82.146204][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 82.151567][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 82.157903][ C0] run_timer_softirq+0xb7/0x180 [ 82.162835][ C0] handle_softirqs+0x283/0x870 [ 82.167589][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 82.172366][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 82.177701][ C0] __irq_exit_rcu+0xca/0x1f0 [ 82.182291][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 82.187481][ C0] irq_exit_rcu+0x9/0x30 [ 82.191796][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 82.197426][ C0] [ 82.200341][ C0] [ 82.203259][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 82.209316][ C0] RIP: 0010:lock_release+0x2b5/0x3e0 [ 82.214599][ C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 7b 81 02 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e [ 82.234208][ C0] RSP: 0018:ffffc900040ef4d0 EFLAGS: 00000206 [ 82.240272][ C0] RAX: 26ac8da7895a7400 RBX: 0000000000000202 RCX: 26ac8da7895a7400 [ 82.248234][ C0] RDX: 0000000000000000 RSI: ffffffff8dba3961 RDI: ffffffff8be32680 [ 82.256190][ C0] RBP: ffff88802a4964f0 R08: ffffc900040ef667 R09: 0000000000000000 [ 82.264152][ C0] R10: ffffc900040ef658 R11: fffff5200081decd R12: 0000000000000000 [ 82.272129][ C0] R13: 0000000000000000 R14: ffffffff8e139ee0 R15: ffff88802a495a00 [ 82.280111][ C0] ? unwind_next_frame+0xa5/0x2390 [ 82.285230][ C0] ? unwind_next_frame+0xa5/0x2390 [ 82.290333][ C0] unwind_next_frame+0x19a9/0x2390 [ 82.295711][ C0] ? unwind_next_frame+0xa5/0x2390 [ 82.300899][ C0] ? exit_to_user_mode_loop+0x75/0x110 [ 82.306430][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 82.312573][ C0] arch_stack_walk+0x11c/0x150 [ 82.317446][ C0] ? do_syscall_64+0x2bd/0x3b0 [ 82.322389][ C0] stack_trace_save+0x9c/0xe0 [ 82.327244][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 82.332618][ C0] save_stack+0xf5/0x1f0 [ 82.336862][ C0] ? __pfx_save_stack+0x10/0x10 [ 82.341963][ C0] ? __free_frozen_pages+0xbc4/0xd30 [ 82.347257][ C0] ? vfree+0x25a/0x400 [ 82.351336][ C0] ? kcov_close+0x28/0x50 [ 82.355766][ C0] ? __fput+0x44c/0xa70 [ 82.359930][ C0] ? task_work_run+0x1d4/0x260 [ 82.364696][ C0] ? do_exit+0x6b5/0x2300 [ 82.369024][ C0] ? do_group_exit+0x21c/0x2d0 [ 82.373791][ C0] ? get_signal+0x1286/0x1340 [ 82.378465][ C0] ? arch_do_signal_or_restart+0x9a/0x750 [ 82.384203][ C0] ? exit_to_user_mode_loop+0x75/0x110 [ 82.389764][ C0] __reset_page_owner+0x71/0x1f0 [ 82.394770][ C0] __free_frozen_pages+0xbc4/0xd30 [ 82.400002][ C0] vfree+0x25a/0x400 [ 82.403919][ C0] ? __pfx_kcov_close+0x10/0x10 [ 82.408763][ C0] kcov_close+0x28/0x50 [ 82.412937][ C0] __fput+0x44c/0xa70 [ 82.416922][ C0] task_work_run+0x1d4/0x260 [ 82.421525][ C0] ? __pfx_task_work_run+0x10/0x10 [ 82.426673][ C0] ? kmem_cache_free+0x18f/0x400 [ 82.431699][ C0] do_exit+0x6b5/0x2300 [ 82.435854][ C0] ? do_raw_spin_lock+0x121/0x290 [ 82.440886][ C0] ? __pfx_do_exit+0x10/0x10 [ 82.445478][ C0] do_group_exit+0x21c/0x2d0 [ 82.450066][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 82.455365][ C0] get_signal+0x1286/0x1340 [ 82.459868][ C0] arch_do_signal_or_restart+0x9a/0x750 [ 82.465409][ C0] ? __pfx___x64_sys_wait4+0x10/0x10 [ 82.470704][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 82.476869][ C0] ? exit_to_user_mode_loop+0x40/0x110 [ 82.482325][ C0] exit_to_user_mode_loop+0x75/0x110 [ 82.487611][ C0] do_syscall_64+0x2bd/0x3b0 [ 82.492227][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 82.497416][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.503466][ C0] ? clear_bhb_loop+0x60/0xb0 [ 82.508133][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 82.514037][ C0] RIP: 0033:0x7f3eac184e13 [ 82.518445][ C0] Code: Unable to access opcode bytes at 0x7f3eac184de9. [ 82.525458][ C0] RSP: 002b:00007ffc8a7f6918 EFLAGS: 00000202 ORIG_RAX: 000000000000003d [ 82.533968][ C0] RAX: fffffffffffffe00 RBX: 00000000000016f1 RCX: 00007f3eac184e13 [ 82.542022][ C0] RDX: 0000000040000000 RSI: 00007ffc8a7f692c RDI: 00000000ffffffff [ 82.550076][ C0] RBP: 00007ffc8a7f692c R08: 0000000000000000 R09: 0000000000000000 [ 82.558111][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000008 [ 82.566081][ C0] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 82.574058][ C0] [ 82.577389][ C0] Kernel Offset: disabled [ 82.581713][ C0] Rebooting in 86400 seconds..