last executing test programs:

2.699608232s ago: executing program 1 (id=143):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f00000002c0)={0x2005, 0x0, 0x8f51, 0x8b, 0x1, 0x2e, 0x7, "3a6cdd7bfc75a3aabc1b5bcbc90a0000ca004000", "fcd54902106c93bb93cc28d779f5a47196a13199"})

2.622300956s ago: executing program 1 (id=145):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x5, 0x4, 0x8, 0xc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000000000000000000001080021850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=@newlink={0x40, 0x10, 0x439, 0x70fd2c, 0xffffffea, {0x0, 0x0, 0xe403, 0x0, 0x3, 0x610c3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @dev}, @IFLA_IPTUN_6RD_RELAY_PREFIXLEN={0x6, 0xe, 0x40}]}}}]}, 0x40}}, 0x0)

2.531691577s ago: executing program 1 (id=150):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x191}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @multicast2}, @IFLA_GRE_LINK={0x8}]}}}, @IFLA_LINK={0x8}, @IFLA_MTU={0x8, 0x4, 0x200}]}, 0x54}}, 0x0)

2.460975854s ago: executing program 1 (id=153):
socket$l2tp6(0xa, 0x2, 0x73)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02000000"], 0x10)
socket$l2tp6(0xa, 0x2, 0x73)

2.384523453s ago: executing program 1 (id=155):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000008c0)=@delneigh={0x28, 0x1d, 0x1, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x0, 0x0, 0x2, 0x21}, [@NDA_DST_MAC={0xa, 0x1, @link_local}]}, 0x28}}, 0x14)

2.096465024s ago: executing program 1 (id=160):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x7ffffffe, 0x0, 0x0)

934.535653ms ago: executing program 2 (id=176):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1d, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0xae}}]}, &(0x7f0000000180)='syzkaller\x00', 0x4, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x1b}, 0x94)

934.274615ms ago: executing program 2 (id=177):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711239000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x94)

889.779104ms ago: executing program 2 (id=179):
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000007112bb000000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

790.171037ms ago: executing program 2 (id=180):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4098, 0x1002}, {&(0x7f0000000740)=""/105, 0x69}, {&(0x7f0000000640)=""/196, 0xc4}], 0x3}, 0x0)

639.765861ms ago: executing program 0 (id=182):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r0, 0x0, r1, 0x0, 0x10500, 0x0)

579.012483ms ago: executing program 0 (id=183):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x12, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000360000000000000000000000911237000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)

578.702575ms ago: executing program 0 (id=184):
syz_emit_ethernet(0x3e, &(0x7f0000000080)={@link_local={0x3, 0x80, 0xc2, 0x18}, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x67, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0xd4aa6c3a0ba5a270, 0x0, 0x0, 0x9, 0x7, {0x5, 0x4, 0x0, 0x30, 0xc07, 0x64, 0x5, 0xea, 0x32, 0x0, @broadcast, @loopback}}}}}}, 0x0)

490.452259ms ago: executing program 0 (id=185):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000240)={0x84, r1, 0x813, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD, @TIPC_NLA_MON_REF, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x84}}, 0x0)

420.246743ms ago: executing program 0 (id=186):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$tipc(0x1e, 0x5, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
r2 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/254, 0xfe}], 0x1}, 0x20)
sendmmsg(r2, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r3, &(0x7f0000000100)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r3, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)

189.770255ms ago: executing program 0 (id=187):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@newlink={0x3c, 0x10, 0x609, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x100a0}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0xd8}, @IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipoib={{0xa}, {0x4}}}]}, 0x3c}}, 0x0)

365.23µs ago: executing program 2 (id=188):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="5c0000000206010800000000000000000000000014000780080011400000000005001500100000000500010006000000050005000a00000005000400000000000900020073797a310000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)

0s ago: executing program 2 (id=189):
r0 = socket(0x10, 0x3, 0x4)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x68, 0x14, 0xf0b, 0x4, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4}, {0xb, 0x1}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x0, 0xec, 0x200, 0x80000a, 0x0, 0x1, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x6, 0xc, 0x18, 0x8, 0x1, 0x8, 0x2}}, {0x4}}]}]}, 0x68}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:52115' (ED25519) to the list of known hosts.
syzkaller login: [   48.885562][ T5800] cgroup: Unknown subsys name 'net'
[   48.983746][ T5800] cgroup: Unknown subsys name 'cpuset'
[   48.990524][ T5800] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.759445][ T5800] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.292141][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.300253][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.303893][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.307676][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.311874][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.365409][ T5824] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.370261][ T5824] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.373727][ T5824] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.378255][ T5824] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.383336][ T5824] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.476051][ T5824] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.480192][ T5824] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.484285][ T5824] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.488607][ T5824] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.492905][ T5824] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.647816][ T5825] chnl_net:caif_netlink_parms(): no params data found
[   55.708284][ T5820] chnl_net:caif_netlink_parms(): no params data found
[   55.748804][ T5825] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.752374][ T5825] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.755098][ T5825] bridge_slave_0: entered allmulticast mode
[   55.758144][ T5825] bridge_slave_0: entered promiscuous mode
[   55.766941][ T5825] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.769923][ T5825] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.772500][ T5825] bridge_slave_1: entered allmulticast mode
[   55.775436][ T5825] bridge_slave_1: entered promiscuous mode
[   55.810140][ T5825] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.836642][ T5825] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.855724][ T5820] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.859048][ T5820] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.862186][ T5820] bridge_slave_0: entered allmulticast mode
[   55.866198][ T5820] bridge_slave_0: entered promiscuous mode
[   55.905139][ T5820] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.908246][ T5820] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.912401][ T5820] bridge_slave_1: entered allmulticast mode
[   55.916409][ T5820] bridge_slave_1: entered promiscuous mode
[   55.921907][ T5825] team0: Port device team_slave_0 added
[   55.942099][ T5825] team0: Port device team_slave_1 added
[   55.956394][ T5820] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.968655][ T5820] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.986415][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   56.006804][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.009978][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.020987][ T5825] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.043791][ T5820] team0: Port device team_slave_0 added
[   56.046608][ T5825] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.050522][ T5825] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.059453][ T5825] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.068342][ T5820] team0: Port device team_slave_1 added
[   56.111647][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.114559][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.126241][ T5820] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.141611][ T5825] hsr_slave_0: entered promiscuous mode
[   56.144000][ T5825] hsr_slave_1: entered promiscuous mode
[   56.154064][ T5820] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.157006][ T5820] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.168380][ T5820] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.201345][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.203713][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   56.206113][ T5827] bridge_slave_0: entered allmulticast mode
[   56.208767][ T5827] bridge_slave_0: entered promiscuous mode
[   56.212271][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.214507][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   56.216878][ T5827] bridge_slave_1: entered allmulticast mode
[   56.219883][ T5827] bridge_slave_1: entered promiscuous mode
[   56.276561][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   56.301497][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.311328][ T5820] hsr_slave_0: entered promiscuous mode
[   56.314703][ T5820] hsr_slave_1: entered promiscuous mode
[   56.317704][ T5820] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.321918][ T5820] Cannot create hsr debugfs directory
[   56.353667][ T5827] team0: Port device team_slave_0 added
[   56.374298][ T5827] team0: Port device team_slave_1 added
[   56.432349][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.434761][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.443628][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.454014][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.456341][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.465607][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.562911][ T5827] hsr_slave_0: entered promiscuous mode
[   56.566304][ T5827] hsr_slave_1: entered promiscuous mode
[   56.570275][ T5827] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.573423][ T5827] Cannot create hsr debugfs directory
[   56.611439][ T5825] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.634326][ T5825] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.671982][ T5825] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.686346][ T5825] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.767592][ T5820] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.772417][ T5820] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.781949][ T5820] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.790635][ T5820] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.852359][ T5827] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.858792][ T5827] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.866867][ T5827] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.874614][ T5827] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.945195][ T5825] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.970509][ T5825] 8021q: adding VLAN 0 to HW filter on device team0
[   56.980585][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.982968][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.995323][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.997801][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.048065][ T5820] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.057311][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.070668][ T5820] 8021q: adding VLAN 0 to HW filter on device team0
[   57.084462][  T996] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.086951][  T996] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.095407][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   57.106935][  T996] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.109330][  T996] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.113994][  T996] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.116305][  T996] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.129827][  T996] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.132125][  T996] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.162189][ T5820] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.191398][ T5825] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.232233][ T5825] veth0_vlan: entered promiscuous mode
[   57.237412][ T5825] veth1_vlan: entered promiscuous mode
[   57.254253][ T5825] veth0_macvtap: entered promiscuous mode
[   57.258703][ T5825] veth1_macvtap: entered promiscuous mode
[   57.282532][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.294143][ T5825] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.303834][ T5820] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.307215][ T5825] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.311235][ T5825] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.314036][ T5825] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.316776][ T5825] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.325026][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.359498][ T5824] Bluetooth: hci0: command tx timeout
[   57.402057][ T5827] veth0_vlan: entered promiscuous mode
[   57.407346][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.407593][ T5820] veth0_vlan: entered promiscuous mode
[   57.419828][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.429511][ T5824] Bluetooth: hci1: command tx timeout
[   57.437079][ T5820] veth1_vlan: entered promiscuous mode
[   57.453161][ T5827] veth1_vlan: entered promiscuous mode
[   57.484391][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.487761][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.509651][ T5824] Bluetooth: hci2: command tx timeout
[   57.510231][ T5827] veth0_macvtap: entered promiscuous mode
[   57.517403][ T5827] veth1_macvtap: entered promiscuous mode
[   57.544016][ T5820] veth0_macvtap: entered promiscuous mode
[   57.551955][ T5820] veth1_macvtap: entered promiscuous mode
[   57.582510][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.587716][ T5825] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.588203][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.605355][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.617313][ T5820] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.625320][ T5827] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.628141][ T5827] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.638931][ T5827] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.647352][ T5827] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.660677][ T5820] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.663472][ T5820] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.666247][ T5820] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.671158][ T5820] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.767527][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.771905][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.801907][   T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.804648][   T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.836194][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.838726][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.866291][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.872502][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.876461][ T5893] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6'.
[   57.951675][ T5895] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.979210][ T5900] netlink: 'syz.0.1': attribute type 4 has an invalid length.
[   58.014739][ T5902] netlink: 'syz.2.8': attribute type 2 has an invalid length.
[   58.032896][ T5906] openvswitch: netlink: Key type 30 is not supported
[   58.113541][ T5912] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   58.283257][ T5926] netlink: 22 bytes leftover after parsing attributes in process `syz.2.20'.
[   58.298422][ T5926] Zero length message leads to an empty skb
[   58.373005][ T5933] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.402680][ T5916] infiniband syz0: set down
[   58.404793][ T5916] infiniband syz0: added ipvlan1
[   58.420694][ T5938] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26'.
[   58.424238][ T5938] openvswitch: netlink: nsh attr 12 is out of range max 3
[   58.426735][ T5938] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   58.446949][ T5916] RDS/IB: syz0: added
[   58.456353][ T5916] smc: adding ib device syz0 with port count 1
[   58.458456][ T5916] smc:    ib device syz0 port 1 has pnetid 
[   59.023699][ T5916] syz.1.14 (5916) used greatest stack depth: 19848 bytes left
[   59.181327][ T5982] netlink: 8 bytes leftover after parsing attributes in process `syz.2.47'.
[   59.304210][ T5995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.50'.
[   59.355573][ T5977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   59.429445][ T5824] Bluetooth: hci0: command tx timeout
[   59.434861][ T5977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   59.509378][ T5824] Bluetooth: hci1: command tx timeout
[   59.520263][ T5977] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   59.594149][ T5824] Bluetooth: hci2: command tx timeout
[   59.617556][ T6013] Unsupported ieee802154 address type: 0
[   59.904659][ T6039] netlink: 32 bytes leftover after parsing attributes in process `syz.2.72'.
[   60.096270][ T6062] netlink: 'syz.2.81': attribute type 1 has an invalid length.
[   60.115012][ T6061] netlink: 256 bytes leftover after parsing attributes in process `syz.0.80'.
[   60.430019][ T6086] Cannot find set identified by id 0 to match
[   60.502778][ T6093] netlink: 'syz.0.89': attribute type 83 has an invalid length.
[   60.616235][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.95'.
[   60.671188][ T6101] syzkaller0: entered promiscuous mode
[   60.673398][ T6101] syzkaller0: entered allmulticast mode
[   60.712859][ T6101] tipc: Started in network mode
[   60.718721][ T6101] tipc: Node identity 7273af425eb9, cluster identity 4711
[   60.729324][ T6101] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[   60.752798][ T6099] tipc: Resetting bearer <eth:syzkaller0>
[   60.786158][ T6099] tipc: Disabling bearer <eth:syzkaller0>
[   60.883056][ T6122] netlink: 52 bytes leftover after parsing attributes in process `syz.2.102'.
[   60.973527][ T6132] netlink: 'syz.1.106': attribute type 1 has an invalid length.
[   60.977530][ T6132] netlink: 244 bytes leftover after parsing attributes in process `syz.1.106'.
[   61.095460][ T6143] vlan2: entered promiscuous mode
[   61.101234][ T6143] bridge0: entered promiscuous mode
[   61.336973][ T6164] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   61.407643][ T6169] ipvlan2: entered promiscuous mode
[   61.509520][ T5824] Bluetooth: hci0: command tx timeout
[   61.581740][ T6181] syz.0.128 uses obsolete (PF_INET,SOCK_PACKET)
[   61.590433][ T5824] Bluetooth: hci1: command tx timeout
[   61.669978][ T5824] Bluetooth: hci2: command tx timeout
[   62.148516][ T6223] warning: `syz.0.148' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   62.212210][ T6227] gretap1: entered promiscuous mode
[   62.280503][ T6234] netlink: 'syz.2.154': attribute type 1 has an invalid length.
[   62.590327][ T5839] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.650126][ T5839] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.733331][ T5839] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.790157][ T5839] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   62.866481][ T5201] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   62.874005][ T5201] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   62.877399][ T5201] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   62.882757][ T5201] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   62.886741][ T5201] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   62.956021][ T6258] netlink: 'syz.0.164': attribute type 4 has an invalid length.
[   62.958723][ T5839] bridge_slave_1: left allmulticast mode
[   62.963651][ T5839] bridge_slave_1: left promiscuous mode
[   62.970442][ T5839] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.983687][ T5839] bridge_slave_0: left allmulticast mode
[   62.987642][ T5839] bridge_slave_0: left promiscuous mode
[   62.993441][ T5839] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.053721][ T6260] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   63.249588][ T5839] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   63.253834][ T5839] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   63.257298][ T5839] bond0 (unregistering): Released all slaves
[   63.556558][ T6253] chnl_net:caif_netlink_parms(): no params data found
[   63.589814][ T5824] Bluetooth: hci0: command tx timeout
[   63.669106][ T5824] Bluetooth: hci1: command tx timeout
[   63.942021][ T6253] bridge0: port 1(bridge_slave_0) entered blocking state
[   63.947823][ T6253] bridge0: port 1(bridge_slave_0) entered disabled state
[   63.955182][ T6253] bridge_slave_0: entered allmulticast mode
[   63.958627][ T6253] bridge_slave_0: entered promiscuous mode
[   63.986877][ T5839] hsr_slave_0: left promiscuous mode
[   63.993431][ T5839] hsr_slave_1: left promiscuous mode
[   63.995627][ T5839] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   63.998180][ T5839] batman_adv: batadv0: Removing interface: batadv_slave_0
[   64.003363][ T5839] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   64.006124][ T5839] batman_adv: batadv0: Removing interface: batadv_slave_1
[   64.019899][ T5839] veth1_macvtap: left promiscuous mode
[   64.029273][ T5839] veth0_macvtap: left promiscuous mode
[   64.032315][ T5839] veth1_vlan: left promiscuous mode
[   64.034790][ T5839] veth0_vlan: left promiscuous mode
[   64.196111][   T26] smc: removing ib device syz0
[   64.226133][ T6320] __nla_validate_parse: 6 callbacks suppressed
[   64.226146][ T6320] netlink: 24 bytes leftover after parsing attributes in process `syz.0.185'.
[   64.369107][ T5839] team0 (unregistering): Port device team_slave_1 removed
[   64.391500][ T5839] team0 (unregistering): Port device team_slave_0 removed
[   64.635477][ T6253] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.641618][ T6253] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.645611][ T6253] bridge_slave_1: entered allmulticast mode
[   64.650503][ T6253] bridge_slave_1: entered promiscuous mode
[   64.714232][ T2204] ==================================================================
[   64.716780][ T2204] BUG: KASAN: slab-use-after-free in __ethtool_get_link_ksettings+0x6e/0x190
[   64.719592][ T2204] Read of size 8 at addr ffff888110ddc2e8 by task kworker/1:2/2204
[   64.723063][ T2204] 
[   64.723854][ T2204] CPU: 1 UID: 0 PID: 2204 Comm: kworker/1:2 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   64.723864][ T2204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   64.723870][ T2204] Workqueue: events smc_ib_port_event_work
[   64.723884][ T2204] Call Trace:
[   64.723888][ T2204]  <TASK>
[   64.723891][ T2204]  dump_stack_lvl+0x189/0x250
[   64.723904][ T2204]  ? __virt_addr_valid+0x1c8/0x5c0
[   64.723912][ T2204]  ? rcu_is_watching+0x15/0xb0
[   64.723922][ T2204]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.723932][ T2204]  ? rcu_is_watching+0x15/0xb0
[   64.723942][ T2204]  ? lock_release+0x4b/0x3e0
[   64.723952][ T2204]  ? __virt_addr_valid+0x1c8/0x5c0
[   64.723959][ T2204]  ? __virt_addr_valid+0x4a5/0x5c0
[   64.723966][ T2204]  print_report+0xd2/0x2b0
[   64.723975][ T2204]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   64.723984][ T2204]  kasan_report+0x118/0x150
[   64.723992][ T2204]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   64.724001][ T2204]  __ethtool_get_link_ksettings+0x6e/0x190
[   64.724019][ T2204]  ib_get_eth_speed+0x15e/0x7b0
[   64.724028][ T2204]  ? __pfx_ib_get_eth_speed+0x10/0x10
[   64.724037][ T2204]  ? do_raw_spin_unlock+0x4d/0x240
[   64.724046][ T2204]  rxe_query_port+0x93/0x3b0
[   64.724057][ T2204]  ib_query_port+0x170/0x830
[   64.724066][ T2204]  smc_ib_port_event_work+0x15a/0x940
[   64.724076][ T2204]  ? _raw_spin_unlock_irq+0x23/0x50
[   64.724086][ T2204]  ? process_scheduled_works+0x9ef/0x17b0
[   64.724097][ T2204]  ? process_scheduled_works+0x9ef/0x17b0
[   64.724106][ T2204]  process_scheduled_works+0xae1/0x17b0
[   64.724120][ T2204]  ? __pfx_process_scheduled_works+0x10/0x10
[   64.724133][ T2204]  worker_thread+0x8a0/0xda0
[   64.724147][ T2204]  kthread+0x711/0x8a0
[   64.724155][ T2204]  ? __pfx_worker_thread+0x10/0x10
[   64.724165][ T2204]  ? __pfx_kthread+0x10/0x10
[   64.724172][ T2204]  ? _raw_spin_unlock_irq+0x23/0x50
[   64.724180][ T2204]  ? lockdep_hardirqs_on+0x9c/0x150
[   64.724190][ T2204]  ? __pfx_kthread+0x10/0x10
[   64.724197][ T2204]  ret_from_fork+0x3fc/0x770
[   64.724207][ T2204]  ? __pfx_ret_from_fork+0x10/0x10
[   64.724217][ T2204]  ? __switch_to_asm+0x39/0x70
[   64.724223][ T2204]  ? __switch_to_asm+0x33/0x70
[   64.724229][ T2204]  ? __pfx_kthread+0x10/0x10
[   64.724236][ T2204]  ret_from_fork_asm+0x1a/0x30
[   64.724246][ T2204]  </TASK>
[   64.724248][ T2204] 
[   64.800781][ T2204] Allocated by task 5827:
[   64.802141][ T2204]  kasan_save_track+0x3e/0x80
[   64.803670][ T2204]  __kasan_kmalloc+0x93/0xb0
[   64.805163][ T2204]  __kvmalloc_node_noprof+0x30d/0x5f0
[   64.806871][ T2204]  alloc_netdev_mqs+0xa6/0x11e0
[   64.808435][ T2204]  rtnl_create_link+0x31f/0xd10
[   64.809977][ T2204]  rtnl_newlink_create+0x25c/0xb00
[   64.811660][ T2204]  rtnl_newlink+0x16d6/0x1c70
[   64.813188][ T2204]  rtnetlink_rcv_msg+0x7cf/0xb70
[   64.814740][ T2204]  netlink_rcv_skb+0x208/0x470
[   64.816273][ T2204]  netlink_unicast+0x75b/0x8d0
[   64.817787][ T2204]  netlink_sendmsg+0x805/0xb30
[   64.819296][ T2204]  __sock_sendmsg+0x21c/0x270
[   64.820774][ T2204]  __sys_sendto+0x3bd/0x520
[   64.822211][ T2204]  __x64_sys_sendto+0xde/0x100
[   64.823687][ T2204]  do_syscall_64+0xfa/0x3b0
[   64.825105][ T2204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.826968][ T2204] 
[   64.827728][ T2204] Freed by task 5839:
[   64.829001][ T2204]  kasan_save_track+0x3e/0x80
[   64.830510][ T2204]  kasan_save_free_info+0x46/0x50
[   64.832086][ T2204]  __kasan_slab_free+0x62/0x70
[   64.833661][ T2204]  kfree+0x18e/0x440
[   64.834911][ T2204]  device_release+0x9c/0x1c0
[   64.836351][ T2204]  kobject_put+0x22b/0x480
[   64.837756][ T2204]  netdev_run_todo+0xd2e/0xea0
[   64.839251][ T2204]  default_device_exit_batch+0x81e/0x890
[   64.841064][ T2204]  ops_undo_list+0x525/0x990
[   64.842514][ T2204]  cleanup_net+0x4c5/0x800
[   64.843953][ T2204]  process_scheduled_works+0xae1/0x17b0
[   64.845669][ T2204]  worker_thread+0x8a0/0xda0
[   64.847163][ T2204]  kthread+0x711/0x8a0
[   64.848457][ T2204]  ret_from_fork+0x3fc/0x770
[   64.849933][ T2204]  ret_from_fork_asm+0x1a/0x30
[   64.851498][ T2204] 
[   64.852282][ T2204] The buggy address belongs to the object at ffff888110ddc000
[   64.852282][ T2204]  which belongs to the cache kmalloc-cg-4k of size 4096
[   64.856673][ T2204] The buggy address is located 744 bytes inside of
[   64.856673][ T2204]  freed 4096-byte region [ffff888110ddc000, ffff888110ddd000)
[   64.861158][ T2204] 
[   64.861960][ T2204] The buggy address belongs to the physical page:
[   64.863978][ T2204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110dd8
[   64.866736][ T2204] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[   64.869341][ T2204] anon flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[   64.871818][ T2204] page_type: f5(slab)
[   64.873103][ T2204] raw: 057ff00000000040 ffff88801a44b500 0000000000000000 dead000000000001
[   64.875832][ T2204] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   64.878597][ T2204] head: 057ff00000000040 ffff88801a44b500 0000000000000000 dead000000000001
[   64.881356][ T2204] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000
[   64.884214][ T2204] head: 057ff00000000003 ffffea0004437601 00000000ffffffff 00000000ffffffff
[   64.886983][ T2204] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[   64.889635][ T2204] page dumped because: kasan: bad access detected
[   64.891626][ T2204] page_owner tracks the page as allocated
[   64.893465][ T2204] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5265, tgid 5265 (udevd), ts 22737341628, free_ts 22728762479
[   64.899819][ T2204]  post_alloc_hook+0x240/0x2a0
[   64.901338][ T2204]  get_page_from_freelist+0x21e4/0x22c0
[   64.903081][ T2204]  __alloc_frozen_pages_noprof+0x181/0x370
[   64.904967][ T2204]  alloc_pages_mpol+0x232/0x4a0
[   64.906583][ T2204]  allocate_slab+0x8a/0x3b0
[   64.908029][ T2204]  ___slab_alloc+0xbfc/0x1480
[   64.909504][ T2204]  __kvmalloc_node_noprof+0x429/0x5f0
[   64.911172][ T2204]  seq_read_iter+0x1fd/0xe10
[   64.912618][ T2204]  vfs_read+0x4d0/0x980
[   64.914024][ T2204]  ksys_read+0x145/0x250
[   64.915445][ T2204]  do_syscall_64+0xfa/0x3b0
[   64.916886][ T2204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.918808][ T2204] page last free pid 5264 tgid 5264 stack trace:
[   64.920855][ T2204]  __free_frozen_pages+0xc71/0xe70
[   64.922493][ T2204]  __put_partials+0x161/0x1c0
[   64.924032][ T2204]  put_cpu_partial+0x17c/0x250
[   64.925534][ T2204]  __slab_free+0x2f7/0x400
[   64.926977][ T2204]  qlist_free_all+0x97/0x140
[   64.928486][ T2204]  kasan_quarantine_reduce+0x148/0x160
[   64.930244][ T2204]  __kasan_slab_alloc+0x22/0x80
[   64.931783][ T2204]  kmem_cache_alloc_node_noprof+0x1bb/0x3c0
[   64.933704][ T2204]  __alloc_skb+0x112/0x2d0
[   64.935124][ T2204]  netlink_sendmsg+0x5c6/0xb30
[   64.936690][ T2204]  __sock_sendmsg+0x21c/0x270
[   64.938245][ T2204]  ____sys_sendmsg+0x505/0x830
[   64.939758][ T2204]  ___sys_sendmsg+0x21f/0x2a0
[   64.941267][ T2204]  __x64_sys_sendmsg+0x19b/0x260
[   64.942859][ T2204]  do_syscall_64+0xfa/0x3b0
[   64.944305][ T2204]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   64.946194][ T2204] 
[   64.947007][ T2204] Memory state around the buggy address:
[   64.948814][ T2204]  ffff888110ddc180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.951420][ T2204]  ffff888110ddc200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.954035][ T2204] >ffff888110ddc280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.956614][ T2204]                                                           ^
[   64.959093][ T2204]  ffff888110ddc300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.961700][ T2204]  ffff888110ddc380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[   64.964252][ T2204] ==================================================================
[   64.970536][ T5824] Bluetooth: hci2: command tx timeout
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[   64.979332][ T2204] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[   64.981665][ T2204] CPU: 1 UID: 0 PID: 2204 Comm: kworker/1:2 Not tainted 6.16.0-rc3-syzkaller-00159-g223e2288f4b8-dirty #0 PREEMPT(full) 
[   64.985562][ T2204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   64.988716][ T2204] Workqueue: events smc_ib_port_event_work
[   64.990563][ T2204] Call Trace:
[   64.991637][ T2204]  <TASK>
[   64.992603][ T2204]  dump_stack_lvl+0x99/0x250
[   64.994120][ T2204]  ? __asan_memcpy+0x40/0x70
[   64.995645][ T2204]  ? __pfx_dump_stack_lvl+0x10/0x10
[   64.997317][ T2204]  ? __pfx__printk+0x10/0x10
[   64.998810][ T2204]  panic+0x2db/0x790
[   65.000142][ T2204]  ? __pfx_panic+0x10/0x10
[   65.001608][ T2204]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[   65.003552][ T2204]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   65.005598][ T2204]  ? print_memory_metadata+0x314/0x400
[   65.007341][ T2204]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   65.009340][ T2204]  check_panic_on_warn+0x89/0xb0
[   65.010957][ T2204]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   65.012865][ T2204]  end_report+0x78/0x160
[   65.014250][ T2204]  kasan_report+0x129/0x150
[   65.015749][ T2204]  ? __ethtool_get_link_ksettings+0x6e/0x190
[   65.017648][ T2204]  __ethtool_get_link_ksettings+0x6e/0x190
[   65.019552][ T2204]  ib_get_eth_speed+0x15e/0x7b0
[   65.021122][ T2204]  ? __pfx_ib_get_eth_speed+0x10/0x10
[   65.022834][ T2204]  ? do_raw_spin_unlock+0x4d/0x240
[   65.024490][ T2204]  rxe_query_port+0x93/0x3b0
[   65.026003][ T2204]  ib_query_port+0x170/0x830
[   65.027465][ T2204]  smc_ib_port_event_work+0x15a/0x940
[   65.029239][ T2204]  ? _raw_spin_unlock_irq+0x23/0x50
[   65.030961][ T2204]  ? process_scheduled_works+0x9ef/0x17b0
[   65.032861][ T2204]  ? process_scheduled_works+0x9ef/0x17b0
[   65.034730][ T2204]  process_scheduled_works+0xae1/0x17b0
[   65.036544][ T2204]  ? __pfx_process_scheduled_works+0x10/0x10
[   65.038653][ T2204]  worker_thread+0x8a0/0xda0
[   65.040221][ T2204]  kthread+0x711/0x8a0
[   65.041570][ T2204]  ? __pfx_worker_thread+0x10/0x10
[   65.043263][ T2204]  ? __pfx_kthread+0x10/0x10
[   65.044780][ T2204]  ? _raw_spin_unlock_irq+0x23/0x50
[   65.046497][ T2204]  ? lockdep_hardirqs_on+0x9c/0x150
[   65.048158][ T2204]  ? __pfx_kthread+0x10/0x10
[   65.049636][ T2204]  ret_from_fork+0x3fc/0x770
[   65.051189][ T2204]  ? __pfx_ret_from_fork+0x10/0x10
[   65.052853][ T2204]  ? __switch_to_asm+0x39/0x70
[   65.054381][ T2204]  ? __switch_to_asm+0x33/0x70
[   65.055916][ T2204]  ? __pfx_kthread+0x10/0x10
[   65.057406][ T2204]  ret_from_fork_asm+0x1a/0x30
[   65.058980][ T2204]  </TASK>
[   65.060667][ T2204] Kernel Offset: disabled
[   65.062099][ T2204] Rebooting in 86400 seconds..

VM DIAGNOSIS:
04:41:48  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000206 RCX=410f94266d3bd400 RDX=0000000000000000
RSI=ffffffff8be28d20 RDI=ffffffff8be28ce0 RBP=0000000000000001 RSP=ffffc90006cb74f0
R8 =0000000000000000 R9 =ffffffff822f099a R10=dffffc0000000000 R11=fffff940009075a1
R12=dffffc0000000000 R13=ffffffff822f099a R14=ffffffff8e13ef20 R15=ffff888021029cc0
RIP=ffffffff819e3350 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8650000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b2fd1dff8 CR3=000000000df38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff813394fe ffffffff81744e1b
XMM02=00007fad74f84478 ffffffff81744e1b XMM03=00007fad74f84488 00007fad74f84480
XMM04=00007fad75aed100 00007fad74f84440 XMM05=00007fad74f84458 00007fad74f844a0
XMM06=00007fad74f84498 00007fad74f84490 XMM07=00007fad74f84488 00007fad74f84480
XMM08=0000000000000000 00524f5252450040 XMM09=0000000000000000 00007fad74e11c91
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000ac97090
R8 =ffff888108b30237 R9 =1ffff11021166046 R10=dffffc0000000000 R11=ffffffff85474610
R12=dffffc0000000000 R13=ffffffff99ac4902 R14=ffffffff99dc9760 R15=0000000000000000
RIP=ffffffff8547468c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c50000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005580ab7b7598 CR3=0000000022ee4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 000000000000ffff XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000ff0000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000003 00000000326e021f
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=ffffffffffffff00 ffffffff00000000 XMM09=0000000000000021 00000000326e616c
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
